NDE Magazine Issue #3

NDE magazine, one of the voices of the Locksport Community, recently released their 3rd installment of this new and popular magazine.

An interesting article written by a notable leader of the Locksport community is as follows:


It’s a New Day:
Security Through Obscurity & the
Locksmith Industry
"It seems that everything changes over time, but the physical security industry has changed
dramatically and it will never again be the same. For hundreds of years the locksmith trade has
been one of precious secrets and knowledge, passed from journeyman to apprentice, from father to
son. That was the old paradigm, or what some might even call “the good old days” of locksmithing.
Today, anyone with access to the internet can discover “secrets” that were previously possessed by
only a select and trusted few. The old paradigm no longer fits and it hasn’t for many years. While
some may wish to blame locksport, it has been this way for longer than locksport has existed. It
is left to the professional locksmiths to grow and adapt to this new world and satisfy the needs of
their customers.
In days of old, the “lock smith” was the one who actually made the locks. They worked hard to
develop the best possible lock, carefully guarding their secrets. They truly aimed to create security
for their customers. Since it was they who crafted the lock, it was they who knew every detail of
it, details they certainly didn’t want falling into the wrong hands. And so it was for generation after
generation, and the system worked reasonably well.
Something changed though, and it wasn’t the proliferation of the internet, where secrets are passed
around more rapidly than a doobie at a Grateful Dead concert. No, it was much, much earlier than
that. What changed? Locksmiths stopped making locks.
Indeed, it was this shift that changed the face of the industry. The role of the locksmith changed
forever. They were no longer craftsman, they were knowledgeable experts. They were no longer
builders and designers, they were installers and troubleshooters. The locksport community didn’t do
that to them. It wasn’t even conceived of yet. It was the economy of mass production that
irreversibly changed their role. It is not to say that locksmiths needed to know less. In fact, one
could easily argue that they needed to know more, with the need to know about the wide variety of
products and options available to the consumer. Locksmiths continued to serve a vital role in
society, but that role had changed.
So what’s the problem? The problem was, and in many cases continues to be, that many of the
“old ways” remained. Left unchanged was the desire to protect valuable “trade secrets” and other
such pieces of information that, at the end of the day, amounts to nothing more than knowledge of
vulnerabilities. To some extent, this was done to protect their trade. While it’s an understandable
position to take, it’s not necessarily helpful. Add to this a second influence that came in the form of
pressure and expectation from the manufacturers. In some sense, locksmiths have become the
salespeople for the lock manufacturers. Locksmiths even invest large sums of money to gain
“authorized reseller” status from leading manufacturers. With all this invested, it’s easy to
understand why they would hold to their old position of security through obscurity.
This does present a serious question to consider: If locksmiths are influenced by pressures to
protect their industry and to protect the interests of the manufacturers they represent, then who
shall stand as advocate for the consumer? This is the question of the moment in the physical
security industry. Before the angry responses begin to fly, it might be worth the effort to note that
not all locksmiths can be painted with the same brush because each locksmith may choose to
conduct their business as they see fit. There are numerous locksmiths that hold, as the single
highest matter of importance, their responsibility to the consumer. With others, the interests of
the consumer have been shuffled down on the list of priorities.
The proliferation of the locksport community, though still in its infancy, has emerged from those
who simply have an interest in the products they use to secure their person and property, and the
limitations inherent within those products. Indeed, few enthusiasts set out to “change the world”
in any meaningful way. However, in many cases some have stepped up to become the de facto
advocate for consumer awareness. This role would not need to be filled if the locksmith industry at
large was fulfilling that need.
It is wise in any industry to consider the needs of the consumer first, because clearly it is the consumer
that drives the industry. For far too long they have been left in the dark concerning the
vulnerability and risk to which they were subjected. This is made evident by the reaction of average
people when they view media stories on the “bumping” technique. Their shock and discomfort
serves to show us that the physical security industry has done a poor job of informing the public.
Locksmith trade groups claim that the technique has been known to locksmiths for decades. If this
is true, why was the public not informed or the vulnerability corrected?
Some argue that it is the public release of information, such as bumping, that creates the vulnerability.
The argument is that bumping attacks were uncommon or even unheard of before information on
the subject was released widely. There is just enough truth in that argument to make it dangerous.
The problem, of course, is that the technique was used. Because bumping leaves little in the way
of physical evidence, it is difficult to accurately judge how often it was used. One can’t help but
wonder if the victims of these crimes would be pleased to know that the locksmith that sold them
the lock may have known of the threat, but chose not to inform the consumer. Were those victims
better off not knowing of the problem?
The issue of security through obscurity is a dead concept in virtually every area of security, except
the locksmith industry. Computer professionals and corporate security advisors have long recognized
that security through obscurity can act as one of many layers in a security plan, but left to stand on
its own it is disastrous. Anyone doubting this might consider a preview of Kevin Mitnick’s The Art
Of Deception. Despite this, the locksmith industry continues to hold tight to its old ways.
This article is an extrospective look at the locksmith industry. That is to say it is written from an
outsider’s point of view. The author writes from his own perspective only. Before anyone lines up
to state the irrelevance of the author’s perspective, it might be worth noting that the author is,
himself, a consumer in the physical security industry. If this consumer’s perspective is considered
invalid, does it not serve to validate the article itself? Food for thought.
Josh Nekrep
President, Locksport International
Administrator, LockPicking101.com"

(source...)