The Second Circuit’s recent decision in SEC v. Dorozhko (available here), dealt with one of the questions left open by the Supreme Court’s decision in US v. O’Hagan; namely, the liability of persons who steal inside information but have no fiduciary duty to either the source of the information or the issuer of the securities in which the thief trades.
In Dorozhko, an alleged computer hacker supposedly broke into the computer system of a company called IMS Health, Inc., and used the information he learned in doing so used put options to essentially sell the stock short.
The Second Circuit tried to finesse the rules discussed below by treating the case as one involving a misrepresentation rather than insider trading: "we recognize that the SEC’s claim against defendant—a corporate outsider who owed no fiduciary duties to the source of the information—is not based on either of the two generally accepted theories of insider trading." The problem is that the case makes no sense other than as an insider trading case.
An affirmative misappropriation can be actionable under Section 10(b) and Rule 10b-5 if it is committed in connection with the purchase or sale of a security. In order to find that the hacker committed an affirmative misrepresentation, the Court thus first must find a lie. Calling computer hacking a lie is a rather considerable stretch. At most, the hacker "lies" to a computer network, not a person. Hacking is theft; not fraud.
Even if hacking is fraudulent in the sense of an affirmative misrepresentation, it has to be in connection with a purchase or sale of a security. In S.E.C. v. Zandford, 535 U.S. 813 (2002), the SCOTUS emphasized that "the statute must not be construed so broadly as to convert every common-law fraud that happens to involve securities into a violation of § 10(b)." That case, moreover, involved "a fraudulent scheme [by a stockbroker] in which he made sales of his customer's securities for his own benefit." The SEC had taken the position that that violated 10b-5 since the 1940s. In contrast, the District Court "found it 'noteworthy' that in the over seventy years since the enactment of the Securities Exchange Act of 1934, 'no federal court has ever held that those who steal material nonpublic information and then trade on it violate § 10(b),' even though 'traditional
theft (e.g. breaking into an investment bank and stealing documents) is hardly a new phenomenon, and involves similar elements for purposes of our analysis here.' Dorozhko, 606 F. Supp. 2d at 339."
In sum, this case was an attempt by the SEC to end run the fiduciary duty requirement applicable to nondisclosure cases. It's an end run around the basics of insider trading law. The Second Circuit aided and abetted it.
We won't. We'll treat this case as the insider trading case it really is.
I have long argued that the only coherent basis for imposing insider trading liability is protection of property rights in information. From a policy perspective, those who steal information ought to be liable for insider trading.
The trouble is that O’Hagan cannot be read to permit imposition of liability on such persons.
The misappropriation theory's origins are commonly traced to Chief Justice Burger's Chiarella dissent. Burger contended that the way in which the inside trader acquires the nonpublic information on which he trades could itself be a material circumstance that must be disclosed to the market before trading. Accordingly, he argued, "a person who has misappropriated nonpublic information has an absolute duty [to the persons with whom he trades] to disclose that information or to refrain from trading."
In O’Hagan, the court’s majority opinion grounded liability under the misappropriation theory on deception of the source of the information. As the majority interpreted the theory, it addresses the use of "confidential information for securities trading purposes, in breach of a duty owed to the source of the information." Under this theory, the majority explained, "a fiduciary's undisclosed, self-serving use of a principal's information to purchase or sell securities, in breach of a duty of loyalty and confidentiality, defrauds the principal of the exclusive use of that information." So defined, the majority held, the misappropriation theory satisfies § 10(b)'s requirement that there be a "deceptive device or contrivance" used "in connection with" a securities transaction.
The Supreme Court thus expressly declined to embrace Chief Justice Burger's argument in Chiarella that the misappropriation theory created a disclosure obligation running to those with whom the misappropriator trades. Instead, it is the failure to disclose one's intentions to the source of the information that constitutes the requisite disclosure violation under the O'Hagan version of the misappropriation theory.
In throwing out the SEC complaint, the District court—correctly, IMHO—held that “[T]he Supreme Court has in a number of opinions carefully established that the essential component of a § 10(b) violation is a breach of a fiduciary duty to disclose or abstain that coincides with a securities transaction.” This ruling is supported not only by the plain text of the relevant Supreme Court decisions, but also the Fifth Circuit’s opinion in Regents of the Univ. of Cal. v. Credit Suisse First Boston (USA), Inc., 482 F.3d 372, 389 (5th Cir. 2007) (holding that “the [Supreme] Court . . . has established that a device, such as a scheme, is not ‘deceptive’ unless it involves breach of some duty of candid disclosure”).
Leading commentary on the issue also supports the District Court’s conclusion, as the court explained it its opinion:
The SEC notes that, “While no case has addressed it, at least two academics has [sic] endorsed the theory that a hacker who steals material nonpublic information for the purpose of trading on it, violates Exchange Act § 10(b) and Rule 10b-5.” The SEC then cites Robert A. Prentice, The Internet and Its Challenges for the Future of Insider Trading Regulation, 12 Harv. J.L. & Tech, 263, 296-307 (Winter 1999), and Donald C. Langevoort, 18 Insider Trading Regulation, Enforcement and Prevention § 6:14 (Apr. 2007).
While these articles, among others, proclaim that those who ‘hack and trade’ should be liable under § 10(b), the clear majority of scholarly opinion is that, under existing law, ‘hacking and trading’ is not a violation of § 10(b). Professor Prentice's article is indicative. Professor Prentice's article contains a section entitled “Hackers as Misappropriators,” which makes a strong policy argument for why those who hack should be liable under 10b-5. The section, however, begins by acknowledging that under the current state of the law hackers are not liable. Prentice asks rhetorically, “Hackers who steal inside information and trade on it are essentially thieves. But are they also liable as inside traders? The answer to this question from a traditional point of view is ‘no.’ ” 12 Harv. J.L. & Tech. at 296. Prentice's argument as to liability for hackers, it turns out paragraphs later, stems not from precedent or a close reading of the statute, but from his own conviction as to what the law should be: “I find uncomfortable the received wisdom that someone who obtains inside information via hacking, physical breaking and entering, bribery, extortion, espionage, or similar means is not liable for insider trading.” Id. at 298.
Similarly, a couple of recent law review articles suggest that hackers should be, but are currently not liable under § 10(b) for ‘hacking and trading.’ For example, Kathleen Coles writes in The Dilemma of the Remote Tippee, 41 Gonz. L. Rev. 181, 221 (2005-2006):
“[A] computer hacker who breaches the computer security walls of a large publicly held corporation and extracts nonpublic information may also trade and tip without running afoul of the insider trading rules. The burglar and computer hacker may be liable for the conversion of nonpublic information under other laws, but the insider trading laws themselves appear not to prohibit the burglar or hacker from trading or tipping on the basis of the stolen information. This is because there was no breach of a duty of loyalty to traders under the classic theory or to the source *342 of the information under the misappropriation theory.”
41 Gonz. L. Rev at 221.
Also, Donna M. Nagy writes, in Reframing the Misappropriation Theory of Insider Trading Liability: A Post-O'Hagan Suggestion, 59 Ohio St. L.J. 1223, 1249-57 (1998): “[I]t is doubtful that securities trading by the computer hacker or the ‘mere’ thief would violate Section 10(b) and Rule 10b-5, because neither scenario would involve misappropriation through acts that would constitute affirmative deception.” 59 Ohio St. L.J. at 1255. Nagy is “troubled” by this, and argues that the current “restrictive” misappropriation theory, “will frustrate the prosecution of future cases involving trading on misappropriated information.” Id. at 1227. She illustrates with an example of a “computer hacker who unlawfully gains access to a corporation's internal network and subsequently manages to uncover confidential information.” Id. at 1253. She notes that, “Because the computer hacker was not entrusted with such access, Section 10(b) and Rule 10b-5 would not be violated under O'Hagan 's theory, even though the computer hacker would be trading securities on the basis of material, nonpublic information that had been misappropriated.” Id. To repair the lacuna, Nagy goes on to suggest a new version of the misappropriation theory, that is “premised on the ‘fraud on the investors.’ ” She believes her fraud on the investors approach “is far superior to the ‘fraud on the source’ version [of the misappropriation theory].”
I agree with these commentators that theft of information should be actionable under the insider trading laws, based on the property rights approach discussed above. But O’Hagan implicitly rejected the property rights approach in favor of a fiduciary duty-based approach. As I explained in Insider Trading Regulation: The Path Dependent Choice Between Property Rights And Securities Fraud:
The majority explained that its version of the misappropriation theory addressed the use of ‘confidential information for securities trading purposes, in breach of a duty owed to the source of the information.‘ Accordingly, ‘a fiduciary's undisclosed, self-serving use of a principal's information to purchase or sell securities, in breach of a duty of loyalty and confidentiality, defrauds the principal of the exclusive use of that information.‘ Someone thus can be held liable under this version of the misappropriation theory only where one deceived the source of the information by failing to disclose one's intent to trade on the basis of the information disclosed by the source. This requirement follows, the majority opined, from the statutory requirement that there be a ‘deceptive device or contrivance‘ used ‘in connection with‘ a securities transaction. The Supreme Court thus rejected Chief Justice Burger's argument in Chiarella that the misappropriation theory created a disclosure obligation, running to those with whom the misappropriator trades. Instead, failure to disclose one's intentions to the source of the information constitutes the requisite disclosure violation under the O'Hagan version of the misappropriation theory.
The Second Circuit tried to finesse the issue by opining that “what is sufficient is not always what is necessary, and none of the Supreme Court opinions considered by the District Court require a fiduciary relationship as an element of an actionable securities claim under Section 10(b).” But this is, at best, shoddy.
O’Hagan, Dirks, and Chiarella all rest on the proposition that not all nondisclosures are securities fraud. All rest on a fiduciary duty or other relationship of trust and confidence. Indeed, the Second Circuit itself in US v. U.S. v. Chestman, 947 F.2d 551 (2d Cir. 1991), explained that:
… the fiduciary relationship question takes on special importance. This is because a fraud-on-the-source theory of liability extends the focus of Rule 10b-5 beyond the confined sphere of fiduciary/shareholder relations to fiduciary breaches of any sort, a particularly broad expansion of 10b-5 liability if the add-on, a “similar relationship of trust and confidence,” is construed liberally. One concern triggered by this broadened inquiry is that fiduciary duties are circumscribed with some clarity in the context of shareholder relations but lack definition in other contexts. Tethered to the field of shareholder relations, fiduciary obligations arise within a narrow, principled sphere. The existence of fiduciary duties in other common law settings, however, is anything but clear. Our Rule 10b-5 precedents under the misappropriation theory, moreover, provide little guidance with respect to the question of fiduciary breach, because they involved egregious fiduciary breaches arising solely in the context of employer/employee associations. For these reasons we tread cautiously in extending the misappropriation theory to new relationships, lest our efforts to construe Rule 10b-5 lose method and predictability, taking over “the whole corporate universe.”
So much for treading cautiously. After Dorozhko, 10b-5 will take over the corporate universe.
If a law student had written the Dorozhko, I’d give him a D (and only because I never ever fail anybody). It is not an interpretation of O’Hagan. It is the creation of an entirely new version of misappropriation liability., carved out of whole cloth and without any regard for precedent. It may be right on policy, but isn’t that for the Supreme Court to decide.
Shoddy is the only word for it.