In news first reported by Mikael Thalen and David Covucci of of the Daily Dot, Swiss hacker maia arson crimew has found versions of the Transportation Security Administration’s “No-Fly” and “Selectee” lists dating from 2019 on insecure Amazon Web Services cloud servers used by the airline CommuteAir for software development and staging.
CommuteAir is little known in its own name, but operates as a subcontractor to United Airlines for flights by regional jets between United hubs and secondary airports marketed under the “United Express” brand with United Airlines flight numbers.
In a statement to the Daily Dot, CommuteAir confirmed that, “The server contained data from a 2019 version of the federal no-fly list that included first and last names and dates of birth.”
This isn’t the first time that information about the TSA’s “watchlists” (blacklists) and related procedures has been leaked or left exposed on the Internet. In 2009, the TSA posted an unredacted copy of its Standard Operating Procedures for “screening” of airline passengers on a Federal government website for contractors. In 2014, the Terrorist Screening Center’s Watchlisting Guidance, which describes the methodology and purported basis for entering names on the No-Fly, Selectee, and other blacklists, was obtained and published by The Intercept.
The lists found by maia and shared with journalists and researchers confirm the TSA’s (1) Islamophobia, (2) overconfidence in the certainty of its pre-crime predictions, and (3) mission creep. Read More