To get notices of new blogs via email, click here:

Saturday, November 13, 2010

The Cyber Privateer Code

According to Wikipedia (I don't necessarily believe everything I read in Wikipedia, but this appears to be accurate), Isaac Asimov introduced The Three Laws of Robotics in a short story Runaround:
  1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
  2. A robot must obey any orders given to it by human beings, except where such orders would conflict with the First Law.
  3. A robot must protect its own existence as long as such protection does not conflict with the First or Second law.
  4. (added later by Asimov as the "Zeroth" law) A robot may not harm humanity, or, by inaction, allow humanity to come to harm.
In the movie Pirates of the Caribbean, reference is made to a "Pirates' Code" and specifically the "right to parley," which referred to a prisoner's right to parley with the captain before disposition of whatever fate awaited said prisoner. Given the atrocities attributed to real pirates, I doubt any pirates' code either existed or was ever enforced. Nevertheless, I kind of like the "right to parley" and have included it in my own first draft of The Cyber Privateer Code.

The reason I'm intrigued with the concept of a cyber privateer code is that my whole basis for cyber privateering is do enable such a system under the rule of law. My "Morgan Doctrine" is analogous to the Monroe Doctrine. Combine that with a formalization of "rules of hot pursuit" wherein you might track down a cyber criminal wherever he/she/it may reside to invoke a disproportionate penalty (the only way to truly discourage cyber crime and even cyber war), and you still need a "code of conduct" whereby an unwitting victim might seek redress from the leader of a cyber privateering operation. A final nod to the rule of law is the concept of modern-day bounty hunters, who normally track down people who have jumped bail.

The intricacies of possible cyber privateering scenarios could create a very long list of cyber privateer code elements. In my November 9th post, I quoted author Paco Hope (Web Security Testing Cookbook) who took issue with his victimized grandmother being wiped out by "an inept French privateer". I've tried therefore to include victim redress as part of the cyber privateer code. Furthermore, the Lord God Almighty (at least as far as Jews, Christians or Muslims are concerned) managed to keep His code to a list of ten commandments. So I'll try to keep things somewhere between Asimov's four and Himself's ten.

The Cyber Privateer Code (draft 02—updated on 6/28/2013):
  1. Any unauthorized attempt to access your computer or phish your data access privileges constitutes a crime punishable by the looting of the attacker's assets by an authorized cyber privateer. All assets. Within 6 months of the attack.
  2. If it is determined that the attacker is acting under explicit instructions from a larger organization or government, the assets of that organization or government are also forfeit to the extent that an authorized cyber privateer may confiscate them within a six month period of the original motivating attack. All assets.
  3. The individual whose assets were seized by a cyber privateer—or the publicly and legally designated spokesperson for the organization or government whose assets were seized by the cyber privateer—has the "right of parley" with the head of the cyber privateering organization, such meeting to take place online in a two-way video conference, such conference to be publicly recorded by one or both parties and before the disposition of the booty but no later than 10 days from the confiscation.
  4. Innocent victims whose assets are directly and mistakenly confiscated by cyber privateers (and whose funds are not returned within 10-days after the parley) shall be compensated in an amount equal to four times their loss, with interest accruing on the restitution amount at the rate of twelve percent per annum. This does not include victims of the cyber criminals, since they were already victimized.
  5. Notifications and requests for parley must be unambiguously left by the cyber privateer so as to allow the right of parley to be exercised in a timely fashion.
Okay, five is good. Less than rules dictated by the Creator, more than Asimov's laws of robotics. Comments? 

6 comments:

  1. Alas, I edited the first draft of The Cyber Privateer Code on 6/28/2013. Now we're at Draft 02 (see edit in Red above). I changed the penalty of harming innocents from one-hundred times their loss to four times their loss. I figure the original loss plus treble damages (with interest) is more reasonable. And it would make a bonding authority much more likely to authorize a cyber privateering raid.

    ReplyDelete
  2. it seems to me that to authorize looting of all of the assets of the offender would be a little drastic, I would suggest instead that say no more then double the worth of all information/assets stolen in the first place could be appropriated by the privateer and/or the government could offer a bounty for apprehending the aforementioned pirate.

    ReplyDelete
  3. Nah. Given the high level of government-sponsored hacking, this has to have real teeth. And given the extraordinary personal risks facing successful cyber privateers from victim governments wanting revenge, a mere 2X reward wouldn't be worth it. The original Revolutionary War privateers has a monstrous mortality rate. I suspect modern-day cyber privateers would be equally at risk.

    ReplyDelete
  4. Hmm... hadn't thought of that. certainly you have given me food for thought. Do you mind if I cite the Morgan doctrine in a paper i am writing ?

    ReplyDelete
  5. Feel free to cite The Morgan Doctrine in your paper. And if you want a complete legal justification for the Cyber Privateer proposal, click on the link to the right.

    ReplyDelete
  6. I would support the Morgan Doctrine to be appended to the Apple licensing agreement. I use the Apple licensing agreement for Everything as I can't afford to hire that many lawyers to write a better one. Now I can append the Morgan Doctrine so everyone knows my enforcement has TEETH. Thanks, Rick :)

    ReplyDelete

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?