42 Keynotes May 2024 aloa.org Locking of Accounts What happened next, and how did they decide what accounts to lock? “In 2016, it became clear the program was being used by people involved in organized crime. Our automaker part- ners engaged a large cyber security com- pany to analyze and recommend revi- sions to SDRM. A selections committee was created, and a group of candidates were screened to create what would be released as SDRM 2.0 at the end of 2018. “Unfortunately, it became very clear the weak business practices that led to sharing VSP IDs and passwords also existed in record keeping where fewer than 200 of those accounts were able to produce their last 10 D1s or any D1 for that matter,” Seyfer continued. “NASTF conducted multiple member training classes online, and ultimately about 900 of the 1,375 had their accounts reinstated. What happened to the rest? Many never contacted NASTF to have their accounts reinstated. Many tried to have their accounts reinstated but could not provide proof of their identity and in many cases proof they lived and had work documents in the United States or Canada.” At that point, SDRM 2.0 launched at the end of 2018, leading us to the current iteration of the sdrm.nas- tfsecurityregistry.org website. Up to the Present Time For the next few years, NASTF remained a contested topic that only escalated recently. NASTF’s insistence on LSID and now VSP requirements has hin- dered the involvement of locksmiths in addressing key programming issues. By only having one “locksmith” position on the NASTF board, locksmiths in general have felt ignored or neglected by a pro- gram developed to assist them in their industry. When addressing root causes of this perceived neglect and recognizing the expertise and importance of lock- smiths in maintaining vehicle security, NASTF should collaborate with the lock- smith industry to safeguard vehicles and prevent unauthorized tool access and theft. Governmental agencies have been monitoring our industry for a while as well, primarily concerned about unau- thorized key programming and potential security risks. As social media trends grow, YouTube videos get uploaded and cheap but powerful key programming machines flood the market, the barrier for entry into automotive key program- ming has plummeted to astounding lows. While we love our cheap equip- ment due to the speed we can see ROI, so do the bad guys. Automakers have had to scramble to implement additional secu- rity measures, ranging from free steering wheel clubs for Hyundai/Kia owners to completely locking Radio Frequency Hubs in later-model Chrysler products, completely preventing the ability to pro- gram additional keys without module replacement. In summer of 2023, rumors began cir- culating that NASTF membership was going to be required to access immo- bilizer functions on scan tools. While not everything you see on the internet is true, this topic did come up during the NASTF VSP team meetings, indicating it was in process. I, along with many of my friends, attempted to confirm for those unaware on social media it was going to happen, despite not having much con- crete proof. Then on March 13, an announcement was sent via email. I asked Seyfer what the purpose of it was on a Zoom town- hall-style meeting (the two-hour conver- sation is available on the AutoProPAD YouTube channel) with several other industry professionals. It boiled down to getting rid of the rumors and letting all of us know what changes were coming. The biggest question is “why?” Why are legitimate locksmiths being forced to do this? Why now? Why is this required? Why is it only voluntary for the tool manufacturers? Looking at it from a safety perspective (and includ- ing governmental three-letter agencies), again, a lot of it comes down to theft, both in terms of key programming equipment and vehicles. Many, many locksmiths have had their key program- ming and cutting equipment stolen. In the absolute worst-case scenario, sev- eral have been murdered for their tools. Those thieves and murderers then use our equipment to commit other crimes. Insurance companies have threatened to stop insuring locksmiths due to the risk involved. A large part of the discussion online has been how this has been a “money grab” by NASTF, or an overreach by a non-governmental organization or a “sanctioned code broker” (which is also inaccurate). On our call, Seyfer volunteered the fact it has already been discussed in NASTF meetings that as the number of members increase, costs can come down to those same members; they don’t need to charge as much if more people are using the program. Also, while NASTF is not the government, they do work with governmental agen- cies. With locksmith licensing require- ments varying wildly across the country (or even within the same state … looking at you, Florida), a “national locksmith license” program would likely be a much Many, many locksmiths have had their key programming and cutting equipment stolen.
