SEC’s Orwellian Surveillance on Trial in a Texas Courtroom

​Supreme Court Justice Oliver Wendell Holmes observed that anyone “who respects the spirit as well as the letter of the Fourth Amendment would be loath to believe that Congress intended to authorize one of its subordinate agencies to sweep all our traditions into the fire to direct fishing expeditions into private papers on the possibility that they may disclose evidence of crime.”
 
A century after Justice Holmes delivered that warning, the U.S. Securities and Exchange Commission is doing just that. This agency is methodically sweeping all our traditions into the fire to direct fishing expeditions that treat every investor as a criminal suspect. The good news is that the constitutionality of the SEC’s program is on trial in a case now before a federal judge in Waco, Texas.
 
Here’s the background: Historically, when the SEC has suspected someone of insider trading, it had to issue an investigative subpoena. Then in 2010, the market suffered the “flash crash” – a trillion-dollar decline caused by technical glitches that lasted for 36 minutes. The SEC responded to this technical glitch by proposing Rule 613, which established the Consolidated Audit Trail (CAT), a database that collects not just investors’ trades, but also their privately identifiable information. This “solution” had nothing to do with the crash, but it perfectly illustrates former Chicago Mayor Rahm Emmanuel’s dictum that “you never want a serious crisis to go to waste.”
 
Rule 613 requires self-regulatory organizations, like private stock exchanges, to collect every detail about trades in securities on a U.S. exchange. It also includes confidential data on more than 100 million private investors, making it the largest database outside of the National Security Agency. This database includes investors’ names, dates of birth, taxpayer identification numbers, Social Security numbers, and more.
 
Now two Texas investors, in affiliation with the National Center for Public Policy Research, are suing the SEC for this massive violation of privacy. Their lawsuit, represented by the New Civil Liberties Alliance, could be required reading for law students seeking to understand the application of our constitutional rights, beginning with the Fourth Amendment. This lawsuit makes the case:
 

• The CAT database violates the Fourth Amendment: “Knowing all too well how such seizure of papers imperiled their own liberty, the Framers would scarcely believe the unbridled power SEC seeks to exert through the CAT,” the lawsuit declares. “By seizing innocent Americans’ private financial information and storing it in a giant database that allows broad access by government and non-governmental entities persons or entities, SEC – a mere administrative agency – has conjured into being exactly what the Constitution was written to prevent.”

 

• The SEC usurps the role of Congress: The project is funded by the SEC’s multi-billion-dollar compelled extraction of funds from private-sector, self-regulatory organizations, like stock markets, in defiance of the Constitution that vests the power to raise funds and to tax only in the Congress.

 

• The CAT database is a security nightmare: If the CAT database were compromised by hackers or a hostile state actor like China, it would provide all the information necessary to disrupt the U.S. economy, or strip bare the assets of a targeted investor. The history of the SEC’s data management hardly instills confidence. For example, earlier this year, a hacker worked through a staffer’s cellphone to post a fake message on the SEC’s X account announcement approval for a spot-Bitcoin exchange traded fund. Bitcoin’s price spiked and fell after the SEC deleted the false tweet. Many investors suffered huge losses. For hackers and hostile states, placing all personally identifiable information and equity transactions in one place creates a tempting honeypot.

 

• The CAT database is also a privacy nightmare: The information on investors will be available to 3,000 people, from SEC staff to staffers at more than a dozen equity exchanges and trading venues.

 
The lawsuit makes a convincing case that the U.S. Supreme Court’s 2018 Carpenter decision – which held that the government violates the Fourth Amendment whenever it seeks a suspect’s cellphone location history without a warrant – should make this case against CAT a slam-dunk. After all, the plaintiffs assert that unlike the issue in Carpenter, “with Rule 613 SEC does not need an investigative predicate, much less a court order, to obtain and analyze private information, nor is the information limited to any particular person or time frame.”
 
Even if a federal judge declares CAT to be unconstitutional, however, it will only strike down one of many intrusive violations of Americans’ financial privacy by federal agencies. These include a new requirement of all business owners to file “beneficial ownership” forms, for which any American business owner can face two years in prison for a clerical mistake, and the U.S. Treasury’s Financial Crimes Enforcement Networks snooping into Americans’ financial transactions with the coerced cooperation of 650 private financial institutions.  
 
Once the election is over, Congress should pass the “Protecting Investors' Personally Identifiable Information Act,” introduced by Sen. John Kennedy, (R-LA), and Rep. Barry Loudermilk, (R-Ga.), which would allow the SEC to obtain personally identifiable information only by requesting it on a case-by-case basis. 
 
As the risks of the SEC’s reckless program become clearer, more Members of Congress should embrace another Holmes dictum: “State interference is an evil, where it cannot be shown to be a good.”