Starting within the next year or so, the US Government will be issuing it's travel happy citizens a new type of passport. The ePassport will incorporate RFID (radio frequency identification) technology as well as biometric fingerprints and photographs.
To kick off the celebrations of the end of terrorism as we know it, the Black Hat community have decided to let us know that with a quick download of the freely available software, together with the purchase of the publicly available ePassport reader and blank passport booklets, copies of your stolen ePassport can be cloned as a photo-less template.
What this means is when your purse is snitched at the airport and the contents sold to the Russian Mafia, they will be able to fix up anyone with about $50-$100 US a perfect copy of your passport, all tidied up with a fully compliant biometric photograph of the new user.
As has been stated, the reader and the blank passport documents can be perfectly legally purchased by the general public. The copier at the Black Hat convention used a German ePassport as an example, but due to the "secure" nature of this product, the exact same passports will be used by all countries adopting the ePassport scheme. However even if these items became illegal goods, given the quantities required to outfit every western nation and its international airports with this equipment, getting hold of one should pose as much of a problem as buying prescription drugs over the internet - that is to say, no problem at all.
The problem lies in the fact that because the manufacturers of the readers and the associated passports need to make these as readily readable as the current, difficult to copy and much cheaper to purchase model you currently own - it was necessary to set the security level that prevents such copying from taking place so low that it's practically non-existent.
Add this to the fact that your entire passport details are being transmitted non-stop via the RFID chip inserted, and the stupid "tinfoil hat" protection that has been put in place to stop criminals from reading this info doesn't work at all, it is possible to either scan a suspected ePassport holder and grab the details required to reproduce a blank copy of said holder's passport - or simply stand next to security and snoop in on their reader picking up as many different passports as you desire.
For some time now many of us have stated that this conversion to a new passport will do precisely the opposite of that intended - i.e. make the US less safe because
1/Due to the much hyped security of biometrics, security and customs officials will simply wave through the holder of any such document, being convinced the system is infallible (flat pavement syndrome - which I'll explain if anyone wants).
2/With the purchase of under $500 of publicly available hardware, as well as a quick download of the appropriate software, anyone with the ability to work an inkjet printer can set up their own blank ePassport factory.
3/Americans will be wandering around in potentially hazardous countries carrying a document that broadcasts the holder's nationality. 50 Americans on one tour bus make a tempting target for any Al Qaeda terrorist, let alone those looking to kidnap and ransom the odd tourist.
My feeling is that this sort of news needs to be made available to the public immediately, and a stop put on the production of these passports. The problem we face is that as with the stupid idea that a bit of tinfoil will prevent advanced electronics from scanning radio frequencies the Government, in an attempt to keep tax money flowing to it's crony-run companies in charge of producing this passport, will do anything they can to discredit the fact that a teenager armed with a month's allowance and a $300 PC could copy your passport.
You want to know the dumbest part of all this. The person demonstrating how easy it will be to copy these passports found out because the publicly available documentation, that also happens to describe the exact manufacturing process of the passport, told him he could do it.
Update:-
Rather stupidly I forgot to post the sources of my entry however a request to do so enables me to correct that mistake.
Hackers Clone E-Passports
http://www.wired.com/news/technology/0,71521-0.html?tw=rss.index
How to clone the copy-friendly biometric passport
http://www.theregister.co.uk/2006/08/04/cloning_epassports/
Also I have been informed that US Passports won't have the ability to broadcast their data unless some sort of reader interrogates the RFID chip itself - so ID thieves or terrorists would have to target areas they know are full of passport holders (airports) in order to successfully obtain this information. Personally I don't consider that much of a protection - but some protection is better than none at all.