Some salient points that I have made before but will repeate.
1) The RFID's use magnetic loop antennas tuned to aproximatly the resonant frequency of the RFID reader (say 13.5MHz for arguments sake).
2) All tuned circuits are detectable in a field that is at the frequency of resonance, usually at quite a considerable distance (look up Grid Dip Oscillators and their uses).
3) The tuned circuit will also respond to some close multiple or sub-multiple of the resonant frequency,
4) when a diode or other semiconductor is attached to the tuned circuit the harmonics generated are easily detected (this is how some anti theft / shop lifiting tags work, and how a number of bug dettectors work).
5) The range of tuned magnetic coil antennas is proportional to the area of both the receiving coil and the transmitting coil. DHL for instance have systems that work very reliably at well over 2 meters using hand held readers, and coils the size of the package lables.
and probably considerably higher with a dustbin (trash can) lid size reading coil.
6) The detectable range is probably 4 to ten times that of the reliable reception range,
7) Also as I have said befor you do not have to be able to read the encrypted data for quite a few attacks. Just detecting the RFID is enough especially if you can also deduce the chip manufacture and chip step. This can then give you information on the passport country of origin or date of issue etc...
8) The coil in Pasports has been maximised to nearly the entire size of the pasport so is around 3-5 times the area of a credit card coil. For some some reason (possibly reliability or range limiting) the RFID coils in the credit cards I have seen split open have not been maximized.
My guess without sitting down and doing the theoretical math and a few practical experiments (Hey I have a Life ;) is that you could detect(!!! please note Detect not Read!!!) a pasport at upto 40meters with a largish detecting coil and sensitive receiver.
As I have also said in the past, you can is you have control of the are set up a Cell or other large antenna structure into which people walk (say a coridor) or you can place a passive probe (say a hand rail) that is close to the authorised detecting coil, so that the card re-emmision is ducted away to some quite considerable distance.
As an example the old cordless phones (whiched worked around 47MHz)with their very inefficient antennas have been heard upto 18Km from the base unit, which was supposed to have a maximum usable range of o.15-0.25Km. On the same multiple you would be looking at an RFID Passport re-emmision to be possibly readable at upto 35m and detectable at three to five times this range....
I have known the above since the early 1990's when working with other contactless tag systems (for electronic purses). Phillips who manufacture the MiFare system are well aware of it, but for some reason you never ever see it mentioned in security reviews. Likewise you never saw chip manufactures mention Differential Power Analysis untill it became to obvious to ignore...
So as I have said befor, RFID's of any kind (in your pocket or clothing) are vulnerable and can be used to identify you as part of a taget group, without actually reading the data off of the card..