Hitting the Cyber Marque: Issuing a Cyber Letter of Marque to Combat Digital Threats [Army Lawyer, The]
| By Kessinger, Christopher M | |
| Proquest LLC |
I. Introduction
At any given time, millions upon millions of people connect to each other via cyberspace.1 While a convenient method for grandparents to view pictures of their grandchildren, the Internet is also an exceedingly effective vehicle by which to attack a state, a company, or an individual. These attacks occur with frightening frequency, over 1,000 per hour in
Despite the frequency and increasing severity of cyber attacks,9 many governments and industries around the world, to include
This article explores the improbable, if not politically impossible, application of the letter of marque concept to the cyber arena. Despite the likely political stigma such a proposition would have in today's
Proposed defenses to cyber attacks are becoming increasingly complex and bizarre.16 However, one historically effective and constitutional17 method of conducting both offensive and defensive operations has yet to be applied in a cyber context: the letter of marque.
This is a method of cyber self-help in which,
[i]n the context of privately conducted cyber attacks, letters or licensing could be used to specify the circumstances under which threat neutralization may be performed for the defense of property, the criteria needed to identify the attacking party with sufficiently high confidence, the evidence needed to make the determination that any given cyber attack posed a threat sufficiently severe as to warrant neutralization, and the nature and extent of cyber attacks conducted to effect threat neutralization.18
At its core, the letter of marque serves both military and law enforcement functions. Militarily, the government retains control over the letter of marque holder (a "privateer") and responsibilities as delineated within the express terms of the letter of marque while at the same time broadening the military's reach.19 As a law enforcement tool, a letter of marque deputizes an individual or company, thus vesting that entity with police powers. This authority allows the privateer to detain targets, bring them before the sovereign, and receive compensation based on successes, much like a bounty hunter.20 Using civilian forces in a military/national defense context is not a concept limited to antiquity. For example, monitored non-governmental civilian participation in governmental operations exists with private military contractors.
There is an apparent aversion to the use of letter of marque and privateers.22 Various bills introduced throughout the years proposing the revival of letter of marque have stalled or failed outright.23 Despite the hesitation, letters of marque and privateers served a legitimate military purpose,24 both in supplementing regular combat forces and crippling enemy commerce while protecting American commerce.25 A cyber letter of marque would enable a privateer to seize digital assets, disrupt fiscal and communication networks, destroy attacking networks,26 and act as a cyber bounty hunter.
Applying a letter of marque scheme to the cyber world would not only provide authority for American companies to defend themselves from cyber threats, but also allow them to take proactive measures to neutralize a cyber threat before it coalesces into danger. In addition to providing requisite authorization, a letter of marque scheme would regulate the conduct of a prospective cyber privateer and ensure accountability to effect compliance with the letter of marque's mandate.
Part II of this article examines the historical usage of letters of marque and privateers. A brief historical discussion shows the use of letters of marque in national defense. Such historical perspective provides a useful background when considering their application to cyberspace. Part III applies legal and historical principles to a modern letter of marque regime. In particular, the application of letters of marque within the context of existing technologies and proposed authorization and oversight safeguards are examined. The various laws implicated in a modern cyber letter of marque regime are reviewed in Part IV. Finally, Part V addresses the authorizations and oversight necessary to effectively manage a successful, and lawful, cyber letter of marque regime. While not meant to be an exhaustive analysis of all possible facets related to the implementation of a cyber letter of marque regime, this article shows that despite some initial political and legal issues, using a cyber letter of marque can effectively mitigate the threats posed by cyber attacks.
II. History of Letter of Marque and Privateering
The concept of allowing private individuals to wage war on a foreign sovereign is not new, nor is it unique to
The letter of marque originally served as a "self-help" authorization, allowing a private individual to seek reprisal against a foreigner who caused him harm.32 Over time, this developed into a government's authorization to act on its behalf and seize property belonging to an enemy government, usually in the form of ships and cargo.33 In its most fundamental form, a letter or marque authorized private merchant ships to carry arms in self-defense.34
Upon its founding, due to its small navy,35 not only did
Thomas Jefferson was also an ardent proponent of privateering: "every possible encouragement should be given to privateering in time of war. . . . Our national ships are too few . . . to . . . retaliate the [sic] acts of the enemy. But by licensing private armed vessels, the whole naval force of the nation is truly brought to bear on the foe."40 Jefferson also realized that letters of marque served more than an offensive purpose, detailing how they are also a means of self-defense:
The ship Jane is an English merchant vessel . . . employed in the commerce between
vessel is commerce and self- preservation.41
Support for letters of marque by the founding fathers was not merely philosophical consent.
Privateering in general weakened an enemy's economy and its ability to wage war.45 The American privateers devastated British commerce, funding the first two years of the war substantially through British captures.46 By early 1777, the British had lost 250 ships, resulting in the collapse of several major
At the outset of the War of 1812, the
With this new authorization in hand, American privateers wreaked havoc on British shipping and secured victory in America's second war for independence.58 In the process, privateers tallied
Following the War of 1812, letters of marque did not disappear from the American landscape. President
In 1856,
The Paris Declaration contained three major provisions:67 the first provided that "[p]rivateering is, and remains, abolished;" the second prevented the seizing of enemy goods on neutral ships; and the third prevented capture of neutral goods on enemy ships.68 Most importantly, the Declaration went to great pains to ensure that its provisions did not apply to any nation save signatories.69 This provision is important for two reasons.
First, it made clear that it was not intended to be a universal ban on privateering, as it only applied to signatory nations at war with other signatories.70 Second, as stated in the document, it did not have the power to police the actions of non-signatories.71
While
The issue of privateering arose again in
Consequently, the Union passed a statutory authorization for President Lincoln to issue letters of marque84 and declared that all attempts to disrupt, capture or destroy Union shipping would be treated as piracy and dealt with as such.85 Regardless, the British entered the Civil War as privateers, sailing under letters of marque issued by the Confederacy. In fact, in a case brought by
When
America's right and ability to issue the same.89 The Spanish never carried out the threat, and President McKinley, for the first time, articulated a U.S. intention to comply with the Paris Declaration, though still not be a signatory.90
Despite the reluctance, both Spain and
While the nature of privateering changed with the Spanish-American War, privateering did not disappear. At the 1907
III. Applying Letters of Marque to Cyber Warfare
Letters of marque were the original "self-help" governmental authorization.104 While used to great effect in the past, they can now be resurrected and used to achieve similar results, especially in a cyber context. This section addresses the use of a cyber letter of marque in three areas: seizing assets; disrupting, disabling, and dismantling adversarial networks; and conducting cyber bounty hunting and rewards programs.
A. Seizing Assets
In a modern cyber letter of marque scheme, the U.S. government would authorize certain companies or individuals to track, freeze, and seize the illicit funds of designated criminal organizations. The net effect would be cutting off supplies to deliver
When rogue states, such as
Money laundering is not exclusive to
The idea of using a letter of marque to effect an economic result is not novel.
Motivated by the possibility of retaining a healthy percentage of the roughly
Currently, the law restricts anyone from attempting to seize assets, whether they belong to the most deplorable rogue regime or the most vicious drug cartel. A cyber letter of marque would vest responsible and vetted entities with authority to digitally seize illicit funds while providing legal protections from criminal and/or civil liability. Current laws restricting attempted seizures would remain in place for those acting without a valid letter of marque or those operating outside the scope of their letter of marque commissions.
B. Disrupting, Disabling, and Dismantling Adversarial Networks
In
At roughly the same time that the U.S. banking industry began to deal with vorVzakone, bank officials were contending with cyber attacks emanating from Iran.135 The attack's complexities are comparable to that of "a pack of fire-breathing Godzillas."136 In fact, the internet traffic used in the attacks has been '"multiple times" the number that
To add to the growing threat from Russian criminals and rogue nations like
Naturally, victimized
While the U.S. government claims that "[a]ll options are on the table" with regard to responses to these attacks,145 the one option that has not been discussed is a cyber letter of marque. The current law, and seemingly political position, is basically forcing U.S. companies to "just stand and take a beating."146 Even if the U.S. government takes on a more proactive role in the cyber arena, it is widely accepted that U.S. law enforcement lacks the sufficient number of trained cyber police necessary to effectively engage the current and emerging cyber threats.147
While a lot of "private companies only have simple fire walls that can be overcome [if] the hacker is an expert,"148 some in the private sector claim to have the skill set required to confront this threat.149 These attacks continue because, in part, there is no disincentive for the bad actors, as they know nothing will happen to them.150 However, if
As with seizure of assets, ample historical support exists for the use of privateering in the disruption of enemy activity. As discussed previously,154 American privateers disrupted English commerce to such an extent that several
C. Cyber Bounty Hunting
The realm of cyber letters of marque is not limited to offensive or defensive actions in the classic sense. A cyber letter of marque could also be utilized as a method of bounty hunting, providing information to law enforcement agencies necessary to apprehend a cyber attacker.
Bounty hunting, like a letter of marque, is an activity intertwined with the history of
Individual American states adopted some form of the Uniform Criminal Extradition Act and passed laws163 governing the conduct of bounty hunters, bail recovery agents, or similarly named entities. Most states have statutes that detail their licensing requirements, the bounty hunter's arrest authority, and insurance requirements. For example,
The situation changes if a U.S. company uses a computer to track down a hacker, acquire evidence of illegality sufficient to support an arrest, obtain information from his/her computer sufficient to accurately pin point the hackers' location and then provide that information to law enforcement. This, arguably, would be illegal under current
The Computer Fraud and Abuse Act (CFAA) serves as a barrier to a corporation or individual171 from coming to the aid of a cyber-attack victim.
Indeed, other scholars have posited the use of bounty hunting letters of marque.172 For example,
Just as letters of marque are constitutional,174 so too are bounties, as over a hundred years of U.S. jurisprudence demonstrates.175 The issuance of a cyber letter of marque does not have to have the "bounty hunter" moniker, as it is analogous to a whistleblower or qui tam176 suit whereby the privateer, minus the constraints of current domestic laws such as the CFAA, may gather information about an attacker or enemy and provide it to the proper authorities in return for monetary compensation. A cyber letter of marque would allow a cyber privateer access to those established and protected legal mechanisms.
IV. Legal Barriers
Despite the many potential applications of a cyber letter of marque, some arguments raise concerns about the legality of its application. When discussing letters of marque, most commentators cite to the same alleged legal barriers to implementation: domestic law, usually the CFAA; the Law of Armed Conflict, specifically attribution and self-defense concerns; the Paris Declaration of 1856; and the
A. The Computer Fraud and Abuse Act
The Computer Fraud and Abuse Act,177 initially a criminal statute protecting government computers and those computers belonging to entities with compelling government interests,178 forces companies under attack to "just stand and take a beating."179 Since its passage in 1984, it has expanded180 to include civil liability by prohibiting anyone from "intentionally access[ing] a protected computer without authorization or exceed[ing] authorized access . . . [and recklessly causing damage181 involving a loss182 of] at least
While the CFAA prohibits the mere access to a protected computer, causing damage seems to be the lynchpin to triggering civil and criminal penalties under the CFAA. Some courts have homed in on the damage requirement, refusing to find civil or criminal liability. For example, in Moulton v. VC3,188 the court held that an unauthorized port scan and throughput test of a defendant's servers is not a violation of the CFAA189 since no "damage" was caused. Likewise, in
While some of the judicial decisions seem to allow some degree of cyber intelligence collection under the current regulatory scheme,192 the courts clearly would not allow an entity to seize assets, whether they are being laundered at a major international bank or if information leading to their location is on a drug kingpin's desktop computer. Consequently, government authorization would first be a necessity.193
Despite allowing for criminal and civil penalties, the CFAA is not an effective means of preventing cyber attacks.194 Some have argued that active-defense authorizations, such as a letter of marque, are not necessary as the cyber victim can turn over evidence of a cyber attack to the
Just as cyber criminals are capable of seizing money from an individual's bank accounts,199 cyber companies with the technical expertise can track down and seize illicit funds, given the proper governmental authorization. A cyber letter of marque would provide such authorization.
B. Attribution and Self-Defense
Attribution is the legal requirement to positively identify the attacker prior to responding with force in self- defense.200 How does a prospective cyber privateer ensure it is striking the proper target201 and how does a cyber- privateer cover their tracks so as to not entice further attacks? Admittedly, discovering the source of a cyber attack is "the most important aspect of active defense." 202 It necessarily must be a requirement when issuing a cyber letter of marque to ensure that the privateer is targeting the proper bad actor. Critics have complained that it is too difficult to identify the attacker with sufficient accuracy to ensure a counter-attack is accurately aimed.203 While tracing an attack may not provide actionable results, and some technologies "limit the ability to make perfect surgical strikes with active defense,"204 the problem may not be as big as it appears. Some speculate that it is more difficult for the bad actor to identify the cyber privateer than it is for the cyber privateer to identify the bad actor.205
The attribution concerns may, however, be a bit over- blown.206 Even the Russian cyber attacks launched or encouraged against
C. Paris Declaration of 1856
Most critics of the letter of marque, regardless of its application, usually point to the Paris Declaration of 1856, noting that
First, the Declaration does not apply to
Additionally, the Declaration clearly pertains, and limits itself, to maritime law.218 Since a cyber letter of marque regime is not grounded in maritime law and letters of marque are specifically authorized in
Others argue219 that the Declaration has become customary international law.220 While this might be true at first blush, it ignores the legal and historical fact. A nation, not otherwise bound by a treaty, does not become bound by operation of the rule of customary international law if it has been a persistent objector. In order to be considered a persistent objector, and therefore not bound by a treaty, the State "must have objected to the emergence of a new norm during its formation and continue to object afterwards."221 Even if it has been state practice to follow the precepts in a treaty, non-signatory states can alter their actions in order to confront new threats.222
Regarding the Declaration of
Assuming, arguendo, that the Paris Declaration is customary international law that
D.
On
An attempt to correct these law enforcement deficiencies was the impetus for the creation of the
Remarkably, the exceptions contained in the
Perhaps as a sign of the naïve belief that the feckless
In
Because the
Even the U.S. Attorney General stated, in 2006, that the
V. Authorizations and Oversight
While a cyber letter of marque is legal, both under domestic and international law, any cyber letter of marque regime must provide for a method of authorizing and subsequently supervising a cyber privateer. This section discusses some potential methods of authorization and oversight necessary for an effective cyber letter of marque regime.
A. Issuance of Bonds and Authorizations
Prior to the issuance of a letter of marque, all prospective cyber privateers should be required to register with a central governmental database. This database would provide the supervising agency257 with a means of not only policing cyber privateers and holding them accountable, but also a means for parties allegedly aggrieved by
Further, all applicants must be able to post a bond commensurate with potential liability exposure. "Letters of marque should only be issued to security firms able to post a significant bond and meet specific qualification and training requirements."260 The bond requirement is the most effective method for screening out "start-ups" and "fly-by-night" security companies from seeking a letter of marque.261 The Act Concerning Letters-of-Marque, Prizes & Prize Goods specifically states that before the issuance of any commission of letters of marque, a bond in the amount of
In a cyber context, since the stakes are so high, a prospective cyber privateer should be required to supply a large monetary bond.264 A large monetary bond would not only ensure that responsible entities apply for and receive cyber letters of marque, but also that those with the requisite discretion and technical expertise are the only ones acting with congressional authority as a cyber privateer. The prime importance of competent exercise of the powers enumerated in the letter of marque is underscored when the vast amount of money and intellectual property lost on a frequent and recurring basis, coupled with the exacting nature of establishing positive identification, especially attribution, is contemplated. A large monetary bond would, in effect, keep the cyber cutthroats out of this business.
Singapore established CaseTrust, a similar system, in order to protect consumers engaged in e-commerce. CaseTrust receives complaints against e-vendors and legitimizes member companies. Prior to joining, a prospective e-vendor must give a banker's guarantee, or a bond, to establish that it is indeed a legitimate and reputable company. The CaseTrust system provides for compulsory adjudication including the power to not only fine a vendor, but also to revoke its certification. As a result, the consumer is protected by providing a source of bonded companies and a policing mechanism. Additionally, the commercial entities are shrouded with governmental legitimacy. To date, enforcement has been effective and participation is growing.265
In a historical context, the putative privateer kept detailed daily logs, which were available for inspection by any U.S. naval commander he might encounter.266 Similar requirements would be made of cyber privateers. As all internet activity can be, or actually is, easily monitored,267 this requirement does not place too onerous a burden on the purported cyber privateer. While most private companies are loathe to share details of their cyber activity for fear of losing intellectual property, a competitive edge, or disclose their cyber defenses or weaknesses,268 a company serious about executing a defensive or even offensive cyber letter of marque should be willing to accept the more stringent scrutiny, such as reviewing cyber logbooks.
A cyber letter of marque would designate the bearers to be licensed combatants for the sovereign, authorizing them to "bear arms" in the cyber sense of the word, and either defend against specific attacks and launch counter attacks (hack-backs) or engage in offensive cyber operations directed at sovereign selected targets or networks.269 A private company could be granted authorization to conduct a hack-back, temporarily incapacitating a cyber bad actor, and then notify the appropriate law enforcement or national security entity for final apprehension or network termination.270
In recognition that cyber privateers would, to a certain extent, be bearing arms, a workable set of rules of engagement would necessarily be a major part of the actual commission. Professor
B. Legal and Judicial Oversight
The legal framework for a workable letter of marque regime already exists under current federal law.272 "Privateering worked only because it was backed by a substantial system of law, not only the common law of property, but also the statutory creations such as admiralty courts and bond requirements."273 The federal judiciary is vested with original jurisdiction to determine prizes,274 burdens of proof established,275 the due process rights of both the captor and the captive duly considered,276 and the interests of
Historical precedence demonstrates that judicial oversight is an effective means to monitor and police privateers. For example, the court invalidated the first two prizes claimed during the War of 1812 because of improperly issued letters of marque.278 Even the venerable USS Constitution was also involved in an illegitimate capture, a situation embarrassingly rectified by the courts.279 Indeed, a rich legal history of privateering cases exists before the
Some are concerned that the government would not be able to control the behavior of modern privateers, especially in a cyber context.281 In reality, these concerns are easily addressed with stiff consequences.282 Penalties can include forfeiture of the bond and any pay due as a result of a successful capture or mission, seizure of assets,283 debarment from all future government contracts,284 exclusion from future letter of marque commissions, criminal prosecution, and potential tort liability. 285
At least two presidents proposed criminal prosecution for misuse of a letter of marque. President Jefferson, a major proponent of privateering during the Revolutionary War,286 declared that individuals operating off the coast without valid commissions be captured and tried as pirates.287 President Lincoln made a similar proclamation regarding privateers hired by the Confederate States, as he did not believe the "rebellious" states had legal authority to issue letters of marque.288
According to some scholars, one of the major drawbacks of the traditional letter of marque system was the lack of organization or unified command, control and communication.289 To address this concern, all cyber letter of marque holders would report their activities and progress to a central authority on a regular and recurring basis.290 This central authority would have the ability to terminate the cyber privateer's commission and/or refer the matter to the
VI. Conclusion
"More destructive cyber weapons are being created every day . . . [eventually] . . . those who mean to harm
Perhaps in tacit acknowledgement that the private sector is better prepared to handle cyber issues, the
Additionally, the
Political policy makers must understand that "[i]n cyberspace, the offense has the upper hand" and the nation cannot remain secure while hiding behind a mythical all protective firewall.299 Accordingly,
As delineated above, the letter of marque has a rich tradition, not only in international and maritime law, but also in American history. Were it not for this power,
The current legal framework allows hackers to do what they please,303 while network owners must follow onerous statutory rules.304 The issuance of cyber letters of marque is a constitutionally authorized method of self-defense
1 There were 2,405,518,376 Internet users accessing the Internet on
2 Tom Whitehead, Britain Is Target of Up to 1,000 Cyber Attacks Every Hour, TELEGRAPH,
3 "Today we are not at war, but I see evidence every day of deliberate, organised attacks against intellectual property and government networks in the
4 Shaun Waterman,
5 Nati Tucker & Orr Hirschauge, Cyber Offensive Against Israel: 100 Million Attacks with Little to Show for It,
6 Robert McClelland, Att'y Gen., Austl., Ten Years On: The Budapest Convention-A Common Force Against Cybercrime (
7 Adam Kredo, IAEA Incursion, WASH. FREE BEACON (
8 China has infiltrated 141 companies in twenty industries and stolen "hundreds of terabytes of data."
9 Jana Winter &
10 Greg MacSweeney, Can Banks Prevent the Next Cyber Attack?, WALL ST. & TECH. (
11 Josh Rogin, Who Runs Cyber Policy?, THE CABLE (
12 Michael Riley &
13 Jeff Bardin, Caution: Not Executing Offensive Actions Against Our Adversaries Is High Risk, CSO SECURITY & RISK (
14 Fellow signatories to the
15 John Leyden, Crap Security Lands Sony £250,000 Fine for PlayStation Network Hack, THE REGISTER,
16 E.g.,
17
18 COMM. ON OFFENSIVE INFO. WARFARE, NAT'L RES. COUNCIL OF THE NAT'L ACADS., TECHNOLOGY, POLICY, LAW, AND ETHICS REGARDING U.S. ACQUISITION AND USE OF CYBERATTACK CAPABILITIES 208 (
19 Theodore T. Richard, Reconsidering The Letter of Marque: Utilizing Private Security Providers Against Piracy, 39 PUB. CONT. L.J. 452 (2010).
20 Id. at 452.
21 Alexander Tabarrok, The Rise, Fall and Rise Again of Privateers, 11 INDEP. REV.: J. OF POL.
22 E.g.,
23 H.R.J. Res. 290, 94th Cong. (1975);
24 They were not a method through which the
25 EDGAR STANTON MACLAY, HISTORY OF PRIVATEERS 214-15 (1900);
26 See Robert P. DeWitte, Let Privateers Marque Terrorism: A Proposal for a Reawakening, 82 IND. L.J. 131, 140 (2007).
27 Originally, there was a distinction between a privateer and a letter of marque, however most scholars agree that by the time of the American Revolution there was no substantive difference between a letter of marque and privateer commission.
28 See generally
29 See infra Part IV.A (detailing discussion of why The Declaration of
30 HUGO GROTIUS, THE RIGHTS OF WAR AND PEACE 312 (1624).
31 Larry J. Sechrest, Privateering and National Defense: Naval Warfare for Private Profit (2003), reprinted in The Myth of National Defense: Essays on the Theory and History of Security Production 247 (
32 See, e.g., Richard, supra note 19, at n.75; Hutchins, supra note 27, at 845; Marshall, supra note 24, at 954.
33 Marshall, supra note 24, at 954.
34 Richard, supra note 19, at 416.
35 DeWitte, supra note 26, at 132; Richard, supra note 19, at 427. The colonial governments relied on privateering "to augment their weak navies." Id.
36 DeWitte, supra note 26, at 134.
37 WORTHINGTON CHAUNCEY FORD, ED, 4 JOURNALS OF THE CONTINENTAL CONGRESS 1774-1789, at 229-33 (
38 CHARLES OSCAR PAULLIN, THE NAVY OF THE AMERICAN REVOLUTION: ITS ADMINISTRATION, ITS POLICY, AND ITS ACHIEVEMENTS 148 (1906); Mass Armed Vessels Act, 1775, Mass Acts. ch. 7, reprinted in 5 Mass Acts and Resolves 436-37.
39 Marshall, supra note 24, at 960.
40 DeWitte, supra note 26, at 134; SECHREST, supra note 31, at 247.
41 Richard, supra note 19, at 437 (citing Letter from Thomas Jefferson, to
42 Tabarrok, supra note 21, at 567.
43 Id.; see generally
44 Tabarrok, supra note 21, at 567.
45 CARL E. SWANSON, PREDATORS AND PRIZES: AMERICAN PRIVATEERING AND IMPERIAL WARFARE, 1739-1748, at 1 (Univ. of
46 JAMES A. HUSTO, THE SINEWS OF WAR: ARMY LOGISTICS 1775-1953, at 21 (1966).
47 ROGER KNIGHT, THE PURSUIT OF VICTORY: THE LIFE AND ACHIEVEMENT OF HORATIO NELSON 45 (2005).
48 SECHREST, supra note 31, at 250.
49
50 Id. ("God knows, if this American war continues much longer we shall all die with hunger.").
51 Id.
52 Id. at xii ("'In no former war,' said a contemporary English newspaper, 'not even in any of the wars with
53 FRANCIS R. STARK, THE ABOLITION OF PRIVATEERING AND THE DECLARATION OF
54 MIRIAM GREENBLATT &
55 An Act Concerning Letters of Marque, Prizes, and Prize Goods, ch. 107, § 9, 2
56
Id.
57 FRANCIS H.
58 See JEROME R. GARITEE, THE REPUBLIC'S PRIVATE NAVY: THE AMERICAN PRIVATEERING BUSINESS AS PRACTICED BY
59
60 UPTON, supra note 57, at 175.
61 TEXAS PRIVATEERS, https://www.tsl.state.tx.us/exhibits/navy/privateers. html (last modified
62 Although President Polk did take issue with the blank letters of marque issued by
63 1856 Paris Declaration Respecting Maritime Law (1856), reprinted in THE LAW OF NAVAL WARFARE: A COLLECTION OF AGREEMENTS AND DOCUMENTS WITH COMMENTARIES 64 (
64 What influenced especially the English Government was the fear of America inclining against us, and lending to our enemies the co-operation of her hardy volunteers. The Maritime population of
TRAVERS TWISS, BELLIGERENT RIGHT ON THE HIGH SEAS, SINCE THE DECLARATION OF
65
Richard, supra note 19, at 428.
66 "Privateering is, and remains, abolished. . . . The present Declaration is not and shall not be binding, except between those Powers who have acceded, or shall accede, to it." Id.
67 A fourth provision dealing with naval blockades that is not germane to the instant discussion. See
68 Id. at 64-65.
69 Id. at 65.
70 See Hutchins, supra note 27, at 855.
71 "The present Declaration is not and shall not be binding, except between those Powers who have acceded, or shall accede, to it."
72 EPHRAIM DOUGLASS ADAMS,
73 Id.
74 Id.
75 Id.
76 ELBERT JAY BENTON, INTERNATIONAL LAW AND DIPLOMACY OF THE SPANISH AMERICAN WAR 129 (1908).
77 ADAMS, supra note 72, at 141.
78 PARIS DECLARATION, supra note 63, at 61-62.
79 Confederate Cong., An Act Recognizing the Existence of War Between the United States and Confederate States, and Concerning the Letters of Marque, Prizes, and Prize Goods (1st Sess.
80 ADAMS, supra note 72, at 141;
81 The Union approached
82 ADAMS, supra note 72, at 141; STARK, supra note 53, at 155.
83 Alexander Porter Morse, Rights and Duties of Belligerents and Neutrals from the
84 An Act Concerning Letters of Marque Prizes, and Prize Goods, ch. 85, 12
85 See JAMES RUSSELL SOLEY, THE BLOCKADE AND THE CRUISERS 170 (1883) (noting this meant pirates would be subject to execution).
86 Hutchins, supra note 27, at 857.
87 See
88 BARCLAY, supra note 27, at 204.
89 On
90 Morse, supra note 83, at 660.
91 BARCLAY, supra note 27, at 205. This scheme seems to have originated with the Prussians, who created a "volunteer navy" in 1870 in an attempt to circumvent the restrictions agreed up in
92 HENDRICKSON, supra note 89, at 127-28; BARCLAY, supra note 27, at 204.
93 BARCLAY, supra note 27, at 204.
94 According to the agreements, the owner was required "to take on board two naval officers, a marine officer, and a guard of thirty marines" and the owner was to pay for all costs, which were reimbursable after certification by the senior U.S. Naval officer on board. Id. at 205.
95 She was re-flagged as
96 BARCLAY, supra note 27, at 205.
97 The Rita, 89 F. at 768.
98 JOSEPH HODGES CHOATE, THE SECOND INTERNATIONAL PEACE CONFERENCE, HELD AT
99 See supra Part II.
100 CHOATE, supra note 98, at 40. 101 Id.
102 Some have alleged that blimps operated on the west coast of
103 See supra note 23.
104 Richard, supra note 19, at 416.
105 Marshall, supra note 24, at 969 (quoting a letter from
106 Kathy Lally, Russian Crime Boss Gunned Down in
107 Since 2006, at least eight
108 Suzanne Maloney, The Revolutionary Economy, U.S. INST. OF PEACE, http://iranprimer.usip.org/resource/revolutionary-economy (last visited
109 See, e.g.,
110 Agustino Fontevecchia, Standard Chartered Hid 60,000 Transactions With Iranian Banks Worth
111 Jessica Silver-Greenberg, Prosecutors
112 British Bank Makes
113 Illicit Money: How Much Is Out There?, U.N. OFF. DRUGS CRIME (
114 This figure does not include funds lost to tax evasion. Most of the roughly
115 See, e.g.,
116 U.N. OFF. DRUGS CRIME, ESTIMATING ILLICIT FINANCIAL FLOWS RESULTING FROM DRUG TRAFFICKING AND OTHER TRANSNATIONAL ORGANIZED CRIMES 5 (
117 Illicit Money: How Much Is Out There?, supra note 113.
118 TRANSNATIONAL ORGANIZED CRIME, supra note 116, at 5.
119 Marshall, supra note 24.
120 Id. at 958. Marshall simplistically asserts that privateering was primarily a money seeking venture and did not serve a valid military objective, without recognizing both goals are interchangeable.
121 PAULLIN, supra note 38, at 150-51. While downplaying the role of privateers and alleging they were merely profit seekers and not patriotic, Paullin later admits the "supplies captured from the British were often almost indispensable to the colonists." Id. at 152.
122 DONALD A. PETRIE, THE PRIZE GAME 3-4 (1999) (comparing privateering to gambling, which could result in "fortunes [brought] home from the sea").
123
124 Richard, supra note 19, at 426.
125 See infra Part V.
126 See supra Part II.
127 Literally translated means "thief in law." See KREBS ON SECURITY, New Findings Lend Credence to Project Blitzkrieg, http://krebsonsecurity.com/ tag/vorvzakone-gozi-prinimalka/ (last visited
128 While the exact identity of vorKzakone is unknown, he is believed to be a male, as shown by alleged photographs of vorKzakone online.KREBSONSECURITY.COM, http://krebsonsecurity.com/wp-content/ uploads/2012/10/vorvnsdyt.png (last visited
129
130 See MCAFEE, http://home.mcafee.com/Root/AboutUs.aspx (last visited
131 Blitzkrieg Cyber Threat, supra note 129.
132 David McMillin, Banks vs. Cybercriminals, BANKRATE.COM, http:// www.bankrate.com/financing/banking/banks-vs-cybercriminals/ (
133 KREBS ON SECURITY, supra note 127.
134 Id.
135 Nicole Perlroth &
136 Id.
137 Id.
138 Id.
139 Lee Ferran, Iran Denies Cyber Attacks on U.S. Banks, ABC NEWS,
140 N. Korea Possesses Considerable Cyber Hacking Capability: Experts,
141 Id.
142 Siobhan Gorman &
143 COMPUTER CRIME AND INTELL. PROP.
144 RICHARD A. CLARKE &
145 Gorman & Yadron, supra note 142.
146 Bardin, supra note 13.
147 Id.;
148 N. Korea Possesses Considerable Cyber Hacking Capability: Experts, supra note 140.
149 See, e.g., TREADSTONE 71, https://www.treadstone71.com/andCROWD- STRIKE, http://www.crowdstrike.com/services.html.
150 As Jeff Bardin says, "[a]s my information is being stolen, leveraged against me and used to impersonate me (like scores of thousands of other citizens), we continue to sit in rooms and discuss what to do." Bardin, supra note 13.
151 This is as opposed to merely defending against it using tactics such as firewalls, which can be breached. See generally
152 "Most cyber criminals have absolutely no defensive posture whatsoever. When hit with an offensive attack, they quickly shift their targets since it is not cost effective and their whole intent is economic in nature." Bardin, supra note 13.
153 See supra Part II.
154 Id.
155 KNIGHT, supra note 47, at 45.
156
157 GEORGE COGGESHALL, HISTORY OF THE AMERICAN PRIVATEERS AND LETTERS-OF-MARQUE, DURING OUR WAR WITH
158
When bail is given, the principal is regarded as delivered to the custody of his sureties. Their dominion is a continuance of the original imprisonment. Whenever they choose to do so, they may seize him and deliver him up in their discharge; and if that cannot be done at once, they may imprison him until it can be done. They may exercise their rights in person or by agent. They may pursue him into another State; may arrest him on the Sabbath; and, if necessary, may break and enter his house for that purpose. The seizure is not made by virtue of new process. None is needed. It is likened to the rearrest [sic] by the sheriff of an escaping prisoner.
Id. at 371 (emphasis added).
159 The U.S. Marshal Service offers monetary bounties of up to
160 The
161 REWARDS FOR JUSTICE, http://www.rewardsforjustice.net/ (last visited
162 Rob Wile, Iceland Has Hired an Ex-Cop to
163 See BAIL BOND LAWS, http://fugitiverecovery.com/bail-bond- laws/overview/ for a fairly thorough summary of each state's laws as of 2001 (summarizing fifty state laws) (last visited
164 See VA. CODE ANN. §§ 9.1-186 to 186.13 (2008); 6 VAC 20-260 (Regulations Relating to Bail Enforcement Agents); Bail Enforcement Agent, VA. DEP'T CRIM. JUSTICE SERVS. http://www.dcjs.virginia.gov/pss/ special/bailenforcementagent.cfm (last visited
165 See VA. CODE ANN. § 9.1 to 186.13.
166 See, e.g., FLA.
167 See, e.g., 725 ILL. COMP.
168
169 See, e.g., NAT'L ASS'N FUGITIVE RECOVERY AGENTS (N.A.F.R.A.), http://fugitive-recovery.org/ (last visited
170 The Computer Fraud and Abuse Act, 18 U.S.C. § 1030 (2006), would most likely prevent a company or individual from taking these steps. See infra Part IV.
171 Corporations such as CrowdStrike or Treadstone 71 purportedly offer services that can be used to gather information from an adversary's computers to support an arrest by federal, state, or local law enforcement entities. See supra note 149.
172 DeWitte, supra note 26, at 146-47.
173 Id. at 147.
174 U.S. CONST. art. I, § 8, cl. 11.
175 Hutchins, supra note 27, at 879-81. Hutchins details the history of the Bounty Act and associated jurisprudence. While
176 31 U.S.C. §§ 3729-3733 (2006).
177 18 U.S.C. § 1030 (2006).
178 This included not only government computers and networks, but also those of large banks, the
179 Bardin, supra note 13.
180 The expanding scope of the Computer Fraud and Abuse Act (CFAA) has been described by
181 "Damage" is "any impairment to the integrity or availability of data, a program, a system, or information." 18 U.S.C. § 1030(e)(8).
182 "Loss" includes "any reasonable cost to the victim." See id. § 1030(e)(11).
183 See id. § 1030(g).
184 See id. § 1030(e)(2).
185 See id. § 1030(e)(2)(B).
186 Jay P. Kesan &
187 See, e.g.,
188 Moulton v. VC3, 2000 WL 33310901 (N.D. Ga., 2000).
189 Nor were these acts in violation of the Georgia Computer Systems Protection Act (1991). GA. CODE ANN. §
190 United States v. Czubinski, 106 F.3d 1069 (1st Cir. 1997).
191 "[M]erely viewing information cannot be deemed the same as obtaining something of value for purposes of this statute . . . [t]he Government failed . . . to prove . . . [Defendant] . . . intended anything more than to satisfy idle curiosity." Id. at 1078.
192 Conducting throughput tests and scanning ports can detect system weaknesses, better positioning an attacker for follow-on action at a later date, if need be. While seemingly innocent, this could be an effective Operation Preparation of the Environment (OPE) for full scale cyber conflict. Due to sensitivity of the information discussed (cyber self-help), the expert agreed to be interviewed on the condition of anonymity. Interview with Cyber Security Expert (
193 See, e.g., NRC REPORT, supra note 18 (discussing the exemption for lawfully authorized law enforcement and intelligence agencies activities to the CFAA and how government agencies may commandeer private computes or pay for their usage).
194 See supra Part I (discussing of the frequency of cyber attacks). The CFAA, in one form or another, has been in effect since 1984. It has had little to no affect on cyber attacks.
195 See, e.g., Westby, supra note 147.
196 Ms. Westby, while arguing a cyber victim should turn over information to law enforcement instead of proactively defending themselves, admits that "there are too few of them with skills adequate to match the sophisticated nature of today's cyber criminals." Id. Others have agreed with her assessment that there are too few cyber-competent law enforcement officers. Bardin, supra note 13.
197 "[S]treet criminals were not stealing my Xbox and then fleeing to a foreign jurisdiction where the local authorities had no control." Zach, Active Defense Has High Risk, But So Does Inaction: Forbes/CSO, CYBER SECURITY LAW & POL'Y (
198 An individual basically set up a honey pot webpage attracting
199 Heidi Blake, Eastern European Cyber Criminal's Draining British Bank Accounts, TELEGRAPH,
200 Alexander Melnitzky, Defending America Against Chinese Cyber Espionage Through the Use of Active Defenses, 20 CORDOZO J. INT'L & COMP. L. 537, 540 (2012).
201 That is, the cyber bad actor who is committing the misconduct leading to the letter of marque commission.
202 Kesan & Hayes, supra note 187, at 481.
203 Id. at 451.
204 Id. at 481-82.
205 Bardin, supra note 13.
206 Lieutenant Commander
207 CLARKE & KNAKE, supra note 144 at 20.
208 Melnitzky, supra note 200, at 555 (quoting
209 Kesan & Hayes, supra note 187, at 330 (providing a basic discussion of the technologies available to ensure accurate attribution).
210 See supra note 5.
211 Kesan & Hayes, supra note 187.
212 See, e.g., Westby, supra note 147;
213 PARIS DECLARATION, supra note 63.
214
215 Id. art. 34
216 Id.
217 Id. art. 35.
218 "That maritime law, in time of war, has long been the subject of deplorable disputes." Paris Declaration, supra note 63, at 64.
219 Richard, supra note 19, at 429. But see DeWitte, supra note 26, at 132 ("
220 "Nothing in articles 34 to 37 precludes a rule set forth in a treaty from becoming binding upon a third State as a customary rule of international law, recognized as such." Law of Treaties, supra note 215, art. 38.
221 Customary Int'l Humanitarian Law, INT'L COMM.
222 This is the crux of the arguments advanced by many writers advocating a return of letters of marque in order to combat new threats such as terrorism and piracy. See, e.g., DeWitte, supra note 26; Richard, supra note 19.
223 ADAMS, supra note 72, at 141.
224 See supra note 85.
225 Morse, supra note 83, at 659-60.
226 CHOATE, supra note 98.
227 The
228 Tabarrok, supra note 21, at 575.
229 PARIS DECLARATION, supra note 63, at 64.
230 See Rita, 89 F. 763, 768 (1898); BARCLAY, supra note 27, at 205; Richard, supra note 19, at 429-30.
231
232 COUNCIL OF
233 Id.
234
235 Sara L. Marler,
236 Bardin, supra note 13.
237 What may be legal in one country, may not be in another, thus creating law enforcement problems when trying to enforce any laws in cyberspace.
238 For example, the two creators of the infamous ILOVEYOU virus in
239 Marion, supra note 237, at 701.
240 Id.
241 Id. at 701-02.
242 MICHAEL A. VATIS, PROCEEDINGS OF A WORKSHOP ON DETERRING CYBERATTACKS: INFORMING STRATEGIES AND DEVELOPING OPTIONS FOR U.S. POLICY 207, 214 (2010);
243 See, e.g., id. arts. 24-29.
244 See VATIS, supra note 242, at 214-18 (discussing the numerous loopholes contained in the
245
246 This provision, in effect, means that if the information leads to more criminals, and a nation wants to prosecute them, it may not use this information in that investigation/prosecution. The nation must start over in the investigative process as it relates to the newly discovered bad actors. Id. art. 28.
247 Id. art. 27.
248 VATIS, supra note 242, at 219 (quoting Council of
249 Ellen Nakashima, More Than 75,000 Computer Systems Hacked in One of Largest Cyber Attacks, Security Firm Says, WASH POST,
250 Id.
251 VATIS, supra note 242, at 209 (quoting an unnamed U.S. Dep't of Justice official).
252 As Bardin states:
Do we really think that establishing a convention on cyber crime is going to stop our adversaries? They do not recognize our virtual boards or virtual sovereignty as it is. Why would they recognize a convention on cyber crime? All this does is force offensive cyber forces to establish an unwieldy 'rules of engagement' that ties the hands of those who can execute offensive cyber actions.
Bardin, supra note 13.
253 Id. ch. II, art. 2.
254 Id. art. 3.
255 Id. ch. II, art. 6.
256 Statement of
257 Whether it is a congressional sub-committee, the NSA, DHS, etc.
258 Westby, supra note 147 (quoting
259 Id.
260 Richard, supra note 19, at 455.
261 Id. at 456.
262 An Act Concerning Letters of Marque, Prizes, and Prize Goods, Ch. 107, § 9, 2
263 Tabarrok, supra note 21, at 575, 570.
264 See, e.g., America's Top Cyberwarrior Says Cyberattacks Cost
265 COMMONWEALTH SECRETARIAT, LAW IN CYBERSPACE 23 (2001);
266 Ch. 107, § 9, 2
267 See, e.g.,
268 See, e.g., Robert McFarvey, Threat of the Week: Corporate Credit Unions Should Bolster Defenses Against DDoS, CREDIT
269 See D. Joshua Staub, Letters of Marque: A Short-Term Solution to an Age Old Problem, 40
270 See Zach,
271 Brenner, supra note 212.
272 See., e.g., Commissioning Private Vessels for Seizure of Piratical Vessels, 33 U.S.C. § 386 (2006).
The President is authorized to instruct the commanders of the public armed vessels of
Id.
273 Tabarrok, supra note 21, at 572.
274 Jurisdiction, 10 U.S.C. § 7652 (2006).
275 See The Resolution,
276 The legality of a capture is not determined until a court of competent jurisdiction has issued an order making such a determination. Id. Whether property seized may be confiscated as a prize is a judicial question and each case is to be decided on its own facts. Property Captured by the Potomac Flotilla, 10 Op. Att'y Gen. 467 (1863).
277 Duties of
278 Tabarrok, supra note 21, at 568.
279 The United States paid the owners of the captured ship
280 See, e.g., In re The Amiable Isabella, Munos,
281 Brenner, supra note 212.
282 Richard, supra note 19, at 455.
283 In a cyber context, this could include all computers and network capabilities.
284 48 C.F.R. §§ 9.406-406-05, (2012).
285 See The Santissima Trinidad,
286 See supra Part II.
287 UPTON, supra note 57, at 180.
288 Id. at 487.
289
290 Similar cyber threat and intelligence information-gathering authority is vested in the Secretary of Homeland Security. See Exec. Order No. 13,636, 78 Fed. Reg. 11,739 (
291 This cooperation is not without historical precedence. Between 1739 and 1763, privateers worked with the
292 William J. Lynn, III, The
293 Matt Egan, Hack the Hackers? Companies Itching to Go on Cyber Offense, FOX BUS. (
294 Id. (quoting testimony of former Homeland Security adviser and Director of
295 U.S. AIR FORCE LIFE CYCLE MGMT. CTR., BAA ESC 12-0011, BROAD AGENCY ANNOUNCEMENT: CYBERSPACE WARFARE OPERATIONS CAPABILITIES (2012), available at http://fbp/gov/utils/view?id=48a4eeb344 432c3c87df0594068dc0ce.
296 DEF. ADVANCED RES. PROJECTS AGENCY, DARPA-BAA-13-02, BROAD AGENCY ANNOUNCEMENT: FOUNDATIONAL CYBERWARFARE (PLAN X) (2012), available at https://www.fbo.gov/index?s=opportunity&mode= form&id=1bc45a18e1ba0763640824679d331e46&tab=core&_cview=0.
297 See supra Part IV (discussing Computer Fraud and Abuse Act, 18 U.S.C. § 1030(c) (2006), which allows for up to twenty years imprisonment for violations of the law).
298 Chris Strohm, Tax Breaks Considered to Improve Cybersecurity on Vital Neworks, BUS. WEEK, (
299 William J. Lynn III, Defending a New Domain: The
300 "Historian Faye M.
301 See infra Part III.
302 This addresses the emotional and intellectually dishonest reactions of "vigilante justice in cyberspace . . . notions of pirates on the high seas and wild west posses" as voiced by people such as
303 Some complain that to allow active-defense, cyberspace would devolve into a "wild west." ("Allowing companies an exception to the CFAA really would turn the Internet into the Wild West."). Westby, supra note 147.
It is in many ways the Wild West. Cyberspace has many similarities to a Wild West world . . . The message of this metaphor for cyberspace security is clear: If there is no way to enforce law and order throughout all of cyberspace, which appears to be the case, one must rely on local enclaves of law and order, and trusted friends.
304 "'It's unfair that hackers can do whatever they want and companies have to follow rules . . . .' said
Major
*
| Copyright: | (c) 2013 Superintendent of Documents |
| Wordcount: | 16636 |
PEOPLE: promotions, appointments and hires [Central Penn Business Journal (PA)]
Palmyra business building momentum [Central Penn Business Journal (PA)]
Advisor News
- How is consumers’ investing confidence impacting the need for advisors?
- Can a balance of withdrawals and annuities outshine the 4% rule?
- Economy ‘in a sweet spot’ but some concerns ahead
- Trump, Capitol allies likely looking at quick cryptocurrency legislation
- SEC panel reviews mandatory arbitration clause in investment advisory agreements
More Advisor NewsAnnuity News
Health/Employee Benefits News
- Temple pushes for special session on insurance reform
- 5 of the most frustrating health insurer tactics and why they exist
- Burlington County defies trends by keeping health insurance rates stable
- AI has a growing role in processing health insurance claims
- Greater Philly's largest health insurer to restrict coverage for weight loss medications, citing 'exorbitant costs'
More Health/Employee Benefits NewsLife Insurance News