ASA Op-Ed in The Hill: The National Security Risk No One Is Talking About

By Christopher A. Iacovella | July 3, 2019

Today’s security threats continue to evolve as foreign adversaries and cyber criminals work tirelessly to influence U.S. elections, target and breach our country’s largest companies, and steal the sensitive personal information of the American people.

The government’s responsibility to protect us from external threats is as important today as it’s ever been. President Trump’s national security strategy reaffirms this guiding principle by stating “[o]ur government’s first duty is to its people, to our citizens — to serve their needs, to ensure their safety, to preserve their rights, and to defend their values.”

Policymakers in Washington are modernizing our national security defenses to address today’s growing threats. But a little-known government data collection initiative at the U.S. Securities and Exchange Commission (SEC) threatens to undermine these efforts by creating a target-rich environment for cyber criminals and state actors, such as China, to steal the personally identifiable information (PII) of every American who has money in the stock market. PII includes your name, address, date of birth and financial account information.

After the 2010 stock market “Flash Crash,” the SEC required broker-dealers, trading venues and stock exchanges to report all stock trades and customer information to a single database, known as the Consolidated Audit Trail (CAT). While the SEC argues this expansive new database would allow it to analyze market events quicker, it never considered the national security risks of storing the PII of every American investor in a central location.

Preventing fraud and manipulation in our markets is very important, and we don’t oppose the creation of the CAT to achieve these goals. We do, however, believe this can be done without collecting the PII of every American investor and serving it up to America’s adversaries in a single all-you-can-steal database.

Our concern is justified by the numerous high-profile cyber-attacks at corporations and government agencies across the U.S. Even the National Security Agency was hacked when Chinese agents stole NSA cyber tools so they could re-deploy them against U.S. targets.

To read the full op-ed, click here.