Revive Letters of Marque and Reprisal to Launch Cyber-Attacks Against China?
Dan Blumenthal of AEI has a thoughtful piece in Foreign Policy on different tactics the U.S. could take to “win a cyberwar” with China. I think it is more about how the U.S. should “fight” the cyberwar with China and other governments that are going to use cyber-attacks against US companies and government entities. Still, what caught my eye are two interesting legal proposals.
1) The US could amend the Foreign Sovereign Immunities Act to permit lawsuits against governments and government entities (like China’s) for cyberattacks and cybertheft. I suppose the idea would be that a US company could sue the infamous People’s Liberation Army unit that is allegedly sponsoring many of the cyber attacks against the U.S. I think this is a not very good strategy since such litigation for state sponsors of terrorism have not gone very well. And it would seem to require the US to open the doors to litigation against a foreign sovereign, which will certainly invite retaliation against the US government and US companies doing business with China. So I assume no such lawsuits would ever be brought, or almost never would be brought. Still, worth thinking about.
2) Here is the hot idea: Issuing letters of marque and reprisal against cyberattackers. This idea has been developed by GMU lawprof Jeremy Rabkin and Ariel Rabkin here. I think as a policy matter, the idea of bringing private non-governmental resources into play is really important, since they have much of the technical expertise and suffer the most damage from cyberattacks. On the other hand, officially sanctioning private warfare via “cyber-privateers” seems more trouble than its worth. You are responsible for the damage they wreak, but you don’t actually control them very well since they are not in your chain of command. And, oh yes, other countries could do this even better than the U.S. could. Except they simply deny their relationship with the “private”attackers.
And I also think that international law would have something to say about this. If a state of armed conflict existed, than it is easier to imagine unleashing a private band of cyberwarriors. But absent that, I don’t think the cyber-privateers makes much legal or policy sense. How could the US legitimately sanction private attacks against a foreign government absent a state of armed conflict without having to treat all foreign private attacks against it as “armed attacks” as well?
Still, I like the idea of expanding the universe of U.S. expertise and ability in the cyberwars, taking an offensive rather than a defensive approach, and thinking of new ways to do so. I am just not sure reviving private warfare will necessarily do that.