Soft on Crime: Antitrust Soft Law to Solve Cybersecurity Governance Crises

Caroline Lawrence
25 YALE J.L. & TECH. 219

To combat bioterrorism and cybercrime in the 2000s, antitrust agencies stepped up where Congress failed repeatedly to pass a cybersecurity bill. Their actions were surprising both in content and method. Substantively, the policy the FTC and DOJ promoted was to encourage plausibly anticompetitive joint ventures to proceed, so long as these collaborations existed for cyber safety purposes. The administrative agencies pursued this policy not via either formal or informal rulemaking, but rather a network of non-binding guidance known as “soft law.” This technique structured industry incentives such that joint ventures would continue developing cyber defense mechanisms to protect the entire country. This analysis forces questions about ongoing debates within antitrust law and theories of agency activity. The Article also muses on why decentralized regulation, typically a polarizing subject, is so universally favored for cyber governance.