Climbing into his Volvo, outfitted with a Matrics antenna and a Motorola reader he’d bought on eBay for $190, Chris Paget cruised the streets of San Francisco with this objective: To read the identity cards of strangers, wirelessly, without ever leaving his car.

It took him 20 minutes to strike hacker’s gold.

Zipping past Fisherman’s Wharf, his scanner detected, then downloaded to his laptop, the unique serial numbers of two pedestrians’ electronic U.S. passport cards embedded with radio frequency identification, or RFID, tags. Within an hour, he’d “skimmed” the identifiers of four more of the new, microchipped PASS cards from a distance of 20 feet.

Embedding identity documents — passports, drivers licenses, and the like — with RFID chips is a no-brainer to government officials. Increasingly, they are promoting it as a 21st century application of technology that will help speed border crossings, safeguard credentials against counterfeiters, and keep terrorists from sneaking into the country.

But Paget’s February experiment demonstrated something privacy advocates had feared for years: That RFID, coupled with other technologies, could make people trackable without their knowledge or consent.

He filmed his drive-by heist, and soon his video went viral on the Web, intensifying a debate over a push by government, federal and state, to put tracking technologies in identity documents and over their potential to erode privacy.

Putting a traceable RFID in every pocket has the potential to make everybody a blip on someone’s radar screen, critics say, and to redefine Orwellian government snooping for the digital age.

“Little Brother,” some are already calling it — even though elements of the global surveillance web they warn against exist only on drawing boards, neither available nor approved for use.

But with advances in tracking technologies coming at an ever-faster rate, critics say, it won’t be long before governments could be able to identify and track anyone in real time, 24-7, from a cafe in Paris to the shores of California.

To protect against skimming and eavesdropping attacks, federal and state officials recommend that Americans keep their e-passports tightly shut and store their RFID-tagged passport cards and enhanced driver’s licenses in “radio-opaque” sleeves.

That’s because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader techonology.

The cover of the e-passport booklet contains a metallic sheathing that can diminish the distances radio waves travel, presumably hindering unwanted interceptions. Alloy envelopes that come with the PASS cards and driver’s licenses do the same, the government says.

The State Department asserts that hackers won’t find any practical use for data skimmed from RFID chips embedded in the cards, but “if you don’t want the cards read, put them in an attenuation sleeve,” says John Brennan, a senior policy adviser at the Office of Consular Affairs.

Gigi Zenk, a spokeswoman for the Washington state Department of Licensing, says the envelope her state offers with the enhanced driver’s license “ensures that nothing can scan it at all.”

But that wasn’t what researchers from the University of Washington and RSA Laboratories, a data security company in Bedford, Mass., found last year while testing the data security of the cards.

The PASS card “is readable under certain circumstances in a crumpled sleeve,” though not in a well maintained sleeve, the researchers wrote in a report.

Another test on the enhanced driver’s license demonstrated that even when the sleeve was in pristine condition, a clandestine reader could skim data from the license at a distance of a half yard.

In a counterpunch to the world’s biggest online hangout, a small Web company called Power.com has sued Facebook, saying it doesn’t follow its own policy of giving users control over their content.

Power lets users simultaneously access several social networks, including MySpace and Twitter. But Facebook isn’t among them because the site has blocked Power. Last year it sued Power over the practice in a case that is still open.

In that lawsuit, Facebook accused Power of copyright and trademark violations and said the company gains unauthorized access to Facebook’s computer network when it asks users for their Facebook login and password information.

This, Facebook says, violates its members’ privacy and security, as well as its policy of prohibiting outsiders from asking Facebook users for their login information. Power, though, points out that its practice is a common one on the Web and even Facebook asks its own users to provide login information for their e-mail accounts if they want find their e-mail contacts on the site.

San Francisco-based Power filed a countersuit Friday in U.S. District Court in San Jose, Calif. Power claims that Palo Alto, Calif.-based Facebook improperly restricts its users’ access to their private information when it prevents them from accessing it through a third party like Power.

Power’s CEO, Steve Vachani, compared Facebook’s policy to cell phone companies locking out third-party devices and applications from their wireless networks. To fight the case, the company has even hired Scott Bursor, a lawyer who successfully challenged this practice and obtained settlements.