If Slatecould discover it, the terrorists will too.

The Homeland Security Department's No-Fly List has always seemed a bit absurd to me. Only the stupidest terrorist would try booking a flight under his own name (or his known aliases) three years after the 9/11 attacks, and one thing I hope we've all learned is that our most dangerous enemies aren't stupid.

But even if you assume the No-Fly List serves an important purpose, the system as it presently operates contains a gaping, dangerous loophole that makes the list nearly useless. It's a loophole so obvious, it occurred to me the first time I held it in my hand. And believe me, if I can figure it out, any terrorist worth his AK-47 realized it a long time ago.

The loophole is "Internet check-in," a convenience most airlines now offer. (It was first used by Alaska Airlines in 1999, but expanded rapidly after 9/11, as air carriers looked for ways to ease wait times for grumpy passengers.)

Here's how Internet check-in works: On the day of your flight, you can now go online, check in as though you were standing at a kiosk in the airport, and—this is the important part—print out your own boarding pass at home. You then bring your boarding pass, which includes a unique barcode, with you to the airport and go straight through the security line (in many cases, you can check bags at the curb).

It's a terrific timesaver, and there's actually nothing inherently wrong with allowing people to print their own traveling documents at home or the office. The problem is what the airlines and the Transportation Security Administrationdo with those documents at the airport. (In the last year, I've used Internet check-in on three different major airlines and at airports both large and small across the country. In every case, I could have exploited the loophole with ease, and in exactly the same way.)

A home-printed boarding pass is generally checked only twice at the airport:

1) Right before you go through security, a security guard checks your boarding pass against your government-issued ID, making sure the names match. This check does not include a scan of the barcode, in part because the same security checkpoints process passengers for multiple airlines with different computer systems. Occasionally a second security guard at the metal detector will double-check the boarding pass, but again, not by scanning it.

2) Once you get to your boarding gate, the barcode on the printed pass is finally scanned just before you enter the Jetway. However, as the boarding agents remind you over and over, you no longer need to show your ID at the gate. (The TSA estimates 80 percent of U.S. airports have done away with ID checks at the boarding gate.)I've noticed that many passengers still have their driver's licenses or passports in hand as they approach, remembering post-9/11 enhanced security. But the agents cheerily tell them to put their IDs away—they're no longer necessary.

Do you see the big flaw? At no point do you have to prove that the person in whose name the ticket was bought is the same person standing at the airport.

At stop 1), the name on a home-printed boarding pass is checked against an ID, but not against the name stored in the airline's computer. At stop 2), the name on the printed pass is checked against the name in the computer, but not against an ID.