I think he should share it with multiple journalists. TR is not a governmental organization. Secret lists of bad people are often unhealthy things for a democratic society. To the extent they must exist, they should be under powerful checks and balances. The possibility of a leak is one of them.
Of everything, why this? Why even post that first bit? Moreso, your name (if it really is his name)? I'd like to think along with this. It doesn't sound like they're the most secure person... With regards to a democratic society, keep in mind that this list is used internationally. Democracy isn't quite a center of the issue. Checks and balance systems exist globally but aren't in operation by all 300 countries using the list. In other words, I think it's best to steer clear of the idealistic argument of transparency and such seeing as this is a matter that transcends the sort of government operation of any one culture. For so many reasons already stated (aside from the transparency argument), I think it'd be worth releasing.About me: Hello, my name is Chris Vickery. In the recent past I have discovered dozens of databases consisting of voter registries, medical histories, insurance records, Hello Kitty fan accounts, and much more. A quick googling can provide additional info.
I don't care much, of course, about privacy and blah blah blah, but it's definitely worth noting that from a probabilistic point of view, the list is worthless. [Bayesian updating! Recommend the Ellenberg book for an easy primer -- he even has a chapter on terrorist lists.] However, the agencies which possess it no doubt do not understand that. What's the best way to make something that should be worthless, actually worthless? Give it to everyone! EDIT: that said, his list in the 'against' category is pretty strong -- though of course the idiot brigade has already come along and blathered about transparency.
I find it strange how some 'privacy activists' are so for leaking private information sometimes and exposing other people's privacy. Not the company that made it, but the names on this list. The appropriate way to do this is to provide a search mechanism of some kind rather than release the DB as a dump. If it has name and birthday as fields, require both to view if you are on the list. If you are, you don't see the contents just "you are on the list" and provide a way to contact the developers to prove more about your identity to see everything that is in the database about you. This doesn't protect against the "bad guys now know they are on the list" point, though. But the list is kind of a strange thing to begin with if it's not a governmental terrorist watch list. I'm still a bit confused as to what this terrorist blacklist is if it's not a governmental blacklist. Who is getting blacklisted from what?