Docket No. 08-0201-cv.United States Court of Appeals, Second Circuit.Argued: April 3, 2009.
Decided: July 22, 2009.
Appeal from the United States District Court for the Southern District of New York, Naomi Reice Buchwald, J.
Mark Pennington, Assistant General Counsel (Brian G. Cartwright, General Counsel, Andrew N. Vollmer, Deputy General Counsel, Jacob H. Stillman, Solicitor, and David Lisitza, Attorney, on the brief), Washington, D.C.
Charles A. Ross (Christopher L. Padurano and Stephanie M. Carvlin, on the brief) Charles A. Ross Assoc., LLC, New York, NY.
Before: CABRANES, HALL, Circuit Judges, and SULLIVAN, District Judge.[*]
JOSÉ A. CABRANES, Circuit Judge:
We are asked to consider whether, in a civil enforcement lawsuit brought by the United States Securities and Exchange Commission (“SEC”) under Section 10(b)
of the Securities Exchange Act of 1934 (“Section 10(b)”), computer hacking may be “deceptive” where the hacker did not breach a fiduciary duty in fraudulently obtaining material, nonpublic information used in connection with the purchase or sale of securities. For the reasons stated herein, we answer the question in the affirmative.
In early October 2007, defendant Oleksandr Dorozhko, a Ukranian national and resident, opened an online trading account with Interactive Brokers LLC (“Interactive Brokers”) and deposited $42,500 into that account. At about the same time, IMS Health, Inc. (“IMS”) announced that it would release its third-quarter earnings during an analyst conference call scheduled for October 17, 2007 at 5 p.m. — that is, after the close of the securities markets in New York City. IMS had hired Thomson Financial, Inc. (“Thomson”) to provide investor relations and web-hosting services, which included managing the online release of IMS’s earnings reports.
Beginning at 8:06 a.m. on October 17, and continuing several times during the morning and early afternoon, an anonymous computer hacker attempted to gain access to the IMS earnings report by hacking into a secure server at Thomson prior to the report’s official release. At 2:15 p.m. — minutes after Thomson actually received the IMS data — that hacker successfully located and downloaded the IMS data from Thomson’s secure server.
Beginning at 2:52 p.m., defendant — who had not previously used his Interactive Brokers account to trade — purchased $41,670.90 worth of IMS “put” options that would expire on October 25 and 30, 2007. These purchases represented approximately 90% of all purchases of “put” options for IMS stock for the six weeks prior to October 17. In purchasing these options, which the SEC describes as “extremely risky,” defendant was betting that IMS’s stock price would decline precipitously (within a two-day expiration period) and significantly (by greater than 20%). Appellant’s Br. 2.
At 4:33 p.m. — slightly ahead of the analyst call — IMS announced that its earnings per share were 28% below “Street” expectations, i.e., the expectations of many Wall Street analysts. When the market opened the next morning, October 18, at 9:30 a.m., IMS’s stock price sank approximately 28% almost immediately — from $29.56 to $21.20 per share. Within six minutes of the market opening, defendant had sold all of his IMS options, realizing a net profit of $286,456.59 overnight.
Interactive Brokers noticed the irregular trading activity and referred the matter to the SEC, which now alleges that defendant was the hacker. See SEC v. Dorozhko, 606 F.Supp.2d 321, 323 (S.D.N.Y. 2008) (explaining that the SEC’s theory rests on “two undisputed events: (1) the fact of the hack, and (2) the proximity to the hack of the trades by [defendant,] who was the only individual to trade heavily in IMS Health put options subsequent to the hack”). On October 29, 2007, the SEC sought and received from the United States District Court for the Southern District of New York (Naomi Reice Buchwald Judge) a temporary restraining order freezing the proceeds of the “put” option transactions in defendant’s brokerage
account. The District Court held a preliminary injunction hearing on the matter on November 28, 2007, at which it heard testimony and considered various affidavits.
On January 8, 2008, in a thoughtful and careful opinion, the District Court denied the SEC’s request for a preliminary injunction because the SEC had not shown a likelihood of success. Specifically, the District Court ruled that computer hacking was not “deceptive” within the meaning of Section 10(b) as defined by the Supreme Court. According to the District Court, “a breach of a fiduciary duty of disclosure is a required element of any `deceptive’ device under § 10b.”Dorozhko, 606 F.Supp.2d at 330. The District Court reasoned that since defendant was a corporate outsider with no special relationship to IMS or Thomson, he owed no fiduciary duty to either. Although computer hacking might be fraudulent and might violate a number of federal and state criminal statutes, the District Court concluded that this behavior did not violate Section 10(b) without an accompanying breach of a fiduciary duty.
This appeal followed. On appeal, the SEC maintains its theory that the fraud in this case consists of defendant’s alleged computer hacking, which involves various misrepresentations. The SEC does not argue that defendant breached any fiduciary duties as part of his scheme. In this critical regard, we recognize that the SEC’s claim against defendant — a corporate outsider who owed no fiduciary duties to the source of the information — is not based on either of the two generally accepted theories of insider trading. See United States v. Cusimano, 123 F.3d 83, 87 (2d Cir. 1997) (distinguishing “the traditional theory of insider trading, under which a corporate insider trades in the securities of his own corporation on the basis of material, non-public information,” from “the misappropriation theory, [under which] § 10(b) and Rule 10b-5 are violated whenever a person trades while in knowing possession of material, non-public information that has been gained in violation of a fiduciary duty to its source”). The SEC’s claim is nonetheless based on a claim of fraud, and we turn our attention to whether this fraud is “deceptive” within the meaning of Section 10(b).
DISCUSSIONStandard of Review
We review the grant or denial of a preliminary injunction for abuse of discretion. E.g., Kickham Hanley P.C. v. Kodak Retirement Income Plan, 558 F.3d 204, 209 (2d Cir. 2009) (“[A]buse of discretion . . . occurs when (1) its decision rests on an error of law or a clearly erroneous factual finding, or (2) its decision — though not necessarily the product of a legal error or a clearly erroneous factual finding — cannot be located within the range of permissible decisions.” (internal citations, parentheticals, and quotation marks omitted)); Davis v. New York, 316 F.3d 93, 102
(2d Cir. 2002).
“Section 10(b) prohibits the use or employ, in connection with the purchase or sale of any security . . ., [of] any manipulative or deceptive device or contrivance in contravention of such rules and regulations as the [SEC] may prescribe.”15 U.S.C. § 78j(b) The instant case requires us to
decide whether the “device” in this case — computer hacking — could be “deceptive.”
In construing the text of any federal statute, we first consider the precedents that bind us as an intermediate appellate court — namely, the holdings of the Supreme Court and those of prior panels of this Court, which provide definitive interpretations of otherwise ambiguous language. Insofar as those precedents fail to resolve an apparent ambiguity, we examine the text of the statute itself, interpreting provisions in light of their ordinary meaning and their contextual setting See United States v. Magassouba, 544 F.3d 387, 404 (2d Cir. 2008) (“In determining whether statutory language is ambiguous, we `reference . . . the language itself, the specific context in which that language is used, and the broader context of the statute as a whole.'” (quoting Robinson v. Shell Oil Co., 519 U.S. 337, 341, 117 S.Ct. 843, 136 L.Ed.2d 808
(1997))). Where the statutory language remains ambiguous, “we resort to canons of construction and, if the meaning still remains ambiguous, to legislative history.” Magassouba, 544 F.3d at 404 (internal alterations and quotation marks omitted).
The District Court determined that the Supreme Court has interpreted the “deceptive” element of Section 10(b) to require a breach of a fiduciary duty. See Dorozhko, 606 F.Supp.2d at 338 (“[T]he Supreme Court has in a number of opinions carefully established that the essential component of a § 10(b) violation is a breach of a fiduciary duty to disclose or abstain that coincides with a securities transaction.”). The District Court reached this conclusion by relying principally on three Supreme Court opinions:Chiarella v. United States, 445 U.S. 222, 100 S.Ct. 1108, 63 L.Ed.2d 348 (1980), United States v. O’Hagan, 521 U.S. 642, 117 S.Ct. 2199, 138 L.Ed.2d 724 (1997), an SEC v. Zandford, 535 U.S. 813, 122 S.Ct. 1899, 153 L.Ed.2d 1 (2002). We consider each of these cases in turn.
In Chiarella, the defendant was employed by a financial printer and used information passing through his office to trade securities offered by acquiring and target companies. In a criminal prosecution,
the government alleged that the defendant committed fraud by not disclosing to the market that he was trading on the basis of material, nonpublic information. The Supreme Court held that defendant’s “silence,” or nondisclosure, was not fraud because he was under no obligation to disclose his knowledge of inside information. “When an allegation of fraud is based upon nondisclosure, there can be no fraud absent a duty to speak. We hold that a duty to disclose under § 10(b) does not arise from the mere possession of non-public market information.”445 U.S. at 235, 100 S.Ct. 1108; see also United States v. Chestman, 947 F.2d 551, 575 (2d Cir. 1991) (Winter J., concurring in part and dissenting in part) (stating that, after Chiarella, “silence cannot constitute a fraud absent a duty to speak owed to those who are injured”). Justice Blackmun, joined by Justice Marshall, dissented. In their view, stealing information from an employer was fraudulent within the meaning of Section 10(b) because the statute was designed as a “catchall” provision to protect investors from unknown risks. Id. at 246, 100 S.Ct. 1108 (Blackmun J., dissenting). According to Justice Blackmun, the majority had “confine[d]” the meaning of fraud “by imposition of a requirement of a `special relationship’ akin to fiduciary duty before the statute gives rise to a duty to disclose or to abstain from trading upon material, nonpublic information.”Id.
In O’Hagan, the defendant was an attorney who traded in securities based on material, nonpublic information regarding his firm’s clients. As in Chiarella, the government alleged that the defendant had committed fraud through “silence” because the defendant had a duty to disclose to the source of the information (his client) that he would trade on the information. The Supreme Court agreed, noting that “[d]eception through nondisclosure is central to the theory of liability for which the Government seeks recognition.” 521 U.S. at 654, 117 S.Ct. 2199. “[I]f the fiduciary discloses to the source that he plans to trade on the nonpublic information, there is no `deceptive device’ and thus no § 10(b) violation — although the fiduciary-turned-trader may remain liable under state law for breach of a duty of loyalty.” Id.
at 655, 117 S.Ct. 2199.
In Zandford, the defendant was a securities broker who traded under a client’s account and transferred the proceeds to his own account. The Fourth Circuit held that the defendant’s fraud was not “in connection with” the purchase or sale of a security because it was mere theft that happened to involve securities, rather than true securities fraud. The Supreme Court reversed in a unanimous opinion, observing that Section 10(b) “should be construed not technically and restrictively, but flexibly to effectuate its remedial purposes.” 535 U.S. at 819, 122 S.Ct. 1899. Although the Court warned that not “every common-law fraud that happens to involve securities [is] a violation of § 10(b),” id. at 820, 122 S.Ct. 1899, the defendant’s scheme was a single plan to deceive, rather than a series of independent frauds, and was therefore “in connection with” the purchase or sale of a security, id. at 825, 122 S.Ct. 1899. In a final footnote, the Court offered the following observation: “[I]f the
broker told his client he was stealing the client’s assets, that breach of fiduciary duty might be in connection with a sale of securities, but it would not involve a deceptive device or fraud.” 535 U.S. at 825 n. 4, 122 S.Ct. 1899. In the instant case, the District Court interpreted the Zandford
footnote as an “explicit acknowledgmen[t] that Zandford would not be liable under § 10(b) if he had disclosed to Wood that he was planning to steal his money.”Dorozhko, 606 F.Supp.2d at 338.
The District Court concluded that in Chiarella, O’Hagan, and Zandford, the Supreme Court developed a requirement that any “deceptive device” requires a breach of a fiduciary duty. In applying that interpretation to the instant case, the District Court ruled that “[a]lthough [defendant] may have broken the law, he is not liable in a civil action under § 10(b) because he owed no fiduciary or similar duty either to the source of his information or to those he transacted with in the market.” Dorozhko, 606 F.Supp.2d at 324. At least one of our sister circuits has made the same observation relying on the same precedent. See Regents of the Univ. of Cal. v. Credit Suisse First Boston (USA), Inc., 482 F.3d 372, 389 (5th Cir. 2007) (discussing Chiarella an O’Hagan, and stating that “the [Supreme] Court . . . has established that a device, such as a scheme, is not `deceptive’ unless it involves breach of some duty of candid disclosure”).
In our view, none of the Supreme Court opinions relied upon by the District Court — much less the sum of all three opinions — establishes a fiduciary-duty requirement as an element of every violation of Section 10(b). In Chiarella, O’Hagan, and Zandford, the theory of fraud was silence or nondisclosure, not an affirmative misrepresentation. The Supreme Court held that remaining silent was actionable only where there was a duty to speak, arising from a fiduciary relationship. In Chiarella, the Supreme Court held that there was no deception in an employee’s silence because he did not have duty to speak. See 445 U.S. at 226, 100 S.Ct. 1108 (“This case concerns the legal effect of the petitioner’ silence.” (emphasis added)); see also id.
at 227-28, 100 S.Ct. 1108 (“At common law, misrepresentation made for the purpose of inducing reliance upon the false statement is fraudulent. But one who fails to disclose material information prior to the consummation of a transaction commits fraud only when he is under a duty to do so.” (emphasis added)). In O’Hagan, an attorney who traded on client secrets had a fiduciary duty to inform his firm that he was trading on the basis of the confidential information. See 521 U.S. at 653, 117 S.Ct. 2199 (noting that a “breach of a duty of trust and confidence . . . to his law firm” was conduct that “satisfies § 10(b)’s requirement that chargeable conduct involve a `deceptive device or contrivance'”); see also id. at 654, 117 S.Ct. 2199 (“Deception throug nondisclosure is central to the theory of liability
for which the Government seeks recognition.” (emphasis added)). Even in Zandford, which dealt principally with the statutory requirement that a deceptive device be used “in connection with” the purchase or sale of a security, the defendant’s fraud consisted of not telling his brokerage client — to whom he owed a fiduciary duty — that he was stealing assets from the account, See 535 U.S. at 822, 122 S.Ct. 1899 (“[Defendant’s brokerage clients] were injured as investors through [defendant’s] deceptions, which deprived them of any compensation for the sale of their valuable securities.”); see also id. at 823, 122 S.Ct. 1899
(“[A]ny distinction between omissions and misrepresentations is illusory in the context of a broker who has a fiduciary’ duty to her clients.”).
Chiarella, O’Hagan, and Zandford all stand for the proposition that nondisclosure in breach of a fiduciary duty “satisfies § 10(b)’s requirement . . . [of] a `deceptive device or contrivance,'” O’Hagan, 521 U.S. at 653, 117 S.Ct. 2199. However, what is sufficient is not always what is necessary, and none of the Supreme Court opinions considered by the District Court require a fiduciary relationship as an element of an actionable securities claim under Section 10(b). While Chiarella, O’Hagan, and Zandford
all dealt with fraud qua silence, an affirmative misrepresentation is a distinct species of fraud. Even if a person does not have a fiduciary duty to “disclose or abstain from trading,” there is nonetheless an affirmative obligation in commercial dealings not to mislead. See, e.g., Basic Inc. v. Levinson, 485 U.S. 224, 240 n. 18, 108 S.Ct. 978, 99 L.Ed.2d 194 (1988) (distinguishing “situations where insiders have traded in abrogation of their duty to disclose or abstain,” from “affirmative misrepresentations by those under no duty to disclose (but under the ever-present duty not to mislead)”).
In this case, the SEC has not alleged that defendant fraudulently remained silent in the face of a “duty to disclose or abstain” from trading. Rather, the SEC argues that defendant affirmatively misrepresented himself in order to gain access to material, nonpublic information, which he then used to trade. We are aware of no precedent of the Supreme Court or our Court that forecloses or prohibits the SEC’s straightforward theory of fraud. Absent a controlling precedent that “deceptive” has a more limited meaning than its ordinary meaning, we see no reason to complicate the enforcement of Section 10(b) by divining new requirements. In reaching this conclusion, we are mindful of the Supreme Court’s oft-repeated instruction that Section 10(b) “should be construed not technically and restrictively, but flexibly to effectuate its remedial purposes.” Zandford,
535 U.S. at 819, 122 S.Ct. 1899 (internal quotation marks omitted).
Accordingly, we adopt the SEC’s proposed interpretation o Chiarella and its progeny: “misrepresentations are fraudulent, but . . . silence is fraudulent only if there is a duty to disclose.” Appellant’s Br. 44.
Having denied the SEC’s application for a preliminary injunction freezing defendant’s trading account on the basis of a perceived fiduciary duty requirement stemming from the Chiarella
line of insider trading cases, the District Court did not decide whether the ordinary meaning of “deceptive” covers the computer hacking in this case — or, indeed, whether the computer hacking in this case involved any misrepresentation at all. Defendant invites us to remand both questions so that the District Court may decide in the first instance.
In its ordinary meaning, “deceptive” covers a wide spectrum of conduct involving cheating or trading in falsehoods See Webster’s International Dictionary 679 (2d ed. 1934) (defining “deceptive” as “tending to deceive,” and defining “deceive” as “[t]o cause to believe the false, or to disbelieve the true” or “[t]o impose upon; to deal treacherously with; cheat”). Cf. Ernst Ernst v. Hochfelder, 425 U.S. 185, 199 n. 20, 96 S.Ct. 1375, 47 L.Ed.2d 668 (1976) (consulting the 1934 edition of Webster’s International Dictionary to define other relevant terms in Section 10(b)); In re Parmalat Sec. Litig., 376 F.Supp.2d 472, 502 n. 152 (S.D.N.Y. 2005) (consulting the 1934 edition of Webster’s International Dictionary to define “deceptive”). In light of this ordinary meaning, it is not at all surprising that Rule 10b-5 equates “deceit” with “fraud.” See 17 C.F.R. § 240.10b-5
(prohibiting “any untrue statement of a material fact . . . or . . . any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person, in connection with the purchase or sale of any security” (emphases added)). Indeed, we have previously observed that the conduct prohibited by Section 10(b) and Rule 10b-5 “irreducibly entails some act that gives the victim a false impression.”United States v. Finnerty, 533 F.3d 143, 148
(2d Cir. 2008).
The District Court — summarizing the SEC’s allegations — described the computer hacking in this case as “employ[ing] electronic means to trick, circumvent, or bypass computer security in order to gain unauthorized access to computer systems, networks, and information . . . and to steal such data.” Dorozhko, 606 F.Supp.2d at 329. On appeal, the SEC adds a further gloss, arguing that, in general, “[computer
h]ackers either (1) `engage in false identification and masquerade as another user[‘] . . . or (2) `exploit a weakness in [an electronic] code within a program to cause the program to malfunction in a way that grants the user greater privileges.'” Appellant’s Br. 22-23 (quoting Orin S. Kerr, Cybercrime Scope: Interpreting “Access” and “Authorization” in Computer Misuse Statutes, 78 N.Y.U. L. Rev. 1596, 1645 (2003)). In our view, misrepresenting one’s identity in order to gain access to information that is otherwise off limits, and then stealing that information is plainly “deceptive” within the ordinary meaning of the word. It is unclear, however, that exploiting a weakness in an electronic code to gain unauthorized access is “deceptive,” rather than being mere theft. Accordingly, depending on how the hacker gained access, it seems to us entirely possible that computer hacking could be, by definition, a “deceptive device or contrivance” that is prohibited by Section 10(b) and Rule 10b-5.
However, we are hesitant to move from this general principle to a particular application without the benefit of the District Court’s views as to whether the computer hacking in this case — as opposed to computer hacking in general — was “deceptive.” Our caution is counseled by the considerable and careful efforts the District Court has already devoted to this case, including hearing live testimony from witnesses at a preliminary injunction hearing that covered, among other topics, how Thomson’s secure servers were infiltrated. See, e.g., J.A. 848 Tr. of Preliminary Injunction Hearing at 40-41, Dorozkho, 606 F.Supp.2d. 321 (No. 07 civ 9606). Having established that the SEC need not demonstrate a breach of fiduciary duty, we now remand to the District Court to consider, in the first instance, whether the computer hacking in this case involved a fraudulent misrepresentation that was “deceptive” within the ordinary meaning of Section 10(b). The District Court may, in its informed discretion, enter a new order on the basis of the existing record or reopen the preliminary injunction hearing to consider such additional testimony regarding the nature of the hacking in this particular case as it deems appropriate in the circumstances.
For the foregoing reasons, the District Court’s January 8, 2008 order denying the SEC’s motion for a preliminary injunction is VACATED. The cause is REMANDED for further proceedings consistent with this opinion.
It shall be unlawful for any person, directly or indirectly . . .
(a) To employ any device, scheme, or artifice to defraud,
(b) To make any untrue statement of a material fact or to omit to state a material fact necessary in order to make the statements made, in the light of the circumstances under which they were made, not misleading, or
(c) To engage in any act, practice, or course of business which operates or would operate as a fraud or deceit upon any person,
in connection with the purchase or sale of any security.
17 C.F.R. § 240.10b-5.
(Blackmun, X, dissenting) (“I do not agree that a failure to disclose violates . . . Rule [10b-5] only when the responsibilities of a [fiduciary] relationship . . . have been breached.” (emphasis added)).