Description

The Emperor's New Clothes

The following write-up is interchangeable with Hans Christian Andersen's The Emperor's New Clothes.  You may choose to read that tale here: http://bit.ly/19Umiv7 or continue on below for its present day value investors club parallel.

UCB1868 wrote this idea up a little over a year ago.  That write-up will undoubtedly be way better than this one and its only deficiency will have been that it was too early into the bubble to short this name.  The point of this post is twofold.  First, that the stock has more than doubled since the first write-up and second, that new information that has come out on LifeLock is too rich to put into the message board thread.  This is now a full short position for us.

LifeLock held its investor day at the W Hotel in New York City on March 12 2014.  It had all the warmth and charm of an aluminum siding salesman’s' award dinner.  The only exception being that aluminum is an actual product with structural integrity, and those aluminum salesmen actually have to know something about what the product does.

The conference was a half day long Kool Aid induced love fest for LifeLock, a product that I left knowing just as much about when I left, as when I arrived.  Not one member of the management team could truly articulate how the product works to preemptively catch would be identity fraud, or why anybody truly needs to pay for such a service given the other options that exist in the marketplace by industry leading companies that have spent multiples on technology and infrastructure and who give away the same services for free in many cases.

The five most interesting things I learned at the conference were:

1.  That a conference about a public company that begins with said public company parading out a paid-for Forrester research shill to scare the audience about the dangers of identity theft is not a real conference at all.  If you want to bring in an "industry expert" to talk about something in your industry, a) make that person impartial, b) have them give a talk during lunch or c) have them go last.  I knew right away what kind of day this was going to be when the CEO gives the podium up to Forrester only minutes after thanking everybody for showing up.  The talk, for what it is worth, had data that stood in stark contrast to other studies we have seen that show that the true cost of identity theft has fallen rapidly.

2.  That LifeLock should be valued like Facebook.  This is not a joke.  A link to the slide deck that Management used is below.  On slide 126 you see a number of Companies that LifeLock has identified as being in their valuation comp universe.  This shortlist was only made possible after a painstaking process to eliminate all but such non-trivial competitors in the Software, SaaS and security space as Netflix? (huh), Google and Salesforce.  Why a discretionary product with no real technology and only 3m purported active users should trade with this group is beyond me.  It is neither SaaS, Software nor Security, technically.  It's more like a magazine subscription. 

Link to the deck: http://1.usa.gov/1mNgPLC

3. That CEO Todd Davis is contemptuous and disparaging when it comes to insurance companies, but is promotional and exuberant when discussing the insurance that LifeLock provides.  From the Q&A: 

(from memory - but not an exact transcript by any means)

Analyst: I can purchase identity theft insurance from State Farm for as little as $25 a year, or even get it for free with my homeowner's policy.  How can you compete with that?

Davis: Well... we all know how insurance companies are when it comes to paying a claim.

Analyst: But your own service touts insurance as the backup.

Davis:  Well we stand behind our customers.  We have their back.

4.  That every member of the Management team when approached independently during the break session by yours truly could not answer any of my questions yet all managed to say "you will need to ask Todd" or "I would talk to the CEO" about that...  I lobbed such elaborate queries as "what percentage of fraud attempts does the service actually catch?" and "why hasn't one victim of the Target breach come forward to say 'thank heavens I had LifeLock!'" and "did you even compete for the business that Experian won from Target?"  Like any cult, all questions are forwarded to the cult leader sitting atop the throne petting the silken Siamese cat and lightening Tarragon infused incense sticks.  Ok - too dramatic, but you get the point.  At LifeLock, Davis calls the shots, weaves the tale, and pours the Kool Aid.  The rest is an elaborate side show of Jos A Bank buy one get 17 free suit wearing 'yes-men' who sing of the praises and the 'wow factor' of the LifeLock alert that customers receive when somebody tries to sign up for, say a bank account, in their name.  "Wow factor?"  It's basically a text message that says John Q Public, somebody is trying to open up a bank account at Chase.  Is this you?  Enter YES or NO.  I asked Steve Seoane, the Chief Product Officer how many "NOs" they actually get back.  The answer?  "You are going to have to ask Todd Davis."

5.  That the target market size for LifeLock's products is... wait for it... 240m people.  Yes.  The ENTIRE Adult US population.  While their "key target" is a mere 77m people, great mention was made of the robustness of the 240m number.

The conference, as entertaining as it may have been, was not the icing on the cake or the inspiration for slapping this idea up on VIC again.  UCB1868 alerted us to a new employee lawsuit against LOCK on these very message boards.  For less than the cost of a month of LOCK we were able to purchase the complaint online.  It was quite the read.

I simply cannot believe that LOCK has not had to file an additional 8-K to discuss several of the elements in this suit.  Below I list a couple of highlights from the suit, including a few items that Peters, an employee who was fired (having only been on the job for 30 days) has alleged.

PETERS v LIFELOCK

First, some background, from the complaint:

Michael Peters is an internationally recognized authority on information technology security. He has published numerous books and articles on the subject and has been a keynote speaker at several security conferences throughout the United States and overseas. Peters is a member of the Information Systems Security Association (ISSA) Hall of Fame. Only 42 people in the world have been inducted. He was inducted for demonstrating a superior level of expertise, effectiveness, and dedication to the advancement of the cyber security profession. Peters is also a fellow at the ISSA. This is reserved for only 2% of all international members based on their contributions to the cyber security profession. Peters is also certified as a Chief Information Security Officer, as an Information System Security Professional, as an Information Security Manager, as a Computer Examiner, and in Risk and Information Systems
Control.

Peters was contacted by a recruiter in early 2013 that was looking to fill a Chief Information Security Officer position for LifeLock.  Long story short, LOCK vets the guy for months, does background checks etc. and he gets the offer in May 2013 and starts work in July 2013.

Upon commencing work, Peters immediately began an initial risk assessment at LifeLock. Before his hiring, LifeLock had never conducted a bona fide risk assessment. Even in the preliminary stages of the risk assessment, Peters began to discover many instances of illegal and incompetent practices.

1. LifeLock employee Dave Bridgman told Peters that LifeLock’s current practice was to manipulate the customer alerts sent to its elderly customers. LifeLock would turn off or reduce the services alerting elderly customers to reduce the call volume received by LifeLock’s customer support center. Peters believed this was fraudulent since it sold its services to the general public without any disclosure that alert services would be limited for certain segments of the population.

2. LifeLock was in the process of finalizing a new product offering called PassLock. This system was designed to allow customers to include their passwords for up to ten accounts. PassLock would then crawl through hundreds of internet sites to check the username and password supplied by the customer and report back to the customer. The problem was that the database was not being protected with industry-grade encryption. The database was predicted to contain millions of customer credentials that would be devastating to consumers if a breach occurred. Moreover, the system was going to utilize a third-party cloud hosting business without that third party’s knowledge or consent. Technically, the PassLock crawling would be identified by most service providers as intrusive, illegal, illegitimate, and then blacklist the source address.

3. LifeLock’s security posture was at high risk. Peters determined that LifeLock’s internal capacity for governance implemented (policies, audit plan, change controls, architectural review, etc.) was at 47% of the minimum to protect LifeLock’s customers and their sensitive information.

4. Peters asked LifeLock to immediately hire at least 12 information security professionals to get LifeLock to the minimum level necessary for basic information security protection. LifeLock said it might hire two people during the next 12 months, but full staffing would take years, if at all.

5. LifeLock’s upper management decided to fire Peters after he met with Power and Stebbins and conveyed to them the preliminary results of his ongoing initial risk assessment.

HOW COULD THESE ITEMS NOT BE FILED IN AN 8-K ?

Peters filed a complaint with the FTC against LifeLock on August 19, 2013. That complaint is still under investigation. (is this the FTC complaint that they referenced in the 10-K?  Many thought that disclosure was related to the last suit)

1. Peters filed a complaint with the SEC against LifeLock on August 19, 2013. That complaint is still under investigation.

2. Peters filed a whistleblower complaint with the U.S. Department of Labor under the Sarbanes-Oxley Act on August 23, 2013, against LifeLock. OSHA investigates Sarbanes-Oxley complaints.

3. The Sarbanes-Oxley complaint against LifeLock was still active. However, more than 180 days has passed since the filing of the complaint so, on February 25, 2014, Peters notified OSHA of his intent to file suit in district court.

****

There are other elements to the suit that I have not reproduced here as they are immaterial to the case against LOCK.  Sure some employees may file suits out of spite against former employers and all of this must be taken with a grain.  We feel it highlights the pervasive ineptitude of management and a service that does not do what it says it does.  Layer on the investigations and this stock should have this kind of P/E.

VALUATION

Even if by some stretch of the imagination LOCK took subs from 3m to 4m people (they only went from 2.5m to 3m last yr), the valuation is absurd.  4m people at a $11 ARPU (ARPU is sub $11.00 now btw) = $528m in rev per yr.  Add $50m for the commercial business (where transactions are inexplicably declining) = $575m in revenue.

Give them a generous 25% EBITDA margin = $143m*   *(note that this is high end of mgmt's stated long term range of 20-25%)  (today EBITDA is less than 12%)

Tax this at 35% = $93m (they will pay taxes by the time they get here)

Use 96m fd shares out = $0.97c in eps.

So the stock today trades for 18x this very optimistic earnings scenario.

To go back to its previous $23 high, it would need to trade at 26x

Fair Issac, a virtual monopolist in credit scoring trades for 24x.  LOCK isn't FICO or PayPal.. why should it get this multiple?

Their desperate purchase of Lemon Wallet (more here: http://tcrn.ch/1cq9Jmb) which has no sales or real technology shows that they are grasping for anything to be able to tell the street as far as digital.  Also - each new customer they get becomes more expensive to onboard (marketing-wise) than the last. the low hanging fruit has been eaten.

I think that LOCK will be lucky to earn $0.60 any time soon and I would cover at $12, which is 20x that figure, at best.  If things really unravel, and more scandals unfold, it could easily go to $5.00.  This Company is as low quality as they come.

Catalyst