Bill includes porn-blocking technology for federal networks

The House passed this month an amendment to a supplemental spending bill that bars federal agencies from using funds for computer networks unless the systems block pornography. One information security expert called the requirement wise, but warned Congress should leave it up to agencies to specify the controls they use to prevent federal employees from downloading porn.

On July 1, the House agreed to an amendment to the Senate passed supplemental bill, H.R. 4899, that stated, "None of the funds made available in this act may be used to maintain or establish a computer network unless such network blocks the viewing, downloading and exchanging of pornography."

The bill funds the wars in Iraq and Afghanistan, humanitarian efforts in Haiti and domestic needs.

During the past several years, federal officials have reported a string of cases in which employees spent hours on government systems surfing the Web for pornography, including incidents at the Interior Department, the National Science Foundation and the Securities and Exchange Commission.

Representatives included the anti-porn measure in the bill as a way to stop the behavior, aides said on Wednesday. The House amendment goes back to the Senate for approval of the item and other changes, which include additional money for border security technology, Gulf Coast oil spill recovery and education jobs.

Cybersecurity experts generally praised the House's language to block employees from viewing sex sites. But some disagreed over the restraints Congress should legislate to enforce the ban.

Tom Kellermann , a vice president at Core Security Technologies and a former data risk management official at the World Bank, said the House's adoption of the provision "signals a paradigm shift where Congress has become aware that illicit, nefarious content abounds and there are policies and subsequent technologies that can assist in cleaning up the Net. The government is beginning to practice what it preaches."

But a former federal official said Congress should let agencies decide the best way to prevent employees from accessing forbidden material, whether it is the use of Web-filtering software, the threat of being fired or other restrictions.

"I think most agencies haven't bought filtering programs and rely instead on deterring employees. People can be fired pretty quickly for this," said Jim Lewis, a cybersecurity specialist at the Center for Strategic and International Studies who previously headed national security and technology initiatives at the State Department.

He said requiring agencies to buy filtering technology was micromanaging. "Usually it's better to avoid specific prescriptions," Lewis said. "They'd be better off setting the goal and letting agencies figure out how best to meet it. If they wanted to scare people, they could mandate termination of employment."