In one single image, establishment and mainstream media show their utter ignorance of security
The various branches of the establishment are frequently criticized for not understanding, or even caring about, the critically important fields of privacy and security. In just one image, the New York Post shows just how bad the situation is with this ignorance.
When I was in the European Parliament, I was frequently shocked at how badly decision-makers and policymakers understood the crucial issues of the 21st century: information, security, privacy (which in turn lead to innovation and growth). Rather, Members of the European Parliament would have e-mails printed for them by their secretaries and put in a pile on their desks, and they would therefore believe that they understood what the Internet was about.
Some decade ago, there was something akin to a riot on the Internet as the copyright industry tried to suppress the key “09-F9-11-02-9D-74-E3-5B-D8-41-56-C5-63-56-88-C0” from being discussed: this was a cryptographic key for access and playback control of Hollywood DVDs. Everybody who is familiar with the Internet understands the concept of publishing a key. It cannot be undone, and once you publish its secret, you’ve opened Pandora’s box.
A cryptographic key is usually published like above, in a sequence of hexadecimal digits, since that’s the secret of the key. This makes it different from a physical key, where the physical shape of the key is the crucial secret.
Now consider this story by the New York Post, which cries out in terror that a master key to the New York City utilities has leaked. Consider that this story has passed by many people on its way to publishing, all part of the narrative-creating establishment, and consider what their understanding of the most fundamental security must look like.
Yes, that’s the key being discussed right there, the “1620” key. The New York Post is crying out in terror that this master key is on the loose, and goes on to publish the full secret of the key, in gigantic format. From this point, anybody can trivially reproduce this key.
It’s reasonable to ask at what point an ignorance of security to this unbelievable level becomes criminal negligence.
The ignorance is not unlike the fiasco with Diebold voting machines, also about a decade ago. The voting machines were supposedly secure; they needed a key to access the memory card slots. Spare keys were for sale on the Diebold website, and were only sold to certified voting officials. But like any webshop, there were high-resolution photos of the keys to the voting machines right on that webshop, and those images could be (and were) used to create keys that could access the voting records.
Security, too, is starting to become your own responsibility.
(hat tip: @gsuberland)
Comments are closed.
60 Comments
I would rather choose a safe society, where people trust each other and therefore there is no urgent need to lock doors.
So, you’re re-printing the key here, presumably with the reasoning that it’s already out there and the damage is already done? It sounds like you’re operating under the same logic as the people you’re criticizing.
And let’s not forget that keys are three dimensional objects, whereas pictures of keys are two dimensional. There’s a lot that a would-be key duplicator cannot get from this picture.
What could they not get? The only important part that can’t be gathered with a glance at one of these locks is the pin lengths, which they gave away, they wouldn’t even need to make a copy now because picking it would be so easy knowing where the shear line is.
why would the reporter have a photo of the key in question? she probably just got a stock photo of a key, right?
“Security, too, is starting to become your own responsibility.”
It always was, and always will be.
People are simply becoming aware of this AGAIN. As they used to be.
There are thousands of threads about this key on public web forums dating back many years. It’s clear that nearly every person who has served in a public safety or maintenance capacity at some point has a personal copy or five. Anyone who was remotely interested in getting into these places could have gotten images or copies easily; all this publication has done is stirred up fear, uncertainty, and doubt about security. I’m hesitant to judge whether this is a good thing or not, but this much is certain: Anyone who had intended to use these keys for harm in the past could have – or almost certainly has – done so before.