Officials from the Justice Department and Federal Trade Commission today sought to assure companies that sharing information on cybersecurity threats won’t violate antitrust laws.
A new joint policy statement explains that sharing data is permitted – and indeed encouraged – because it involves highly technical data and shouldn’t involve information on pricing.
“This is an antitrust no-brainer,” William J. Baer, Assistant Attorney General for the Antitrust Division, said in prepared remarks. “Companies who engage in properly designed cyber threat information sharing will not run afoul of the antitrust laws.”
Sharing information is good public policy, Baer said, because cyber threats are increasing in volume and complexity. The government wants companies to share information on cyber threats to help all companies protect from hackers who might steal costumer data or break into servers housing sensitive intellectual property.
Some companies already share information on incidents and threat signatures, the Justice Department said – many companies, however, have been hesitant to do so for fear of trouble from antitrust enforcers.
The government today wants to calm those worries.
“We speak often about the importance of information sharing,” Deputy Attorney General James Cole said in prepared remarks. “But today, we are taking a concrete step to help encourage it.”
Cole said he has spoken to companies across the country to hear their input on information sharing.
With proper safeguards, Baer said, companies can share information without hassle.
Threat data isn’t likely to involve any information on pricing or foster any anticompetitive behavior, Baer said.
In 2000, the Antitrust Division issued a letter to the Electric Power Research Institute Inc., saying it had no intention of taking action against a research institution hoping to share cybersecurity information, including real-time threat data.
Today’s policy statement confirms that stance across all industries.
In addition to information sharing between companies, Cole stressed that information also needs to be shared by companies with the government and by the government with the private sector.