Trust Us, We’re the Government

The Transportation Security Administration in the USA licenses two companies to design luggage locks which can be opened without damage by TSA agents if they need to search a case. The TSA has a set of master keys — the correct one to use should be indicated on the lock, for example, saying “TSA002”. If the agents need to open a case which has an unapproved lock, they will break in.

I have no idea how many master keys have been issued, but they are in use at 450 airports, so the number must be in the thousands. And are all TSA employees so well-rewarded and motivated that they are incorruptible? No.

TSA-lockTherefore, I imagine that professional criminals got copies of the keys as soon as they were issued, if not before. But then the Washington Post innocently published a photo of the master keys, which allowed smart amateurs to code up a 3-D printer file. You can now download it and print your own, working, master keys.

Now, anyone with an interest in security would have predicted this exact outcome when the idea of a “secret” key for everyone’s baggage was suggested. A security mechanism with a “back door” which can be opened by officials can always be opened by criminals too.

And guess what the security agencies are always asking for? A “back door” into secure computer products. Of course, they say, access would only be granted to highly-trusted officials. Nobody else would know the secret codes. Absolutely not.

The lock on your luggage is supposed to prevent the contents being stolen, or at least, to keep them private. (One TSA agent was sacked after he left a note in a passenger’s suitcase, congratulating her on her ‘sexy” underwear.) The little lock icon in your browser’s address bar indicates the same purpose: you can reduce the risk of criminals stealing from you, and you can keep your browsing private.

For some people, it’s more than that, a matter of life and death. If you lived in, say, Saudi Arabia, you would really, really want your communications to be secure. They crucify or behead bloggers there.

Every time the CIA or GCHQ or the like try to lobby politicians, asking for back doors to be made legally compulsory, security experts point out the stupidity of the idea, and the weakness of the argument in favour of them, which usually amounts to “Wooo! Terrorists!”. Just the other day, the French government responded to their spooks to say that back doors were out of the question. But they always come back.

In the UK, there’s a new government-approved standard — Secure Chorus — for voice encryption. And guess what: it doesn’t so much have a back door as a gigantic back hangar door that you could fly a jumbo jet through. It’s not compulsory though. Yet.

Traditional intelligence and policing work is hard. It can work, but it needs time, manpower and loads of money. The intelligence agencies will keep asking for back doors because they think it would make their job easier. Collateral damage to citizens is not a consideration. Just look at the tens of thousands of thefts per year in American airport baggage handling.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s