Two years ago or so when I was doing privacy law in the history of urban planning, my friend and fellow Berkeley graduate student David Molnar was feeding me with death-doom scenarios in which everything you carried -- from groceries to library books to *passports* -- could be read at a distance outside your house by any passer-by equipped with a radar.
Think you don't care about whether strangers can access your information? Think your life is an open book? Go read some privacy law history. It starts to be a big deal when somebody takes out a lawsuit or a fatwa against you.
Anyway, the American government is now on the side of the lawsuits, fatwas, and creepy stalkers, says Molnar:
In regulations published Tuesday, the State Department claims it has addressed privacy concerns. The chipped passports 'will not permit 'tracking' of individuals,' the department said. 'It will only permit governmental authorities to know that an individual has arrived at a port of entry--which governmental authorities already know from presentation of non-electronic passports--with greater assurance that the person who presents the passport is the legitimate holder of the passport.'
In a recent paper (PDF here), RSA Laboratories' Ari Juels, and University of California's David Molnar and David Wagner, warned that the design of the encryption keys is insufficiently secure. They said that the use of a "single fixed key" for the lifetime of the e-passport creates a vulnerability.
Declan McCullagh and Anne Broache, Passports to get RFID chip implants | CNET News.com