Subprime gadgets

What a remote-brick app tells us about debt collection in the age of trusted computing.

Cory Doctorow
11 min readMar 29, 2024
A group of child miners, looking grimy and miserable, standing in a blasted gravel wasteland. To their left, standing on a hill, is a club-wielding, mad-eyed, top-hatted debt collector, brandishing a document bearing an Android logo. Image: Oatsy (modified) CC BY 2.0

I’m on tour with my new, nationally bestselling novel The Bezzle! Catch me this Sunday (Mar 31) at Wondercon in Anaheim (YA Fantasy, room 207, 10 a.m., Signing 11 a.m., Teaching Writing, 213CD 2:30 p.m.); then Boston (Apr 11) with Randall “XKCD” Munroe, Providence (Apr 12) and beyond!

The promise of feudal security: “Surrender control over your digital life so that we, the wise, giant corporation, can ensure that you aren’t tricked into catastrophic blunders that expose you to harm”:

The tech giant is a feudal warlord whose platform is a fortress; move into the fortress and the warlord will defend you against the bandits roaming the lawless land beyond its walls.

That’s the promise, here’s the failure: What happens when the warlord decides to attack you? If a tech giant decides to do something that harms you, the fortress becomes a prison and the thick walls keep you in.

Apple does this all the time: “click this box and we will use our control over our platform to stop Facebook from spying on you” (Ios as fortress). “No matter what box you click, we will spy on you and because we control which apps you can install, we can stop you from blocking our spying” (Ios as prison):

But it’s not just Apple — any corporation that arrogates to itself the right to override your own choices about your technology will eventually yield to temptation, using that veto to help itself at your expense:

Once the corporation puts the gun on the mantelpiece in Act One, they’re begging their KPI-obsessed managers to take it down and shoot you in the head with it in anticipation of of their annual Act Three performance review:

One particularly pernicious form of control is “trusted computing” and its handmaiden, “remote attestation.” Broadly, this is when a device is designed to gather information about how it is configured and to send verifiable testaments about that configuration to third parties, even if you want to lie to those people:

New HP printers are designed to continuously monitor how you use them — and data-mine the documents you print for marketing data. You have to hand over a credit-card in order to use them, and HP reserves the right to fine you if your printer is unreachable, which would frustrate their ability to spy on you and charge you rent:

Under normal circumstances, this technological attack would prompt a defense, like an aftermarket mod that prevents your printer’s computer from monitoring you. This is “adversarial interoperability,” a once-common technological move:

An adversarial interoperator seeking to protect HP printer users from HP could gin up fake telemetry to send to HP, so they wouldn’t be able to tell that you’d seized the means of computation, triggering fines charged to your credit card.

Enter remote attestation: if HP can create a sealed “trusted platform module” or a (less reliable) “secure enclave” that gathers and cryptographically signs information about which software your printer is running, HP can detect when you have modified it. They can force your printer to rat you out — to spill your secrets to your enemy.

Remote attestation is already a reliable feature of mobile platforms, allowing agencies and corporations whose services you use to make sure that you’re perfectly defenseless — not blocking ads or tracking, or doing anything else that shifts power from them to you — before they agree to communicate with your device.

What’s more, these “trusted computing” systems aren’t just technological impediments to your digital wellbeing — they also carry the force of law. Under Section 1201 of the Digital Millennium Copyright Act, these snitch-chips are “an effective means of access control” which means that anyone who helps you bypass them faces a $500,000 fine and a five-year prison sentence for a first offense.

Feudal security builds fortresses out of trusted computing and remote attestation and promises to use them to defend you from marauders. Remote attestation lets them determine whether your device has been compromised by someone seeking to harm you — it gives them a reliable testament about your device’s configuration even if your device has been poisoned by bandits:

The fact that you can’t override your computer’s remote attestations means that you can’t be tricked into doing so. That’s a part of your computer that belongs to the manufacturer, not you, and it only takes orders from its owner. So long as the benevolent dictator remains benevolent, this is a protective against your own lapses, follies and missteps. But if the corporate warlord turns bandit, this makes you powerless to stop them from devouring you whole.

With that out of the way, let’s talk about debt.

Debt is a normal feature of any economy, but today’s debt plays a different role from the normal debt that characterized life before wages stagnated and inequality skyrocketed. 40 years ago, neoliberalism — with its assaults on unions and regulations — kicked off a multigenerational process of taking wealth away from working people to make the rich richer.

Have you ever watched a genius pickpocket like Apollo Robbins work? When Robins lifts your wristwatch, he curls his fingers around your wrist, expertly adding pressure to simulate the effect of a watchband, even as he takes away your watch. Then, he gradually releases his grip, so slowly that you don’t even notice:

For the wealthy to successfully impoverish the rest of us, they had to provide something that made us feel like we were still doing OK, even as they stole our wages, our savings, and our futures. So, even as they shipped our jobs overseas in search of weak environmental laws and weaker labor protection, they shared some of the savings with us, letting us buy more with less. But if your wages keep stagnating, it doesn’t matter how cheap a big-screen TV gets, because you’re tapped out.

So in tandem with cheap goods from overseas sweatshops, we got easy credit: access to debt. As wages fell, debt rose up to fill the gap. For a while, it’s felt OK. Your wages might be falling off, the cost of health care and university might be skyrocketing, but everything was getting cheaper, it was so easy to borrow, and your principal asset — your family home — was going up in value, too.

This period was a “bezzle,” John Kenneth Galbraith’s name for “The magic interval when a confidence trickster knows he has the money he has appropriated but the victim does not yet understand that he has lost it.” It’s the moment after Apollo Robbins has your watch but before you notice it’s gone. In that moment, both you and Robbins feel like you have a watch — the world’s supply of watch-derived happiness actually goes up for a moment.

There’s a natural limit to debt-fueled consumption: as Michael Hudson says, “debts that can’t be paid, won’t be paid.” Once the debtor owes more than they can pay back — or even service — creditors become less willing to advance credit to them. Worse, they start to demand the right to liquidate the debtor’s assets. That can trigger some pretty intense political instability, especially when the only substantial asset most debtors own is the roof over their heads:

“Debts that can’t be paid, won’t be paid,” but that doesn’t stop creditors from trying to get blood from our stones. As more of us became bankrupt, the bankruptcy system was gutted, turned into a punitive measure designed to terrorize people into continuing to pay down their debts long past the point where they can reasonably do so:

Enter “subprime” — loans advanced to people who stand no meaningful chance of every paying them back. We all remember the subprime housing bubble, in which complex and deceptive mortgages were extended to borrowers on the promise that they could either flip or remortgage their house before the subprime mortgages detonated when their “teaser rates” expired and the price of staying in your home doubled or tripled.

Subprime housing loans were extended on the belief that people would meekly render themselves homeless once the music stopped, forfeiting all the money they’d plowed into their homes because the contract said they had to. For a brief minute there, it looked like there would be a rebellion against mass foreclosure, but then Obama and Timothy Geithner decreed that millions of Americans would have to lose their homes to “foam the runways” for the banks:

That’s one way to run a subprime shop: offer predatory loans to people who can’t afford them and then confiscate their assets when they — inevitably — fail to pay their debts off.

But there’s another form of subprime, familiar to loan sharks through the ages: lend money at punitive interest rates, such that the borrower can never repay the debt, and then terrorize the borrower into making payments for as long as possible. Do this right and the borrower will pay you several times the value of the loan, and still owe you a bundle. If the borrower ever earns anything, you’ll have a claim on it. Think of Americans who borrowed $79,000 to go to university, paid back $190,000 and still owe $236,000:

This kind of loan-sharking is profitable, but labor-intensive. It requires that the debtor make payments they fundamentally can’t afford. The usurer needs to get their straw right down into the very bottom of the borrower’s milkshake and suck up every drop. You need to convince the debtor to sell their wedding ring, then dip into their kid’s college fund, then steal their father’s coin collection, and, then break into cars to steal the stereos. It takes a lot of person-to-person work to keep your sucker sufficiently motivated to do all that.

This is where digital meets subprime. There’s $1T worth of subprime car-loans in America. These are pure predation: the lender sells a beater to a mark, offering a low down-payment loan with a low initial interest rate. The borrower makes payments at that rate for a couple of months, but then the rate blows up to more than they can afford.

Trusted computing makes this marginal racket into a serious industry. First, there’s the ability of the car to narc you out to the repo man by reporting on its location. Tesla does one better: if you get behind in your payments, your Tesla immobilizes itself and phones home, waits for the repo man to come to the parking lot, then it backs itself out of the spot while honking its horn and flashing its lights:

That immobilization trick shows how a canny subprime car-lender can combine the two kinds of subprime: they can secure the loan against an asset (the car), but also coerce borrowers into prioritizing repayment over other necessities of life. After your car immobilizes itself, you just might decide to call the dealership and put down your credit card, even if that means not being able to afford groceries or child support or rent.

One thing we can say about digital tools: they’re flexible. Any sadistic motivational technique a lender can dream up, a computerized device can execute. The subprime car market relies on a spectrum of coercive tactics: cars that immobilize themselves, sure, but how about cars that turn on their speakers to max and blare a continuous recording telling you that you’re a deadbeat and demanding payment?

The more a subprime lender can rely on a gadget to torment you on their behalf, the more loans they can issue. Here, at last, is a form of automation-driven mass unemployment: normally, an economy that has been fully captured by wealthy oligarchs needs squadrons of cruel arm-breakers to convince the plebs to prioritize debt service over survival. The infinitely flexible, tireless digital arm-breakers enabled by trusted computing have deprived all of those skilled torturers of their rightful employment:

The world leader in trusted computing isn’t cars, though — it’s phones. Long before anyone figured out how to make a car take orders from its manufacturer over the objections of its driver, Apple and Google were inventing “curating computing” whose app stores determined which software you could run and how you could run it.

Back in 2021, Indian subprime lenders hit on the strategy of securing their loans by loading borrowers’ phones up with digital arm-breaking software:

The software would gather statistics on your app usage. When you missed a payment, the phone would block you from accessing your most frequently used app. If that didn’t motivate you to pay, you’d lose your second-most favorite app, then your third, fourth, etc.

This kind of digital arm-breaking is only possible if your phone is designed to prioritize remote instructions — from the manufacturer and its app makers — over your own. It also only works if the digital arm-breaking company can confirm that you haven’t jailbroken your phone, which might allow you to send fake data back saying that your apps have been disabled, while you continue to use those apps. In other words, this kind of digital sadism only works if you’ve got trusted computing and remote attestation.

Enter “Device Lock Controller,” an app that comes pre-installed on some Google Pixel phones. To quote from the app’s description: “Device Lock Controller enables device management for credit providers. Your provider can remotely restrict access to your device if you don’t make payments”:

Google’s pitch to Android users is that their “walled garden” is a fortress that keeps people who want to do bad things to you from reaching you. But they’re pre-installing software that turns the fortress into a prison that you can’t escape if they decide to let someone come after you.

There’s a certain kind of economist who looks at these forms of automated, fine-grained punishments and sees nothing but a tool for producing an “efficient market” in debt. For them, the ability to automate arm-breaking results in loans being offered to good, hardworking people who would otherwise be deprived of credit, because lenders will judge that these borrowers can be “incentivized” into continuing payments even to the point of total destitution.

This is classic efficient market hypothesis brain worms, the kind of cognitive dead-end that you arrive at when you conceive of people in purely economic terms, without considering the power relationships between them. It’s a dead end you navigate to if you only think about things as they are today — vast numbers of indebted people who command fewer assets and lower wages than at any time since WWII — and treat this as a “natural” state: “how can these poors expect to be offered more debt unless they agree to have their all-important pocket computers booby-trapped?”

If you’d like an essay-formatted version of this post to read or share, here’s a link to it on, my surveillance-free, ad-free, tracker-free blog: