The CIA apparently didn't know Alhazmi and Almihdhar were already in the country when it alerted the Immigration and Naturalization Service, FBI and Coast Guard not to let them in the country. They were even booking flights using their own names, and did not trigger any alerts.
Private databases could have been useful because Almihdhar gave an address also used by Marwan Al-Shehhi and Mohamed Atta, two of the hijacker pilots. Again, no one connected the dots between someone on the terrorist watch list and his accomplices.
Atta made a plane reservation with a phone number that could have tied him to five more of hijackers. Alhazmi used the same address as another hijacker, Salem Alhazmi. And ironically, there was one more number shared between Almihdhar and another of the hijackers, Majed Moqed: a frequent-flier number.
However, Jeff Jonas, a computer scientist who has received financial backing from the CIA, points out even these precautions may not have stopped the tragedy.
"I fear that, maybe, if we knew they were going to get on the plane, we might have surveilled them on the other end, waiting for them to get off the plane, to see what meeting they were going to," he said. "In fact, they would have never landed."
Today, almost any piece of information in the public record is available to private companies who market that information to others. And the government, with only some limitations, is able to obtain it as well.
But many observers now worry that private companies are not accountable in the same way that government is -- and yet government is increasingly counting on these private companies.
When the information in these private databases is wrong, there can be serious consequences. A recent survey of credit reports by a public interest group found that more than half the reports it studied had personal information that was incorrect.
In April 2000, Nicole Robinson, of suburban Maryland, allegedly had her identity stolen by a woman in Texas who had the same first and last names. To date, at least 65 different addresses and 42 different names have been used in connection with her Social Security number.
Nearly five years later, she is still unable to clean up her credit record and establish definitively who she is, even though the woman in Texas has been arrested.
And if Nicole from Maryland is now somewhere in the government system, for whatever reason, the government may not be able to figure out precisely who she is.
"The systems can't determine that we are actually two separate people," she said. "So essentially, I am an alias of her, or she is an alias of me."
There are also concerns that the government is not capable of sharing the right information, about the right person, at the right time -- without harassing innocent people.
One example is David Fathi, a lawyer with the American Civil Liberties Union who has been told he is on a government "no fly" list. Fathi has been detained at airports 10 times in the last year and a half. He thinks it may be his name, which is Iranian.
Being detained is "unpleasant and stressful and humiliating," he said. "And the most frustrating thing about it is that the government won't tell me why I am on this list, and it won't tell me what I can do to get off."
But Fathi is also alarmed that the security system -- managed by the government in partnership with private airlines -- doesn't catch him every time.