2013 Value Investing Challenge Finalist

Short on LifeLock (LOCK:US)
By David Swartz, Pacific West Land

CHALLENGE

U BY FACTSET BROUGHT TO YO

CHALLENGE
2nd Annual Value Investing Challenge Winners
Travis Cocke
Southpaw Capital
Travis Cocke has over seven years of public market investment experience including one year as a portfolio manager with complete investment discretion for a portion of the public equity portfolio of a family office. Prior to co−founding Southpaw Capital LLC, he was a Portfolio Manager at Farney Management Corp., and Analyst at Ascendant Advisors LLC. Mr. Cocke joined Ascendant in 2009 as a generalist research analyst. Mr. Cocke also interned at the Texas Teachers Retirement System, a $100 billion public pension fund, in the summer of 2008, and interned at Omega Advisors, a $6+ billion long/ short fund based in NYC. Mr. Cocke received a BBA in Finance from Texas A&M University.

U BY FACTSET BROUGHT TO YO

Daniel W. Lawrence
Elmrox Investment Group
Daniel W. Lawrence is Managing Partner and Founder of Elmrox Investment Group (EIG). EIG is an investment partnership focused on capital preservation and superior risk-adjusted returns that looks for highly idiosyncratic, asymmetric opportunities using a concentrated approach over a multi-year horizon. Prior to founding Elmrox Investment Group in 2013, Mr. Lawrence was a Managing Director and co-founder of Talara Capital Management. Previously, Mr. Lawrence was a Senior Analyst at Citadel Investment Group. Mr. Lawrence began his career as an investment banking analyst and equity derivatives analyst for Merrill Lynch & Co. Mr. Lawrence is also Founder and Principal Owner of Elmrox Media LLC, a global content firm targeting 18 to 34 year olds. In addition, Mr. Lawrence has served on the Board of Directors of SUS since 2009. Mr. Lawrence earned a B.S. in Commerce from the McIntire School of Commerce at the University of Virginia. He has since been a guest finance lecturer at the University and participates in UVa?s Galant Center for Entrepreneurship.

David Swartz
Pacific West Land, LLC
David Swartz is a financial analyst at Pacific West Land, LLC. Founded in 1981, PWL is a Seattle-based real estate investment firm with more than $100 million in assets under management. David Swartz assists PWL CEO Bruce Galloway with equity investments. David Swartz has previously worked as an equity analyst and fund manager for three hedge funds. He has a B.A. in economics from U.C. Berkeley and an M.A. in economics from Yale University.

www.ValueInvestingChallenge.com

CHALLENGE

U BY FACTSET BROUGHT TO YO

Short on LIFELOCK (LOCK:US)
Contributer: Title: Firm: Firm Type: Location: Prior Employers: Ticker: Recommendation: Expected Timeframe: Country: Situation: Catalysts: Market Cap: Date of Recommendation: Recommendation Price: Target Price: David Swartz Analyst Pacific West Land Family Office Bainbridge Island, WA Kingsford Capital, Presidio Management, JDN Capital, UBS LOCK:US Short 1 to 2 Years United States Other Regulatory Change, Litigation $1,100mm 7/09/13 $11.15 $5.00

www.ValueInvestingChallenge.com

Summary:  LifeLock  (LOCK)  is  a  $1.1  billion  (market  capitalization)  company  with   risks  far  beyond  those  disclosed  in  the  filings.  I  believe  that  it  is  a  compelling  short   idea  due  to  severe  legal  risks  from  regulatory  noncompliance,  weak  business   model,  increasing  competition,  disreputable  management,  and  poor  finances.  I   believe  that  the  stock  is  worth  less  than  $5  /  share.   Introduction:  LifeLock  claims  to  provide  protection  against  identity  theft  by   monitoring  the  use  of  personal  information.  It  charges  a  monthly  or  annual  fee  for   this  service.  LOCK  claims  to  have  2.6  million  paying  members  and  strong  growth.   LOCK’s  current  EV  per  subscriber  is  approximately  $360.  LOCK  completed  its  IPO   at  $9/share  on  October  3,  2012.  The  lock  up  on  insiders’  shares  has  expired.   Note:  The  report  was  prepared  with  sources  believed  to  be  reliable,  including  SEC   filings,  court  documents,  newspaper  and  magazine  articles,  public  statements,   and  industry  reports.  I  have  provided  links  to  some,  but  not  all,  of  these  sources   within  the  report.   The  FTC  Order   I  begin  by  explaining  what  LOCK  is  not  supposed  to  do.  The  FTC  brought  a   deceptive  advertising  judgment  against  LOCK,  CEO  Todd  Davis,  and  former  COO   Robert  Maynard,  Jr.,  in  2010.  The  case  arose  from  lawsuits  filed  against  LOCK  by  

attorneys  general  of  35  states.  The  FTC  summarized  the  case  in  these  terms:  “The   FTC  and  35  states  have  charged  LifeLock  with  deceptive  advertising.  According  to   the  lawsuit,  LifeLock  claimed  its  service  would  protect  consumers  against  all  forms   of  identity  theft,  when,  in  fact,  LifeLock  offered  only  limited  protection  against   only  some  forms  of  ID  theft.”  The  case  was  settled.  The  settlement  can  be  found   here:   http://www.ftc.gov/os/caselist/0723069/index.shtm   LOCK  provides  minimal  disclosure  of  this  judgment  in  its  filings.  In  public   statements,  Davis  has  tried  to  spin  the  ruling  as  positive.  “We  welcome  federal   and  state  efforts  to  regulate  our  industry,  because  doing  so  helps  to  protect   consumers  from  the  risks  of  identity  theft,”  Davis  said  in  a  LifeLock  press  release   issued  after  the  FTC  judgment.  It  appears  to  me,  however,  that  LOCK  is  in   violation  of  the  FTC  order.  Since  LOCK’s  filings  give  few  details,  let’s  look  at  the   FTC  order.  According  to  the  order,  LOCK  is  permanently  restrained  and  enjoined   from:  
“in connection with the advertising, distributing, promoting, offering for sale, or sale of any product, service, or program designed for the purpose of preventing, mitigating, or recovering from any form of identity theft as defined in 18 U.S.C. § 1028, misrepresenting in any manner, expressly or by implication:
1. that such product, service, or program provides complete protection

against all forms of identity theft by making customers' personal information useless to identity thieves; 2. that such product, service, or program prevents unauthorized changes to customers’ address information 3. that such product, service, or program constantly monitors activity on each of its customers’ consumer reports 4. that such product, service, or program ensures that a customer will always receive a phone call from a potential creditor before a new credit account is opened in the customers’ name
5. the means, methods, procedures, effects, effectiveness, coverage, or scope of such product, service, or program; 6. the risk of identity theft to consumers; 7. whether a particular consumer has become or is likely to become a victim of identity theft; and/or 8. the opinions, beliefs, findings, or experiences of an individual or group of consumers related in any way to any such product, service, or program. Such products, services, or programs include, but are not limited to, the placement of fraud alerts on behalf of consumers, searching the internet for consumers' personal data, monitoring commercial transactions for consumers' personal data, identity theft protection for minors, and guarantees of any such products, services, or programs.”

 Now,  note  the  similarity  between  the  FTC  prohibition  and  a  description  of  LOCK’s   operations  from  its  IPO  prospectus:  
“We are a leading provider of proactive identity theft protection services for consumers and identity risk assessment and fraud protection services for enterprises. We protect our consumer subscribers, whom we refer to as our members, by constantly monitoring identity-related events, such as new account openings and credit-related applications. If we detect that a member’s personally identifiable information is being used, we offer near real-time, actionable alerts that provide our members peace of mind that we are monitoring use of their identity and allow our members to confirm valid or unauthorized identity use. If a member confirms that the use of his or

her identity is unauthorized, we can stop the transaction or otherwise rapidly take actions designed to protect the member’s identity.”

LOCK’s  many  Internet,  radio,  and  TV  ads  claim  that  the  company  protects   against  identity  theft.  Here  are  some  direct  quotes  taken  from  LOCK’s  websites   and  ads:   “…the  most  comprehensive  identity  theft  protection  service  available…”   “LifeLock  offers  a  level  of  protection  and  member  service  that  no  one  else  can”   “…protect  members  from  identity  theft  BEFORE  it  happens  –  and  backs  it  up  with   a  $1  Million  Total  Service  Guarantee”   So,  three  years  after  the  FTC  Order,  LOCK  claims  to  have  the  best  ID   protection  service  on  Earth.  Recall  that  the  FTC  Order  was  a  permanent   injunction.  LOCK’s  pre-­‐  and  post-­‐2010  ads  are  nearly  identical.  The  main   difference  is  that  LOCK  changed  “prevent”  to  “protect”.  Despite  taking  LOCK  to   Federal  court,  the  FTC  seemingly  never  bothered  to  enforce  its  own  ruling.  The   FTC,  in  fact,  didn’t  even  collect  $24  million  of  the  $35  million  judgment  (LOCK   plead  poverty).  There  is  also  an  easily  overlooked  second  part  to  the  FTC  Order.   The  judgment  states  that  LOCK  is  permanently  prohibited  from:  
“B. misrepresenting in any manner, expressly or by implication, the manner or extent to which they maintain and protect the privacy, confidentiality, or security of any personal

information collected from or about consumers.”

The  FTC  found  that  LOCK  failed  to  encrypt  personal  information  on  its   customers  and  that  the  information  was  available  to  more  than  just  authorized   employees.  In  other  words,  LOCK  exposed  its  own  customers  to  potential  identity   thieves.  LOCK  remains  bound  by  the  FTC  Order.  The  company  and  Davis  are   required  to  submit  annual  compliance  reports  to  the  FTC.  According  to  LOCK’s  10-­‐ K,  the  FTC  has  not  accepted  or  approved  them.   The  Experian  Lawsuit     A  federal  judge  ruled  in  May  of  2009  that  LOCK’s  main  service  (at  the  time)  

was  illegal.  Note  that  this  case  is  separate  from  the  FTC  case.  LOCK  was  sued  by   credit  bureau  (and  competitor)  Experian  for  fraud  in  2008.  Experian  sued  because   LOCK  was  placing  nearly  perpetual  fraud  alerts  with  the  credit  bureaus  for  all  of   its  clients.  According  to  the  suit,  LOCK  was  placing  thousands  of  calls  per  day  to   Experian  to  place  fraud  alerts.  According  to  section  605A  of  the  Fair  Credit   Reporting  Act  (FCRA),  a  fraud  alert  can  be  placed  when  there  is  “…a  suspicion  that   the  consumer  has  been  or  is  about  to  become  a  victim  of  fraud  or  related  crime,   including  identity  theft…”  LOCK  was  placing  fraud  alerts  for  clients  where  no   suspicion  existed.  Judge  Andrew  Guilford  ruled  that  LOCK  did  not  have  the   authority  to  place  fraud  alerts  for  its  clients.  The  case  was  settled  in  late  2009.  As  

part  of  the  settlement,  LOCK  agreed  to  cease  placing  credit  alerts  with  the  credit   bureaus.  It  is  remarkable  that  LOCK’s  customers  did  not  flee  in  droves  after   LOCK’s  primary  service  was  shut  down.  I  presume  that  most  of  them  did  not  know   what  they  were  paying  for  in  the  first  place.     More  information  on  Experian  lawsuit:   http://news.consumerreports.org/money/2009/07/fraud-­‐alert-­‐services-­‐ dinosaurs-­‐lifelock-­‐experian-­‐transunion-­‐debix-­‐identitysecure-­‐credit-­‐bureau-­‐fair-­‐ credit-­‐reporting-­‐act.html   http://media.phoenixnewtimes.com/1915273.0.pdf   The  Experian  suit  exposed  the  flimsy  basis  of  LOCK’s  business.  Until  2009,   LOCK  was  essentially  in  the  business  of  placing  robo-­‐calls  to  credit  bureaus.  LOCK   was  merely  placing  fraud  alerts  that  anyone  has  the  legal  right  to  place  for  free.   Moreover,  according  to  Experian’s  complaint,  Davis  and  LOCK  were  greatly   overstating  the  protection  provided  by  these  fraud  alerts.  The  complaint  cites   numerous  exaggerations  in  LOCK’s  advertising  and  statements  from  Davis.  The   complaint  also  makes  the  claim  that  “…LifeLock  has  placed  fraud  alerts  with   Experian  by  disguising  its  identity  and  fraudulently  misrepresenting  to  Experian   that  it  was  the  consumer.”  Isn’t  that  ironic?   What  Does  LOCK  Do?  

The  services  provided  by  LOCK  do  not  appear  to  be  proprietary.  As  we’ve  seen,   LOCK  was  prohibited  from  placing  fraud  alerts  with  credit  reporting  agencies  in   2009.  In  2010,  it  was  prohibited  from  advertising  itself  as  a  company  that  can   prevent  identity  theft.  Looking  at  its  services  in  2013,  it’s  amazing  that  anyone   pays  $120  -­‐  $275  /  year  for  them.  The  otherwise  bullish  analyst  at  Canaccord   Genuity  sums  it  up  in  his  11/7/2012  report:  “It  is  completely  fair  to  say  that  a   consumer  could  do  many  of  the  things  that  LifeLock  provides.”  LOCK,  in  other   words,  is  primarily  a  services  business.  Here  are  the  services  provided  with  LOCK’s   basic  service  (from  its  website):   • Notification  of  credit  and  noncredit  threats  within  our  extensive  network   • Monitoring  of  known  criminal  websites  for  illegal  trading  of  personal   information   • Stolen  or  lost  wallet  remediation  services   • Direct  access  to  fraud  resolution  teams  within  our  extensive  network     Anybody  with  access  to  the  internet  and  ten  free  minutes  can  do  simple  things   like  ask  for  a  credit  report  (annualcreditreport.com)  and  end  unsolicited  credit   card  mailings  (optoutprescreen.com).  Let’s  look  at  some  of  LOCK’s  purportedly   proprietary  services:  

  LOCK  claims  to  monitor  more  than  10,000  “black  market”  websites  on   which  personal  information  is  bought  and  sold.  Let’s  say  that  this  is  true…so   what?  LOCK  isn’t  the  FBI  or  Interpol.  If  a  criminal  gang  in  Ukraine  posts  my  credit   card  number  on  a  website,  LOCK  cannot  do  anything  about  it.  It  cannot  shut  down   the  site  or  fix  the  problem.  My  credit  card  number  has  already  been  stolen.  At   best,  LOCK  can  notify  me  to  cancel  the  card.  I  think  it’s  more  likely  that  I  would   see  bogus  charges  on  the  card  long  before  LOCK’s  watchdogs  spot  them.     LOCK’s  wallet  remediation  service,  impressively  called  WalletLock,  is  a   service  in  which  someone  at  LOCK  calls  your  banks,  credit  card  issuers,  etc.,  if  your   wallet  is  lost  or  stolen.  LOCK  does  exactly  what  anyone  would  do  when  his  or  her   wallet  is  lost.  LOCK  does  not  reimburse  for  lost  cash  or  other  valuables  or  provide   reimbursement  for  any  fees  incurred  in  getting  new  cards.     The  threat  notification  service  is  the  reason  that  most  people  pay  for  LOCK.   Here  is  a  basic  description  from  the  prospectus:  “We  protect  our  consumer   subscribers,  whom  we  refer  to  as  our  members,  by  constantly  monitoring   identity-­‐related  events,  such  as  new  account  openings  and  credit-­‐related  

applications.  If  we  detect  that  a  member’s  personally  identifiable  information  is   being  used,  we  offer  near  real-­‐time,  actionable  alerts…”  Take  note  of  the  word   “if”  in  this  description.  The  description  indicates  that  LOCK  primarily  focuses  on   fraudulent  new  account  openings.  Unfortunately  for  LOCK’s  enrollees,  the  FTC   says  that  new  account  fraud  was  responsible  for  only  18.5%  of  identity  theft  cases   in  2012.  As  will  be  explained,  there  are  lots  of  potential  threats  that  LOCK  doesn’t   cover.  Even  in  the  areas  that  LOCK  does  cover,  there  is  no  guarantee  that  LOCK   will  actually  catch  anything.  On  its  website,  LOCK  claims  to  monitor  for  “…threats   against  your  identity  within  our  network.”  LOCK  does  not  disclose  its  network  to   the  public.  There  is  also  this  disclaimer:  “Not  all  transactions  are  covered  and   scope  may  vary.”  The  reality  is  that  LOCK  is  dependent  on  receiving  credit  alerts   from  other  companies.  Among  the  risk  factors  in  the  prospectus  is:  “Our  business   depends  on  our  ability  to  utilize  intellectual  property,  technology,  and  content   owned  by  third  parties,  the  loss  of  which  would  harm  our  business.”  Despite  the   limitations  in  its  services,  LOCK  is  well-­‐known  for  offering  a  guarantee  to  its   clients.     The  $1  Million  “Guarantee”     LOCK  makes  a  big  deal  about  its  $1  million  guarantee  in  its  advertising  and  

on  its  website.  What  does  it  mean?  Well,  I  suspect  that  LOCK’s  customers  think  

that  it  means  that  LOCK  insures  them  against  as  much  as  $1  million  in  losses  due   to  identity  theft.  It  doesn’t  mean  that  at  all.  It’s  actually  more  of  a  really  weak   warranty.  According  to  the  actual  policy,  LOCK  guarantees  to  pay  up  to  $1  million   in  legal  costs,  remediation,  service  costs,  and  case  management  costs  if  an   identity  theft  occurs.  There  is,  however,  no  guarantee  that  you  will  actually   receive  this  help.  From  LOCK’s  website  (emphasis  mine):  
Remediation  Service  Costs.  The  amount  of  reasonable  and  necessary  expenses  paid  to   investigators  and  other  third-­‐party  business  providers  that  are  retained  by  LifeLock  and   involved  in  any  services  that  are  reasonably  necessary,  viewed  in  the  context  of  LifeLock's   business  and  Membership  Programs,  to  restore  your  good  name  and  identity,  or  to  recover   your  Losses  in  accordance  with  any  Membership  Program.  

In  other  words,  LOCK  will  not  pay  for  any  legal  help  unless  it  decides  that  that   customer’s  losses  were  due  to  deficiencies  in  LOCK’s  services.  Since  LOCK  does   not  protect  against  many  types  of  crime,  it  can  easily  claim  that  the  alleged  fraud   is  not  covered.  Moreover,  LOCK  (not  the  customer)  determines  whether  or  not   legal  aid  is  actually  necessary.  As  if  that  wasn’t  bad  enough…the  victim  has  to  do   all  of  the  work!  The  actual  policy  has  a  long  list  of  actions  that  the  fraud  victim  has   to  take  in  order  to  be  covered  by  LOCK’s  policy.  Here  are  just  a  few  of  the   requirements  (from  the  Master  Policy):  
vi. In the event of a Stolen Funds Loss, you shall:

Take all reasonable steps to obtain reimbursement for the Stolen Funds Loss from the Financial Institution which holds the Account; Promptly give notice to us of the Stolen Funds Loss and detailed information regarding the Stolen Funds Loss, including without limitation, the type, dates, and amount of Stolen Funds Loss. Send to us at our request, a signed, sworn proof of Stolen Funds Loss, or affidavit containing the information we request to investigate the Stolen Funds Loss. We shall supply you with the necessary forms for this purpose, which you shall complete, execute and return to us within sixty (60) days of our request. Provide us with a complete description of your efforts to obtain reimbursement from the Financial Institution that holds the Account and stated reasons why full or partial reimbursement was not provided; and Provide any other reasonable information or documentation that we may request.

So,  the  victim  may  not  get  any  money  from  LOCK,  but  he  or  she  will  have  to  fill   out  plenty  of  paperwork.  There  are  numerous  other  provisions  that  can  be  found   on  LOCK’s  website.  The  bottom  line  is  that  it  is  a  marketing  gimmick.     LOCK  admits  that  virtually  nobody  gets  anything  from  its  guarantee.  LOCK  

has  had  millions  of  members  covered  by  it,  but  Davis  has  told  investors  that   “fewer  than  5,000  people  have  invoked  the  guarantee.”  He  has  not  said  how   many  actual  claims  have  been  paid.  LOCK’s  filings  state  that  amounts  paid  to   customers  under  the  guarantee  are  “not  material”.  The  lameness  of  the  so-­‐called   guarantee  was  one  of  the  major  factors  in  the  cases  brought  by  the  state   attorneys  and  the  FTC  in  2009-­‐10.  Once  again,  LOCK  seems  to  have  kept  the  FTC   off  its  backs  (so  far)  by  making  a  few  cosmetic  changes  in  its  marketing.   Does  LOCK  Actually  Work?  

 

LOCK’s  claims  of  comprehensive  ID  protection  cannot  be  corroborated.  

LOCK  has  three  levels  of  service:  basic  ($10  /  month),  Command  Center  ($15  /   month),  and  Ultimate  ($25  /  month).  Most  of  LOCK’s  customers  have  the  basic   service.  I  estimate  that  73%  of  LOCK  subscribers  have  the  basic  service,  9%  have   Command  Center,  and  18%  have  Ultimate.  LOCK  does  not  actively  promote   Command  Center  anymore.  Approximately  two-­‐thirds  of  LOCK’s  new  customers   subscribe  to  the  basic  product,  while  one-­‐third  subscribe  to  Ultimate.  As   suggested  by  the  large  price  differential,  the  Ultimate  product  covers  more  areas   than  the  basic  product.  All  of  LOCK’s  products  are  limited  by  the  breadth  of  its   network.  LOCK  does  not,  for  example,  protect  against  tax-­‐  and  wage-­‐related   fraud.  These  sorts  of  frauds  are  listed  by  the  FTC  as  the  two  most  common  types   of  identity  theft.  LOCK  also  does  not  monitor  vehicle  registrations  and  insurance   information.  Even  in  the  areas  that  LOCK  does  monitor,  the  company’s  ability  to   serve  its  customers  is  very  limited.  The  primary  flaw  is  that  LOCK’s  services  are   not  endorsed  by  any  bank  or  credit  bureau.  The  company  has,  therefore,  only   limited  access  to  the  data  necessary  to  protect  its  enrollees.     http://www.ftc.gov/sentinel/reports/sentinel-­‐annual-­‐reports/sentinel-­‐cy2012.pdf   https://www.truthinadvertising.org/lifelocks-­‐protection-­‐leaves-­‐much-­‐to-­‐be-­‐ desired/  

Industry  sources  contend  that  LOCK’s  basic  service  is  nearly  worthless.   LOCK’s  basic  service  does  not  include  alerts  from  the  three  credit  bureaus  and   banks.  In  other  words,  LOCK  does  not  monitor  checking  and  savings  accounts  and   credit  cards  for  enrollees  in  the  basic  product.  A  product  without  credit  bureau   information  is  not  really  a  credit  protection  product  at  all.  Many  of  LOCK’s   competitors  do  not  even  offer  a  product  without  credit  bureau  information  as   they  know  that  it  would  be  useless.  The  Ultimate  product  does  include  credit   bureau  monitoring,  but  it  is  still  very  limited.  Since  LOCK  has  no  partner  with   direct  access  to  financial  information,  it  does  not  really  control  its  own  data.  LOCK   does  not,  for  example,  have  any  ability  to  monitor  paper  forms.  LOCK’s  products   have  very  limited  features  and  no  operational  oversight  or  customization.  Despite   the  company’s  claims,  there  is  zero  evidence  that  any  of  LOCK’s  products  actually   work.     LOCK  has  never  offered  any  quantitative  evidence  that  its  products  actually  

protect  anyone’s  identity.  LOCK’s  website  includes  a  grand  total  of  four   testimonials,  but  no  pertinent  data  on  the  effectiveness  of  the  service.  It  notable   that  even  the  self-­‐selected  testimonials  do  not  offer  much  proof  of  LOCK’s  utility.   Here  is  a  direct  quote  from  Kristina  E.’s  testimonial:  "A  credit  collector  called  me   and  claimed  that  I  owed  them  money  and  I  immediately  called  LifeLock…”  In  

other  words,  LOCK  completely  missed  the  fraud  and  had  to  be  notified  by  the   subscriber.  The  other  three  testimonials  are  similar  in  that  the  subscriber  already   knew  about  an  identity  theft  issue  before  speaking  with  LOCK.  Although  it  is   difficult  to  find  satisfied  LOCK  subscribers,  it  is  easy  to  find  complaints  from   disgruntled  ex-­‐customers  on  various  websites.  Here  is  a  link  to  one  of  these  sites:   http://www.consumeraffairs.com/privacy/lifelock.html   Finally,  a  March,  2013,  special  report  on  LOCK  from  KTVU-­‐TV  in  Oakland,   CA,  is  definitely  worth  watching.  The  report  goes  into  some  detail  about  the  gaps   in  LOCK’s  network  and  how  it  avoids  responsibility  for  ID  theft  incidents.  The  link:   http://www.ktvu.com/news/news/special-­‐reports/industry-­‐leader-­‐identity-­‐theft-­‐ protection-­‐recently/nWf9P/   http://www.lifelock.com/services/testimonials/   Competition   LOCK  provides  services  based  on  manpower  and  outside  technology.  These   services  are  easily  replicated.  More  than  50%  of  the  consumers  that  pay  for   identity  protection  are  using  services  provided  by  banks  (Wells  Fargo,  Chase,  etc.).   There  are  also  numerous  private  companies  and  subsidiaries  of  larger  companies   that  offer  these  services.  As  proof,  I  offer  a  list  of  20  such  firms:  AllClear  ID,  CSID,   Equifax  ID  Patrol,  ID  Armor,  IdentityForce,  Identity  Hawk,  Identity  Guard  

(Intersections),  IDTheft  Protect,  IdentityTruth,  Intelius  IDWatch,  ID  Watchdog,   Protect  My  ID  (Experian),  TrustedID,  IDFreeze  (Fair  Isaac),  PrivacyGuard,  Privacy   Matters,  SmarterCredit,  LexisNexis,  IdentitySecure  (Affinion),  and  Identity  Theft   Shield  (Kroll).  IBISWorld  has  issued  a  report  on  the  identity  protection  industry.  In   the  report,  IBISWorld  identifies  79(!)  market  participants.  All  of  these  firms  pretty   much  make  the  same  claims  about  identity  theft  protection,  offer  the  same   services,  and  charge  the  same  prices  ($10-­‐$25/month).  LOCK  is  merely  one  player   in  a  very  crowded  market.   The  identity  protection  firms  are  often  using  the  same  software  and  getting   their  data  from  the  same  sources.  They  all  rely  on  information  from  the  credit   bureaus,  banks,  and  credit  issuers.  Credit  bureau  TransUnion,  for  example,  serves   as  a  fulfillment  partner  to  LOCK  and  many  other  ID  theft  companies.  Early   Warning  Services  is  another  one  of  LOCK’s  fulfillment  partners.  It  is  owned  by  a   group  of  major  banks  and  provides  bank  fraud  protection  to  a  wide  variety  of   financial  institutions.  ID  Analytics,  now  owned  by  LOCK,  provides  software  to   several  firms  in  the  industry.  Austin-­‐based  CSID  claims  that  more  than  70%  of  the   retail  identity  protection  industry  (including  LOCK)  uses  its  fraud  detection   software.  It  is  notable  that,  according  to  management  at  Intersections,  several  of   the  data  providers  have  recently  raised  prices.  Since  anybody  can  buy  access  to  

the  data  sources,  there  are  no  barriers  to  entry  in  the  industry.  CSID  even  offers  a   white  label  identity  protection  platform,  allowing  any  firm  to  offer  services  with   no  investment  in  technology.  The  entire  industry  has  become  commoditized.     LOCK’s  potential  market  is  much  smaller  than  is  widely  believed.  On  the  Q1   2013  conference  call,  CFO  Chris  Power  claimed  that,  “We  are  in  the  early  stages  of   a  big  market  opportunity…”  The  reality  is  that,  according  to  IBISWorld,  the   identity  protection  industry  is  expected  to  experience  growth  of  only  4.2%  in   2013,  down  from  4.6%  growth  in  2012.  It  is  interesting  to  note  that  these   numbers  have  dropped.  As  recently  as  two  years  ago,  IBISWorld  was  forecasting   growth  in  the  7%  -­‐  9%  /  year  range.  Estimates  of  the  current  market  size  vary  from   $3.5  -­‐  $4.0  billion,  implying  that  LOCK  has  about  7%  dollar  market  share.   According  to  a  2012  article  in  Consumer  Reports,  approximately  50  million   Americans  paid  for  identity  theft  protection  in  2010.  In  its  presentations,  LOCK   claims  that  the  addressable  market  is  78  million  Americans.  Assuming  that  this   number  is  accurate,  about  two-­‐thirds  of  the  potential  buyers  are  already  paying   for  some  type  of  protection.  The  Deutsche  Bank  analyst  that  follows  LOCK   estimates  that  LOCK  will  have  4.5  million  members  and  $534  million  in  consumer   revenues  in  2017.  LOCK  would  need  to  increase  its  single-­‐digit  market  share  to   achieve  these  estimates,  which  seems  unlikely  in  a  crowded  market  in  which  firms  

are  practically  interchangeable.  Nonetheless,  LOCK  has  effectively  portrayed  itself   as  the  leader  in  identity  theft  protection.  Anyone  who  knows  LOCK’s  history  has   to  view  this  as  an  incredible  accomplishment.     The  Founders   LifeLock’s  corporate  history  is  so  unsightly  that  it  is  astonishing  that  the   company  still  exists.  Robert  J.  Maynard,  Jr.,  and  Richard  Todd  Davis  are  the  official   co-­‐founders  of  the  firm.  Maynard  does  not  work  for  LOCK  anymore,  but  Davis   remains  CEO.  On  his  personal  website,  Maynard  explains  that  he  “...invented  the   concept  for  LifeLock,  built  the  initial  systems  and  found  a  great  partner  in  Todd   Davis.”    According  to  the  story  that  both  Davis  and  Maynard  gave  in  numerous   interviews,  the  genesis  of  LifeLock  was  an  incident  in  which  Maynard  was  a  victim   of  identity  theft.  Maynard  claimed  that  he  was  erroneously  jailed  for  seven  days   in  2003  after  someone  stole  his  identity.  Maynard  was  released,  but  he  claimed   that  he  spent  more  than  $20,000  and  many  hours  in  clearing  his  good  name.  This   harrowing  experience  convinced  Maynard  that  people  needed  a  service  to  protect   them  from  identity  theft.  It’s  a  fine  story,  but  it  is  only  partly  true.  Maynard  was   actually  jailed,  but  he  was  not  a  victim  of  identity  theft.  The  police  arrested  him   because  he  skipped  out  on  a  $15,000  marker  from  a  Las  Vegas  casino.  This  is  

considered  theft  under  Nevada  law.  It  is  also  just  one  of  many  black  marks  on   Maynard’s  resume.     LOCK  does  not  want  investors  to  know  about  its  sordid  past.  Even  though  

he  created  the  firm,  Maynard’s  name  does  not  appear  in  the  IPO  prospectus.  The   details  of  his  long  history  of  financial  impropriety  can  be  found  in  a  series  of   articles  in  the  Phoenix  New  Times  and  Wired.    Here  are  links  to  two  of  them:   http://www.phoenixnewtimes.com/2007-­‐05-­‐31/news/what-­‐happened-­‐in-­‐vegas/   http://www.phoenixnewtimes.com/2010-­‐05-­‐13/news/cracking-­‐life-­‐lock-­‐even-­‐ after-­‐a-­‐12-­‐million-­‐penalty-­‐for-­‐deceptive-­‐advertising-­‐the-­‐tempe-­‐company-­‐can-­‐t-­‐ be-­‐honest-­‐about-­‐its-­‐identity-­‐theft-­‐protection-­‐service/   I  have  used  these  articles  as  sources  for  this  section.  The  stories  are  too  long  and   ridiculous  to  repeat  here,  but  I  will  present  the  highlights,  starting  with  the  origin   story.  The  New  Times  discovered  that  the  casino  had  a  copy  of  Maynard’s  driver’s   license.  There  was  never  any  question  of  identity.  The  newspaper  presented   evidence  of  Maynard’s  deception  to  Davis  in  May  of  2007.  Davis,  according  to  the   newspaper,  stonewalled  the  reporter  and  even  continued  to  tell  the  fictional   origin  story.  The  controversy  did  lead  to  Maynard’s  separation  from  LOCK…sort   of.  After  Maynard  left  his  Chief  Marketing  position,  Davis  hired  him  as  a  marketing  

consultant  to  do  the  exact  same  work.  It  is  notable  that  LOCK  completed  two   rounds  of  preferred  stock  sales  to  major  institutional  investors  while  Maynard   was  still  a  top  executive.  One  might  think  that  these  investors  would  have  been   scared  away  by  his  background.  After  all,  by  the  time  that  LOCK  was  founded,   Maynard  had  declared  bankruptcy  three  times,  driven  at  least  two  companies  into   insolvency,  been  forced  out  as  CEO  of  Internet  America,  and  lost  a  defamation   suit  after  falsely  claiming  to  have  been  cyber-­‐stalked.  Most  significantly,  he  had   also  agreed  to  a  lifetime  ban  from  the  credit  industry.     Maynard  had  an  ugly  experience  in  the  credit  monitoring  business  before  

he  co-­‐founded  LOCK.  In  the  mid-­‐1990s,  Maynard  ran  a  credit  repair  business   called  National  Credit  Foundation.  The  business  was  targeted  by  both  the  Federal   Trade  Commission  (FTC)  and  the  attorney  general  of  Arizona  for  numerous   violations.  Among  these  violations,  according  to  federal  court  records,  the   company,  “in  numerous  instances…withdrew  funds  from  customers’  checking   accounts  without  authorization.”  Ex-­‐employees  at  National  Credit  reported  that   distraught  clients  called  and  asked  for  help  with  unauthorized  $300  charges-­‐  not   knowing  that  National  Credit  had  been  the  one  who  charged  them!  Maynard  was   slapped  with  a  lifetime  ban  on  “advertising,  promoting,  offering  for  sale,  selling,   performing,  or  distributing  any  product  or  service  relating  to  credit  improvement  

services.”  LifeLock,  you’ll  recall,  claims  to  protect  people  from  credit  card  scams   and  other  financial  crimes.  When  confronted  with  this  information  by  New  Times,   Davis  was  unsurprised  and  unconcerned.  He  claimed  that  the  company’s  attorney   had  provided  an  opinion  that  Maynard  was  legally  allowed  to  work  for  LOCK.  He   didn’t  seem  to  care  that  LOCK  is  supposed  to  protect  its  customers  from  people   exactly  like  Robert  J.  Maynard,  Jr.     More  information  /  references:   http://articles.latimes.com/2007/jun/12/business/fi-­‐lifelock12   http://www.ftc.gov/opa/1997/04/ncf-­‐4.shtm   LifeLock  claims  to  protect  its  customers  from  people  who  wish  to  victimize   them,  yet  Todd  Davis  apparently  did  not  even  notice  or  care  that  his  own  partner   was  untrustworthy.  Maynard,  who  blames  most  of  his  problems  on  being  bipolar,   is  even  alleged  to  have  engaged  in  identity  theft.  The  New  Times  reported  that   Maynard  fraudulently  obtained  an  American  Express  card  in  his  father’s   (Maynard,  Sr.)  name  and  ran  up  $154,000  in  charges.  Maynard  was  apparently   bought  out  of  his  10%  equity  ownership  in  LOCK  in  or  around  2009.  After  leaving   LOCK,  Maynard  took  his  special  brand  of  entrepreneurship  to  Hawaii  and  founded   an  ocean  adventure  company  called  Kandoo!  Island.  It  was  supposed  to  be  some  

kind  of  giant  activity  catamaran  for  families.  It  was,  not  surprisingly,  a  total  fiasco.   Maynard  had  trouble  getting  insurance,  trouble  with  the  Coast  Guard,  and   bounced  paychecks  all  over  the  Pacific.  The  company  went  broke  after  two  weeks   of  operations.  In  the  aftermath,  Maynard  was  sued  for  failing  to  pay  off  the   promissory  notes  the  he  signed  to  pay  for  the  boats  and  equipment.   http://www.bizjournals.com/pacific/stories/2009/10/12/daily52.html    Let’s  now  take  a  look  at  Maynard’s  former  partner  and  longtime  apologist,   Todd  Davis,  who  has  pulled  off  one  of  the  most  successful  advertising  hoaxes  in   recent  memory.  Many  people  have  heard  of  LifeLock  for  just  one  reason:  Davis   put  his  Social  Security  number  in  the  company’s  ads.  It  was  an  audacious  move.   Social  Security  numbers  are  used  in  all  sorts  of  financial  transactions.  By   displaying  his  SSN  in  front  of  millions  of  potential  crooks,  Davis  showed  absolute   faith  in  LOCK’s  ability  to  protect  his  identity.  His  faith  was  misplaced.  The  FTC  /   attorneys  general  investigation  into  LOCK  determined  that  Davis’  SSN  had  been   used  by  someone  in  Ft.  Worth,  TX,  to  fraudulently  take  out  a  payday  loan  for   $500.  Although  the  incident  was  well-­‐publicized,  Davis  has  successfully   downplayed  it  as  isolated  and  unpreventable.  The  LOCK  analyst  at  Canaccord   even  calls  it  an  “urban  myth”  in  his  10/28/2012  report.  LOCK’s  story  is  that  the  

payday  lender  did  not  process  the  loan  properly,  so  LOCK  could  not  have  caught   it.  One  might  overlook  one  isolated  failure  to  protect  Davis’  identity.  It’s  a  bit   more  difficult,  however,  to  overlook  the  fact  that  Davis’  identity  has  actually  been   stolen  at  least  13  times.     LifeLock  proved  to  be  completely  unable  to  protect  its  own  CEO  from  

financial  fraud.  The  New  Times  reported  in  2010  that  Davis’  SSN  was  used   fraudulently  in  at  least  13  separate  instances,  crimes  that  came  to  light  when  a   LOCK  employee  filed  a  police  report  on  Davis’  behalf.  In  one  case,  someone  used   Davis’  SSN  to  open  a  cell  phone  account  with  AT&T.  That  case  resulted  in  an   unpaid  bill  of  $2,390.    Other  crimes  using  Davis’  information  included  the   purchase  of  a  gift  basket  at  Swiss  Colony  and  the  opening  a  bank  account  at  Bank   One.  In  several  of  the  instances,  the  unpaid  bills  went  to  collection  agencies   before  LOCK  or  Davis  knew  about  them.  The  exact  number  of  times  that  Davis’   SSN  has  been  fraudulently  used  is  unknown  since  Davis  has  not  released  his  credit   records  to  the  public.  He  has,  however,  continued  to  promote  LOCK  as  an  expert   in  identity  protection.   Davis’  SSN  publicity  stunt  exposes  LOCK  as  a  company  without  substance.   Besides  failing  to  protect  his  identity,  it  could  not  even  clean  up  the  messes.  

LOCK’s  staff  has  no  real  authority  to  deal  with  identity  theft.  Like  anyone  else,  the   company  can  only  report  alleged  crimes  and  contact  affected  parties.  Davis  did   get  personally  involved  in  one  of  his  own  identity  theft  cases,  but  the  result  was   rather  unfortunate.  As  reported  in  Wired  magazine,  Davis’  involvement  In  the   Texas  payday  loan  case  allowed  the  suspect  to  avoid  prosecution.  According  to  a   Fort  Worth  police  sergeant,  Davis  was  warned  to  stay  away  from  the  suspect  in   the  case  as  the  investigation  was  ongoing.  Instead,  Davis  and  a  camera  crew   “…yelled  at  him  (the  suspect)  and  browbeat  him  into  signing  a  confession  that   they  had  already  typed  out.”  Davis  told  the  mentally  disabled  suspect  that  if  he   did  not  sign  the  confession,  the  police  would  arrest  him.  After  they  heard  about   the  coerced  confession,  the  Fort  Worth  police  dropped  the  case.  In  one  interview   on  the  incident,  Davis  claimed,  “We  didn’t  coerce  him.  But  we  want  criminals  to   know,  if  you  mess  with  any  LifeLock  member,  there  needs  to  be  consequences.”  I   really  don’t  think  that  the  criminals  got  the  message,  though,  since  LOCK  did   nothing  and  the  guy  got  away  with  it.  The  message  that  I  get  is  if  that  LOCK   couldn’t  even  protect  its  own  CEO,  then  its  2.6  million  anonymous  members   shouldn’t  expect  anything  better.   http://www.wired.com/threatlevel/2007/07/police-­‐say-­‐life/  

LOCK  is  a  company  driven  by  advertising.  Prior  to  his  involvement  with   LOCK,  Davis  was  a  salesman  at  Dell  and  worked  at  a  few  start-­‐ups.  It  seems  that   these  start-­‐ups  weren’t  very  successful  as  Davis  filed  for  bankruptcy  in  2000.  In   2002,  Davis  created  a  marketing  firm  called  Marketing  Champions,  LLC.  According   to  Phoenix  Business  Journal,  he  became  involved  with  LOCK  when  hired  to   generate  publicity.  Davis  has  been  on  a  publicity  tour  ever  since.  One  of  the   gimmicks  employed  by  LOCK  is  to  host  free  “Identity  Theft  Summits”  for  law   enforcement  officials.  LOCK  partners  with  a  group  called  FBI-­‐LEEDA  to  sponsor   these  seminars.  LOCK,  by  no  coincidence,  is  the  largest  (“Diamond  Level”)  sponsor   for  FBI-­‐LEEDA’s  annual  conference.  Given  the  limited  training  budgets  of  many   police  agencies,  these  free  seminars  are  popular  and  generate  lots  of  publicity  for   LOCK.  Here  is  a  typical  headline  from  a  website:  “FBI  Partners  with  LifeLock  to   Protect  Identity  Theft”.  It’s  a  nice  headline,  but  it’s  inaccurate.  Despite  its  name,   FBI-­‐LEEDA  is  not  part  of  the  FBI  or  acting  on  behalf  of  the  FBI.  The  seminars  are   just  one  way  in  which  LOCK  uses  its  marketing  dollars  to  craft  a  story.     America’s  Mayor…LifeLock’s  Shill?     A  current  ad  campaign  illustrates  how  LOCK  exaggerates  its  expertise  in  

identity  protection.  In  November,  2012,  LOCK  announced  that  former  New  York  

mayor  and  federal  prosecutor  Rudy  Giuliani  had  been  hired  as  a  “strategic   consultant”.  LOCK  did  not  disclose  his  payment  or  exact  role.  Within  days  of  the   press  release,  Giuliani  began  to  mention  LOCK  in  interviews  about  personal   security.  In  early  2013,  Giuliani  began  to  appear  in  infomercials  for  LOCK.  In  one   of  these,  Giuliani  identifies  himself  a  LOCK  member  and  discusses  identity  thieves   who  file  false  tax  returns.  The  ad  dramatizes  a  situation  in  which  a  young  woman   steals  information  from  a  man’s  computer  to  claim  a  tax  refund.  The  ad   misleadingly  implies  that  LOCK  protects  against  stolen  tax  refunds.  The  reality  is   that  the  Internal  Revenue  Service  (IRS)  is  not  part  of  LOCK’s  data  network.  LOCK   does  not  have  any  ability  to  monitor  tax  returns  or  identify  fraudulent  tax  refunds.   The  IRS  does  have  a  unit  to  combat  identity  theft.  According  to  this  report,  the  IRS   appears  to  be  making  significant  progress:   http://www.sun-­‐sentinel.com/business/fl-­‐id-­‐theft-­‐20130321,0,4654021.story   It  is  obvious  that  LOCK  hired  Giuliani  due  to  his  reputation  as  a  crime   fighter.  He  may  also  appeal  to  LOCK’s  primary  demographic  (Caucasian  male   seniors).  Davis,  for  one,  appears  to  be  a  fan.  According  to  the  Federal  Election   Commission,  he  donated  money  to  Giuliani’s  2008  Presidential  campaign.  It  may   seem  odd  that  Giuliani  would  take  money  from  LOCK,  but  he  has  a  history  of  

taking  money  from  questionable  sources.  According  to  articles  in  Forbes  and   Vanity  Fair,  Giuliani  and  his  partners  have  been  paid  millions  of  dollars  to   promote  the  interests  of  dubious  companies.  In  several  cases,  Giuliani  used  his   celebrity  and  access  to  the  media  to  promote  his  clients’  interests.   http://www.vanityfair.com/politics/features/2008/01/giuliani200801   http://www.forbes.com/forbes/2006/1113/138.html   The  Richardson  Lawsuit     Ongoing  litigation  reveals  a  bit  more  about  LOCK’s  marketing  practices.  

LOCK’s  SEC  filings  provide  brief  mention  of  a  lawsuit  filed  against  LOCK  and  Davis   by  a  woman  named  Denise  Richardson.  In  the  suit,  Richardson  claims  that  she  was   improperly  paid  as  an  independent  contractor  rather  than  as  an  employee.  The   suit  claims  that  she  is  owed  at  least  $250,000  in  compensation  and  damages.  On   the  surface,  this  appears  to  be  a  banal  compensation  dispute  filed  by  an  ex-­‐ employee.  It  turns  out,  however,  that  Richardson  had  a  rather  unusual  marketing   role  at  LOCK.  On  her  website,  she  describes  her  relationship  with  LOCK  (not   named)  in  these  terms:  “August  2006  through  February  2012  Identity  Theft   Education  Specialist,  Speaker,  Spokesperson,  Blogger,  Consumer  Liaison  and   Consumer  Advocate  fostering  business  development  for  a  nationally  known  

identity  theft  protection  company.”  In  other  words,  LOCK  paid  her  to  promote  the   company  all  over  the  internet.    A  simple  search  reveals  dozens  of  positive  comments,  blogs,  and  news   articles  that  Richardson  has  posted  about  LOCK.  If  you  look  up  a  negative  news   story  about  LOCK,  there  is  a  good  chance  that  Richardson  replied  to  it  with  a   lengthy  defense  of  the  company  and  Davis.  In  most  cases,  she  did  not  disclose  any   association  with  LOCK.  A  few  times,  however,  she  posted  a  disclaimer  such  as  this:   “…LifeLock  has  paid  me  to  speak  at  their  seminars  as  one  of  their  Certified   Identity  Theft  Risk  Management  Specialists.  To  be  clear,  I  get  paid  to  talk  about   identity  theft,  but  I  don’t  get  paid  to  promote  LifeLock.”  Well,  Richardson’s  own   lawsuit  proves  that  she  was  getting  paid  to  do  exactly  that.  The  whole  situation  is   quite  ironic.  She  staunchly  defended  the  integrity  of  Davis  and  LOCK  for  years,  but   now  she  is  suing  them  for  allegedly  ripping  her  off.  It  appears  that  her  views  have   changed.  This  comment  appears  on  her  site:  “As  of  July  of  2012,  I  no  longer  work   with  or  endorse  this  particular  ID  theft  protection  company  (LifeLock).  As  always,   do  your  homework  on  ID  theft  protection  services  to  help  ensure  you  only  deal   with  companies  that  practice  the  best  identity  theft  protection  practices.”  That   may  be  good  advice,  but  it’s  a  bit  hard  to  identify  those  companies  since  the   internet  is  flooded  with  false  information.  

http://news.cnet.com/8301-­‐27080_3-­‐10466741-­‐245.html     LOCK  pays  people  to  promote  the  company  in  a  shady  manner.  LOCK  offers  

an  Affiliate  program  in  which  people  create  websites  with  links  to  lifelock.com.   The  Affiliates  receive  $40  -­‐  $60  for  every  person  that  subscribes  to  the  service   through  these  links.  A  December,  2010,  article  in  a  Maine  newspaper  describes   how  the  Affiliates  generate  traffic:  “A  Google  search  for  LifeLock  brings  up   thousands  of  hits  for  blogs,  supposed  news  sites  and  reviews.  Most  shower  the   company  with  praise  and  provide  links  to  buy  its  services.  However,  most  or  all   are  operated  by  affiliates  who  receive  a  30  percent  commission  on  each  sale   generated  by  their  site  or  review.”  Here  is  one  of  these  “reviews”  that  can  be   easily  found  with  Google:  
Pros: This service is excellent and continues to get better. Cons: We found no weaknesses with this service. The Verdict: It's hard to find better hands to put your identity in than this service.

The  site  also  includes  a  link  to  lifelock.com  and  this  banner:  Prevent  Identity   Theft  with  LifeLock   http://identity-­‐theft-­‐protection-­‐services-­‐review.toptenreviews.com/lifelock-­‐ p2533-­‐video-­‐1.html  

Many  of  the  Affiliates’  sites  make  assertions  about  LOCK’s  services  that  would  be   prohibited  by  the  FTC  Order  if  LOCK  made  them.  LOCK  would  likely  claim  that  it   has  no  direct  control  over  the  Affiliates’  sites.  In  my  opinion,  the  Affiliates’   program  is  just  one  part  of  LOCK’s  misinformation  campaign.   http://www.sunjournal.com/our-­‐view/story/950469     The  Fastest-­‐Growing  Crime…That  Isn’t  Growing     The  threat  of  ID  theft  is  greatly  exaggerated  by  the  ID  protection  industry.  

The  industry  incessantly  promotes  the  idea  that  identity  theft  is  a  major  risk  and   that  threat  is  growing.  Here’s  a  typical  quote  from  LOCK’s  website:  “Identity  theft   is  one  of  the  fastest  growing  crimes  in  the  nation.”  The  numbers,  however,   indicate  that  it  isn’t  growing  at  all:   Annual  Losses  from  ID  Theft  (in  $billions)  -­‐  Source:  Javelin  Research   2004:  $47.0       2005:  $32.0       2006:  $28.7         2007:  $24.7     2008:  $28.9      2009:  $31.4     2010:  $19.9   2011:  $18.0   2012:  $20.9  

So,  losses  from  ID  theft  in  the  U.S.  fell  by  55.6%  in  the  past  eight  years  and  33.4%   in  the  past  three  years.  The  number  of  victims,  according  the  Javelin,  has  been   steady:  the  eight-­‐year  average  of  11.6  million  per  year  is  equal  to  the  2011   number.  The  incidence  rate  is,  therefore,  only  about  4%  per  year.  LOCK  and  its   competitors  obviously  do  not  want  people  to  know  that  96%  of  them  are  paying   $120  -­‐  $300  this  year  for  no  reason.  One  could  argue,  however,  that  identity   protection  is  worth  the  price  if  it  reduces  risk  of  loss.  There  is  evidence,  however,   that  it  does  not  even  do  that.       The  entire  identity  protection  industry  is  probably  a  waste  of  money  for  

consumers.  LOCK  deserves  credit  (or  blame)  for  helping  to  create  an  industry  in   which  people  pay  for  unnecessary  and  free  services.  A  2012  Consumer  Reports   article  explains:  “…consumers  who  buy  this  protection  from  their  banks  are   helping  to  foot  the  bill  for  services  that  financial  institutions  are  obligated  to   provide  by  federal  law  to  shield  their  customers  from  losses  stemming  from   credit-­‐card  and  bank-­‐account  fraud.”  If  you  use  a  credit  card,  you  have  probably   noticed  that  the  card  issuers  and  banks  are  becoming  much  more  proactive  in   freezing  accounts  when  something  appears  unusual.  As  the  above  numbers  show,   the  average  loss  per  victim  has  fallen  dramatically  in  the  past  decade.  Again,  from   Consumer  Reports:  “…identity  fraud  is  down  because  financial  institutions  are  

doing  a  better  job  preventing  it.  And  consumers  have  been  more  eagle-­‐eyed   about  their  own  accounts,  without  the  need  for  a  paid  subscription  service.”   Javelin  found  that  83%  of  ID  theft  is  uncovered  by  self-­‐detection  (50%)  or  banks   and  credit  card  providers  (33%).  Moreover,  Javelin  found  that  people  who   discovered  fraud  by  reviewing  their  paper  statements  had  significantly  less  money   stolen  than  victims  who  were  notified  by  an  identity  protection  service.     The  victims  of  identity  theft  do  not  suffer  significant  hardship.  Consumers   have,  according  to  a  Wells  Fargo  executive,  “essentially  zero  liability”  for  existing   account  fraud.  According  to  Javelin,  “…of  the  12.6  million  victims  in  2012,  80%  did   not  suffer  any  consumer  costs  (median  out-­‐of-­‐pocket  costs  to  consumers  of  $0)  at   all.”  Javelin  also  found  that,  “…more  than  half  of  all  victims  spent  three  hours  or   less  resolving  fraud  incidents  with  their  providers.”  Javelin’s  bottom  line  estimate   is  that  the  average  victim  of  identity  theft  suffers  a  loss  of  $365  (including  lost   wages).  Here’s  some  simple  math:   Expected  loss  /  year  =  4%  (incidence  rate)  *  $365  (avg.  loss)  =  $14.60   So,  the  expected  loss  per  year  from  ID  theft  is  less  than  the  cost  of  one  month’s   membership  in  LifeLock  Ultimate.  LOCK’s  marketing  strategy  is  based  on  paranoia,   not  reality.  

http://www.consumerreports.org/cro/2012/02/debunking-­‐the-­‐hype-­‐over-­‐id-­‐ theft/index.htm   https://www.javelinstrategy.com/   The  use  of  the  term  “identity  theft”  is  a  major  part  of  LOCK’s  fear-­‐ mongering  marketing  strategy.  The  term  implies  that  unknown  people  are   committing  crimes  by  stealing  somebody’s  entire  life.  LOCK’s  marketing  portrays   identity  theft  as  a  new  and  sophisticated  type  of  cyber-­‐crime.  In  reality,  a  lot  of   the  crime  classified  as  “identity  theft”  is  simple  credit  card  fraud.  There’s  nothing   new  about  it  at  all.  Moreover,  many  of  the  identity  thieves  are  not  unknown   people,  but  people  known  to  the  victim.  A  New  York  Times  headline  proclaims:   “Identity  Thief  is  Often  Found  in  Family  Photo.”  Indeed,  Javelin  and  the  FTC  have   found  that  in  half  of  cases  in  which  the  perpetrator  was  identified,  the  identity   thief  was  a  family  member,  friend,  neighbor,  or  in-­‐home  employee.  LOCK  knows   that  it  cannot  do  anything  to  prevent  this  type  of  crime.  Its  “guarantee”   specifically  states  that  fraudulent  withdrawals  by  family  members  are  not   covered.  LOCK  tries  to  scare  people  into  paying  for  a  service  that  does  not  work   and  that  they  do  not  actually  need.  

 

LOCK’s  latest  marketing  scheme  is  to  frighten  parents  into  paying  for  ID  

protection  for  their  children.  On  the  Q1  2013  conference  call,  Davis  discussed  the   “female  protector”  market.  Many  of  LOCK’s  current  internet  ads  portray  children   as  potential  victims.  LOCK  has  offered  a  product  for  minors  since  2011,  but  has   recently  re-­‐branded  it  as  LifeLock  Junior  and  raised  the  price  from  $2.50  /  month   to  $5.99  /  month.  LOCK’s  marketing  promotes  the  idea  that  ID  theft  is  a  major   problem  among  children.  Here  is  one  astounding  claim  from  LOCK’s  website:   “…10.2%  of  the  children  in  the  report  had  someone  else  using  their  Social  Security   number  –  that’s  51  times  higher  than  the  rate  for  adults  in  the  same  population.”   This  statement  is  based  on  a  non-­‐scientific  study  that  was  commissioned  by  one   of  LOCK’s  competitors.  In  a  blatant  case  of  selection  bias,  the  author  of  this  report   used  a  sample  of  children  who  had  already  been  notified  that  their  data  had  been   breached.  Moreover,  the  author  admits  that  his  sample  includes  more  than  one   thousand  “…events  caused  by  mistakes  in  reporting,  not  fraud.”  He  included  these   events  in  his  data.  The  Identity  Theft  Assistance  Center  (ITAC)  commissioned  its   own  report  on  child  ID  theft.  This  report  found  that  the  incidence  of  child  ID  theft   is  actually  0.85%  /  year,  about  one-­‐sixth  the  rate  for  adults.  The  report  found  that   the  average  consumer  loss  from  the  crime  is  $165.  Here’s  another  simple   equation:  

Expected  loss  /  year  =  0.85%  (incidence  rate)  *  $165  (average  loss)  =  $1.40   So,  the  expected  loss  from  child  ID  theft  is  2%  of  the  annual  cost  of  LOCK’s  child   protection  product.   http://www.cylab.cmu.edu/files/pdfs/reports/2011/child-­‐identity-­‐theft.pdf   http://www.lifelock.com/education/articles/children/childrens-­‐identity/   http://www.identitytheftassistance.org/promo/2012_Child_Identity_Fraud_Repo rt/2012_Child_Identity_Fraud_Report.html   It  is  highly  doubtful  that  LOCK  can  protect  children  against  ID  theft.  LOCK’s   numerous  internet  ads  for  LifeLock  Junior  portray  smiling  children  as  victims  of   (literally)  faceless  thieves.  In  reality,  child  ID  theft  is  often  committed  by  someone   close  to  the  child.  The  IATC  study  found  that  more  than  70%  of  reported  child   identity  fraud  is  committed  by  a  family  friend  or  relative.  In  many  cases,  the   perpetrator  is  actually  the  parent  of  the  child.  A  common  scenario  is  that  an  adult   with  poor  credit  will  use  his  or  her  child’s  SSN  to  obtain  a  credit  card  or  apply  for  a   loan.  The  IATC  report  found  that  50%  of  child  ID  theft  cases  occurred  within  a   household  with  annual  income  below  $35,000.  As  previously  mentioned,  LOCK’s   guarantee  does  not  apply  when  the  identity  theft  is  committed  by  a  family  

member.  LifeLock  Junior  is  just  the  latest  on  a  long  list  of  deceptive  ad  campaigns   by  the  company.  It  almost  goes  without  saying  that  LOCK  has  never  produced  a   shred  of  quantitative  or  qualitative  evidence  that  it  has  successfully  protected  a   child  from  identity  theft.     The  Busted  IPO   LOCK’s  IPO,  completed  on  October  3,  2012,  was  ice  cold  from  the  very   beginning.  The  initial  price  range  was  $9.50  -­‐  $11.50,  but  the  IPO  price  was  $9.00.   The  lead  underwriters  were  Merrill  Lynch,  Goldman  Sachs  (a  major  shareholder),   and  Deutsche  Bank.  The  stock  price  fell  7.1%  on  the  day  of  the  IPO  and  drifted   downwards  from  there.  It  eventually  hit  a  low  of  $6.80  on  December  21,  2012.   The  lower  than  expected  IPO  price  was  negative  for  several  reasons.  LOCK  raised   about  $30  million  less  than  expected,  selling  15.5  million  shares  for  about  $126   million.  About  one-­‐half  of  the  proceeds  ($62.6  mil.)  were  immediately  used  to  pay   off  loans  from  Merrill  and  RBC,  two  of  the  underwriters.  The  low  IPO  price   triggered  provisions  in  some  of  the  previously  issued  preferred  shares.  LOCK  was   required  to  pay  $10.7  million  in  cash  to  holders  of  some  preferred  shares  and   covert  some  preferred  shares  into  an  unexpectedly  high  number  of  common  

shares  (20.5  million).  LOCK  is  now  expected  to  have  98  million  shares  outstanding   by  the  end  of  2013.   LOCK  blamed  the  busted  IPO  on  investors’  perception  of  it  as  a  services   company.  Davis  and  the  analysts  want  investors  to  evaluate  it  as  a  high-­‐growth   technology  company.  I  believe  that  it  is  a  business  that  charges  fees  for  free   services.  At  any  rate,  LOCK  and  the  analysts  went  into  full  publicity  mode  to  bring   the  stock  price  back  from  the  depths.  The  publicity  campaign,  along  with  the  Q4   results,  pushed  the  stock  higher.  This  rally  in  the  share  price  is  certainly  good   news  for  the  early  investors,  including  Goldman  Sachs  and  several  venture  capital   firms.   ID  Analytics  Acquisition     LOCK  acquired  privately-­‐held  ID  Analytics  in  March  of  2012.  Bruce  Hansen  

founded  ID  Analytics  in  San  Diego  in  2002.  Hansen  had  been  President  at  MHC   Software  until  it  was  acquired  by  Fair  Isaac.  ID  Analytics’  main  business  is  to   provide  identification  services  to  enterprises.  ID  Analytics,  for  example,  helps   businesses  to  authenticate  the  identities  of  credit  card  users.  Users  of  ID   Analytics’  services  pay  fees  on  a  per  transaction  basis.  Here’s  a  brief  look  at  ID   Analytics’  financials  from  LOCK’s  filings  and  analysts’  reports:  

 

 

 

 

   

2010     $22.9      

2011     26.9     184.0    

2012E     27.0     227.0    

2013E   27.5-­‐30.5  

Revenue  (in  $mil.)    

Enterprise  Transactions  (mil.)    

At  the  end  of  2011  (prior  to  the  acquisition),  ID  Analytics  had  an  accumulated   deficit  of  $28.7  million.  Net  income  for  the  company  in  2011  was  $2.0  million.   Revenue  per  transaction  fell  from  approximately  14.6  cents  in  2011  to   approximately  11.9  cents  in  2012.  As  a  result,  ID  Analytics  showed  negligible  year-­‐ over  year  growth  for  2012.  The  Street  analysts  forecast  growth  of  10%  or  so  for   this  segment  for  2013.  So,  how  much  did  LOCK  pay  for  the  company?  LOCK  paid   $186  million!  This  deal  valued  ID  Analytics  at  approximately  7  times  2011  sales   and  93  times  2011  net  income.  As  ID  Analytics’  liabilities  exceeded  its  assets,   LOCK  accounted  for  the  acquisition  by  recognizing  $129.4  million  in  goodwill  and   $57.5  million  in  intangible  assets.  It’s  fair  to  say  that  LOCK  is  not  a  value  investor.     LOCK  paid  a  very  high  price  to  buy  ID  Analytics.  Aside  from  its  enterprise  

business,  the  company  provides  identity  verification  tools  to  LOCK  and  a  number   of  its  competitors.  It  is  a  major  part  of  LOCK’s  strategy  to  portray  itself  to   investors  as  a  high-­‐growth  tech  company  rather  than  a  services  business.  So  far,   however,  there’s  no  indication  that  ID  Analytics  is  actually  growing  or  benefitting  

LOCK’s  consumer  business.  Moreover,  it  appears  that  ID  Analytics’  business  is   getting  worse.  LOCK’s  enterprise  business  reported  operating  losses  of  $5.7   million  for  2012  and  $3.3  million  for  Q1  2013.  ID  Analytics  was  supposedly   (slightly)  profitable  prior  to  the  acquisition.  LOCK  itself,  by  the  way,  represented   16.1%  of  ID  Analytics’  revenues  for  2012.  It  appears  that  LOCK’s  plan  for  ID   Analytics  is  already  in  trouble.   http://www.idanalytics.com/   The  FTC…Again   ID  Analytics  is  involved  in  an  FTC  inquiry.  In  December,  2012,  ID  Analytics   was  one  of  nine  companies  contacted  by  the  FTC  in  an  investigation  of  data   brokers.  The  FTC  demanded  that  the  companies  turn  over  information  on  how   they  collect  data  on  consumers  and  how  they  use  it.  The  FTC  is  concerned  that   companies  are  collecting  and  selling  data  without  complying  with  consumer   protections  required  by  law.  Under  the  Fair  Credit  Reporting  Act  (FCRA),  for   example,  consumers  must  be  given  the  opportunity  to  correct  inaccurate   information  in  their  credit  histories.  In  June,  2012,  the  FTC  levied  a  fine  of   $800,000  against  a  company  called  Spokeo  for  violations  of  consumer   protections.  Spokeo  provides  personal  financial  information  to  employers  for  

background  screenings  on  prospective  employees.  The  company’s  data  was   riddled  with  errors  and  consumers  had  no  ability  to  review  it.  Spokeo,  by  the  way,   was  also  accused  of  using  its  own  employees  to  post  fake  reviews  and   recommendations  on  websites.  ID  Analytics  may  be  at  risk  if  the  FTC  determines   that  it  is  selling  personal  data  to  businesses.     http://www.latimes.com/business/technology/la-­‐fi-­‐tn-­‐federal-­‐trade-­‐commission-­‐ to-­‐data-­‐brokers-­‐show-­‐us-­‐your-­‐data-­‐20121217,0,3071455.story   The  ID  Analytics  deal  appears  to  be  all  about  perception.  In  investor   meetings,  Davis  often  compares  LOCK  to  expensive  software  stocks  like   salesforce.com  and  NetSuite.  ID  Analytics  was  supposed  to  operate  as  semi-­‐ independent  technology  developer.  This  statement  appeared  in  the  press  release   announcing  the  acquisition:  “ID  Analytics  will  continue  to  operate  independently   as  a  wholly  owned  subsidiary  of  LifeLock  and  will  continue  to  operate  under  the   leadership  of  its  current  CEO,  Bruce  Hansen,  who  will  report  to  Todd  Davis.”  Alas,   Hansen  left  ID  Analytics  as  soon  as  the  ink  was  dry  on  the  deal.  He  was  replaced   as  CEO  by  Larry  McIntosh,  ID  Analytics’  former  Chief  Marketing  Officer.  McIntosh   does  not  appear  to  be  any  kind  of  tech  expert.  He  has  a  background  in  marketing   and  advertising,  including  many  years  at  Pepsi  /  Frito  Lay.  ID  Analytics  will  need  

new  technology  as  it  faces  increasing  competition.  Experian’s  recently  expanded   Precise  ID  product,  for  example,  competes  directly  with  ID  Analytics.  It  is   interesting  that  LOCK  only  attributed  $29.4  million  of  ID  Analytics’  intangible   assets  to  acquired  technology,  16%  of  the  purchase  price.  I  suspect  that  LOCK   mainly  purchased  ID  Analytics  to  achieve  a  higher  valuation  from  investors.   http://www.experian.com/decision-­‐analytics/identity-­‐and-­‐fraud/fraud-­‐detection-­‐ and-­‐prevention.html   Valuation   LifeLock  has  the  valuation  of  a  high-­‐growth  technology  firm.  Here  are  some   of  the  key  financials:   Total  revenue:     2012:     Q1  2013:   Adj.  net  income:     2012:         $276.4  million  (excl.  2.5  months  of  ID  Analytics)   $82.1  million   $22.0  million  (incl.  $13.7  mil.  tax  benefit)  

Q1  2013:     $573,000    2012:     $30.3  million  

Adj.  EBITDA:        

Q1  2013:     $1.9  million  

FCF:        

   

2012:    

$40.9  million  

Q1  2013:     $11.5  million         $39.9  million   $0.41  

Tangible  BV:    

Tangible  BV  /  Share:    

 In  its  Q1  2013  earnings  release,  LOCK  guided  to  the  following  for  2013:   Total  revenue:         $347  –  $355  million   $0.32  -­‐  $0.36   98  million   $38  -­‐  $42  million    $43  -­‐  $48  million  

Adj.  net  income  /  share:       Total  shares:     Adj.  EBITDA:     FCF:                  

The  market  capitalization  is  approximately  $1.1  billion.  LOCK  ended  Q1   2013  with  $145.3  million  in  cash,  so  EV  is  approximately  $950  million.  The  stock  is   trading  at  25X  tangible  book  value.  Using  LOCK’s  estimates,  the  stock  trades  at   forward  multiples  of  approximately:  23X  EV  /  EBITDA,  32X  P/E,  20X  EV/FCF,  and   2.6X  revenue.  So,  can  LOCK  achieve  the  kind  of  growth  in  2013  and  beyond  that  it   needs  to  justify  these  multiples?  There  are  indications  that  it  cannot.  

LOCK  is  spending  huge  amount  of  money  to  attract  new  customers.  Despite   its  many  problems,  the  company  reports  2.6  million  members.  LOCK  achieved  this   level  by  raising  a  lot  of  money  from  investors  and  spending  it  on  advertising.  LOCK   has  about  100  million  shares  outstanding  because  it  repeatedly  sold  preferred   stock  as  a  private  company  to  fund  its  (unprofitable)  growth.  This  ad  spending  has   accelerated  in  the  past  three  years.   Annual  sales  and  marketing  expenses:   2008:  $80.9  mil.     2009:  $77.8  mil.     2010:  $78.8  mil.                       Advertising  spending:   2010:  $42.7  mil.   2011:  $54.6  mil.  (+27.9%  y-­‐o-­‐y)   2012:  $66.0  mil.  (+20.9%  y-­‐o-­‐y)  

2011:  $91.2  mil.  (+15.7%  y-­‐o-­‐y)   2012:  $123.0  mil.  (+34.9%  y-­‐o-­‐y)   Q1  2013:  $41.8  mil.  (+37.7%  y-­‐o-­‐y)   So,  LOCK’s  sales  and  marketing  expense  for  just  the  first  half  of  2013  will   likely  exceed  sales  and  marketing  expense  for  all  of  2010.  LOCK  provides  statistics   on  the  average  cost  of  acquiring  a  new  member.  Average  cost  of  acquiring  a   member:  

2008:  $82     2009:  $126     2010:  $152    

     

     

     

     

2011:  $130     2012:  $150   Q1  2013:  $156  

 

 

 

 

LOCK’s  numbers  show  that  the  cost  of  acquiring  a  new  member  has  nearly   doubled  over  the  past  five  years.   Let’s  look  at  year-­‐over-­‐year  comparisons  for  gross  new  members  for  the   past  three  quarters:   June,  2011:  180,000             June,  2012:  169,000   (-­‐11,000)   (+14,000)   (-­‐7,000)  

September,  2011:  173,000   December,  2011:  205,000   March,  2012:  208,000    

September,  2012:  187,000   December,  2012:  198,000   March,  2013:  249,000  

(+41,000)  

LOCK’s  membership  growth  in  Q1  2013  was  likely  aided  by  the  launch  of   the  Giuliani  ad  campaign.  LOCK  provides  the  numbers  of  total  members  and  gross   new  members.  These  numbers  can  be  used  to  calculate  net  new  members  and   dropped  members.  Let’s  now  look  at  membership  (in  mil.):  
        2008   2009     2010     2011     2012   Q1  ‘13  

Total  Members  (in  mil.)    

1.331   1.621    

1.748    

2.075    

2.480   2.636  

Gross  New  (in  1000s)   Net  Adds  (in  1000s)   Dropped  (in  1000s)    Y-­‐O-­‐Y  Growth  (%)   Duration  (years)  

         

924          

618   +290   328   21.8   4.5  

         

517   +127   390   7.8   4.3  

         

704   +327   377   18.7   5.1  

         

762   +405   357   19.5   6.4  

249   +156   93   19.5   6.9  

Member  Duration  =  (avg.  #  members  for  period)  /  (#dropped  members)   As  the  table  shows,  LOCK  loses  350K  –  400K  members  per  year.  LOCK  must   increase  its  total  membership  by  approximately  500K  per  year  in  order  to  meet   analysts’  estimates.  LOCK  averaged  about  287K  net  additions  per  year  from  2009  -­‐   2012.     LOCK  is  spending  millions  of  dollars  to  attract  customers  that  may  never  be   profitable.  It  makes  a  big  deal  out  of  its  member  retention  rate  (87.2%  at  Q1  ‘13),   but  this  statistic  is  not  very  useful.  According  to  the  10-­‐K:  “We  define  member   retention  rate  as  the  percentage  of  members  on  the  last  day  of  the  prior  year  who   remain  members  on  the  last  day  of  the  current  year…”  It  is  not  a  measure  of  the   annual  renewal  rate.  It  also  does  not  capture  people  who  subscribe  by  the  month   but  cancel  in  less  than  one  year.  In  any  case,  the  current  member  retention  rate  is   actually  lower  than  it  was  in  2008  (89.8%).  LOCK  needs  its  members  to  renew  in  

large  numbers.  Based  on  revenue  and  expense  numbers,  we  can  estimate  the   payback  period  of  a  new  member.  
        2010     2011         2012     Q1  2013   $9.80   $156   71.0%   22   46.1%   35  

Monthly  rev.  /  member                                                            $7.94                                    $8.54   Acquisition  cost  /  member   Gross  margin  %           $152     $130  

$9.28     $150    

68.3%     28    

67.7%     22    

71.1%     23    

Payback  on  gross  profit  (in  mos.)   Op.  profit  %  ex.  sales  /  marketing   Payback  on  op.  profit  ex.  s&m  (mos.)  

40.8%     47    

49.5%     31    

49.2%     33    

So,  based  on  the  current  numbers,  a  customer  becomes  profitable  on  an   operating  basis  after  slightly  less  than  three  years  of  membership.  I  believe,   however,  that  this  number  is  misleadingly  low  because  LOCK  could  not  actually   operate  its  business  with  zero  sales  and  marketing  expense.  LOCK  must  spend   enough  money  on  sales  and  marketing  to  replace  dropped  members.  I  can   estimate  this  cost  and  calculate  a  new  payback  period:    
                          2010     2011     2012   Q1  ‘13  

Monthly  rev.  /  member     Acquisition  cost  /  member  

$7.94     $152    

$8.54     $130    

$9.28   $9.80   $150   $156  

Dropped  members  

(in  1000s)  

 

     

390  

 

377  

 

357  

93  

Marketing  to  replace  dropped  (in  $millions)   Op.  profit  %  ex.  sales  &  marketing   but  incl.  replacement  marketing   Payback  period  (in  months)        

$59.3     7.8%    

$49.0     24.2%    

$53.6   $14.5     29.8%   28.5%  

 

245  

 

63  

 

54  

56  

So,  based  on  the  Q1  2013  numbers,  the  payback  period  on  a  new  member  rises  to   4.7  years  when  the  marketing  expense  to  replace  dropped  members  is  included.     LOCK  needs  to  be  a  lot  more  efficient  to  meet  profit  expectations.  The  

(bullish)  analysts’  forecasts  for  2014  operating  margins  range  from  7.5%  to   12.25%.  LOCK’s  operating  income  was  only  $13.1  million  in  2012,  4.7%  of   revenues.  In  order  to  meet  long-­‐term  estimates,  LOCK  must  add  millions  of  new   members  while  reducing  its  costs.  I  do  not  believe  that  this  is  possible.  Nobody   else  in  this  industry  spends  as  much  money  on  direct-­‐to-­‐consumer  ads  as  LOCK.   By  the  time  that  it  completed  its  IPO,  LOCK  had  an  accumulated  deficit  of  more   than  $200  million.  LOCK  reported  operating  losses  of  more  than  $55  million  in   both  2008  and  2009.  LOCK  had  to  spend  hundreds  of  millions  of  dollars  on   marketing  to  achieve  its  current  market  share  of  approximately  7%.  LOCK  needs   rapid  growth  to  justify  its  high  stock  market  valuation.   LOCK  vs.  INTX  

LOCK  is  vastly  overpriced  when  compared  to  its  most  direct  pure-­‐play   public  competitor,  Intersections  (INTX).  INTX,  which  operates  IdentityGuard,   generates  99%  of  its  revenue  from  identity  protection  services.  The  services   provided  by  INTX  are  very  similar  to  those  of  LOCK.       Key  statistics:     EV                           LOCK                                 INTX   $160  million   $340.7  million   0.47   3.73   $33.5  million   9.6%   1.5   2.9   4.4   8.56%   4.2  million   $38      

$950  million     $300.1  million   3.2        

Revenue  (TTM)  

EV  /  Revenue  (TTM)   EV  /  EBITDA  (TTM)    

44.6    

Operating  Income   (2012)   Operating  Margin     (2012)   Price  /  BV          

$13.1  million   4.7%     4.5              

Price  /  Tangible  BV    

23.8     18.5     0%    

Price  /  Op.  Cash  Flow  (TTM)   Dividend  Yield   Subscribers     EV  /  Subscriber              

2.6  million     $341      

The  Street  clearly  likes  LOCK  a  lot  more  than  INTX  right  now.  One  factor  is   that  LOCK  has  six  analysts  who  follow  the  company,  while  INTX  has  zero.  All  six  of   LOCK’s  analysts  work  for  the  IPO  underwriters  and  rate  the  stock  at  “Buy”  or  

“Strong  Buy”.  All  of  these  analysts  promote  the  thesis  that  the  identity  protection   industry  is  in  the  early  stages  of  hyper-­‐growth.  I  believe,  however,  that  the   industry  may  be  in  the  early  stages  of  a  crisis.   INTX’s  situation  demonstrates  that  the  identity  protection  business  has   serious  problems.  The  company’s  stock  price  has  declined  by  more  than  50%  since   mid-­‐2011  because  its  revenue  growth  has  disappeared.  INTX  has  historically   acquired  most  of  its  subscribers  through  its  relationships  with  banks.  INTX  only   spent  $21.1  million  on  marketing  in  2012.  Unfortunately  for  INTX,  its  banking   partners  have  reduced  or  stopped  enrolling  customers  in  identity  protection   services.  The  reason,  according  to  management,  is  that  the  banks  are  under   pressure  from  the  Consumer  Financial  Protection  Bureau  (CFPB).  In  2012,  for   example,  the  CFPB  levied  a  $210  million  fine  against  Capital  One  Financial  for   deceptively  marketing  several  services,  including  identity  protection.  Due  to  the   slowdown  in  its  banking  business,  INTX’s  management  has  vowed  to  increase   consumer  spending  to  compete  directly  with  LOCK.  As  it  stands  now,  INTX   receives  the  kind  of  valuation  multiples  that  the  Street  gives  to  slow-­‐growth   services  business.  If  and  when  LOCK’s  growth  slows  down,  the  stock  will  be   extremely  overvalued.  The  bulls  on  LOCK  do  not  want  people  to  notice  this  fact.   The  Deutsche  Bank  analyst,  for  example,  does  not  even  list  INTX  as  one  of  LOCK’s  

comps.  It  actually  appears  that  the  DB  analyst  is  unfamiliar  with  LOCK’s  business.   He  lists  a  bunch  of  unrelated  companies  as  comps  for  LOCK  (e.g.,  Red  Hat,  Adobe,   Oracle),  but  not  actual  direct  competitors  such  as  Experian  and  Equifax.   Valuation   Here  are  the  current  Street  estimates  for  LOCK:         2013E     $0.34         2014E   $0.48   $423.8  mil.  

EPS  (non-­‐GAAP)   Revenue    

$351.8  mil.    

The  analysts’  price  targets  range  from  $12.50  to  $18.  These  targets  are  based  on   multiples  of  projected  2014  free  cash  flow  that  range  from  17X  to  27X.  These   valuations  only  make  sense  if  LOCK  can  grow  25+%  /  year  for  the  indefinite  future.   As  I’ve  argued,  LOCK  is  a  services  business  in  a  highly  competitive  market.  LOCK   has  about  $1.46  /  share  in  cash.  I  believe  that  LOCK  should  trade  at  no  more  than   1X  2013  revenues.  This  valuation  implies  a  stock  price  of  approximately  $5.00.    LOCK  Up  Expiration     The  expiration  of  the  IPO  lock  up  at  the  beginning  of  April,  2013,  allows  for  

the  possibility  that  major  investors  will  sell  their  shares.  LOCK’s  executive  officers   are  not  significant  stockholders.  Davis  only  owns  approximately  2%  of  the  

company.  He  began  to  sell  shares  as  soon  as  the  lock  up  expired.  Most  of  LOCK’s   shares  are  held  by  pre-­‐IPO  institutional  investors.  As  a  private  company,  LOCK   funded  itself  with  seven  rounds  of  preferred  stock  sales.  The  preferred  shares   were  converted  into  common  shares  when  the  IPO  was  completed.  A  large   number  of  these  shares  are  held  by  VCs:  Kleiner  Perkins,  Industry  Ventures,  and   Bessemer  Venture  Partners.  Goldman  Sachs  and  Symantec  Corporation  are  also   large  holders.  According  to  the  prospectus,  the  holders  of  about  56.8  million   shares  (3X  the  current  float)  have  registration  rights.  It  is  difficult  to  determine  an   actual  share  count  for  LOCK.  The  original  share  count  was  about  86  million  shares,   but  the  company  said  that  the  share  count  for  2013  will  be  98  million  shares.  The   stock  currently  trades  only  about  800K  shares  per  day.  The  analysts  are   (obviously)  promoting  the  stock  in  anticipation  of  multiple  secondary  offerings.   Conclusion   LifeLock,  the  identity  protection  company  that  could  not  protect  its  own   CEO,  is  a  company  that  should  have  died  long  ago.  If  you  have  read  this  far,  you   know  that  I  believe  that  LOCK  is  in  blatant  violation  of  the  2010  FTC  Order.  LOCK   continues  to  make  unsubstantiated  claims  about  its  ability  to  protect  against   identity  theft,  promotes  its  nearly  worthless  guarantee,  pays  people  to  promote  

the  company  on  the  Internet,  and  charges  for  services  of  little  value.  Anybody  can   look  at  LOCK’s  financials  and  see  that  LOCK’s  ad  spending  has  accelerated  since  it   was  accused  of  deceptive  marketing.  Aside  from  that  issue,  LOCK  faces  a  market   that  already  has  too  many  firms  providing  the  same  services.  Meanwhile,  the   need  for  these  services  is  shrinking  as  the  credit  card  companies  and  consumers   are  getting  better  at  stopping  identity  thieves.  Since  it  is  a  services  business,  I   believe  that  a  fair  value  for  LOCK  is  about  $5.00.  If,  however,  the  FTC  or  state   attorneys  take  another  look  at  LifeLock’s  business  practices,  then  the  stock  is   worth  much  less  than  that.     Legal  Disclaimer:   This  research  report  expresses  my  research  opinions,  which  I  have  based  upon   certain  facts,  all  of  which  are  based  upon  publicly  available  information.  Any   investment  involves  substantial  risks,  including  complete  loss  of  capital.  Any   forecasts  or  estimates  are  for  illustrative  purpose  only  and  should  not  be  taken  as   limitations  of  the  maximum  possible  loss  or  gain.  Any  information  contained  in   this  report  may  include  forward-­‐looking  statements,  expectations,  and   projections.  You  should  assume  these  types  of  statements,  expectations,  and  

projections  may  turn  out  to  be  incorrect.  This  is  not  investment  advice  nor  should   it  be  construed  as  such.  You  should  do  your  own  research  and  due  diligence   before  making  any  investment  decision  with  respect  to  securities  covered  herein.   The  author  may  have  a  short  position  in  this  stock  and  may  trade  this  stock.                                    

The World’s Largest Community of Buyside Professionals. Since 2008.

What Is SumZero? SumZero is the world’s largest community of investment professionals working at hedge funds, mutual funds, and private equity funds. With over 8,500 pre-screened professionals collaborating on a fully-transparent platform, SumZero fosters the sharing of many thousands of proprietary investment reports every year and offers several ancillary services in support of that effort. SumZero’s membership base is represented by analysts and PMs at nearly all of the world’s largest and most prominent investment funds.

SumZero Research
! ! ! ! Fast-growing research database with over 7,000 long-form research memos and 24,000 short-form pitches created by member analysts. Extensive search and filtering capabilities on a variety of standard metrics and proprietary data points. Deep, fundamental research supplemented with Excel valuations, PDFs, and PPT decks. Global, cross-asset coverage.

SumZero Community
! ! Access to a searchable rolodex of all SumZero members. Search by current and past employers, firm type, AUM, research performance, site ranking, sector/geographic/asset class expertise, job title, location, educational history, and more.

SumZero Cap Intro
! ! ! A searchable, two-sided platform designed to showcase SumZero’s top funds and managers through a qualitative, research-focused database. Exposure to a rapidly-growing group of over 50 large, institutional allocators. Participating investors are 50% family office/multi-family office, 25% fund of funds, 25% university endowment.

SumZero Careers
! ! Fast-growing compensation database with hundreds of entries from member analysts, detailing specifics on salary history, incentive fees, comp structures, and firm types. Access to internal Job Vault with dozens of exclusive listings at buyside shops.

Learn more at sumzero.com

Sign up to vote on this title
UsefulNot useful