The Internet and the Cybersecurities Marketplace (Impacts of the Internet on Securities Markets in the United States and the World)

Denis T. Rice
Chair, California State Bar Committee on Cyberspace Law

Background: Information and Communication Capabilities of the Internet

The Internet began in the 1960's as a decentralized, packet-switched network of computers funded by the Department of Defense, intended to facilitate communication in the United States in the event of a nuclear attack. In the late 1970's, universities and other non-governmental entities started linking with the Department of Defense net. By the late 1980's there were multiple computer networks joined together in an "Internet." It allowed "e-mail" communications to be sent electronically over the Internet to one or more specific addresses, or even mass mailed, i.e., the message can be sent electronically to large numbers of addresses.

Among other Internet applications, the World Wide Web is the most popular. The World Wide Web consists of a vast network of Web "sites," i.e., graphical presentations of information that is controlled by the site-holder. Sites can contain pictures, text and sound in static or moving form. The World Wide Web brings together file transfer protocol, hypertext files, e-mail and other resources linked together on a global basis.

Other Internet applications important for disseminating information are the bulletin board and mailing list. The bulletin board (also called a "newsgroup"), unlike a Web site, is generally controlled by more than a single person. The bulletin board allows written messages, responses and new messages from a number of persons to be posted or downloaded from a given Internet location. The mailing list provides a way for network users who share interest in a given topic to exchange messages by sending a message to a central address where it is automatically rebroadcast to all other participants. Another capability relevant to securities transactions is "push" technology, which allows information to be sent through the Internet to pre-selected viewers automatically without the necessity of their logging on to a particular Web site or bulletin board.

The foregoing Internet applications, particularly the World Wide Web, create a dramatically new environment for both investors and companies issuing securities. Web sites, bulletin boards, e-mail and push technology can all be used in advertising, offering and selling securities and for disseminating investment advice. They permit communication instantaneously with millions of people worldwide at low cost. Internet communications can match proposed trades and circulate information in broad-based markets. They permit individuals to access massive amounts of more information far more quickly and directly than was believed possible just a few years ago. The speed and accessibility of Internet information permit potential buyers and sellers of securities to avoid traditional financial intermediaries and access each other almost instantly.

The Mushrooming Development of Securities Markets on the Internet In the mid-1990's, the marketing of securities on the Internet began to take off. In 1995 a micro-brewery called "Spring Street Brewing" was the first issuer to offer stock to the public directly online, by posting offering materials on its Web site. In early 1996, Spring Street Brewing generated widespread comment by an attempt to create a Web bulletin board for secondary trading in its stock; the financial press gave extensive coverage to the difficulties Spring Street encountered with the U.S. Securities and Exchange Commission. A number of small discount brokers started online secondary trading in 1995 and the number gradually swelled.

Developments in cyberfinance have virtually exploded since these early entries. Dozens of new Web sites have been introduced allowing dissemination of material on securities issuance, both for underwritten public offerings and direct public offerings conducted by issuers themselves. Electronic bulletin boards have been created for secondary trading directly among investors. Data banks containing names of potential investors for private, public and overseas offerings have been generated. The Web has increasingly become a hub for online trading through broker-dealers and dissemination of vast amounts of financial information by mutual funds and investment advisers.

The following overview of the cybersecurities marketplace explores how the Internet is being used for issuance of new securities, both publicly and privately, and for secondary trading in already-issued securities, and the implications of these uses for securities regulation. It also touches the jurisdictional issues involved in these electronic securities activities.

The Mushrooming Development of Securities Markets on the Internet

Introductory

Two main trends have developed involving issuance of new securities on the Internet. First, investment bankers can post their underwritings of stock issues on the World Wide Web to expose them to vast numbers of prospective investors at very low cost. Second, issuers can bypass traditional underwriters and make direct public offerings ("DPOs") of securities using the Web bulletin boards and push technology. DPOs thus far have typically involved modest amounts of capital sought essentially by small issuers, but the ease of creating Web sites will encourage the growth and maturity of the DPO as the digital marketplace evolves. The increased role of the Internet in facilitating issuance of securities has been accompanied by efforts of federal and state regulators to adapt existing rules to fit this dynamically changing marketplace.

Securities Regulation and Cybersecurities Federal Securities Regulation Framework

The issuance of new securities is the primarily governed in the United States by the Securities Act of 1933 (the "1933 Act"). The 1933 Act generally requires registration with the Securities and Exchange Commission ("SEC") of securities that are publicly offered. The Securities Act of 1934 (the "1934 Act") generally requires registration of broker-dealers and national securities exchanges with the SEC. Both of these Acts regulate securities fraud, the 1933 Act focuses on securities issuance while the 1934 Act deals broadly with both issuance and after-market trading. Narrower in their coverage are the Investment Advisers Act of 1940 ("Advisers Act"), which generally affects investment advisers having $25 million or more under management or advising mutual funds, and the Investment Company Act of 1940 ("1940 Act"), which governs both open and closed-end investment companies that offer their securities to the public.

Since 1995, the SEC has sought by rule and interpretive release to mesh these Acts and the regulatory framework built up around them with the new Internet world. Its efforts have produced two October 1995 interpretive releases and a 1996 concept release, which constitute its principal guides to issuers and attorneys regarding delivery of information on securities by electronic means. The foregoing releases reflect an SEC effort to encourage electronic delivery of information to investors. At the same time, they also reflect a residual regulatory preference for paper delivery and a preference for directed Internet communication (e-mail) over Web site postings. The SEC has also published in 1998 an interpretive release on the application of U.S. federal securities laws to offshore offering and sales of securities and investment services over the World Wide Web.

Importance of Consent of the Recipient to Electronic Transmission of Information

The SEC has analogized electronic distribution of information to the print medium, stating that it "would view information distributed through electronic means as satisfying the delivery or transmission requirements of the federal securities laws if such distribution results in the delivery to the intended recipients of substantially equivalent information as these recipients would have had if the information were delivered to them in paper form." However, unlike information transmitted in paper form, an issuer must obtain the investor's informed consent to the receipt of information through the Internet. Moreover, the SEC makes such consent revocable at any reasonable time before electronic delivery of a particular document has actually commenced.

Importance of Timely Notice, Effective Access, and Reasonable Assurance of Delivery of Information

Electronic disclosure of information must provide adequate and timely notice to investors, afford effective access to the information, and give reasonable assurance that the information in fact has been delivered. For example, merely posting a document on a Web site will not constitute adequate notice, absent evidence of actual delivery to the investor. Separate notice by two paper methods--letter or postcard--or a directed Internet message (e-mail) can satisfy such actual delivery requirements. If an investor consents to electronic delivery of the final prospectus for a public offering by means of a Web site, but does not provide an electronic mail address, the issuer may post its final prospectus on the site and mail the investor a notice of the location of the prospectus on the Web along with the paper confirmation of the sale.

It is also necessary that investors have access to required disclosure that is "comparable" to postal mail and that the investor must have the opportunity to retain the information or have ongoing access equivalent to personal retention. A document posted on the Internet or made available through an on-line service should remain accessible for so long as any delivery requirement under SEC rules applies. If a preliminary prospectus is posted on a Web site, it should be updated "to the same degree as paper."

The SEC requires issuers to make paper versions of their documents available where there is computer incompatibility or computer system failure or where consent to receive documents electronically is revoked by the investor. Issuers should have reasonable assurance, akin to that found in postal mail, that the electronic delivery of information requirement is satisfied. The delivery requirements can be satisfied by the investor's informed consent to receive information through a particular electronic medium coupled with proper notice of access. Sufficient evidence of delivery can also include an electronic mail return receipt or confirmation that a document has been accessed, downloaded or printed; the investor's receipt of transmission by fax; the investor's accessing by hyperlink of a required document; and the investor's use of forms or other material that are available only by accessing the document.

State Regulation of Securities

The role of the states in the issuance of securities has shifted in the past few years for reasons having nothing to do with the Internet. When an issuer is listed or authorized for listing on the New York Stock Exchange or American Stock Exchange, or is included or qualified for inclusion in the Nasdaq National Market System, the states play a diminished role, since their ability to require registration of such securities at the state level has been largely preempted by Congress. Congress has also preempted state regulation of those security issuances which are exempt from 1933 Act registration by virtue of SEC exemptions adopted pursuant to Section 4(2) of the 1933 Act (the exemption for private offerings). In effect, this deprives the states of authority over private placements, including those made in reliance on SEC Rule 506 in Regulation D. However, the states have retained authority to regulate most other kinds of exempt small offerings, particularly those under SEC Rules 504 and 505. Moreover, states retain authority to regulate broker-dealers within their jurisdiction, notwithstanding the 1934 Act.

Application of state "blue-sky" law is traditionally based on location, i.e., the laws of a given state seek to regulate transactions occurring within the state's boundaries. Section 414(a) of the Uniform Securities Act ("USA") thus provides that its jurisdiction reaches all persons offering or selling securities when "(1) an offer to sell is made in this state, or (2) an offer to buy is made and accepted in this state." As discussed later in more detail, "in" and "within" raise new jurisdictional issues in the online offer and sale of securities, since anyone in the world with a PC and modem can access a Web site on which a securities offering is posted.25A The states have sought to further marketing on the Wed by creating jurisdictional safe harbors.25B However, the state regulators have not yet adopted separate rules or interpretations dealing with what kind of electronic delivery will satisfy existing disclosure requirements under their blue-sky laws.

Practice Areas

Corporate & Securities

International

Industries

Internet & E-Commerce