CAPPS Replacement Resembles Pentagon Spy Program Axed by Congress

WASHINGTON, DC, SEPT. 24 - On January 25, 1993, 28-year-old Mir Aimal Kansi, a Pakistani living in Virginia, opened fire with an AK-47 assault rifle on cars stopped at a red left turn light in McLean. They were waiting to enter the grounds of the Central Intelligence Agency headquarters. Kansi killed two people, both employees of the CIA, and wounded three others. He then fled to Pakistan, where he was captured in 1997. He was executed November 14, 2002 by lethal injection in Virginia.

Kansi was on a terrorist watch list, but because his name was spelled slightly differently – he’d dropped the “n” so it became “Kasi,” a legitimate spelling variation of his Urdu name - poor name recognition technology used at America’s points of entry didn’t catch the derivation of his name. Thus the terrorist watch list didn’t “flag” him, and the rest is grim history.

Today, this tragedy could happen again. And according to senior counterterrorists, known and suspected terrorists have entered the country despite being on terrorist watch lists. “There’s no reason to believe that this doesn’t happen every day,” said Dr. Jack Hermansen, a computational linguist who heads the Herndon, Virginia-based Language Analysis Systems (LAS), a company that produces computer name recognition software products that would have caught Kansi’s misspelled name.

“It took the government five years to track [Kansi] down and many millions of dollars - all because he dropped one consonant from his name,” Hermansen, a noted name-recognition expert with 20-plus years experience, told HSToday in an interview this week.

Hermansen explained “that these problems arise [with the antiquated name matching computer systems in use to match air passengers’ names to the terrorist watch list] because we have to transliterate names from other alphabets into the Roman alphabet so we can put them in our computer systems.”

Some counterterrorists have speculated that terrorists are smart enough to know the vulnerabilities in existing name matching technologies, a point Hermansen agrees with. “Everyone in the world knows how easy it is to defeat our border systems except Americans,” Hermansen said. “We’re so amazingly naïve about this problem that most of our work over the past twenty years has been educating [the government].”

And some terrorists’ names either haven’t been put on the list, or the archaic computer systems airlines use to check passengers’ names against the government’s terrorist watch list just aren’t matching the names at all, which seems to be more the case.

For instance, in January Insight magazine reported that airline security documents it obtained revealed that when the name Osama bin Laden was punched into the Computer Assisted Passenger Prescreening System (CAPPS) system that checks passengers’ names against terrorist watch lists, the name was cleared for a boarding pass.

“When the most-wanted man in modern history is not included on the list of possible terrorists, there are some serious deficiencies in the system which need to be addressed,” an airport-security official familiar with the test told Insight, which also learned from law-enforcement sources that at least two other names of known terrorists cleared security checkpoints when officials punched them into the computer.

CAPPS “often fails to detect terrorists until they have boarded the plane,” and by then it might be too late, Kathleen Sweet told Insight. Sweet is author of, “Aviation and Airport Security: Terrorism and Safety Concerns.”

This week, former pop music singer Cat Stevens, who converted to the Muslim faith in 1977 and changed his name to Yusuf Islam, was denied entry into the US after his name apparently matched a name on the terrorist watch list. The problem is, Islam’s name wasn’t flagged by CAPPS until after the United Airlines flight from London to Washington, DC he was on was in the air. Homeland Security officials would not say definitively whether Islam is the person meant to be on the watch list or whether the CAPPS system inaccurately matched his name with someone else. However, TIME magazine reports that, "according to aviation sources with access to the [no-fly] list, there is no Yusuf Islam on the no-fly registry, though there is a 'Youssouf Islam.' The incorrect name was added to the register this summer, but because Islam's name is spelled 'Yusuf' on his British passport, he was allowed to board a plane in London bound for the US.

Other government sources, though, told news organizations that Islam was put on the “no-fly” list because intelligence from multiple sources indicated he may have associations with potential terrorists. ABC News reported Wednesday a government official who spoke on condition of anonymity said “US authorities think donations from Islam may have ended up helping to fund blind sheik Omar Abdel-Rahman, who was convicted for the 1993 World Trade Center bombing, and Hamas, a Palestinian militant group considered a terrorist organization by the United States and Israel.

It's more likely, though, that the former pop singer's Muslim name was misidentified by the terribly outdated software that is used to compare air passengers' names against the no-fly list, and which has flagged the wrong people before, just as it has allowed real terrorists to gain entry into the US.

Whether Islam’s name is or is not on the list, there’s a problem. "There's a gap there, so obviously the rules have to be changed" governing the comparison of passenger names with a watch list of people suspected of terrorist links, Asa Hutchinson, under secretary for homeland security, acknowledged in an interview on ABC's "Good Morning America."

Islam made a number of trips to the United States in recent years, including one in May for a charity event and to promote a DVD of his 1976 MajiKat tour. Islam donated half the royalties to the Sept. 11 Fund to help victims of the attacks. In July 2000, Islam was deported hours after arriving in Jerusalem. A local newspaper reported the Israeli government claimed he had delivered tens of thousands of dollars to Hamas during a visit in 1988.

Council on American-Islamic Relations (CAIR) spokesman Ibrahim Hooper pointed out that Islam had visited the United States in May and was not stopped then. “The best case scenario is that it’s a bureaucratic foul-up and his name was mixed up with someone else on the list,” said Hooper.

A new government report obtained by NBC News says the no fly list includes the names of only 3,500 suspected terrorists "who pose threats to civil aviation,” not all suspected terrorists, of which there are more than 300,000 on federal terrorist watch lists.

In the case of Kansi, though, he was allowed into the US despite being on the terrorist watch list because of archaic name recognition technology that’s still in use by the federal government and airlines. In other words, another Kansi could cross the border using a variation of his name, and then proceed to buy a firearm, the required background checks for which also are based on the same antiquated name recognition technology. The fact that innocent citizens have been flagged as terrorists because of this technology, which is based on principles set forth in 1890, is testament to the need to change it. Even Sen. Ted Kennedy’s name was flagged while in the process of boarding aircraft because it is similar to a person who is on the no-fly list.

“And if you don’t accept that terrorists know full well how to exploit this vulnerability, then you’re damned delusional,” gruffly offered a veteran US counterterror expert.

Indeed. The final report of the 9/11 Commission emphasized that “among the more important problems to address is that of varying transliterations of the same name. For example, the current lack of a single convention for transliterating Arabic names enabled the 19 hijackers to vary the spelling of their names to defeat name-based watch list systems and confuse any potential efforts to locate them.” Consequently, the Commission said the long-standing hole in our border security caused by the US government’s ineffective name-handling software must be addressed if the nation is to have an effective border security program at all.

While the computer glitch that allowed Kansi into the US has nothing to do with the right or wrong of Congress having allowed the assault weapons ban to expire on Sept 10, Democratic Presidential candidate John Kerry rightfully noted that another Kansi-like killing spree could occur as a result of the triple whammy of faulty border entry and criminal background check technology and expiration of the assault weapons ban. Kerry pointed out that an Al Qaeda training manual recovered in Afghanistan advised terrorists that it is easy to obtain guns in the United States. “In the Al Qaeda manual, they were telling people to go out and buy assault weapons, to come to America and buy assault weapons,” Kerry told an audience in St. Louis.

“Every law enforcement officer in America doesn’t want us selling assault weapons in the streets of America, but George Bush, he says, ‘Well, I’m for that,’ “ said Kerry, a longtime supporter of the ban.

Regardless of the legitimacy of an assault weapons ban, the fact that such guns are again legal opens the door to terrorists possibly getting away with purchasing them directly from gun dealers because of the inferior name recognition technology used to conduct background checks of the person buying them. This is a glaring oversight in border protection that needs to be slammed shut, and then fastened for good, counterterror authorities told HSToday.

“As the [9/11] Commission correctly noted, this persistent blind spot at our borders is perpetuated by the antiquated technology used to search the very names that are the basis of our most critical computerized watch lists,” said Hermansen. As a specific example of this little-noted but pernicious border protection failure, Hermansen points out that Waleed Al-Shehri, one of the 9/11 hijackers on American Airlines Flight 11, could have legitimately Romanized his name as Oualid Chihri. To anyone unfamiliar with Arabic transliteration variations, these would certainly appear to be two different names. What is more, only the most sophisticated name recognition software would find these kinds of matches.

”The [9/11] Commission hits the nail on the head by identifying the lack of a single transliteration method for names,” Hermansen told HSToday. “There will never be a single standard for name transliteration. Technology aside, it’s just too political. There is no country I can think of that would allow us to dictate how their names must be Romanized. And, just within the US, it is very unlikely that such a standard could be forced on Americans with Romanized names. Even in Communist China, where such things are much more easily mandated, we have seen over a dozen ways in which the name Osama Bin Laden has been written in Chinese. Everyone, everywhere, would like to make this problem more tractable, but it is simply too complex for a solution by edict.

The only effective and useful approach is to use linguistically-smart software that understands all of these transliteration standards at once.”

Hermansen had hit on the crux of the problem in the early 1980s while working on his PhD in computational linguistics at Georgetown University. The conclusion of his doctoral thesis, “Automatic Name Searching in Large Data Bases of International Names,” is just as true today as it was twenty years ago. “The inadequacies discovered in [existing name-checking systems] stemmed from the unwarranted assumption that, because names are represented by strings of characters, they may be manipulated and evaluated in the same ways as lexical items,” Hermansen wrote in his thesis.

But, Hermansen continued, “it was shown by example and in principle that this notion is untenable. Systems in use, such as the Soundex coding technique, clearly fall apart as a direct consequence of the attempt to make use of the orthographic correspondences of English language words when dealing with names. This doesn’t work well for English and it fails utterly when you attempt to apply such a key-based system to names from other languages. Results can be so far off as to seem bizarre. Completely different names, like Paddington and Pittenger, for example, have the same Soundex code while different variants of the exact same name, such as Royo, Yu, and Lew in Korean get totally different codes. Other software programs that attempt to match names based on misspellings in regular words, such as ‘distance metric’ algorithms, also invariably fail with names. Names just don’t work like regular words.”

The term “Soundex” is a generic term that covers many variations of an algorithm for categorizing (not searching) names that was first patented in 1918. Most variations work the same way; they convert the name into a code, or “key,” consisting of the first letter, followed by several numbers that are assigned based upon a pre-determined grouping of consonants. The name Soundex implies that the algorithm is a highly accurate phonetic matching algorithm, which is not the case at all. Consider the results of two studies:

Only 33 percent of the matches that would be returned by Soundex would be correct. Even more significant was the finding that fully 25 percent of correct matches would fail to be discovered by Soundex.

Only 36 percent of Soundex returns were correct, while more than 60 percent of correct names were never returned by Soundex.

The problems with Soundex and other key-based name matching systems are bountiful. They are what allowed Kansi – and, it appears, some 9/11 terrorists – to get into the US undetected.

Soundex was developed for the 1890 census. It works by taking a name, striping out vowels and assigning codes to somewhat-similar-sounding consonants, such as “c” and “z.”

“Essentially, Soundex is culturally insensitive to names,” Hermansen explained. “It treats short, three-syllable Asian names in the same manner as it treats Arabic or Hispanic names with as many as eight different syllables. It also is unable to properly handle aliases or decipher nicknames. Various cultures also have their own unique nicknames. For example, Paco is a nickname for Francisco … your database systems need to know this.”

“Understanding cultural uses of names gives you a big jump to solving this problem,” Hermansen told HSToday. “On the surface, Soundex looks way too simple to solve such a complex problem, and it is.”

Virtually all critical border and criminal background name checking systems “are [Soundex-based systems] that we call fail-hard systems … if the system comes back and says the name is not found, the guy gets a Visa, the guy gets a gun,” Hermansen said. “The [Transportation Security Administration, TSA] system, the systems used by the State Department … these are all key-based technologies. We’re beginning to help to integrate LAS products with the most critical counterterrorism areas, but it takes a while to get the attention of the government … get them motivated.”

Another problem is that Soundex fails to produce the numerous variations of a name. Imagine the very real scenario of hearing the name over the phone – “Patasi.” Soundex fails to account for poor data entry that might occur when that name is stored in a database. It will limit its search to the name’s Soundex string and will miss numerous different and possibly more accurate spellings such as: “Pitassi” or “Pedaci.”

Soundex doesn’t recognize that names that originate in another script, such as Arabic or Asian, have multiple valid spellings in the Roman alphabet. “Did you know there are more than 200 variants of Mohammed and more than 300 different variants to the name Moammar Gaddafi?” Hermansen asked.

Virtually all variations of key-based name checking algorithms are so fundamentally broken as to be practically useless for anything but as an aid in simple name searches. It’s why, in large part, hundreds, if not thousands, of innocent people have been delayed and inconvenienced at airports because their names have erroneously matched those on government no-fly lists aimed at blocking terrorism.

Hermansen said he’s “gratified to see that the 9/11 Commission Report has recognized and highlighted one of the key challenges in dealing with the names of individuals. The chronic problem of missing name matches at our consulates where visas are issued, at our borders where travel documents are inspected, and at local law enforcement checkpoints where names of individuals are vetted against lists of known criminals means that linking different instances of the same name requires carefully collected data, highly-refined matching algorithms, and exceptional user support.”

In early 2002, Congress recognized these name-related issues and mandated in the Enhanced Border Security and Visa Reform Act of 2002 that relevant agencies implement technologies that address multi-cultural name search problems. This new breed of technology, known as advanced name recognition technology, allows users to compensate for transliteration issues while educating and sensitizing them to the underlying causes for these cultural differences. But it’s yet to be done, and may not be integrated into systems like US-VISIT and IDENT – which are already plagued by other problems and aren’t expected to be implemented for five or more years.

As for the no-fly list, the congressionally post-9/11 mandated second iteration of the Soundex-based CAPPS, known as CAPPS II, was – after more than a $100 million expenditure - abandoned in June on technical and bureaucratic grounds. It’s to be replaced with yet another new system called “Secure Flight.” While some suspect Secure Flight may be little more than a name change, investigation by HSToday found Secure Flight may actually be something far more complex – something that actually resembles the Total Information Awareness (TIA) program.

TIA was designed to "break down the stovepipes" that separate commercial and government databases, thereby allowing access to citizens' credit card purchases, travel itineraries, telephone calling records, email, medical histories and financial information. It would give government the power to generate a comprehensive data profile on any US citizen, explained Dr. John Poindexter prior to stepping down as director of the Information Awareness Office of DARPA following the considerable controversy that erupted over TIA when its existence became public.

Last Sept., a bipartisan Congress, which ostensibly was in the dark about the program, opted to effectively kill the program when a conference committee of the House and Senate agreed to delete funding for TIA in response to the groundswell of opposition from privacy and civil rights advocates. In a bid to save the program, Poindexter had resigned his position at DARPA.

TSA’s new Secure Flight program, however, bears a striking resemblance to TIA. According to one source familiar with the matter, “the government is extremely sensitive about this project.” Two companies that are involved in the Secure Flight program are SRD and Infoglide. SRD produces state-of-the-art identity recognition software, the development of which was significantly accelerated through an infusion of investment capital from the CIA’s In-Q-Tel company. Infoglide, whose software searches and analyzes transactional and historical data in real-time across remote and disparate databases, won a $6 million-plus contract last May from TSA, just a month before TSA pulled the plug on CAPPSII. TSA has acknowledged that it is using Infoglide’s software to validate identities and make risk assessments about travelers.

According to sources, both firms are working to integrate their products – and the products of their partners - to create the new Secure Flight system. LAS is a partner with both, but Hermansen said he does not know how his firm’s name recognition technology is being used in so far as SRD and Infoglide's work for TSA is concerned. “This project has been so tightly controlled that all of our partners who are associated with [it] are unable to even tell us where they are using our software at this point,” Hermansen told HSToday.

Under this tightly guarded new system, the TSA will take over from the airlines responsibility for comparing Passenger Name Record (PNR) information of domestic air passengers to a greatly expanded list of known or suspected terrorists in the Terrorist Screening Center (TSC) database. As the program is phased in, TSA will be able to check passenger records against watch list information not previously available to airlines. TSA also intends to make use of commercial databases in the Secure Flight system.

A draft report by the Department of Homeland Security’s (DHS) Inspector General, however, indicates there are extraordinary technical hurdles to overcome in integrating all the government’s watch lists. Congress’ investigative arm, the Government Accountability Office (GAO), has reported that that nine federal agencies used 12 separate systems and databases, each developed in response to the agencies' individual legal, cultural, and systems environments, to support federal law enforcement and border security processes.

DHS’s IG draft report said “stronger DHS leadership and oversight would help improve current watch list consolidation efforts,” noting that, “although some progress toward streamlined processes and enhanced interagency information sharing has been made, the consolidation is hampered by a number of issues that have not been coordinated effectively among interagency participants. Specifically, in the absence of central leadership and oversight for the watch list consolidation, planning, budgeting, staffing, and requirements definition continue to be dealt with on an ad hoc basis, posing a risk to successful accomplishment of the goal.”

Under Secure Flight, airline reservation systems would automatically submit to TSA computers the entire Passenger Name Record, which contains 60 some data fields, including name, address, phone number, credit card details and special medical or religious dietary requirements.

Although Homeland Security officials will not discuss technical details of Secure Flight, TSA acknowledged in a prepared statement that Secure Flight will involve comparing “passenger information to commercially available data … to more accurately verify the identity of individuals.”

TSA Administrator David Stone said by using these, and whatever other data fields Secure Flight’s engineers deem necessary, Secure Flight will be able to distinguish between those who actually are known or suspected terrorists on one of the government's watch lists, and those who simply had the same or a similar name. Stone said the new system will enable TSA "to very quickly resolve ambiguities between a person's name and those that are on the no-fly list with a similar name.”

Stone said that rather than using algorithms to determine risk, Secure Flight will "bounce Passenger Name Records data off databases (of known or suspected terrorists) that have been properly vetted through the Terrorist Threat Integration Center.

“We are moving toward a model that is about positively establishing identity and checking that identity against a defined list of suspect people," a TSA official told UPI. "We are moving away from an interest in generic passenger behavior of various kinds."

Lee Strickland, a former senior CIA official now a visiting professor at the University of Maryland's College of Information Studies, told United Press International that the most important challenge is the software that will be used to distinguish names - especially names that must be transliterated from another alphabet like Arabic. "That's a problem that has been with us for 30 years or more," he said, noting that the system won’t be of much use if it can be defeated by changing the spelling of a name, like happened in the case of Kansi.

Strickland said algorithms have grown in sophistication to the point where it can intelligently capture the relationship between apparently different names, but that this could cause as many problems as it solves. "If you are identifying all the variations of a name, it's going to give you more false positives, more people wrongly identified."

Sources explained to HSToday that after seeing what SRD, Infoglide and their partners’ products do, and how commercial databases are to be exploited by these products, “then it really isn’t much of a leap to say that Secure Flight is the TIA reincarnated,” as one put it. If there is any similarity, GAO will likely find it, as GAO was tasked to audit Secure Flight amid concerns about its effectiveness and reliability - critics have suggested that the system might face many of the problems that ultimately doomed its predecessor.

"Ultimately, the problem is you are using names and names are not unique," one industry expert has been quoted as saying. Strickland told UPI "if the data quality is poor you will have problems, no matter what system you are using.”

In a prepared statement announcing Secure Flight, however, TSA said the new system “will help eliminate most of the false alerts caused by the current out-dated system,” an indication TSA understands that the Soundex-based CAPPS technology needs to be thrown out the window.

Testing of the new system will begin in a few months and TSA says it expects to launch Secure Flight by next Spring. Top TSA officials, however, said Wednesday they knew few details of how it will actually work.

Passengers on international flights, though, will continue to be checked against names in the consolidated TSC database by US Customs and Border Protection (CBP), through its Advanced Passenger Information System (APIS), which is required by law. The APIS data in turn is checked against the combined federal law enforcement database, known as the Interagency Border Inspection System (IBIS), which went into operation in 1989. IBIS includes data from the databases of CBP and twenty-one other federal agencies. Names are also checked against the FBI's National Crime Information Center wanted persons database.

Both APIS and IBIS are based on the exact-name match and key-based technology that allowed Kansi to enter the country when he dropped just one letter from his name to throw off the system.

But, Kansi might also have been waived through for another reason. The Feb. 2003 Immigration and Naturalization Service (INS) Inspector General’s (IG) audit of IBIS checks found that “between January and March 2002 the INS service centers adjudicated 11,830 Premium Processing petitions without checking them against the IBIS database. As a result, INS cannot tell how many, if any, of the approved applicants were individuals who were in the INS's five high-risk categories,” which includes “suspected terrorist” and “potential threat to national security.”

INS’s IG further reported that “the consequences of the delay in implementing IBIS checks on all applications and petitions are unknown but potentially serious. We determined that INS processed 387,596 total applications (including 11,830 premium processing applications) without IBIS checks in the period between January 28, 2002 and March 18, 2002.”

Meanwhile, terrorist watch lists compiled from a multitude of disparate databases continue to be given to the airlines who rely on the original CAPP’s 19 Century technology to check passengers’ names against those of known and suspected terrorists - the very technology that failed to alert authorities to Kansi and some of the 9/11 hijackers.

The GAO had noted in audits for Congress earlier this year that CAPPS II was bogged down in problems. Among the things GAO found that DHS and TSA had not addressed were determining and verifying the accuracy of the databases to be used by CAPPS II; stress testing and demonstrating the accuracy and effectiveness of all search tools to be used by CAPPS II; and developing and documenting a process under which passengers impacted by CAPPS II can appeal decisions and correct erroneous information.

“Further,” GAO informed lawmakers in February, “the agency has not yet established a complete plan identifying specific system functionality that will be delivered, the schedule for delivery, and the estimated costs throughout the system’s development. Officials reported that due to testing delays, they were unable to plan for future increments with any certainty. The establishment of overall system requirements, a complete schedule of deliverables, and expected costs for each stage of development are critical to maintaining project focus and achieving intended system results and milestones within budget. Without such plans, TSA is at an increased risk of CAPPS II not providing expected functionality, of its deployment being delayed, and of incurring increased costs throughout the system’s development.”

The original CAPPS was authorized in the Omnibus Consolidated Appropriations Act signed by President Clinton Sept. 30, 1996, and the Federal Aviation Reauthorization Act signed Oct. 9. The decision to go ahead with CAPPS was in response to recommendations made in the White House Commission on Aviation Safety and Security’s final report. The system went into operation in 1998.

Why the government doesn’t simply integrate an easily integratable software solution like that offered by LAS into the existing CAPPS isn’t at all clear. But that it can easily be integrated, and for a lot less than $100 million, has been acknowledged by industry experts.

“My company bought the LAS software to do name searches against world-wide airline reservation data. We threw away code we had been using for years after we implemented/integrated the LAS software in less than half a day! The performance is unbelievably fast (we do millions of name searches every month). A truly remarkable product,” said Scott Kimbriel, who has more than 20 years of experience in the information technology industry, especially in automated solutions for the aviation industry.

It’s equally unclear as to when databases used for criminal background checks like the National Instant Criminal Background Check System (NICS) used to determine whether a person is eligible to purchase a gun, will, or will ever, incorporate the kind of technology Hermansen’s LAS is already providing to US intelligence agencies such as FBI, CIA, National Security Agency and DHS’s Terrorist Threat Integration Center TTIC.

LAS singularly has gotten federal contracts for its name recognition software on “sole-source justification,” meaning that no other company has the expertise needed to fulfill these advanced technology contract requirements for name recognition.

Until border entry databases – including airline databases that handshake with federal border computer systems – and databases used for criminal background checks are based on name recognition technology like that produced by LAS, Kansi-like tragedies, or worse, are possible. And that unnerves counterterrorists and domestic law enforcement personnel in the wake of the expiration of the assault weapons ban. Over the past 20 years, LAS research findings have revealed: The problem of transliterating names is universal; the problem exists not only with Arabic names, but also with many other types of names (Korean, Indonesian, Russian, etc.); the US cannot “fix” the core problem, any more than the US could require all the world to speak a single form of English; and the US can address the problem effectively with advanced linguistics-based software.

The 9/11 Commission urged improving the way names are linked and matched across federal and local anti-terrorism systems. It emphasized that it’s imperative to improve the accuracy and consistency with which name data is collected and entered. In addition, visa-issuing, border-protection, and local law enforcement personnel must be equipped with the best technology available if they are to fulfill their mandate of protecting the nation from terrorist attacks.

With the exception of some intelligence and domestic law enforcement systems, though, available and easily integratable technology for meeting the 9/11 Commission’s recommendation isn’t being utilized.

In February 2001, LAS released the first line of software products ever produced for global name-recognition. The moment of truth occured just after 9/11, when the software was put to the test tracking the 9/11 terrorists. On 9/11, LAS volunteered personnel and technology to help the government track the terrorist suspects. LAS was notified that a Special Agent in Denver had used LAS technology to find multiple ways to spell the same Arabic name. The expanded search helped track the terrorists to their Florida connections. Recognition of this helped prompt Congress to enact the Enhanced Border Protection and Visa Entry Reform Act of 2002, which is designed to help agencies use name data more effectively.

LAS was formed in the mid-80s to assist the State Department in upgrading their visa adjudication process. LAS was tasked to produce a linguistics requirements analysis outlining the issues and possible solutions. Today, LAS provides multi-cultural name recognition software solutions for mission critical applications. Its patent-pending approach to name matching and searching goes far beyond the simplistic Soundex and key-based approaches still used by federal and state agencies, including the airline passenger screening system and databases used to determine one’s eligibility to buy a gun.

“Unfortunately, [Soundex-based systems are] in use at 90 percent of American businesses and government agencies for mission-critical name searching applications,” Hermansen explained.

LAS also provides technology that integrates with applications to automatically search for linguistic variations, phonetic variations and garbled names so that individuals do not need to identify variations of names of interest. To do this, LAS over two decades has collected, classified, analyzed, and extracted statistical patterns from almost 1 billion names from every country in the world.

Hermansen said “experts in computational linguistics say the root of [the] problems [in the exiting no-fly and terror watch lists] can be pinpointed to the widespread use of antiquated technology - Soundex.”

Indeed. “The systems in use are so outdated they can’t distinguish between the last name of terrorist mastermind Osama bin Laden and punk rocker Johnny Rotten Lydon,” Hermansen demonstrated by producing examples using the outmoded technology.

Senior counterterrorists who routinely speak to HSToday on background are livid that affordable name-recognition tools like LAS aren’t being deployed “at the front lines” of America’s war on terror. “We’re using them – we use them to identify targets of interest; people we put on the no fly and other terror watch lists … but it does no damn good whatsoever if the systems on the front end can’t flag these people because the technology was already broken when it was installed,” one candidly said, adding, “I just don’t get it. The technology is there; it’s available – use it!”

M. Cordell Hart, a retired Army Intelligence officer and former CIA Case Officer who also happens to be a Chinese linguist, may have provided the answer. “For over 12 years, on behalf of the US government and several law enforcement associations, I reviewed products and monitored developments of those in business and academe who tried to produce what Language Analysis Systems now has. What many people don’t know is that [this technology] was available well before 9/11, but many managers (as opposed to technical and operational experts) in federal agencies either didn’t understand the problems - and thus the solutions - of listing and tracing names or, worse, they quashed any attempt to obtain and use the device simply because they could not find a way to obtain personal credit for the device.”

“That may seem bizarre, but it is true,” said Hart, who also has worked with the Financial Crimes Enforcement Network (FinCEN), the government’s preemminent financial crimes investigative agency. “I was there. I know that following 9/11 many key government name tracers had little to no skill in tracing Arabic names, yet their bosses still refused to avail themselves of the usefulness of” products like those produced by LAS.

Hart said it was because “Jack Hermansen came to the fore on 9/12 and offered his services/products for free” that 9/11 terrorists were able to be tracked down. “Yes, I do know about that. I was there,” Hart stated.

“We acknowledge that security threats change and [the Transportation Security Administration] needs to have the best possible system in place,” spokesperson Heather Rosenker has been quoted as saying, admitting that, “what is currently being operated by the airlines does not reach that goal.”

“So what’s the damn problem?” quizzed the senior US counterterrorist, who compared the problem to a comedy bit by acerbic comedian, Lewis Black.

“Now you know … and everyone knows, why the weather’s all screwed up … It’s because we lost the ozone layer,” Black begins this particular comedy bit.

“Well, if we lost the ozone layer, why don’t we put it on milk cartons to try to find it. It’s absolutely stupid that we live without an ozone layer. We’ve got men, we’ve got rockets, we’ve got saran wrap … FIX IT!” Black says, looking up and jabbing a finger at the sky.

“It’s kinda like that,” the terrorist hunter posited. “It’s kinda like the simplistic notion for fixing the ozone layer Black uses to illustrate the absurdity of why things that should work … don’t.”

And in the case of the computer system used to match air travelers’ names with the names of terrorists, it doesn’t work. Neither does the computer system for criminal background checks. The intelligence community and its counterterror departments may have the capability, but if the systems are broke into which they put the names of the terrorists they’ve identified, all their work is in vain.

Click here for the main Kimery Report page.