I'm not posting this from my usual account, so some introduction is in order. I've been a professional locksmith for 14 years now, owned my own business (with a partner and 2 FT employees plus some PTers ) here in N. California for the last 8. I'm a CPL (started out with F-B, boy did I learn a lot since then but it was a good start). For the last
4-5 years I've shifted the business from a pure locksmith shop to a full service "security" business. We do alarms, CCTV, security surveys, etc, mostly for residential (this is a rich area) as well as traditional lock work. That made the all the difference. I now spend at least as much time stringing cat 5 cable, etc. as I do pinning cylinders and doing lockouts. That's just the direction the business is going for us, can't fight it, and lately I feel like I can finally say we're ``successful'' at building what we set out to accomplish. What I mean to say is that although I've not been in the business as long as some I'm not a newbee either and I've got a lot invested in the security industry.I've been following the whole master keying / Matt Blaze mess here and in TNL. My first reaction, like many locksmiths I guess, was shock that someone would publish this sort of thing in the press for all to see. I have to admit that I didn't know the technique he wrote up, but that's my poor education, I guess (I don't do much MK work). A lot of my customers called and asked me what's up with this, are they secure, etc.
I've been doing some more reading about this and following the threads here. I know what I'm going to say is unpopular, but I think Mr. (Dr?) Blaze may have some valid points. I don't know that I'd do exactly what he did, but I don't think we can ignore him, either.
The thing is that many of the folks here are acting as if Matt Blaze owes us some kind of explanation for his behavior and as if he has to convince us that what he did was OK, ethical or whatever. The problem is, and it took me a while to realize this, is that it's more like the other way around. Let me explain.
I've been doing some research of my own on this. Blaze is, to tell the truth, an important guy in the security field. More than you might think, actually. He runs the security research department at AT&T (Bell Labs). He's also a Professor somewhere. He's done high level security consulting for the government, including the FBI and/or the US Justice Dept. He's TESTIFIED IN CONGRESS, for Christ's sake. A lot of people knew who he was well before his master keying article came out. We have to give him his due, he's a very smart and accomplished and respected guy in the security field.
Does this mean that he's an expert locksmith? No, of course not but that's not the point. The point is that the opinions of him and people like him carry a lot of weight with the general public and leaders. They tend to greatly influence the direction of our industry. We should be careful about ignoring him even if we don't like the message or the way it was sent.
I think Mr. Blaze is 100% right, actually, when he said that direction that the world is going makes it harder for the security industry to depend on closed secrets. Do an internet search
I think it's possible to have good, solid security that doesn't have ``tricks'' that defeat it. Try to pick a Medeco! You can't! We open them by drilling or by bypassing something else. No need to keep that secret. You just get what you pay for in a lock like everything else in life. The customers know that. The question is time to defeat. Better locks take longer. No need to keep that secret. Honestly, no real need to keep secret how we do it, as long as there aren't ``tricks''. If there are tricks, I think that IS a defect and I don't think we can complain if someone else discovers them if we knew about them and sold them anyway.
I don't think I agree with the people who say that Mr. Blaze has caused damage with his article. Most of the smart criminals knew it before and the dumb ones still don't know it. The difference is that now the general public knows it or has access to it. They'll demand better security FROM US. That's good for us, and it's good for them too.
Also, open security is the NORM for software, and guess what? Locks are becoming more like software! What do you think is inside a card access system? We'd better get used to it folks.
We would be a lot better off reaching out to Mr. Blaze, explaining some of our concerns, but also listening to what he has to say. A lot of the nonsense here and elsewhere, such as posting his home address or even just accusing him of not knowing anything about the real world, is an embarassment to our industry. Makes us look like a bunch of thugs. Who would go to a thug to have a security system installed?
I know this will be unpopular, but we'll all be better off if we can just keep an open mind for new ideas and not assume the worst of those we disagree with.
Whew! Sorry for going on so long, but I think this is important.
Just call me:
snipped-for-privacy@hotmail.com, somewhere in Northern California