At last week's Gartner conference, I attended a session entitled "Information on Demand: Leveraging the Power of Information Services." In that session, the chief scientist with IBM Software's Information Management group, Jeff Jonas, delivered a chilling tale that I thought worthy of relating here.

Jeff's story revolved around the notion of identifying obvious and non-obvious relationships among individuals and organizations. After September 11, 2001, Jonas had begun to ponder a central question regarding the 19 hijackers: Did officials have the information they needed to identify the hijackers before they boarded those planes?

As it turns out, the answer was "yes." Using information available at the time, here's what Jonas discovered: Two of the terrorists, Nawaf al-Hamzi and Khalid Al-Mihdar, were already in the United States and were on a State Department watch list. Both al-Hamzi and Al-Mihdar made flight reservations using their own names on AA Flight 77. A third hijacker had the same address as al-Hamzi, and Marwan Al-Shehhi and Mohammed Atta both had the same address on their reservations, the same address used by Al-Mihdar. Finally, five of the hijackers had the same phone number as Atta, and another had bought his ticket using the same frequent-flier number as Al-Mihdar.

Making the Non-Obvious Obvious

Ultimately, only three degrees of separation linked 13 of the 19 hijackers on 9/11. So could they have been identified in advance? Jonas' assertion seemed to be that it was possible. Perhaps...perhaps not. But the net of it was this: The information was there...the system to extract and exploit that information was not.

Through a technique called "non-obvious relationship awareness" (or "NORA"), Jonas suggested it might have been possible to have identified the hijackers in advance, because they had clearly left evidence that they were in one another's orbit. Identity recognition has historically focused on creating a single 360 degree view of an individual, using data that is directly attributable to that individual. With relationship resolution" software, identity recognition technology extends that 360 degree view to "non-obvious" relationships among individuals and organizations to better determine potential value or danger, even if an individual is attempting to disguise his or her identity.

Ultimately, we will never know if it was entirely possible to have prevented the attacks. But it was encouraging to me to learn about a technology that at least has the potential to prevent them in the future.