Cybersecurity and lock picking have more in common than mere puzzle solving.
This October, Schuyler Towne will once again drive the nine hours north from Massachusetts to Toronto, to attend the SecTor conference. He drives because he’ll be lugging all manner of arcane equipment with him, in his role as the organiser of the Lock Pick Village.
Towne has been running his lock picking demonstrations and tutorials for the last five years at SecTor. This year, as before, he’ll be bringing with him a diverse array of locks, a constellation of lock picking tools, and – if last year is anything to go by – a key cutting machine. Visitors will get to experiment with them on 5-6 tables, and learn about the development of locks from the beginning until the present day.
The Lock Picking Village is also a place for enthusiasts to test their skills. Each year, Towne runs a contest at SecTor to find the most skilled lock picker. At past conferences, he has staged races, in which lock pickers can try to beat his time. But newbies will be happy to walk away with a deeper understanding of different lock types and how to pick them.
You’ll often find lock picking tutorials and demos at cybersecurity conferences. There are obvious similarities between the two disciplines; both cybersecurity pros and lock pickers like pulling apart complex systems and ferreting out their weaknesses. But there are other, more nuanced connections between the two.
Some of the locks on Towne’s tables go back to the 1840s, and that’s significant, because they predate an event that happened in 1851. Called the great lock controversy, it shook the world of security to its core at the time. That year, Alfred Hobbs, a US purveyor of locks, travelled to London to sell his wares. He also demonstrated the inadequacy of his competitor’s locks, by breaking them.
Society was shocked by the result, said Towne, because the locks were considered unbreakable. Their compromise shattered the trust that many people had in physical security at the time. One commentator reportedly said that if the lock was truly broken, then no one could trust any of humanity’s works.
In reality, crime rates didn’t rise, and Towne has a theory as to why. The locks were a placeholder; a safeguard to use while society organised itself to be more secure. Secure locks gave it time to create modern policing and organize itself so that people lived closer together and protected their neighbourhoods, he said.
Perhaps the most interesting aspect of the great lock controversy, though, is how it correlates with events 150 years on. The modern security story seems to have followed the same narrative arc as that historical event, Towne said. Just as media coverage at the time cast lock picking experts as a threat, so modern media tends to demonise those curious about exploring flaws in today’s security systems.
So many people interested in pulling apart software and networks to find flaws have said that they’ve experienced the same kind of persecution that happened back in the mid-1800s, said Towne, even though Hobbs’ efforts served only to make future locks more effective. Have we learned nothing?
Towne, who labels himself a security anthropologist, busies himself with questions like these. Compared to modern network technology and protocols, physical locks were a relatively simple thing. These days, locks are also written in software, in firmware, and etched directly into chips. He notices things in modern cybersecurity that make him cringe, such as security startups with a lack of education trying to reinvent the wheel, that end up making things less secure. We can and should be doing better, he believes.
While he ponders these issues, he’ll be using tools such as tension hooks and bump keys to show attendees how to unlock history.
Interested in finding out more and trying your hand at the Lock Pick Village? Attend SecTor from October 20-21 and get the low-down on lock technology and culture.