Schneier on Security

Aside from the obvious vulnerabilities stated in Attachment 1 (attacks on the technology itself). There is little mention of the vulnerabilities rooted in the registration phase of "E-Passport" deployment. If an attacker can successfully manipulate the system at the root such as to convince the system the attacker is a legitimate authorized entity through a battery of attacks (e.g. social engineering, identity theft, etc...) all this technology is no better than current forms of identification. In fact it becomes more of a danger since the identification issued will be deemed almost irrefutably correct. Of course they may not be as simple to forge, but then there really is no need to technically forge something that one can gain legitimately and remain illegitimate at the same time.

Israel Torres

One of the key points from the Attachment 1 analysis (which they didn't emphasize, apparently because it didn't suit their political purpose) is that some biometrics are more dangerous than others. Fingerprints are somewhat problematic because they are more private and are being used in other contexts, as well as being easier to fake. Facial features are the primary biometric being used in ePassports and they are relatively less sensitive because of obviously being public data.

I don`t realy understand why the US government doesn`t want to use the BAC. BAC will be used in all European countries because of the problem of sniffing and reading out your private data from the distance. Perhaps they want to be able to use this for their own purposes? :)