According to Caveatemptorblog the LendingTree attorney’s are not busy enough with their current and future legal troubles. They apparently are out on the prowl to censor a person that is leaving comments across many of the blogs. You can find the comment by “Seniorexe” here on LeadCritic. Yes, that same person left a comment on my blog too and yes I too received a letter requesting that I take the comment down.
“Our client LendingTree, LLC noticed a reader posting that appeared as a comment to a
posting on your blog entitled “Former LendingTree Employee Caught Stealing Data.”
The comment, by a person referring to himself as “seniorexe,” was posted on Tuesday,
April 22, 2008. The posting discloses a URL address of a LendingTree server
containing confidential consumer information. That URL is normally disclosed only
to authorized LendingTree lenders and their employees pursuant to a confidentiality
agreement, and is nonpublic information. The posting then encourages the readers to
use password hacker software to break into the LendingTree server.We ask that you remove this posting immediately. The posting is highly
inappropriate, and advocates your readers commit a crime. We would expect that you
would not tolerate such comments on your website.I would appreciate it if you would let us know when this posting is removed. “
I don’t think its telling anybody to commit a crime, but simply points out that better precautions should be put into place by LendingTree. This by no means is an instruction book on how to hack a site, in my opinion. Also, if a page is not password protected, which apparently those are no good at LendingTree anyway, then the page is public.
My suggestion would have been to let the blogs die down and the dust settle rather then bring more attention to subject by sending out all these requests.
Let me ask you…should the comment be removed?? Check these sources HERE and HERE
.
.
.
The DIGG case was the first one that came to mind after reading this….. while there were legal grounds to consider for an argument for removing the post (even though the legal threat which was complied with backfired bigtime), the leadcritic issue is an altogether different animal……. simply posting the URL of a portal / customer / lender / login and suggesting that it is easily hackable is not breaking any laws and the fact that LendingTree is naive enough to actually send a letter to blogs shows their complete naivete. You have to pick your battles and when you threaten legal action (especially against bloggers) you really need to have actionable grounds on your hands….which is not the case here.
The bigger question is: WHY AREN’T YOU POSTING THE CEASE AND DESIST FROM LENDINGTREE!
Didn’t you know that the reason legal letters were created so that you entertain your readers with them and generate traffic?
As Michael Arrington of techcrunch puts it, “C & D letters are free traffic” ……..
I’m a bit of a hypocrite though, I have a C & D from Lowermybills but didn’t have a blog to post it at when I got it… in any case, I called their bluff and never heard from them again….
you ask and you shall receive…letter has been added to the post.
Anybody know how to use these social networking sites like Digg and stumbleupon? Now would be a good time to use it
The only valid reason fo a cease and desist would be if you were slandering or posting illegally obtained info. If the url is confidential info, then yes, you as a blogger could be liable for posting it. But a) I’m skeptical the url is truly confidential info, b) lendingtree would have to prove they suffered damages due to your posting the url. Finally, having someone reply to a post where they advocate breaking laws is free speech. It is not illegal to advocate breaking laws except in rare instances like inciting a riot or consipracy to commit a crime.
The real person Lending Tree should be pursuing is the poster, not the blogger. When will people learn this?? You have every right to not have to sit around all day and monitor comments.
After all, the person responsible for putting information out there is the person who *said* it. Imagine 30 years ago suing a paper manufacturer because someone printed libelous statements on their home printer… Or, the printer manufacturer. Same thing, Lending Tree.
With that said, yes, *the poster* should be contacted, not the blogger. In fact, any good online lawyer knows how to contact ISPs to get real identities of posters.
Curly,
What you are saying is true only if the blog comments are completely unmoderated. If there is any approval process for comments, I think then its a gray area and I don’t think that’s been fully vetted in the courts. You could argue (if you are lending tree) that the blogger, if they are moderating posts, are serving an editorial function and thus on the hook somewhat – less like a paper manufacturer and more like a reporter quoting several sources in a newspaper artcile.
That said, I agree with curly, the poster is the priamry person lendingtree should go after
If the security in place at LendingTree is that bad that it rests on the login URL being kept secret, their problems are even bigger than what we’ve been reading in the press these past few days.
See http://en.wikipedia.org/wiki/Security_through_obscurity
But that’s not the issue here. They’re asking for the entire comment to be removed, not just the URL, which means they probably don’t want people learning about the business practices described in the comment.
Also ask yourself this: If the allegations made regarding LendingTree’s business practices weren’t true, wouldn’t they just come out and deny them?
I would personally like to see this go away silently. This type of bad press will ultimately cause consumers to have less confidence in the online request process which so many of us make our living from.
As many of you know I spent time at LendingTree and I can tell you first hand that their data security was far and above tighter than every other lead-gen company I have come across. This was a matter of a few dishonest employees who gave out confidential passwords. I can not comment on LendingTree’s current security but I know it is possible to deter this type of activity. LeadROI (the LMS company Root use to own) has IP validation, employees can only log into the system from admin approved IP addresses. While this doesn’t totally prevent situations like what happened at LT it certainly would make it more difficult.
Like it or not LendingTree is the most well known company in our space, bad press for them will ultimately mean bad press for us as an industry. So we should not be rejoicing in their current problems and pointing fingers.
I think we should all use this situation (both buyers and sellers) as a lesson to tighten our own security and not dwell on LTs current situation.
Sellers
Are you selling leads to other aggregators? If so what security measures do you have in place to be assured the consumer data you collected isn’t winding up in the wrong hands?
If you are using affiliates what are you doing to prevent affiliate fraud?
Are you still e-mailing leads to hotmail or yahoo e-mail accounts for LOs? How are you preventing them from redistributing them outside of the company?
Are you making sure your buyers are licensed mortgage brokers/lenders and not a thief ordering leads from his bedroom to get consumer data?
Are you sure your buyers don’t have rogue LOs reselling your leads?
Buyers
What measures do you have in place to prevent your employees from stealing data?
If you buy SS# leads are you giving your LOs access to them? If so have you looked into potential liabilities if one of them uses that information for criminal purposes?
Let’s turn this around into a more productive conversation rather than a witch humt.
Look forward to your comments.
Bill,
You bring up some very good points, however your request that this issue quietly go away I don’t agree with. I also don’t think it is bad for the industry either and in fact, quite the opposite. I would much rather this come out, be discussed until we are blue in the face and then set a new standard for security. Sweeping it under the rug for the sake of the industry is very short sited. You said it and I agree this should be a lesson to all of us.
The sad thing is that consumers don’t care until it happens to them and main stream media hasn’t even grazed this story and probably won’t.
When I say quietly go away, what I meant was that it’s in the best interest of all of us that this not get blown up in the mainstream media. If LendingTree is perceived as a unsecure process do you really think consumers won’t have the same feeling about ZipSearch, LowerMyBills, etc?
My point was we collectively should use this incident to look at our own security and as an industry prevent this activity from happening in the future. I can assure you that similar or worse things happen regulary in the short form space. Do you think an aggregator selling a lead to other aggregators or 10 lenders is really any better than what happened here? Most of the comments have been negative and looking to throw LT under the bus rather than productive.
As far as this becoming a big media story, it’s been all over the news here in Charlotte and all it’s going to take is one person’s identity being compromised as a result of this and I can guarantee it will go national. Wachovia just settled a lawsuit for $144 Million this week http://www.nytimes.com/2008/04/26/business/26banks.html?ref=business for unfair telemarketing practices no telling what could come out of this.
Bill,
Agreed and I think you will see positive things come out of this in the long run.
They strike again, if only we could all be so lucky to receive meaningless C & D’s as regularly as TechCrunch:
http://www.techcrunch.com/2008/04/29/oh-my-god/