TSA provides “Security Theater” , not “Peace of Mind”

The Intercept covers the lack of security and abundance of BS from the TSA: TSA Doesn’t Care That Its Luggage Locks Have Been Hacked 

In a spectacular failure of a “back door” designed to give law enforcement exclusive access to private places, hackers have made the “master keys” for Transportation Security Administration-recognized luggage locks available to anyone with a 3D printer…

Now that they’ve been hacked, however, TSA says it doesn’t really care one way or another.

What reminders and lessons can we learn from this?

The Intercept covers the lack of security and abundance of BS from the TSA: TSA Doesn’t Care That Its Luggage Locks Have Been Hacked  <read>

In a spectacular failure of a “back door” designed to give law enforcement exclusive access to private places, hackers have made the “master keys” for Transportation Security Administration-recognized luggage locks available to anyone with a 3D printer…

When the locks were first introduced in 2003, TSA official Ken Lauterstein described them as part of the agency’s efforts to develop “practical solutions that contribute toward our goal of providing world-class security and world-class customer service.”

Now that they’ve been hacked, however, TSA says it doesn’t really care one way or another.

“The reported ability to create keys for TSA-approved suitcase locks from a digital image does not create a threat to aviation security,” wrote TSA spokesperson Mike England in an email to The Intercept.

“These consumer products are ‘peace of mind’ devices, not part of TSA’s aviation security regime,” England wrote.

What reminders and lessons can we learn from this?

  • Government lies and covers up.
  • “Backdoors” to security defeat security, such as backdoors to encryption.  If there were no master keys then this particular hack would not have happened.
  • Like the Snowden revelations, publishing this information informs and protects the public.  Not publishing it only serves the criminals and protects the government.
  • This is similar to the hack of Diebold/ES&S/Dominion AccuVote-OS optical scanners used in Connecticut – the keys were hacked by using a photo in the Diebold online catalog for extra keys.  Like the TSA keys, every AccuVote-OS uses the exact same key, in the possession of thousands of election officials in every election and between elections, easily duplicated.
  • Except for the master keys the TSA locks would be a bit safer than the seals used to “secure” Connecticut’s scanner and ballot cases – primarily because TSA keys are used by consumers to protect their valuables from others – ballot and scanner seals are used to protect against the very same people who apply and open the seals.

For more on the vulnerability of seals see our past coverage <here> <and here>

FacebooktwitterredditpinterestlinkedintumblrmailFacebooktwitterredditpinterestlinkedintumblrmail

Leave a Reply