A Cyber Strategy to Hunt Scammers, and a Temptation to Hunt Everyone Else

I have read enough executive orders to recognize the aroma: fresh toner, righteous intent, and a solemn vow that the new tools will be used only on the bad guys. The main text is comforting. The machinery tends to outlive the moment.

On March 6, the White House released two cyber policy moves at once: a seven-page Cyber Strategy for America and an executive order aimed at cybercrime, fraud, and predatory schemes. The target is real. The losses are real. The question is whether the cure comes with a side of permanent overreach.

What the strategy and order actually do

The strategy is broad and declarative. It treats cyberspace as a front line of national power and signals a more aggressive posture, including greater emphasis on offensive cyber operations, more reliance on AI, and a push to streamline regulation. It also nods to privacy, critical infrastructure, and building a larger cyber workforce.

The executive order is more operational. It directs a multi-agency review within 60 days, followed by an action plan within 120 days, focused on transnational criminal organizations behind scam centers and cyber-enabled crime and on ways to prevent, disrupt, investigate, and dismantle them. It also calls for an operational cell inside the National Coordination Center, coordinating federal efforts and involving the private sector.

It further directs the Attorney General to keep prioritizing prosecutions and to recommend within 90 days whether to create a Victims Restoration Program to return seized or forfeited funds to victims. That part deserves applause: if the government can claw money back, returning it is basic decency with a ledger.

The Paine test: liberty expanded, or power concentrated?

Stopping organized scam networks expands liberty in plain English. It reduces the ruin and blackmail that scam operations inflict and makes ordinary life a little less like walking through a minefield of fake invoices and impersonations.

But “offensive operations” and cross-agency disruption are also the kind of work the public cannot easily audit. Secrecy is sometimes necessary. It is also a solvent. Leave it on long enough and accountability dissolves.

The Orwell check: what does control get renamed?

Washington rarely says “surveillance.” It says “coordination.” It rarely says “deputize contractors.” It says “partner with the private sector.” The order explicitly invites operational insights from commercial cybersecurity firms and other non-federal entities. That can bring speed and scale. It can also breed dependence, procurement incentives, and a quiet drift toward vendor-shaped policy.

The liberty ledger and the tradeoff

Victims may gain restitution. Honest companies may gain relief from a constant fraud tax. But the same verbs that catch criminals, attribution, tracking, disruption, can also sweep up innocent data if standards are vague or opaque. If government leans on proprietary threat feeds and undisclosed methodologies, due process becomes a black box.

Here is the tradeoff: faster disruption versus durable guardrails. If this is consumer protection and not the first draft of a permanent cyber domestic-security apparatus, it needs boring, life-saving limits: clear authorities, aggregated public reporting, inspector general audits with teeth, procurement transparency, a bright line against domestic surveillance by default, and a sunset that forces lawmakers to vote on the record.

So here is the question: if this push is serious about protecting Americans, why not write the privacy and due-process guardrails into the action plan up front instead of asking the public to trust they will arrive later?