TSA Key – Golden Security Keys Are Bullshit

You know the TSA, right? The guys that go through all your luggage at their leisure? The ones who mandated that all luggage locks had to have a special way to be opened by the TSA’s own set of keys?

Based on a photo of one of those keys, someone was able to use a 3D printer and make a copy of it. He was then successfully able to open luggage locks with it.

https://twitter.com/bernard/status/641662069427847168

And because one person has done it, now anyone can do it. Someone with nefarious intentions can 3D print these by the hundreds and go handing them out. Soon there will be no point whatsoever to locking luggage. And it’s not like the TSA can fix this by changing their keys: they have to change all your locks, too. Basically, they now have a security nightmare.

It’d be easy to blame Bernard for this, but no, his act was noble. He’s proven just how poorly thought out a plan the TSA magic key locks were. It’s entirely possible others had already worked this out and were abusing it, as well.

Because when you create ANY kind of backdoor, it can and WILL be exploited in time. Doesn’t matter who created it or why: if there’s a backdoor it puts the users of the backdoored thing at risk.

So now we turn our attention to encryption. Law Enforcement agencies… the DOJ, local police, etc… have been pushing Silicon Valley to add encryption backdoors to encryptable devices such as smartphones, as well as to secure communications protocols, like the kind you use when you go to your bank’s website. They claim is that this is so that encryption can’t thwart their efforts to grab criminals. But guess who, in the long run, will crack and benefit from it?

You don’t protect yourself by letting someone build a fortress and leaving a doggy door. Anyone advocating the “Golden Key” law enforcement exception for anything should be literally slapped.