Hacking Wall Street: Reconceptualizing Insider Trading Law for Computer Hacking and Trading Schemes
28 Pages Posted: 10 Sep 2018 Last revised: 8 Jan 2019
Date Written: July 30, 2018
This paper explores how insider trading law addresses computer hackers who employ cyberattacks in connection with the purchase or sale of securities. Current securities law is ill-equipped to deal with hackers because unlike the typical insider trading defendant a hacker does not owe a fiduciary duty to shareholders or a duty of confidentiality to someone that provides material non-public information. In order to bring hackers within the ambit of securities law, the U.S. Securities and Exchange Commission (SEC) has developed a novel theory of liability that treats hacking and trading as a form of deception in violation of Section 10(b) of the Securities Exchange Act of 1934. However, the viability of the SEC’s theory’s remains to be seen as only one case has explicitly endorsed it—SEC v. Dorozhko, 574 F.3d 42 (2d Cir. 2009). From a normative perspective, this paper argues that the Second Circuit’s decision in Dorozhko correctly expanded Section 10(b) to hackers who trade on the basis of information obtained through deceptive hacking techniques. However, this paper takes issue with the court’s proposition that computer hacking only amounts to deception under Section 10(b) when the hacker misrepresents his or her “identity in order to gain access to information that is otherwise off limits, and then steal[s] that information” for purposes of securities trading.
Currently, existing scholarship fails to thoroughly explore how hackers could escape the scope of Section 10(b) by using certain hacking techniques. This paper adds to the existing literature by arguing that even if the judiciary endorses the SEC’s reconceptualization of insider trading, it is unlikely that the theory would apply to certain sophisticated cybersecurity schemes—such as informed cyber-trading whereby investors trade “on the basis of advanced knowledge of a cybersecurity breach.” In addition, Dorozhko would probably not apply to schemes in which hackers short a corporation’s stock and then initiate a cyberattack, such as a distributed denial of service (DDoS) attack, in order to cause a decline in the stock price. Such a scheme would likely fall outside the scope of Dorozhko because even though the hackers masqueraded their identities, the hackers did not misrepresent themselves in order to obtain the type of confidential information typically used by inside traders.
Keywords: Insider Trading, Computer Hacking, Securities Fraud, Securities Exchange Act of 1934, Section 10(b)
JEL Classification: K00, K22, G14
Suggested Citation: Suggested Citation