Air travelers who don’t have firearms in their checked luggage probably use a special Transportation Security Administration (TSA) approved lock. What is a TSA approved lock? I’ll let the TSA’s very own Blogger Bob explain:
TSA has worked with several companies to develop locks that can be opened by security officers using universal “master” keys so that the locks may not have to be cut. These locks are available at most airports and many travel stores nationwide. The packaging on the locks indicates whether they can be opened by TSA.
In other words TSA approved locks are locks with an included backdoor that can be used by TSA officers to access your luggage. I will take a moment to note that the use of TSA approved locks is not lawful when firearms are in your checked luggage so those of us who do fly with them do not, and legally can not, use TSA approved locks.
Now that I’m done with that aside, let’s discuss the major flaw inherent in backdoors. Backdoors necessarily break security systems, whether they’re physical locks of cryptographic algorithms, because anybody in possession of a master key can gain access. I hear some of you saying, “But, Chris, only authorized TSA agents have access to those master keys!” If only that were the case. Unfortunately some bozo went and accidentally released a picture of the TSA’s master keys.
Now you’re probably thinking, “Yeah, but pictures of keys can’t unlock locks!” While that’s true pictures of keys can be modeled and things that can be modeled can 3D printed. Behold! 3D printer models for TSA master keys! Now anybody with a 3D printer can create keys that can utilize the backdoor on TSA approved locks.
Herein lies the problem with backdoors, it only takes one person to accidentally reveal the master key to render anything secured with the backdoored system insecure. In this case a single careless TSA agent allowed a ring of TSA master keys to be photographed and therefore reproduced by anybody. The same threat would apply to any government mandated backdoors in encryption systems. It would only take one careless person with access to the government master key to have it showing on their screen when a reported took photographed to render all data secured with that system insecure.
The moral of the story is say no to backdoors.