Bump Keys
I recently came across a number of articles on bump keys. This is in regards to an attack on most types of physical locks. The idea is that most locks are vulnerable to an attack that enables the simple opening of a lock via a special key that is cut to "maximum depth". Have a look at this site for a demonstration of a bump key.
Of course, the first thing that came to mind was the fact that this would make an excellent on-stage demonstration for a presentation. I picked up a set of keys from eBay for $10 shipped. The 5 bump keys will open most of the commercial locks on the market. That's a scary thought and is a huge vulnerability.
I see this issue as being similar in nature to that of the DVD decss issue of a few years ago. The encryption keys that are used to prevent theft of content on DVDs were cracked and made public. Instead of fixing the vulnerability (which would be next to impossible given hardware in the field), the DMCA law was used to try to make the source code illegal. In the case of bump keys, it looks like we are moving down the same path - a South Dakota attorney is pushing to make it a crime to ship bump keys via the mail.
Wouldn't a better approach be to increase awareness of the vulnerability so consumers can make intelligent decisions about the type of locks they purchase? The goal is to remediate the vulnerability and close the hole. In this case, a determined attacker will be able to acquire a bump key regardless of a law preventing their sale or distribution - all they need is a standard key cutting machine. If you draw a parallel to software vulnerabilities, it would be similar to trying to make the Metasploit Framework illegal. It won't get to the root of the issue which is risk mitigation and remediation of a known vulnerability.