1: A False Sense of Security

People feel more secure when their vehicle is protected by a sophisticated anti-theft system - yet cars are still stolen. In fact, the technology used to make a car secure actually makes it easier for a thief with the right tools to steal it.

One car thief the authors interviewed claimed that he could steal your car in the time it takes for you to engage the security system and walk into your house - and this is no exaggeration. With a laptop computer and software that can be downloaded from the Internet, it's very easy to disable the security system, unlock the doors, and start the engine. (EN; Ironically, the On-star service shows this very thing in their commercials, as a convenience of their service, though it's a clean-cut employee rather than a car thief, it's exactly the same thing.)

So equipped with those tools, a thief can more easily steal a car if it has an advanced security system than if it doesn't. For a car without such a system, he doesn't have a convenient way to open the doors and start the engine - not that it couldn't be done, but it takes a knowledgeable old-school car thief to do it.

Not only are consumers duped by the appearance of security, but insurance companies are taken in as well. There is statistical evidence that shows a correlation between antitheft gadgets and the theft rate of vehicles, though the author suggests that this correlation isn't necessarily causation. (EN: There isn't any detail on other causes that might explain the correlation, but it seems sensible, as a person who is cautious in that regard might be cautious in others that more effectively reduce risk.)

The author goes into some detail about vulnerabilities in automotive security systems, but it largely comes down to this: the electronic component of the key is used rather than the mechanical function, which is largely vestigial. Some manufacturers are doing away with the key entirely, using just a small plastic fob or enabling owners to use their cell phone to unlock their car. As a result, stealing a car is as easy as hacking a computer password.

Physical Locks

The metaphor of a physical padlock is often used to imply security, but even physical locks are more in the nature of puzzles and security devices - they are easily solved for someone who has the key, but a but more difficult for anyone else. Not impossible, just more difficult.

There are even "sport pickers" who see lock picking as a leisure activity, similar to the way some people like to solve crossword puzzles. There are clubs and competitions, and the tools and training are easy to obtain as any other hardware.

A loose observation: the notion of using a lock is inherently flawed. If you place a lock on something, it's a clear signal to thieves that there's something worth stealing. (EN: I recall anecdotal evidence of instances in which house burglars ignored valuables in unlocked drawers or even lying in plain sight, but emptied the contents of a safe or lockbox.)

It's even possible to create a duplicate key, giving a tracing, cast, or even a picture of the original, to open a lock, or even "master" keys to open any lock of a given manufacture - either a single key that will open all, or a set that can be tried and one of which will generally work.

Most locks use a series of pins and tumblers that, when pressed in the right combination, allow the mechanism to open. If you have a basic understanding of how a given type of lock works, and a bit of manual dexterity, it's fairly simple to trick the lock into opening.

Conventional pin tumbler locks use the various peaks and valleys in the (largely) unique shape of a key to access pins. The pins can be raked with a bit of wire, then the wire can be used to depress the pins, and a tension-wrench (an L-shaped bit of steel) can be used to turn the lock once the pins are set. With practice, a lock can be pocked in less than a minute.

Lock makers have put a significant amount of effort into improving the security of locks, but this merely makes them more challenging. One sport-picker demonstrated his ability to open a top-of-the-lien padlock, the very type used by the US government to secure foreign embassies and the White House. He did so in front of a live audience, in a matter of minutes.

In addition to picking the locking mechanism, it's possible to circumvent it altogether. The trick to opening a locked door with a credit card is known to virtually everyone, and even supposedly advanced systems are sometimes defeated with embarrassing ease - such as a high-end bicycle lock that is easy to open by jamming a pen into the keyhole (EN: Do a search for "kryptonite lock bic pen" to see videos - people who aren't experienced in picking locks can do this very easily). And if you can't defeat the lock, it' soften easy enough to cut the chain or hasp to which it's attached. It;s later mentioned that burglars in residential areas seldom bother trying to pick the lock on a door to gain access: they break a window to bypass the door entirely.

This leads to two significant observations about locks that are true of any security system: (1) They are merely obstacles to access. A person with sufficient skill and time can defeat them. (2) All security systems have flaws. Companies have spent significant amounts on research and development to improve the lock, but there never has been a lock that could not be picked.

Lock makers, like professional software developers, seek to build their products to documented industry standards, and stand by those standards in continuing to manufacture and sell locks that have been shown to be easily defeated. There are multiple sources of standards for locks, but the standards are for manufacturing, not security, and in effect they certify the mechanism works properly when a key us used to open it, not that it is secure against being opened without using a key.

They have also been successful in dodging liability in cases where people who sought to sue for losses due to their product's failure to perform its designated function. That the locks were built to meet "industry standards" has been sufficient defense.

Anecdotal evidence is presented of an individual (Marc Tobias) who discovered a flaw in a lock, the manufacturer acknowledged it but refused to recall the product or warn customers. When he went public to warn people about the lock, both the company and the Associated Locksmiths of America treated him with great hostility - suggesting that his actions in calling attention to the problem were more irresponsible than their utter indifference to the defects in their product. However, it's fairly clear that their concern was not for danger to the customers, but to their own reputation.

It's also suggested that professional organizations discourage their members from disclosing discoveries about problems with specific locks, as the manufacturers provide significant financial support for such organizations. A locksmith who makes any public statement about product defects may expect to be banned and blacklisted. (EN: this smells a lot like folklore, and as locksmiths are largely small and independent businesses, there's likely little power in the industry organization over them.)

Layering Security

Given that even the most advanced methods of security can be bypassed or defeated, the strategy that is currently being used is to implement multiple safeguards. The point is to get the prospective thief to regard your property not as being impregnable, but significantly more difficult than an alternate target he might choose.

To do this, you could buy a better lock than your neighbor, or use two locks instead of one. To the thief, the time needed to pick a lock is not merely an inconvenience, but a risk, as he must spend a greater amount of time to gain access and stands a better chance of getting caught.

(EN: Something that's been seen, generally as a comedic prop, are individuals who have a ludicrous number of locks on the door to an urban apartment - but it's really not so silly: the doors to most homes have at least two locks, one in the doorknob and a separate deadbolt, as well as a bar or a chain engaged while residents are inside.)

The advice provided to people who want to safeguard their cars is fairly standard: don't leave valuables in plain sight as an enticement to thieves; lock your doors and take your keys (EN: I once attended an event at a car dealer which brought a police detective in to do a presentation on security - and apparently, this is a widespread problem); park in well-lit areas where there are many passers-by; remove window stickers indicating the brand of car alarm you use; use a separate hood lock and locking gas cap; etc.

Ultimately, the companies that build cars do a reasonable job of providing a basic level of security, and do a fairly job at staying just a step behind the thieves - but the standard security features enable thieves to learn a standard method for gaining access, and any extra step you take makes you a less likely target than others who don't bother.