It used to be normal for the governments of countries to outsource warfare by giving assurances to thieves that they could legally retain any booty stolen from the enemy so long as they only stole from the enemy. This practice allowed English sailors like Francis Drake to steal a lot of gold from Spanish galleons; such sailors were politely described as ‘privateers’ by the English while the Spanish were equally entitled to describe them as pirates. It goes without saying that Britain’s government had less sympathy for freelance warfare when the fledgling USA licensed its own pirates to attack British ships during the American War of Independence and also during the War of 1812. It has been estimated that licensed American pirates captured more than five times as many British ships during 1812 as the official US Navy, thus greatly magnifying the ability of the USA to wage war at sea. Such licenses to pirate were known as ‘letters of marque’ and none have been issued by the USA since 1812, though that is about to change if Republican Congressman David Schweikert succeeds in getting his Scam Farms Marque and Reprisal Authorization Act passed into law. The main difference will be that Schweikert wants letters of marque for American cyberpirates who sail upon networked seas, and he suggests the first targets should be scam operations in North Korea and Myanmar.
Schweikert explained his reasoning through a press release.
According to the FBI’s 2024 Internet Crime Report, Americans filed over 859,000 complaints, totaling $16 billion in losses, with a 33 percent increase in losses compared to 2023. Americans over 60 suffered nearly $5 billion in reported financial damages. Many of these cyberattacks originate from sophisticated “scam farms” in places like Myanmar and North Korea, where large-scale operations are often state-linked and designed to steal from Americans while infiltrating U.S. digital systems.
I find it telling that Schweikert makes no mention of Cambodia, which has overtaken Myanmar as a home for scam compounds. The US government sees itself in a competition with China for influence over Cambodia, and is consequently willing to turn a blind eye to the rampant corruption that allows Cambodian elites to enrich themselves from industrial-scale scam compounds. The level of sophistication involved in most scams can also be exaggerated. Many scam calls received by Americans are traced to simboxes within the USA. Simboxes are old tech. The global comms industry has a lot of experience with methods to detect simboxes. Other countries have laws that prohibit the import and ownership of simboxes. The current US problem with simboxes is due to corporate greed and weak government, not because the government has not authorized enough corporate vigilantes. However, I digress from the central thrust of Schweikert’s argument. He continues…
The proposed legislation allows the executive branch to issue limited, targeted commissions to disrupt these foreign cybercriminal enterprises. These licensed cyber operators would be authorized to recover stolen assets, prevent future attacks, and defend critical infrastructure, all while operating under federal oversight.
“Americans deserve protection from digital predators who exploit outdated laws and hide in foreign jurisdictions,” Schweikert added. “This proposal harnesses innovation and constitutional authority to respond to the modern crisis of cybercrime.”
I would provide some detail about how the booty recovered stolen assets would be divided between the licensed pirates and its original owners but Schweikert’s bill has nothing to say about that. The pirates will want to keep some of it to cover their costs and reward their efforts. This begs a serious question about how the rest would be distributed, if any of it will be distributed. The administration of President Donald Trump established a Strategic Bitcoin Reserve earlier this year, mostly by bringing together all the bitcoins that US law enforcement agencies had previously seized from criminals. It is likely that a portion of any cryptocurrency assets grabbed by corporate pirates would end up somewhere similar.
It should go without saying — though sadly it needs saying when dealing with some Americans — that transnational crime syndicates do not exclusively steal from victims in the USA. Giving American corporations the freedom to ‘recover’ assets stolen from other countries, without returning those assets to the rightful owners, could easily lead to a madcap unregulated cyberwarfare race with other countries that will also license pirates in a bid to grab the booty first. If a Spanish privateer raided the treasure of a Myanmar scam compound, would American privateers be free to steal from that Spaniard the share of the assets that had previously been stolen from Americans? How would such a figure be calculated? And will any of these proceeds be given as compensation to the victims of human trafficking who were forced to work in these scam compounds?
Schweikert’s bill places no genuine limit on the ‘limited, targeted’ licenses that would be handed out because all such licenses would be issued at the discretion of President Trump. The President would have almost complete freedom to decide who can re-steal what from where. The only country that would be safe from the consequences of this law is the USA.
The President of the United States is authorized and requested to commission, under officially issued letters of marque and reprisal, so many of privately armed and equipped persons and entities as, in the judgment of the President, the service may require, with suitable instructions to the leaders thereof, to employ all means reasonably necessary to seize outside the geographic boundaries of the United States and its territories the person and property of any individual or foreign government, as applicable, who the President determines is a member of a criminal enterprise or any conspirator associated with an enterprise involved in cybercrime who is responsible for an act of aggression against the United States.
I appreciate that the majority of American readers of Commsrisk will also consider Schweikert’s bill to be posturing nonsense. It is unlikely to become law. Nevertheless, I beg the forbearance of American readers as I observe that Schweikert’s bill is further proof that the global comms industry cannot allow strategies for reducing scams to be dominated by American interests. The USA lacks the leadership needed to formulate an effective global strategy, largely because it struggles with obtaining the right balance between the public sector and the private sector.
A rational approach to scam reduction would start with eminently achievable goals like banning simboxes and blocking inbound international calls that spoof a domestic US number. US comms providers resist these policies because they would reduce corporate profits. An unhealthy obsession with protecting corporate profits ahead of protecting the American public has skewed the decisions made by American policymakers. They exaggerate how much the USA has fallen victim to actions taken outside of the USA and they understate the consumer protection options that are entirely within their power. US comms providers lobby too hard against necessary changes in consumer protection policies, even when they are destroying the long-term prospects for their own businesses by allowing customers to be overwhelmed by unwanted communications. If US politicians and US captains of industry are constitutionally incapable of waging war on the fraudsters within the country’s borders then they should never be allowed to dictate how the war on crime will be waged elsewhere.



