Letters of Marque 2.0: The Sovereignty of Theft
A geopolitical forensic analysis of how the Elizabethan model of privateering has been resurrected in the digital age. By examining the legal fictions of the 16th century, we expose modern ransomware
Look closely at the cloth of gold. Scrutinize the ermine lining and the heavy orb resting in the hand of Elizabeth I. The image projects divine right and absolute stability, yet the economic engine supporting this grandeur was fueled by maritime predation. The English Crown, lacking the fiscal capacity to maintain a standing navy capable of challenging the Spanish hegemon, outsourced its violence.
This portrait is not merely a depiction of royalty; it is the ultimate successful laundering of pirated wealth. The gold upon her gown is not merely decorative; it is the laundered yield of state-sanctioned piracy.
When Francis Drake circumnavigated the globe, he did not do so merely as an explorer, but as a high-value asset acting on vague verbal orders that allowed the Crown to disavow him if captured, yet claim the lion’s share of his plunder upon success. This is the precise historical ancestor of the modern Advanced Persistent Threat (APT). The geopolitical strategy remains unchanged: leverage non-state actors to degrade a rival’s economy while maintaining a diplomatic firewall. Legitimacy is often nothing more than the successful bureaucratic processing of violence. In the 16th century, the plunder was silver bullion from Potosí; in 2025, it is intellectual property and crypto-currency extracted via ransomware protocols. The actors change, but the script of predation remains absolute.
The state does not seek to end piracy; it seeks only to monopolize the licensing of it.
The Legal Fiction of the Letter of Marque
The brilliance of the Elizabethan geopolitical strategy lay in the invention of legal fictions. The ‘Letter of Marque’ transformed a hanging offense—piracy—into a patriotic duty—privateering. This document was the physical manifestation of the boundary between criminal chaos and statecraft. Today, that document has been digitized. It exists in the blind eyes turned by intelligence agencies towards ‘patriotic hackers’ in Eastern Europe and North Korea. A Letter of Marque is a diplomat’s permission slip for grand larceny, converting a criminal into a commodified asset of the state.
Modern nations have industrialized this ambiguity. The Lazarus Group or DarkSide are not merely criminal syndicates; they are the privateers of the digital ocean. They operate with the tacit or explicit blessing of their host governments, generating revenue that bypasses sanctions and weakens geopolitical rivals. The distinction between a cyber-criminal and a state intelligence officer is now measured only by who receives the kickback. In 2025, the Jolly Roger is written in binary code, and it flies over server farms protected by sovereign nuclear umbrellas.
To view ransomware operators solely as criminals is to fundamentally misunderstand the battlefield; they are irregular infantry in a war of economic attrition.
Ransomware as Unauthorized Foreign Taxation
We must strip away the sanitized language of ‘cybersecurity incidents’ and ‘data breaches.’ When a foreign entity encrypts the critical infrastructure of a corporation and demands payment, this is not theft in the domestic sense. It is the levying of a tax. The privateer system allowed the English state to wage war without the political cost of declaring it. Similarly, modern ransomware campaigns allow rogue states to impose tariffs on the economies of their adversaries without triggering Article 5 or kinetic retaliation. Ransomware is not a crime; it is unauthorized taxation by a foreign sovereign enforcing its will through digital blockade.
By treating these events as law enforcement issues, Western corporations play directly into the strategic asymmetry. You are attempting to call the police on a foreign navy. The ‘ransom’ is a extraction of wealth from the target nation’s GDP to the attacker’s treasury, often funding nuclear programs or intelligence operations. The victim is not merely losing data; they are financing their enemy’s next weapon system. War is expensive, but piracy is profitable—this is the economic reality that ensures the ransomware ecosystem will never be dismantled by diplomacy alone.
The blockade is no longer at the port; it is at the firewall. The toll must be paid, or the commerce stops.
The Insurance Void and the Reality of Siege
The final grim realization for the modern executive lies in the collapse of the safety net. The insurance industry, born in the coffee houses of London to hedge against the very risks posed by privateers and storms, is retreating. Lloyd’s of London and major insurers are increasingly moving to exclude ‘state-backed’ cyber attacks from coverage. This is the market explicitly acknowledging the reality of the war. They know that what is hitting your network is not vandalism, but an act of war, and war is uninsurable. When the state hires the thief, your insurance policy evaporates into the fine print of ‘force majeure.’
The merchant ships of the 1600s had to arm themselves. They could not rely on the Royal Navy to be everywhere, nor could they rely on insurance to cover the total loss of the crown’s cargo. Today’s corporate entity is in the same waters. The illusion of safety provided by compliance checklists and cyber-insurance policies is shattering. You are the merchant vessel in hostile waters, and the horizon is filled with sails that bear no flag. Compliance is a peacetime luxury; you are currently under siege, and the cavalry is not coming.
Security through obscurity is dead. Security through indemnity is dying. Only security through sovereignty remains.
Zero-Trust as Counter-Siege Doctrine
If we accept that we are living in a neo-Elizabethan age of privateering, the defensive doctrine must shift from ‘perimeter security’ to ‘counter-siege.’ The privateer succeeds by boarding the ship; the hacker succeeds by breaching the network. Zero Trust Architecture is not an IT buzzword; it is the digital equivalent of compartmentalizing the ship’s hull. If one bulkhead breaches, the ship must not sink. We must assume the breach is inevitable because the attacker has the resources of a nation-state behind them.
The strategic pivot requires treating every internal user as a potential privateer who has already boarded. The goal is no longer to keep the pirates out—that battle is largely lost due to the asymmetry of the attack surface—but to make the plunder impossible to offload. In a world of state-sponsored corsairs, the merchant vessel must transform into a man-of-war, bristling with internal defenses. We must return to the hardened mindset of the 17th-century navigator: trust no flag, verify every signal, and keep the powder dry. The Golden Age of Piracy did not end because the pirates repented; it ended because the navies hunted them down and the merchant ships became too dangerous to take. Until we raise the cost of the attack, the raiding will continue.
Peace is an intermission. The history of nations is the history of theft writ large.



Absolutely brilliant framing of the ransomware problem! The Drake-to-APT comparison really cuts through the usual cybersecurity theater we see in most analysis. What gets me tho is that even with compartmentalized bulkheads, most orgs still haven't internalized that theyre fighting asymetric warfare where the enemy literally has infinite time to probe for weaknesses. We keep treating breaches like accidents instead of the deliberate economic siphoning they actually are.