Frank Moss, deputy assistant secretary for passport services, said he's rethinking about the RFID passport design, after receiving some odd 2500 e-mails complaining about its current implementation. They admit now that putting identifiable data on the RFID chip was probably a bad idea, but their excuse is that they thought the maximum read range would only be 10 centimeters (it turns out the range is over 30 feet).

Still, rather than drop the whole RFID thing, they decided to add a layer of security on it, which at first glance I find pretty agreeable, but I'd have to think about it harder to tell if it's really secure or not.

Basically, they are going to encrypt the data that the RFID chip stores, and the key is contained in the physical copy of the passport itself. That means, if someone wants to read your data using an RFID reader, they'd have to take your passport, open it to the page that contains the key, scan that into their machine (I presume it's encoded as a barcode or something), and then the machine can unlock the RFID data. They're calling this technology Basic Acess Control or BAC.

If you're asking "If they can read the barcode on your physical passport, why not just store everything there? What's the point?" it's because barcode is a pretty inefficient encoding scheme, so very little data can take up a lot of space (though less than english writing, for example). They can store a lot more data on the RFID chip, such as photos of you and fingerprint data.

There are issues with eavesdropping, but this wired article says those issues are "solved" without going into more detail (they do have links to the actual specifications for BAC which I haven't read yet). Still, Phil Zimmermann, the guy who came up with PGP, supports BAC, so it can't be all bad. I'll try to take a look at the specifications and see how the eavesdropping problem is solved later tonight.