What is the LifeLock controversy?

LifeLock, now part of Norton LifeLock, is a well-known name in the identity theft protection industry. They promise to protect individuals from the devastating consequences of identity theft, offering services such as credit monitoring, dark web scanning, and identity restoration assistance. However, despite their prominent marketing and wide customer base, LifeLock has faced significant controversy over the years. This article will delve into the key issues that have contributed to the LifeLock controversy, examining lawsuits, FTC actions, data security concerns, and ongoing criticisms.

A History of Regulatory Scrutiny: The FTC Lawsuits

The most significant aspect of the LifeLock controversy stems from multiple lawsuits and actions brought by the Federal Trade Commission (FTC). These actions primarily revolve around allegations of deceptive advertising and failures to adequately protect customer data.

The 2010 FTC Settlement

In 2010, LifeLock reached a settlement with the FTC over charges of deceptive advertising. The FTC alleged that LifeLock made false claims about the effectiveness of its identity theft protection services. Specifically, the FTC argued that LifeLock:

• Falsely claimed to prevent all types of identity theft.
• Did not adequately protect customer data.
• Failed to meet Payment Card Industry Data Security Standards (PCI DSS) despite claiming to be PCI DSS compliant.

As part of the settlement, LifeLock agreed to pay $12 million in restitution to consumers and to implement a comprehensive data security program. They also were prohibited from making deceptive claims about their services.

The 2015 FTC Contempt Order

However, the 2010 settlement wasn't the end of LifeLock's legal troubles with the FTC. In 2015, the FTC filed a contempt order against LifeLock, alleging that the company had violated the terms of the 2010 settlement. The FTC asserted that LifeLock continued to make deceptive claims about its services and failed to maintain a reasonable data security program. This second action resulted in a staggering $100 million judgment against LifeLock, the largest penalty the FTC had ever obtained in a data security case up to that point.

The FTC's specific allegations in the 2015 contempt order included:

• Continuing to falsely advertise that LifeLock protected consumers’ sensitive data with the same high-level safeguards used by financial institutions.
• Failing to maintain a comprehensive information security program to protect subscribers’ personal information.
• Failing to comply with the 2010 order’s requirements for protecting consumer data.

The Significance of the FTC Actions

These FTC lawsuits are central to the LifeLock controversy because they highlight a recurring pattern of alleged deceptive practices and inadequate data security measures. They raise serious questions about the company's commitment to protecting its customers and providing accurate information about its services. The substantial fines and penalties imposed by the FTC demonstrate the severity of these alleged violations.

Data Security Breaches and Vulnerabilities

Beyond the FTC lawsuits, concerns about LifeLock's data security practices have been fueled by reported vulnerabilities and security breaches. While no major data breaches directly attributable to LifeLock exposing massive amounts of user data have been publicly confirmed, security researchers have identified potential vulnerabilities in their systems. The inherent nature of their business - handling sensitive personal information – makes them a constant target for cyberattacks. Any perceived weakness in their security infrastructure contributes to the overall LifeLock controversy.

The Paradox of Security Companies and Security

It's worth noting that all cybersecurity companies face a paradox: they must constantly defend against sophisticated threats while also maintaining user trust. Any vulnerability, whether exploited or not, can erode that trust. The scrutiny LifeLock faces is amplified because of its prominence and the sensitive nature of its services. Consumers expect these companies to be held to the highest standards of security.

Criticisms of Service Effectiveness

Another facet of the LifeLock controversy involves criticisms regarding the actual effectiveness of their services. While LifeLock offers a range of features designed to detect and prevent identity theft, some critics argue that these features are not as comprehensive or effective as they are portrayed in the company's marketing materials.

Limitations of Credit Monitoring

LifeLock's credit monitoring service is a core component of their offerings. It alerts users to changes in their credit reports, such as new accounts being opened or changes in credit limits. However, credit monitoring only provides alerts after an event has occurred. It doesn't prevent fraudulent activity from happening in the first place. Furthermore, it typically monitors only the three major credit bureaus (Equifax, Experian, and TransUnion). Identity thieves may target other areas, such as medical records or government benefits, that are not covered by standard credit monitoring.

The Reliance on Alerts

The effectiveness of LifeLock's services hinges on consumers promptly responding to alerts. If a consumer misses an alert or delays taking action, the damage from identity theft can still occur. The system places a responsibility on the user to be vigilant and proactive, which may not be feasible for everyone.

The Role of Prevention vs. Restoration

It's important to understand that no identity theft protection service can guarantee complete protection. LifeLock primarily focuses on detecting and restoring identity theft rather than preventing it entirely. While restoration services can be valuable in helping victims recover from identity theft, prevention remains the most desirable outcome. The criticism arises when consumers believe LifeLock is offering a guaranteed prevention, when in reality the solution is much more about detection and recovery.

The Acquisition by Norton and its Impact

LifeLock was acquired by Symantec in 2017, which was later rebranded as NortonLifeLock (now Gen Digital) following the acquisition of Avast. This acquisition has had both positive and negative impacts on the LifeLock controversy.

Potential for Improved Security

The acquisition by Norton brought access to greater resources and expertise in cybersecurity. This offered the potential to strengthen LifeLock's data security infrastructure and improve the overall effectiveness of its services. Norton has a long history in antivirus and security software, providing a foundation for enhancing LifeLock's technical capabilities. However, it also brought added scrutiny to existing Norton products regarding similar areas like deceptive marketing and service effectiveness.

Increased Scrutiny and Expectations

Being part of a larger, publicly traded company also means LifeLock is subject to increased scrutiny from regulators, investors, and the public. The company is now held to an even higher standard of transparency and accountability. Any missteps or controversies are likely to be amplified due to the company's size and visibility. This increased pressure can be positive, incentivizing the company to prioritize data security and ethical marketing practices.

Bundled Services and Complexity

The merger led to bundled service offerings, combining Norton's antivirus and security software with LifeLock's identity theft protection. While this can offer consumers a more comprehensive security solution, it can also lead to increased complexity and confusion about the specific features and benefits of each service. Consumers may struggle to understand what they are paying for and how each component contributes to their overall security.

Alternatives to LifeLock

Due to the LifeLock controversy and the limitations of its services, many consumers are exploring alternative identity theft protection solutions. Some popular alternatives include:

• IdentityForce: Known for its robust monitoring capabilities and proactive fraud alerts.
• Identity Guard: Offers AI-powered monitoring and identity theft insurance.
• Aura: Provides comprehensive identity theft protection, device security, and VPN services.
• Complete ID: Offers services through Costco membership with competitive pricing and monitoring services.

In addition to these commercial services, consumers can take proactive steps to protect themselves from identity theft, such as:

• Regularly monitoring their credit reports.
• Using strong, unique passwords for all online accounts.
• Being cautious about sharing personal information online.
• Enabling two-factor authentication wherever possible.
• Freezing their credit reports to prevent unauthorized access.

The Ongoing Debate

The LifeLock controversy is an ongoing debate. While the company has taken steps to address the concerns raised by the FTC and other critics, questions remain about the effectiveness of its services and the adequacy of its data security measures. Consumers must carefully weigh the potential benefits of LifeLock against its limitations and consider alternative solutions to protect themselves from identity theft. The constant vigilance needed against increasingly sophisticated cybercrime ensures the topic remains relevant and discussed.