from http://www.dice.ucl.ac.be/crypto/passport/index.html

A research team in cryptography from the Catholic University of Louvain (Louvain-la-Neuve) disclosed serious weaknesses in the Belgian biometric passport, the only type of passport distributed in Belgium since the end of 2004. The work carried out in Louvain-la-Neuve during the course of May 2007 show that Belgian passports issued between end 2004 and July 2006 do not include any security mechanism to protect the personal data embedded in the passport’s microchip. Passports issued after July 2006 do benefit from security mechanisms but these ones are flawed. This means that anyone possessing a little electronic reading device, which is easy and cheap to acquire, can steal the passport content while it is still in the pocket of the victim owners and thus without their knowing. Face and signature are among the data at risk. This news is all the more surprising because Karel De Gucht, the Minister for Foreign Affairs, declared in the Parliament on 9th January 2007 that the Belgian passport benefited from the security mechanisms advocated by the International Civil Aviation Organization.

from http://www.theregister.co.uk/2007/06/10/belgian_epassport_flaws/

Gildas Avoine, Kassem Kalach, and Jean-Jacques Quisquater (leader of the crypto group at UCL) found that first-generation Belgian passports fail to include any security mechanism that would ensure the protection of personal data. The researchers carried out a demo that showed it was possible to read first generation passport from a short distance, potentially while it is still in the pocket of a prospective victim.

video: http://www.dice.ucl.ac.be/crypto/passport/passports-UCL-AKQ-2007.mpg

To be better protected you’ll need to create or buy an RFID blocking wallet. This way at least your data can’t be snooped without you consciously handing over (or unconsciously losing) your pasport and other rfid enabled stuff.

Wired News: American Passports to Get Chipped
New U.S. passports will soon be read remotely at borders around the world, thanks to embedded chips that will broadcast on command an individual’s name, address and digital photo to a computerized reader.

>> This was on Slashdot’s political feed. Here’s the jaw-dropper:
>>
>> McCain envisions erecting physical checkpoints, dubbed
>> “screening points,” near subways, airports, bus stations,
>> train stations, federal buildings, telephone companies,
>> Internet hubs and any other “critical infrastructure”
>> facility deemed vulnerable to terrorist attacks. Secretary
>> Tom Ridge would appear to be authorized to issue new
>> federal IDs–with biometric identifiers–that Americans
>> could be required to show at checkpoints.

on this, it’s worth noting that the current plans for biometric passports,
as will be standard in the US from 2005, include an RFID chip broadcasting
your ID information, in the clear, to any scanners in range.
( http://hasbrouck.org/blog/archives/000434.html )

Range of RFID is currently on the order of less than 1 foot reportedly –
although the readers used to read the chips in farmed salmon get a range
of 10-12 feet, and I’ve talked to wifi-haxx0rs who are pretty certain a
high-powered directional antenna could *massively* increase this.

Massively widespread identity theft of US citizens on vacation, anyone?

Schneier says: ‘Unfortunately, there is only one possible reason: The
administration wants surreptitious access themselves. It wants to be able
to identify people in crowds. It wants to surreptitiously pick out the
Americans, and pick out the foreigners. It wants to do the very thing that
it insists, despite demonstrations to the contrary, can’t be done.’
( http://www.schneier.com/blog/archives/2004/10/rfid_passports.html )

Never mind tinfoil hats — it’s time for tinfoil wallets.