In the near future (October 2005), American passports will use RFID chips to store some basic information about the passport's owner. RFID chips work as follows: An RFID receiver sends out a short range radio message "Are there any RFID chips out there?" The RFID chip on your password actually uses these radio signals as a source of electricity to broadcast a predefined responce. The RFID receiver is continually listening for these broadcasts, and so basically, the RFID works as a digital label that gets read whenever you walk within around 30 feet of an RFID receiver.
The American government plans to have the RFID chip in your passport store your full name and nationality, as well as a digital picture of your face. Your picture will then actually be taken at the airport, and face-recognition software will actually determine if your face matches the one encoded on the passport. Furthermore, the United States is requiring all 27 countries whose citizens do not need visas to visit America to begin issuing e-passports by October (I believe Canada is one of these countries).
Now here's the insecure part: The data on the RFID chip will not be encrypted. What that basically means is that I can bring my laptop with an RFID receiver to the airport, and capture the name, nationality and picture of anyone who walks within 30 feet of me, and that's without downloading a clever hack program or anything like that. Your data is broadcast in plaintext for everyone to see. Even an executive at one of the companies developing a prototype for the State Department calls the international standards woefully inadequate.
The advice given, if you're stuck in the near future with one of these unencrypted RFID passports, is to wrap your password in tin foil while it's not in use. However, as soon as you take it out of the foil, for example at the customs agency or the hotel, you're exposed again. Bruce Schneier, a security expert, points out that "A contact chip would be so much safer. The only reason I can think of is the government wants surreptitious access. I'm running out of other explanations. I'd love to hear one." Obviously, if the only way to actually read the data of the passport chip was to actually press the passport up against some sort of reading surface, then you would always know when the data is being read, and people, 30 feet away, wouldn't be able to anonymously snoop the data.
The State Department s accepting written responses to the proposal until April 4 via e-mail sent to PassportRules@state.gov.