SEC v. Dorozhko: No Fiduciary Duty Required to Assert Insider Trading Violations Against Hacker

In a controversial decision that has had the blogosphere buzzing, the Second Circuit determined that a computer hacker who steals and uses material nonpublic information for his own profit might be liable for insider trading violations even if he has no fiduciary relationship with the company or its shareholders. In SEC v. Dorozhko, 574 F.3d 42 (2nd Cir. 2009), the Court agreed with the SEC and several securities commentators who argue that a breach of fiduciary duty should not be required when the defendant relies on affirmative misrepresentation to commit fraud in connection with the purchase or sale of securities. The Court found that the act of hacking might alone satisfy the deception requirement of 10b-5.

BACKGROUND

Oleksandr Dorozhko, a Ukrainian national and resident, opened an online brokerage account and deposited into it about a year’s worth of his income. On October 17, 2007, at about 2:52 pm, he bet nearly all of it on risky, out-of-the-money and at-the-money put options on the stock of IMS Health Inc. Later that day, IMS Health announced that it would miss its earnings estimates by 28%, causing its stock to tumble. Within six minutes of the market opening the next morning, Dorozhko sold all of his options, realizing profits of more than $280,000.

Also on October 17, at 2:15 pm, someone hacked into the computer system of Thompson Financial, which hosted the IMS Health investor relations website. The hacker cloaked his identity and hid his tracks, but managed to overcome the security barriers at the site and gain unauthorized access to confidential information on the secure site about IMS. At 4:33 pm that day, IMS Health announced its disappointing earnings.

The SEC brought a civil injunctive action against Dorozhko on October 29, 2007, claiming that Dorozhko was the hacker who gained the nonpublic information and traded on it. The district court granted a freeze order over the trading profits, but the district court subsequently refused to grant the SEC’s request for a preliminary injunction, finding that computer hacking cannot be “deceptive” as required by section 10(b) of the Securities Exchange Act of 1934 unless there is a breach of a fiduciary duty. As Dorozhko had no fiduciary duty to any relevant party or person, the action could not lie. The SEC appealed to the Second Circuit. SEC v. Dorozhko, 574 F.3d 42 (2nd Cir. 2009).

Affirmative misrepresentation in hacking can satisfy the deception requirement

In 1997, the U.S. Supreme Court adopted the misappropriation theory of insider trading in U.S. v. O’Hagan, 521 U.S. 642 (1997). In O’Hagan, a partner of a law firm that was representing a corporation had inside information regarding that corporation’s intent to make a tender offer to buy a target company and used that information to buy call options in the target company that became very profitable for the lawyer. The lawyer claimed that neither he nor his firm owed a fiduciary duty to the target company, so he did not commit securities fraud by purchasing the options. The Court disagreed, adopting the misappropriation theory to uphold the lawyer’s conviction. Id. at 650. The Court determined that a fiduciary’s undisclosed, self-serving use of a principal’s information to purchase or sell securities, in breach of a duty of loyalty and confidentiality, defrauds the principal of the exclusive use of the information. The lawyer’s deception was grounded in the fact that he was entrusted with access to confidential information and he traded using that information. Id. at 653-655.

Under the misappropriation theory, then, a person commits fraud “in connection with” a securities transaction, thereby violating 10(b) and Rule 10b-5, when he misappropriates confidential information for securities trading purposes. Rule 10b5-1(a) states: “The ‘manipulative and deceptive devices’ prohibited by Section 10(b) of the Act and Rule 10b-5 thereunder include, among other things, the purchase or sale of a security of any issuer, on the basis of material nonpublic information about that security or issuer, in breach of a duty of trust or confidence that is owed directly, indirectly, or derivatively, to the issuer of that security or the shareholders of that issuer, or to any other person who is the source of the material nonpublic information.”

Before Dorozhko, courts have always held that this deception and misappropriation had to be by a fiduciary or someone entrusted with nonpublic information in order for the securities fraud violation to stand. But the SEC has been pressing to go beyond this classic definition, asserting – as it did in Dorozhko, that an insider trading violation may rest merely on the wrongful use of material nonpublic information, regardless of whether the wrongdoer had and/or breached a fiduciary duty.

Dorozhko was not an officer, director, representative or agent of IMS Health, Thompson Financial, or any other relevant party – he had no fiduciary duty to anyone. He was just a hacker. And yet, the SEC brought 10(b) charges against him under the misappropriation theory, arguing that Dorozhko’s deceptive act, for 10(b) purposes, was his alleged computer hacking, which he accomplished by affirmatively misrepresenting himself to gain the information. That affirmative misrepresentation, argued the SEC, superseded the need for a fiduciary duty.

The Second Circuit agreed with the SEC, finding that the precedential cases like O’Hagan did not require a fiduciary duty as an element of every Section 10(b) violation. Indeed, the Court determined that the prevailing theory of fraud in the precedential cases was based on silence or nondisclosure, rather than an affirmative misrepresentation. In other words, previous cases dealt with a failure to disclose by a wrongdoer who had a duty to reveal his actions due to a fiduciary or confidential relationship.

The Second Circuit distinguished Dorozhko from the failure-to-disclose cases, finding that computer hacking was an affirmative act of misrepresentation, rather than an act of wrongful silence. The previous cases, stated the court, “all dealt with fraud qua silence, [but] an affirmative misrepresentation is a distinct species of fraud. Even if a person does not have a fiduciary duty to ‘disclose or abstain from trading,’ there is nonetheless an affirmative obligation in commercial dealings not to mislead… the SEC argues that defendant affirmatively misrepresented himself in order to gain access to material, nonpublic information, which he then used to trade. We are aware of no precedent of the Supreme Court or our Court that forecloses or prohibits the SEC’s straightforward theory of fraud.” 574 F.3d at 49.

The Court remanded the case to the District Court for a determination of whether in fact Dorozhko’s conduct was deceptive within the meaning of the statute and the rule. “In our view, misrepresenting one’s identity in order to gain access to information that is otherwise off limits, and then stealing that information is plainly ‘deceptive’ within the ordinary meaning of the word. It is unclear, however, that exploiting a weakness in an electronic code to gain unauthorized access is ‘deceptive,’ rather than being mere theft.” Id. at 51.

CONCLUSION

The Second Circuit’s opinion in Dorozhko has the blogosphere in an uproar, with many commentators claiming that the Court enabled the SEC’s effort to perform an end-run around the fiduciary requirement of insider trading law. Computer hackers who steal and use information may be criminally liable for theft and fraud, they say, but it is a stretch to bring their actions into the realm of securities fraud.

But the Court and the SEC face a dilemma – how to address the new methods people are finding to access and trade on nonpublic information through the use of technology. As Justice Douglas wrote in Superintendent of Insurance v. Bankers Life and Casualty Co., 404 U.S. 6, 10 n.7 (1971): “We believe that section 10(b) and Rule 10b-5 prohibit all fraudulent schemes in connection with the purchase or sale of securities, whether the artifices employed involve a garden type variety fraud, or present a unique form of deception. Novel or atypical methods should not provide immunity from the securities laws.”

Given that the Second Circuit’s opinion is a novel departure from the prevailing precedent, most commentators are calling for Supreme Court review of the issue and definitive answer to the fiduciary duty requirement in (or not) in insider trading cases.

Connect on Linkedin®

Josh Lawler

Joel B. Ginsberg

More Updates