Clicky

TSA Luggage Keys and Encryption Implications | Altaware, Inc. Cyber Security Blog

TSA Luggage Keys and Encryption Implications

I found the recent disclosure about a master key for TSA locks quite interesting as it pertains to the encryption discussion.

For those that might have missed it, it was recently disclosed that someone was able to use a picture of a TSA master key and create a 3D printer reproduction of it.

Sure, we should already assume that:
- Key based locks are quite ineffective for stopping thieves (plenty of evidence for that)
- Luggage isn't secure even with a simple lock
- You can always steal the luggage and open it later

However, this ought to point out the fallacy of our (USA) government wanting to be able to decrypt ALL of our communications and hold that data at the NSA for future decryption. Of course we've been here before with the clipper chip, but, now thinking of the TSA and physical security of a "master key" as it relates to the NSA and a master key for data decryption, lets see how silly this is:
- Can we really trust, hundreds, thousands, tens of thousands or more people to secure a cipher?
- Can we really trust them to not use it for profit or personal use? There are already plenty of cases proving otherwise (jilted lovers, stars bounties, etc.)
- Now imagine they get to keep our "luggage" to open whenever for 5 years or so in the future?
- Now imagine they can open it without your knowledge or evidence of having done so…
- Now imagine the contents can be used against you without a warrant.
- Now imagine it can be "leaked" to another one of the NUMEROUS agencies that can then use a warrant and not disclose the source or lie about how they got the information (plenty of cases of that too).

Crazy isn't it? Why are we even allowing this to be discussed? It's a gross violation of our rights and it will only guarantee that thieves and thousands upon thousands of government workers are allowed unfettered access to our data for whatever purpose. Come up with another approach besides decryption. We're already seeing many agencies using good old spy work and intelligence to get the job done.

We have strict laws about postal mail privacy, recording of phone calls but we've got horrible understandings of meta data versus surveillance. Our citizens and corporations have a right to privacy and of course warrants are a recognized process for authorizing wire tapping or intrusions into otherwise private areas.