Last week, a security researcher uncovered an unsecured server run by the U.S. national airline, CommuteAir, which contained the identities of hundreds of thousands of individuals from the government’s Terrorist Screening Database and “No Fly List,” according to a report by The Daily Dot.
The server, discovered by Swiss hacker maia arson crimew, was exposed on the public internet and revealed a significant amount of company data, including the personal information of nearly 1,000 CommuteAir employees.
Analysis of the server revealed a file named “NoFly.csv,” which contained over 1.5 million entries of individuals barred from air travel due to suspected or known ties to terrorist organizations.
The data included names, birth dates, and multiple aliases, resulting in a lower number of unique individuals.
Notable figures, such as Russian arms dealer Viktor Bout, were found on the list with over 16 potential aliases, including different spellings of his name and varying birth dates, some aligning with his recorded birthdate.
According to Hina Shamsi, Director of the National Security Project at the American Civil Liberties Union, the watchlisting system in this country is excessively large and can label individuals, including Americans, as suspected or known terrorists based on undisclosed standards and evidence without providing a fair and efficient means for them to challenge and clear their names.
She also points out that the system seems to constantly expand in terms of the categories of people it targets, and the consequences are severe, causing real harm to people’s lives. These include the obvious issues of stigma, embarrassment, and difficulty traveling, as well as the embarrassment and trauma caused to parents in front of their children.