Sunday, March 28, 2021
Eric C. Chaffee has posted Schrödinger’s Hacker: Insider Trading and Data Breaches on SSRN with the following abstract:
The current legal framework governing insider trading is a rich fabric of interwoven stories constructed on a loom of law and regulation. Despite securities law at times gaining a reputation for being cumbersome and onerous, the stories underlying insider trading regulation are usually vibrant and engaging.
The current story regarding the intersection of hacking and insider trading is that of Oleksandr Dorozhko, a Ukrainian hacker held liable for violating section 10(b) and Rule 10b-5. Importantly, because that story ended in an unopposed motion for summary judgment against Dorozhko, the law remains unclear as to whether a hacker who merely exploits a weakness in software to obtain material nonpublic information has violated section 10(b) and Rule 10b-5.
Hacking has become a ubiquitous concern in our society. Oleksandr Dorozhko’s tale illustrates that federal securities regulation is currently inadequate to deal with the securities issues associated with hacking, which poses a threat to the stability of securities markets in the United States. This Essay offers a proposed rule to remedy this problem that gives the SEC the ability to clarify how insider trading regulation can and should address hacking.