Originally Posted by
cordelli
As to just transmitting a number that links to a database, that is also not the case, it was built in so that you could not be tracked by such a number:
“Tracking.” A chip that is protected by the BAC mechanism denies access to its contents unless the inspection system can prove that it is authorized to access the chip. However, these chips still allow the Unique Identifier (UID) to be communicated with the reader, which could theoretically allow the document bearer to be “tracked.” To prevent the use of the UID for “tracking”, we use a Random UID feature. A RUID presents a different UID each time the chip is accessed. In order to be considered random, the e-passport must present an RUID that cannot be associated with UIDs used in sessions that precede or follow the current session. Each chip uses its onboard hardware random number generator (RNG) module, thereby utilizing a true RNG base to derive a RUID.
Some tracking is still possible even as the way the tracking is done does not rely upon a single UID or series of RUIDs and would involve databases that most skimmers would have no way to access.