Daily Archives: 18/05/2021

Corsairs and Cyber Pirates: Should We Consider Bringing Back Letters of Marque?

Posted on by

The Wall Street Journal recently published an article entitled A Maritime Solution for Cyber Piracy which grabbed my attention. The author, a lawyer who used to work for the Air Force, suggests we may want to look into the concept of letters of marque so as to shore-up the U.S.’s cyber-defences.

Such “letters of marque” (also called letters of permission or of commission) involved a license (permission) granted by the U.S. government empowering certain citizens or groups to participate directly to the defence of commerce or of the nation itself. Though common a few hundred years ago in Europe (and later around America), such permission largely disappeared in the 19th century, as countries acquired navies capable of policing sea lanes without having to resort of privateers to do so. For a time, though, the idea of “privateers” (or “corsairs”) sinking or capturing enemy (or pirate) ships in exchange for reward was fairly commonplace. Faced with security issues they could not deal with themselves, many countries compromised by asking private parties to do what they could not, often with the promise of a bounty or rewards to get the job done.

Recent high-profile cybersecurity incidents seem to indicate we may collectively be faced with a situation somewhat akin to that faced by the U.S. in the 19th century, at a time when the government was unable to itself deal with the nation’s security. Could it be that rampant cybercrime has brought about a similar situation? An argument to that effect can certainly be made.

Interestingly enough, the fact that the NSA is prohibited from watching domestic networks too closely may militate in favour of this idea, so as to fill the gap, so to speak. If the main watchdog cannot act once cyberpirates have penetrated targets in America, one might argue we need help that private parties may be especially well positioned to provide.

Given the growing threat of cyberpiracy, including to some important infrastructure (such as the pipeline recently shut down by a ransomware attack), the author argues that we may want to start looking at the concept of letters of marque. Given the apparent inability of the U.S. government to stop the threat, one might argue it may be time to try and incentive private citizens and businesses to report and go after cybercriminals.

Interesting idea, no doubt. One has to admit we definitely seem to be in need of a new set of solutions if we hope to manage to tackle the issues relating to cybersecurity in a proactive manner. Though I’m not sure how this may work in practice, I think it may indeed be time to start incentivizing private parties to help our collective efforts to thwart cybercriminals.

Canadian Privacy Commissioner Unimpressed with Bill C-11 as it Currently Stands

Posted on by

The Canadian Privacy Commissioner recently voiced serious concerns with Bill C-11, a piece of legislation meant  to replace the Canadian law relating to  personal information. Though it is meant to upgrade Canadian legislation, Commissioner Therrien believes the revised law would actually lessen the protection of personal information for Canadians.

As you may remember, the Canadian Parliament tabled new bill called C-11, back in September, meant to overhaul our the Canadian personal information protection statute. This bill is currently being studied, including as changes which may be required before it should become law.

Mr. Therrien recently spoke about this bill at an online conference put together by the Option Consommateurs, where he gave us his take on C-11, namely that this bill falls short of adequately protecting Canadians.

For one thing, the Canadian Commissioner says the new law should make it harder for businesses to use obscure or vague language, when requesting consent from individuals, but it does not. Even under the new statute, businesses could continue to ask for consent using language that is unclear or not specific enough. According to him, Bill C-11 would lower the standard to apply to consents from individuals.

Not too surprisingly, the Commissioner also disagrees with the Legislator’s decision to create a new system whereby penalties would be heard by a new administrative tribunal, as opposed to the office of the Privacy Commissioner of Canada. He believes this new structure will only result in process that is even more cumbersome in cases of violation of the privacy protection statute.

The Commissioner also reiterated that he believes Canada should be enshrine the individuals’ rights to the protection of their personal information, for example in Constitution-like documents meant to confer on that right a charter-like protection. Sadly enough, Canada has yet to protect the righto to the protection of personal to that extent. According to the Canadian commissioner, this weakens what Canadians can expect in terms of protection from the law.