If you want to get a glimpse of how MPEG-21 may potentially spy on you, then watch out for its event reporting specification. The International Organization for Standardization/International Electrotechnical Commission (ISO/IEC) technical report 2100-1:2004 (covering the MPEG-21 multimedia framework) “describes a multimedia usage environment founded upon ubiquitous networks and aimed at encouraging new business models for trading digital content” [1]. This, of course, has to include sufficient support for digital rights management in order to encourage industry to really conceive such novel techniques for the creation, collection, packaging, and distribution of content.
Therefore, MPEG-21 defines capabilities that provide a means for reportable events to be specified, detected, and acted upon. This includes the reporting of events related to the direct use of a digital item (MPEG-21-speak for the fundamental unit of transaction) by so-called peers (a software entity implementing some parts of MPEG-21). Typical use cases comprise fundamental actions such as installing, playing, printing, executing, or deleting and uninstalling digital items.
The authors do a great job when it comes to explaining--in clear and understandable language, with lots of supplemental graphics--how (digital item-related) event-reporting requests are generated, how they are processed by a peer, and how the resulting event reports are structured. However, the specification also includes reporting on events that are not at all connected to a digital item or its use by a peer, but that are connected solely to a peer (read: software on your computer). Yet--and this is discomforting to me--the authors only briefly and superficially mention this possibility, and do not elaborate on what these obtrusive (if not obnoxious) events actually do.
I desperately hope that we will see another article--in the same clear style--covering these missing concepts. Here, only openness can counteract potential conspiracy theories blossoming on such grounds.