The Internet Heist (Part III)

We are family

Cory Doctorow
8 min readJan 15, 2022


The anti-piracy “You Wouldn’t Steal A Car” title-card, modified to read “You Wouldn’t Steal the Future.”
FACT (modified)

Note: This is Part III in a series; Part I is here, Part II is here.

Even today, I can’t tell if the entertainment execs and their tech collaborators that I sparred with in the DRM wars were brilliant schemers or overconfident fools.

When these men — almost all men — set out to create laws that would give their corporations a collective veto over which programs all computers could run, and which real-world data could be captured by computers, were they really doing it all for the sake of controlling how we watch TV? Or did they grasp just how this power over our digital tools would translate into control over our lives in an increasingly digital era?

I still don’t know. It’s easy to believe in unlimited corporate hubris, but it’s just as easy to believe in unlimited corporate foolishness. What’s more, it’s possible that some of the players were along for the ride, while others had a very precise understanding of the stakes.

What were those stakes?

Well, for starters, how about the definition of “the family.”

As I discussed in Part I, the US was a laggard in the “digital TV transition” and this created an opportunity for an entertainment and tech cartel to propose a solution: Simply create a Star Chamber of execs from incumbent companies to dictate the operating characteristics of all computing technology, and then Hollywood studios might release movies for high-def, over-the-air broadcast.

Other countries did not have this DTV problem. Most high-income nations have public broadcasters who were willing to step in wherever the private sector balked. In countries that use the DVB digital TV standard — in Europe, parts of South America, Africa, Asia, Australia, etc. — there was a quick and relatively painless DTV transition.

But somehow, DVB still got suckered into making a DRM component for its standard, DVB-Copy Protection and Copy Management (DVB-CPCM). This was a product that no DVB viewer wanted, but nevertheless, the same tech and CE companies teamed up with the same movie studios and broadcasters (mostly from the EU) to create a technical specification for restricting how programs recorded by DVB users would work.

This spec had a lot of bells and whistles, but at its core was the idea of an “authorized domain”: a collection of devices owned by a single “household.” The proponents of the authorized domain offered it up as a reasonable compromise between a world with no video sharing and one where anyone could share anything with anyone else. By defining a perimeter around a “household” and its members and devices, they would allow for “reasonable” sharing, while blocking “unreasonable” sharing.

Here’s what this amounts to: A group of western, mostly white, mostly guys, engineers and lawyers working for massive global tech and entertainment corporations and broadcasters, all sat down to decide which family arrangements were “reasonable” and which ones were “unreasonable.”

I was in these meetings, too. It was…so bad.

I mean, they had lots of interesting business logic they wanted to throw at this problem. Like, how could you get your authorized domain to encompass the mobile devices your kids used, the screens at your summer place in France, the seat-back video screen in your Mercedes SUV, and your own laptop? That’s a gnarly problem, one with all kinds of implications for territorial rights deals (like, what if you record a football match that aired in the UK but took it to the Continent where there was no broadcast deal?). Give it to them, they figured that stuff out.

So one day, I proposed my own use case: Imagine a family where Mom and Dad live in Manila, but Dad spends half the year on the road as a migrant agricultural worker. One of their sons is building high-rises in Qatar; another works as a landscaper in Toronto. Their two daughters are both home healthcare workers, one in Hong Kong, the other in Los Angeles. Can this family be encompassed by the authorized domain? Can all their devices share video?

The idea was dismissed out of hand as an “edge-case.”

That edge-case — that family — is orders of magnitude more common than the family with the summer place in France and the seat-back video screens in the Merc. But it didn’t matter. These guys and the corporations they worked for were deciding, in that room, what a “real” family looked like, and if it didn’t look like your family, well, that was your problem.

One other moment that stands out from those negotiations: We were discussing how often a device could be joined and decoupled from a “domain” — that is, a family’s constellation of devices — and the matter of joint custody came up.

What happens, someone asked, if there’s a minor child with divorced parents, and every week she changes households? Will she be able to link and unlink her device from Mom’s network, then Dad’s network, then Mom’s?

Well, no, that wouldn’t do. Allowing unlimited join/sever operations could facilitate “content laundering” and sharing beyond the authorized domain. The business logic in the standard would not allow it — after a few of these switching ops, the system would lockout this poor kid and tell her she couldn’t change households again.

This presented a conundrum. Some of these guys were probably divorced and in joint custody arrangements themselves, and they were much more sympathetic to this use-case than they were to my hypothetical Filipino diaspora family.

But we solved it. A rep from one of the largest tech companies in the world explained that when his company’s license servers blocked a new computer from being initialized with a license key, all the user had to do was call a toll-free number and explain the circumstances (say, that they’d gotten a virus and wiped their computer and were reinstalling the OS), and the customer service rep would hear them out and, if their story was convincing enough, override the lockout.

That was the solution. If you’re an adolescent coping with your parents’ divorce, all you would need to do is make a phone call to a stranger once a month or so and explain the painful inner workings of your parents’ custody arrangement, and you’d be able to go on watching TV.

Here’s the thing:

  • If it’s a crime to break DRM (and it is, thanks to EU law like Article 6 of the EUCD and US law like Section 1201 of the DMCA), and
  • if all devices have DRM, then
  • whatever the DRM prohibits, the law prohibits.

What’s more, all computers have a certain functional equivalence. A “digital camera” is just a general-purpose computer with a lens and some specific UI buttons. A “smart dishwasher” is also just a general-purpose computer with its own specialized hardware. In a world of general-purpose computers, any regulation about which software can run on some computers turns into a rule about which software can run on all computers.

Did these guys know it? Was the next move always to use the power of DRM cartels to allow corporations to define social structures like “the family” in shareholder-friendly ways? Or did they start with the goal of controlling how we watched TV and then have a kind of bet-you-can’t-eat-just-one experience, where control over watching TV became a slippery slope to attempts at controlling everything?

One thing I do know, none of these guys ever thought any of this stuff would apply to them. Every one of these committees — the BPDG, the ARDG, CPCM — started off with the bedrock principle that their rules would not cover “professional devices” — the devices they, themselves, kept at home.

Just like the top MPAA lobbyist who illegally copied “This Film is Not Rated,” Kirby Dick’s movie about corruption in the movie rating system, but insisted it was fine because he kept his illegal copy “in his vault,” the systems of control these guys designed were for us, not them.

CPCM got a lot of bad press, which I helped to create. The whole enterprise became quite acrimonious, and the fragile alliances that kept CE and IT companies in conspiracy with movie studios, sports leagues, and broadcasters frayed and broke. Today, CPCM is mostly a bad memory.

But the corporate world is more concentrated than ever. Large firms got larger, and the number of execs who have to agree to a conspiracy before it covers the majority of users has shrunk, and these conspiracies have flourished.

Our digital lives today are far more vulnerable to the choices of small numbers of executives meeting behind closed doors to decide what is legitimate and what is not. The makeup of these groups has grown a little more diverse, but that has not made the structuring of our lives any more democratically accountable, humane, or reasonable. At the end of the day, corporate monopolists will only ever anoint reps who can be relied upon to serve corporate interests.

Engineers continue to act as though fuzzy, indefinable spectra of human life can be safely quantized into crisp categories — whether that’s the calendar, national borders, names, genders, biometrics, or even street addresses. We round up these programmatic approximations to 100 percent and tell anyone who squawks to “be reasonable.”

When these false truths are embedded in code, when that code is made universal thanks to monopoly or cartel or mandate, and when it is illegal to alter that code, then the code truly becomes law. The map becomes the territory. The software doesn’t model your family, your family has to conform to the software’s model.

The computer says no, and you don’t get to say no back.

Digital rights are human rights. No technical committee, no matter how representative and diverse, can anticipate every contingency that every user will face. Technological design must incorporate feedback and perspectives from the people who will have to use that technology, but that is only table stakes.

Unless we have the ability (both the technical skills and the legal right) to reconfigure our tools, then our human destiny will be a prisoner to the venality, imaginative shortcomings, foolish errors, and disregard of distant and long-dead technological designers who lacked the humility to understand that the rest of the world, and the rest of time, would be weirder than they could hope to imagine.

Cory Doctorow ( is a science fiction author, activist, and blogger. He has a podcast, a newsletter, a Twitter feed, a Mastodon feed, and a Tumblr feed. He was born in Canada, became a British citizen and now lives in Burbank, California. His latest nonfiction book is How to Destroy Surveillance Capitalism. His latest novel for adults is Attack Surface. His latest short story collection is Radicalized. His latest picture book is Poesy the Monster Slayer. His latest YA novel is Pirate Cinema. His latest graphic novel is In Real Life. His forthcoming books include The Shakedown (with Rebecca Giblin), a book about artistic labor market and excessive buyer power; Red Team Blues, a noir thriller about cryptocurrency, corruption and money-laundering (Tor, 2023); and The Lost Cause, a utopian post-GND novel about truth and reconciliation with white nationalist militias (Tor, 2023).