We report this week on disclosures that personal data of tens of thousands of U.S. soldiers--including those in the Special Forces--have been compromised and downloaded overseas. Tiversa, a private company that surfs the Internet for sensitive data and provides P2P monitoring services, discovered the data breaches and told Congress.

The breakdown was simple: Anyone using P2P software to download music or other files, for example, shares their system to do so; because of this, countless pieces of information made it into the hands of hackers in places like Pakistan and China. Tiversa found documents containing purloined Social Security numbers, cell phone numbers, email addresses and the names of soldiers' family members.

In July, Tiversa, found details of the Secret Service plans for a safe house for former first lady Laura Bush on a LimeWire file-sharing network. It also unearthed details on presidential motorcade routes, and a sensitive but unclassified document listing details on every nuclear facility in the country on LimeWire.

In addition, classified information about the communications and electronics on Marine One, the presidential helicopter, were reportedly discovered in a publicly available shared folder on a computer in Iran, and apparently leaked over a peer-to-peer network.

It's time for the military and every government agency to get tough with P2P usage. What good is locking the front door if the back one is still open? There is legislation pending in Congress that would make it illegal for P2P developers to make software that causes files from a computer to be inadvertently shared over a P2P network without a user's knowledge. In most of the cases that have become public, the use of file-sharing software was already a violation of policy.

The congressional proposals could help, but they won't do much good if government agencies and users are not paying attention, or if prohibitions are ignored and not enforced. One obvious solution is to install security programs and technical controls to implement a policy that bans P2P usage. There are many available, and that would solve many of the problems.

There also are file encryption technologies to protect sensitive files, data loss prevention tools to block leakage of data over corporate networks, intrusion-detection and network behavioral analysis products that are available to detect P2P file-sharing. It's no longer OK for government employees and contractors to create such risks with sensitive data.

Short of the federal legislation, it's time for all of the government departments and agencies, as well as the military, to act on their own by more closely monitoring activity and installing software, and coming down hard on those who choose to put sensitive data at risk. Failure of government security experts to pay attention to this issue will mean more breaches, some potentially serious. No one wants that to happen. - Judi