Tuesday, January 4, 2011

My legal justification for cyber privateers

I'm not a lawyer, as I indicated in my December 30, 2010 post on the federal judge's decision to whack 1-800CONTACTS in the head.  An excellent legal source for cyber crime in general and Letters of Marque in particular is Susan Brenner, a law professor who blogs on the subject. You can categorize me as a novelist looking for a way to "suspend disbelief" mixed with a technorati who is extremely irritated with attacks on his Linux server. Net net, I'm one step lower on the food chain than the proverbial "jailhouse lawyer."

Before enumerating my legal justification for legalizing cyber privateers, let me quote a few concerns raised by the above-referenced Susan Brenner in her blog on Letters of Marque as they apply to cyber crime. Quoting from her May 18, 2009 blog:
Since I don’t see how a power that is limited to seizing assets could be particularly useful in the cybersecurity context…
I think seizing assets is a useful deterrent. Yes, it will take some cleverness, but a cyber privateer armed with the right toolset (like The Perfect Virus) is clearly up to the task. Professor Brenner further writes:
I see a lot of problems with the strike-back option, the most important of which is that it can be an invitation to vigilantism. I might be tempted to do more than just make the person who hacked my system or is trying to hack my system back off; I might go after them seeking revenge for that and other attacks and go too far. I might also go after the wrong target, which could cause all kinds of problems as well as maybe getting me charged with a crime (unauthorized access + damage to a system).
Again, I believe forced compliance with The Cyber Privateer Code would mitigate the above concerns. How about her start-a-cyber-war concern?
If I’m acting on my own, that could be a cybercrime and the North Koreans could ask the U.S. government to extradite me so I could be prosecuted in North Korea. If I’m doing in on behalf of the United States, does that transform my conduct into something more . . . into an act of war, perhaps?
Acting within the contest of my above-referenced Cyber Privateer Code, no bonding authority would authorize a foray into cyber space without specific conditions being met by the licensed and bonded cyber privateer, who is indeed in it for the money (something to which Professor Brenner takes issue):
If we were to decide to use cyber-letters of marque and reprisal, I’m not at all sure we should incorporate the “use this power to enrich yourself” aspect of the old letters. I’m quite sure people could use the cyber-letters to enrich themselves by hacking into criminal systems and taking whatever could be sold or redeemed for profit. I’m just not sure it’s a good idea;  
While I am not totally sure myself whether or not cyber privateering is "…a good idea…", it's the best idea I've seen so far. It will not be a drain on the taxpayer. Quite the contrary, it will be a revenue source for not only the government, but major insurance institutions looking for a new product: Privateer Liability Insurance. And as to her concern about "who is fair game," I cover that in The Cyber Privateer Code.

The one concern raised by Professor Brenner that I can't easily dismiss is that of reprisal by the criminal entity:
If we were to authorize cyber-privateers to deal with cybercriminals, it seems to me we’d be opening up the possibility of essentially reversing that dynamic: I’m assuming that the cyber-privateers would be representatives of legitimate U.S. businesses and other entities who are going after online criminals as redress (reprisal) for prior attacks on them or on other U.S. businesses or entities. If I’m correct in assuming that, then it seems to me our cyber-privateers could make the entities they work for sitting ducks.
I can envision scenarios where "corporate America" might not want to risk reprisal on company officers and their families. However, I'm willing to let "the market" determine those dynamics. And certainly, a cyber privateering organization could well be under contract to the Justice Department to act in behalf of the United States government.

Susan Brenner has taken a professional and thoughtful approach to these issues, and I suspect she'd be asked to testify in any congressional hearings concerned with legalizing cyber privateers. But within the context of the above discussion, here is my (jailhouse lawyer) enumeration of the legal issues.

  1. Article I § 8 of the U.S. Constitution gives Congress the “Power To . . . grant Letters of Marque and Reprisal”.
  2. Like The Monroe Doctrine drew a line in the sand, it is imperative that a similar approach alert the world that a new policy is in force. Hence the name of this blog: The Morgan Doctrine.
  3. There is a common law precedent for defending your home/business against intruders.
  4. Among other legal precedents, Judge Waddoups (referenced above) ruled that it is illegal to present yourself in cyberspace as someone you are not, with credentials that you do not legitimately possess. 
  5. The rules of "hot pursuit" could be applied to going after criminals on their home turf, although the 1917 US pursuit of Pancho Villa into Mexico and the 1960 Israeli capture and kidnapping of Adolf Eichman in Argentina are questioned as violations of international law. That's why "The Morgan Doctrine" needs to be unambiguously articulated by whichever government issues it.
  6. The Cyber Privateer Code linked with a bonding authority will mitigate the financial and legal risks of the cyber privateer.
As I said above, I'm not totally convinced cyber privateering is a good idea. But it's the best one I've been able to come up with to address cyber crime and rogue governments. You have a better one?

No comments:

Post a Comment

Implementation suggestions for THE MORGAN DOCTRINE are most welcome. What are the "Got'chas!"? What questions would some future Cyber Privateering Czar have to answer about this in a Senate confirmation hearing?