By Amy Silverman
By Olivia LaVecchia
By Monica Alonzo and Stephen Lemons
By Chris Parker
By Michael Lacey
By Weston Phippen
"Experian doesn't compete with LifeLock," Malcolm argued. "Experian is being, essentially, bludgeoned to death — bloodied — by LifeLock on a daily basis."
LifeLock's lawyer contended that CIC issued fraud alerts until the month that Experian filed its lawsuit. Experian was just sore that its fraud-alert service hit the market too late and failed, from LifeLock's point of view.
Despite Experian's apparent hypocrisy, U.S. District Judge Andrew Guilford ruled in May 2009 that LifeLock's practice of setting the alerts for customers was illegal. LifeLock halted the practice a few months later as part of its settlement with Experian. (Debix dropped its fraud alerts, too.)
The weirdest part of all this was that LifeLock's deception ran so deep that its target audience barely noticed what happened.
Since its inception, the company had emphasized that the feature that made it different than competitors — the service that was the very backbone of LifeLock's ID-theft protection — was that it set fraud alerts for customers.
After LifeLock lost the suit to Experian and the fraud alerts were stopped, the company claims, it went from 1.5 million customers in late 2009 to 1.6 million as of this year.
LifeLock's customers, arguably a gullible group to begin with, must be asleep at the switch.
A few months after the Experian settlement, LifeLock settled complaints about its advertising practices with the FTC and 35 state attorneys general.
FTC Chairman Jon Leibowitz flew to Chicago to make the March 18 announcement alongside Illinois AG Lisa Madigan, who had spearheaded the authorities' effort. Arizona AG Terry Goddard merely was one of the 35, though the company is a short drive from his office.
In a made-for-TV quote, Leibowitz referenced one of Davis' advertising stunts and told reporters, "The protection LifeLock actually provided left such a large hole in it that you could drive [a] truck right through it."
Although LifeLock customers received "some benefits," they were far too few to justify the monthly fee of $10, Leibowitz said.
LifeLock was ordered to pay $1 million to the states and $11 million to the feds, to be used for customer refunds and consumer education. The actual settlement was for $35 million, but the FTC agreed to take just what LifeLock had in the bank at the time. An "avalanche clause" would be triggered if the government found out LifeLock had more cash stuffed in some secret account.
But there was no prohibition against taking in new funds from investors.
Although LifeLock was a con, the company would be allowed to stay in business, Leibowitz said.
Leibowitz said at the time that LifeLock's marketers had "changed their business model to some extent, and, going forward, it is far more within the realm of a legitimate business model with honest advertising to consumers."
Besides the $12 million payment, the FTC order requires LifeLock to be truthful in its marketing claims and to develop a data-security program.
LifeLock had all but the left the door wide open for a severe data breach, a lack of security for its customers' data that was "especially shameful" for a company that claimed to prevent identity theft, Leibowitz said.
David Lincincum, a staff attorney with the FTC, tells New Times that the order also called for Davis to pay $10,000 personally for his role in the scheme.
The government negotiated a separate settlement with Maynard (who left LifeLock in June 2007) that didn't require a payment from the co-founder.
Still, the order bans Maynard from conning people through any data-security or identity-theft service he may start up in the future, Lincincum says. If he's in charge of data security anywhere, a third party has to audit his work.
Of course, the 1996 FTC order banning Maynard for life from the credit-repair industry didn't stop him from launching LifeLock, which purports to help people fix problems with their credit files. Lincincum doesn't have much of an answer for why Maynard wasn't dealt with more harshly this time around.
"We obviously are not thrilled to see someone a second time," he says drily. "At the end of the day, we had to make a decision."
The FTC settlement also is taking care of the dozen class-action lawsuits against LifeLock that amassed in various states over time. As of last August, the suits had been consolidated and a Valley firm, Hagens Berman Sobol Shapiro, was handling the case.
Rob Carey, a partner in the firm and one of the lead lawyers in the case, says the class action will "go away" because of the settlement but that individual plaintiffs can opt out and sue on their own.
The consolidated action had asked for an end to the fraud alerts, which has already happened thanks to the Experian suit, and demanded that LifeLock tell customers explicitly that the $1 million guarantee doesn't cover payment of losses because of identity theft.
Some LifeLock clients were under the impression that the company would not only help them repair their credit but would also make them whole for their losses — only to find out that the company had misled them.
A ruling by U.S. District Judge Mary Murguia on attorney fees in the various lawsuits is due by July — Carey says the amount LifeLock will have to pay should be no more than $1.9 million, to be split among the lawyers.