This fine, all-American, Al Gore lookalike is Todd Davis, CEO of identity-theft-prevention company LifeLock, Inc. Sound familiar? Here's another clue: his social security number is 457-55-5462. Yep, this is the guy who published his SSN on many-a billboard, to demonstrate his company's amazing service. As I, and others at the time quipped, yeah, that'll work. /s Let's gloss over the FTC's $12 million fine, which Ray Stern described as "all the cash LifeLock had on hand." And we'll skip by the pending class-action settlement, in which LifeLock proposes to pay out substantial sums while admitting no wrongdoing.
As Ray Stern revealed last week in The Phoenix New Times, Davis actually had his identity stolen "at least 13 times since 2007." The implication being that it was probably more than 13, but, well, isn't that bad enough?
As you might imagine, bloggers are having a field day with that amusing factoid. Computerworld's own Jaikumar Vijayan has a professional, even-handed, journalistic summary, in which Davis defends his position.
Yeah, sure, it's easy to criticize Davis for thinking that a glorified credit reporting service might protect him from harm. It's also great fun to jump on the bandwagon and laugh at a slick salesman getting his come-uppance -- hey, who doesn't love a bit of schadenfreude?
But here's the thing: when vendors such as AT&T Wireless were extending credit to the (alleged) criminals who (supposedly) misused Davis's identity, didn't they stop to think that maybe, just perhaps, certain well-known SSNs ought to be treated specially?
That might have prevented the criminal in Georgia making $2,390 worth of phone calls in Davis's name. Not to mention the total of $3,706 sought by debt-collection agencies.
Shouldn't there be a special database flag on well-known SSNs at credit rating agencies such as Experian? Just a thought.
And perhaps Davis too thought this would happen, which allowed him to make his rash claims. Sadly, it doesn't seem to have been the case. Of course, LifeLock and the credit rating agencies seem to have had a strained relationship over the years. Witness Experian's 2008 lawsuit against LifeLock. Could it be that these agencies deliberately avoided setting such a flag, in the hope of embarrassing Davis? Seems unlikely; after all, the agencies' paying customers are the companies who were themselves defrauded. Either way, assuming these lines of credit were backed by credit searches, someone's got some explaining to do...
|Richi Jennings is an independent analyst/consultant, specializing in blogging, email, and security. A cross-functional IT geek since 1985, you can follow him as @richi on Twitter, pretend to be richij's friend on Facebook, or just use good old email: TLV@richij.com.|
You can also read Richi's full profile and disclosure of his industry affiliations.