Security with a government backdoor isn't secure
Today's tale of gibbering stupidity from those who would rule us. So, the Transportation Security Administration over in the US has been asking all the people who make locks for travel bags to conform to certain standards. Standards which allow the TSA to have master keys to the luggage being transported by the population of course. There's echoes here of the FBI's fight with Apple, with the more general arguments over the encryption of digital data and so on.
Well, fair enough you might think. At which point the TSA wants to show off how well it does, asks a newspaper to come see how it works. Which then publishes pictures of the master keys. Near immediately these are scanned and run through a 3D printer from those newspaper or magazine images:
THE TSA IS learning a basic lesson of physical security in the age of 3-D printing: If you have sensitive keys—say, a set of master keys that can open locks you’ve asked millions of Americans to use—don’t post pictures of them on the Internet.
A group of lock-picking and security enthusiasts drove that lesson home Wednesday by publishing a set of CAD files to Github that anyone can use to 3-D print a precisely measured set of the TSA’s master keys for its “approved” locks—the ones the agency can open with its own keys during airport inspections. Within hours, at least one 3-D printer owner had already downloaded the files, printed one of the master keys, and published a video proving that it opened his TSA-approved luggage lock.
Forget the gibbering stupidity for a moment and consider the underlying tale here. Any system of security, any system of encryption for example, that has a government backdoor is simply not secure. Theresa May might want to take note of this. We might want to take note of it in fact. It might, just possibly, even be true that we'd like there to be a way for our protectors to study the activity of those who would do us harm. But those backdoors will leak and there will then be no security at all.