Shorting based on info a worm sent you

Dan, of Dan’s Data, has a rather interesting little anecdote embedded in a much longer piece about malware, past and present:

(To be clear: Sircam is a worm that spreads by embedding itself in arbitrary files on the infected computer’s hard drive and then emailing the result to a new victim. It’s obviously possible to strip out the worm and read the file it used.)

I’m a sucker for the murky concepts of responsibility and intent when a complex system misfires. Is there anything on the books about acting on information you shouldn’t have that you got by accident? Can you forge a usable defense out of someone else’s horrible computer security practices? I don’t suppose there’s anything especially clear in precedent or law in this area yet.

So nobody’s willing to take a stab at this? I guess Dan was right about that ‘test case’ thing. :slight_smile:

This would explain the mandatory footer on corporate emails (“this may contain privileged, proprietary or otherwise private information”). Having said that in the email, or in a header at the top of the code for an application, or on the document info screen in the word document, absolves the company from a certain amount of liability and shoves it off onto anybody who uses the information in an inappropriate manner.

Not being guilty of insider trading because the information came from stolen data is like not being guilty of taking illegal drugs because they were in a purse you stole.

My (non-lawyer) guess is that some court somewhere would find that a reasonable person would assume that the information was not public and should not be used as a basis for trading.

Are those header/footers legally binding for an email you did not solicit and never agreed to?

If I understand worms correctly, it would be more analogous to not being guilty of possessing illegal drugs when a thief stole somebody’s purse and threw it in your backyard.

What if we remove the worm from the equation? How about I’m sitting on a bus, minding my own business, and I overhear someone on their cellphone, talking about a company about to go into receivership. I get off the bus, call my stockbroker and short the stock. Is it insider trading? In both cases I’ve received information that I made no effort to find. It was dropped on me, and I just acted on it.

The short answer is that you need a fiduciary duty to the information or not have misappropriated it in some manner, and that you are not found to be an insider.

And Dan, as a complete outsider who got the information by accident, would have no duty to it, fiduciary or otherwise, and did not misappropriate it (the person who wrote the worm did*). So, does his lack of duty help him or hurt him if he shorts the stock?

*(I’m basing this on the fact a felon is responsible for anything that happens as a direct result of his felony so, for example, a burglar is guilty of homicide if a homeowner has a heart attack by being surprised by the invasion.)

Though IAL, this is not legal advice, standard disclaimers apply:

Generally, no. The further removed from the source of information, or the less the connection between the source and the inside trader, then the less likelihood that the government will prosecute. It happens, though. One of the cases I read was about some guy attending a charity event and the CEO spouted about some big acquisition that didn’t happen yet. So, this guy overhearing it bought a ton of shares, enough for the SEC to notice. After an extensive investigation (I assume which was very far from pleasant), he was able to keep his money.

Non theory, though, overall, I’m sure the prosecutor in any case will look to see what a reasonable, prudent person would have done with the information. There’s a difference between going on sharebuilder and putting $200 for the next scheduled trade, and to go about mortgaging the house, emptying the 529 accounts and raiding the 401(k)s and IRAs for a short time gamble.

What mazinger_z said. The Supreme Court has said that the mere possession of non-public information does not require the holder to abstain from trading on it.

See Dirks v. SEC, (insider must personally benefit from disclosure)


United States v. O’Hagan:

While one can negligently breach a fiduciary duty, apparently the sorts of breach that trigger insider trading liablity involve more purposeful conduct than failure to prevent computer intrustions.

Fascinating. I suspected it would go something like that, but it’s always intersting to know more.

I’m a brokerage principal.

NO, you can not trade on non-public information regardless of how you got it. Both you and the person who let the information out can be held responsible.


It does not mean you will be prosecuted. But, there is a chance.

I think there is a bunch of precedent. The only case I remember (and whose name I don’t remember) involved the girl friend of a guy who heard his father, who was a principal in some company, talking on the phone at home, and gave the info to his girl friend. IIRC (and this was in the mid-80s) she didn’t get into any trouble because she was too many steps away from the principal.

This may be one of the cases somebody else has cited. Of course if you take this to the broker and say where you got it, the broker’s ethics will put a stop to your trading. Or should.