No. 21-594
`
`In the Supreme Court of the United States
`
`ALPHABET INC., ET AL.,
`PETITIONERS
`v.
`
`STATE OF RHODE ISLAND, ET AL.,
`
`
`ON PETITION FOR A WRIT OF CERTIORARI
`TO THE UNITED STATES COURT OF APPEALS
`FOR THE NINTH CIRCUIT
`
`
`BRIEF FOR THE CHAMBER OF COMMERCE
`OF THE UNITED STATES OF AMERICA,
`THE SECURITIES INDUSTRY AND FINANCIAL
`MARKETS ASSOCIATION, AND BUSINESS
`ROUNDTABLE AS AMICI CURIAE
`SUPPORTING PETITIONERS
`
`
`PAUL LETTOW
`JANET GALERIA
`U.S. CHAMBER LITIGATION
`CENTER
`1615 H Street NW
`Washington, DC 20062
`
`KEVIN CARROLL
`SECURITIES INDUSTRY AND
`FINANCIAL MARKETS
`ASSOCIATION
`1099 New York Avenue NW
`Washington, DC 20001
`
`
`
`JEFFREY B. WALL
`Counsel of Record
`JUDSON O. LITTLETON
`M. JORDAN MINOT
`SULLIVAN & CROMWELL LLP
`1700 New York Avenue NW
`Washington, DC 20006
`(202) 956-7500
`wallj@sullcrom.com
`
`LIZ DOUGHERTY
`BUSINESS ROUNDTABLE
`1000 Maine Avenue SW
`Washington, DC 20024
`
`
`Counsel for Amici Curiae
`
`
`
`In the Supreme Court of the United States
`
`ALPHABET INC., ET AL.,
`PETITIONERS
`v.
`
`STATE OF RHODE ISLAND, ET AL.,
`
`
`ON PETITION FOR A WRIT OF CERTIORARI
`TO THE UNITED STATES COURT OF APPEALS
`FOR THE NINTH CIRCUIT
`
`
`BRIEF FOR THE CHAMBER OF COMMERCE
`OF THE UNITED STATES OF AMERICA,
`THE SECURITIES INDUSTRY AND FINANCIAL
`MARKETS ASSOCIATION, AND BUSINESS
`ROUNDTABLE AS AMICI CURIAE
`SUPPORTING PETITIONERS
`
`
`PAUL LETTOW
`JANET GALERIA
`U.S. CHAMBER LITIGATION
`CENTER
`1615 H Street NW
`Washington, DC 20062
`
`KEVIN CARROLL
`SECURITIES INDUSTRY AND
`FINANCIAL MARKETS
`ASSOCIATION
`1099 New York Avenue NW
`Washington, DC 20001
`
`
`
`JEFFREY B. WALL
`Counsel of Record
`JUDSON O. LITTLETON
`M. JORDAN MINOT
`SULLIVAN & CROMWELL LLP
`1700 New York Avenue NW
`Washington, DC 20006
`(202) 956-7500
`wallj@sullcrom.com
`
`LIZ DOUGHERTY
`BUSINESS ROUNDTABLE
`1000 Maine Avenue SW
`Washington, DC 20024
`
`
`Counsel for Amici Curiae
`
`
`
`
`
`TABLE OF CONTENTS
`
`Page
`
`Interest of Amici Curiae ..................................................... 1
`
`Introduction .......................................................................... 2
`
`Discussion ............................................................................. 3
`
`A. Risk-disclosure omission claims are the latest
`breed of event-driven securities litigation .............. 3
`
`B. The courts of appeals are confused over how to
`approach materialization-of-risk claims .................. 6
`
`C. The decision below is incorrect .............................. 10
`
`D. The decision below warrants this Court’s
`review ........................................................................ 15
`
`Conclusion ........................................................................... 18
`
`
`
`
`Cases:
`
`TABLE OF AUTHORITIES
`
` Page(s)
`
`Basic Inc. v. Levinson,
`485 U.S. 224 (1988) .................................................. 16
`Bondali v. Yum! Brands, Inc.,
`620 Fed. Appx. 483 (6th Cir. 2015) ......... 7, 10, 11-12
`Brody v. Transitional Hosps. Corp.,
`280 F.3d 997 (9th Cir. 2002) .............................. 13, 14
`Burlington Coat Factory Sec. Litig., In re,
`114 F.3d 1410 (3d Cir. 1997) ................................... 10
`
`(I)
`
`
`
`II
`
`Cases—continued:
`
`ChannelAdvisor Corp. Sec. Litig., In re,
`2016 WL 1381772 (E.D.N.C. April 6, 2016) .......... 12
`Dice v. ChannelAdvisor Corp.,
`671 Fed. Appx. 111 (4th Cir. 2016) .......................... 7
`Employees’ Ret. Sys. of R.I. v. Williams
`Cos., Inc.,
`889 F.3d 1153 (10th Cir. 2018) ................................ 13
`First Am. Fin. Corp., In re,
`2021 WL 4807648 (C.D. Cal. Sept. 22, 2021) ........... 5
`Gallagher v. Abbott Labs.,
`269 F.3d 806 (7th Cir. 2001) .................................... 16
`Hampton v. root9B Techs., Inc.,
`897 F.3d 1291 (10th Cir. 2018) .................................. 5
`Harman Int’l Indus., Inc. Sec. Litig., In re,
`791 F.3d 90 (D.C. Cir. 2015) ..................................... 8
`Intel Corp. Sec. Litig., In re,
`2019 WL 1427660 (N.D. Cal. Mar. 29, 2019) ........... 6
`Intuitive Surgical Sec. Litig., In re,
`65 F. Supp. 3d 821 (N.D. Cal. 2014) ....................... 13
`K-tel Int’l, Inc. Sec. Litig., In re,
`300 F.3d 881 (8th Cir. 2002) .................................... 13
`Karth v. Keryx Biopharmaceuticals,
`6 F.4th 123 (1st Cir. 2021) ......................................... 7
`Marriott Int’l, Inc., Customer
`Data Sec. Breach Litig., In re
`2021 WL 2407518 (D. Md. June 11, 2021) ............. 11
`Matrixx Initiatives, Inc. v. Siracusano,
`563 U.S. 27 (2011) ........................................ 10, 13, 16
`
`
`
`
`
`Cases—continued:
`
`III
`
`Omnicare, Inc. v. Laborers Dist. Council
`Constr. Indus. Pension Fund,
`575 U.S. 175 (2015) .................................................. 10
`Slayton v. American Express,
`604 F.3d 758 (2d Cir. 2010) ..................................... 11
`Time Warner Inc. Sec. Litig., In re,
`9 F.3d 259 (2d Cir. 1993) ......................................... 10
`
`Statutes and regulations:
`
`15 U.S.C.
`78u-4 .......................................................................... 13
`78u-5 ............................................................................ 8
`17 C.F.R
`
`229.105 ............................................................. passim
`240.10b-5 ......................................................... 2, 11, 13
`70 Fed. Reg. 44,722 (Aug. 3, 2005) ................................ 3
`83 Fed. Reg. 8,166 (Feb. 26, 2018) .............................. 16
`85 Fed. Reg. 63,726 (Oct. 8, 2020) ........................... 3, 17
`
`Miscellaneous:
`
`First American Fin. Corp., In re,
` Release No. 92176 (SEC June 14, 2021) .............. 15
`Stephen Klemash, How Cybersecurity Risk
`Disclosures and Oversight Are Evolving in
`2021, Ernst & Young (Oct. 4, 2021) ......................... 4
`Kevin LaCroix, Federal Court Securities Suit
`Filings Remain at Elevated Levels,
`D&O Diary (Jan. 1, 2020) ......................................... 4
`Matt Levine, Everything Everywhere Is Securities
`Fraud, Bloomberg (Jan. 26, 2019) ........................... 5
`
`
`
`Miscellaneous—continued:
`
`IV
`
`James A. Lewis et al., The Hidden Costs
`of Cybercrime,
`Ctr. for Strategic & Int’l Stud. (Dec. 9, 2020) ........ 5
`Elisa Mendoza & Jeffrey Lubitz, Event-Driven
`Sec. Litig.: The New Driver in Class Action
`Growth,
`ISS Sec. Class Action Svcs. (2020) .......................... 5
`Craig A. Newman, When to Report a Cyberattack?
`For Companies, That’s Still A Dilemma,
`N.Y. Times (March 5, 2018) .................................... 16
`U.S. Brief, Cyan, Inc. v. Beaver Cty.
`Emps. Ret. Fund,
`138 S. Ct. 1061 (2018) (No. 15-1439) ........................ 7
`U.S. Chamber Institute for Legal Reform,
`An Update on Securities Litigation,
`ILR Briefly (March 25, 2020) ................................... 4
`
`
`
`
`
`
`
`INTEREST OF AMICI CURIAE*
`
`The Chamber of Commerce of the United States of
`America is the world’s largest business federation. It
`represents approximately 300,000 direct members and
`indirectly represents the interests of more than three
`million companies and professional organizations of
`every size, in every sector, and from every region of the
`country. An important function of the Chamber is to
`represent the interests of its members in matters be-
`fore Congress, the Executive Branch, and the courts.
`To that end, the Chamber regularly files amicus curiae
`briefs in cases that raise issues of concern to the na-
`tion’s business community.
`The Securities Industry and Financial Markets As-
`sociation (SIFMA) is a securities industry trade asso-
`ciation representing the interests of securities firms,
`banks, and asset managers across the globe. SIFMA’s
`mission is to support a strong financial industry while
`promoting investor opportunity, capital formation, job
`creation, economic growth, and trust and confidence in
`the financial markets. SIFMA regularly files amicus
`briefs in cases such as this one that have broad impli-
`cations for financial markets, and frequently has ap-
`peared as amicus curiae in this Court.
`Business Roundtable (BRT) is an association of
`chief executive officers of leading U.S. companies that
`
`
`* Under Rule 37.6, amici affirm that no counsel for any party au-
`thored this brief in whole or in part and that no person or entity other
`than amici curiae, their members, or their counsel made a monetary
`contribution to the brief’s preparation or submission. Counsel for all
`parties received notice of amici’s intention to file this brief at least 10
`days prior to the due date, and have consented to this filing.
`
`(1)
`
`
`
`
`2
`
`
`together have $9 trillion in annual revenues and nearly
`20 million employees. BRT was founded on the belief
`that businesses should play an active and effective role
`in the formulation of public policy. It participates in
`litigation as amicus curiae in a variety of contexts
`where important business interests are at stake.
`Many of the amici’s members are companies subject
`to U.S. securities laws, and will be harmed both by the
`theory of liability adopted by the court of appeals in
`this case and by the uncertainty and division among the
`circuits regarding liability for risk disclosures.
`
`INTRODUCTION
`This case presents a compelling opportunity to re-
`solve a growing and important issue in securities law
`that has divided the lower courts. The SEC requires
`companies to disclose future risks, so that investors are
`aware of “material factors that make an investment in
`the [company] speculative or risky.” 17 C.F.R. 229.105.
`But in cases like this one, plaintiffs have argued that
`those forward-looking disclosures are misleading un-
`less they also include information about past events
`that relate to those future risks. In allowing that type
`of purely backward-looking claim to proceed, the Ninth
`Circuit has opened courthouse doors to the latest wave
`of event-driven and hindsight securities litigation. As
`soon as there is news of some past misfortune (like a
`cyber incident), plaintiffs (and their counsel) bring the
`inevitable claim under Section 10(b) and Rule 10b-5
`that the company should have disclosed it or done so
`sooner.
`To stave off liability, public companies will need to
`disclose information about any past events that might
`with hindsight be even arguably related to future risks.
`Here, it is a past security bug that Google had identi-
`fied and fixed. But no major industry will be spared
`
`
`
`
`
`3
`
`the consequences of the decision below. Will a retailer
`that warns of supply-chain disruptions have to disclose
`past product delays? Will a manufacturer that warns
`of COVID-19 fallout have to disclose the vaccination
`rate of its employees? Plaintiffs will surely say so un-
`der the decision below, and the net effect of those suits
`will be to inundate investors with a slew of information
`about past events rather than future risks. Neither
`Congress nor the SEC has established that type of
`“gotcha” regime, and it should not come to pass without
`this Court’s review.
`
`DISCUSSION
`A. Risk-Disclosure Omission Claims Are The Latest
`Breed Of Event-Driven Securities Litigation
`1. Since 2005, the SEC has required public compa-
`nies to disclose “material factors that make an invest-
`ment in the [company] speculative or risky.” 17 C.F.R.
`229.105 (Item 105). Companies must disclose those
`risk factors in both their annual 10-K reports and their
`quarterly 10-Q reports. See 70 Fed. Reg. 44,722,
`44,786 (Aug. 3, 2005). The SEC has directed companies
`to focus on material risks to their particular businesses
`(rather than generic risks that threaten the entire mar-
`ket), and to explain those risks in a concise, readable
`way (so that they may be readily understood by ordi-
`nary investors). See ibid.; see also 85 Fed. Reg. 63,726,
`63,745-63,746 (Oct. 8, 2020). Item 105 does not require
`companies to attempt to quantify risks or predict the
`likelihood they will occur.
`As much as companies may try to keep risk disclo-
`sures brief and easily digestible, they have come to
`constitute a major part of public companies’ filings.
`The risk-factor discussion in a Fortune 100 company’s
`
`
`
`
`
`4
`
`10-K may run dozens of pages, with paragraphs de-
`voted to each risk. In practice, companies often iden-
`tify many of the same risks—for example, a discussion
`of the risks posed by the COVID-19 pandemic is now
`commonplace. And as especially relevant here, every
`Fortune 100 company that files an annual 10-K lists cy-
`bersecurity as a material risk, explaining how a future
`cybersecurity incident could destabilize operations,
`harm consumer confidence, and invite regulatory scru-
`tiny. See Stephen Klemash, How Cybersecurity Risk
`Disclosures and Oversight Are Evolving in 2021,
`Ernst & Young 2 (Oct. 4, 2021), https://tinyurl.com/EY-
`RiskDisclosures.
`2. Accompanying this increasing prevalence of risk
`disclosures is the ever-present threat of a securities
`fraud claim. As a general matter, the pace of securities
`litigation has spiked over the past decade, with nearly
`9 percent of U.S.-listed companies subject to securities
`suits in 2019—more than 2.5 times the rate from 1997
`to 2018. See Kevin LaCroix, Federal Court Securities
`Suit Filings Remain at Elevated Levels, D&O Diary
`(Jan. 1, 2020), https://www.dandodiary.com/2020/01/ar-
`ticles/securities-litigation/federal-court-securities-sui-
`t-filings-remain-at-elevated-levels. “To put this in the
`simplest terms, the likelihood of a U.S.-listed company
`getting hit with a securities suit is the highest it has
`ever been.” Ibid.; see U.S. Chamber Institute for Le-
`gal Reform, An Update on Securities Litigation, ILR
`Briefly 3 (March 25, 2020), https://instituteforlegalre-
`form.com/research/ilr-briefly-an-update-on-securities-
`litigation/ (noting records in filing activity in each of
`the three years 2017 to 2019).
`A growing proportion of those suits stem from so-
`called event-driven litigation. Plaintiffs seize on a
`
`
`
`
`
`5
`
`headline-grabbing negative event that harms a com-
`pany (and its stock price) and allege that the company
`misled investors about some aspect of the event. See
`U.S. Chamber Institute for Legal Reform, Petition to
`U.S. Securities and Exchange Commission for Rule-
`making on COVID-19 Related Litigation 3 (Oct. 30,
`2020) (Petition for Rulemaking); see also Matt Levine,
`Everything Everywhere Is Securities Fraud, Bloom-
`berg (Jan. 26, 2019), https://www.bloomberg.com/opin-
`ion/articles/2019-06-26/everything-everywhere-is-sec-
`urities-fraud. That type of event-driven litigation ac-
`counts for an increasing number of securities lawsuits
`every year—involving everything from data privacy to
`the environment, opioids, and COVID-19. See Elisa
`Mendoza & Jeffrey Lubitz, Event-Driven Sec. Litig.:
`The New Driver in Class Action Growth, ISS Sec.
`Class Action
`Svcs.
`3-4
`(Dec.
`1,
`2020),
`https://www.issgovernance.com/file/publication-s/ISS-
`SCAS-Event-Driven-Securities-Litigation.pdf.
`Unsurprisingly, cybersecurity incidents are on the
`leading edge of that wave.
` Cyberattacks, data
`breaches, and security bugs are an omnipresent risk
`for companies. Nearly every major business experi-
`ences some sort of cyber incident in a given year. See
`James A. Lewis et al., The Hidden Costs of Cyber-
`crime, Ctr. for Strategic & Int’l Stud. 4 (Dec. 9, 2020),
`https://www.csis.org/analysis/hidden-costs-cybercrime
`(observing that only 4 percent of 1,500 companies sur-
`veyed did not report experiencing a cyber incident in
`2019). As this case shows, the new model is for plain-
`tiffs’ counsel and their clients (like the institutional in-
`vestors here) to await news of a cyber incident, and
`then bring suit claiming that the company failed to ad-
`equately disclose the incident itself or the risk it posed
`to the company. See, e.g., Hampton v. root9B Techs.,
`
`
`
`
`
`6
`
`Inc., 897 F.3d 1291, 1301 (10th Cir. 2018) (affirming
`dismissal of complaint alleging misstatements in wake
`of hacking attack); In re First Am. Fin. Corp., 2021
`WL 4807648, at *12 (C.D. Cal. Sept. 22, 2021) (dismiss-
`ing complaint filed after SEC enforcement action re-
`lated to cyber risk disclosures); In re Intel Corp. Sec.
`Litig., 2019 WL 1427660, at *2 (N.D. Cal. Mar. 29,
`2019) (dismissing complaint that centered on identified
`security vulnerabilities but did not allege any breach).
`Those claims virtually never take the form that the
`company’s disclosures about the risks posed by a cyber
`incident were themselves inaccurate or misleading.
`This case is a prime example. Alphabet warned inves-
`tors—accurately—that a breach of its cybersecurity
`measures might lead to a loss of consumer confidence
`and Alphabet might incur “significant legal and finan-
`cial exposure” and “damage [to its] reputation.”
`Pet. App. 55a. Those statements were true, and re-
`spondents do not appear to contend otherwise. An in-
`vestor deciding whether to purchase Alphabet stock
`who read the relevant 10-K and 10-Qs was on clear no-
`tice that a security bug might cause the value of her
`stock to decline. Instead, plaintiffs in this and other
`cases have claimed that when a company truthfully dis-
`closes future risks, it must also disclose any past or
`current information about the company that purport-
`edly bears on whether those risks have materialized.
`As explained below, the circuits have reacted to these
`materialization-of-risk claims with confusion.
`B. The Courts Of Appeals Are Confused Over How
`To Approach Materialization-Of-Risk Claims
`The courts of appeals have diverged in their treat-
`ment of materialization-of-risk claims, but the problem
`here is about more than the usual circuit split: courts
`are generally confused about how to approach such
`
`
`
`
`
`7
`
`claims. See U.S. Br. at 17-18, Cyan, Inc. v. Beaver Cty.
`Emps. Ret. Fund, 138 S. Ct. 1061 (No. 15-1439) (argu-
`ing for review in light of the substantial confusion in
`the lower courts). The decision below only adds to the
`confusion. It adopts the most extreme position to date
`by allowing a claim that a company misled investors by
`not disclosing a past event that allegedly relates to an
`identified future risk. No other circuit has permitted
`that type of purely backward-looking claim to proceed.
`1. At one end of the spectrum, the Sixth Circuit has
`rejected arguments that Item 105 risk disclosures—
`which by definition inform investors about future
`risks—can mislead reasonable investors about what
`occurred in the past. Because “[r]isk disclosures like
`the ones accompanying 10-Qs and other SEC filings
`are inherently prospective in nature,” the Sixth Circuit
`has reasoned, they inform investors about “what harms
`may come to their investment,” not “what harms are
`currently affecting the company.” Bondali v. Yum!
`Brands, Inc., 620 Fed. Appx. 483, 491 (2015). The
`Fourth Circuit has affirmed a district court that
`adopted the same reasoning. Dice v. ChannelAdvisor
`Corp., 671 Fed. Appx. 111 (2016).
`2. By contrast, the First, Third, and D.C. Circuits
`allow some materialization-of-risk claims where the
`identified risk is imminent or already materializing.
`The First Circuit, for instance, has held that a com-
`pany’s disclosure of a “merely hypothetical” future risk
`is misleading if, at the time the statement was made,
`the company understood that “the alleged risk had a
`‘near certainty’ of causing ‘financial disaster’ to the
`company.”
` Karth v. Keryx Biopharmaceuticals,
`6 F.4th 123, 137-138 (2021). In that situation, the com-
`pany “is at the edge of the Grand Canyon and must
`warn investors of an imminent cliff.” Id. at 138. The
`
`
`
`
`
`8
`
`First Circuit further held that a company must also
`“disclose a relevant risk if that risk had already begun
`to materialize.” Ibid.
`The Third Circuit has also adopted that latter ap-
`proach. In Williams v. Globus Med., Inc., a company
`that relied in part on independent contractors warned
`that terminating those relationships could harm its
`sales. See 869 F.3d 235, 241 (3d Cir. 2017). What the
`company did not disclose is that it was already shifting
`business from independent contractors to its in-house
`sales team. But the Third Circuit nevertheless held
`that the company’s identification of that risk was not
`misleading because the shift had not yet affected the
`company’s sales. In other words, the company’s disclo-
`sure remained true at the time it was made: terminat-
`ing contractor relationships might hurt the company’s
`bottom line in the future (but had not yet begun to do
`so). The company had not misled investors about any
`future risk, because the risk had not already begun to
`materialize.
`Like the Third Circuit, the D.C. Circuit has held
`that a company may be liable if, at the time of disclo-
`sure, a company knew a risk “was materializing.” In re
`Harman Int’l Indus., Inc. Sec. Litig., 791 F.3d 90, 104,
`106 (2015). The court addressed the issue in the con-
`text of the PSLRA’s safe-harbor provision, which
`guards against liability for forward-looking statements
`that are accompanied by “meaningful” cautionary lan-
`guage. 15 U.S.C. 78u-5(c)(1)(A)(i). The D.C. Circuit
`reasoned that “cautionary language cannot be ‘mean-
`ingful’ if it is ‘misleading in light of historical fact[s].’”
`In re Harman, 791 F.3d at 102. Although the disclo-
`sures there covered the risk that the company’s prod-
`ucts could become obsolete, they “did not convey that
`inventory was [already] obsolete.” Id. at 104. The D.C.
`
`
`
`
`
`9
`
`Circuit also borrowed the First Circuit’s Grand Can-
`yon analogy, id. at 103, suggesting that it might deem
`relevant whether a risk was imminent, even if the risk
`had not yet begun to materialize.
`3. In the decision below, the Ninth Circuit went
`much further than the First, Third, and D.C. Circuits.
`Alphabet warned investors that “[i]f our security
`measures are breached resulting in the improper use
`and disclosure of user data,” “customers may curtail or
`stop using our products and services, and we may incur
`significant
`legal
`and
`financial
`exposure.”
`Pet. App. 55a. The Ninth Circuit held that Alphabet’s
`warning “of risks that ‘could’ or ‘may’ occur is mislead-
`ing to a reasonable investor when Alphabet knew that
`those risks had materialized.” Pet. App. 25a. But un-
`like the First, Third, and D.C. Circuits, the Ninth Cir-
`cuit did not even ask whether some harm from the past
`security bug was imminent or coming to fruition at the
`time of the disclosure. After all, the security bug had
`been fixed. The Ninth Circuit instead held that a com-
`pany may be liable for the failure to disclose any past
`event related to a risk discussed in a forward-looking
`disclosure—regardless of whether harms to the com-
`pany are imminent or already materializing.
`4. To be sure, the Sixth Circuit’s decision in
`Bondali, though well reasoned, is unpublished (as is
`the Fourth Circuit’s decision in Dice). Respondents
`may therefore try to minimize the extent of the disa-
`greement in the circuits. But there is no reason to be-
`lieve the Sixth Circuit (or the Fourth Circuit) will
`change course. And even if there were, that would not
`affect the need for review here. Alphabet also would
`have prevailed under the approach taken by the First,
`Third, and D.C. Circuits. Moreover, the Ninth Cir-
`cuit’s extreme position will affect securities filings for
`
`
`
`
`
`10
`
`any major American business, which itself warrants
`this Court’s review. See infra, Part D. And perhaps
`more importantly, for the reasons explained below, the
`Sixth Circuit’s approach is the correct one. Item 105
`disclosures notify investors about “factors that make
`an investment in the [company] speculative or risky.”
`17 C.F.R. 229.105. Their express purpose is to notify
`investors about future risks. Hence, those disclosures
`are misleading only when a reasonable investor would
`not understand “what harms may come to their invest-
`ment.” Bondali, 620 Fed. Appx. at 491.
`C. The Decision Below Is Incorrect
`Securities law imposes no “general duty on the part
`of a company to provide the public with all material in-
`formation.” In re Burlington Coat Factory Sec. Litig.,
`114 F.3d 1410, 1432 (3d Cir. 1997). That is true even
`for material information that “a reasonable investor
`would very much like to know.” In re Time Warner
`Inc. Sec. Litig., 9 F.3d 259, 267 (2d Cir. 1993). Absent
`an affirmative duty to disclose, a securities plaintiff
`basing its claims on the contention that a company im-
`permissibly failed to share information with the public
`must identify a particular statement that was rendered
`misleading by that omission. See Matrixx Initiatives,
`Inc. v. Siracusano, 563 U.S. 27, 44-45 (2011). “Whether
`a statement is misleading depends on the perspective
`of a reasonable investor.” Omnicare, Inc. v. Laborers
`Dist. Council Constr. Indus. Pension Fund, 575 U.S.
`175, 186 (2015) (internal quotation marks omitted).
`Here, Item 105 required Alphabet to concisely dis-
`cuss—not quantify or attempt to predict— “material
`factors that make an investment in the [company] spec-
`ulative or risky.” 17 C.F.R. 229.105. Alphabet com-
`plied with Item 105. It disclosed both the risk of a fu-
`
`
`
`
`
`11
`
`ture security bug and the harms (financial and reputa-
`tional) that could cause. See Pet. App. 22a. What plain-
`tiffs claim—and the Ninth Circuit accepted—is that Al-
`phabet had to disclose more in order to avoid running
`afoul of Section 10(b) and Rule 10b-5. The Ninth Cir-
`cuit’s reasoning for that conclusion is not entirely clear.
`But its opinion could be read to suggest that Alphabet’s
`failure to disclose the Google+ software bug was mis-
`leading about one of three different things: (1) the past
`state of affairs at the company (by implying no security
`bug had yet occurred), see id. at 25a; (2) the current
`state of affairs (because the problems with security
`controls were ongoing), see id. at 26a; or (3) the future
`state of affairs (by understating the risks that a signif-
`icant security bug would pose), see id. at 26a-27a.
`None of those theories is correct.
`1. Alphabet’s disclosures about future risks did not
`mislead reasonable investors about what had happened
`in the past or was then happening in the present. For-
`ward-looking statements necessarily differ from repre-
`sentations about the present or past. See generally
`Slayton v. American Express, 604 F.3d 758, 765 (2d
`Cir. 2010) (discussing the PLSRA “statutory safe-har-
`bor for forward-looking statements”). Saying that a
`person’s valuables may be stolen if her house is burgled
`in the future communicates nothing about the home’s
`current level of security or whether it has been broken
`into before. Given that commonsense distinction, no
`reasonable investor would consult a forward-looking
`risk disclosure to understand a company’s past or cur-
`rent operations.
`That is precisely the reasoning adopted by the Sixth
`Circuit. As that court has explained, “[r]isk disclo-
`sures * * * are inherently prospective in nature. They
`
`
`
`
`
`12
`
`warn an investor of what harms may come to their in-
`vestment. They are not meant to educate investors on
`what harms are currently affecting the company.”
`Bondali, 620 Fed. Appx. at 491; see In re Marriott
`Int’l, Inc., Customer Data Sec. Breach Litig., 2021 WL
`2407518, at *25 (D. Md. June 11, 2021) (“To the extent
`Plaintiff alleges that Marriott’s risk disclosures were
`misleading about its current state of cybersecurity,
`those allegations fail because the risk factor disclo-
`sures are not intended to educate investors about
`harms currently affecting the company.”); In re Chan-
`nelAdvisor Corp. Sec. Litig., 2016 WL 1381772, at *6
`(E.D.N.C. April 6, 2016) (“[I]t is unlikely that a reason-
`able investor would, from that cautionary [risk disclo-
`sure], infer anything about ChannelAdvisor’s current
`contracts.”), aff’d sub nom. Dice v. ChannelAdvisor
`Corp., 671 Fed. Appx. 111 (4th Cir. 2016) (per curiam).
`This case is an excellent example. Alphabet cau-
`tioned investors that “[i]f our security measures are
`breached * * * , or if our services are subject to attacks
`* * * , users may curtail or stop using our products and
`services, and we may incur significant legal and finan-
`cial exposure.” Pet. App. 55a. Alphabet further ex-
`plained that “[a]ny systems failure or compromise of
`our security that results in the release of our users’
`data * * * could seriously harm our reputation and
`brand and, therefore, our business.” Id. at 56a. Alpha-
`bet even warned that “[w]e experience cyber attacks of
`varying degrees on a regular basis” and “[i]f an actual
`or perceived breach of our security occurs, the market
`perception of the effectiveness of our security
`measures could be harmed and we could lose users and
`customers.” Id. at 56a-57a. Every word of those dis-
`closures about future risks is true—and not a single
`word communicates anything about past security bugs
`
`
`
`
`
`13
`
`or present security.
`At bottom, respondents’ and the Ninth Circuit’s ap-
`proach rests on the faulty premise that a company com-
`mits fraud when an investor forms a mistaken impres-
`sion of the company’s past or current operations after
`reading a forward-looking risk disclosure. Securities
`law is focused on specific statements made by a com-
`pany, not vague impressions a litigant later claims to
`have gleaned from those statements. That is why se-
`curities plaintiffs must “specify each statement alleged
`to have been misleading” at the outset of their case,
`15 U.S.C. 78u-4(b)(1), and why a successful omission
`claim requires pointing to specific statements that
`were misleading without the undisclosed information.
`Matrixx Initiatives, 563 U.S. at 44. Here, Alphabet’s
`actual statements about the future risks of a security
`bug could not have misled any reasonable investor
`about whether the company had suffered attacks in the
`past or was vulnerable to attacks at the time of the dis-
`closures.
`2. To the extent respondents are claiming (or the
`Ninth Circuit accepted) that Alphabet’s disclosures
`were misleading about the future risks facing the com-
`pany, that theory too is wrong. A forward-looking dis-
`cussion of a specific risk is not misleading solely be-
`cause it does not also include all information detailing
`the company’s vulnerability to that risk. “Rule 10b-5
`‘prohibit[s] only misleading and untrue statements, not
`statements that are incomplete.’” Employees’ Ret.
`Sys. of R.I. v. Williams Cos., Inc., 889 F.3d 1153, 1164
`(10th Cir. 2018) (quoting Brody v. Transitional Hosps.
`Corp., 280 F.3d 997, 1006 (9th Cir. 2002)). As a result,
`companies need not “dump all known information with
`every public announcement.” In re K-tel Int’l, Inc. Sec.
`Litig., 300 F.3d 881, 898 (8th Cir. 2002). Put simply,
`
`
`
`
`
`14
`
`“Rule 10b-5 does not contain a ‘freestanding complete-
`ness requirement’ because ‘no matter how detailed and
`accurate disclosure statements are, there are likely to
`be additional details that could have been disclosed but
`were not.’” In re Intuitive Surgical Sec. Litig., 65 F.
`Supp. 3d 821, 836 (N.D. Cal. 2014) (quoting Brody, 280
`F.3d at 1006).
`The question is therefore not whether the undis-
`closed Google+ software bug related to Alphabet’s
`cyber-related risks, see Pet. App. 26a, or whether dis-
`closure would have “significantly altered the total mix
`of information” available to investors, id. at 27a (inter-
`nal quotation marks omitted). Rather, the question is
`whether Alphabet’s specific statements regarding its
`future risk were inaccurate or misleading. As ex-
`plained above, they were not. Alphabet accurately de-
`scribed the risks to consumers’ confidence and the
`company’s financial health from a security bug. See
`supra, p. 13. In making those disclosures, Alphabet did
`not take on a duty to provide the investing public with
`all of the information on which its assessment was
`based. There is nothing inconsistent or misleading
`about identifying risks associated with security bugs
`while possessing information about an earlier, reme-
`died bug or the firm’s vulnerabilities to such bugs.
`In short, like virtually every other public company,
`Alphabet recognized that it faces risks from cyberse-
`curity incidents. It thus informed investors of its accu-
`rate assessment of the consequences such an incident
`could have for its business. The mere fact that re-
`spondents, with the benefit of hindsight, would have
`wanted to know about Alphabet’s past security bugs
`does not make Alphabet’s actual risk disclosures mis-
`leading. The Ninth Circuit’s contrary view effectively
`converts the duty not to mislead investors into a duty
`
`
`
`
`
`15
`
`to provide past and present information that is some-
`how related to every future risk disclosed to the public.
`Securities law imposes no such requirement, and as ex-
`plained below, imposing it through the courts will have
`a host of negative consequences.
`D. The Decision Below Warrants This Court’s Re-
`view
`The Ninth Circuit’s approach will harm both inves-
`tors and companies. Start with the fact that it is not
`necessary. If the SEC believes that a company has vi-
`olated Item 105 or other disclosure provisions of the
`securities laws, it may levy civil monetary penalties.
`See In re First American Fin. Corp., Release No.
`92176 (SEC June 14, 2021) (concluding that First
`American had failed to maintain adequat
Accessing this document will incur an additional charge of $.
After purchase, you can access this document again without charge.
Accept $ Charge
Still Working On It
This document is taking longer than usual to download. This can happen if we need to contact the court directly to obtain the document and their servers are running slowly.
Give it another minute or two to complete, and then try the refresh button.
A few More Minutes ... Still Working
It can take up to 5 minutes for us to download a document if the court servers are running slowly.
Thank you for your continued patience.
This document could not be displayed.
We could not find this document within its docket. Please go back to the docket page and check the link. If that does not work, go back to the docket and refresh it to pull the newest information.
Your account does not support viewing this document.
You need a Paid Account to view this document. Click here to change your account type.
Your account does not support viewing this document.
Set your membership
status to view this document.
With a Docket Alarm membership, you'll
get a whole lot more, including:
- Up-to-date information for this case.
- Email alerts whenever there is an update.
- Full text search for other cases.
- Get email alerts whenever a new case matches your search.
One Moment Please
The filing “” is large (MB) and is being downloaded.
Please refresh this page in a few minutes to see if the filing has been downloaded. The filing will also be emailed to you when the download completes.
Your document is on its way!
If you do not receive the document in five minutes, contact support at support@docketalarm.com.
Sealed Document
We are unable to display this document, it may be under a court ordered seal.
If you have proper credentials to access the file, you may proceed directly to the court's system using your government issued username and password.
Access Government Site
