Cyber Privateering: A Risky Policy Choice for the United States

Privateering in information security is back in fashion. This is not the first time: In 2006, Michael Tanji diagnosed parallels between cyberspace and the loosely governed sea in the 17th century and explored privateering as a policy solution. In 2013, Halvar Flake gave a keynote, analogizing the development of the hacking community in the 1990s and 2000s with the development of navies in the 16th and 17th century. His focus was mainly on identifying similarities, not advocating policy. And earlier this year, Dave Aitel brought up the issue here on Lawfare and advocated for resurrecting privateering in cyberspace. Although I agree that the analogies are striking, the risks of adopting 17th century policy in today’s environment are underappreciated. There are many risks, but the following three stand out: an increased risk of unnecessary escalation, the potential for reprisal, and the setting of an international norm that is, for the United States, strategically undesirable.