Just walked into the a.m. session, Cory is talking about use cases for RFID and the identity of things: "Is there transfat in this 'I Can't Believe It's Not Veal?'" Copyright implications of owning the database, owning the relationship. Discusses W3C model for Auto ID Center, representations that copyright won't be enforced. Esther clarifies that libel laws, non-ownership oriented laws should continue to apply.

On to privacy considerations. Cory: EZ Pass logging as example, you need the ability to turn these things off. People use copper mesh bags to temporarily deactivate them. Would like to see the ability to kill the RFID or convert it to a private address base, so that basically you can't discover that it exists or what it corresponds to unless you're the purchaser or someone authorized by the purchaser.

Esther: problems won't be with RFID per se or the members of the Auto ID Center (MIT). It's with those developing products like this on the periphery and the potential misuses of the data.

RFID usage and registries need to control and protect access. You may want to know immediately if your child's car seat has been recalled, but don't want others to know about the adult videos you rent.

Audience question triggers response from Cory about the "race for the bottom:" What countries are most prone to using RFID for social control? Scandanavian countries, not good. Esther adds US and Burma.

Phil Becker asks about unintended consequences of the creation of this data. Can rights management technology assign policies at the collection point so that its usage going forward is constrained? Yes, this could work. There's no protocol yet from the Auto ID Center. All things could have rights associated with them, the question is what's a practical way to assert those policies and profiles, and the ability to make those rights flexible over time. Need to pay attention to rights transfers accompanying the transfer of an object. Cory: Wal-Mart, pay-on-scan, they have an enormous amount of market power that allows Wal-Mart to control all the data to the end point. Privacy is about power. I can't compel the IRS to take my data in my DRM wrapper. DRM doesn't stop the person on the other side from passing along your information verbally. Cory's sure there's a notation in the Apple database somewhere that he can do nothing about that says, "This guy's a giant, high-octane pain in the ass who breaks six PowerBooks a year." His tech support calls get answered, "Oh, it's you." Every draconian EULA contains language that specifies the licensor can "come on over, wear your underwear, clean out your fridge, and make long distance calls," and there's nothing you can do about it. Esther asks why Cory just doesn't toss his Mac and buy a PC; he's been tempted. There's a difference between the ability to throw something you own out and the ability to control it.

Cory, interesting use case is smart furniture. Would be great to be able to throw things under the bed, then ask the bed what's under it. Smart closets: "You are a sysadmin, today you will wear a black t-shirt. You are a sysadmin, tomorrow you will wear a black t-shirt." Esther: "I also leave clothes in cabs..." [Good laugh]

Esther, wrapping up. It's about power, who can instruct the technology to do what. For the user, there's this tradeoff between convenience and control. The default is something that seems to make sense as long as the user can change it as he becomes more familiar with the system and its implications. Transparency is key: people will be comfortable with risks as long as they know what they are. System must be both precise and understandable.