In a world in which the FBI is intent on bullying tech companies into giving them “golden keys” that they can use to unlock encrypted communications, the TSA’s compromise of their own golden keys (used to open luggage for inspection) seemed like an object lesson worth considering. After all, the government asked for special access and ensured us that our baggage would be safe from petty thieves while still allowing the TSA to keep us safe. Instead, the TSA carelessly allowed pictures of the keys to be published and now anyone who wants a set and has access to a 3-D printer can get one.
The TSA’s loss of the master keys seemed like a cogent argument against trusting the government with the far more important and potentially devastating access to our digital communications. Here’s another: the TSA’s reaction to the loss of the keys is “Meh. Most people don’t lock their bags anyway. Besides, the bags are under our control so they’re safe.”
Even if you believe that anodyne fairy tale, it says nothing about, say, a hotel bell hop who suddenly has access to your luggage. As a practical matter, the locks are terribly insecure with or without the master keys but the government did promise that the locks would ensure the safety of your luggage while enabling legitimate government access.
Yet when that same government lost control of the keys, their attitude was, “So what? It’s not our problem.” Is there any reason to believe that the FBI would be any less cavalier if they lost the encryption master keys? Is there any reason to believe that the FBI would be more competent than the TSA is safeguarding those keys?
The possible loss of the encryption master keys is only one—and not the strongest—argument against the imposition of these keys but it’s worth remembering what the government says when they mess up and compromise their exceptional access: “It’s not our problem.”