CIA-backed analysis tool eyed for passenger checks

Reservations company hopes technology can help identify suspected terrorists

Data analysis software backed by the CIA and used by some casinos to catch gambling cheats is now being tested for its potential to detect suspected terrorists and their associates when they make airline, hotel or rental-car reservations.

One of the four companies that operate major computerized reservations and global distribution systems has spent the past three months installing the software, which searches transaction data for nonobvious relationships. A working prototype of the application was due to be completed in late December, according to an IT manager at the reservations company.

The IT manager, who spoke on condition of anonymity to protect the secrecy of the project, said his company wouldn't have bought such software prior to the Sept. 11 terrorist attacks. But after the attacks, officials decided to "go in and take the initiative to start plugging the [security] holes" in the reservations system to help prevent similar attacks from being carried out, he said.

The software, developed by Las Vegas-based Systems Research & Development Inc. (SRD), is supposed to clean up incorrectly entered data and search for possible connections between airline passengers and suspected terrorists on government watch lists. SRD said it can check a passenger's name, address, phone number and other identifying information against those of people who are believed to be terrorists.

The technology can also search for close variations, such as transposed digits within a driver's license number, and detect whether a passenger lives near a suspected terrorist by using latitudinal and longitudinal coordinates, SRD said. Development of the software is being partially funded by In-Q-Tel Inc., an Arlington, Va.-based private-sector venture capital firm that the CIA set up in 1999.

The screening application generally runs in batch mode, said Timothy O'Neil-Dunne, a consultant at Tampa, Fla.-based T2Impact Ltd., which was hired by SRD to help with the ongoing installation. But for bookings made within 48 hours of a flight or a hotel stay, the software spools out customer records from IBM mainframe-based reservations systems and analyzes the data in near real time, he said.

At the company that's testing the software, the latter kind of data analysis is expected to take 30 seconds or less, the IT manager said. Staffers will start the testing process by running "canned data" through the software to see what connections it notices, he said. The next step will be to build business rules into the software, such as how many possible connections to a suspected terrorist are needed to flag a passenger as a potential threat and whom to notify if that happens.

SRD CEO Jeff Jonas said the relationship-analysis package was originally developed in 1983 to prevent credit card fraud and has been widely deployed in the gaming industry to track big winners and suspected cheaters as well as to screen employees and job applicants for ties to gamblers.

The largest existing installation of the software culls data from 4,000 sources with information on about 1 million people, Jonas said. The technology functions much like a smoke detector, he explained. "Not everything it finds means [there's] a fire," he said.

Even so, the ability "to do this type of nonintuitive data searching is pretty clever," said Henry Harteveldt, an analyst at Forrester Research Inc. in Cambridge, Mass. Most companies tend to look at the obvious when analyzing data and may miss potential matches that are hard to spot, he said.

However, Harteveldt said, the best use of software such as SRD's could be made by airlines, hotels and rental-car companies, because the big reservations systems are typically conduits for information that originates at those businesses.


Looking for Clues

Examples of the kind of data matches SRD’s nonobvious relationship analysis software, or NORA, was designed to uncover:


that the names Rick and Richard in passenger profiles could refer to the same person. SRD said the software can match a root name such as Richard with all its other forms, such as Rick or Ricardo, across 40 languages.


the possible transposing of digits within passport or credit card numbers. The technology can highlight numbers that almost match ones on government watch lists as suspicious.

Related stories:

For more coverage related to this topic, head to our Security special focus page.

Have opinions on security issues? Head to the Computerworld Security Community. (Note: Anyone can read messages; free registration is required to post. To register, click here.)

Copyright © 2002 IDG Communications, Inc.

Bing’s AI chatbot came to work for me. I had to fire it.
Shop Tech Products at Amazon