Based on an interesting piece by Dan Blumenthal in Foreign Policy on how the U.S. could “win a cyberwar” with China, Julian Ku focused on two proposals: allowing civil suits against foreign governments involved in cyber operations and creating cyber letters of marque and reprisal. Here is his thoughts on the latter proposal:
Here is the hot idea: Issuing letters of marque and reprisal against cyberattackers. This idea has been developed by GMU lawprof Jeremy Rabkin and Ariel Rabkin here. I think as a policy matter, the idea of bringing private non-governmental resources into play is really important, since they have much of the technical expertise and suffer the most damage from cyberattacks. On the other hand, officially sanctioning private warfare via “cyber-privateers” seems more trouble than its worth. You are responsible for the damage they wreak, but you don’t actually control them very well since they are not in your chain of command. And, oh yes, other countries could do this even better than the U.S. could. Except they simply deny their relationship with the “private”attackers.
And I also think that international law would have something to say about this. If a state of armed conflict existed, than it is easier to imagine unleashing a private band of cyberwarriors. But absent that, I don’t think the cyber-privateers makes much legal or policy sense. How could the US legitimately sanction private attacks against a foreign government absent a state of armed conflict without having to treat all foreign private attacks against it as “armed attacks” as well?
Read it all here. Count me among the sceptics of this idea. The downsides seem enormous. What do you think?
Charles A. Blanchard
United States Air Force