With The Golden Key To Your Luggage Leaked From The TSA, How Can Anyone Claim The Government Would Protect A Golden Key To Everything Else?

Posted on Sep 18, 2015 by Rick Falkvinge
Share Tweet Plus

The United States government keeps pushing for their mythical and imaginary “golden key” to people’s correspondence – a key that would unlock all encryption, and they keep demanding this from the likes of Google and Apple, on mere basis of a mythical trust in the government. Yet, few seem to have made the connection that the US Government has had a golden key to people’s travel luggage for a while, and it just leaked, essentially making all luggage locks pointless. What makes anyone think that a government master key to everybody’s encryption would be any better protected?

Following the 2001 security theater hysteria, the United States TSA demanded – and got – the right to demand “golden keys” to people’s luggage when they were traveling by air. This demand was made in a straightforward manner: “if we can’t open your luggage already, we’re going to break it and hand it back to you broken”. As people didn’t want their luggage broken, most sort of resigned to accepting that luggage locks were for show only and were completely pointless in protecting your belongings while in transit.

As a result, luggage vendors took note and stopped selling suitcases that didn’t have the governmental backdoor to its lock. It was even made into a selling point: “Now with governmental backdoors to ensure your luggage arrives unbroken to your destination!”. For some reason, people thought this was the slightest bit acceptable. Imagine if the same was done for letter envelopes:

“We’re now selling transparent see-through envelopes, so your sealed letter will arrive unopened to its recipient!”

For that’s what it is about, at the end of the day, is it not? Selling the illusion of a lock that does its very opposite – let uninvited people in on purpose?

The United States government and its surveillance accomplices are now demanding another backdoor key – that to all our correspondence, confidences, and data. If people have placed a confidence in us, no matter its nature, the government demands access to it. But they’re not demanding it from us directly – that would be far too honest and direct. Instead, the government is demanding it from those who sell you the mere ability to protect the confidences placed in you, companies like Apple.

This is why free and open-source software remains critical: there is nobody to force to such behavior.

In any case, the golden master keys to your luggage and everybody else’s luggage were illustrated with a photo of those very master keys in a story in a newspaper in 2014. That was sloppy security. In fact, it was catastrophic security. It was a worst case scenario. The secret of a physical key is its physical form, and if you publish a photo of what the keys look like – which is exactly what happened, without a single person involved thinking realizing this is a bad idea – then all locks are worthless from that point on. (Or even more worthless, as the case may be, as they were illusory locks in the first place.)

This is illustrated by the fact that once you had the photo, you could model the keys and manufacture duplicates in any 3D printer. This also happened, just illustrating the point of the enormous security lapse that had just happened. Anybody could now open any luggage, because the government didn’t understand a shred of security as it published photos of keys, essentially publishing the keys themselves openly.

TSA keys, 3D printed, on a keychain

The obvious connection between these two demands follows:

If the government is so disastrously sloppy with master keys to everybody’s luggage that it leaks in this manner, without anybody even reacting before the total damage was done, what makes anyone think that master keys to everybody’s everything else – correspondence, confidences, and data – would be protected with any more vigor?

It’s noteworthy that both Chelsea Manning and Edward Snowden have made this point even stronger: the United States government can’t even protect its dirtiest laundry from leaking. The notion that it would have the slightest ability of (or even interest in) protecting a master key to everybody’s secrets is a unicorn fantasy, one which must be pointed out as such every single time it is mentioned.

UPDATE: Also see the article from The Intercept, published just before this piece, which made the same connection.

Photo of printed keys by github user Xylitol. Photo used on Wikipedia, illustrating the Travel Sentry scheme.

About Rick Falkvinge

Rick is Head of Privacy at Private Internet Access. He is also the founder of the first Pirate Party and is a political evangelist, traveling around Europe and the world to talk and write about ideas of a sensible information policy. Additionally, he has a tech entrepreneur background and loves good whisky and fast motorcycles.

VPN Service

Comments are closed.

1 Comments

  1. Antimon555

    For the first, even if this happened 20 years ago, it would have been possible to make keys (and of course still is)

    using a cnc mill, or even with an old style mill and/or a mini grinder if the user can handle them well enough.

    But my real point is the transparent envelope comparison. Unfortunately I think we’ve already come to the point that such a demand would only be met with “oh, well. Gotta buy some of those tomorrow then.” and mostly being annoyed with the higher price of them.

    And what says the US or other Postal Services doesn’t already shine strong light through current envelopes, scanning and digitizing their contents for NSA et al.? It’s not that hard to do if there is only one sheet of paper in it, even if that sheet is folded once. Try it yourself with a strong flash light.

    It’d be more strange if they didn’t than if they do, given their position on privacy elsewhere.

    3 years ago