FROM THE OUTSIDE IN: A LAW AND ECONOMICS PERSPECTIVE ON INSIDER TRADING CASES INVOLVING CYBERCRIME.

• Author: Collier, Jaclyn

1. Introduction

   "It is doubtful whether any other type of public regulation of economic activity has been so widely admired as the regulation of the securities markets by the Securities and Exchange Commission." (1)

   To many people, and certainly the Securities and Exchange Commission ("SEC"), it is categorically unfair for insiders who have access to material nonpublic information to trade on it for their own personal gain. (2) On the other side of the argument, the idea that insider trading is "just wrong" is generally not accepted by many law and economics intellectuals. (3) Despite the lack of agreement about whether insider trading should be illegal, hacking into another company's system in order to access the material nonpublic information that is then used to trade is itself a crime. (4) But is it insider trading? (5) Insider trading has long been a significant element of the enforcement regime of the SEC. (6) In 2009, the Dorozhko decision in the Second Circuit opened the door to the SEC to seek enforcement against company outsiders who traded on material nonpublic information obtained through cybercrime; (7) however, the question remains whether it should. (8) Hackers are an interesting species for the SEC because the activities they engage in to obtain the material nonpublic information do not easily fit into the traditional definitions of insider trading. (9)

   Through a law and economics analysis, this Note will discuss insider trading cases where traders traded on material nonpublic information obtained through commission of a cybercrime and whether the SEC should pursue those kinds of insider trading cases. Part II will provide historical background on insider trading law and the evolution of cybercrime as it relates to insider trading. (10) it will also discuss the classical law and economics arguments related to the regulation of insider trading. Part III will discuss the SEC's recent complaint in Dubovoy to give substance to the law and economics arguments around prosecution of insider trading cases involving hacking. (11) Part IV will argue that the existing law is not designed or intended to bring actions against company outsiders trading on material nonpublic information obtained though cybercrime. (12) Using economic efficiency analysis, Part V will show that the SEC should not focus on these cases because it is not a good use of resources for a government agency that has a limited budget. (13) Instead, these cases should be prosecuted as a cybercrime by the Department of Justice ("DOJ") and other law enforcement agencies, leaving the SEC to focus on investigating and prosecuting cases where its finite resources could be more effectively deployed.

2. History

   1. Background on the Mandate of the SEC

      The SEC's mandate is to protect investors through the maintenance of fair and orderly securities markets. (14) The Securities Exchange Act of 1934 ("Exchange Act"), a federal law that was implemented after the great 1929 stock market crash, was designed to regulate the securities exchanges (e.g., the New York Stock Exchange). (15) The congressional hearings and reports preceding the passage of the Exchange Act demonstrate that in the wake of the 1929 crash there was public concern that market abuses caused the crash. (16) The Exchange Act established the SEC, (17) which was empowered through the act to regulate all aspects of the securities industry. (18) This broad authority is divided amongst numerous divisions and offices within the SEC. (19)

      The Division of Enforcement is responsible for prosecuting insider trading cases. (20) it works closely with the office of Compliance Inspections and Examinations and other areas of the SEC to obtain evidence of potential violations of securities laws. (21) The SEC is required to provide reports annually to Congress on its enforcement effort, the success of which is critical to the SEC's ability to maintain political support, which in turn allows the agency to get increases in funding. (22) In its fiscal year 2014, the SEC reported an all-time record in enforcement; however, serious questions have been raised about the methodology used to create those reports. (23) Despite the availability of information from the SEC on its enforcement program, it remains difficult to measure with any degree of accuracy the actual success of the program. (24)

   2. SEC Insider Trading Theories

      Insider trading is a term used to describe the act of trading a security for illicit gains based on information not known to others that has the potential to significantly impact the price of that security. (25) That information is typically referred to as material nonpublic information. (26) Insider trading has its roots in state corporate law, (27) but insider trading as we know it today has its roots in federal securities law. (28) In addition to creating the SEC, the Exchange Act also created the primary law governing the regulation of insider trading. (29) The Exchange Act was intended to protect investors and increase the public's confidence in the securities markets by promoting fairness and transparency in the purchase and sale of securities. (30) For the most part, the SEC is empowered to prosecute insider trading cases from section 10(b) from the Exchange Act, a catchall provision that prohibits "any manipulative or deceptive device or contrivance", (31) and Rule 10b-5, (32) and Rule 10b5-1, promulgated thereunder. (33)

      The SEC has historically focused on prosecuting insider trading cases under two main theories of liability: the "classical theory" and the "misappropriation theory". (34) It is a violation of section 10(b) and Rule 10b-5 under the classical theory when a corporate insider (35) trades the corporation's securities based on material nonpublic information about the corporation. (36) Under the classical theory, the Supreme Court has imposed a requirement to abstain from trading or disclosing the information. (37) The misappropriation theory expands insider trading liability. (38) Under the misappropriation theory, a corporate outsider misappropriates material nonpublic information he received from a source to whom he owed a duty and then uses that information to trade. (39) In this instance the trader has deceived the source of the information and breached his duty to the source. (40) The SEC promulgated Rule 10b5-2 in 2000, which provides detail about certain circumstances when a "duty of trust or confidence" arises for which a breach would be considered a misappropriation of information in violation of section 10(b). (41)

      Over the years, the SEC continuously tries to broaden its span of control under the insider trading laws. (42) More recently, the SEC has attempted to expand insider trading theory to prohibit people with no fiduciary duty to the company or a third party from trading on the basis of material nonpublic information. (43) In the Cuban case, the SEC alleged that Cuban breached his contractual obligation to maintain the confidentiality of certain information. (44) The case, which was decided in the Fifth Circuit, culminated in a jury trial finding for Cuban. (45) In the McGee case, the SEC alleged that McGee had an agreement, as a member of Alcoholics Anonymous ("AA"), to keep information another member discussed with him confidential. (46) The court agreed that McGee breached his duty to his fellow AA member by trading on material nonpublic information gleaned from that member. (47)

      Over the last several years the SEC has also pursued insider trading cases against company outsiders with no duty to the company or its shareholders who are even further removed--hacker who break into computer systems, steal material nonpublic information, and then trade on it. (48) In Dorozhko, the Second Circuit directly addressed insider trading by hackers, holding that the hacker must have lied or committed some fraud to find an affirmative misappropriation. (49) It may strain credulity to label computer hacking a lie, but the misappropriation theory is the only theory that even remotely suits insider trading cases for hackers. (50) Although the court found that it is a violation of Rule 10b-5 for a hacker to misrepresent his identity to gain access to the information, it also indicated that a hacker who gains access to a system without any misrepresentation does not violate the Rule. (51)

   3. Second Circuit Decides Section 10(b) Captures (Some) Hackers

      In the complaint against Dorozhko, the SEC alleged that Dorozhko violated Section 10(b) and Rule 10b-5 by hacking into systems and computer networks that contained information about a company's pending earning announcement, thereby gaining access to material nonpublic information. (52) That same day, Dorozhko used the information obtained by hacking to buy put options ("puts") on the company's stock. (53) The purchases Dorozhko made represented about 90% of all puts purchased in the company's stock in the six weeks leading up to the date Dorozhko purchased the puts. (54) By buying these puts, Dorozhko was betting that the company's stock price would decline before the puts expired. (55) Later that day, the company announced that its earnings were 28% below the consensus expectations of Wall Street analysts. (56) At the open of the market the next morning, the company's stock price dropped roughly 28%, making the puts much more valuable. (57) Almost immediately, Dorozhko sold all of the puts he bought the previous day and realized $286,456.59 in net profits. (58) The broker Dorozhko used to execute these trades detected the unusual trading activity and notified the SEC. (59)

      The SEC sought a preliminary injunction to freeze the proceeds of the put transaction in Dorozhko's brokerage account. (60) The District Court decided that Dorozhko did not violate Section 10(b) because computer hacking did not meet the definition of "deceptive" as characterized by the Supreme Court, and there was no breach of fiduciary...