Analysis & Commentary:

SOFTWARE SOUGHT TO EXPOSE TERRORIST CELLS

As reported by Steve Johnson, in a move that has some privacy rights advocates concerned, the Pentagon is hoping to track down terrorists with the help of a growing battery of computer software developed to combat consumer and business fraud.

The Defense Advanced Research Projects Agency is trying to design its own version of the software to uncover terrorist cells that are posing as legitimate groups and lying about such things as past employment, education and business affiliations.

"What is needed is intelligent agent software that is capable of reviewing Web sites and identifying implausible or inconsistent information," the agency said in an Oct. 2 public notice seeking help from businesses or others to create the software.

The public notice is further proof of what Bush administration officials have said will be a different kind of war fought on many fronts. The campaign against terrorism will include not only bombing raids in Afghanistan but also battles waged behind the scenes in this country.

According to the defense agency, the software would root out suspicious activity such as "companies who claim contracts incommensurate with their business history or size, companies who make unverifiable claims, persons who have missing periods in their background and persons whose positions are inconsistent with their experience."

Other applications

The defense agency said the software also would have a wide range of non-military applications, from spotting Medicare fraud to conducting "business intelligence gathering about their competitors' plans and capabilities."

Ted Senator, who is listed on the notice as the primary military contact for businesses interested in creating such software, referred all calls about the matter to Jan Walker, a spokeswoman with the agency. She was unable to provide details about the program Tuesday.

Based on the sketchy information provided in the notice, the anti-terrorism software concept troubles Beth Givens, director of the Privacy Rights Clearinghouse in San Diego.

"I am concerned that there are going to be individuals pulled into the dragnet who might loosely have a profile that might match that of a terrorist," but who are not terrorists, she said.

She cited a 1998 brouhaha that erupted over the U.S. Drug Enforcement Administration's analysis of data from an Arizona supermarket chain's customer discount cards. When the agency disclosed that it considered large-scale purchases of small plastic bags as evidence of possible drug dealing, some people were outraged.

Wording concerns

Some of those familiar with existing fraud-detection software say it wouldn't be easy to do what the Pentagon asks. One big problem is that relatively little is known about how terrorists operate, which could make it hard to design software that knows what to look for.

Although many businesses "are just thrilled to death" with their fraud-detection software, said John Gill of the Association of Certified Fraud Examiners, if it isn't written correctly "you can get a lot of gibberish."

But others are optimistic about the defense agency's proposal.

"It really looks like they know what they're doing," said Tom Fawcett, a software expert at Hewlett-Packard Labs in Palo Alto, who co-wrote a 1998 paper on using artificial intelligence for fraud detection that was cited as a reference in the notice.

Many businesses already use fraud-detection software, which works by essentially spotting things that don't fit normal patterns.

Rob Jensen of HNC Software in San Diego said his company's products are widely used by credit card firms to detect fraudulent transactions. If a card that is normally used to only buy clothes at stores suddenly is used to buy lots of expensive electronic gear overseas via the Internet, for example, the software would alert the card company that something could be amiss. Armed with this technology, Jensen said, credit card firms have "pretty much cut their fraud in half."

Government agencies increasingly are finding the software useful.

The National Security Agency uses it to sift through its massive trove of eavesdropping data to search for spies and terrorists. The FBI is developing similar software to spot hackers attempting to invade government computers. And New Jersey police recently began using software developed by Memex of Scotland to analyze a database they are compiling of people with ties to New Jersey and to the Sept. 11 attacks, according to Chris Byrd, an executive with Memex's U.S. operations.

High cost

Some data-crunching software can cost hundreds of thousands of dollars. But it sometimes can save a lot more, Byrd said, referring to a 1994 incident when the Defense Intelligence Agency used Memex's software to help analyze worrisome Iraqi military maneuvers.

At the time, Iraq's army seemed to be doing many of the same things it did just before it invaded Kuwait four years earlier. But when the agency analyzed all the data, "We could tell it was not a troop mobilization," Byrd said. Moreover, by not having to rush additional military personnel to the region, he said, the U.S. "saved millions of dollars."