On April 10, 2014, The Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) (collectively, the “Agencies”) issued a policy statement on the sharing of cybersecurity information. The policy statement indicates that the Agencies share the President’s view that “cyber threat is one of the most serious economic and national security challenges we face as a nation.” In the policy statement, the Agencies explain how their analytical framework for information sharing works with respect to the exchange of cyber threat information and clarify that properly designed sharing of cyber threat information should not raise antitrust concerns.
The policy statement acknowledges that some private entities may be hesitant to share cyber threat information, especially with competitors, because they believe such sharing may raise antitrust issues. The Agencies distinguish the sharing of cyber threat information (e.g., incident or threat reports, indicators, threat signatures, and alerts), which is typically very technical in nature, from the sharing of competitively sensitive information, like future prices and business plans, that would concern them. The Agencies are seeking to reduce uncertainty for those who seek to prevent and combat cyber-attacks through the cyber threat information sharing.
To read the DOJ’s remarks, visit the DOJ website at http://www.justice.gov/atr/public/speeches/305029.pdf.
To read the FTC press release, visit the FTC website at http://www.ftc.gov/news-events/press-releases/2014/04/ftc-doj-issue-antitrust-policy-statement-sharing-cybersecurity.
The Antitrust Policy Statement on Sharing of Cybersecurity Information is available at http://www.ftc.gov/system/files/documents/public_statements/297681/140410ftcdojcyberthreatstmt.pdf.
Written by Maki DePalo, Associate, Privacy & Data Security | Alston & Bird LLP
