NEW YORK – The name of Libyan leader Col. Muammar Abu Minyar el-Qaddafi can be written more than 30 different ways in English, including Mu'ammar Al Qathafi, Moammar al-Qadhafi, Moammar Khadafy, Moammar Kaddafi, Muammar Gheddafi, Mulazim Awwal Mu'ammar Muhammad, Muammar Abu Minyar al-Qadhafi and Mu'ammar Qadhdhāfī.
The 19 men who hijacked the Sept. 11, 2001, airliners had a total of 364 aliases, noms de guerre and alternate spellings of their names, according to the Sept. 11 commission report.
"Among the more important problems to address is that of varying translations of the same name," states the report. "For example, the current lack of a single convention for transliterating Arabic names enabled the 19 hijackers to vary the spelling of their names to defeat name-based watchlist systems and confuse any potential efforts to locate them."
Changing a name even slightly — particularly one transliterated from Arabic, which has over 30 different dialects, but only one spelling for each name — can allow even the most dangerous individuals flagged on various watchlists to enter the United States.
Jack Hermansen, CEO of Language Analysis Systems (LAS), says that if his company's name-transliteration technology were used more often, some of these individuals might never make it into the U.S.
"When you're dealing with border security, it is a huge deal — someone could die if you don't do a good job of name searching," Hermansen told FOXNews.com in an interview. "Everyone in the world knows how easy it is to circumvent U.S. border systems, except Americans. We are very naïve about this."
Hermansen noted the case of Mir Aimal Kansi, who entered the United States in 1991 with fake papers he bought in Karachi, Pakistan, using the last name "Kasi."
The Sept. 11 commission staff report on terrorist travel outlines Kansi's activities, including how he applied for — and received — a new Pakistani passport in Washington, this time under the name "Kansi," thereby essentially giving him two different identities.
"He knew that this was a legitimate variation of his name in Urdu," the national language of Pakistan, Hermansen said.
On Jan. 25, 1993, the Quetta native, who had fought with guerrillas against the Soviet occupiers of Afghanistan, shot five people in their cars as they waited to drive into CIA headquarters in Langley, Va.
Two of his victims, shot at close range with an AK-47 assault rifle, died.
Kansi quickly fled the country, but was put on the FBI's Most Wanted list and captured in Pakistan four years later. In November 2002, following a trial and conviction in the United States, he was put to death by lethal injection.
The Foreign-Name Challenge
While Hermansen was working on his doctorate at Georgetown University, he wrote his dissertation on the flaws of Soundex, a name-classification system developed nearly a century ago. Later used to analyze U.S. Census results, it is still in use today.
Soundex is a "key-based technology," in which a number represents a group of consonants and names indexed by their sound, rather than their spelling, when pronounced in English.
The goal of this phonetic coding is for names with the same pronunciation — for example, "Rubin" and "Rouben" — to be encoded to the same string even if there are slight differences in spelling.
But there are "fatal flaws" with Soundex, according to Hermansen. He points out that it has no cultural sensitivity to names, and no tolerance for random typos.
Deciding that there needed to be a more knowledge-based system that would take such factors into consideration, Hermansen started LAS, which began as a government-consulting firm but is now 100 percent commercial.
In April 2001, Hermansen gave a demo of his Name Reference Library (NRL) software to an INS agent at a law-enforcement conference about Asian organized crime.
The NRL interactive encyclopedia contains culture-specific information about names, their use, their meanings and their patterns of spelling variations. It includes information and analysis of names from Afghanistan, Iran and Pakistan.
Fed a name, the NRL will come up with a wealth of data about it: its originating culture, its gender, minor particles of the name, countries where it is most commonly found and variant forms sorted according to usage frequency.
After Sept. 11, FBI agents used the NRL to track one hijacker to a Florida flight school.
"Everybody was getting zero until they tried these variant forms" of the hijackers' names, Hermansen said. "And the sad thing is, these things are still in use today."
For example, when first seeing the name "Karimbux Zainoelbaks," one might assume that since "Karim" is Arabic, and the "oe" in the last name is common in Dutch, the two together would indicate that the person came from Indonesia, a former Dutch colony where Islam predominates.
But if you were to type that name into the NRL, you would find that the name is actually Pakistani in origin and is also commonly found in Suriname, Kenya, the United Kingdom and the Netherlands. Variants of the name are also given.
Government officials acknowledge that the name-recognition technologies used by various government agencies today are insufficient.
"We must recognize that a names-based terrorist identification system has inherent limitations. Under any circumstances, the potential for false positives is high," Russell Travers, then associate director for defense issues at the Terrorist Threat Integration Center — which has since been absorbed into the National Counterterrorism Center — testified last year before the Sept. 11 commission.
"But with foreign names, and particularly with Arabic names, the challenges are even greater; for instance, the transliteration of Arab names is a very inexact science," he added. "Spelling can vary, and the protocols for which names are actually used can be difficult for Westerners to understand.
"Couple this with the standard terrorist use of nicknames, aliases, 'noms de guerre,' and increasingly sophisticated forgeries, and the analytic challenge for the intelligence, law enforcement and homeland security communities becomes increasingly complex," Travers said.
The intelligence reform bill signed into law by President Bush last year calls for the president to pursue international agreement to modernize and standardize spellings of names.
Standard systems already exist for Chinese names to be transliterated into English, although mainland China differs with Hong Kong, Taiwan and Singapore over which method to use.
The Enhanced Border Security and Visa Entry Reform Act of 2002 also calls for electronic systems used by various U.S. agencies to be searchable on a linguistically sensitive basis and to account for variations in name formats and transliterations, including varied spellings or name combinations. It calls for linguistically sensitive algorithms to be developed for at least four languages.
But Hermansen, who lobbied against that provision in the bill, said it would be unrealistic to tell the president of another country, for example, that he had to spell his name differently just to conform to an American law.
"It's a very complex problem and the way to approach it is by more knowledge-based solutions, not by pretending to make it simpler," he said.
Eric Larson, a senior policy analyst at the RAND Corporation, said name-transliteration and related technologies that search foreign-language texts for keywords can prove useful when there is a shortage of human experts who read languages such as Arabic, Urdu and Pashto.
For example, there are some Arabic translation engines available that can quickly translate an Arabic statement into English. Other technology is available that aids in pattern recognition as well as for measuring text content.
"Obviously, the key here is that we don't have enough people who can read and speak the native languages. Translators are fairly scarce," Larson said. "It's useful having some automated tools that can parse text in foreign languages."
Use on the Street
LAS is used in all counterterrorism centers in the United States, including those at the FBI and Department of Homeland Security. The Customer and Border Protection Agency also uses LAS as its sole provider of name-parsing software.
While some U.S. agencies, such as the State Department, are still using Soundex, the government of Singapore, as well as some European banks, use LAS software. The governments of Israel and Great Britain are considering adopting it.
"They understand this problem so much more quickly than the United States," Hermansen said. "I hope that the interest overseas makes Americans stand up and pay attention, that some of these countries renowned for their security practices know about this."
LAS is also being used by the New England State Police Information Network (NESPIN), whose members are investigators and law enforcement personnel from Connecticut, Maine, Massachusetts, New Hampshire, Rhode Island and Vermont. NESPIN, which is part of the Justice Department's Regional Information Sharing System, also has member agencies in Canada.
"What we try to do is look for software that will help our member agencies ... a lot of law enforcement officers do not know Arabic, Asian names, which are a little bit different than what we have in how they are utilized," said NESPIN Director Bill Deyermond. "What they [investigators on the street] like to do before they talk to someone is find out as much as they can ... so they can catch a person in a trick. They can make the person think they know more about a person than they actually do."
Member of local law enforcement, who are often on the front lines, can use LAS software to analyze names and learn correct pronunciation of non-English names to better address a suspect in certain situations. It also allows officers to learn different variations of a suspect's name.
"It's important for them [officers] to know who they're speaking to, if they have the correct information ... that can protect them, protect the public and it may even save their life," said NESPIN training coordinator Rick Flood.
Although biometrics seems to be all the rage in how to better secure vital documents such as passports and visas, Hermansen says he's confident there will always be a need for his software, particularly when identities need to be verified.
"A lot of our information for our most critical and sensitive databases comes from informants," Hermansen points out. "They say 'I've got a name for you.' They don't say, 'I have a fingerprint for you.'"