DOJ And FTC Release Joint Antitrust Policy Statement Regarding Sharing Of Cybersecurity Information

Cadwalader, Wickersham & Taft LLP
Contact

On April 10, 2014, the U.S. Department of Justice (“DOJ”) and the Federal Trade Commission (“FTC”) issued an Antitrust Policy Statement on Sharing of Cybersecurity Information explaining that competitors can share legitimate threat information so long as appropriate safeguards are in place to limit the exchange of competitively-sensitive information.1  The Cybersecurity Policy Statement recognizes that private parties play an important role in preventing cyber-attacks and that sharing cybersecurity information has the potential to “improve security, integrity, and efficiency of the nation’s information systems.”2

Key Takeaways

  • U.S. antitrust authorities generally view the sharing of cybersecurity information as valuable to protecting companies’ networks against cyber-attacks, and, thus, regulators likely will not investigate such information sharing for antitrust violations.  
  • Authorities largely consider unobjectionable the sharing of technical, cybersecurity information that enables firms to secure their networks or to deter cyber-attacks.  Examples include:
    • Threat signatures (i.e., characteristics of certain cyber threats used to identify, detect, and/or interdict those threats);
    • Threat indicators (i.e., elements that comprise a threat signature such as file hashes, computer code, malicious URLs, source email or IP addresses, and target ports of a Denial of Service attack); and
    • Threat alerts (i.e., notifications of security threats or activity).
  • Companies should not otherwise share confidential business information that might facilitate coordination to restrain competition in price, output, quality, service, or innovation. 
  • Apart from the antitrust implications, when sharing cybersecurity information, companies that maintain or handle sensitive consumer data or other personally identifiable information must be mindful of their data protection and privacy obligations under International, Federal, and State law to secure such information. 

Companies that are unsure of whether certain information sharing could result in potential liability should consult legal counsel.

1   U.S. Dep’t of Justice & Fed. Trade Comm’n, Antitrust Policy Statement on Sharing of Cybersecurity Information (Apr. 10, 2014), available at http://www.ftc.gov/system/files/documents/public_statements/297681/140410ftcdojcyberthreatstmt.pdf [hereinafter Cybersecurity Policy Statement].

2   Press Release, Fed. Trade Comm’n, FTC, DOJ Issue Antitrust Policy Statement on Sharing Cybersecurity Information (Apr. 10, 2014), available at http://www.ftc.gov/news-events/press-releases/2014/04/ftc-doj-issue-antitrust-policy-statement-sharing-cybersecurity.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations. Attorney Advertising.

© Cadwalader, Wickersham & Taft LLP

Written by:

Cadwalader, Wickersham & Taft LLP
Contact
more
less

PUBLISH YOUR CONTENT ON JD SUPRA NOW

  • Increased visibility
  • Actionable analytics
  • Ongoing guidance

Cadwalader, Wickersham & Taft LLP on:

Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:
*By using the service, you signify your acceptance of JD Supra's Privacy Policy.
Custom Email Digest
- hide
- hide