FORENSIC LEGIBILITY EXAMINER

CASE 031 | CONTROLLED ACCESS & AUTHORIZATION | 2026-02-28 | DISPOSITION: KEY INVENTORY VERIFICATION FAILURE | ARCHIVE →

Building Access Authority Failure Through Uncontrolled Key Duplication

Mechanical key systems track key distribution through issuance logs, but the logs cannot detect key duplication. Any issued key can be copied at a hardware store or automated kiosk regardless of 'Do Not Duplicate' markings, which carry no legal force. The lock authenticates the key's physical profile, not its provenance—a duplicate functions identically to an original. Over time, the number of keys in circulation diverges from the issuance record without generating any alert, and the only remediation restoring correspondence between the record and reality is a complete rekey.

Failure classification: Key Inventory Divergence Failure

Sector:

Commercial office buildings, government facilities, multi-tenant properties, institutional campuses

Key system types:

Master key systems, restricted keyway systems, standard pin-tumbler locks

Verification surface:

Key issuance log recording keys distributed to authorized individuals

Pattern documented:

Systemic across industries, documented in security audits and locksmith industry analysis

Duplication control:

"Do Not Duplicate" stamping, restricted keyway programs, key holder agreements

Detection mechanism:

Post-incident investigation, security audit, lock rekey following personnel change

Context

Mechanical key systems remain the predominant physical access control mechanism in commercial buildings, institutional facilities, and multi-tenant properties. Master key systems organize locks into hierarchical groups where individual keys open specific doors and master keys open all doors within a group or the entire building. Property managers maintain key issuance logs recording which keys have been distributed to which authorized individuals, creating an authoritative record of who holds physical access to which spaces. The issuance log serves as the verification surface for building access authority—the document that should answer who has keys and therefore who can enter.

Key duplication control depends on voluntary compliance mechanisms. The most common is the "Do Not Duplicate" marking stamped on key blanks or engraved on key bows, intended to signal to locksmiths and key cutting services that the key should not be copied without authorization from the property owner. Some building operators supplement stamped markings with restricted keyway programs offered by lock manufacturers, which use proprietary key blank profiles available only through authorized dealers who are contractually obligated to verify duplication authorization before cutting copies. Key holder agreements—signed documents in which the recipient agrees not to duplicate the key—represent an additional compliance layer.

Trigger

Security audits and locksmith industry analysis have consistently documented that "Do Not Duplicate" markings do not prevent key duplication. The marking carries no legal force in most U.S. jurisdictions—it is a request, not a prohibition. Hardware stores with automated key cutting kiosks duplicate keys regardless of stamped markings, as the machines read the key's physical profile without evaluating any markings. Locksmiths vary in their response to the marking; industry surveys have found that a significant percentage will duplicate keys stamped "Do Not Duplicate" without verifying authorization, particularly when the customer presents the key as their own property.

Restricted keyway programs provide stronger duplication control by limiting blank availability to authorized distribution channels. However, restricted blanks become available through secondary markets, some authorized dealers do not rigorously verify requests, and advances in key cutting technology—including impressioning, decoding, and 3D printing from photographs—enable reproduction outside the authorized network. A 2014 demonstration showed keys could be accurately duplicated from photographs taken at distances where the key holder would not know their key had been imaged.

Failure Condition

The access control system failed because the verification surface—the key issuance log—tracked key distribution events without any mechanism to verify the actual key population in circulation. The log recorded issuance and return of keys but could not detect duplication. When a key holder duplicated their key, the issuance log remained unchanged—still showing one key issued to that individual—while the actual number of functioning keys increased by one. The authoritative record and the physical reality diverged with each undocumented duplication, and the system had no capability to detect or measure the divergence.

The lock itself provided no verification layer. A pin-tumbler lock accepts any key that matches its pin configuration, regardless of whether the key is an original issued by the building operator or a duplicate cut at a hardware store. The lock authenticates the key's physical profile—its bitting pattern—not its provenance or authorization status. A key that was duplicated without authorization, held by someone who never appeared in any issuance record, opens the lock identically to a properly issued key. The lock cannot distinguish authorized from unauthorized keys because authorization is a property of the issuance record, not a property of the physical key.

Observed Response

The building security industry has promoted restricted keyway programs as the primary mitigation. Manufacturers including Medeco, Mul-T-Lock, and Abloy offer high-security systems with patented key profiles and controlled distribution networks limiting blank availability. These programs transfer duplication control from a stamped marking to a supply chain restriction—blanks are harder to obtain, though not impossible. Patent expiration, secondary markets, and advancing reproduction technology gradually erode the exclusivity these programs depend on.

Analytical Findings

Key issuance logs track distribution events but cannot verify the actual number of keys in circulation—the authoritative record diverges from physical reality with each undocumented duplication
"Do Not Duplicate" markings carry no legal force in most jurisdictions and do not prevent duplication through automated key cutting kiosks or non-compliant locksmiths
Restricted keyway programs limit blank availability through supply chain control, but blanks reach secondary markets, authorized dealers vary in verification rigor, and reproduction technology advances
Locks authenticate key bitting pattern without distinguishing original issued keys from unauthorized duplicates—authorization is a property of the issuance record, not the physical key
Key return upon personnel departure closes the authorization record while undocumented duplicates retain access capability, making return events unreliable as access termination
Cumulative divergence across years of building operations creates access records of diminishing reliability with no system-generated alert
Complete lock rekeying is the only remediation restoring correspondence between access records and actual access capability, but cost limits its use to post-incident response rather than routine maintenance
Electronic access control addresses the failure structurally by verifying authorization at each access event rather than assuming it from credential possession

References

1. Associated Locksmiths of America (ALOA), "Key Control and Restricted Key Systems: Best Practices for Facility Security," technical guidance, various editions.
2. ASIS International, "Facilities Physical Security Measures Guideline," ASIS GDL FPSM-2009, addressing key control and access management.
3. Tobias, Marc Weber, and Tobias Bluzmanis, "Open in Thirty Seconds: Cracking One of the Most Secure Locks in America," Wired, investigations into high-security lock vulnerabilities.
4. Laxton, Benjamin, Kai Wang, and Stefan Savage, "Reconsidering Physical Key Secrecy: Teleduplication via Optical Decoding," Proceedings of the ACM Conference on Computer and Communications Security, 2008.
5. Building Owners and Managers Association International (BOMA), "Security Audit Guidelines: Key Control and Access Management Assessment," facility management guidance.