In their efforts to prevent a repeat of the Sept. 11 tragedy, the U.S. government and the airline industry are relying on software so outdated that it can't distinguish between the last name of terrorist mastermind Osama bin Laden and punk rocker Johnny Rotten Lydon.

As the war on terrorism spurs U.S. intelligence agencies to constantly expand aviation watch lists, many airline-reservation systems rely on name- searching software based on a 120-year-old indexing system that mistakes the similar spelling or sound of innocent passengers' surnames for those of terrorists.

The result: Thousands of travelers have been flagged at airports for additional searches and police questioning -- while critics say real terrorists could slip through undetected.

The American Civil Liberties Union has documented at least 339 passengers stopped and questioned after being flagged by the software at San Francisco International Airport since the 2001 hijackings. But they all appear to be "false positives," and no one has been arrested.

"If this is happening just at SFO, one can only imagine the thousands of air travelers who are being stopped across the country in connection with the no-fly list," said Jayashri Srikantiah, an attorney for the ACLU's Northern California chapter. It has sued the FBI and the Transportation Security Administration for information about why two San Francisco peace activists were ensnared by the software.

Nationally, the FBI cannot cite a terrorist who's been captured because of the no-fly list. Civil-liberties advocates say the Bush administration's refusal to disclose policies and practices about the secrecy-shrouded watch lists may simply conceal the lists' embarrassing ineffectiveness.

TSA CRITICIZES SOFTWARE

The TSA acknowledges that some airline-reservations software has difficulty accurately comparing passenger names against the government watch lists. The agency recently advised airlines that if a passenger is chronically misidentified as a watch list suspect, the agency will put the person on a "fly list," said agency spokeswoman Heather Rosenker.

"We acknowledge that security threats change and TSA needs to have -- on behalf of everyone who flies -- the best possible system in place that gives equal measure to privacy and security," Rosenker said. "What is currently being operated by the airlines does not reach that goal."

The problem, critics say, is that the English-based name-search software used by airline-reservation databases is easily flummoxed by Arabic, Asian and other names that, when converted from their native script to the Roman alphabet, can have hundreds of legitimate different spellings.

In the early 1990s, a Pakistani terrorist known as Mir Aimal Kansi entered the United States -- eluding government watch lists -- by spelling his name with the legitimate variant "Kasi" on travel documents. In 1993, he shot to death two CIA employees and wounded three other motorists on a busy roadway outside the spy agency's Langley, Va., headquarters and then fled the country.

The TSA says the ultimate solution is a new, government-operated version of the airlines' Computer Assisted Passenger Pre-screening System (or CAPPS). Congress mandated a new system after the Sept. 11 attacks.

The TSA says the so-called new CAPPS II system will make travel safer and faster -- without sacrificing privacy and civil liberties.

CAPPS II COMING

Scheduled for deployment in Spring 2004, CAPPS II will require airline ticket buyers to give more identifying information -- full name, birth date, home phone number and address. This information will be run against private credit-rating and government watch list databases to "verify you are who you say you are," Rosenker said.

In less than five seconds, it will issue every U.S. passenger a threat- assessment score encrypted on the boarding pass: A code "Green" passenger will undergo normal security, a "Yellow" code will face additional searches and "Red" codes will be barred from traveling.

However, the proposed system has critics warning of "trial by computer."

For example, a December study by the Consumer Federation of America and the National Credit Reporting Association found errors in names and other identifying information in 1 out of 10 credit reports -- the tools that TSA hopes to use to confirm identities.

"We've seen serious inconsistencies and error in the data, and any system that relies on that data is going to inherit those inconsistencies," said study researcher Brad Scriber, of the consumer federation.

Aviation watch lists were started in 1990 to keep terrorists and "air pirates" off airplanes and track drug smugglers and other fugitives. But since the 9/11 hijackings, the lists have been expanded significantly.

TSA manages two watch lists: the top-secret "No-Fly List" -- which aims to keep terrorist suspects off airplanes -- and a list of lower threat "selectees" chosen for expanded searches.

Problems begin when the name of a passenger checking in at the airline counter is incorrectly flagged by the reservation computer as being on a watch list. The computer terminal automatically locks up, requiring the ticket agent to contact local police or the FBI to clear the traveler.

At SFO last August, Jan Adams and Rebecca Gordon were stopped for being on the no-fly list, according to SFO records obtained by the ACLU under the state Public Records Act.

After questioning by police, who cleared them, the couple were allowed to fly to Boston -- with additional searches of their persons and baggage.

THEY ARE PEACE ACTIVISTS

Adams and Gordon feared the government was targeting them because they're veteran peace activists and co-founders of War Times, a San Francisco anti-war newspaper. Now it appears that reservations systems were rounding up anyone with a name similar to "J. Adams," including a Virginia attorney (J. Christian Adams) and a young woman (Jodi Adam) who was stopped at SFO the same day as the peace activists, according to TSA complaints and police records.

"As a 'J. Adams,' I really find it disturbing that somebody somewhere in the government is generating something that causes 'J. Adamses' to be looked into, and I can't find out anything about it," said Jan Adams, 55.

On the couple's behalf, the ACLU sued the TSA and the FBI for failing to respond to a Freedom of Information Act request for records about their no-fly list status. The FBI's response letter stated it had "no records" for the women -- or about any watch lists -- and the TSA didn't respond to the records request.

The problem is that reservation software now relied upon by the government was designed not to catch terrorists, but to quickly summon passenger names or to catch deal-hunting passengers making duplicate bookings.

SORTED BY SOUNDS

Many airlines rely on name-searching software derived from "Soundex," a 120- year-old indexing system first used in the 1880 U.S. census. It was designed to help census clerks quickly index and retrieve sound-alike surnames with different spellings -- like "Rogers" and "Rodgers" or "Somers" and "Summers" --

that would be scattered in an alphabetical list.

Soundex gives each name a key using its first letter and dropping the vowels and giving number codes to similar-sounding vowels (like "S" and "C"). The system gives the same code, L350, for "Laden" and all similar-sounding names: Lydon, Lawton, and Leedham.

Fears that a CAPPS II system will magnify the problem spurred the Senate to approve an amendment in May that would require the Bush administration to report to Congress within 90 days about what safeguards are in place to protect civil rights.

The bill's author, Sen. Ron Wyden, D-Ore., said: "What this debate is really going to be all about is: How does government come up with a strategy that allows us to fight terrorism ferociously without gutting our civil liberties?"

©2003 San Francisco Chronicle

###