In SEC v. Dorozhko, 574 F.3d 42  (2d. Cir. 2009), Oleksandr Dorozhko allegedly hacked into IMS Health, Inc.’s (“IMS”) earnings report and used the information to make net profits of $286,456.59 in one day of trading in IMS put options.  In this case, the Second Circuit held that computer hacking may be considered “deceptive” under Section 10(b) of the Securities Exchange Act of 1934 depending on how the hacker infiltrated a company’s computer system.   

According to the SEC’s allegations, Dorozhko hacked into IMS’s earnings report on October 17^th, before the information was available to the public, Dorozhko purchased $41,670.90 of put options.  That afternoon, IMS revealed that their earnings per share were 28% below Wall Street Expectations.  Once IMS’s stock price plummeted from $29.56 to $21.20, Dorozhko sold his put options, thereby gaining a profit of $286,456.59.      

Initially, the SEC filed suit against Dorozhko seeking a preliminary injunction.  The United States District Court for the Southern District of New York denied the SEC’s “motion for a preliminary injunction on the grounds that the conduct alleged in the complaint--- essentially, computer hacking – cannot be “deceptive” under Section 10(b) of the Securities Exchange Act of 1934 as defined by the Supreme Court unless conduct involved a breach of a fiduciary duty.  The SEC appealed this decision to the Second Circuit U.S. Court of Appeals.  The blog has discussed this case and other relevant insider trading information relating to the case on two previous posts.

Section 10(b) “prohibits the use or employ, in connection with the purchase or sale of any security…, [of] any manipulative or deceptive device or contrivance in contravention of such rules and regulations as the [SEC] may prescribe.”  Thus, the issue before the Second Circuit was whether or not “computer hacking” was “deceptive” under §10(b).  The Second Circuit decided that the district court misinterpreted Chiarella v. United States, United States v. O’Hagan, and SEC v. Zandford to establish a “fiduciary-duty requirement as an element of every violation of Section 10(b).” 

The Second Circuit went on to conclude, “[i]n our view, misrepresenting one’s identity in order to gain access to information that is otherwise off limits, and then stealing that information is plainly ‘deceptive’ within the ordinary meaning of the word.”  Therefore, the court held that computer hacking may be “deceptive” under Section 10(b).  However, according to the court, hacking that exploits a weakness in a computer system causing a malfunction to gain greater access, may not be “deceptive” for the purposes of § 10(b).

The Second Circuit appears to have opened the door to the legal theory that computer hacking may at least sometimes be considered “deceptive” under Section 10(b) in connection with insider trading, while closing the door on the idea that “deceptive” under Section 10(b) can only occur through a violation of a duty (whether fiduciary or a duty of trust and confidence).   The Second Circuit remanded the case back to the District Court to determine whether the computer hacking in this case was deceptive. 

The primary materials for this post are available on the DU Corporate Governance website.