Wednesday, March 10, 2010

Lifelock Settles with FTC

Today the FTC announced that Lifelock and the Commission settled claims related to the company's advertising. The action may sound serious and of course the press loves to sensationalize these types of stories. The truth, however, is far different than what the newspapers report. Obviously I'm biased, but judge for yourself...

The FTC claims that Lifelock deceived the public by guaranteeing that it could protect consumers from identity theft, even though Lifelock's protection is not 100% effective in preventing ID theft, since it fails to stop fraud on existing credit card accounts. According to Illinois state attorney Attorney General Lisa Madigan:
“Unfortunately, there’s nothing you can do or purchase that will protect you 100 percent from identity theft,” Madigan said. “Don’t be scared into spending your hard earned money.” 
Now Lifelock has never claimed that it could prevent identity theft with 100% efficacy. What Lifelock has promised, and delivered, is a proactive identity theft protection service backed up by a guarantee that if the service fails (as any security mechanism will at times do), Lifelock will protect the subscriber's time and money by contributing the legal/accounting/forensic work necessary to set the record straight. And Lifelock's guarantee is 100% effective in protecting consumers from loss of time and money due to identity theft. (And no one even bothers filing claims about credit card fraud because the banks already cover those losses for the consumer.)

And even if the FTC were right that Lifelock is not 100% effective, does that really mean that the service has no value -- that consumers shouldn't spend their "hard-earned money" on it? That would mean that consumers should never buy ANY security product at all, since nothing is 100% effective.

Finally, the FTC thought that Lifelock's claims were too strong because we promised to "prevent" identity theft. And yet "prevention" is the promise of most every security product on the market: According to the Symantec Store, Norton Internt Security "prevents virus-infected emails and instant messages from spreading." According to McAfee, its Host Intrusion Prevention for Desktop product will "prevent loss of confidential data by securing desktops from targeted attacks." Experian (when they're not selling your data) also promises to "prevent fraud." This Google channel partner promises that Postini will "Stop Spam. Prevent Viruses."

The truth is that the FTC doesn't care whether consumers need protection from Lifelock's ads. The FTC has clear direction from President Obama to demonstrate its dominion over financial services as he campaigns to establish a consumer protection agency, and so the FTC is prepared to enforce and potentially litigate even in cases they know they can't win. Lifelock understood this, and so even though $12 million is a LOT of money, it's nothing compared to what the lawyers will charge over the next 5 years to successfully defend against an FTC crusade.

I'm proud of Lifelock's success, its team, and its technology. I'm a happy subscriber, along with 1.7 million other people. I know of no better way to protect my family from identity theft than Lifelock.


  1. Anonymous1:34 PM

    Finally, something worth reading!

  2. Anonymous9:27 PM

    I totally agree. Talk about deceptive marketing- the title of the FTC’s press release was “FTC and States Attorneys General to Announce Major Identity Theft Initiative”. Unfortunately their only initiative was to penalize a company offering a viable service against a huge problem. Meanwhile during the press conference when FTC Chairman Jon Leibowitz and Illinois AG Lisa Madigan were asked about the recent Citibank data breach- where Citibank sent 600,000 people envelopes with their Social Security numbers printed on the outside- they had no answers other than “this happens all the time”. So what is the FTC doing about it? Nothing. Except recommend to check your credit reports and be careful with you ID. WHERE IS THE FTC’S MAJOR ID THEFT INITIATIVE they promised? They have none. They have no new ideas to fight this crime which ranks at the top of consumer complaint lists.
    Meanwhile what does Citibank do about it? Have the audacity to offer free credit monitoring, which the FTC said only represents about 17% of id theft. At least Lifelock offers a real solution backed by new technology….the FTC is not helping consumers fight this crime and isn’t helping consumers.

  3. I must admit, when I first saw the news about Lifelock, I assumed that the FTC must have nailed them for a reason. But having read this, and looking back on everything people have said about you guys, it sure sounds Lifelock is getting the shaft.

  4. Anonymous2:41 PM

    You problem at Lifelock is that youre the only ones out there who actually have the guts to back up your service with a 100% guarantee. The FTC is confusing 100% effectiveness with 100% guarantee. I'd love to se Microsoft or Symantec back up their products with a guarantee that covers me for any problems I have as a result of their deficiencies. Would the FTC go after them too??

  5. Initially, I too thought that LifeLock got slapped for a reason, but the actual allegations are pretty flimsy. I've never seen a LifeLock ad that said they guaranteed nothing would happen -- just that they were 'so confident' about it that they'd reimburse your costs if were victimized. That is pretty valuable, to me at least (although I'm not a member).

    And let's not forget that some identity theft is perpetrated by FAMILY members -- not high-tech crime rings like people would like to believe.

  6. This is for the anonymous commenter who accuses me of approving only supportive comments. It is not true -- I approve contrary comments, too, when they are civil and reasonable. If you look at my original post on Lifelock titled "Preventing Identity Theft" you will see plenty of back and forth. My issue is not with your opinion, but with your mode of discourse. In addition, I'm more likely to publish the provocative comments if they are associated with a working web site or email.

  7. Anonymous12:20 PM

    Here's a similar example of FTC overreaching: Entrepreneur's side - and FTC's side:

  8. It was George Bush's FTC, not Obama's that you were dealing with:

  9. LifeLock is actually a very good service which we reviewed here I think people fail to make the distinction between identity theft monitoring and identity theft prevention. The later is really up to the individual to make sure their accounts are as secure as possible with unique passwords, proper use of online banking sites, protecting SSN's etc. A credit monitoring service can't do all of that for you. Their job is merely to keep track of your credit reports and alert you if anything suspicious occurs. For $20/month or so, I can't understand why more people don't sign up for a monitoring service, but it's their loss when someone steals their identity and they have to spend months of wasted time fixing the problems it's caused.

    - Mike

  10. Anonymous5:05 PM

    The only thing that is really effective is a good ID theft insurance policy.
    Congress created this problem with (1) the Social Security Number (2) Failing to restrict the use of the SSN to Social Security and its (supposed) funding, the FICA and SECA taxes. Now "everybody" demands "your" SSN or they refuse to do business with you.
    If someone steals my credit card number, bank account number, hacls my PINs, I can freeze the accounts and change those numbers quickly. The SSN is another matter. SSA is very tight about issuing replacement SSNs.
    When in Congress, former Congressman Ron Paul (R-Tex.) proposed restricting SSN use to Social Security, Medicare, etc. use with criminal penalties, and issuing new SSNs to everyone.