No-Fly List Exposed

I can’t remember the last time I thought about the US no-fly list: the list of people so dangerous they should never be allowed to fly on an airplane, yet so innocent that we can’t arrest them. Back when I thought about it a lot, I realized that the TSA’s practice of giving it to every airline meant that it was not well protected, and it certainly ended up in the hands of every major government that wanted it.

The list is back in the news today, having been left exposed on an insecure airline computer. (The airline is CommuteAir, a company so obscure that I’ve never heard of it before.)

This is, of course, the problem with having to give a copy of your secret list to lots of people.

EDITED TO ADD (2/14): The 23 yo researcher who found NOFLY.csv wrote a blog post about it. This is not the first time the list has become public.

Tags: , , ,

Posted on January 23, 2023 at 7:02 AM29 Comments

Comments

Chris January 23, 2023 8:07 AM

Good thing taxpayer IDs weren’t in the file or the TSA would be on the hook for a free year of credit monitoring.

What’s the appropriate level of responsibility for leaking personal data of suspected criminals never charged with a crime?

Thomas M January 23, 2023 8:18 AM

Well the question is, is this list even valid? I read it contains 1.5 million entries!
Apparently also contains people who just have the wrong opinion.
It is list and process worth of a dictatorship and not of a democratic country.

Snarki, child of Loki January 23, 2023 8:59 AM

The “no-fly list” was a stupid idea, implemented by deeply stupid people.

Unfortunately, such ideas seem to have a very long lifespan.

Ted January 23, 2023 9:15 AM

@Andy

I wonder how related it is to OFAC’s list

Good question. Apparently Viktor Bout, who was the only person listed by name in the article, is also on the OFAC list.

Victor Bout is, of course, the Russian arms dealer who was swapped in a prisoner exchange for Brittney Griner on Dec 8, 2022.

Brian January 23, 2023 10:07 AM

I wouldn’t mind the no-fly list so much if it were like an expanded version of the FBI’s Most Wanted list: people who should be arrested if we notice them trying to board an airplane.

Winter January 23, 2023 10:20 AM

The No-Fly list contains so many names that have nothing at all to do with terrorism that I doubt it actually prevents any terrorists from boarding.

‘https://edition.cnn.com/2015/12/07/politics/no-fly-mistakes-cat-stevens-ted-kennedy-john-lewis/index.html

Sen. Ted Kennedy told the Senate Judiciary Committee in 2004 that he had been stopped and interrogated on at least five occasions as he attempted to board flights at several different airports. A Bush administration official explained to the Washington Post that Kennedy had been held up because the name “T. Kennedy” had become a popular pseudonym among terror suspects.

The oldies under us will remember Cat Stevens, the singer who converted to Islam. He flew to the US and the No-Fly list kicked in for all passengers:

In 2004, a Washington-bound United Airlines flight from London was diverted to Maine after officials discovered Yusuf Islam, the singer formerly known as Cat Stevens, was on board. Islam was denied entry into the U.S. and made to return to the U.K.

“Celebrity or unknown, our job is to act on information that others have given us,” Homeland Security Secretary Tom Ridge said at the time. “And in this instance, there was some relationship between the name and the terrorists’ activity with this individual’s name being on that no-fly list, and appropriate action was taken.”

But there was no further formal explanation and Islam was allowed in 2006 to enter the U.S. without incident.

jeadly January 23, 2023 10:23 AM

Have I missed some legitimate reason that this list needs to be kept secret? Yes, the public outrage of such a stupid idea would surely have shuttered it long ago had it been exposed early on; though I’m not sure that should be considered legitimate.

Micah January 23, 2023 10:30 AM

This is, of course, the problem with having to give a copy of your secret list to lots of people.

I don’t see why they’d “have to”. That’s just another badly designed aspect of a bad idea. They could force the airlines to give them passenger lists for approval instead. Or, just have the TSA agents check the names when people are going through security. (Sure, it would feel like arbitrary harassment to be turned away at that point, but isn’t that the point of the list in practice?)

Winter January 23, 2023 11:16 AM

@Micah

They could force the airlines to give them passenger lists for approval instead.

That would mean checking the list would weight on the budget of the TSA or whomever. Now the cost of checking the names is paid for by the airlines.

Jeremy January 23, 2023 11:27 AM

.

… OK, the NoFlyList is obviously a bad idea and totally illegal under the Due Process clause of the Bill of Rights Fifth Amendment.

TSA general searches of the traveling public are also blatantly illegal under the Fourth Amendment.

So the root problem is that the Federal Government is freely operating well outside the rule of law — and a very passive American public fully accepts this tyrannical situation, with perhaps a few very faint grumblings.

Things will only get worse from here.

Paul January 23, 2023 11:39 AM

The list “needs to be secret” because if bad people know their name is on it, they’ll travel under a different name. So the list basically represents TTPs for TSA.

No, the government likely will not do anything differently now that everyone knows the names on the list. After all, there’s no way to prove everyone on the list read that it was out in the wild!

Clive Robinson January 23, 2023 11:59 AM

@ Snarki, child of Loki, ALL,

Re : Bad ideas never die in politics.

“Unfortunately, such ideas seem to have a very long lifespan.”

The reason is simple potential “political fallout”.

Allegadly there are one and a half million people on that list, some because their husbands thought putting their wife on when she was visiting relatives abroad was easier than divorce[1], but most others because agents were “wall papering their sit-upons”…

From an agents point of view adding someone to the list has no concequence for them, taking someone off does, in the remote chance the person goes on to commit an act that someone can make sound terroristy[2].

Now, as there are so many people on the list it’s guaranteed there are one or two nut-bars on it. From a political point of view consider what would happen to anyone with the authority to kill the list, who did so, and then later one of those nut-bars does something stupid and a journalist finds out they were on that list when it existed…

Therfore for politicians there is absolutly no up-side in getting rid of the list. In fact the down-side potential is such they would vote to keep the list, even if everyone on it was provably dead… Just incase zombies are real.

As we know babies and toddlers have names that are on that list, it’s probably going to be around for another century or so…

But hey that’s just “politics in action”, all funded by your tax dollars, remember that next time you get around to voting (if you’ve not already been baned for some reason).

[1] Remember back to 2011 when the news alledged that a UK immigration officer who having kept his wife out for three years got found out when he applied for promotion. We covered it on this blog back then,

https://www.schneier.com/blog/archives/2011/02/uk_immigration.html

[2] Recently we’ve seen “Domestic Terrorist” be claimed for shooting up a transformer. As I commented there is a lot of “shooting things up” in the US, by bored kids drunks etc. This does not make them terrorists, just idiots who have gone the next level up on the idiocy of “Drive by mail-box baseball”. However from an agent/officers point of view, arresting a drunk idiot with a gun, well that’s just part of the job and not note worthy or worth promotion points. However call it “Domestic Terrorism” then it becomes noteworthy, talking heads will nod on 24hour national news, politicians will be outraged and bluster and promotion prospects suddenly look good.

Quantry January 23, 2023 12:18 PM

@ David in Toronto Re:#comment-416376

I’m surprised it took this long to leak publicly

The Canadian version was available years ago. Not sure what this surprize is, regardless:

@ ALL: re Cops with Vendetta – do you really want to tug on superman’s cape?
I wonder if Ross A from Cambridge U is still on it.

At 8:45 this morning, Ive gotten a coffee at the Tim Horton’s downtown after a 20 minit walk from the high school against the 15 MILE/ph wind on icy streets; temp is just below freezing. I’m not a spring chicken, and I have 20 more minits to walk.

I’m sitting at a table, as close to the corner of the shop as feasible, minding my own business, ten feet from anyone, ear plugs in now, (since the distant droning of one side of others’ phone calls sometimes annoys me, and I’m staring out into the darkness silently. A cop drives thru the drive-thru and stops in front of me to wait his donuts. No surprise.

I glance up right away, and he’s staring at me shaking his head, talking to his buddy beside him, who is also staring at me the WHOLE time they waited. Not only did the most dangerous people in Canada get an instant hard-on when they drove up, indicating a hyper sensitivity, but they OPENLY expressed loathing in public, and to each other. What do I do with this? Ive never been charged with any crimes that I’m aware of.

I have thousands of even MORE unbelievable stories one spanning decades, DAILY and sometimes hourly, regarding various brotherhoods and vigilante groups. Now you can see how it has been triggered. I rebuked them publically for a murder. Next monday I’m a street person: “Tetelestai (τετέλεσται)”: they succeeded in completely destroying a Canadian citizen.

SHUT-UP, or take a totalitarian beating funded and perpetrated by the staasi psychos who are guarding the chicken coup.

Winter January 23, 2023 12:57 PM

@Jeremy

and a very passive American public fully accepts this tyrannical situation, with perhaps a few very faint grumblings.

No, the American public screams for such a list. You know, terrorists are never WASPS or real ‘mericuns. They are brown foreigners, Muslims and commies. And they must be kept out of ‘merica. Real ‘mericuns never get on that list.

So real ‘mericuns really want that list.

Winter January 23, 2023 1:22 PM

@Clive

Allegadly there are one and a half million people on that list, some because their husbands thought putting their wife on when she was visiting relatives abroad was easier than divorce[1]

The no-fly list is like a herpes infection, once you are on/have it, you never get rid off it.

Ted January 23, 2023 4:43 PM

The 23 yo researcher who found the NOFLY.csv wrote a blog post about it.

https://maia.crimew.gay/posts/how-to-hack-an-airline/

Rep. Dan Bishop, who sits on the House Homeland Security Committee, tweeted “…Besides the fact that the list is a civil liberties nightmare, how was this info so easily accessible? We’ll be coming for answers.”

https://twitter.com/repdanbishop/status/1616892105758236673

Here are some more names that were included in the Selectee or No Fly files.

https://m.belfasttelegraph.co.uk/news/northern-ireland/gerry-adams-among-sinn-fein-members-included-on-leaked-us-enhanced-screening-database-42305713.html

Jon January 23, 2023 9:06 PM

@ Ted

Of course, they didn’t exchange Viktor Bout for Britney Griner across the oceans on a boat. No-fly? Uh-huh. J.

Ted January 23, 2023 10:41 PM

@Jon

I believe the No Fly List affects commercial flights. I’m thinking that Bout’s travel out of the country was done under non-commercial circumstances. He and Griner were exchanged at an Abu Dhabi airport.

It is interesting that Bout was on a 2019 No Fly List considering he had been in prison from 2012 to 2022.

However, back to the security researcher who found lists, maia arson crimew. It looks like she’s hacked before, and even earned an indictment.

https://en.m.wikipedia.org/wiki/Maia_arson_crimew

And here’s another interesting article about the these files and also about flight screening. I don’t know how accurate it is, but it has a lot of detail.

Airlines used to make fly/no-fly decisions based on lists provided by the government, but that was changed in 2009 when the government switched to a real-time profiling and permission-to-fly system operated by the TSA and CBP. Whatever CommuteAir was doing with these lists, it wasn’t supposed to be using them to make fly/no-fly decisions.

https://papersplease.org/wp/2023/01/20/the-nofly-list-is-a-muslimban-list/

Also, from the Papers Please article:

More than 10% of the entries on the No-Fly list (174,202 of 1,566,062) contain “MUHAMMAD” in either the first or last name fields.

MrC January 24, 2023 2:31 AM

@jeadly

Have I missed some legitimate reason that this list needs to be kept secret?

Legitimate reason?…

If you start from the (dubious) assumption that the people on the list really are terrorists, then it makes sense to not let the terrorists know that you know who they are. If they knew they were on the list, they might travel by another means, or travel under false papers, or send someone else who isn’t on the list, or just generally improve their operational security.

Also a couple illegitimate ones:

  1. To prevent legal challenges. They’ll refuse to admit or deny that you’re on the list, while simultaneously moving to dismiss for lack of standing because you can’t prove you’re on the list.
  2. It’s a more useful tool for extortion and petty revenge when (a) it’s insulated from legal recourse, as above, and (b) it’s impossible for extortion victims to debunk claims that past victims were indeed added to the list.

friendship still exists January 24, 2023 2:40 PM

Ever since 9-11-2001 I’ve had amplified phobia of flying,

(I never liked flying much anyhow after too many bad flights that my passive aggressive parents stashed me into for some awkward family reunions; i didn’t mind the reunions, just the small planes wobbling too much)

so, i like the idea of being put on a no fly list instead of a “let’s lose your luggage” fly with us list.

i get nervous while on the ground if the outgoing or incoming planes swing too low. they’ve got some odd maneuvers.

so…. yeah, sign me up 🙂

friendship still exists

p.s.=

fuggedaboutit January 28, 2023 3:43 PM

If you start from the (dubious) assumption that the people on the list really are terrorists, then it makes sense to not let the terrorists know that you know who they are. If they knew they were on the list, they might travel by another means, or travel under false papers, or send someone else who isn’t on the list, or just generally improve their operational security.

That’s not a reason to deny them the ability to fly. When they attempt to board and are refused, they’ll learn they’re on the list and afterwards do all the things you said.

That’s a reason to arrest them when they attempt to fly, or when their location is otherwise ascertained. This stuff was founded in CYA bureaucratic/political stupidity, not a legitimate threat model. The most charitable interpretation of this is that it’s designed to stop suicide bombers who aren’t important enough to want in custody, and are willing to give their life for the cause, but unwilling to go to the inconvenience of giving a false name / false documents. The intersection of that Venn Diagram in actuality is empty; Every single one of these 1.5 million people are red herrings with a legitimate civil rights beef, who can exist only because certain leaders in the US government decided it would be politically expedient to completely suspend due process if your name is “Mohammed”. And none of you guys want these ex-leaders in prison for doing that.

Clive Robinson January 28, 2023 8:17 PM

@ fuggedaboutit,

“The intersection of that Venn Diagram in actuality is empty”

Two points,

Firstly what you say about suicide bombers,

1.1, “willing to give their life for the cause”
1.2, “unwilling to go to the inconvenience of giving a false name”

Whilst true is actually “independent of” the “no-fly list” (The London, Madrid, and Paris attacks show this).

Secondly whilst it is probably empty now, we know that in the past it was not empty atleast twice with aircraft flights,

1, The shoe bomber (Richard Reid).
2, The underpants bomber (Umar Farouk Abdulmutala).

But to be fair your other complaints about the “No Fly List” are fairly valid.

But you were kind of talking at cross purposes. You are talking about the list it’s self, @MrC was not, he was answering as to “why it’s secret” and the legitimacy or not of that[1].

Step back a little and you will see you are actually both right in your view points.

[1] I suspect that every Soverign Goverment keeps “secret lists”. That are as lists almost certainly unlawful, or illegal, and are very definitely unethical and by most standards immoral. We know Law Enforcment Officers/Agencies have “lists of the usual suspects” based on assumed or observed MO of individuals. This is regardless of if they are actually convicted criminals or not. Thus they are treated as guilty without being proved guilty. We know that this “mindset” in LEO/As has been responsible for quite a few serious miscarrages of justice.

JonKnowsNothing January 28, 2023 10:13 PM

@All

re: USA No Fly List

The point of the list is People On The List, CANNOT get on a plane.

They may also be denied transit on trains, boats and other transportation that has a manifest list.

The reason the list is not published is about Airline Transit or Booking Fees.

Most airlines have a refund or rescheduling option. If you found, out up front, that you cannot take that flight, you could demand a refund. However, if you are given a boarding pass at the gate, the flight fees are considered “fulfilled” and no refund is available.

So the place you find out, is at boarding time. You get pulled out of line. All costs and fees are non refundable. The airline and holiday venues get their money in full. The family gets nothing except hours in a hyper cold room, no food, no water, no toilet, no lawyer, abusive questioning, harassment, intimidation and threats of further extra judicial incarceration plus attacks promised on family, friends, neighbors, including stylistic headlines by accommodating news media outlets.

The airlines already know you are on the list when you book the flight. LEAs have you flagged before the SUBMIT PAYMENT is complete.

The impact is that once you know you are on the list, you KNOW you are ON THE LIST. It’s not a secret anymore. It also means it might take decades to find out WHY and during that time, you are held in situ.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.