In a bold legislative move reminiscent of the early days of the American republic, Congressman David Schweikert (R-AZ) has introduced the Cybercrime Marque and Reprisal Authorization Act of 2025, H.R. 4988. The bill, which aims to “empower the U.S. executive branch to enlist private cyber operators in the fight against foreign cybercriminal syndicates”, has sparked a heated debate over its implications and potential pitfalls.
Schweikert’s proposal seeks to resurrect a constitutional provision last invoked over two centuries ago during the War of 1812. This provision, found in Article I, Section 8 of the U.S. Constitution, allows Congress to issue “letters of marque and reprisal.” Historically, these letters authorized privateers to attack enemy ships and seize goods on behalf of the U.S. government. The modern twist proposed by Schweikert involves licensing private cyber entities to pursue, disrupt, and potentially retaliate against foreign enemies.
The bill comes at a time when cybercrime is on the rise, with the FBI reporting over 859,000 complaints in 2024, resulting in $16 billion in losses. The elderly are particularly vulnerable, with those over 60 years old suffering nearly $5 billion in damages. Much of this criminal activity is traced back to sophisticated operations in countries like Myanmar and North Korea, where cybercriminals enjoy state protection and exploit the digital vulnerabilities of the U.S.
Hypocrisy?
While Schweikert argues that this approach leverages innovation and constitutional authority to combat cybercrime, critics point out the potential for unintended consequences and ethical quandaries. The very notion of deputizing private actors to engage in cyber operations abroad mirrors tactics often criticized when employed by countries like North Korea, China and Russia. These nations have been accused of turning a blind eye to, or even tacitly supporting, cyber mercenaries that launch attacks against foreign entities, including U.S. companies and infrastructure.
The bill’s provisions allow these private cyber operators to “recover stolen assets, prevent future attacks, and defend critical infrastructure”, all under the guise of federal oversight. However, the lack of clear regulatory frameworks for such activities raises concerns about accountability. How can the U.S. ensure that these private entities do not overstep their bounds or engage in activities that could provoke international conflict? Furthermore, the requirement of security bonds as a safeguard seems almost quaint in the face of the unpredictable and rapidly evolving digital battlefield.
Critics also argue that this bill could set a dangerous precedent, potentially escalating cyber tensions and encouraging other nations to adopt similar measures. Such a scenario could lead to a digital free-for-all, where private actors sanctioned by their governments engage in cyber skirmishes, blurring the lines between state-sponsored and independent cyber activities.
In essence, Schweikert’s bill attempts to address a pressing issue with a tool from the past, one that may not fit neatly into the complexities of modern international relations and cybersecurity. The U.S. has often denounced the lack of transparency and state-sponsored cyber activities from countries such as China and Russia. Yet, by authorizing private actors to act on behalf of the state in cyberspace, the U.S. risks engaging in the very practices it has criticized.
In conclusion, Schweikert’s bill is a significant and controversial step forward in the fight against cybercrime. It remains to be seen whether this approach will prove effective or if it will simply escalate the ongoing cyber battles between nations. The U.S. must tread carefully to ensure that its efforts to secure the digital frontier do not inadvertently mirror the very behaviors it seeks to condemn on the world stage.
Source: US congress
