On the subject of e-passports:
“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID. http://travel.state.gov/passport/passpo ... tml#Twelve
ICAO standardizes machine-readable passports worldwide. Such passports have an area where some of the information otherwise written in textual form is written as strings of alphanumeric characters, printed in a manner suitable for optical character recognition. This enables border controllers and other law enforcement agents to process such passports quickly, without having to input the information manually into a computer. ICAO publishes Doc 9303 – Machine Readable Travel Documents, the technical standard for machine-readable passports. A more recent standard is for biometric passports. These contain biometrics to authenticate the identity of travellers. The passport's critical information is stored on a tiny RFID computer chip, much like information stored on smartcards. Like some smartcards, the passport book design calls for an embedded contactless chip that is able to hold digital signature data to ensure the integrity of the passport and the biometric data.http://en.wikipedia.org/wiki/ICAO#Standards
A biometric passport, also known as an e-passport, ePassport or a digital passport, is a combined paper and electronic passport that contains biometric information that can be used to authenticate the identity of travellers. It uses contactless smart card technology, including a microprocessor chip (computer chip) and antenna (for both power to the chip and communication) embedded in the front or back cover, or center page, of the passport. Document and chip characteristics are documented in the International Civil Aviation Organization's (ICAO) Doc 9303. The passport's critical information is both printed on the data page of the passport and stored in the chip. Public Key Infrastructure (PKI) is used to authenticate the data stored electronically in the passport chip making it expensive and difficult to forge when all security mechanisms are fully and correctly implemented.http://en.wikipedia.org/wiki/Biometric_passport
On 15 December 2006, the BBC published an article on the British ePassport, citing the above stories and adding that:
"Nearly every country issuing this passport has a few security experts who are yelling at the top of their lungs and trying to shout out: 'This is not secure. This is not a good idea to use this technology'", citing a specialist who states "It is much too complicated. It is in places done the wrong way round – reading data first, parsing data, interpreting data, then verifying whether it is right. There are lots of technical flaws in it and there are things that have just been forgotten, so it is basically not doing what it is supposed to do. It is supposed to get a higher security level. It is not."