Liberty Safes apparently builds in a ‘backdoor’ passcode – like a master key – on its safes with electronic digital dials. Maybe all electronic dials are made with such.

Is liberty safe with Liberty Safe?

Last week, an Arkansas man was arrested in connection with the U.S. Capitol riot on January 6, 2021. Nathan Earl Hughes has four charges pending against him, including a felony count of interfering with police during a civil disorder. Arkansas Online has an article (archived links) detailing the investigation and the charges against him.

With ubiquitous cellphone cameras, the video of Hughes’ arrest quickly made it online (archived):

 

There is an important sentence in the above tweet/post from the Hodge Twins, and that is this:

“The feds called the manufacturer of his Liberty Gun Safe and got the passcode to get into it too.”

It comes as a surprise to many of us (although it shouldn’t) that an electronic keypad has a secret factory default passcode that allows entry into the safe besides the customer-configured passcode. We don’t know if this default passcode is unique to each safe, or if it’s a model default passcode (like a silly default “admin/admin” username/password combination you find in most wireless routers) that will get you entry into any Liberty Safe of the same model. (Looking at the customer FAQ’s on the Liberty Safe website, it looks like the default passcode may be unique to each safe.)

Likewise, although it shouldn’t, it comes as a surprise to many of us that Liberty Safe gave out this passcode to the FBI with a simple phone call. The FBI clearly had an arrest warrant for Hughes, and given the circumstances of his house being searched, there was likely a search warrant too. Liberty Safe hasn’t disclosed whether the FBI provided it with a copy of the search warrant or if a verbal explanation on the phone was enough for them to divulge the secret factory default passcode.

Since the beginning of the Global War on Terror, the FBI has relied on “National Security Letters” in lieu of search warrants. These letters were used for invasive grabs of customer data from third parties, the recipients of those letters couldn’t talk about it, and even the low bar of requesting third-party data through National Security Letters was often not cleared by FBI agents looking for expedient shortcuts. The letters were also abused to spy on journalists.

The worst aspect of National Security Letters is that a culture of domestic snooping has become entrenched and is alive and well, resulting in the warrantless and voluntary disclosure of customer financial data by banks to the FBI. Going back to Liberty Safe’s passcode disclosure, In the absence of a search warrant, a phone call from the FBI sounds like a verbal National Security Letter.

The truth is that most companies just fold when they get a call from the FBI, either out of fear or for wanting to “help” the country’s foremost law enforcement agency, even in the smallest and inconsequential of cases. It’s very rare to see companies putting their feet down and saying no, especially in the most egregious cases. One rare example is Apple Inc., which refused to decrypt the iPhones of assailants in both the San Bernardino and Pensacola Naval Base Jihadi attacks, much to the chagrin of the federal government. The FBI had to go to an Australian company to decrypt their phones in the San Bernardino case.

In the interest of their gun-owning customers, I hope Liberty Safe fully discloses what happened in the case of Nathan Earl Hughes’ safe, and how and under what circumstances they divulged the passcode to the FBI. Until then, there will be a justifiable cloud of suspicion around them in the minds of their customers.