Sharing cybersecurity information doesn’t violate antitrust laws

US officials announced Thursday that companies sharing information about cybersecurity would not face prosecution on antitrust grounds. The news came amid heightened concerns about data breaches and malware that can foil online encryption to allow hackers to steal passwords or other personal data. Officials at the Justice Department and Federal Trade Commission said they issued formal guidance telling companies that there would be no antitrust issues from the sharing of technical information about cyber attacks, malware or similar threats.

U.S. businesses can share most cyberthreat information with competitors without facing antitrust enforcement action, two U.S. enforcement agencies said Thursday. Properly shared cyberthreat information isn’t likely to raise antitrust concerns from either the U.S. Department of Justice or the Federal Trade Commission, the agencies said in a joint policy statement. “This is an antitrust no-brainer: Companies who engage in properly designed cyberthreat information sharing will not run afoul of the antitrust laws,” said Bill Baer, the assistant attorney general in charge of the DOJ’s Antitrust Division. “This means that as long as companies don’t discuss competitive information such as pricing and output when sharing cybersecurity information, they’re OK.” With cyberthreats increasing in number and sophistication, information sharing is a way companies can help protect themselves, Baer said during a briefing. “This kind of information sharing is good public policy,” he said.