In our last piece on the CFTC’s proposed rules on automated trading, we explained why the Commission should focus only on risk controls in its first rulemaking on this topic.
However, while we strongly urge the CFTC to set aside the policies and procedures section for now, we’re also enumerating the problems that would arise should they choose to move forward with it, particularly with their proposal for unprecedented access to algorithmic source code.
The rule, as written, would allow any representative of the CFTC or the Department of Justice to access a firm’s source code upon request. Note that this does not mean that regulators can only access the code AFTER a market disruption or some evidence of wrongdoing — this allows regulators to access source code at any time without a subpoena or any formal process of law.
This is unacceptable government overreach. Source code is the result of careful planning, risk-analysis, decision making and technological investment. It can be thought of, in some sense, as a codified business plan: it contains a firm’s strategy and instructions for how to trade given any number of variables. It is the lifeblood of many firms’ commercial success. Importantly, it does not just contain information on how a firm may have traded in the past — it details how the firm will trade in the future.
Currently, proprietary information of this sort is made available to the government only via subpoena, subject to procedural safeguards, after a formal legal process determines there is due cause. Even then, there are strict controls in place to protect the information against disclosure and misappropriation. This process allows the courts to determine if the burden and risk of disclosing proprietary information is merited.
The CFTC’s proposed rule on source code access is a dramatic departure from this legal tradition. In fact, it may be in conflict with the protections afforded by the 4th Amendment against illegal search and seizures. Given the irreparable harm that could result to a source code owner, we see no compelling reason why the CFTC, or any other government agency, should be able to access highly confidential intellectual property without making a reasonable showing of cause and obtaining a subpoena.
Consider this: government inspectors ensure food safety by conducting routine inspections to evaluate whether a facility has the proper risk controls in place to prevent foodborne illnesses. They can inspect the production process, handling methods, storage conditions, and even collect samples. But they don’t get to access the secret recipe that distinguishes one product from its competitors.[i]
The issue of source code access has drawn a good deal of questions and criticism, even from members of the Commission. We’re hopeful the Commission will listen to these concerns and address them when it finalizes rules on policies and procedures. Of course, we’re also hopeful that the Commission will set aside all questions of policies and procedures for now and focus on risk controls.
It’s critical that we keep the big picture in mind, and work together to ensure a smart approach to mitigating risk while allowing our markets to continue to grow and improve. The best way to do that is to start by solely addressing risk controls.
[i] The Food and Drug Administration (FDA) is careful to respect trade secrets, with guidance saying that, “data relating to manufacturing methods and processes, which is the direct result of innovative efforts, deserves protection because keeping trade secret information confidential maintains investment in new product development and thus is important to fostering innovation,” (emphasis added).