Where Are We Now? NASTF, Key Codes and the Locksmith

Dec. 1, 2007

It first started with the National Right to Repair Act.

Then around ten years ago, the auto repair industry started talking with auto manufacturers about getting access to service information and service tools.

About five years ago, the locksmith industry joined into the talks with auto manufacturers about getting access to electronic immobilizer codes.

Then around two years ago, the California Legislature started legislation to have the auto manufacturers mandated to provide key and immobilizer codes to the California locksmiths, starting on Jan. 1, 2008. I was there trying to negotiate the best deal for the locksmith industry.

Since then several other states have tried to legislate the same mandates for key codes and related information.

In the mean time, the auto repair industry and the locksmiths have still been talking with the auto manufacturers about getting access to service information including immobilizer codes.

Now jump ahead to the Associated Locksmiths of America National Convention in Charlotte , N.C. in July 2007. During this convention, the Vehicle Security Committee (VSC) of the National Automotive Service Task Force (NASTF) presented a Secure Data Release Model (SDRM) that would provide access 24/7/365 to the auto manufacturer's technical websites for the registered locksmiths and auto service people, called Vehicle Security Professionals (VSP). I was there assisting in answering questions for locksmith who were asking questions.

Now jump to the middle of October 2007. With an operational target of Jan. 1, 2008, the auto manufacturers, locksmiths, auto repair industry and many other related groups are rapidly, but yet slowly, building the actual model for VSPs to get the needed access. Though the final requirements are still being finalized, these requirements have not changed much through the revision process.

Information about this process will be posted on the web site www.NASTF.org, as it is developed. I will provide you with my perspective, since I have been working with many of the development committees.

To access security-related information on the manufacturer's websites you must be signed up in the NASTF Registry. In addition to completing the application, you will get your signature notarized for agreeing to the terms and conditions and having a background check completed. You will also need to list your company's information, business liability insurance and fidelity bond, any trusted employees, and any licenses that your trade or state require. With all of this paperwork and a small application fee, a criminal history background check will be completed.

If you meet the security requirements, you will be issued a Locksmith Secure Identification (LSID) number. This will allow you access to the Registry and the secure area on auto manufacturer's websites. The manufacturers will have their own procedures and fees to access their specific information.

Several issues have already arisen.

1) Though ASA and ALOA have been assisting in putting this process together, membership in any organization is not required.

2) If you employ service technicians (trusted employees), you can sign them up AT YOUR RISK AND ASSUMING ALL LIABILITIES FOR THEIR ACTIONS. At this time, you are required to background check your trusted employees to the same degree that you were checked. They must be directly paid by your company as an employee. Sub-contractors and independent contractors are not allowed to be signed up as employees of your company. The sub-contractor can sign themselves up separately to access the SDRM.

3) The Positive Identification Policy sets the ground work for the requirements for identifying the “owner of the vehicle” and who can authorize a key being generated.

4) VSPs who have new and used car lots and auto auction type yards for their customer base can access the Registry following the terms and conditions as agreed upon.

5) The auto manufacturer's SDRM information can not be shared, bartered, sold, or traded with anyone, other than the “authorized” owner. Also any insights gained into the trade secrets or proprietary methods of doing business by automakers through use of the Registry will be treated as strictly confidential.

6) About ten auto manufacturers are already committed to providing security related information. They are all projecting different start up times but everyone is projecting for a January 1, 2008, target date for being operational in California and other states. Beta testing with over a dozen VSPs is currently taking place. The first successful Beta Test by a practicing locksmith was completed on October 24, 2007.

As I mentioned previously, all of this information is subject to change. As with many things in life, the more that anything is reviewed during its initial development, the more susceptible everything is to change. As we are all closing in on the January launch date, many more items are being considered. Read the LOCKSMITH LEDGER and other news sources for more updates.