This CAT is a Dangerous Dog
Imagine that every time you went to the grocery store, convenience store, bookstore, or hardware store, those stores — under government orders — sent a complete, itemized list of what you bought and when you bought it to the government and organizations working on its behalf that could challenge you to explain any purchase that catches their interest. Or imagine that the manufacturer of your car, at the behest of the government, set up a direct feed from your car’s GPS so the government could interrogate you about any of your travels.
Just that sort of Big Brother scenario is on its way to your local broker courtesy of my agency, the Securities and Exchange Commission (“SEC”). The federal government is forcing every broker in the United States to turn over every investor’s trades from start to finish to a database that the SEC and private regulators will be able to mine for data and analyze. Your broker cannot opt out, and neither can you, unless you stop trading in U.S. markets. People working for over a dozen different organizations in the public and private sector will have access to the data, and there are few concrete parameters on how they can use it.
As with most similar efforts, this massive government surveillance program initially was born out of the SEC’s understandable interest in analyzing periods of market turbulence, such as the so-called Flash Crash of 2010. Its purpose and rationale, however, have morphed over time, and now its primary justification seems to be that we need to see all trading real time for enforcement purposes. Never mind that our enforcement division already is very successful at locating and bringing to justice wrongdoers in our markets and that the SEC already has sufficient tools to get the information it needs to pursue credible leads about market misconduct and to do so quickly. The effectiveness of these existing tools turns on brokers quickly and accurately getting us the data we request in our investigations. If brokers are not cooperating, we should punish their noncompliance, not set up a mass retail investor surveillance program.
Some people may not be bothered. “I’m not doing anything wrong, so why should I care?,” is the all too common response to intrusive government surveillance. Government, however, has the unique power to decree what is wrong, and the government, or one of the exchanges that has a right to look through the data, can make you explain your actions, potentially at great expense to you, even if you know you did nothing wrong. Even if these fears fail to materialize in the near term, a program that offers the government such an unfettered view into its citizens’ lives sets the stage for abuse in the future.
We would not tolerate car makers installing trackers on our cars so the police can record every errand we run and every commute we make on the off chance that they will catch us rolling through a neighborhood stop sign. Nor should we tolerate the government forcing our brokers to send regulators a record of everything all of us do in the financial markets. The plain cost to liberty and privacy is not worth the purported benefit. After all, tracking our trading behavior won’t stop bad events from happening in the markets, it will just make it a bit easier to understand what happened after the fact.
Demanding to see every order and trade is tempting, particularly now that we have the technology to analyze lots of data fast. The comprehensive database required to satisfy the government’s demand also will be tempting for cybercriminals, who have the same technology. Every trade from every account at every broker for every retail investor in the U.S. recorded in a single place — the risks to the American investor are staggering. A more limited version of the program that looked only at the trades of large institutional investors would be almost as useful for reconstructing market events and would not violate the privacy interests of specific individuals. The risk that a bus driver placing a trade for her daughter’s college fund will cause market turbulence is outweighed by the invasion of privacy and the attendant risk that cybercriminals will deplete the college education fund.
The current SEC chairman, Jay Clayton, inherited this project from his predecessors. He is doing his best to ensure that the reams of data collected are safe from cybercriminals. If nothing changes, however, the information sucked up by this new tracking effort will be so vast and so attractive to hackers that it will be hard to protect
The Consolidated Audit Trail, known by its pet name CAT, is clawing its way to completion. Difficult technological and administrative issues and a series of fumbles by the firms the SEC directed to implement the project have delayed the project, which dates back to 2012. Implementation is now on course to begin soon, but it is not too late to change course.
Just as we have a right to move about the roads freely without government officials tracking us, we have a right to buy and sell stocks in our market’s channels without regulators watching our every move.
Hester Peirce is a Commissioner at the Securities and Exchange Commission. The views she represents are her own and do not necessarily reflect the views of the Commission or her fellow Commissioners.