The IT Law Wiki


Sherman Antitrust Act, Ch. 647, 26 Stat. 209, codified at 15 U.S.C. §§1-7.


The Sherman Antitrust Act is a U.S. federal law that contains two substantive provisions. Section 1 declares illegal contracts and conspiracies in restraint of trade. Section 2 prohibits monopolization and attempts to monopolize.

Application to cybersecurity[]

Information sharing agreements between private corporations may be subject to antitrust scrutiny, because the sharing of information among competitors could create opportunities for collaboration with the goal of restraining trade.[1] However, information sharing agreements to combat cybersecurity may be in compliance with antitrust principles so long as their goals are to combat cyber threats rather than restrain competition.[2]

Some may argue that in order to develop effective and efficient information sharing agreements to combat cybersecurity threats, an explicit exemption from the antitrust laws for these agreements is necessary. Such an exemption, if enacted by Congress, would allow market participants to engage in information sharing for the purposes of combating cybersecurity threats without concern for implicating the antitrust laws.

Others may argue that the antitrust laws are flexible in nature, particularly as they relate to information sharing agreements, and the laws are flexibly applied by the agencies of jurisdiction.[3] This flexible nature may obviate the need for express exemptions from the application of the laws, while keeping the antitrust agencies involved in and aware of the information sharing agreements companies are making.[4] The agencies have expressed a view that if competitors are collaborating for reasons that do not restrain trade or hamper competition, and safeguards are in place to prevent such restraint, the antitrust laws should not hinder such collaboration.[5]

The Department of Justice (DOJ) currently allows companies wishing to create information sharing arrangements for permissible and procompetitive purposes to submit their plans for collaboration to the agency.[6] The agency then reviews the plans and, if the plans are approved, issues what is known as a business review letter.[7] The business review letter will generally state that DOJ does not intend to enforce the antitrust laws against the proposed collaboration. DOJ has issued business review letters to companies who have developed plans to share information to combat cybersecurity threats.[8]


  1. See Federal Trade Commission & Department of Justice, Antitrust Guidelines for Collaborations among Competitors (Apr. 2000) (full-text).
  2. Id.
  3. See Amitai Aviram, “Network Responses to Network Threats,” in The Law and Economics of Cybersecurity 157-58 (Mark Grady & Francesco Parisi ed. 2006).
  4. See Federal Trade Commission & Department of Justice, Antitrust Guidelines.
  5. Id.
  6. 28 C.F.R. §50.6.
  7. Federal Trade Commission & Department of Justice, Antitrust Guidelines.
  8. Joel I. Klein, Assistant Attorney General, to Barbara Greenspan, Associate General Counsel, Electric Power Institute, Inc. (Oct. 2, 2000) (full-text).