If We Can’t Abolish the No-Fly List, Can We at Least Keep It Safe?

Whoops, we leaked the no-fly list. 

And by “we” I mean CommuteAir, a regional airline whose insecure server, accessed by a Swiss hacker named maia arson crimew, included a file helpfully named NoFly.csv, which turned out to be a 2019 version of the U.S. government’s no-fly list. The Daily Dot, which first reported on the story, notes that the list has around 1.5 million entries—though many of those are aliases for a much smaller number of individuals—and includes both names and birthdates. It’s a subset of the broader Terrorist Screening Database, and both lists are chock-full of civil liberties and due process violations.

Meanwhile, the Justice Department continues to discover more classified documents in various buildings associated with President Joe Biden. The president is both cooperating with the investigation—which is to say, inviting the FBI to search his Delaware home to see what else might have slipped his mind and federal document security procedures—and insisting to the public that there’s “no there there.” And though this mishandling of classified documents is less egregious than former President Donald Trump’s mishandling of classified documents, even congressional Democrats seem to find Biden’s denials unconvincing.

The ideal libertarian policy response to these debacles would be a major overhaul of the systems in question: establish transparent due process for no-fly list placement and appeal—or abolish the list altogether—and rethink the whole system of classified documents and state secrets. 

But that’s not going to happen for the foreseeable future, so let’s set a more modest goal, one achievable for the Congress we actually have: to review and improve the federal government’s data security and digital defenses.

That this is necessary has been obvious for a long time, since well before any of these present scandals. There was the big 2015 breach of the Office of Personnel Management, which revealed around 21 million people’s personal information to foreign hackers. And the 2016 leak of National Security Agency cyber weapons. And Wikileaks’ 2017 revelation of “more than 8,000 documents detailing various CIA cyberwarfare and electronic surveillance activities.” And the 2021 leak of Internal Revenue Service data on very rich people. And, yes, “her emails,” the private email server (and personal Blackberry) Hillary Clinton used while serving as secretary of state in the Obama administration. 

And those are just the big ones, the ones that made the news, the ones that are comparatively easy to recall a few years after the fact. They’re also all federal in scale, but it’s not like states, municipalities, and other lower levels of government—to say nothing of private companies that interact with government data, like CommuteAir with the no-fly list or any account tied to our Social Security numbers or tax information—are fully secure. 

Our elections are all handled by those smaller government entities (there are more than 10,000 election authorities in this country), and though our fears aren’t always rational, election security has understandably been a major concern for the better part of a dec