ProfessorBainbridge.com

The Second Circuit’s recent decision in SEC v. Dorozhko (available here), dealt with one of the questions left open by the Supreme Court’s decision in US v. O’Hagan; namely, the liability of persons who steal inside information but have no fiduciary duty to either the source of the information or the issuer of the securities in which the thief trades.

In Dorozhko, an alleged computer hacker supposedly broke into the computer system of a company called IMS Health, Inc., and used the information he learned in doing so used put options to essentially sell the stock short.

I have long argued that the only coherent basis for imposing insider trading liability is protection of property rights in information. From a policy perspective, those who steal information ought to be liable for insider trading.

The trouble is that O’Hagan cannot be read to permit imposition of liability on such persons.

The misappropriation theory's origins are commonly traced to Chief Justice Burger's Chiarella dissent. Burger contended that the way in which the inside trader acquires the nonpublic information on which he trades could itself be a material circumstance that must be disclosed to the market before trading. Accordingly, he argued, "a person who has misappropriated nonpublic information has an absolute duty [to the persons with whom he trades] to disclose that information or to refrain from trading."

In O’Hagan, the court’s majority opinion grounded liability under the misappropriation theory on deception of the source of the information. As the majority interpreted the theory, it addresses the use of "confidential information for securities trading purposes, in breach of a duty owed to the source of the information." Under this theory, the majority explained, "a fiduciary's undisclosed, self-serving use of a principal's information to purchase or sell securities, in breach of a duty of loyalty and confidentiality, defrauds the principal of the exclusive use of that information." So defined, the majority held, the misappropriation theory satisfies § 10(b)'s requirement that there be a "deceptive device or contrivance" used "in connection with" a securities transaction.

The Supreme Court thus expressly declined to embrace Chief Justice Burger's argument in Chiarella that the misappropriation theory created a disclosure obligation running to those with whom the misappropriator trades. Instead, it is the failure to disclose one's intentions to the source of the information that constitutes the requisite disclosure violation under the O'Hagan version of the misappropriation theory.

In throwing out the SEC complaint, the District court—correctly, IMHO—held that “[T]he Supreme Court has in a number of opinions carefully established that the essential component of a § 10(b) violation is a breach of a fiduciary duty to disclose or abstain that coincides with a securities transaction.” This ruling is supported not only by the plain text of the relevant Supreme Court decisions, but also the Fifth Circuit’s opinion in Regents of the Univ. of Cal. v. Credit Suisse First Boston (USA), Inc., 482 F.3d 372, 389 (5th Cir. 2007) (holding that “the [Supreme] Court . . . has established that a device, such as a scheme, is not ‘deceptive’ unless it involves breach of some duty of candid disclosure”).

Leading commentary on the issue also supports the District Court’s conclusion, as the court explained it its opinion:

The SEC notes that, “While no case has addressed it, at least two academics has [sic] endorsed the theory that a hacker who steals material nonpublic information for the purpose of trading on it, violates Exchange Act § 10(b) and Rule 10b-5.” The SEC then cites Robert A. Prentice, The Internet and Its Challenges for the Future of Insider Trading Regulation, 12 Harv. J.L. & Tech, 263, 296-307 (Winter 1999), and Donald C. Langevoort, 18 Insider Trading Regulation, Enforcement and Prevention § 6:14 (Apr. 2007).

While these articles, among others, proclaim that those who ‘hack and trade’ should be liable under § 10(b), the clear majority of scholarly opinion is that, under existing law, ‘hacking and trading’ is not a violation of § 10(b). Professor Prentice's article is indicative. Professor Prentice's article contains a section entitled “Hackers as Misappropriators,” which makes a strong policy argument for why those who hack should be liable under 10b-5. The section, however, begins by acknowledging that under the current state of the law hackers are not liable. Prentice asks rhetorically, “Hackers who steal inside information and trade on it are essentially thieves. But are they also liable as inside traders? The answer to this question from a traditional point of view is ‘no.’ ” 12 Harv. J.L. & Tech. at 296. Prentice's argument as to liability for hackers, it turns out paragraphs later, stems not from precedent or a close reading of the statute, but from his own conviction as to what the law should be: “I find uncomfortable the received wisdom that someone who obtains inside information via hacking, physical breaking and entering, bribery, extortion, espionage, or similar means is not liable for insider trading.” Id. at 298.

Similarly, a couple of recent law review articles suggest that hackers should be, but are currently not liable under § 10(b) for ‘hacking and trading.’ For example, Kathleen Coles writes in The Dilemma of the Remote Tippee, 41 Gonz. L. Rev. 181, 221 (2005-2006):

“[A] computer hacker who breaches the computer security walls of a large publicly held corporation and extracts nonpublic information may also trade and tip without running afoul of the insider trading rules. The burglar and computer hacker may be liable for the conversion of nonpublic information under other laws, but the insider trading laws themselves appear not to prohibit the burglar or hacker from trading or tipping on the basis of the stolen information. This is because there was no breach of a duty of loyalty to traders under the classic theory or to the source *342 of the information under the misappropriation theory.”

41 Gonz. L. Rev at 221.

Also, Donna M. Nagy writes, in Reframing the Misappropriation Theory of Insider Trading Liability: A Post-O'Hagan Suggestion, 59 Ohio St. L.J. 1223, 1249-57 (1998): “[I]t is doubtful that securities trading by the computer hacker or the ‘mere’ thief would violate Section 10(b) and Rule 10b-5, because neither scenario would involve misappropriation through acts that would constitute affirmative deception.” 59 Ohio St. L.J. at 1255. Nagy is “troubled” by this, and argues that the current “restrictive” misappropriation theory, “will frustrate the prosecution of future cases involving trading on misappropriated information.” Id. at 1227. She illustrates with an example of a “computer hacker who unlawfully gains access to a corporation's internal network and subsequently manages to uncover confidential information.” Id. at 1253. She notes that, “Because the computer hacker was not entrusted with such access, Section 10(b) and Rule 10b-5 would not be violated under O'Hagan 's theory, even though the computer hacker would be trading securities on the basis of material, nonpublic information that had been misappropriated.” Id. To repair the lacuna, Nagy goes on to suggest a new version of the misappropriation theory, that is “premised on the ‘fraud on the investors.’ ” She believes her fraud on the investors approach “is far superior to the ‘fraud on the source’ version [of the misappropriation theory].”

I agree with these commentators that theft of information should be actionable under the insider trading laws, based on the property rights approach discussed above. But O’Hagan implicitly rejected the property rights approach in favor of a fiduciary duty-based approach. As I explained in Insider Trading Regulation: The Path Dependent Choice Between Property Rights And Securities Fraud:

The majority explained that its version of the misappropriation theory addressed the use of ‘confidential information for securities trading purposes, in breach of a duty owed to the source of the information.‘ Accordingly, ‘a fiduciary's undisclosed, self-serving use of a principal's information to purchase or sell securities, in breach of a duty of loyalty and confidentiality, defrauds the principal of the exclusive use of that information.‘ Someone thus can be held liable under this version of the misappropriation theory only where one deceived the source of the information by failing to disclose one's intent to trade on the basis of the information disclosed by the source. This requirement follows, the majority opined, from the statutory requirement that there be a ‘deceptive device or contrivance‘ used ‘in connection with‘ a securities transaction. The Supreme Court thus rejected Chief Justice Burger's argument in Chiarella that the misappropriation theory created a disclosure obligation, running to those with whom the misappropriator trades. Instead, failure to disclose one's intentions to the source of the information constitutes the requisite disclosure violation under the O'Hagan version of the misappropriation theory. 

The Second Circuit tried to finesse the issue by opining that “what is sufficient is not always what is necessary, and none of the Supreme Court opinions considered by the District Court require a fiduciary relationship as an element of an actionable securities claim under Section 10(b).” But this is, at best, shoddy.

O’Hagan, Dirks, and Chiarella all rest on the proposition that not all nondisclosures are securities fraud. All rest on a fiduciary duty or other relationship of trust and confidence. Indeed, the Second Circuit itself in US v. U.S. v. Chestman, 947 F.2d 551 (2d Cir. 1991), explained that:

… the fiduciary relationship question takes on special importance. This is because a fraud-on-the-source theory of liability extends the focus of Rule 10b-5 beyond the confined sphere of fiduciary/shareholder relations to fiduciary breaches of any sort, a particularly broad expansion of 10b-5 liability if the add-on, a “similar relationship of trust and confidence,” is construed liberally. One concern triggered by this broadened inquiry is that fiduciary duties are circumscribed with some clarity in the context of shareholder relations but lack definition in other contexts. Tethered to the field of shareholder relations, fiduciary obligations arise within a narrow, principled sphere. The existence of fiduciary duties in other common law settings, however, is anything but clear. Our Rule 10b-5 precedents under the misappropriation theory, moreover, provide little guidance with respect to the question of fiduciary breach, because they involved egregious fiduciary breaches arising solely in the context of employer/employee associations. For these reasons we tread cautiously in extending the misappropriation theory to new relationships, lest our efforts to construe Rule 10b-5 lose method and predictability, taking over “the whole corporate universe.”

So much for treading cautiously. After Dorozhko, 10b-5 will take over the corporate universe.