Your Luggage is Unsafe! TSA Approved Master-Keyed Locks Have Been 3D Printed & Shared Publicly

The stated goal of the Transportation Security Administration (TSA) is, in their own words, to “Protect the nation’s transportation systems to ensure freedom of movement for people and commerce.”. Essentially, the organisation was created in the wake of 9/11 to make sure that a terrorist attack of that scale never happens again. Several policies enacted by congress on November 19, 2001 gives the newly created TSA the right to screen all bags for possible weapons and bombs, search traveling passengers and if needed open and physically inspect any checked luggage. That means that the little suitcase padlocks passengers had long been in the habit of securing their belongings with were suddenly restricted, leaving travellers with two options, hope that your stuff didn’t get stolen or use a TSA approved master-keyed lock.

TSA approved locks now also approved by thieves.

People didn’t start using locks on their luggage just for fun, but rather because they started to notice their property missing when their bags arrived at their destinations. Before the TSA, individual airports were in charge of hiring their own security procedures with, let’s be generous and call them inconsistent standards. Pre-TSA the stories were both frustrating, scary and often a little creepy, with passengers reporting missing money, electronics and some female passengers even reporting missing underwear. Since the TSA standardized security procedures and began removing any locks from luggage, passengers began worrying about their belonging’s security. The TSA’s solution was to encourage travellers to use approved master-keyed locks that only their security teams would have access to.

“While it’s understandable that travelers want to lock their baggage to protect their personal belongings, it’s also important to understand that TSA officers must be able to inspect baggage and contents when the need arises. That’s where TSA recognized locks come in… TSA has worked with several companies to develop locks that can be opened by security officers using universal “master” keys so that the locks may not have to be cut. These locks are available at most airports and many travel stores nationwide. The packaging on the locks indicates whether they can be opened by TSA,” According to the official TSA blog.

Master-keyed locks have long been a controversial solution to the need for both increased scrutiny and the right of passengers to protect their property. Essentially, anyone with a master-key can open any lock keyed to it, so if you have a TSA master-key then you can easily unlock any TSA approved lock. This is great for TSA agents tasked with making sure that bombs or dangerous items aren’t being smuggled onto airplanes. And it’s even greater if you’re a clever thief who manages to get their hands on a copy of one of these master-keys. But that shouldn’t happen, right? The TSA is a security organisation so they take things like the security of these keys quite seriously, right? Unless of course you’re posing for a picture for the press, happily showing off a set of master-keys for a photographer. It turns out, that a clear picture of a key is a pretty easy way to make yourself a copy, and with 3D printers it becomes even easier.

The blurring was done after the fact by Engadget, because duh.

A few months ago the Washington Post published an article straight from the PR department of the TSA, espousing their new security measures and the fact that their agents hardly ever have to riffle through your things anymore. Which is great, anytime that technology can improve and increase the efficiency of security measures it can be called a win. But even the best security measures are subject to the oldest flaw in the system, human stupidity. Right along with their TSA puff piece, the Washington Post included several high quality photographs of a set of TSA master-keys. To their credit they realised their screw up pretty quickly and silently removed the images, but they didn’t do it in time, because HeraldNet picked up the story and republished it, including the pictures of the keys.

The internet responded quickly to such a boneheaded move and some pretty clever makers created a set of digital copies of the keys. That set of keys has now been 3D printed, and as you can see from this video below, they work perfectly. The files to the keys are available online from Github where they are unlikely to be removed any time soon. So thanks to whoever was responsible for this mess, not a single piece of luggage travelling in this country is safe from prying eyes or thieves.

Here is the video posted on Twitter:

OMG, it’s actually working!!! pic.twitter.com/rotJPJqjTg

— Bernard Bolduc (@bernard) September 9, 2015

The cat is out of the bag folks. You probably don’t want to use TSA approved locks anymore.

It is unclear how the Washington Post got a hold of a picture of the keys, as the paper has made no mention of the suddenly missing images. Similarly, the story on HeraldNet also quietly removed the images without commenting on their publication. So several questions remain, like who was responsible? Are the images of the master-keys from a clueless TSA agent showing off for the press? Are they master-keys from one of the several approved master-keyed lock manufacturers? Is the TSA not aware that a key can easily be copied from a decent photograph? Why isn’t there a strict policy at the TSA in place to prevent unauthorised access to these master-keys, including who can access them at the lock manufacturer?

Get ready for longer lines.

The reality is, the TSA isn’t really as bad as a lot of their critics suggest, there are always horror stories of course, but for the most part less baggage is lost or damaged in transit than ever before. Centralised security policies and procedures are generally, I believe, a good thing that makes us and our property safer in the long run. But just like any large government agency, there are layers of bureaucracy that if left unmonitored can produce some pretty spectacular failures of this nature.

Government autonomy does not and should not exist, it is supposed to be a system put in place to benefit the citizens that pay their bills. It isn’t unreasonable to expect that an agency put in place to secure us and our property would hold itself to some pretty high standards in regards to the duties that we have tasked them with. This should not have happened and the TSA needs to respond by creating a new system that ensures that this security flaw is both resolved and prevented from happening again. And maybe government agencies back off  a bit on their ridiculous requests for backdoors into the general public’s email and chat logs while they figure out how to secure that information properly.

In the meantime, I guess it’s back to packing your carry on with anything valuable rather than risk it being in a checked bag. That’s not an ideal solution, and it’s one that slows everyone down while making their way through security, but what other option is there? Let us know what you think of the TSA on our TSA Approved Master-Keyed Locks Have Been Compromised forum at 3DPB.com.