Detective Mode was an extreme invasion of privacy, a mustache-twirling moment of villainy in the history of commercial surveillance. But the excesses of Detective Mode are just particularly unsavory examples of an increasingly prevalent trend in credit transactions—remote control of devices by lenders, that infringes on the privacy and security of the debtors.

While few lenders will go as far as to take naked pictures of their debtors, wherever there is an expensive device that can be easily absconded with, it makes sense for lenders to add both a kill switch and GPS. A New York Times story in 2014 looked at the increasing prevalence of starter interrupt devices—kill switches—in cars financed by subprime loans, reporting that the mechanisms had “reduced late payments to roughly 7 percent from nearly 29 percent.”

Lenders aren’t installing these devices because they’re interested in tracking their debtors’ every move; starter interrupt mechanisms are just an economical way to protect their investments. But even when lenders aren’t stooping to the kinds of skin-crawling extremes that warrant a FTC lawsuit, there’s something about these controls that feels dangerous and invasive. In the same 2014 report, the Times described how a woman in Austin, Texas, had fled her abusive husband, only to be tracked down by the subprime lender that had financed her car. By driving to the shelter, she had violated the loan agreement, which restricted her from driving outside of a four county radius. She was tracked down via GPS and her car was repossessed.

We owe this proliferation of lender kill switches to the convergence of two trends. One is the uptick in subprime lending, a phenomenon that received a great deal of attention during the 2008 home mortgage crisis, but less so when it came to movable property like cars and computers. And while subprime lending in the housing market has fallen off since the 2008 crisis, it has rebounded in other types of loans—auto loans, credit cards, personal loans.

Alongside this rise in subprime consumer lending, there has been a steady increase in the use of access controls in devices. What began with digital rights management for intellectual property has expanded into ever-stranger forms, like access controls for Keurig pods and self-cleaning cat litterboxes.

Mechanisms that prevent Keurig machines from using off-label coffee pods are annoying but relatively harmless. But the history of digital rights management (DRM) has always had a dark side. In 2005, security researchers found that the DRM protection on Sony BMG music CDs would install a rootkit if the CD were inserted into a user’s computer. A rootkit is malicious software that enables unauthorized access to a computer, while masking its own existence from the authorized user. It’s a tool for hackers, thieves, and nation-state adversaries. In the quest for perfect protection of Sony’s intellectual property, the company threw the privacy and security of their customers under the bus.