LENS Essay Series: “Private Redress for Private Wrongs: Ransomware Payments as Prize”
Today I’m pleased to announce a new addition to the LENS Essay Series. This article is by Liam A. Murray, a rising 3L here at Duke Law. Liam’s submission is a very creative one as the title suggests: “Private Redress for Private Wrongs: Ransomware Payments as Prize”
Liam’s work explores some very timely questions: how to counter ransomware attacks? Could Congress’ authority found in Article I, Section 8 of the Constitution to issue letters of marque and reprisal possibly help to find an answer?
Liam’s article expertly examines the history of letters of marque and reprisal, analyzes them in the context of the cybersphere, and suggests how they might used to counter ransomware. His fresh look at these old tools is fascinating!
An abstract is below, but be sure to read his full essay (found here).
Recent legal scholarship has identified letters of marque and reprisal as a legal tool that could potentially address a range of cybersecurity threats faced by the United States. The arguments generally advocate for a ‘hack-back’ authority– that letters of marque and reprisal be used to allow United States persons, particularly businesses, to hack their hackers back. However, these proposals fail to adequately consider what facets of letters of marque and reprisal made them effective when they were common legal instruments. (In their original historical context?)
Letters of marque and reprisal are legal instruments that enable private parties to take specified property and, after legal process, benefit from its sale. These instruments were originally a sovereign grant of a private right to self-help, before becoming tools of public war. Two incentive structures, prize and salvage, make such a regime viable. Prize enables the holder of a letter of marque and reprisal to benefit from the sale of captured property. Salvage enables the original owner of that property to likewise benefit from that sale. These mechanisms function to incentivize parties to retake wrongfully taken property and afford relief to wronged parties in the form of restitution.
A ‘hack-back’ authority does not fit this model because it fails to utilize those incentives. Such an authority would be retaliatory in nature, rather than restitutionary. Nevertheless, while letters of marque and reprisal may not be effectively analogized to general hack-back authorities, they may be a viable tool for dealing with ransomware, an arena in which clear analogies to prize and salvage are readily available. This paper evaluates the legal history and status of letters of marque and reprisal in American and international law and argues that the United States may be well-served by considering the use of letters of marque and reprisal to address the problem of ransomware.
About the Author:
Liam Murray is a 3L at the Duke University School of Law, where he is expected to receive his J.D. and LL.M. in Comparative and International Law in 2023. Liam is from Raleigh, N.C., and graduated from the University of North Carolina at Chapel Hill in 2018 with a B.A. in Peace, War, and Defense and Public Policy. Liam is a member of the Duke Law Journal and a President of the Transactional Law Society. During his 1L summer, Liam interned with the European Bank for Reconstruction and Development. Liam is currently working as a Summer Associate for Simpson Thacher & Bartlett in Washington, D.C.