[Dave Birch] How would you tell a fake Rolex from a real one? I have no idea, since it’s not a position I ever expect to be in. It doesn’t really matter to me, but it clearly does matter to some people. One such group might be people buying Rolex’s on eBay. Fortunately, a German court has come to their aid by demanding that eBay tell real Rolex watches from fakes. Now, it’s clearly a problem to luxury brands that people are selling bent copies on eBay (although, frankly, if someone is flogging a Rolex for £50, you’d think the buyer would know what they are getting). The brands try to sue eBay rather than the actual seller because… actually, I don’t know why but I’m not a lawyer. Anyway a German court has agreed with the brands. Lawyers, eh? I agree with Techdirt: I don’t understand why this is a problem of the market. As they point out, you’ve been able to buy fake Rolexes on the streets of New York City, but Rolex doesn’t sue the New York City government for letting this happen. It recognizes that most people know that the Rolex you buy from a street vendor probably isn’t real and has introduced programs to designate legitimate Rolexes on eBay already — so this seems like the type of “problem” that could work itself out without making eBay liable, but apparently it’s too late for that. But I’m not sure why they care: I can’t afford a Rolex, so if I buy one at a car boot sale or in China, Rolex isn’t losing a sale. But by wearing the fake, I’m presumably advertising the desirability of a Rolex.
Technorati Tags: identity
Suppose RFID is used to implement Electronic Product Codes (EPCs) for luxury goods. If I see a Gucci handbag on sale in a shop, I will be able to point my Bluetooth EPC-reading pen (these already exist) at it and read the EPC, which is just a number. My mobile phone can decode the number and then tell me that the handbag is Gucci product 999, serial number 888. This information is, by itself, of little use to me. I could go onto the Gucci-lovers website and find out that product 999 is a particular kind of handbag, but nothing more: I may know that the tag is ‘valid’, but that doesn’t tell much about the bag. For that, I need more data. If I wanted to know if the handbag were real or fake, then I would need to obtain its provenance as well as its product details. The provenance might be distributed quite widely. The retailer’s database would know from which distributor the bag came; the distributor’s database would know from which factory the bag came and Gucci’s database should know all of this. I would need access to these data to get the data I would need to decide whether the bag is real or fake.
But why would the retailer, the distributor or Gucci tell me? How would they know whether I were a retailer, one of their best customers, one of their own ‘brand police’, a counterfeiter (who would love to know which tags are in which shops and so on) or a law enforcement officer with a warrant? This is where digital identity comes into the picture. A Gucci brand policeman might have a Bluetooth pen tag reader connected to a mobile. They could then point the pen at a bag and fire off a query: the query would have a digital signature attached (from the SIM) and the Gucci savant could check that signature before processing the query. Gucci could then send a digitally signed and encrypted query to the distributor’s savant which would then send back a digitally signed and encrypted response to be passed back to the brand policeman: ‘No we’ve never heard of this bag’ or ‘We shipped this bag to retailer X on this date’ or ‘We’ve just been queried on this bag in Australia’ or something similar. The central security issue for brand protection is therefore the protection of (and access to) the provenance data, and this needs a digital identity infrastructure to work properly.
If it adds £20 to the price of a Rolex to implement this infrastructure, so what? The kind of people who pay £5,000 for a Rolex wouldn’t hesitate to pay £5,020 for a Rolex that can prove that it is real. Imagine the horror of being the host of a dinner party when one of the guests glances at their phone and says “you know those jeans aren’t real Gucci, don’t you?”. Wouldn’t you pay £20 for the satisfaction of knowing that your snooping guest’s Bluetooth pen is steadfastly attesting to all concerned that your Marlboro, Paracetamol and Police sunglasses are all real.
These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]