KeyMe Database: A Trojan Horse?
Editor’s Note: The following letters are in response to editor-in-chief Gale Johnson’s Notes from the Editor enewsletter, titled A Trojan Horse. Read it at www.locksmithledger.com/11473196.
Editor:
I'd be very concerned about the security of the KeyMe database. I've worked in the computer/IT industry for 40+ years. As too many companies have already discovered, no system should be presumed to be completely secure.
I have offered my customers a form of "Lockout Insurance." After re-keying their locks, I write their key code on the back of one of my business cards. If they are ever locked out, I can make a key for a nominal charge. It's a lot less expensive than the alternatives and I do not have the liability of storing this data. There is nothing else on the card that indicates what the key unlocks. It's an incentive for the customer to hold on to my business card and perhaps call me for some future work, or make a referral.
The problem I see with storing key codes is similar to the liability for storing payment card information. When a security breach occurs, thousands of credit or debit cards must be reissued. It's costly, but it must be done to protect cardholders. Consider what would be required when the key codes for thousands of homes are compromised. And a surreptitious breach might not be discovered.
How would they address identity theft or employee dishonesty?
Should this really be considered a locksmith service and subject to state licensing requirements? Or is it strictly "key duplication?" One could argue the latter, except that the key cuts are stored. Creating a new original from key cut information is not the same as simple key duplication, because the original physical key is not required, after decoding.
Gredon (Grady) Turner
Lincoln, NE
Editor:
I read your article about the automated KeyMe kiosk and just shook my head. I was a locksmith numerous years ago and was considering a service that would register people’s keycodes so my shop could always cut original keys and if needed deliver to the person. I never implemented the service since the inherent risks involved outweighed the revenue gained.
In my current position, I have learned that nothing is truly secure and everything is vulnerable. I can only guess how much trouble a hacker could cause by stealing the keycodes that the kiosk or company stores.
Also, I am working on obtaining my Private Investigator’s license. I can safely say that this type of revenue loss would NEVER occur in the PI world. I would think ALOA would be all over this company.
Douglas Dorr
Maryland Heights, MO
Questions? Try Our Online Forums
Got a challenging question about a recent installation? Our online discussion forums might just have the answer you need. Following are two recent forum questions, along with answers from editor-in-chief Gale Johnson.
Post your questions at http://forums.locksmithledger.com/ and see if your colleagues or our editors have an answer. Forum topics include Ask An Expert (moderated by editor in chief Gale Johnson), General Locksmithing, Electronic Access Control, Safe Servicing and Automotive Locksmithing.
Subscribe To ENewsletters
Want monthly updates delivered right into your Inbox? Subscribe to Locksmith Ledger’s four monthly enewsletters.
Our issue promo enewsletter gives readers an online preview of each new issue.
ProductWatch showcases the newest products being marketed to locksmiths.
EventWatch notifies are readers of upcoming trade shows and educational opportunities.
Notes from the Editor is a timely, interesting monthly report from Editor-In-Chief Gale Johnson.
Just visit www.locksmithledger.com and type in your email address, and soon these monthly updates will arrive in your Inbox.
Send Your Letters
The editors of Locksmith Ledger welcome reader input. Share your comments and suggestions on any of our articles or general industry trends and topics.
Our mailing address is Ziptide, Locksmith Ledger, 3030 Salt Creek Lane, Suite 200, Arlington Heights, IL 60005. Letters can also be faxed to 866-827-8020 or E-mailed to [email protected].
