Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That is an explicit conclusion of Dirks (at 662): "Absent some personal gain, there has been no breach of duty to stockholders."


Thank you for pointing this out.

I think the argument leading up to that conclusion is also interesting:

"Whether disclosure is a breach of duty therefore depends in large part on the purpose of the disclosure. This standard was identified by the SEC itself in Cady, Roberts: a purpose of the securities laws was to eliminate 'use of inside information for personal advantage.' 40 S.E. C., at 912, n. 15. See n. 10, supra. Thus, the test is whether the insider personally will benefit, directly or indirectly, from his disclosure. Absent some personal gain, there has been no breach of duty to stockholders." [1] (My emphasis.)

Surely the 'thus' is unjustified here, given that the quote from the SEC is a purpose of the laws, not the purpose; some other purpose of the law might establish additional tests for a breach of duty. Furthermore, the quote from the SEC does not limit the purpose of the law to situations where the leaker is the beneficiary, yet that is claimed to be part of the conclusion that follows from it.

For completeness, I will point out that the next sentence says "And absent a breach by the insider, there is no derivative breach." This cannot be used to establish that no breach has occurred, because it is predicated on that assumption.

[1] https://casetext.com/case/dirks-v-securities-and-exchange-co...


I'm not sure what to make of that out of context. Is it saying that if I, as a corporate officer, copy some sensitive information onto an unencrypted USB drive, in direct violation of explicit company policy, and accidentally drop it someplace, and someone picks it up and trades on the information, I have not committed a breach of duty? That would strike me as a counterintuitive conclusion.


I guess I should provide a fuller quote for context: "Whether disclosure is a breach of duty therefore depends in large part on the purpose of the disclosure. This standard was identified by the SEC itself in Cady, Roberts: a purpose of the securities laws was to eliminate 'use of inside information for personal advantage.' 40 S.E. C., at 912, n. 15. See n. 10, supra. Thus, the test is whether the insider personally will benefit, directly or indirectly, from his disclosure. Absent some personal gain, there has been no breach of duty to stockholders. And absent a breach by the insider, there is no derivative breach."

There is a fiduciary duty of care, though that has mostly to with care in the execution of corporate policies and transactions. I do not know how that has been interpreted in the context of information security.

The reasoning of Dirks seems to be that the relevant duty is the duty of loyalty, because the purpose of the law is to eliminate the "use of insider information for personal gain." So while copying sensitive information into a USB may breach one's duty of care, it's not a breach of the duty of loyalty and not within the scope of the law.


This is a massive loophole that has been exploited for decades.

Here's how it plays out, from board rooms to halls of Congress: I breach my loyalty so that you make $1million profit. Your spouse buys my child a $50K car as a birthday present.

In the cloudy eyes of the law, I received no benefit from giving you the tip.


Indeed. Dirks v. SEC touches on loophole-creation in at least one place:

"The SEC argues that, if inside-trading liability does not exist when the information is transmitted for a proper purpose but is used for trading, it would be a rare situation when the parties could not fabricate some ostensibly legitimate business justification for transmitting the information. We think the SEC is unduly concerned."

The last sentence is not immediately followed by any argument in support, so at this point I have no idea why the majority would dismiss the SEC's concern, which looks plausible to me. Perhaps they think it is not a relevant concern, but if so, why not say so? Irrelevance would seem to offer a stronger counter-argument than a disagreement over the magnitude of an effect. Perhaps they are uninterested in considering this issue because they have already decided the case on what they think are logical grounds.


I see. So one might get fired, and maybe even sued, but it's not a matter for the SEC.


That is true, but it still seems to not follow. I could "breach my duty" to shareholders simply by being negligent.


"Duty" in this context refers to corporate fiduciary duties. There is a "duty of care" but mere negligence (and usually even gross negligence, without something more) does not violate that duty. The conclusion of the Supreme Court in Dirks is that information is leaked in violation of some duty if and only if it has been leaked for personal gain.

Newman follows from that assumption: breach of duty requires personal gain, so you cannot know duty has been breached unless you know there was personal gain. If you don't know there was personal gain, you can't tell simple negligent disclosure apart from breach of duty. And if you don't know about the violation of the duty, you can't be held liable for violating it derivatively as a tipee.


Yes, the author seems to assume that:

    proof_of_breach <-> proof_of_benefit
You are arguing that it could be the case that:

    proof_of_negligence -> proof_of_breach
    proof_of_negligence -> (proof_of_benefit v ~proof_of_benefit)
in which case there could be a contradiction.

However, there is probably an argument that:

    proof_of_negligence -> (proof_of_benefit v ~proof_of_benefit)
is wrong and that there actually is a rule:

    proof_of_breach -> proof_of_benefit

For example, if someone is negligent, we already know they received a personal benefit (eg. reduced cognitive load, received compensation for work not performed, etc.).

To show a logical incorrectness, you need to show an `x` where:

    proof_of_x -> (proof_of_breach ^ ~proof_of_benefit) v (~proof_of_breach ^ proof_of_benefit)


What are you trying to say here?

    proof_of_negligence -> (proof_of_benefit v ~proof_of_benefit)
easily simplifies to

    true
and therefore doesn't need a case to be made for it. It's always true.


I guess it should be an Exclusive OR, although I'm not sure that is allowed in propositional logic.

The argument made was that negligence could occur without benefit (ie. proof_of_negligence does not imply either proof_of_benefit or ~proof_of_benefit).

My argument is that `proof_of_benefit -> proof_of_negligence` and that `proof_of_negligence -> (proof_of_benefit v ~proof_of_benefit)` (or otherwise) is nonsense.


Surely, if there is no benefit, then ~proof_of_benefit obtains? Are you advocating against the law of the excluded middle? How could there be proof of a benefit if there was no benefit?

Exclusive or, being a logical relationship, is allowed in propositional logic. It is traditionally indicated, in mathy areas, by the symbol ⊕, but you can just compose it from the standard and, or, and not operations.

And (proof_of_benefit ⊕ ¬proof_of_benefit) still simplifies to true, unless you're a hardcore constructivist.


It seems that that would trigger a different set of problems - confidentiality issues, rather than conflict of interest. So yes, still bad, but a different rule-set, perhaps?


Is this because of the "trading" element? Otherwise it would be divulging company secrets?




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: