Encryption for RFID Passports

According to an article in today’s Wired, the discussions with Frank Moss at this year’s CFP conference actually had an impact. The State Department is now moving towards embracing the Basic Access Control security scheme, which essentially encrypts communication with the RFID chip using a key obtained by physically scanning a page on the passport itself. Definitely a step in the right direction.

One bit of the Wired article is wrong (or at least misleading) though:

Moss said the German government and other members of the European Union had embraced BAC because they planned to write more data to the chip than just the written data that appears on the passport photo page. Many countries plan to include at least two fingerprints, digitized, in their passport chips.

At CFP, Moss said the US passport RFID chip would include not only the written data the passport’s main page but also a digital photograph, which presumably isn’t significantly fewer bits than a couple fingerprints (not that I’ve looked up the specs to check sizes).