Lock and Key: In Safe Hands

On Trailblazers, learn how we took the early lessons learned from great locksmiths and applied them to the digital era.
Transcript
Subscribe
All Trailblazers Podcasts

No lock is unbreakable; all you’re ever doing is buying yourself time when a thief tries to access your valuables.

To extend that time and make sure your security remains nearly impenetrable, you need two things: a strong lock and a unique key. Both of these have changed dramatically over the years.

On Trailblazers, learn how we took the early lessons learned from great locksmiths and applied them to the digital era.

What you’ll hear in this episode:

● The history of locking things up (0:00)

● Evolutions of security (3:36)

● Criminals get smarter (8:31)

● The lock wars escalate (10:55)

● Enter the safecracker (12:28)

● Opening locks in a security-obsessed era (14:41)

● Innovation comes for the key itself (17:14)

● Biometrics get involved (18:42)

● Security goes virtual (24:08)

● It all comes full circle (27:28)

“In the 1800s, you had this growth of capitalism and the growth of capital. As people had more wealth to protect, you needed more and better locking mechanisms to do this.”

— David Erroll, co-author of American Genius: 19th Century Bank Locks and Time Locks

Guest List

  • Alexandre Triffault is a lock expert, programmer and security expert who trains professionals and Law Enforcement Agencies in the areas of protection and physical intrusion.
  • Marc Weber Tobias is an investigative attorney, physical security lock design expert and author of Locks, Safes and Security: An International Police Reference.
  • Matt Davey is the Chief Operations Optimist at 1Password, where he leads design, content and marketing.
  • Grace Nolan is a Security Engineer at Google and has lectured about the history of lock-picking and security.
  • Charlie Santore is a professional safecracker.
  • Robbie Cabral is the Inventor, CEO & Founder of BenjiLock, the world's first traditional padlock with fingerprint technology.
  • David Erroll is the co-author of American Genius: Nineteenth Century Bank Locks and Time Locks.

Walter Isaacson: May 1851, at the spectacular new Crystal Palace in London’s Hyde park, Queen Victoria opened England’s great exhibition, a six-month world’s fair showcasing the latest fruits of the industrial revolution and attracting the cream of the 19th century A list. As delighted celebrity watchers crane for a glimpse of Charles Darwin and Charlotte Bronte, George Elliott or Charles Dickens, few notice the arrival of a modest American tradesman Alfred C. Hobbs.

Walter Isaacson: Armed with lock picking tools, Hobbs was about to become the greatest security threat in all of England, or so he hoped. He had come to pick the unpickable lock, a device called the detector created by England’s Jeremiah Chubb more than three decades earlier. Chubb’s ingenious design was a source of British pride. Patented in 1818 the detector was honored as a lock of choice for England’s prisons and post office.

Walter Isaacson: At Hobbes’s invitation, a group of men, including a representative of the Chubb company, gathered in this strong room in Westminster, formerly the vault of the Southeastern railway, for a demonstration. Hobbs opened his kit of fine lock picking tools and went to work. As a witness would later testify, the vault swung open in the short space of seven minutes without the slightest injury to the door.

Walter Isaacson: Alfred Hobbs didn’t stop there. His next port of call was Brahma and Company and Piccadilly. Where the fabled Brahma lock had defied would be locked pickers for 80 years. Terms were set and Hobbs was given lodgings above the Brahma shop with one month to defeat the famous lock. After 16 days and 50 some hours, England’s other pick proof lock clicked and opened.

Walter Isaacson: Alfred Hobbs motive was purely mercenary. As an agent of new York’s Day and Newell Company, he’d come to promote his company’s new pick proof lock and to do that, his strategy was first to show up England’s best, right in its own back garden. And so began a cat and mouse game among lock makers, embarrassing rivals to promote newer, better models of their own. A game, which would inspire smarter criminals and generations of tech savvy security consultants.

Walter Isaacson: I’m Walter Isaacson and this is Trailblazers, an original podcast from Dell technologies.

Speaker 1: Good locks. Strong doors and locked windows.

Speaker 2: Unfortunately, there isn’t a safe or a vault made that a determined burglar can’t open, given the time and the proper tools.

Speaker 3: I’ll get this tin can open in three seconds.

Speaker 4: I don’t see how a burglar can make a decent living anymore.

Walter Isaacson: However you secure yourself, you’re immersing yourself in 21st century manufacturing.

Speaker 5: “Alexa, lock the door.”

Walter Isaacson: Rooted in technologies that date back thousands of years. In ancient Rome for instance, showing that you carry a key from something was itself a symbol of affluence. Grace Nolan is a security engineer whose given talks on the history of locks and keys.

Grace Nolan: If you were rich enough that you could afford to have things locked away and stuff like this, then that showed that you were very important. So they had these giant keys, some of which were 30 centimeters long and they must’ve been super heavy as well.

Walter Isaacson: The desire to secure objects and to be able to boast about it, spawned the creation of lock and key mechanisms in China, ancient Egypt, and Mesopotamia. Over the centuries, the demand for locks and keys for affluent clients gave rise to a rare class of professionals.

David Erroll: During the 16 and 1700s and earlier in Europe, lock making was much of a guild like anything else.

Walter Isaacson: David Erroll is the coauthor of American Genius 19th Century Bank Locks and Time Locks.

David Erroll: In order to be accepted into the Guild, lock makers would work on and craft what they called a masterpiece lock, which was an example of their talent. The keys and the lock metal machining and artistry was incredibly intricate and they were very beautiful.

Walter Isaacson: By the time Victoria opened London’s great exhibition, there was enough wealth in England to keep lock makers working at capacity.

David Erroll: In the 1800s you had this growth of capitalism and the growth of capital, and as people had more wealth to protect, you needed more and better locking mechanisms to do this.

Walter Isaacson: When A.C. Hobbs bested England’s two iconic lock makers, that drive for new and better locks found traction. Hobbs had not only forced an evolution in lock technology, he changed the way people think about measuring the security of locks. Until then, locks were regarded either as pickable or unpickable; vulnerable or invincible. After Hobbs demonstration, lock security was no longer so black and white and instead it would be measured in time. How long a lock could reasonably resist a covert attempt to open it. That standard is how lock security is still measured today.

Walter Isaacson: His rivals properly embarrassed, Hobbs went to work promoting Day and Newell’s parautoptic lock. To defy lock pickers, it was designed with its inner mechanisms set away from the keyhole, making it, Hobbs boasted, the true unpickable lock. And it was until a rival picked it, but not just any rival. The man wielding the karmawas a Massachusetts lock entrepreneur, Linus Yale Jr.

Walter Isaacson: Yale began his career as a portrait artist, but he had a penchant for design and mechanics and was soon lured into his father’s lock trade. Not only did Yale publicly expose a flaw in Day and Newell’s parautoptic lock, he patent a way to fix the problem. Then in the bare knuckled spirit of 19th century enterprise, he refused to sell the patent to Day and Newell, rendering their locks permanently flawed, and clearing the path for this own line of pick proof locks.

Walter Isaacson: In 1862 Yale had pioneered the combination lock, though his greatest legacy might be his design for compact pin and tumbler locks, the same type of lock used in almost every household today. While Yale took credit, he may have had ancient inspiration, Grace Nolan.

Grace Nolan: I would say in Mesopotamia, they seem to have the first pin locks and I would say that they were developed somewhere between 4000 BC and 700 BC. We have evidence to show that there were pin locks at that time.

Walter Isaacson: Mechanical locks were becoming more sophisticated, but as David Erroll points out, they were only as good as the vaults they protected.

David Erroll: You can imagine that it’s not so useful to have an incredibly safe lock that’s connected to a wooden box and an extremely strong steel safe with an insecure lock on it. As safes got stronger, they justified greater technical ability in making the locks safer. And as locks got safer, it made it more important to make the safes and vault doors safer.

Walter Isaacson: Inevitably better locks and better vaults gradually inspired a more innovative breed of criminal. As a practice of midnight safe cracking became more difficult, Many turned to a new modus operandi, the mast daytime robbery.

David Erroll: The mask robberies in the 1800s started to make it clear that the human element in the security chain was now the weakest. That a bank manager who had keys or a combination that could open the lock on the vault or safe was now the most vulnerable.

Walter Isaacson: The market was right for another new/old technology. The time lock. Once set, it couldn’t be open, short of force, until the prescribed time. Though introduced decades earlier, time locks were unpopular at first. Clients resisted the idea of no one having access to their safe for any length of time. Towards the 1860s, as burglars began kidnapping bank managers or family members to coerce safe combinations from them, time locks quickly became the rigor in corporate security

David Erroll: Companies began to purchase time locks and install them on vaults, and also install plaques on the outside of the bank and the vault telling everybody that there was this time lock on the inside. So that this way, even if the bank manager was there, he could give the combination or the key to the criminals, but there was no way that the bank vault could be opened before Monday morning.

Walter Isaacson: Through the late 1800s, as a cutthroat rivalry among lock companies escalated, two giants emerged, Sargent and Greenleaf, and Yale. Over the years, their scrapping moved from the marketplace to the courts where they traded a growing list of patent lawsuits, until they realize that their hubris was becoming expensive.

David Erroll: At some point, they realized that suing each other was not the most profitable way to go about this, and in 1877, they actually got together, Sargent and Greenleaf on the one hand, and Yale on the other hand. They got together and decided to combine their companies, not formally, but with a contract in which they would fix prices, and carve up the United States into different territories, and they agreed on their various royalty payments and a split of profits, and to avoid introducing new models without the consent of the other party. In 1877, this was very savvy business practice. Today, we would consider this to be a smoking gun violation of antitrust law.

Walter Isaacson: Through the 1890s, these antitrust laws and some high court decisions against the two lock giants finally help level the playing field.

Walter Isaacson: Meanwhile, the era of the bank vaults and safes added a new character to criminal folklore, the safecracker. This is the criminal savant familiar to any movie goers, adept at manipulating, drilling, and finessing open the world’s most formidable locks. Unlike the quirky savants of Hollywood heist capers, real life safecrackers are relatively rare in the annals of crime, though there have been splashing exceptions.

Walter Isaacson: During England’s great train robbery of 1855, locks were compromised using duplicate keys made of wax impressions of the originals. In 2003, a small group of men stolen more than a hundred million dollars worth of diamonds, gold and jewelry from a vault in Antwerp, unlocking the safe without tripping a single alarm. Despite such rare, spectacular examples, real life safe cracking is more of a blue collar trade than a cloak and dagger adventure. Just ask modern day safecracker, Charlie Santore.

Charlie Santore: I would say that it’s certainly not as glamorous as it sounds. You know, it sounds like the stuff of movies and really, it’s not rocket science.

Walter Isaacson: Santore is a 21st century safecracker for hire. He’s the guy hired to open the safe when nobody else can. Safes that are inherited, damaged, or whose combinations have been forgotten. Though his address is Hollywood, glamor is not a word that springs to his lips.

Charlie Santore: It just takes a tremendous amount of patience, and you’ve got to be really, really stubborn to do this kind of work. More so than anything, I think you’ve got to be stubborn and I think it probably takes a little bit of OCD, probably, because anybody with any sense, why do you want to sit in front of something that’s locked for hours sometimes, or even in some cases, sometimes it takes days to open these things.

Walter Isaacson: In the digital, security sensitive, post 9/11 world, opening locks can be as valuable to law enforcement as securing them, which is why it’s good that Alexandre Triffault is on our side. Combining proprietary software with a 3D printer, Triffault created a system that allows law enforcement and only law enforcement to create a key in minutes for any number of mechanical locks. It began with a friendly taunt.

Alexandre Triffault: It was a challenge with a friend. He had a new lock that he bought abroad and it was not even available in France really. He told me, “Nobody can duplicate my key, uh, this is very secure.” He knew of course that I was in locksmithing, so he told me, “Even you, you cannot do it.” You know, this is exactly what you need to say to someone to actually try.

Walter Isaacson: Triffault whose knowledge of lock is self-taught and who learned to program software by watching YouTube videos calls his system ATS 3D key. The ATS stands for Alexandre Triffault Security. All the user needs is a photograph of the key, ideally more than one, and a photo of the key way, and that’s the key opening in the lock. The data is fed into Triffault’s software, and 15 minutes later, a 3D replica of the key is ready. It even works for patented or high security keys which locksmiths aren’t able to copy.

Walter Isaacson: To civilians, it means not just safeguarding homes, cars and valuables, it’s now about safeguarding the keys that access them as well. Triffault counsels that keys are a form of shareable information, just like a password, and should be treated with the same care.

Alexandre Triffault: When you lend a key to someone, essentially, you are doing exactly the same. When you give the key even for five minutes to someone, you don’t know what does they do. Do they go to a locksmith to make a duplicate? Do they take a picture? Do they take impressioning in wax or whatever? You don’t know. It really takes only five seconds to get the information from a key. Even a key that you leave on your desk and someone comes in your office, say “Hello, blah blah blah”, takes a picture, it’s already done.

Walter Isaacson: Taking a look at a mechanical lock today, you will notice that it’s most likely is still using the same pin and tumbler lock design that Linus Yale introduced in the 19th century. But in the digital era, it’s the key that got a serious make-over.

Walter Isaacson: Hotels were early adopters. In 1979, a Norwegian inventor, Tor Sørnes, developed the first magnetic strip hotel card based on a punch card version he had developed four years earlier. It would transform the hotel industry. A year later, the Ford Thunderbird offered an odd new feature, an electronic keypad entry system, the first in a rapid succession of automotive lock innovations. In 1982 came the first keyless remote entry in the Renault Fuego. Four years later, General Motors introduced a coded chip in the key of the Corvette preventing replica keys from starting the vehicle.

Walter Isaacson: Many of these new technologies gravitated to padlocks, from Bluetooth, to app operated, to proximity locks. The hunt was on, not for better locks, but for better keys.

Walter Isaacson: Robbie Cabral hadn’t been attending the gym for very long. He and his band had come to America at age 17 from the Dominican Republic, determined to hit it big in rock and roll. Simple enough. But when they found no traction, Cabral worked as a janitor, a waiter, and a launderer while finding time to study management at UCLA. One winter feeling the stress of a recent job loss, he found solace in food. Fifty pounds, later he resolved to work it off. On each visit to the gym, Cabral would notice somebody struggling to open a locker. Either the key got lost, a wifi signal fail, or a combination was forgotten.

Robbie Cabral: From there, another day a gentleman says, “Hey, you know, I can’t really see my combination lock. Can you put this numbers in?” I’m thinking to myself, “Wow, there’s two issues. How come there’s just not a lock that you can open with your fingerprint?” Another gentleman had like a Bluetooth lock and he couldn’t lock it in and he got locked out. All of these things were happening and I’m there and I’m like, “Wow, okay.” Something just sparked

Walter Isaacson: Imagining that a fingerprint activated padlock must already be on the market, Cabral began hunting through retail stores. Nothing. He scrounges up enough money for a patent search. Again, there was nothing like it on the market. The next three years were threadbare adventure, coaxing, scrounging, borrowing, and relentlessly pressing to create the fingerprint activated lock he believed the market needed. Three grueling years later in 2017, Cabral wrestled enough funding for a table at the consumer electronic show in Las Vegas. In spirit, a direct DNA ancestor of the London Exhibition of 1851. There, thousands of hopeful entrepreneurs pitch new technologies to the world’s industries. Robbie Cabral’s lock called the BenjiLock, was an instant hit. Crowds gathered to get a look at the new fingerprint operated padlock. That’s when two things happened that changed Robbie Cabral’s life. First Hampton Products came to call with an offer. They proposed to market Cabral’s lock under their famous Brinks brand.

Robbie Cabral: But, my gut was telling me, “Just Robbie, just wait”. So I told him, “You know what? As much as I would like to partner with you guys, it was nice meeting you guys, but it’s not what I feel like”.

Walter Isaacson: Second, Cabral was urged to audition for the TV reality show Shark Tank. That Fall with Cabral’s funds exhausted, he made a deal on Shark Tank. The national exposure and success on the show was enough to bring Hampton Products back to the table. This time they offered a licensing deal under the name BenjiLock. The product launched in the Fall of 2018, initial sales have been brisk. Finally, it had happened, Robbie Cabral had become something, perhaps even better than a rock star. He had become a lock star.

Walter Isaacson: But, with the digital age rush for convenience, it’s not just the BenjiLock that is using new kinds of keys to open locks. Biometric locks are booming in popularity, locks that can be accessed not only with fingerprints, but with scans of our faces as well. While these advances and new kinds of keys may be convenient, they’re not always necessarily for the better.

Marc Tobias: There has been a seismic shift in the design of locks.

Walter Isaacson: Marc Tobias is the author of the 1400 page industry bible “Locks, Safes and Security: An International Police Reference.”

Marc Tobias: When I wrote my primary text in the industry, when it was published in 2001, there was only really mechanical locks. Now everything’s going towards electronics. If you go to Best Buy and all the Lowe’s and Home Depot, everybody’s carrying home automation and connected homes now, and the locks are an integral part of that. There’s a lot of changes and of course there’s a lot of security changes.

Walter Isaacson: As physical locks become integrated with our digital world, familiar, modern problems begin to crop up. Namely security threats from places we had never before imagined.

Marc Tobias: We looked last year and figured out that we could stand outside of a house and say, open the door, the door would open if the locks were integrated. They finally figured it out and put a password in. These are the kinds of things problematically that design engineers are focused on making things work, not so much on the security side, so it can be a real problem.

Walter Isaacson: With the rise of our connected world came a new way of looking at security. Often our most valuable assets are no longer even stored in our homes. Instead, they’re virtual, assets that we want to access anywhere at any time. But, the cost of this ease and convenience is vulnerability.

Matt Davey: If you take it back to the physical world, most people have a key for their house and their workplace.

Walter Isaacson: Matt Davey is the Chief Operations Optimist at the password management company, 1Password.

Matt Davey: Well if you times that by the amount of online accounts that you have, you do have a unique key for each place that you enter kind of with a key. You really do need that online as well. Strong, unique passwords are really the only way to secure yourself online. That idea would lend your key chain to like hundreds of keys that no one wants to carry.

Walter Isaacson: As information moved online, so did keys and vaults, but in a new digital guise. Passwords became keys and encryption became the new vault. In time a new problem emerged where people once needed a half dozen passwords, soon they needed dozens, even hundreds. In a virtual world the whole notion of a lock and key has created opportunities for companies like One Password to try and solve what to some might’ve seen unsolvable.

Matt Davey: The strength of a lock can basically be this idea of authentication really. The idea that when you have a password and you say it at a nightclub for example, they let you in the door because you had the thing that they need. But, I think that the idea of this vault on the other end is really this idea of encryption. Is that it’s not this idea of us just taking you at your word because you know some details to get in. It’s this idea of us taking the password or the master password that you created and us doing math to that, for the lack of a smarter way to say it, and allowing you in through your own information.

Walter Isaacson: Through a traditional lock and key interface, users can enter their master password to get into their own virtual vaults. Once they are in, what they find there is almost priceless. All of the keys to our online identities.

Matt Davey: The interesting thing that I find is that, you know, me and my wife started sharing much more than just passwords that we would need access to each other’s accounts for. We started sharing things like the documents for the mortgage and it becomes that safe place to put everything. So you’re no longer thinking of like a vault where keys are stored, but you think of it as that place in your house that you keep your passport. So that drawer that has all of the important documents in, it suddenly becomes the digital version of that.

Walter Isaacson: Just like the myth of the pick proof lock was disrupted at the London Exhibition nearly 170 years ago, the challenges put in place to pick today’s virtual locks kind of seem like deja vu all over again.

Matt Davey: We do actually offer $100,000 to anybody who can retrieve what we’ve stored in a vault, which is some bad poetry. If you can break through our security and get that, then we award you $100,000 and we investigate very heavily how you did it. But, no one has taken that prize so far, so we’re pretty confident in our security model.

Walter Isaacson: The story of locks has been a cat and mouse game with the lock makers trying to stay one step ahead of the lock breakers. So while no one has broken through 1Password’s seemingly impenetrable vault quite yet, as history shows, it’s conceivable that at some point someone will. For all the refinements, bells and whistles and features, digital and otherwise, one constant has remained since 1851. Locks and keys aren’t about creating impenetrable barriers, they’re about buying time. I’m Walter Isaacson and this is Trailblazers, an original podcast from Dell Technologies. For more on any of the guests on today’s show, visit our website at delltechnologies.com/trailblazers. Thanks for listening.