Great - our tax dollars at work. The Consolidated Audit Trail is meant to provide a complete inventory of equity and options markets activity. PHOTO: MARK LENNIHAN/ASSOCIATED PRESS By Dave Michaels Oct. 5, 2017 8:10 p.m. ET 1 COMMENTS WASHINGTON—U.S. exchanges overseeing the creation of a vast database of stock and options trades have discussed whether to delay its mid-November launch because the project’s contractor hasn’t met key data-security milestones, according to people familiar with the matter. The Securities and Exchange Commission would have to approve any delay of the database, called the Consolidated Audit Trail. No formal request for a delay has been made. SEC Chairman Jay Clayton already faces calls from lawmakers seeking a halt, following the regulator’s disclosure last month that one of its critical systems was hacked. Rep. Jeb Hensarling (R., Texas), the chairman of the House Financial Services Committee, urged Mr. Clayton on Wednesday to postpone the project, citing the need for “appropriate safeguards and internal controls” to ward against hackers or misuse of data. Thesys Technologies LLC, the contractor for the CAT, hasn’t gained approval for an overarching data-security plan or named a top cybersecurity executive for the project even as exchanges face a Nov. 15 deadline to report all of their orders and trades to the database, people familiar with the matter said. A group of exchanges that picked Thesys to build the database withheld a $9.3 million payment three weeks ago after disputing the contractor’s plans for testing how data will be transmitted to the system, these people said. Thesys drafted a security plan, but it hasn’t been approved by the exchanges, which cited gaps in the latest proposal, the people said. The exchanges also turned down a candidate proposed by Thesys for the role of chief information security officer, they said. The exchanges overseeing the initiative say they are working with Thesys to find an executive who will be responsible for data-security policies. The exchanges have “recast” payment installments to reward Thesys when it meets project milestones, they said in a statement. “We will not implement the CAT without having a rigorous information security program as specified in the CAT…plan, and the parties continue to work together on that program, which will be an ongoing effort,” the exchanges and Thesys told The Wall Street Journal in a statement. “If this requires requesting an extension of the 11/15 deadline, we will not hesitate to ask the SEC for such an extension.” An SEC spokesman declined to comment. Progress on the audit trail has been plagued by delays since the SEC proposed it in May 2010. Regulators accelerated the project—a complete inventory of equity and options markets activity—after their inability to quickly explain the 2010 “flash crash” in which the Dow Jones Industrial Average plunged almost 1,000 points in 20 minutes before rebounding nearly as quickly. The database will ingest about 58 billion daily records. In addition to helping regulators inspect the catalyst for extreme price swings like the flash crash, the CAT also would help them identify manipulative trading that occurs across multiple exchanges. Existing order databases maintained by regulators don’t include complete data from private trading venues or options exchanges. In the years since the CAT was proposed, the financial system has become a frequent target of hackers and cybersecurity has become a bigger risk for the SEC. The agency’s inspector general is probing the source of the 2016 hack of its Edgar system, which keeps valuable information filed by public companies. The SEC’s design for the CAT called for including personal information about stockbrokers’ customers, including their Social Security numbers and dates of birth. Lobbyists for the New York Stock Exchange recently urged congressional aides to call for delaying the Nov. 15 start, according to people familiar with the matter. A hacker who scooped up trade and order data also could copy the most lucrative and closely guarded trades of hedge funds and other big investors, experts say. “There is a huge profit motive for hackers to try to lay hands on this kind of nonpublic information,” said Robert Silvers, a partner at law firm Paul Hastings LLP and former assistant secretary for cyberpolicy at the U.S. Department of Homeland Security. “Hackers have proven they are creative and will look for places where that information resides but that isn’t well protected.” Thesys was selected in January to build the system over more established players such as the Financial Industry Regulatory Authority, a private regulator of brokerages. Shane Swanson, the chief compliance officer of the Thesys subsidiary building the CAT, said in a recent interview that his company was chosen for the project “because of the deep expertise of our management team in data security.” He said the company would meet its obligations but added that the “timelines are very short.” “You can’t fault anyone having concerns around these very stringent deadlines,” he said. Mr. Clayton told the House Financial Services Committee this week that he was “in dialogue” with the exchanges and Thesys and wants “to be satisfied they are doing what they are supposed to.” He told senators on Sept. 26 that he didn’t think a “full timeout” was necessary.
The Consolidated Audit Trail sounds like the perfect situation for blockchain technology to be implemented on.
Don't go blowing their minds now, sounds like just hiring a CIO is beyond them! In all seriousness though, wouldn't a blockchain allow users to eventually figure out who was responsible for a given transaction? Much like you can trace the whole life of a Bitcoin and figuring out the identity of the counterparty to one transaction let's you figure out all their transactions (absent some obfuscation techniques with mixing transactions)
Yes, but I'm pretty sure that tracking down transactions and who's responsible for them is the purpose of the Consolidated Audit Trail anyway.
Of course, I just mean that it would be visible to any participant in the blockchain as well, which would be us.
It just depends on how that blockchain is set up. For example, the bitcoin blockchain doesn't store user's identities on the blockchain itself. You have to do a lot of work outside of just the blockchain to figure out the identity of a user.
It does store a unique value such that if I do a transaction with you today, I can figure out what transactions you did from then on, no? Grossly oversimplified, but essentially you would be known at ghas3k34kj2jk which is meaningless until I do a transaction with you that I see is with ghas3k34kj2jk. From then on whenever I see ghas3k34kj2jk I know that it was you doing the transaction.
It's actually not like that all. You make it sound like a bitcoin address is similar to an email address, in that once you know I'm sending from baron@elitetrader.com you'll always know that future emails are coming from me by seeing baron@elitetrader.com in the "From:" line. But with BTC transactions, there is no "From:" line. And unlike email where you could send lots of messages from the same email address, BTC addresses are only intended to be used once.
Granted my explanation is grossly oversimplified; this paper does a much better job of actually explaining it http://cseweb.ucsd.edu/~smeiklejohn/files/imc13.pdf This article is a quicker read https://www.forbes.com/sites/andygr...rugs-on-silk-roads-black-market/#12a1fcdaadf7 Essentially only a mixing service that combines coins and resplits them offers a degree of anonymity.