This may have been the most publicized instance of a phenomenon that would come to be known as "dumpster diving," which involves picking through a company's or individual's trash to get confidential, sensitive, and potentially valuable information that resides amid the refuse.

Such tactics remain a threat to businesses today, but the danger is less due to both increased awareness and the development of shredders (and shredding services) that literally can obliterate a document to the point that recovery is near impossible.

But what if a bad guy watches you online and sees your documents as you produce them, keystroke by keystroke, then makes an electronic record–all without you knowing it? With spyware, that unsettling possibility is what we face today thanks to the dubious technical achievements that have produced it and keystroke loggers.

The real kicker, though, is much spyware gets downloaded voluntarily by users–say, your average insurance company employees–who think they are getting some kind of useful software (such as an anti-spyware program). In fact, there may be some helpful program provided, but the spyware is attached and goes unnoticed by the user. Incredibly, the spyware may be mentioned in the license agreement one must approve to use the "free" software. Of course, no one reads those agreements, so spyware victims remain blissfully unaware.

Meanwhile, the federal government is telling the insurance industry–and many other industries–that confidential information must be protected from theft or unauthorized access. Companies that fail in this regard risk hefty fines or even jail terms. Insurers, brokers, and agents are under intense pressure to secure their systems, but experts say spyware technology is growing faster than efforts to thwart it.

How bad is the problem? I ran an anti-spyware application on a computer in my office that cleaned out some 50 instances of spyware, adware, or other malicious programs. Just 24 hours later, the same anti-spyware picked up 98 new instances on the same computer. That PC, incidentally, had three anti-spyware programs on board. It's truly frightening.

Solutions to the problem are draconian and incomplete at best. Forbidding employees from downloading any kind of software, no matter how enticing, could help, but that doesn't address the hacker threat. Beefing up firewalls and intrusion detection is a good idea, but like a car alarm, these measures ultimately won't stop a determined hacker who wants to look at what you're doing. And criminal hackers aren't the only danger. Consider how far a competitor might go to gain access to your confidential documents.

It looks like a losing battle, but this is a battle we cannot afford to lose. We must not allow our business systems
to be compromised, not to mention the systems that run our government and protect our nation. Anti-spyware efforts within our enterprises must be redoubled, and money must be poured into research and development of security technology.

Finally, penalties for those who are caught spying must be severe. The rack and the iron maiden come to mind (where is Edgar Allan Poe when you need him?), but I suppose we'll have to settle for 20 years at hard labor (no parole!). Write your congressman today.

Ara C. Trembly is technology editor for National Underwriter's property/casualty and life/health editions. He may be reached at [email protected].