While I was reading about the chip fraud in China, I noticed their news agency also reported some interesting news:

California plans to map the homes of nearly 2,000 sexual offenders by using Global Positioning System (GPS) satellite technology to certify they are staying far enough from schools, local media reported on Sunday. […] According to the department, parole agents will begin using GPS technology this week to measure the distance between schools and residences of 1,808 high-risk sex offenders. And as part of a pilot program, 417 high-risk offenders will wear GPS electronic ankle bracelets that will make it easier for parole agents to track and monitor their movement. The device sends an alert when an offender goes into forbidden zones.

This strategy seems unlikely to produce effective security. GPS devices have little chance of reporting position when they are indoors and it’s pretty trivial to block the signal. Another thing is that I just did a quick check of a mapping site and found many sex offenders live near schools; one even lives directly accross the street.

CBS in San Francisco has some more background on the decision to introduce GPS devices and who will get them:

The department said parole agents will begin using GPS technology this week to measure the distance between schools and residences of 1,808 high-risk sex offenders. The state classifies a person as a high-risk offender based upon previous offenses, the number of victims in a crime, the level of violence of a crime and the likelihood a person will re-offend, said department spokeswoman Elaine Jennings. The Schwarzenegger administration on Wednesday dismissed its director of the prison system’s parole division, Jim L’Etoile, after lawmakers complained that 23 offenders had been housed within 11 miles of Disneyland. The department has also been criticized for temporarily placing a dozen sex offenders at San Quentin State Prison when they could find no other housing. Officials said a hotel contract was canceled and there were few alternatives in the San Francisco Bay area. The corrections department is required by law to return parolees to their county of last legal residence. The state also tracks 417 high-risk offenders with a GPS ankle bracelet as part of a pilot program to monitor and track their movement. The device sends an alert when an offender goes into forbidden zones.

A researcher was found to have fabricated chips, and not in the good sense of the word. The BBC has the story:

China’s Xinhua state news agency said that the Hanxin digital signal processing chips were not based on research carried out by Mr Chen. Nor could the chips carry out the functions, such as reading fingerprints or playing MP3 files, that they were supposed to, it reported.

Ironic, I guess, that a chip for fingerprint en/decoding was faked. Did the researcher think he would never be caught? Often it is the high-profile nature of crime, backed by growing greed, that leads to its undoing. The story also has the potential effect of showing that the Chinese authorities are trying to crack down on copyright infringement, although it seems more likely that they were upset about a poor return on investment.

Well, they’ve always been changing, but a complete new set are due to be released this summer, according to CNET:

Today, the requirement is to make all information unreadable wherever it is stored,” Maxwell [director of e-Business and Emerging Technologies at MasterCard International] said. But this encryption requirement is causing so much trouble for merchants that credit card companies are having trouble dealing with requests for alternative measures, he said.

In response, changes to PCI will let companies replace encryption with other types of security technology, such as additional firewalls and access controls, Maxwell said. “There will be more-acceptable compensating and mitigating controls,” he said.

I’ll trade you encryption for a couple new firewalls. Wait, the whole monitoring thing is pretty hard to do as well. Can we trade logs and monitoring for a couple more firewalls?

Beware the silver bullet fallacy.