I always thought luggage locks were to keep your case from coming open during routine baggage handling and spilling the contents everywhere, not to keep the contents secure.
The point is that the pictures of the keys were up for an hour on a website due to a simple, understandable error borne of innocent ignorance, and that was enough to not only duplicate the keys, but to create computer files such that any random with a 3D printer they bought from Best Buy can print their own copies with very little technical knowledge required.
The point is that it’s now both cheap and easy to make these keys due to a simple accident, which proves the futility of all security measures with a backdoor built in.
This is now increasingly relevant given that the government, once again, is looking at backdooring computer encryption. (more)
Otherwise the terrorists win.
Pass along, citizen.
The key information was publicly available on the manufacturer’s web site, complete with high-resolution pictures of the keys, until they discovered they had made a major “oops” by posting it and restricted access within the last few weeks. Before that, it had been available for nearly 3 years (first document) and over 7.5 years (second document):
(https://www.travelsentry.org/security/pdf/Guide_to_TravelSentry_Passkeys_1_October_2012-EN.pdf) and (https://www.travelsentry.org/security/pdf/passkeys.pdf) (now both returning 403 Forbidden). Don’t hold me responsible if you click on them to confirm the 403 state and you have an unpleasant government experience thereafter.
While they have done a pretty good job of wiping out cached copies, they seem to have missed the patents. Here is one patent and here is another. Figure 5 on the second patent provides a detailed image of the TSA006 Version A key with black numbers.
Does anyone really think that you can give out keys to thousands of TSA personnel and expect them to remain secret? I certainly never did, so I never bothered with a lock.
Yep, and here’s a youtube poster named bosnianbill who shows how worthless pretty much any luggage lock is. If you’re into lockpicking and security issues with locks, he’s a great resource. He made me realize how much most locks are just absolutely garbage (and he begins this video saying how the TSA locks are just crap.) Why bother dealing with the lock when you have such a weak point (the zipper) to exploit? (And bonus that you can completely hide any mischief by rezipping it.)
Colleagues of mine travel with expensive tools all the time. Buy a cheap starter pistol and put it in your luggage. Report this to a TSA supervisor when you check in at the airport. They will inspect your gear with you present and then allow you to place your own lock on the case. The supervisor will tag it as having a firearm and it should be not touched by TSA again.
It’s been a couple years, but unless things have changed or perhaps it’s different at different airports, this is not necessary. Show up with your big Pelican case with its heavy duty locks. They’ll make you go through a luggage scan. If they’re interested in seeing what’s inside, they’ll have you open it with your keys. Once satisfied, you just relock it and go. Is this no longer the case/not universal? I used to travel with $15K in photographic equipment, and this was always the procedure for me when I needed to put my equipment through check-in luggage. It wouldn’t go on the conveyor behind the ticketing desk, but I would have to take it over to a big baggage scan area where they did the above. This was at Midway, O’Hare, Reagan, Dallas/Ft. Worth, Wayne County, SFO, and probably some others I’m forgetting.
I haven’t flown in more than a decade. So you’re telling me that the TSA would actually open my luggage? Like, when I check my bags they’ll open it?? WTF? Why aren’t they just scanning it and leaving it alone? How fucking long does it take them to open every single bag? Or is it a random spot check of bags?
It’s spot checks. You’ll get a sticker on the luggage if it’s been checked by TSA.
I always assumed any luggage lock if purely symbolic and would never put anything in my luggage that I can’t replace easily.
Not only will the TSA leave you a note telling you that you’ve been searched, there have been incidents where TSA agents have left notes telling citizens that they didn’t appreciate the passenger’s anti-war sticker, or religious affiliation, or in at least one case, the agent did appreciate the passenger’s sex toy:
They x-ray all bags and if they see something unusual on the x-ray they will open it.
This. It’s not exactly RSA.
Same here. I worked for an airline before & after the creation of the TSA. Some of the bozos who couldn’t handle the airline job could get hired by the TSA & quickly rise in the ranks. Then get fired. And THEY probably had copies of the TSA master keys. :rolleyes:
Yes. People put locks on their luggage. All the time. And they do so without worrying about the snark that decision might elicit. Cool huh ?? :dubious:
I lock my luggage. I lock my equipment cases as well, though I almost always FedEx my equipment rather than check it with an airline. FedEx won’t cut off my padlocks.
Sorry to hear that the TSA locks are useless. I kinda bought into the whole scam. 
Just the other day, the directors of the FBI, the CIA, the NSA, and a few other three-letter-agency head honchos were at a meeting, which the concluded with a panel discussion where they identified the reasons people in general and the tech industry in particular don’t see things their way.
The root cause of the problem, they concluded, is that people are meanie doo-doo heads:
This negative attitude has infected the citizenry at large:
It doesn’t help matters that the techies are just plain lazy:
It is also quite unhelpful that citizens have been exposed to inappropriate information that they should have left to their betters:
Of course, these things don’t just happen – some furrin evildoers must be out there making them happen:
:dubious: :rolleyes: :rolleyes: :rolleyes: :smack: :smack: :eek:
“Security theater” is the term used among computer folk for the appearance of security without actual security. It is also frequently applied to TSA.
The lock business was always about providing a security show. So it doesn’t matter if the keys are public or not.
Or maybe not. I flew to London last year, and when I arrived my TSA-approved lock had vanished (I’m not wasting money on one of those again), my bag had clearly been rummaged (nothing was missing, but then, I hadn’t packed anything valuable), and there was no note, sticker or any other indication the TSA was responsible. For all I know a Philadelphia-airport baggage smasher had a copy of the keys an rummaged the bag on their own initiative.
I was thinking about this thread and a couple of thoughts popped into my head.
-
To know if someone opened your lock, get a TSA lock and clog the key hole so the master key won’t work. If you get your suitcase back without the lock, then you know someone cut it off. Of course you lose the lock, but someone with a rogue master key won’t be able to secretly open your lock and lock it when they’re done. You might think you could just use an ordinary lock, but I’m thinking that it might stand out to the TSA and be targeted more often for search.
-
To help with theft problems, they could compare X-Ray images of your bag at checkin and pickup. If items were stolen in transit, it should be evident in the two X-Rays. They don’t X-Ray the bags when they arrive, so there would have to be a system where you ask for your bag to be X-Rayed before picking it up. It wouldn’t worth it all the time, but it would help when you’re traveling with expensive equipment.
Not necessarily. As mentioned above and shown in the video, if you just have regular luggage with a zipper, someone can get in and out of your suitcase without you being any the wiser, TSA lock or not.