In SEC v. Dorozhko, 2009 WL 2169201 (2d Cir. July 22, 2009), the United States Court of Appeals for the Second Circuit held that computer hacking for purposes of obtaining and trading on inside information may be a “deceptive device” under Section 10(b) of the Securities Exchange Act of 1934 and Rule 10b-5, even where the hacker owed no fiduciary duty to the issuer. This holding appears in conflict with a 2007 decision from the Fifth Circuit, and can be viewed as expanding the scope of liability for insider trading to those who owe no fiduciary duties to the issuers of the stock being traded.
In October of 2007, IMS Health, Inc. announced that it would release its third-quarter earnings later that month. About the same time, Ukrainian resident Oleksandr Dorozhko opened an online trading account and deposited $42,500 into the account. On the day that IMS was to announce its earnings, an anonymous computer hacker accessed IMS's web host’s secure servers and downloaded data about IMS earnings, which were due to be released later that afternoon. The data showed that IMS’s third-quarter earnings were 28% below Wall Street estimates. Minutes later, Dorozhko bought put options with nearly all of the money in his online account. When the stock market opened the next morning, the price of IMS stock sunk precipitously after investors saw the lower-than-expected earning reports. Dorozhko immediately sold his put options, making a profit of nearly $290,000 in a matter of minutes. The Securities & Exchange Commission (“SEC”) caught wind of this irregular activity and, after an investigation, brought a civil enforcement lawsuit against Dorozhko for fraud, alleging that he was the hacker and that he misrepresented himself to obtain and trade on material, nonpublic information in connection with the purchase and sale of securities. The SEC then sought a temporary restraining order to freeze Dorozhko’s proceeds from his put options in his online brokerage account.
The district court denied the SEC’s request for a temporary restraining order because the court found that his computer hacking was not deceptive under Section 10(b). Section 10(b) prohibits the use of any manipulative or deceptive device in connection with buying and selling securities. Relying on Supreme Court decisions in Chiarella v. United States, 445 U.S. 222 (1980); United States v. O’Hagan, 521 U.S. 642 (1997); and SEC v. Zandford, 535 U.S. 813 (2002), the district court held that there is a fiduciary duty requirement attached to the prohibition on the use of a deceptive device to commit fraud by misrepresentation. Since Dorozhko was a corporate outsider and owed no fiduciary duty to IMS or the web-hosting service, his behavior was not a “deceptive device” and thus did not violate Section 10(b). The SEC appealed the ruling to the Second Circuit.
The Second Circuit reversed, holding that there is no fiduciary duty requirement for a device to be “deceptive” under Section 10(b) where the alleged fraud is an affirmative misrepresentation. The Court held that Chiarella, O’Hagan and Zandford do not impose a fiduciary duty requirement under Section 10(b) for an affirmative misrepresentation. Rather, these cases stand for the proposition that nondisclosure in breach of a fiduciary duties is sufficient to satisfy Section 10(b)’s deceptive device requirement. Nondisclosure is “a distinct species of fraud” from misrepresentation. The Court held that in the case of misrepresentation, even those without fiduciary duties have an obligation not to mislead.
The Court also held that, absent this fiduciary requirement, the plain meaning of “deceptive” is broad enough to cover misrepresentation. The Court could point to no Supreme Court or Second Circuit case that specially limited the definition of “deceptive.” Rather, “deceptive” is often equated with fraud, deceit and giving a false impression. Given this interpretation, the Court held that materially misrepresenting oneself to gain access to material, nonpublic information in order to buy and sell securities falls within the definition of “deceptive” under Section 10(b). The Second Circuit remanded the case to the district court in order to consider whether this particular instance of computer hacking was, in fact, “deceptive.”
This decision has the potential to expand Section 10(b) liability to a wider range of parties who take advantage of access to material nonpublic information regarding an issuer. Anyone who obtains information surreptitiously and trades on that information may be subjected to enforcement or liability, regardless of their relationship — if any — to the issuer. Furthermore, the Second Circuit observed that its decision appears in conflict with one of its “sister circuits.” See Regents of the Univ. of Cal. v. Credit Suisse First Boston (USA), Inc., 482 F.3d 372, 389 (5th Cir. 2007). This circuit conflict, coupled with a perceived expansion of Section 10(b) liability, suggests that this decision may receive the attention of the Supreme Court.