The SEC Built the Biggest Trading Database in America. It Just Admitted Congress Never Said It Could.

The Securities and Exchange Commission has spent more than a decade building a system that records every order, cancellation, and trade across every U.S. stock and options market, and links it all back to the individual investor who made it. It is called the Consolidated Audit Trail, or CAT, and by the SEC's own numbers it can hold information on tens of billions of market events a day, going back years.

Here is the part the agency would rather you not dwell on. When the SEC laid out the legal authority for the whole thing in its founding 2012 rule, it offered a single sentence pointing to a few sections of a 1975 statute. And in a later order, it conceded the obvious: there is no express authorization for CAT from Congress.

That admission is now the center of a fight in the Eleventh Circuit. The American Securities Association and Citadel Securities are challenging the order that funds CAT, and a stack of amicus briefs, including one from the Cato Institute filed at the end of May, is arguing that the entire system was built on authority the SEC never actually had.

This is not a niche securities-law spat. It is a clean example of how surveillance infrastructure gets built in this country: quietly, justified as plumbing, and only fought over once it is already load-bearing.

What CAT actually is

CAT started in 2012 as Rule 613, an SEC directive telling the self-regulatory organizations, FINRA and the exchanges, to jointly build one central repository that stitched together a dozen older, fragmented audit trails. The stated reason was market oversight. After events like the 2010 Flash Crash, regulators wanted to reconstruct what happened across markets quickly instead of subpoenaing data from a hundred different brokers and waiting weeks.

The result is a system that, in the SEC's own description, collects and identifies every order, cancellation, modification, and execution for all exchange-listed equities and options across all U.S. markets. One broker-dealer was penalized over late reporting tied to roughly 26 billion events in a two-year stretch, and that was about 8 percent of just that one firm's reporting obligation. A Reason analysis cited in the Cato brief estimates the full system may take in tens of billions of trades daily, possibly making it the largest database in the world. Treat that last figure as an estimate rather than an SEC count, but the order of magnitude is not in dispute.

The cost matches the scale. SEC orders put implementation at roughly $2.2 billion, ongoing reporting at about $1.5 billion, and the 2025 operating tab at over $156 million. None of it runs through congressional appropriations. It is funded by a fee on securities transactions, which is exactly the funding mechanism now being challenged in court.

The wrinkle nobody in the press release mentions

If you only read the advocacy framing, you would think CAT is a database with your name in it. As of early 2026, that is no longer quite true, and the honest version of this story has to start there.

Under pressure that built for years, the SEC has steadily pulled the most sensitive personal information out of the repository. Social security numbers went in 2020. Names, addresses, and birth years came out in February 2025. And in January 2026, the Commission approved an amendment so the central repository no longer collects customer and account information at all. The old customer database was renamed and rebuilt to store transformed identifiers instead of raw personal data.

So is the privacy problem solved? The challengers say no, and this is where the argument gets interesting.

The architecture still assigns every investor a unique CAT-Customer-ID that links their entire trading history across every market, broker, and account. Regulators can query at least six years of that activity, tied to the identifier, without showing reasonable suspicion. The personal details that connect an ID to a human, the name and address, now sit one step away, held by the broker, to be handed over to regulators on request. CAT did not stop tracking you. It changed the procedure for unmasking you, from a name sitting in a federal database to a name a broker produces when asked.

Whether that one-step-removed design is a meaningful privacy protection or a procedural fig leaf is, in a sense, the whole case.

The real argument is not the Fourth Amendment

Most coverage will lead with privacy and the Constitution. The briefs do not. The strongest argument, and the one Cato spends the most time on, is structural: the major questions doctrine.

The idea is straightforward. When an agency claims a power of vast economic and political significance, courts expect Congress to have said so clearly. Congress, as the Supreme Court likes to put it, does not hide elephants in mouseholes. The challengers argue CAT is an elephant: a national financial surveillance system touching tens of millions of Americans, costing billions, funded outside the appropriations process. And the mousehole is two general provisions of the 1975 Securities Exchange Act, one letting the SEC facilitate a "national market system," the other requiring brokers to make and keep records for examination.

Read the way a reader in 1975 would have, the brief argues, "national market system" meant a plan for organizing securities trading, not a machine for cross-market, cross-broker, cross-account surveillance of a single customer. And "make, keep, and furnish records" meant maintain the records you already keep, not generate entirely new categories of data, timestamped to the millisecond, that no broker tracked by custom.

This is the argument that should interest anyone who cares about where power actually sits. It is not really about whether financial surveillance is good or bad. It is about who gets to decide. The challengers' position is that a decision this big belongs to Congress, on the record, not to an agency interpreting decades-old text expansively and then conceding it has no express authorization.

Where the Constitution comes in, and where it gets contested

The constitutional claims reinforce the structural one, and they are worth understanding precisely because they are contestable.

On the Fifth Amendment, the argument is that forcing brokers to create and hand over new categories of records can amount to compelled testimony against the people in them. The SEC's likely shield is the "required records" exception, which lets the government compel records that regulated parties customarily keep. The counter is that CAT demands records brokers did not customarily keep, which arguably puts it outside the exception.

The Fourth Amendment fight is the cleaner one to follow, because both sides have real precedent. The challengers lean on Carpenter v. United States, the 2018 case where the government pulled 12,898 cell-site location points over 127 days and the Supreme Court called it a search requiring a warrant. CAT, they argue, is Carpenter at enormous scale: tens of billions of datapoints over years, queried without a warrant or any individualized suspicion.

The government's best answer is the third-party doctrine, anchored in United States v. Miller (1976), which held you have no reasonable expectation of privacy in financial records you voluntarily hand to a bank. One published analysis argues the doctrine likely defeats the Fourth Amendment claim, since the CAT data sits with the exchanges rather than in investors' possession, and is generated only by the voluntary choice to trade on a public market.

The challengers' rebuttal is that Carpenter narrowed Miller for comprehensive digital records, and that CAT data is not voluntarily conveyed in any real sense, because the government mandates its collection and automatic daily transmission. You do not choose to feed CAT. You trade, and the feeding happens.

That tension, Miller versus Carpenter, mandated collection versus voluntary disclosure, is the actual legal stakes. It is genuinely unsettled, and anyone who tells you the outcome is obvious is selling something.

The pattern underneath

CAT is a real thing built to solve a real problem, market reconstruction. But the way it got built is the part worth sitting with. The work was slow and technical enough that almost nobody outside the industry noticed. By the time the scope was clear, the infrastructure was already running, already expensive, already woven into how regulators work. And the fight that followed was never about whether to build it, because it is built, but about the procedures governing who can reach into it and when.

The challengers describe the design in a way that should sound familiar far beyond finance: require third parties to collect and hold vast amounts of data on their customers, give the customers no way to opt out, then claim access on the theory that the government might one day need it. That is the shape of modern surveillance generally, and CAT is one of the cleanest examples of it running in plain sight, sanctioned not by a law Congress passed but by an agency's reading of a statute older than most of the markets it now monitors.

The Eleventh Circuit struck down an earlier version of the funding order in 2025 on narrower administrative grounds. The SEC reissued one that is, in its own words, materially identical. The court will now decide whether the deeper objection holds: that before a government agency can build the most comprehensive record of American financial behavior ever assembled, somebody other than the agency itself should have to say yes.