When scanned by a nearby reader device, the RFID chips -- found in U.S. passports issued since approximately 2007 -- bounce back a radio message with data about the passport holder. This message includes a unique identifying number plus some of the passport data such as the holder's name and digitized picture. The personal data can be encrypted for privacy.
Currently, almost half of the 188 participating countries around the world are implementing RFID chips in their passports. The United States, which has "visa-free" agreements with twenty-seven countries which allows their citizens to visit the U.S. without obtaining a short-term visa, is requiring that visitors under that program carry a passport with RFID chip. Europe, which has been calling the technology "e-Passport," is actively implementing an RFID program as well.
Risks to privacy is the key objection to RFID technology in passports. With a ten-year life, hackers have plenty of time to devise ways to retrieve the data, clone passports and otherwise exploit the data. Though the U.S. government has also provided a foil lining in the passport cover to help shield the chip when not in use, the potential for using the RFID chip to track its holder both by governments and other perhaps unauthorized entities exists.
RFID technology is decades old, and hackers familiar with the chips have cloned passport chips after two weeks' effort. After a large scale deployment of "ePassports," so much time, effort and money will have been invested that responding to any vulnerabilities discovered will be difficult since thousands of scanners and millions of passports would need to be changed. In addition, initial deployment plans downplayed the need for security. RFID chips appearing to be valid passport chips could also in theory be used to attack the security equipment which scans them as it downloads their data.
