Printer Friendly

The contentious problem of key control.


THE MOST VULNERABLE PART of any security system is the control of keys, access control cards, keypad codes, or combinations. However, such control is not always handled in a trustworthy manner. Consequently, members of the public have grown cynical. They have also become self-protective so that they do not trust anyone, including the people who are supposed to be protecting them.

For years managers have been using key arrangements that are basically trust systems. They lack any accountability to the owner of a key. These arrangements may be referred to as "hands-on" systems. The question is, are they the best that security can use?

In the case of real estate management, tenants are usually required to leave a key with the landlord, management company, or board of directors. Real estate owners have established the need to have a key to a tenant's premises since the owners have a responsibility to protect the health and safety of all the tenants in the building. In some states, laws require tenants to leave a key with management. In other states, such a requirement is usually written into leases. The result is that a very large number of people is asked to turn over a key and leave it to trust.

In multiple dwellings, the customary way of taking care of tenants' keys is with the conventional key cabinet, a hands-on system. In the case of real estate management, these keys are usually administered by a property manager (the superintendent), or a cadre of building service employees. In the event of an unforced entry to a tenants' apartment, the building service employees are often accused of committing an inside job. Unfortunately, they cannot easily prove their innocence.

The situation just described is becoming a very contentious problem in real estate management. Some tenants actually refuse to comply with the key rules and are sometimes faced with eviction and harassment by landlords.

The key cabinet system, in this case, serves the landlord very well. He or she gets the keys and has no accountability to the tenant if they are abused. The onus is always on the tenant or victim to prove that the keys were used illicitly. Such a claim is virtually impossible to prove.

Real estate management companies often suggest tenants carry theft insurance to offset any loss. That cynical solution puts the burden on insurance companies and does nothing to defeat the criminal element. It perpetuates potential losses and creates bad feelings between tenants and landlords.

What is needed is some accountability to tenants by real estate management companies. This is not to blame those companies, however. They have not had any new systems or technology to replace the generic key cabinet. Some management companies use paper envelopes to protect keys, but these envelopes are not secure and come with a variety of creative excuses as to how they became abused, torn open, and mishandled.

A management company in Houston uses a master key system for its property, and the tenants go along with it. When asked about the potential abuse of keys by employees, the manager indicated he subjected employees to a polygraph test before hiring them. What he does now that polygraph testing has become all but illegal is anyone's guess. However, key security is not really his problem. All he has to do is deny that he or his staff used the key illicitly. The onus is on the tenant to prove that the key was misused.

A key control system that offers accountability for the key could ease the problem greatly. If the real estate manager had a way to prove to a tenant that he did not use the key, he could not be accused. Accountability is the missing ingredient in just about any situation where someone is put in charge of keys, codes, passwords, or access control cards.

The subject of liability is a further concern in the business of security and protection. Bonding employees is one way to deal with liability. However, this indemnification system depends on insurance companies again and perpetuates the cycle of insuring for the loss rather than preventing it.

Users of codes, access control cards, and passwords would similarly benefit from accountability. If an important password is stored in a computer, a clever manipulator or hacker can extract the password and run the system. In some cases, information security personnel keep passwords in a safe. However, that method of storage does not identify whether security of the information has been breached.

It is also important for security managers to be able to store keys and passwords in such a way that their staff can access them in an emergency and still be held accountable. What options do security managers have?

Key control cabinets. These cabinets serve to organize and file keys in a systematic way. Key control cabinets are "hands-on" systems--once you open the cabinet, you can put your hands on the keys. The manufacturers of these cabinets make no claim as to the security they provide, and the cabinets provide no accountability.

These cabinets are only as good as the security staff that oversees them. The key control cabinet gives some degree of safety when used with a coding system. It does not represent high security, nor will it eliminate any of the liability associated with holding the key. These cabinets are good for situations where keys are accessed frequently and a well-trained security staff dispenses the keys and maintains meticulous records.

If one person is put in charge of a key cabinet, he or she is a potential security problem and is also in jeopardy. If a security problem arises, he or she will certainly be a suspect.

Key control software, on the other hand, may provide some degree of accountability. However, the software's use must be enforced strictly, and such a system provides no physical security or even physical evidence of tampering.

Keyed lockboxes. Keyed lockboxes that protect individual keys come in a variety of sizes and strengths. Some are fabricated of sheet metal and built like a small cabinet. A typical keyed lockbox has a hinged door with a glass panel and keyed lock. To gain access to the key inside the lockbox, one has to break the glass panel. Once the glass panel is broken the key can be removed and used. The key can also be removed and used by anyone who has a key to the lock on the lockbox. If a person can pick the lock on the box, he or she can also gain access to the key.

Other keyed lockboxes are built like safes and are very strong. These lockboxes are usually firmly built into or fastened to a surface and are designed for high-security situations.

The theory behind both these types of lockboxes is convenience and accountability. However, the accountability is questionable, as both lockboxes can be opened with a key. The key to the lockbox is entrusted to someone, so again this is a trust situation. In addition, locks can be picked. To be effective, these lockboxes should be tied into an alarm system.

Keyless lockboxes. Technically, keyless lockboxes are tamper-evident security seals in the form of a container. Security seals have long been accepted as a means of acountability for the security industry.

Like other seals, this keyless lockbox has to be physically broken if a person wishes to gain access to the key or contents, and the lockbox is not reuseable. Once broken, the lockbox identifies that the key or other item inside had been compromised.

Keyless lockboxes are based on tried-and-true principles. A security director in Canada tells the story of how he used to go to a local glassblower and have important keys encapsulated in individual glass containers. If anyone needed to use one of these important keys, he or she would have to break the glass. Keyless lockboxes rely on the same concept.

This type of lockbox, slightly larger than a cigarette pack, has room to accommodate the largest keys and can actually hold several keys. It has also been sized to hold an access control card. That way, a card can be in existence but its use can be restricted. The lockbox can also be used to secure passwords, digital codes, and miniature cassettes. It is also large enough to hold a document with confidential information to be used in case of emergency.

The actual security and accountability for the contents are provided by authorizing signatures. The inside and outside of these lockboxes feature large label areas of nontransferable, hotstamped signature foil, the same material used on credit cards. Authorizing signatures are applied to these labels to prevent the transfer of the contents to another keyless lockbox. The signatures validate each container. The labels will also accept a fingerprint.

Once a key is placed inside the two-part container is snapped together by hand. Once closed, it cannot be opened without breaking. The lockbox can be used as a stand-alone product or incorporated into a hands-off key control or code control system.

When the lockbox is used as part of a tenant key security system, the tenant signs his or her name on the inside label, where it cannot be read. The tenant then signs his or her mother's maiden name on the outside of the lockbox to further identify the key. The use of the mother's maiden name serves to confuse a potential key abuser.

A code number is then applied to the outside label and recorded in a code book kept separate from the keys. The individual lockboxes are then locked in a steel storage cabinet. This system distinguishes itself from conventional key cabinets by being a hands-off system for emergency keys that do not have to be accessed on a regular basis and whose security and accountability are essential.

Using keyless plastic lockboxes for key control is ideal where one person is put in charge of key security, as in real estate management. The system protects all the parties concerned: the tenant, the real estate management company, the building manager and building service employees. The keyless lockbox system is also useful for alarm companies, guard services, and others entrusted with keys or codes.

Keyless lockboxes help solve the difficult problem of accountability. Their use reduces the liability of key holders and increases the security of key owners. Think of them as a new security management tool.

About the Author. . .Leonardo Sideri is chief executive officer of KEYSURE, a maker of keyless lockboxes in New York City. Sideri is a member of ASIS.
COPYRIGHT 1989 American Society for Industrial Security
No portion of this article can be reproduced without the express written permission from the copyright holder.
Copyright 1989 Gale, Cengage Learning. All rights reserved.

Article Details
Printer friendly Cite/link Email Feedback
Author:Sideri, Leonardo
Publication:Security Management
Date:Mar 1, 1989
Previous Article:Makeover of a museum's security.
Next Article:Keeping crises cool.

Related Articles
OSHA's Ergonomic Standard lakes Effect.
Herbicide policy sensible.
Contentious journalism and the Internet; towards democratic discourse in Malaysia and Singapore.
IRAQ - Aug 29 - Iraq's Parties Reach Deal On Oil.
IRAQ - July 2 - Iraq's Sunni Edge Closer To Reconciliation.

Terms of use | Copyright © 2017 Farlex, Inc. | Feedback | For webmasters