With The Golden Key To Your Luggage Leaked From The TSA, How Can Anyone Claim The Government Would Protect A Golden Key To Everything Else?
The United States government keeps pushing for their mythical and imaginary “golden key” to people’s correspondence – a key that would unlock all encryption, and they keep demanding this from the likes of Google and Apple, on mere basis of a mythical trust in the government. Yet, few seem to have made the connection that the US Government has had a golden key to people’s travel luggage for a while, and it just leaked, essentially making all luggage locks pointless. What makes anyone think that a government master key to everybody’s encryption would be any better protected?
Following the 2001 security theater hysteria, the United States TSA demanded – and got – the right to demand “golden keys” to people’s luggage when they were traveling by air. This demand was made in a straightforward manner: “if we can’t open your luggage already, we’re going to break it and hand it back to you broken”. As people didn’t want their luggage broken, most sort of resigned to accepting that luggage locks were for show only and were completely pointless in protecting your belongings while in transit.
As a result, luggage vendors took note and stopped selling suitcases that didn’t have the governmental backdoor to its lock. It was even made into a selling point: “Now with governmental backdoors to ensure your luggage arrives unbroken to your destination!”. For some reason, people thought this was the slightest bit acceptable. Imagine if the same was done for letter envelopes:
“We’re now selling transparent see-through envelopes, so your sealed letter will arrive unopened to its recipient!”
For that’s what it is about, at the end of the day, is it not? Selling the illusion of a lock that does its very opposite – let uninvited people in on purpose?
The United States government and its surveillance accomplices are now demanding another backdoor key – that to all our correspondence, confidences, and data. If people have placed a confidence in us, no matter its nature, the government demands access to it. But they’re not demanding it from us directly – that would be far too honest and direct. Instead, the government is demanding it from those who sell you the mere ability to protect the confidences placed in you, companies like Apple.
This is why free and open-source software remains critical: there is nobody to force to such behavior.
In any case, the golden master keys to your luggage and everybody else’s luggage were illustrated with a photo of those very master keys in a story in a newspaper in 2014. That was sloppy security. In fact, it was catastrophic security. It was a worst case scenario. The secret of a physical key is its physical form, and if you publish a photo of what the keys look like – which is exactly what happened, without a single person involved thinking realizing this is a bad idea – then all locks are worthless from that point on. (Or even more worthless, as the case may be, as they were illusory locks in the first place.)
This is illustrated by the fact that once you had the photo, you could model the keys and manufacture duplicates in any 3D printer. This also happened, just illustrating the point of the enormous security lapse that had just happened. Anybody could now open any luggage, because the government didn’t understand a shred of security as it published photos of keys, essentially publishing the keys themselves openly.
The obvious connection between these two demands follows:
If the government is so disastrously sloppy with master keys to everybody’s luggage that it leaks in this manner, without anybody even reacting before the total damage was done, what makes anyone think that master keys to everybody’s everything else – correspondence, confidences, and data – would be protected with any more vigor?
It’s noteworthy that both Chelsea Manning and Edward Snowden have made this point even stronger: the United States government can’t even protect its dirtiest laundry from leaking. The notion that it would have the slightest ability of (or even interest in) protecting a master key to everybody’s secrets is a unicorn fantasy, one which must be pointed out as such every single time it is mentioned.
UPDATE: Also see the article from The Intercept, published just before this piece, which made the same connection.
Photo of printed keys by github user Xylitol. Photo used on Wikipedia, illustrating the Travel Sentry scheme.