November 19, 2017

November 17, 2017

Subscribe to Latest Legal News and Analysis

November 16, 2017

Subscribe to Latest Legal News and Analysis

DOJ Issues First Business Review Letter Following Agencies’ Joint Policy Statements on Cybersecurity

On October 2, 2014, the U.S. Department of Justice (DOJ) issued its first business review letter since issuing jointly with the Federal Trade Commission (FTC) the Agencies’ Antitrust Policy Statement on Sharing of Cybersecurity Information in April 2014 (the Policy Statement).  The Policy Statement recognized that sharing cyber threat information is integral to defending against cyber-attacks.  It states that cyber information sharing will be reviewed under a rule of reason analysis that focuses on the improved efficiency and security of cyber networks, the nature of the cyber information to be shared, and whether the information exchange is likely to harm competition.

CyberPoint International, LLC, requested the business review letter for its cyber intelligence data-sharing platform called TruSTAR.  The TrueStar platform collects incident reports, anonymously submitted, that include technical information, targets of the attack, contextual information and remediation solutions, which help members analyze their organization’s risk and current defenses.  The platform also contains a members-only forum where members can anonymously interact with the member that submitted a particular incident report, but requires as a prerequisite for participation a certification that members will not exchange “competitively sensitive information—such as recent, current, and future prices, cost data, or output levels—or otherwise attempt price or other coordination.”  Members must also have a Dun and Bradstreet D-U-N-S number, be in good standing with local, state and federal government and agencies, as well as satisfy minimum technical performance criteria.

In analyzing the proposed data-sharing platform, the DOJ found significant that “the business purpose and nature of the information sharing agreement does not suggest competition or consumers will be harmed.”  Notably, “the nature of the information that will be shared is unlikely to facilitate tacit or explicit price or other competitive coordination among competitors,” because “[t]he information to be shared through incident reports and the collaboration forum are very technical and is the type of information sharing contemplated by the . . . Policy Statement.”  Specifically, “no competitively sensitive information about recent, current, and future prices, cost data, output levels, or capacity will be exchanged,” and “CyberPoint will obtain commitments from members that competitively sensitive information won’t be exchanged.”  Therefore, the DOJ concluded that competitive harm was unlikely and that consumers would likely benefit from the lower cost and more efficient means of establishing network security.

The business review letter is available here

© 2017 McDermott Will & Emery

TRENDING LEGAL ANALYSIS


About this Author

Michelle S. Lowery, antitrust attorney with McDermott Will law firm
Partner

Michelle S. Lowery is a partner in the law firm of McDermott Will & Emery LLP and is based in the Firm’s Chicago office.  She focuses her practice on antitrust and competition.

Michelle has experience in antitrust counseling and litigation, mergers, criminal antitrust, internal investigations and white collar defense.  She has represented clients in a broad range of matters, including litigating Sherman Act, RICO, Lanham Act, FTC Act, breach of contract, business torts, unfair competition, false advertising, trademark and patent...

312-984-2139