CommuteAir, a regional carrier operating 50-seat aircraft under the United Express banner on behalf of United Airlines, has confessed to carelessly leaving multiple sensitive data files on an unsecured server, including the FBI’s terrorist “No Fly” list.
FBI’s Terrorist “No Fly” List Obtained By Hackers From Careless United Express Regional Carrier CommutAir
Per the Transportation Security Administration, the No Fly List is a small subset of the U.S. government Terrorist Screening Database (also known as the terrorist watchlist) that contains the identity information of known or suspected terrorists. This database is maintained by the FBI’s Terrorist Screening Center.
Those on the No Fly List are prevented from boarding an aircraft when flying within, to, from, and over the United States.
A Swiss hacker found a text file marked NoFly.csv and says it contains 1.5 million names (though some of the names are aliases). The last reference point we had was a decade ago when a leak revealed the list stood at around 47,000 names.
A CommuetAir spokesperson confirmed to the Daily Dot:
“The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth.”
Other employee personnel files were on the server, but no passenger information.
My response is not one of outrage against CommuteAir, but outrage against the list itself. Too many people have found themselves on the list that should not be there and the shadowy way the list is maintained and administered strikes me as anathema to the American system of ordered liberty with special safeguards for individual rights.
- Woman Arrested At LAX, Jailed For 13 Days…Then Police Finally Realized She Was The Wrong Person (This Is Why No-Fly Lists Are Problematic)
No foreign citizen is entitled to enter the USA, but the idea that someone can be wrongly added to the list and languish there for years is obscene. And I speak not theoretically but on behalf of a dear friend in Egypt who found himself on the list likely due to his common name and was barred entry to the USA. If the USA is going to maintain such a list, it darn well must do a better job of maintaining it.
CONCLUSION
CommuteAir, which operates on behalf of United Express, has confessed to leaving a 2019 edition of the FBI’s terrorist “No Fly” list on an unsecured server, making it vulnerable to a hacker. While such foolish data management should be condemned, I find the revelation that the list is 1.5 million lines long to be far more concerning.
(image: TSA // H/T: Paddle Your Own Kanoo)
I think your attitude would change if you found out you flew with a fellow PAX who’s name was properly placed on the list.
You’d be baying for blood from the airline or FBI
Not true, because that person would be screened. Why is that not enough?
Because the exposed file was manipulated allowing the person in question onboard…..
And why not if they undergo the same security screening all of us do? Do we not trust the TSA?
Do you?
https://www.forbes.com/sites/michaelgoldstein/2017/11/09/tsa-misses-70-of-fake-weapons-but-thats-an-improvement/?sh=86911182a38d
TSA screening is just one layer of securing the safety of the traveling public. It’s not a perfect process which is why additional layers of security exist. It’ll stop most the crazies, idiots, and gun nuts; however, additional measures are required to thwart organized, well funded, and/or intelligent threats.
There are almost 3000 people that were still alive on the morning of Sept 11 2001 that can’t feel sorry because your friend has a common name and is on a list.
A little inconvenience for a few is worth the safety aspect for the masses. Nothing is perfect and there is a remedy for those who are accidentally placed on a list.
I bet you’d be singing a different tune if “Dave Edwards” was on the list and you were given no reason and no justification for being put on it.
9/11 could have been prevented by reinforcing cockpits and banning box cutters. We don’t need a no-fly list. We don’t sacrifice the liberty of some for the liberty of all…it is then hollow liberty.
We are going to have to disagree on that one. Again, there is a remedy to get off it, or one can choose to not come here, I’m sure they will be fine. And let’s face it, they aren’t putting people with regular American names on the list so I’m good. In fact, I wonder how many people on this list are Americans? Probably just a handful so the reality is that this is a minor issue to most of us.
And I have no issue if some foreign country does the same to our citizens if they are concerned we have citizens who might want to commit a terrorist act in their country.
As for your 9/11 thoughts, sadly no one thought of these things before hand. Because we never thought there were Islamic savages who would do something like this even with all our intelligence agencies.
And our liberty is for our citizens, not those of the world. So again, how big of an issue is this to US citizens? I’m open to be proven wrong if the list is filled with US Citizens.
Not a law expert, but I’m pretty sure the laws of the US apply to anyone in the US, citizen or not. Pretty sure you have to follow other countries’ laws when abroad.
Maybe looking into why someone would only want to learn how to take off would have been a good idea too.
Is there a course that teaches people how to handle sensitive and confidential documents?
Yes! The question is whether the correct people are being required to take it. 😉
This is one of those times where I am in agreement with you, Matthew, not to make it sound like it’s a rare occurrence. 😉 IMO, the problem, as you suggest, is that the processes at work here are very opaque. Yes, there may be remedy for getting oneself remove from the No-Fly list, but the fact that ACLU websites are the top hits when one does an Internet search on what that process would be is … telling. So, I don’t know that I necessarily have a problem with the list; it’s the opaqueness around it that is disturbing.
Most of us with any personal prospective on 9/11 aren’t going to align with the idea that airport screening alone is enough to prevent what are unequivocally unacceptable events like that day. So, you don’t like the current system? What should change? Making the lists public? Is it really better for someone falsely associated to have that claim on the internet for anyone with an agenda to see? That was considered and rejected as unacceptable. Governing is messy but failing to govern when touching on issues of public safety is not an option. These are almost always questions of benefit of the many vs very real hardship of the few. As Americans, we are wired to side with rights of the few. That impulse is misplaced here.
You know they updated their name to CommuteAir now, right?
https://www.ch-aviation.com/portal/news/117881-uss-commutair-to-change-legal-brand-names#:~:text=The%20US%20Department%20of%20Transportation,legal%20name%20to%20CommuteAir%20LLC.
Good to know.
I think that the USA badly needs a no-fly list but I might argue that we need two rather than one:
One (hopefully small) list of vetted government mandated high-risk people. Think people who would be disproportionately willing to try to kill everyone on a plane.
The other would be created by the airlines and would pretty much cover people who had acted sufficiently awfully inflight as to be barred from flying commercially for many years. Think people trying to sneak weapons on a plane, starting a brawl inflight, sexually molesting another passenger, and so forth.
Stupid security leaks aside, we need some system in place. Should the current system be improved? You bet! But I’m not sanguine about leaving all security concerns to the TSA people at any departure airport either.
Another problem I see is that you seem to think that the list should be published. Wouldn’t publicly handing out lists of current aliases for terrorists be kind of a bad idea since that would alert them that they just need a name change to sneak by security?
Regarding your Egyptian friend, he’s not alone. Remember when Senator Ted Kennedy was flagged for having the same name as someone on the list? That pretty clearly illustrates some shortcomings that need to be addressed.
Ultimately, I think the question should be how do we make our system(s) more effective, accountable, and secure rather than just complaining. Outrage is a good attention-getter but it doesn’t do anything to fix a problem.
Is Rob O’Neill still PNG’ed from Delta?
That’s really what “no fly lists” have become.
Why does a regional carrier that doesn’t sell its own tickets need a no-fly list at all? Aren’t all bookings on regional partners managed by the mainlines themselves? In any event, this is just another unsurprising outcome outsourcing.
Looks like the TSA is using the No Fly list as a source for getting employees, just look at the photo at the top of the page. Oh wait, that’s the no Fly list from before 9/11 and Der Homeland Security of AmeriKa.
All of this because George W Bush wanted to fly some airliners into the World Trade Center and Bomb Iraq for his daddy.
I don’t believe the information was “leaked” by a United Express carrier, as much as the headline writer would like to get eyeballs on screens.
The information was exposed as the result of a criminal act by outside parties.