Friday, May 23, 2008

False advertising, hubris edition

Lifelock is being sued over its claims to protect consumers' personal information from fraudulent misuses, and part of the plaintiffs' story is that the founder ought to have known his service didn't work because people had successfully used his Social Security number, which he advertises to show the effectiveness of the service, to obtain drivers' licenses and, in one case, a $500 payday loan.

Another interesting point about the dispute is that there are multiple consumer lawsuits (putative class actions) and one lawsuit by Experian, the credit bureau, which alleges that Lifelock "deceiv[es] consumers about the breadth of its protection and abus[es] the system for attaching fraud alerts to credit reports." Experian takes the position that Lifelock is repeatedly "crying wolf" and fraudulently putting fraud alerts on credit reports whether there's been any attempt at fraud or not. As I understand it, the underlying problem is that, in most states, consumers aren't legally entitled to tell the credit bureaus that they don't want any credit offers approved--so if you want to preempt the possibility of identity theft, a fraud alert is the only way to do it. Naturally, concerned consumers--and third-party services relying on economies of scale--use fraud alerts to partially compensate for the inability to put a freeze on their credit.

Experian claims that Lifelock's strategy violates the Fair Credit Reporting Act, which requires consumers to place fraud alerts themselves, and only when they believe they're at imminent risk of identity theft. More on Experian's claims:
Experian alleges that these services can be obtained for free by any consumer, and that Lifelock misleads its customers by implying that one must pay for them. Experian also questions whether LifeLock even has the legal right to request the fraud alerts, which Experian maintains are meant to be placed only by individuals who have a reasonable suspicion that fraudulent activity has occurred on their accounts. Experian also complains that the hundreds of thousands of fraud alerts which Lifelock has placed on behalf of customers have caused enormous damage by requiring Experian to send mandatory written communications to each and every one of those customers.

According to Experian's lawsuit, at least one Lifelock ad claims that the company's services make it virtually impossible for identity thieves to strike, but that fraud alerts are only effective against those particular types of fraud that require accessing a credit report. In other words, says Experian, Lifelock cannot protect against such forms of identity theft as an undocumented worker using someone's Social Security number to obtain a job; or against unauthorized use of a credit card.
Does Experian have standing to make all these claims, which may harm consumers but don't necessarily damage Experian directly? (It has alleged both Lanham Act and California unfair trade practices counts.) Since Lifelock argues that Experian is just suing in order to harm a competitor in the market for credit monitoring services, it would seem to fall within the Lanham Act's standing requirements, at least if we limit Phoenix of Broward to its facts.

See also: a skeptical take on the benefits of Lifelock in the context of this lawsuit.

No comments: