The Israeli Antitrust Authority (IAA) issued a draft opinion deals with the joint efforts and exchange of information by cyber institutions, organizations and companies which provide services and products against cyber-attacks. The need for such discussion has sharpened in light of the recent increase in cyber-attacks.
Israel is currently facing a set of circumstances which justify such cooperation. It goes without saying that a cyber-attack involves great risks and potential damages and in the nature of things, the cyber companies and organizations wish to prevent such attacks before they accrue.
The existence of a dialogue between cyber companies will allow the exchanging parties to formulate a better solution and prevent future attacks easier and reduce the cyber risks. Collecting of such information is not possible for a particular cyber company. The said risk is substantial and it is necessary to have cooperation between a number of institutions and cyber companies who will collect and share such information and formulate better solutions.
The IAA recognizes such a need and will allow such collaboration under the terms of the draft opinion.
Under the Israeli antitrust laws (Restrictive Trade Practices Law, 5748-1988), exchange of information among competitors can decrease competition between competing companies and as such can become a restrictive arrangement.
Cooperation between competitors can limit the competition in the area in which they cooperate and can spill over into other activity sectors in which they compete with each other, actually or potentially. These types of cooperation raise concerns on two levels: first, the possible impact on competition between the cyber companies. Second, the block of potential competitors and new players that will not have the access to the collective information.
As such, the IAA published two terms for such collaborating and collection of information:
The first refers to the nature of the information - existence of a joint platform for discussion, in the context of which views are exchanged regarding cyber threats will be subject to the nature of the information exchanges. The exchanging parties can only share security information as to cyber risks and methodologies for preventing such attacks and not commercial information as to their business activity (especially sensitive information).
The second is a non-discriminatory term – collected information by cyber companies will be open to other relevant companies (similar in nature of activity) unless there is a just reason for denial of such access. Denial of access without a just cause can block competition and competitors and as such can become an antitrust violation.