Countering Extremist Groups in Cyberspace: Applying Old Solutions to a New Problem
By: LTC Robert Schultz, US Army
Finding ways to counter an adversary that is not physically observable poses a significant challenge, especially when that adversary is operating within the vast domain of cyberspace. For various extremist groups that promote hatred and violence, cyberspace provides a virtual safe haven where they can promote their causes, raise funds, communicate, and grow. Based on the increasing number of extremist websites, it appears that the considerable efforts to degrade these online operations have had little overall effect. This outcome points to the need for innovative strategic solutions to counter these extremist groups in cyberspace.1 Rather than creating new strategies that require a tremendous amount of brainpower, manpower, and money, however, new forms of two old operational concepts from land and naval warfare over the last few centuries could work in tandem to counter the cyberspace strategies of extremist groups.
The first concept is called a false-flag operation, a deceptive maneuver that allowed a navy's ships to approach enemy vessels and launch a surprise attack at close quarters. A virtual false-flag maneuver could be used in cyberspace to disguise operations intended to undermine an adversary's web-based operations. Second is the high-risk and deceptive concept of pseudo operations, in which an agent infiltrates an adversary's physical location and poses as a member of the target group for the purposes of gathering intelligence and disrupting operations. These two operational concepts are provocative because they have sometimes been associated with the use of "dirty tricks," especially in cases where sponsorship and oversight were haphazard.2 This article therefore also suggests a legal framework for executing these operations feasibly and legitimately, by reinvigorating the age-old practice of issuing letters of marque and reprisal.
The Need for Novel Solutions
What makes extremist groups a unique threat in cyberspace is that the majority of them cannot be tied to a recognizable or accountable body, such as a nation-state. It was easy for the United States and its allies to tie provocative behavior to the Soviet Union during the Cold War, and even easier to identify the "bad guys" during the transparent struggle for world domination with Nazi Germany and imperial Japan in World War II. Today, most extremist groups are acephalous—composed of dispersed organizations and individuals and lacking any clear command structure—which makes them even more difficult to identify and target using conventional military power.3 To be successful, they must be able to instill loyalty among their members through near-constant communications, and in this regard, their lack of a centralized structure has made them true beneficiaries of cyberspace. Utilizing websites and social media outlets, extremist groups enjoy unparalleled global reach with which to organize and conduct operations such as recruiting, fund-raising, and training.
In light of increasing illicit activities in cyberspace by a multitude of extremist groups, the United States and its allies should acknowledge that tools for the application of offensive cyberspace operations against these threats are needed. Before turning to new strategies, however, the extremists' opponents might look to some old concepts to meet these new threats.
The advent of web-based information technology has made it possible for many governments to carry out their own covert operations and create new opportunities in cyberspace to counter extremists.4 Few extremist groups that currently operate in cyberspace, despite being equipped with various degrees of information technology and a cybersecurity infrastructure, have the capability to detect their opponents' counter activities. This is due, in part, to the loose organizational structure of most extremist groups, which does not support the training and resources required to detect and counter hackers, viruses, or false personas. With these favorable conditions, it is time to encourage the integration of offensive capabilities such as false-flag operations, pseudo operations, and the issuance of letters of marque and reprisal into cyberspace counterterrorism strategies.
False-flag operations are secret or disguised operations intended to deceive an adversary into believing the operations are being executed by groups or states other than those that actually planned and implemented them.5 The term false flag originated in naval warfare. A warship would attempt to deceive an enemy vessel's crew by hiding its flag or replacing it with one that looked like a friendly flag, in order to maneuver close enough to launch a surprise attack and destroy or capture the target before being fired upon. This tactic, although rarely used in modern times, has long been legally acceptable under the US Law of Armed Conflict, which permits the wearing of enemy uniforms prior to engaging in combat.6 The use of false-flag operations largely faded away in the mid-1800s (with the important exception of the German Navy Raiders during both World Wars). Many nation-states maintained that these operations were being carried out without proper oversight or governmental control, primarily by pirates whose atrocities were then wrongly blamed on other nation-states.7 This of course would not be the case for these operations carried out under official auspices in cyberspace. Such deceptions are, in fact, legitimized at the international level under Articles 37–39 of the Geneva Convention, which state,
Ruses of war are not prohibited. Such ruses are acts which are intended to mislead an adversary or to induce him to act recklessly but which infringe no rule of international law applicable in armed conflict and which are not perfidious because they do not invite the confidence of an adversary with respect to protection under that law.8
Used in cyberspace, a false-flag operation could disguise deceptions in a similar manner. Additionally, where traditional false-flag operations used a disguise to approach the enemy, the interaction between the deceiver and the deceived is reversed in cyberspace. The target must actively choose to visit the false-flag website for the deception to work. Because posting web-based content is far different from engaging in physical combat, any requirement to eventually reveal the identity of the sponsor remains a question for legal scholars. Web-based false-flag operations thus are more akin to "black" or covert deceptions in which the sponsor's attribution remains hidden.9
False-flag operations in cyberspace involve developing websites, blogs, and chat rooms that mirror a targeted extremist group's ideology. The first steps are for cyber-deceivers to develop web-based content that is consistent with the targeted group's narrative and then to redirect the group's followers to the false site. Skilled coders could, for instance, execute seamless redirections from targeted websites to false-flag sites. Next, as readership and membership grow, the content on the false-flag sites gradually changes. Over time, the narratives shift subtly, to influence the audience into believing the target group's ideology is corrupt, for instance, or so devious and untrustworthy that supporters feel compelled to terminate their online association with the extremist group.10
For example, the recent trend of using online radicalization to fill the ranks of ISIS could be countered through the use of false-flag operations that deliberately undermine the bond of trust between those who may want to join the cause and the extremists. False-flag websites could highlight the group's atrocities, against Muslims in particular, and thus help delegitimize the movement. Alienating extremist groups like ISIS from the international Islamic community through false-flag operations would not only degrade such organizations in the short term but also potentially discredit their online activities over the longer term.
Implications of False-Flag Operations
There are three effects we can expect to see if false-flag operations are successful in undermining the bonds of trust between targeted online extremist groups and would-be supporters. First, because false-flag operations target the legitimacy of the extremists, we would expect to see measurable changes in online activity, such as decreases in membership, fund-raising, blog postings, and chats, as well as increases in the antagonistic and denunciatory messages posted on false-flag websites. Second, we would see targeted extremist groups begin to police or even attack other like-minded websites they did not directly manage as they came to question the veracity of the others' ideology or suspect rivals of being the source of their websites' problems.11 Finally, we would also expect to see an overall change in the extremists' use of cyberspace, as they and their supporters—even if they detected the false flag—felt less free to operate openly in the virtual medium.
False-flag tactics are already being used to some extent to counter online extremism, but only in a defensive manner or to collect intelligence. The concept of false-flag operations presented here is unique because it applies deception as an offensive tool to counter extremist activity online.
Another effective deception based on an operational concept used previously against insurgent and terrorist organizations is the pseudo operation. Pseudo operations traditionally used disguised military forces to infiltrate an adversary's area of operation in order to gain targetable intelligence.12 Historically, the British have had the most experience and success with pseudo operations, which they utilized in the anticolonial insurgencies of the post–World War II period, such as the Mau Mau uprising in Kenya (1952–1960).13 The British first developed the concept as early as the Boer War (1899–1902), however, as part of their counterinsurgency strategy against Afrikaner guerillas.14
In cyberspace, a pseudo operation may be used to infiltrate an extremist group's virtual area of operations through websites, blogs, and chat rooms for the purposes of gathering intelligence and disrupting its online operations. By targeting the organization's existing online members, pseudo operations could be used to weaken the bonds of trust between the extremist group's leadership and its virtual community. Unlike false-flag operations, which focus on audiences that are not already members of the targeted extremist group, such as potential recruits and donors, pseudo operations in cyberspace work to get inside the targeted extremist group, gather information, and disrupt the organization from within. Conceptually, web-based pseudo forces could "role play" as active members and supporters in order to gain access to the inner workings of a targeted extremist group's online operation. Once inside, the pseudo force would begin collecting intelligence on group members and their activities. As specific targets within the online organization were developed, the pseudo force would begin exploiting rifts between members and groups within the organization through the use of misinformation and similar tactics. Ultimately, the bonds of trust between loyal supporters and the extremist group's leadership would be undermined to the point that the group would lose many of its members or even disintegrate.
Identifying the right selection criteria for the personnel who would conduct web-based pseudo operations is critically important. To mitigate the chances of compromise, the first step would be to recruit team members for these operations from various organizations, to keep their association with each other sufficiently vague and help mask the team from the internal security apparatus of a targeted extremist group. History has also proved that the best executors of pseudo operations are those who enjoy adventure rather than those who are or once were extremists themselves, or those who could be swayed by peer pressure. The adventure seekers and risk takers were much more reliable and easier to retain for future operations.15 With the explosion of online gaming over the past 20 years, finding motivated individuals who enjoy the excitement of role playing and are comfortable in the relatively secure and low-cost environment of cyberspace will likely be easy.
The effectiveness of pseudo operations is also proportional to the level of approval and support provided by senior civilian and military leadership. Cyberspace, in effect, helps alleviate concerns about risk and the danger of compromise because of its inherent anonymity and the ability to operate with minimal risk of physical consequence. Incorporating pseudo operations into future counterinsurgency strategies will leverage the powerful effects that can be brought to bear against extremist groups in cyberspace.
Implications of Using Pseudo Operations
If pseudo operations are effective, we would expect to see three observable effects. First, since pseudo operations directly attack the internal workings of an extremist group's online operation, we should see a decrease in the group's overall cyber operations and an increase in security measures at targeted sites. The need to improve security would also increase the operating costs for the extremist group's cyber presence. Signals of increased security might include more frequent notifications for members to change their passwords or the use of image credentialing to verify user identification. Second, since an important aspect of pseudo operations is to create and exploit rifts between members of the extremist group's online community, we would expect to see the group splinter or even disappear altogether. Third, pseudo operations by design induce dissent and distrust within the organization, and the anonymity of cyberspace only exacerbates these types of fissures. Trust among its members is vital to the strength of any illicit organization, and members of the extremist group—who would already be on alert because of heightened site security—would grow distrustful of each other in regular online activities such as chatting and blogging. Members' trust in the organization's leadership would diminish, along with the group's ability to recruit and carry out operations.
Whether it is the potential for operators to be compromised or the implications of associating itself with former insurgents, the United States has not had a doctrinal concept on pseudo operations, nor has it used pseudo operations as part of a military strategy—certainly not in cyberspace.16With the advent of cyberspace as a global common domain and the precipitate rise in extremist messaging online, however, there is a new opportunity—and need—to reinvigorate pseudo operations as an operational concept.
Letters of Marque and Reprisal
False-flag and pseudo operations in cyberspace require a domestically and internationally acceptable policy, a legal framework that justifies their use, and a recognized necessity for their continued practice. For the United States, these requirements can be found in its Constitution, which states that the US Congress has the power "to declare War, grant Letters of Marque and Reprisal, and make Rules concerning Captures on Land and Water." 17
In the days before the United States possessed a strong naval force, and for individual states without strong navies, letters of marque and reprisal offered an alternative method of defending interests on the high seas. The issuance of these letters became the strategy of choice at a time when many governments found themselves short on both revenue and naval vessels.18 Rather than have to pay for naval operations against an enemy, the government simply granted private ship owners, commonly known as "privateers," the legal authority to conduct naval warfare, raid ship-borne commerce, and seize adversaries' ships.19 In return, the privateer was paid with a portion of whatever goods he captured, which served as an incentive to capture as much of the opponent's shipping as possible. The English crown used this concept, known as privateering commissions, as early as the thirteenth century: private individuals would be commissioned to infiltrate an adversary's territory for the purposes of retaliation or retribution against specific people believed to have committed offenses against the king.20 In 1765, the concept of letters of marque and reprisal was written into the Commentaries on the Laws of England, which state,
These letters are grantable by the law of nations, whenever the subjects of one state are oppressed and injured by those of another; and justice is denied by that state to which the oppressor belongs. In this case letters of marque and reprisal (words in themselves synonymous and signifying a taking in return) may be obtained, in order to seize the bodies or goods of the subjects of the offending state, until satisfaction be made, wherever they happen to be found. Indeed this custom of reprisals seems dictated by nature herself; and accordingly we find in the most ancient times very notable instances of it.21
Simply put, a marque is a pledge to someone or something. Reprisal is retaliation for perceived violations or harmful actions. A reprisal could be the seizing or destruction of property or persons, and could range from a small-scale attack to major operations against the adversary.22 Therefore, a letter of marque and reprisal would authorize a private entity or person to conduct reprisal operations anywhere in the world or—in the case of cyber operations—outside of it.
The situation today is not dissimilar, as extremist groups operate virtually unopposed in cyberspace, while many governments find themselves falling short in their efforts to confront them. Hence the value of letters of marque and reprisal, which would enable governments to deploy a private army of hackers, or cyber privateers, to legally and legitimately execute cyber activities like false flags and pseudo operations. The US military, having fought conflicts in Afghanistan and Iraq for the past 14 years, finds itself in a conundrum of diminishing funds, resources, and people. Recent budget measures have dictated cuts in defense spending that limit the military's ability to create new capabilities and formations. At the same time, the use of cyberspace by extremist groups is growing to the point where cyber warfare is a daily and continuous fight that must be won. Issuing letters of marque and reprisal to build a force of cyber privateers without the use of tax dollars could help limit the reach of extremists in cyberspace while legally justifying offensive cyber capabilities.
To build these capabilities, letters of marque and reprisal could be issued to any number of the private organizations or individuals that have expressed a willingness to counter extremist groups in cyberspace.23 History has several examples, such as the Abraham Lincoln Brigade in the Spanish Civil War, of privately-funded forces that fought for idealistic principles. Today, like-minded private organizations could recruit socially concerned and tech-savvy individuals to conduct false-flag and pseudo operations from their personal computers.24 For this concept to work, however, each letter of marque and reprisal would need to articulate in detail the parameters of the privateers' activities, as well as economic incentives, if any. For example, the letter could prohibit conducting cyber attacks solely as retaliation for attacks against individual privateers. Additionally, the letters would need to define the financial incentives for cyber raids against an opponent's exploitable data, such as personal and financial information. An appropriate incentive for a privateer would be the use of bank account data, or a portion of funds that may have been donated to a targeted online extremist group and confiscated by the cyber privateer. With the proper legal oversight, these prizes, or some portion of them, would be the privateer's to keep. Potential cyber privateers have already shown interest in conducting offensive operations in cyberspace for these purposes. For example, following the deadly attacks on the French satirical publication Charlie Hebdo, outraged tech-savvy individuals and groups launched private cyber attacks on jihadist websites in an attempt to shut down their online propaganda.25 Imagine the outcome if these attacks were grounded in law, controlled by proper oversight, and incentivized with profit?
In addition to false-flag and pseudo operations, cyber privateers could be issued letters of marque and reprisal to fill specific military requirements that the state's military cannot or will not immediately meet. Fueled through the incentive of profit, the privateers could expeditiously begin cyber operations as stipulated under the letter.26 In the past, privateers have achieved mixed results while supporting state militaries, whether it was because they operated beyond the scope of their contracts or because they fostered the perception that they existed solely for profit, and so such operations have yet to establish a positive reputation in national defense.27 To help correct this perception, governments can draw on a 200-year-old mechanism for providing legal oversight of privateers: prize courts. Historically, representatives of a sponsoring government's prize courts ensured privateers were not rewarded beyond the scope or the authority outlined in the specific letter of marque and reprisal.28 A prize court could make rulings on the sale or destruction of seized items and the distribution of any proceeds, or order the return of seized property or funds if the seizure was deemed unlawful. The same judicial concept could be applied today without the need to expand the size or scope of a state's legal system.29 Under current law in the United States, for example, federal district courts throughout the country have exclusive jurisdiction in prize cases. No prize cases have been heard in the United States since the current statutes were adopted in 1956 because no letters of marque and reprisal have been issued in that time, but the system to provide judicial oversight already exists.30
Understanding the circumstances and conditions in which a letter of marque and reprisal could be issued with regard to cyberspace is very important. Unlike land and naval warfare, targets in cyberspace are not physical and can be disguised with false identifications and internet protocol (IP) addresses. The burden of proof to determine whether to issue a letter of marque and reprisal to disrupt, corrupt, influence, destroy, or deceive a targeted extremist group in cyberspace remains the same. These actions should be characterized by clear thresholds of legal action: first, officials would have to show probable cause to initiate offensive cyber operations, and second, the government would be required to demonstrate evidence of a crime beyond a reasonable doubt before a letter of marque and reprisal would be issued.31
Implications of Letters of Marque and Reprisal
Perhaps the best part about the strategic use of letters of marque and reprisal is that they are completely legal under current international law and US constitutional law. The US Constitution gives Congress the authority not only to declare war but also to issue these letters, as an alternative to engaging in costly physical warfare. This alternative also empowers private citizens to work on behalf of the US government in a military capacity. Opponents to letters of marque and reprisal often point to the Paris Declaration Respecting Maritime Law, ratified by 55 countries in 1856, which bans signatory nations from commissioning privateers.32 The United States, however, was not a signatory to this declaration, which pertains only to the letters' use in naval warfare. To date there are no other international laws pertaining to privateering that would preclude the United States from using these letters for cyberspace operations.33
Nevertheless, attempts in 2001 and again in 2007 to introduce new legislation in Congress that would have authorized the issuance of letters of marque and reprisal to counter al Qaeda fell on deaf ears and were quickly dismissed.34 By recruiting and regulating talented cyber privateers to carry out false-flag and pseudo operations, the United States and its allies could implement a cost-effective campaign against extremist groups operating in cyberspace.35
Considerations for the Use of New Solutions in Cyberspace
With the legal backing of letters of marque and reprisal, false-flag and pseudo operations could be successfully integrated into a strategy for countering extremist groups in cyberspace. The following points, however, must be considered.
- Feasibility. Maintaining transparency between these operational concepts and the civilian authorities and laws that govern their use is much easier to do in cyberspace than in the physical domain. A cyber privateer operating under legal authority and supervision would have a much harder time hiding clandestine activity than would the captain of a ship on the open ocean. Letters of marque and reprisal, with their attendant legal infrastructure, make it less likely that a poorly constructed false-flag operation would be tied to or enable an actual terrorist attack, or that a pseudo operation would target a group that is only exercising its right to free speech.
- Suitability. Normally, these operational concepts come with a limited shelf life because of their deceptive nature. Adversaries in the physical domain would eventually catch on to methods such as infiltration by an undercover agent or disinformation operations.36 In cyberspace, by contrast, time could be on the side of the implementer. Although these operational concepts may take longer to be effective, the vastness and anonymity of cyberspace allows the false-flag and pseudo operators, supported by the issuance of letters of marque and reprisal, to continue to adjust methods, techniques, and timing. In terms of targeting extremist groups in cyberspace, operational concepts and overarching strategies of this nature work best when their aggregated effects are achieved over time.
- Risk. Operations in cyberspace can be difficult to control. The risk of compromise should, however, be an acceptable part of doing business. Those who carry out these new solutions should assume their efforts will be compromised; it might be just as advantageous to the operators, however, if the targeted extremist group does detect these offensive cyber operations. The extremists would be forced to adjust their online presence, and members and potential recruits would question the security of "trusted sites." Additionally, in the event of compromise, false-flag and pseudo operators need merely to take the operation off-line and reconfigure, and then reappear under another persona, avatar, or website. Finally, and perhaps most obviously, cyber operations of this nature assume less physical risk compared to their historical forerunners. Cyberspace should prove to be a forgiving environment that continually allows for renewed innovation without the associated operational risk of loss of life and collateral damage. Regardless, common sense dictates that governments should not ignore any of these low-cost and relatively safe tools that can help them achieve their goals of countering extremists in cyberspace with greater effectiveness and efficiency.
Rapidly emerging cyber technologies, which have connected every corner of the world, are being used quite efficiently by extremist groups for recruitment and fund-raising. Concepts such as false-flag and pseudo operations can be instrumental in developing strategic solutions that are legally reinforced by letters of marque and reprisal to counter extremist operations in cyberspace. Numerous defensive cyber-security tools—often of dubious effectiveness—have been developed and implemented, but more offensive capabilities are needed in cyberspace to counter emerging threats in the twenty-first century. When it comes to countering extremist groups in cyberspace, false-flag operations, pseudo operations, and letters of marque and reprisal can provide myriad creative options from which to choose.
About the Author(s):
LTC Robert Schultz is a US Army information operations officer.
This is a work of the US federal government and not subject to copyright protection in the United States. Foreign copyrights may apply.
- Gabriel Weimann, Terror on the Internet: The New Arena, the New Challenges (Washington, D.C.: US Institute of Peace, 2006), 15.
- Dirty tricks are unethical or illegal tactics employed to destroy or diminish the effectiveness of opponents. See Lawrence E. Cline, Pseudo Operations and Counterinsurgency: Lessons from Other Countries (Carlisle, PA: Strategic Studies Institute, 2005), 20: http://www.strategicstudiesinstitute.army.mil/pubs/display.cfm?pubID=607
- John Arquilla and David Ronfeldt, Networks and Netwars: The Future of Terror, Crime, and Militancy, MR-1382-OSD (Santa Monica, Calif.: RAND Corporation, 2001), 241: http://www.rand.org/pubs/monograph_reports/MR1382.html
- Charles A. Fowler and Robert Nesbit, "Tactical Deception in Air-Land Warfare," Journal of Electronic Defense 18, no. 6 (1995): 50.
- Geraint Hughes, The Military's Role in Counterterrorism: Examples and Implications for Liberal Democracies, Letort Paper (Carlisle, Pa.: Strategic Studies Institute, May 2011), 105.
- Headquarters, Department of the Army, The Law of Land Warfare, FM 27-10 (Washington, D.C.: HQ, Dept. of the Army, 18 July 1956), note 15, para 54.
- Hughes, Military's Role in Counterterrorism, 105.
- Protocol Additional to the Geneva Conventions of 12 August 1949, and Relating to the Protection of Victims of International Armed Conflicts (Protocol I), Art. 37–39: https://www.icrc.org/ihl/INTRO/470
- W. Thomas Smith, Jr., Encyclopedia of the Central Intelligence Agency (New York: Facts on File, 2003), 31.
- Mark E. Stout, Jessica M. Huckabey, and John R. Schindler, The Terrorist Perspectives Project: Strategic and Operational Views of Al Qaida and Associated Movements (Annapolis, Md.: US Naval Institute Press, 2008), 122; David B. Moon, "Cyber-Herding and Cyber Activism: Countering Qutbists on the Internet" (master's thesis, US Naval Postgraduate School, December 2007), 5–18.
- Additional research into the psychology behind these dynamics is needed to design false-flag operations to be as effective as possible.
- Cline, Pseudo Operations and Counterinsurgency, 1.
- For more information on pseudo gangs during the Mau Mau Uprising, see Wunyabari O. Maloba, Mau Mau and Kenya: An Analysis of a Peasant Revolt (Bloomington: Indiana University Press, 1993).
- Ibid., 2.
- Frank Kitson, Gangs and Counter-Gangs (London: Barrie and Rockliff, 1960), 126.
- Paul Melshen, Pseudo Operations (Newport, R.I.: US Naval War College, February 1986), 2.
- US Const., art. 1, § 8.
- Ian Rice and Douglas Borer, "Bring Back the Privateers," The National Interest (22 April 2015): http://nationalinterest.org/feature/bring-back-the-privateers-12695
- C. Kevin Marshall, "Putting Privateers in Their Place: The Applicability of the Marque and Reprisal Clause to Undeclared Wars," The University of Chicago Law Review 64, no. 3 (Summer 1997): 960–61. See also Theodore M. Cooperstein, "Letters of Marque and Reprisal: The Constitutional Law and Practice of Privateering," Journal of Maritime Law and Commerce 40, no. 2 (2009): 224–29.
- Kelly Gneiting, "A Constitutional Alternate to War, Marque and Reprisal," Independent American Party, 18 October 2013: http://www.independentamericanparty.org/2013/10/an-constitutional-alternate-to-war-marque-and-reprisal/
- William Blackstone, Commentaries on the Laws of England (1765–1769), Section I, 249.
- Fred E. Foldvary, "Letters of Marque and Reprisal," Progress, 8 October 2002: http://www.progress.org/tpr/letters-of-marque-and-reprisal/
- Rice and Borer, "Bring Back the Privateers."
- "Spanish Civil War: The Abraham Lincoln Brigade and the Spanish Civil War," Abraham Lincoln Brigade Archives, n.d.: http://www.alba-valb.org/history/spanish-civil-war
- David Goldman and Mark Thompson, "Anonymous Blocks Jihadist Website in Retaliation for Charlie Hebdo Attack," CNN, 12 January 2015: http://money.cnn.com/2015/01/11/technology/security/anonymous-charlie-hebdo/
- Rice and Borer, "Bring Back the Privateers."
- William Young, "A Check on Faint-Hearted Presidents: Letters of Marque and Reprisal," Washington and Lee Law Review 66, no. 2 (March 2009): 10.
- Rice and Borer, "Bring Back the Privateers."
- Marshall, "Putting Privateers in Their Place," 961–63.
- 10 US Code § 7681—Reciprocal privileges to cobelligerent.
- Michael Todd Hopkins, "The Exceptionalist's Approach to Private Sector Cybersecurity: A Marque and Reprisal Model" (master's thesis, George Washington University, 2011).
- Donald A. Petrie, The Prize Game: Lawful Looting on the High Seas in the Days of Fighting Sail (Annapolis, Md.: US Naval Institute Press, 1999), 143.
- In addition to false-flag and pseudo operations, these letters could refresh other operational concepts such as spoofing attacks, which would provide counterterrorist operators with an even greater strategic advantage in cyberspace. Spoofing effects falsify online data and images in order to influence and/or deceive online users to surrender their own data. See Dorothy E. Denning, Information Warfare and Security (New York: Addison-Wesley, 1998).
- Gneiting, "A Constitutional Alternate to War."
- Jeremy A. Rabkin and Ariel Rabkin, To Confront Cyber Threats, We Must Rethink the Law of Armed Conflict (Stanford, Calif.: Hoover Institution, 19 January 2012): http://media.hoover.org/sites/default/files/documents/EmergingThreats_Rabkin.pdf
- James Adams, The Next World War: Computers Are the Weapons & the Frontline Is Everywhere (New York: Simon & Schuster, 2001), 286.