Cyber pirates: US MPs want to strike back with online letters of marque

With the "Scam Farms Marque and Reprisal Authorisation Act of 2025", the US Congress is considering a historic and at the same time highly risky step in the fight against cybercrime. The bill, initially introduced in the House of Representatives by Republican MP David Schweikert, aims to revive the centuries-old instrument of letters of marque and reprisal from the maritime world and transfer it to the digital space.

Schweikert proposes authorising private actors – These can be security companies or individuals – to carry out active offensive cyber operations against foreign criminal networks, ransomware gangs, crypto fraudsters and even state-supported threat actor groups. The aim is to fend off ongoing IT attacks or directly attack cyber criminals on foreign servers. Such authorisation for hackbacks has also long been controversial in Germany.

The dilemma of digital warfare

The initiator of the draft justifies the proposal with the alarming increase and perceived impunity of cybercrime. According to the FBI, online crime led to losses of 16 billion US dollars in 2024 alone. Perpetrators often operate from countries such as China, Russia or North Korea, where prosecution is difficult.

Supporters of the initiative therefore argue that private cyber predators could act faster and more flexibly than overburdened, bureaucratic state authorities. Such an approach would also be a more effective deterrent. In addition, the prospect of cyber criminals losing their prey at any time could make entire business models such as ransomware unattractive.

The draft law is constitutionally linked to Article I, Section 8 of the US Constitution, which continues to authorise the granting of letters of marque. Instead of capturing ships, the modern privateers would hack criminal accounts, confiscate cryptocurrencies and paralyse infrastructures. After the House of Representatives, the proposal would still have to pass the Senate.

"Privatised warfare"

Despite the supposed charm of "privatised warfare", the concerns of observers outweigh the advantages: the biggest point of criticism is the lack of control. The draft envisages that the US President alone will issue the letters of marque, which would lead to a further concentration of power. There are no guarantees that the cyber pirates will abide by the rules. Opponents of the initiative lack mechanisms for compensating innocent victims, for example.

Critics also argue that with this approach, the USA would be legalising the very tactics that they accuse authoritarian governments such as China or Russia of using: the use of state-sponsored hackers. The intrusion of servers in foreign countries by private actors could be considered an act of aggression by the countries concerned.

It is also unclear what happens to the confiscated assets. The proposal focuses on punishment and deterrence, but not on compensation for the actual victims of cybercrime. Critics fear that a new, lucrative business model for state-sanctioned hacking will be created.

(akn)