Tobias Straub on RFID in passports:
Straub, who as an employee of the company FlexSecure was involved in developing the signature architecture for the new passport, assessed the security properties of Basic Access Control with 56-bit keys and a passport lifespan of 10 years as insecure and the concept of a non-secure radio interface in general as unsuitable. Only the Extended Access Control, which should come with the introduction of fingerprints by the end of 2007 at the latest, would make a cryptographically secure system possible. Referring to BSI tests in which passports could be read bit-exactly from a distance of 2 meters, with error correction and additional antennas from 10 meters, Straub explained: "If I use RFID, I already have a threat with it". Compared to a contact-based SmartCard, RFID is not a security feature but an insecurity feature, said Straub, who now works at the Fraunhofer Institute for Secure Information Technology in Darmstadt.
But we are sold the nonsense of Otto Orwell as a great security facility.