No. 21-____
`
`IN THE
`Supreme Court of the United States
`_________
`IN RE ALPHABET INC. SECURITIES LITIGATION
`ALPHABET INC., LAWRENCE E. PAGE, SUNDAR PICHAI,
`GOOGLE LLC, KEITH P. ENRIGHT, AND JOHN KENT
`WALKER, JR.,
`Petitioners,
`
`v.
`STATE OF RHODE ISLAND, OFFICE OF THE RHODE
`ISLAND TREASURER ON BEHALF OF THE EMPLOYEES’
`RETIREMENT SYSTEM OF RHODE ISLAND; LEAD
`PLAINTIFF, INDIVIDUALLY AND ON BEHALF OF ALL
`OTHERS SIMILARLY SITUATED,
`Respondent.
`_________
`On Petition for a Writ of Certiorari to the
` United States Court of Appeals
`for the Ninth Circuit
`_________
`PETITION FOR A WRIT OF CERTIORARI
`_________
`
`IGNACIO E. SALCEDA
`BENJAMIN M. CROSSON
`BETTY CHANG ROWE
`STEPHEN B. STRAIN
`WILSON SONSINI GOODRICH
`& ROSATI
`650 Page Mill Road
`Palo Alto, CA 94304
`
`CATHERINE E. STETSON
` Counsel of Record
`NEAL KUMAR KATYAL
`HOGAN LOVELLS US LLP
`555 Thirteenth Street, N.W.
`Washington, D.C. 20004
`(202) 637-5600
`cate.stetson@hoganlovells.com
`
`Counsel for Petitioners
`
`Additional counsel listed on inside cover
`
`
`
`IN THE
`Supreme Court of the United States
`_________
`IN RE ALPHABET INC. SECURITIES LITIGATION
`ALPHABET INC., LAWRENCE E. PAGE, SUNDAR PICHAI,
`GOOGLE LLC, KEITH P. ENRIGHT, AND JOHN KENT
`WALKER, JR.,
`Petitioners,
`
`v.
`STATE OF RHODE ISLAND, OFFICE OF THE RHODE
`ISLAND TREASURER ON BEHALF OF THE EMPLOYEES’
`RETIREMENT SYSTEM OF RHODE ISLAND; LEAD
`PLAINTIFF, INDIVIDUALLY AND ON BEHALF OF ALL
`OTHERS SIMILARLY SITUATED,
`Respondent.
`_________
`On Petition for a Writ of Certiorari to the
` United States Court of Appeals
`for the Ninth Circuit
`_________
`PETITION FOR A WRIT OF CERTIORARI
`_________
`
`IGNACIO E. SALCEDA
`BENJAMIN M. CROSSON
`BETTY CHANG ROWE
`STEPHEN B. STRAIN
`WILSON SONSINI GOODRICH
`& ROSATI
`650 Page Mill Road
`Palo Alto, CA 94304
`
`CATHERINE E. STETSON
` Counsel of Record
`NEAL KUMAR KATYAL
`HOGAN LOVELLS US LLP
`555 Thirteenth Street, N.W.
`Washington, D.C. 20004
`(202) 637-5600
`cate.stetson@hoganlovells.com
`
`Counsel for Petitioners
`
`Additional counsel listed on inside cover
`
`
`
`KATHERINE B. WELLINGTON
`DANIELLE DESAULNIERS STEMPEL
`MICHAEL J. WEST
`HOGAN LOVELLS US LLP
`555 Thirteenth Street, N.W.
`Washington, D.C. 20004
`Counsel for Petitioners
`
`
`
`QUESTION PRESENTED
`Securities and Exchange Commission regulations
`require companies to disclose in their annual and
`quarterly filings “risk factors” that may affect their
`business. There is a six-circuit split over whether
`those “risk factors” should be forward-looking only, or
`also must include past information.
`The question presented is whether the “risk factors”
`disclosed in a securities filing must disclose only fu-
`ture risks or must also disclose whether a risk has
`come to fruition in the past.
`
`(i)
`
`
`
`ii
`PARTIES TO THE PROCEEDING
`Alphabet Inc., Lawrence E. Page, Sundar Pichai,
`Google LLC, Keith P. Enright, and John Kent Walker,
`Jr., petitioners on review, were the appellees below.
`State of Rhode Island, Office of the Rhode Island
`Treasurer on behalf of the Employees’ Retirement
`System of Rhode Island; Lead Plaintiff, Individually
`and on Behalf of All Others Similarly Situated, re-
`spondent on review, was the appellant below.
`
`
`
`iii
`RELATED PROCEEDINGS
`All proceedings directly related to this petition in-
`clude:
`● In re Alphabet, Inc. Securities Litigation, No. 20-
`15638 (9th Cir. June 16, 2021)
`● In re Alphabet, Inc. Securities Litigation, No.
`4:18-cv-06245-JSW (N.D. Cal. Feb. 5, 2020)
`
`
`
`iv
`TABLE OF CONTENTS
`
`Page
`QUESTION PRESENTED.......................................... i
`PARTIES TO THE PROCEEDING ........................... ii
`RELATED PROCEEDINGS ..................................... iii
`TABLE OF AUTHORITIES ...................................... vi
`OPINIONS BELOW ................................................... 2
`JURISDICTION ......................................................... 2
`STATUTE AND RULES INVOLVED ....................... 2
`INTRODUCTION ....................................................... 4
`STATEMENT ............................................................. 7
`A. Factual Background ................................ 7
`B. Procedural History ................................ 11
`REASONS FOR GRANTING THE PETI-
`TION .................................................................... 15
`THERE
`IS A CIRCUIT SPLIT
`AMONG SIX COURTS OF APPEALS ......... 15
`II. THE DECISION BELOW IS WRONG ......... 21
`III. THIS CASE IS A CLEAN VEHICLE
`TO ADDRESS AN
`IMPORTANT
`QUESTION .................................................... 29
`CONCLUSION ......................................................... 37
`APPENDIX
`APPENDIX A—Ninth Circuit’s Opinion
`(June 16, 2021) ................................................. 1a
`APPENDIX B—District Court’s Order Grant-
`ing Motion to Dismiss (Feb. 5, 2020) ............. 38a
`
`I.
`
`
`
`v
`TABLE OF CONTENTS—Continued
`
`Page
`
`APPENDIX C—Ninth Circuit’s Order Grant-
`ing Defendants’ Motion to Stay the Man-
`date (Aug. 6, 2021) ......................................... 50a
`APPENDIX D—Ninth Circuit’s Order Deny-
`ing Appellees’ Petition for Rehearing
`(July 23, 2021) ................................................ 52a
`APPENDIX E—Alphabet Inc.’s Form 10-K for
`the year ending Dec. 31, 2017 (Ex-
`cerpted) ........................................................... 54a
`
`
`
`vi
`TABLE OF AUTHORITIES
`
`Page(s)
`
`CASES:
`Basic Inc. v. Levinson,
`485 U.S. 224 (1988) ...................................... passim
`Berson v. Applied Signal Tech., Inc.,
`527 F.3d 982 (9th Cir. 2008) ......................... 14, 21
`Bondali v. Yum! Brands, Inc.,
`620 F. App’x 483 (6th Cir. 2015).................. passim
`Brody v. Transitional Hosps. Corp.,
`280 F.3d 997 (9th Cir. 2002) ............................... 23
`Dice v. ChannelAdvisor Corp.,
`671 F. App’x 111 (4th Cir. 2016)................5, 15, 17
` Greenhouse v. MCG Cap. Corp.,
`392 F.3d 650 (4th Cir. 2004) ............................... 25
`Hill v. Gonzani,
`638 F.3d 40 (1st Cir. 2011) ................................. 19
`In re ChannelAdvisor Corp. Sec. Litig.,
`No. 5:15-CV-00307-F, 2016 WL 1381772
`(E.D.N.C. Apr. 6, 2016) ................................... 5, 17
`In re Facebook, Inc. IPO Sec. & Derivative
`Litig.,
`986 F. Supp. 2d 487 (S.D.N.Y. 2013) ........ 6, 16, 20
`In re Harman Int’l Indus., Inc. Sec. Litig.,
`791 F.3d 90 (D.C. Cir. 2015) ........................ passim
`In re Heartland Payment Sys., Inc. Sec.
`Litig.,
`Civ. No. 09-1043, 2009 WL 4798148
`(D.N.J. Dec. 7, 2009) ........................................... 26
`
`
`
`vii
`TABLE OF AUTHORITIES—Continued
`Page(s)
`
`In re Marriott Int’l, Inc., Customer Data Sec.
`Breach Litig.,
`MDL No. 19-MD-2879, 2021 WL 2407518
`(D. Md. June 11, 2021) ........................................ 17
`Indiana Pub. Ret. Sys. v. Pluralsight, Inc.,
`No. 1:19-CV-00128-JNP-DBP, 2021 WL
`1222290 (D. Utah Mar. 31, 2021) ................. 15, 17
`Karth v. Keryx Biopharmaceuticals, Inc.,
`6 F.4th 123 (1st Cir. 2021) ........................... passim
`Matrixx Initiatives, Inc. v. Siracusano,
`563 U.S. 27 (2011) ............................................... 22
`Merrill Lynch, Pierce, Fenner & Smith Inc. v.
`Dabit,
`547 U.S. 71 (2006) .............................................. 33
`Stoneridge Inv. Partners, LLC v. Scientific-
`Atlanta, Inc.,
`552 U.S. 148 (2008) ............................................. 12
`TSC Indus., Inc. v. Northway, Inc.,
`426 U.S. 438 (1976) ................................... 6, 29, 34
`Tutor Perini Corp. v. Banc of Am. Sec. LLC,
`842 F.3d 71 (1st Cir. 2016) ................................. 19
`Whirlpool Fin. Corp. v. GN Holdings, Inc.,
`67 F.3d 605 (7th Cir. 1995) ................................ 25
`Williams v. Globus Med., Inc.,
`869 F.3d 235 (3d Cir. 2017) ......................... passim
`STATUTES:
`15 U.S.C. § 78aa(a) ................................................... 36
`15 U.S.C. § 78j(b) .................................................. 2, 12
`15 U.S.C. § 78m .......................................................... 9
`
`
`
`viii
`TABLE OF AUTHORITIES—Continued
`Page(s)
`15 U.S.C. § 78t(a) ..................................................... 13
`15 U.S.C. § 78u-5 ...................................................... 33
`15 U.S.C. § 78u-5(c)(1)(A)(i) ..................................... 34
`28 U.S.C. § 1254(1) ..................................................... 2
`Private Securities Litigation Reform Act of
`1995, Pub. L. No. 104-67, 109 Stat. 737 ............. 33
`Securities Exchange Act of 1934, Pub. L. No.
`73-291, § 10(b), 48 Stat. 881, 891 (codified
`at 15 U.S.C. § 78j(b)) ........................................... 22
`REGULATIONS:
`17 C.F.R. § 229.101 (2020) ....................................... 23
`17 C.F.R. § 229.102 (2020) ....................................... 23
`17 C.F.R. § 229.103(a) (2020) ................................... 23
`17 C.F.R. § 229.105 .................................................. 10
`17 C.F.R. § 229.503(c) (2017) ..........................3, 10, 24
`17 C.F.R. § 240.10b-5 ........................................... 3, 12
`17 C.F.R. § 240.10b-5(b) ..................................... 12, 22
`17 C.F.R. § 249.308a .................................................. 9
`17 C.F.R. § 249.310 .................................................... 9
`FAST Act Modernization and Simplification
`of Regulation S–K,
`84 Fed. Reg. 12,674 (Apr. 2, 2019) ..................... 10
`Modernization of Regulation S–K Items 101,
`103, and 105,
`85 Fed. Reg. 63,726 (Oct. 8, 2020)
`(codified at 17 C.F.R. § 229.105) ......................... 10
`
`
`
`ix
`TABLE OF AUTHORITIES—Continued
`Page(s)
`
`Securities Offering Reform,
`70 Fed. Reg. 44,722 (Aug. 3, 2005) .............. passim
`LEGISLATIVE MATERIALS:
`H.R. Rep. No. 104-369 (1995) (Conf. Rep.) .............. 33
`OTHER AUTHORITIES:
`1 Real Estate Transactions: Structure and Anal-
`ysis with Forms § 10:2 (Sept. 2021 update) ....... 24
`2 Bromberg & Lowenfels on Securities Fraud
`§ 5:281 (2d ed. Apr. 2021 update) ...................... 25
`2 Publicly Traded Corporations Handbook (2021)
`§ 12:13.................................................................. 27
`§ 12:41.................................................................. 23
`Scott Christiansen & Mayana Pereira, Se-
`cure the Software Development Lifecycle
`with Machine Learning, Microsoft (Apr.
`16, 2020), https://bit.ly/303RcSm ...................... 31
`Division of Corp. Finance: Updated Staff Le-
`gal Bulletin No. 7: “Plain English Disclo-
`sure,” U.S. Sec. & Exch. Comm’n (June 7,
`1999), https://bit.ly/3iyfZV7 ................................ 28
`Lindsay Farmer, Time and Space in
`Criminal Law,
`13 New Crim. L. Rev. 333 (2010) ...................... 24
`Fiscal Year 2021 Update: Long Range Plan
`for Information Technology in the Federal
`Judiciary, Jud. Conf. of the U.S. (Sept.
`2020) .................................................................... 32
`
`
`
`x
`TABLE OF AUTHORITIES—Continued
`Page(s)
`
`Form 10-K Annual Report Pursuant to Sec-
`tion 13 or 15(d) of the Securities Ex-
`change Act of 1934 General Instructions,
`U.S. Sec. & Exch. Comm’n, available at
`https://bit.ly/3A8CCFE (last visited Oct.
`21, 2021) .............................................................. 10
`Form 10-Q General Instructions, U.S. Sec. &
`Exch. Comm’n, https://bit.ly/3DbcJa5
`(last visited Oct. 21, 2021) .................................. 11
`Steve C. Gold, When Certainty Dissolves into
`Probability: A Legal Vision of Toxic Cau-
`sation for the Post-Genomic Era,
`70 Wash. & Lee L. Rev. 237 (2013) ................... 24
`Steve W. Klemash et al., What Companies
`Are Disclosing About Cybersecurity Risk
`and Oversight, Harv. L. Sch. Forum on
`Corp. Governance (Aug. 25, 2020),
`https://bit.ly/3F75WA7 ........................................ 31
`Litigating Business and Commercial Tort
`Cases § 6:7 (Aug. 2021 update) .......................... 23
`Douglas MacMillan & Robert McMillan,
`Google Exposed User Data, Feared Reper-
`cussions of Disclosing to Public, Wall St.
`J. (Oct. 8, 2008),
`https://on.wsj.com/3Fn3Qwb................................. 9
`Steve Morgan, Global Ransomware Damage
`Costs Predicted To Reach $20 Billion
`(USD) By 2021, Cybercrime Mag. (Oct.
`21, 2019), https://bit.ly/3v0HH1R ....................... 31
`
`
`
`xi
`TABLE OF AUTHORITIES—Continued
`Page(s)
`
`N.V., Tech.View: Cars and software bugs,
`The Economist (May 16, 2010),
`https://econ.st/3Dz3TDk .................................... 32
`James J. Park, Assessing the Materiality of
`Financial Misstatements,
`34 J. Corp. L. 513 (2009) ..................................... 34
`Risk, American Heritage College Dictionary
`(3d ed. 2000) ........................................................ 24
`Risk, Oxford English Dictionary,
`https://bit.ly/3BYZ3Pr (last visited Oct.
`21, 2021) .............................................................. 24
`Risk, Webster’s New World Dictionary (3d
`ed. 1988) .............................................................. 24
`Risk, Webster’s Third New International
`Dictionary (1986) .......................................... 16, 24
`Lyle Roberts, Learning the Alphabet, The
`10b-5 Daily (Aug. 5, 2021, 5:30 PM),
`https://bit.ly/3DcGYgS .................................. 30, 36
`Amanda M. Rose, The “Reasonable Investor”
`of Federal Securities Law: Insights from
`Tort Law’s “Reasonable Person” & Sug-
`gested Reforms, 43 J. Corp. L. 77 (2017) ............ 35
`Ben Smith, Project Strobe: Protecting your
`data, improving our third-party APIs,
`and sunsetting consumer Google+, Google:
`The Keyword (Oct. 8, 2018),
`https://bit.ly/3AdW6Zw ............................... 8, 9, 26
`
`
`
`IN THE
`Supreme Court of the United States
`_________
`No. 21-
`_________
`
`IN RE ALPHABET INC. SECURITIES LITIGATION
`ALPHABET INC., LAWRENCE E. PAGE, SUNDAR PICHAI,
`GOOGLE LLC, KEITH P. ENRIGHT, AND JOHN KENT
`WALKER, JR.,
`Petitioners,
`
`v.
`
`STATE OF RHODE ISLAND, OFFICE OF THE RHODE
`ISLAND TREASURER ON BEHALF OF THE EMPLOYEES’
`RETIREMENT SYSTEM OF RHODE ISLAND; LEAD
`PLAINTIFF, INDIVIDUALLY AND ON BEHALF OF ALL
`OTHERS SIMILARLY SITUATED,
`Respondent.
`_________
`On Petition for a Writ of Certiorari to the
` United States Court of Appeals
`for the Ninth Circuit
`_________
`
`PETITION FOR A WRIT OF CERTIORARI
`_________
`Alphabet Inc., Lawrence E. Page, Sundar Pichai,
`Google LLC, Keith P. Enright, and John Kent Walker,
`Jr., (collectively, “Alphabet”) respectfully petition for
`a writ of certiorari to review the judgment of the Ninth
`Circuit in this case.
`
`(1)
`
`
`
`2
`OPINIONS BELOW
`The Ninth Circuit’s opinion is reported at 1 F.4th
`687. Pet. App. 1a-37a. That court’s order denying re-
`hearing and rehearing en banc is not reported. Id. at
`52a-53a. The Northern District of California’s opinion
`is not reported but is available at 2020 WL 2564635.
`Id. at 38a-49a.
`
`JURISDICTION
`The Ninth Circuit entered judgment on June 16,
`2021. Petitioners filed a timely motion for rehearing
`and rehearing en banc, which was denied on July 23,
`2021. This Court’s jurisdiction is invoked under 28
`U.S.C. § 1254(1).
`STATUTE AND RULES INVOLVED
`Section 10(b) of the Securities Exchange Act of 1934,
`15 U.S.C. § 78j(b), provides:
`It shall be unlawful for any person, di-
`rectly or indirectly, by the use of any
`means or instrumentality of interstate
`commerce or of the mails, or of any facility
`of any national securities exchange—
`* * *
`(b) To use or employ, in connection with
`the purchase or sale of any security regis-
`tered on a national securities exchange or
`any security not so registered, or any secu-
`rities-based swap agreement any manipu-
`lative or deceptive device or contrivance in
`contravention of such rules and regula-
`tions as the Commission may prescribe as
`necessary or appropriate in the public in-
`terest or for the protection of investors.
`
`
`
`3
`Securities and Exchange Rule 10(b), 17 C.F.R.
`§ 240.10b-5, which implements Section 10(b), pro-
`vides:
`
`It shall be unlawful for any person, di-
`rectly or indirectly, by the use of any
`means or instrumentality of interstate
`commerce, or of the mails or of any facility
`of any national securities exchange,
`* * *
`(b) To make any untrue statement of a ma-
`terial fact or to omit to state a material fact
`necessary in order to make the statements
`made, in the light of the circumstances un-
`der which they were made, not misleading,
`* * *
`in connection with the purchase or sale of
`any security.
`The rule governing risk factor disclosures at the
`time of the statements relevant to this petition, 17
`C.F.R. § 229.503(c) (2017), provides:
`(c) Risk factors. Where appropriate, pro-
`vide under the caption “Risk Factors” a
`discussion of the most significant factors
`that make the offering speculative or
`risky. This discussion must be concise and
`organized logically. Do not present risks
`that could apply to any issuer or any offer-
`ing. Explain how the risk affects the is-
`suer or the securities being offered. Set
`forth each risk factor under a subcaption
`that adequately describes the risk. The
`risk factor discussion must immediately
`follow the summary section. If you do not
`
`
`
`4
`include a summary section, the risk factor
`section must immediately follow the cover
`page of the prospectus or the pricing infor-
`mation section that immediately follows
`the cover page. Pricing information means
`price and price-related information that
`you may omit from the prospectus in an ef-
`fective registration statement based on
`§ 230.430A(a) of this chapter. The risk fac-
`tors may include, among other things, the
`following:
`(1) Your lack of an operating history;
`(2) Your lack of profitable operations in
`recent periods;
`(3) Your financial position;
`(4) Your business or proposed business;
`(5) The lack of a market for your common
`equity securities or securities convertible
`into or exercisable for common equity se-
`curities.
`
`INTRODUCTION
`This petition asks a simple question: In a securities
`filing where a company must disclose “risks,” must it
`also disclose whether that risk has come to fruition in
`the past? The answer is simple, too: No. A “risk” is
`the possibility of a future harm or loss. It captures
`what might occur, not what has occurred. And be-
`cause a reasonable investor understands that a “risk”
`captures the future and does not summarize the past,
`omitting a past event from the “risk factor” section of
`a securities filing is not misleading.
`
`
`
`5
`The Ninth Circuit reached a different conclusion.
`Without pausing to discuss the plain meaning of the
`term “risk,” the court of appeals held that “[r]isk dis-
`closures that speak entirely of as-yet-unrealized risks
`and contingencies and do not alert the reader that
`some of these risks may already have come to fruition
`can mislead reasonable investors.” Pet. App. 24a (in-
`ternal quotation marks and alterations omitted). Ap-
`plying that rule, the court concluded that Alphabet
`misled investors when it disclosed in its securities fil-
`ings a risk that it might suffer cybersecurity threats
`in the future, but did not state that it had previously
`identified and remediated a software bug related to
`the Google+ social network.
`As the panel acknowledged, that decision is part of
`a circuit split. In the Fourth and Sixth Circuits, com-
`panies need only include in their Form 10-K and 10-Q
`risk disclosure statements what common sense and
`the Securities and Exchange Commission’s rules re-
`quire: the risks that the company faces. See Bondali
`v. Yum! Brands, Inc., 620 F. App’x 483, 491 (6th Cir.
`2015); Dice v. ChannelAdvisor Corp., 671 F. App’x
`111, 112 (4th Cir. 2016) (per curiam), aff’g In re Chan-
`nelAdvisor Corp. Sec. Litig., No. 5:15-CV-00307-F,
`2016 WL 1381772 (E.D.N.C. Apr. 6, 2016). As the
`Sixth Circuit has explained, risk disclosures serve “to
`educate the investor on future harms.” Bondali, 620
`F. App’x at 491. “They are not meant to educate in-
`vestors on what harms are currently affecting the
`company.” Id. Under that approach, the disclosures
`at issue here were not misleading.
`The Ninth Circuit thinks otherwise. Like the First,
`Third, and D.C. Circuits, as well as the Southern Dis-
`trict of New York, the Ninth Circuit holds that to
`
`
`
`6
`avoid a securities-fraud claim, if a public company
`lists a “risk” in the risk disclosure section of a securi-
`ties filing, it must also disclose whether that risk has
`come to fruition in the past. See Pet. App. 24a-25a;
`Karth v. Keryx Biopharmaceuticals, Inc., 6 F.4th 123,
`138 (1st Cir. 2021); Williams v. Globus Med., Inc., 869
`F.3d 235, 242 (3d Cir. 2017); In re Harman Int’l In-
`dus., Inc. Sec. Litig., 791 F.3d 90, 104 (D.C. Cir. 2015);
`In re Facebook, Inc. IPO Sec. & Derivative Litig., 986
`F. Supp. 2d 487, 516 (S.D.N.Y. 2013).
`In those courts, it is not enough to warn in a risk
`disclosure that a given risk “could or may occur”; com-
`panies must also disclose whether they have already
`“experienced” that sort of “challenge.” Pet. App. 25a
`(internal quotation marks omitted). But that misun-
`derstands the plain meaning of the word “risk” and
`the very idea behind a risk disclosure—to warn of fu-
`ture dangers. It also makes a hash of the purpose of
`these disclosures, which is to identify and warn inves-
`tors of the most important risks facing a public com-
`pany, not drown them “in an avalanche of trivial in-
`formation” about past events. Basic Inc. v. Levinson,
`485 U.S. 224, 231 (1988) (quoting TSC Indus., Inc. v.
`Northway, Inc., 426 U.S. 438, 448 (1976)).
`The question of what a company must include in its
`risk disclosures is vitally important. Failing to adhere
`to the correct standard exposes public companies—in-
`cluding the more than 70 Fortune 500 companies
`headquartered in the Ninth Circuit—to sprawling
`class-action securities lawsuits and the significant
`burdens and costs that come with them. And the
`broadly phrased decision below applies to any sce-
`nario in which a company discloses risks, including,
`but not limited to, quality control and supply chain
`
`
`
`7
`risks. It also affects every conceivable industry, in-
`cluding the technology, automotive, chemical, energy,
`food, retail, and pharmaceutical sectors, to name a
`few. Moreover, because securities filings are not cir-
`cuit-specific, the Ninth Circuit’s rule will apply to
`every company conducting business in the Ninth Cir-
`cuit. This Court should step in now to address this
`acknowledged circuit split—before the Ninth Circuit’s
`rule becomes the de facto disclosure requirement na-
`tionwide.
`The Court should grant certiorari and reverse.
`STATEMENT
`A. Factual Background
`1. The software bug. From 2011 to 2019, Google op-
`erated a social network for consumers called Google+.
`Like other social networks, Google+ users created pro-
`files, which could include information like the user’s
`name, email address, occupation, gender, and age, as
`well as a profile photo. Users could choose to make
`certain profile information visible to anyone on
`Google+, or visible only to friends in their Google+
`“circles.”
`In addition to enjoying a suite of Google-run services
`on Google+, users could also interact with third-party
`applications—that is, applications not run by Google.
`These third-party applications sometimes requested
`access to certain user data; for example, a third-party
`game application might have needed to access the
`user’s Google+ profile photo so other players could rec-
`ognize their friends. Third-party applications ac-
`cessed such data via software intermediaries known
`as application program interfaces.
`
`
`
`8
`At the beginning of 2018, Google initiated a “root-
`and-branch review of third-party developer access” to
`user data. See Ben Smith, Project Strobe: Protecting
`your data, improving our third-party APIs, and sun-
`setting consumer Google+, Google: The Keyword (Oct.
`8, 2018), https://bit.ly/3AdW6Zw (hereinafter “Google
`Blog Post”). In March of that year, the internal team
`discovered a software “bug”—a flaw in the code—in
`one of Google+’s application program interfaces. Id.
`This interface allowed users to grant third-party ap-
`plications access to their profile information, as well
`as access to the public profile information of their
`friends on Google+. Id. The internal team learned
`that a routine update of the interface’s software in
`2015 had introduced a bug that potentially allowed
`those third-party applications to see the public profile
`information of the user’s friends and any profile infor-
`mation visible to the user—including profile infor-
`mation the user’s friends had shared only with their
`friends. The bug did not expose phone numbers, email
`messages, timeline posts, direct messages, or any
`other type of communication data. Id. Nor did it ex-
`pose any social security numbers, credit card num-
`bers, or medical information. Google fixed the issue
`promptly. Id.
`Due to privacy concerns, Google maintained only the
`two most recent weeks of log data for this particular
`application program interface (log data is the record
`of data requested by applications through the inter-
`face). Id. Google accordingly could not confirm the
`full set of specifically affected users. Id. Google does,
`however, have a detailed process for determining
`whether to provide notice to users of “bugs and is-
`sues.” Id. Here, Google’s “Privacy & Data Protection
`Office reviewed this issue, looking at the type of data
`
`
`
`9
`involved, * * * whether there was any evidence of mis-
`use, and whether there were any actions a developer
`or user could take in response.” Id. Because “[n]one
`of these thresholds were met in this instance,” Google
`decided that notifying users of the bug was neither
`necessary nor useful. Id.
`In October 2018, Google published a blog post re-
`porting on its discovery and repair of the bug. Id. In
`addition to explaining the bug’s limited impact,
`Google’s blog post announced that the company was
`shuttering Google+ for consumers. See id. The reason
`was “very low usage” of the platform and “low * * *
`engagement,” where “90 percent of Google+ user ses-
`sions are less than five seconds.” Id.
`The Wall Street Journal also reported about the bug
`and Google’s response. See Douglas MacMillan &
`Robert McMillan, Google Exposed User Data, Feared
`Repercussions of Disclosing to Public, Wall St. J. (Oct.
`8, 2008), https://on.wsj.com/3Fn3Qwb. The article
`stated that Google’s legal and policy staff had shared
`a memorandum on the bug with senior executives in
`April 2018. The memo reiterated that there was no
`evidence of data misuse, but also reportedly warned
`that disclosing the incident would likely trigger “im-
`mediate regulatory interest” in Google’s privacy prac-
`tices. Id. (internal quotation marks omitted).
`Following the bug’s disclosure, Alphabet’s publicly
`traded share price fell. Pet. App. 11a-12a.
`2. Alphabet’s securities filings. Alphabet, as a pub-
`licly traded company, is required to file annual reports
`(on Form 10-K) and quarterly reports (on Form 10-Q)
`with the Securities and Exchange Commission (SEC).
`See 15 U.S.C. § 78m; 17 C.F.R. § 249.310 (Form 10-K);
`17 C.F.R. § 249.308a (Form 10-Q).
`
`
`
`10
`Form 10-K includes a “risk factor section,” in which
`the company must provide a “concise” “discussion of
`the most significant factors that make the offering
`speculative or risky.” 17 C.F.R. § 229.503(c) (2017);
`see Form 10-K Annual Report Pursuant to Section 13
`or 15(d) of the Securities Exchange Act of 1934 Gen-
`eral Instructions 8, U.S. Sec. & Exch. Comm’n, avail-
`able at https://bit.ly/3A8CCFE (last visited Oct. 21,
`2021). Originally, the “risk factor disclosure was” re-
`quired “only in the offering context.” FAST Act Mod-
`ernization and Simplification of Regulation S–K, 84
`Fed. Reg. 12,674, 12,688 (Apr. 2, 2019). But in 2005,
`the SEC added this section to both Form 10-K and
`Form 10-Q. Securities Offering Reform, 70 Fed. Reg.
`44,722, 44,830 (Aug. 3, 2005).1
` Alphabet’s 2017 Form 10-K accordingly cautioned
`investors about data breaches and security failures:
`If our security measures are breached re-
`sulting in the improper use and disclosure
`of user data * * * our products and services
`may be perceived as not being secure * * *
`and customers may curtail or stop using
`
`1 In 2019, the SEC relocated this provision from 17 C.F.R.
`§ 229.503(c) to 17 C.F.R. § 229.105. See 84 Fed. Reg. at 12,702-
`03. In 2020, the SEC amended Section 229.105 to, among other
`things, “change the standard for disclosure from the ‘most signif-
`icant’ risks to ‘material’ risks.” Modernization of Regulation S–
`K Items 101, 103, and 105, 85 Fed. Reg. 63,726, 63,742-46, 63,761
`(Oct. 8, 2020) (codified at 17 C.F.R. § 229.105). As relevant to
`this petition, the substance of the SEC’s risk factor rule is mate-
`rially unchanged. Because the securities filings at issue in this
`case occurred in 2017 and 2018, this petition treats Section
`229.503(c) as the governing risk disclosure requirement.
`
`
`
`11
`our products and services, and we may in-
`cur significant legal and financial expo-
`sure.
`
`* * *
`Concerns about our practices with regard
`to the collection, use, disclosure, or secu-
`rity of personal information or other pri-
`vacy related matters, even if unfounded,
`could damage our reputation and ad-
`versely affect our operating results.
`Pet. App. 55a.
`Form 10-Q (the form used for quarterly reports) re-
`quires companies to disclose “any material changes
`from risk factors as previously disclosed” in the com-
`pany’s Form 10-K. 70 Fed. Reg. at 44,830; see also
`Form 10-Q General Instructions, U.S. Sec. & Exch.
`Comm’n, https://bit.ly/3DbcJa5 (last visited Oct. 21,
`2021). Alphabet’s April 2018 Form 10-Q, which cov-
`ered the period ending March 31, 2018, and its July
`2018 Form 10-Q, which covered the period ending
`June 30, 2018, incorporated the risk factors disclosed
`in its 2017 Form 10-K and stated that “[t]here have
`been no material changes to [those] risk factors.” Pet.
`App. 9a.
`B. Procedural History
`1. Three days after the bug’s disclosure, the State of
`Rhode Island, Office of the Rhode Island Treasurer on
`behalf of the Employees’ Retirement System of Rhode
`Island (“Rhode Island”), and others, filed two securi-
`ties fraud class actions against Alphabet. Pet. App.
`12a & n.2. The district court appointed Rhode Island
`as the lead plaintiff and consolidated the actions. Id.
`at 12a.
`
`
`
`12
`The consolidated amended complaint alleges that
`the defendants violated Section 10(b) of the Securities
`Exchange Act of 1934, 15 U.S.C. § 78j(b), and SEC
`Rule 10b-5(b), 17 C.F.R. § 240.10b-5. Id. at 12a-13a.2
`Section 10(b) prohibits using or employing, “in connec-
`tion with the purchase or sale of any security,” “any
`manipulative or deceptive device or contrivance in
`contravention of such rules and regulations as the
`[SEC] may prescribe.” 15 U.S.C. § 78j(b). Rule 10b-5
`implements that provision, making it unlawful to
`“make any untrue statement of a material fact or to
`omit to state a material fact necessary in order to
`make the statements made, in the light of the circum-
`stances under which they were made, not misleading
`* * * in connection with the purchase or sale of any
`security.” 17 C.F.R. § 240.10b-5(b). This Court has
`interpreted Section 10(b) as providing an implied pri-
`vate cause of action with six elements: “(1) a material
`misrepresentation or omission by the defendant; (2)
`scienter; (3) a connection between the misrepresenta-
`tion or omission and the purchase or sale of a security;
`(4) reliance upon the misrepresentation or omission;
`(5) economic loss; and (6) loss causation.” Stoneridge
`Inv. Partners, LLC v. Scientific-Atlanta, Inc., 552 U.S.
`148, 157 (2008).
`As relevant here, Rhode Island alleged that Alpha-
`bet’s silence on the bug in its April and July 2018
`quarterly reports was a material omission given the
`company’s prior statements describing data security
`as a “risk factor.” Pet. App. 21a-22a; see id. at 14a-
`16a. The complaint also faulted Alphabet for not dis-
`closing other—unspecified—“previously unknown, or
`
`2 Rhode Island also alleged violations of Rule 10b-5(a) and (c).
`Those claims are not at issue here.
`
`
`
`13
`unappreciated security vulnerabilities” that Google’s
`internal team had allegedly brought to light. Id. at
`7a-8a (internal quotation marks omitted).3 Rhode Is-
`land alleged that the defendants were either directly
`involved in making the alleged omissions or were lia-
`ble under Section 20(a) of the Exchange Act, 15 U.S.C.
`§ 78t(a), which imposes liability on any person who
`“controls” the person responsible for a violation of Sec-
`tion 10(b).
`2. Alphabet moved to dismiss the amended com-
`plaint for failure to state a claim. See Pet. App. 13a,
`38a-39a. Alphabet explained that any omission from
`its securities filings could not have materially misled
`investors because, at the time of those securities fil-
`ings, the bug had been fully remediated. The “risk
`factors,” however, were forward-looking; they were
`not meant to include past issues. Under Rhode Is-
`land’s theory, securities filings would be bloated with
`stale information, drowning out the risks the company
`faces.
`The district court agreed with Alphabet and dis-
`missed the suit. As that court explained, “[t]here is no
`support for the position that a remediated technologi-
`cal problem which is no longer extant must be dis-
`closed in the company’s future-looking disclosures.”
`
`3 The co
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
