Great question! The talk was only 15 minutes (a lot of people were standing the whole time), so there is a bunch of detail that I glossed over.
The proof you present is proof you ran a program correctly. Thus the hash can be salted, memory hard or whatever you want to do. Now I think there is a legitimate issue here which is that the space of valid passports is not very large - even in the best case of 100% ownership it's O(size of country) so even if the hash is salted or whatever a government that wanted really badly to deanonymize its citizens who are running nodes could potentially brute force every single hash. This is especially an issue because a program that's being proved runs much slower than a normal program would. So there's some perhaps some more work to do here.
I'd love it if someone could expand on this a bit more.
If the proof that you present is that you ran a program correctly, then what proof does the verifier have that you ran the program on the "correct" input? (A passport in this case). Is there some standard input there? Meaning, does one version of the input (say a Chinese passport) equal to another (a German passport)?
Also, what if someone wanted to make Bitcoin-specific identification that would be compatible input for this program? Are we saying that only governments should be allowed to issue this input? What if in the future we discover a better solution than government-issued ID? Like say something Biometric-based that can be verifiably shown to give only one-key per person.