Last month, Arizona Congressman David Schweikert presented H.R. 4988 to the House of Representatives. This proposed legislation aims to grant the U.S. President authority to issue letters of marque and reprisal in response to cybercrimes committed against the United States by criminal organizations or their collaborators, along with other related purposes.
This authority would allow the president to commission private individuals or firms to target cyber fraudsters.
This concept mirrors the historical practice where privateers, often likened to pirates, engaged foreign adversaries at sea under government commission. Historical data indicates that this approach significantly contributed to the United States’ victory in the American Revolution. For instance, statistics suggest that in 1776, the Continental Navy comprised a mere 64 ships and 1,242 guns, whereas 1,697 licensed privateer vessels boasted 14,872 guns. Consequently, privateers captured 2,283 ships, vastly outnumbering the 196 ships taken by the Continental Navy.
Could a modern application of privateering effectively resolve the ongoing cyber conflict? Is it prudent for the U.S. to enlist privateers in today’s digital warfare? Are government capabilities insufficient for this task? The potential answers to these inquiries might be evident in your daily email correspondence.
Firstly, reflect on the volume of scam, phishing, or spoofing emails that inundate your inbox daily. Beyond news reports of widespread data breaches or the billions lost annually to increasingly sophisticated fraudsters, how frequently have you personally faced inconvenience or outright victimization? Have your attempts to report these incidents to the FBI or other legal bodies yielded satisfactory results? Likely not. Despite this, seeking personal retribution against these scammers would constitute a breach of federal law.
My advocacy for cyber privateering began in 2010, spurred by my work on a novel titled Daddy’s Little Felons, which explores this very idea. It took approximately 15 years for this concept to gain significant attention. Earlier this year, Utah Senator Mike Lee expressed support for Congress reinstating letters of marque and reprisal. However, H.R. 4988 was not formally introduced until August 2025.
I recall a discussion with Oracle’s Larry Ellison around 1986 during one of our weekly advertising sessions. He noted that while the government might invest a million dollars and a year into training a pilot for a multi-million-dollar F-16, a single individual with a laptop, operating from a basement fueled by Jolt, could more rapidly target America’s adversaries—plundering central banks and potentially destabilizing governments. In such scenarios, conventional assets like F-16s might appear ineffective. Certain responsibilities naturally fall to governments, while others are ideally suited for an emerging class of privateering entrepreneurs.
Envision authorized and insured cyber privateers confiscating assets from culpable criminal organizations (even governments) and equally sharing the gains with the U.S. Treasury.
Naturally, such privateers would necessitate specific regulations. To formulate these, we can reference the 1823 Monroe Doctrine, which asserted that European powers must refrain from intervention in the Americas, or face consequences. Drawing from this precedent, I propose incorporating a “Cyber Privateer Code” into Congressman Schweikert’s bill, structured as follows:
- Unapproved attempts to access a computer or acquire data access credentials through phishing methods are deemed offenses, leading to the confiscation of the assailant’s assets by an authorized cyber privateer.
- Should an attacker be found operating under explicit directives from a larger entity or government, the assets of that entity or government are also subject to forfeiture, to the extent permitted for confiscation by an authorized cyber privateer. The individual whose assets were seized, or the officially appointed representative for the organization or government affected, possesses a “right of parley” with the leader of the cyber privateering organization. This meeting could occur via a two-way online video conference, be publicly documented by either or both participants, and must take place prior to the distribution of the confiscated goods, no later than 10 days post-confiscation.
- Innocent parties whose assets are mistakenly and directly seized by cyber privateers (and whose funds are not repatriated within 10 days following the parley) will receive compensation equivalent to four times their loss, with interest on the restitution calculated at 12% per annum.
- Clear and unmistakable notifications and requests for parley must be provided by the cyber privateer to ensure the right of parley can be exercised promptly.
Undeniably, adopting this quasi-piratical model for cybercrime deterrence would necessitate novel regulatory frameworks and introduce fresh complexities. For example, what would ensue if an authorized privateer, operating under a legitimate letter of marque and reprisal, were to abscond with millions from a criminal enterprise? Would we then discover the remains of that privateer, along with those of their associates and family, publicly displayed as a chilling demonstration of organized crime’s retaliation?
Nevertheless, I firmly believe this methodology could provide the U.S. with a formidable new instrument for combating cybercrime.
Given its efficacy during the American Revolution, what prevents it from being effective in our contemporary challenges?
