Pirates of the Cyber Seas: Are State-Sponsored Hackers Modern-Day Privateers?

Understanding the descriptors attached to cyber operations and cyber actors is crucial to communicating the nature of these entities and the influence they wield in cyberspace. Given the ever-increasing threat that corporations, governments, and the everyday consumer face from these entities, it is paramount that respondents evaluate and apply the most appropriate descriptors when communicating about such incidents. In this paper, we discuss whether a ‘privateer’ analogy has relevance in this space given the current state of cyber-actor behaviour and the increase in the number of governments relying on external experts to design, construct, and execute cyber-disruption operations.

In determining the appropriateness of the ‘privateer’ analogy, we explore the following questions:

• What types of labels are available for this private actor-perpetrated, but state-purposed cyber-operational conduct?
• Based on a brief history of privateering, how and why might privateering be an appropriate analogy?
• Given the strict legal paradigmatic constraints surrounding the availability of the concept and the availability of modern Law of Armed Combat (LoAC) concepts to cover the practice, how and why is privateering not an appropriate analogy?

Ultimately, we conclude that the applicability of the ‘privateering’ analogy in the context of cyber operations is dubious. It appears that international law has developed beyond the need (and desire) for privateers and privateering operations. In this discussion, we consider legal and regulatory alternatives for responding to cyber behaviour that may still resemble privateering under effective (and much more current) international law.