Atomic Energy

White Goods are normally defined as those basic bland appliances we use around our house, usually the large ones: fridge, washer, dryer, dishwasher, oven/stove. This is a fairly staid market, and has been for many years. Whatever little innovation there is normally comes in terms of features added on. Thus, there may be a new “high-value” GE or Amana line, which may include digital temperature controls instead of a knob, or stainless steel instead of white exterior. All in all, though, this is a low-innovation market, signaled by the intense consolidation in the market over the last decade or two. Nowadays, when you buy a GE or Amana or any brand, it is likely made by only one of two companies, with a label slapped on it. This type of consolidation and outsourcing only occurs when there is little innovation and differentiation.

The one exception to this has been in cleaning products, where Dyson and iRobot have really created innovative products. Dyson’s vacuum cleaners are vastly more efficient than a typical Hoover, and do not lose power as time goes on. Further, Dyson created it using basic mechanics, physics that has been around for a very long time, not some new innovation in optics, chip design or software. iRobot, on the other hand, uses modern technologies to remove the bulk of cleaning effort from the hands of individuals in the first place. Dyson makes cleaning more effective; iRobot makes cleaning less labor-intensive.

There is one area that (despite Whirlpool’s protestations to the contrary) has had nearly zero innovation in a very long time, but should be subject to a very simple form: clothes washers and dryers. Sure, there are models that are more energy-efficient, more water-efficient, use electronic cycles, but in the end, clothes washing (agitated or tumble) and drying (tumble or “baking” in the European style), is essentially done the same way it has been for decades. The veritable trusted name-brand in washers and dryers, Maytag, was acquired by Whirlpool for $2.7BN back in 2005.

I believe that clothes dryers are a simple area to innovate, and are a classic case study in learning from your market. The average clothes wash cycle time for a top-loader or high-speed front-loader washer, American-sized 10kg machine, is 25 minutes. The average dry time for a similar full dryer is 60 minutes. If you watch anyone doing washes, you will see that they load the wash, when it is finished they load the dryer and another load in the wash. The wash finishes after 25 minutes, and the clothing sits there for another 35 minutes, waiting for the dryer to finish. Yesterday, for the first time, I saw someone who put two dryers in his house to avoid exactly this problem. Those of us in the operations business look at the model and instantly recognize that the dryer is the bottleneck in the process. While my colleague of yesterday had a workable, if expensive, solution, and I am sure Whirlpool appreciates his throwing an extra $1,000 their way, this is hardly the right way to go about doing it. Interestingly, the latest front-load high-efficiency washers on a normal cycle take closer to 45 minutes. While this may be necessary to save water, I am not wholly convinced it is not at least partially a ploy to distract those doing loads of the lack of innovation (and slow time) of dryers.

I believe that there is room for innovation if someone could invent and patent a dryer that efficiently and effectively dried a full load of clothes in the same 25 minute cycle, or at least close, they would quickly take a commanding position in the market or, alternatively, be able to quickly sell to a large existing player.

Wireless carriers are the company everyone loves to hate. No one denies that they bring an invaluable service. However, their legendarily awful customer service; lock-ins and contracts; early termination fees; obtuse bills; and obscene roaming charges force us all to wish there was a better way.

I believe that current trends will create new forms of wireless carriers that are likely to spell the death of the old ones, unless they find the ability to innovate and cannibalize their own market. Of course, their track record is not exactly enticing.

• Short-term: In the short-term, there is room for a carrier that will provide global free roaming, unlimited data, no contracts (= no subsidized phones), and excellent customer service. A company like this will have to draw its executives from the Internet sector, one where change is a given and customer service is a right, not a privilege granted by the company. This carrier will operate as Virtual Mobile Network Operator (VMNO), lease bandwidth in multiple countries (initially US and UK), will sell plans at a price that is below current standard plans but without the phone subsidy, and thus no commitment. Customers will be able to purchase a direct in-dial phone number in any country where the carrier operates (or even those where it does not), all of which will ring the mobile phone wherever the customer is. When the customer dials out, it will show the local number as caller ID. All calls will be local. If the customer dials a UK number, it deducts minutes from his/her 1,200 minute plan, but not long-distance charges; if the customer lives in the US but is in the UK, each minute is deducted from his/her 1,200 minute plan, but no roaming charges. With current VoIP technology and the ability to buy tower capacity as a VMNO in multiple countries, this carrier is viable right now. It will need to market directly to mobile (pun intended) traveling customers, such as executives, pilots, and consultants, and will need to price out correctly. Nonetheless, with sufficient capital, this is achievable at this very moment. The primary challenges are: sufficient capital to form the company; successfully leasing tower capacity from companies whose business model you are trying to disrupt; and a large enough initial market to sustain the company through growth.
• Long-term: In the long-term, 4G is coming. Whether LTE or WiMax, within a few years all mobile services in modern developed countries will be 4G. In the 4G world, voice and data are not 2 distinct mobile services; voice will only be VoIP, running over 4G data. In that world, your voice carrier could be your mobile carrier, or it might be Vonage, Skype, or some other, new mobile VoIP company. If you get off the plan at Heathrow, London, your voice is not roaming; it is just connected to the Internet and giving you voice. In many ways, this simplifies matters. Given the mindset of wireless carriers, it is to be expected that they will block all VoIP except those that they sell, at contracts, lock-in and premium. Again, we can expect data roaming charges to more than offset any lost voice roaming. However, for our mobile carrier disruptor, this world is even easier. Our upstart disruptor can focus solely on leasing data bandwidth, and leave it open to the Internet. Because it is data, much of the cost of roaming disappears. No longer does a call need to route through the local carrier, back to the home country, and then back again. As soon as you are online locally, you are online globally.

If someone could raise sufficient capital (several million dollars just as seed), hire the right executives, customer service people (love to see the ones from Tony Hsieh’s Zappos), engineers and dealmakers, this could start right now.

Undoubtedly, the hottest – and most critically analyzed – announcement of the last week has been Apple’s release of the iPad. I will take a slightly different perspective on it, looking at it from the perspective of the iPod. We will do this from two angles: marketing and long-term strategy

First, from the marketing perspective, I believe this device’s name is awful. Jokes abound on the Internet within a day of the release – and having spent almost a decade on Wall Street, I suspect it took less time than the fastest trade-processing system for the jokes to hit the trading floors – about whether it is an Internet device or a 21st century sanitary napkin. Apple has been very successful with its iMac, hugely successful with its iPod, and beyond all expectations with its iPhone. However, there is a concept of brand overuse, and there are appropriate extensions and inappropriate ones. Anyone with half life experience should have seen the associations coming; this is especially true for a master of marketing like Steve Jobs. It was always hip to walk around with an iPod – “oh, cool iPod” – and an iPhone, but most people tend to keep discussions of their bodily functions outside of the hip and cool space. “Is that an iPad?” “(blush) Oh, no, just a tablet computer” is not a good sequence for generating demand. Microsoft ran afoul of this in a minor sense with its Zune. Zune sounds very close to the Israeli Hebrew slang word for intercourse. The irony is that an enormous percentage of Microsoft’s R&D is performed in the major Microsoft R&D Center in Herzliya Pituach, Israel. This should have raised a red flag. Nonetheless, Microsoft either didn’t notice, or decided that a 7MM person market is not worth the trouble of changing the name. In any case, Zune has hardly been a smashing success, for reasons that make its crude-sounding name a minor element.

In the issues of larger long-term strategy, I believe Apple may be suffering from a mixture of envy, technical limitations and confusion.

1. Envy: Apple owns and dominates the digital music market. By selling an MP3 player that was easy to use, hip and cool, Apple placed itself precisely where it needed to be to become the prime retailer of music, upending the decades-old music distribution system. For all that Amazon and Wal-Mart have done in this space, as well as other minor players, Apple deserves full credit for finding the way to disrupt the music market using the Internet; kudos to Steve & Co. However, in the book market, an existing retailer, Amazon.com, managed to successfully sell an eReader with an attached store, essentially grabbing a page straight out of Apple’s playbook. Further, with Amazon’s existing relationships with publishers, they became the perfect channel for it. Amazon is no technical upstart in the book distribution business; they are a dominant player in the business, and they moved into digital distribution by using Apple’s model. I believe Steve Jobs saw Jeff Bezos do this and went green with envy.
2. Technical Limitations: The Kindle is limited in many ways: it cannot do video, general documents, really surf the Web, work in many other countries, etc. However, at buying and reading books, the Kindle is superb. In the old Unix systems administration world, the software design philosophy was to do one thing, and do it extremely well. In that respect, the Kindle follows this philosophy. Buying books is easy; battery life with wireless on is now up to a week; the pages are crisp and clear, thanks to eInk technology. The iPad, on the other hand, uses colour and audio, with multiple wireless connections, which makes for a great multimedia environment, but tires the eyes and has a limited battery life of 10 hours. Granted, this is much better than most laptops or even the iPhone, but it is pathetic for long-term use. Most people are willing to curl up with a good book or two on the beach for days, but to have to go charge it? Definitely not.
3. Confusion: Apple seems to recognize its limitations, and thus seems to position the device midway between a reading revolution and a laptop revolution. In politics, this is called triangulation; in marketing, we call it confusion. If you go to Apple’s iPad page, the title is “the best way to experience the web, email and photos.”

With all of that, there is no question that the iPad (I cannot even write the name without wondering if StayFree is going to sue them or partner with them) is a very cool device. However, Apple has gotten quite confused and possibly envious. After a great run of iMac, MacBook, iPod and iPhone, I am concerned they are about to flop.

Many sectors, especially technologically-driven ones, have undergone at least one if not multiple revolutions in the last half century. Much of the technology-driven ones can be laid at the foot of two major technologies, fiber optics (for long-distance high-speed communications) and the integrated circuit, whose children include just about everything on silicon, and, in its microprocessor variant, follows Moore’s Law.

Two areas that have, frustratingly, followed evolutionary, and at times very slow evolutionary, paths are transportation and portable-power.

• Transportation: Transportation has undergone enormous changes since a hundred years ago. In World War II, barely 70 years ago, a major method of moving materiel and men was still horse-drawn, at least in the early years of the war. The first jet engines were invented in 1910-1930s, essentially immediately prior to World War I through immediately prior to World War II. Nonetheless, since the arrival of the commercial jet aircraft  with the De Havilland Comet immediately after World War II and the popular Boeing 707 in the 1950s, essentially jet travel has remained the same. People gather together at major airfields (now called airports), hand their luggage, check in, sit on a plane that may or may not have the range to make it to their destination without refueling, and fly at somewhat under 600mph. The only real attempts to improve on that model – the Concorde series which could reach speeds 30-50% faster than general commercial jet aircraft – went down in flames after one of its models, unfortunately, went down in flames, and after years of unprofitable services to its operators. Other efforts in recent years have included many predictions about private jet taxis or air taxis, which are really structured around resolving mid-range travel issues. Commercial transportation, on the other hand, still gets on boats that ply the same routes as the British Navy in the 1700s and still goes at less than 30 knots (nautical miles per hour). A person still ships from New York to London in 7 hours, while his large-scale cargo goes in a week or two. While information has democratized, decentralized and diffused, transportation remains as slow as ever. I do not know where the next revolutions will come from in transportation, but it is ripe for a revolution. We might be concerned for all of the poor TSA employees who will no longer have the pleasure of smelling our shoes and seeing us naked through full-body scanners, but it is a price we are willing to pay. On the other hand, the increased (and increasingly inane) so-called security measures foisted on the public will only drive innovation in transportation. In that respect, there may be an upside. It is also worth noting that, in most years, airlines have lost money, and lots of it. The number of airline bankruptcy over the years is quite large. A new model may not only improve everyone’s lives; it would also need to be much more economically viable.
• Portable-power: Also known as batteries, this is how we carry around power with us for usage in small and large objects, whether electric cars, iPhones, laptops, or everything in between. While power usage has improved over the last several years (and decades), this is largely due to improving efficiency in the devices themselves combined with minor evolutionary improvements in batteries. Batteries are improving on the order of single-digit to, sometimes, double-digit percentage improvements, over one to several years, in their ability to store power, while demand, driven by the systems that use them, are doubling in accordance with Moore’s Law. A number of researchers and firms are struggling with creating revolutionary battery (really portable-power) systems. Some are focused on hydrogen fuel cells, or micro-fuel cells; others are focused on biologic cells, for example, ones that use sugar or other biological fuel sources; an interesting research project is the air force’s work in betavoltaic cells, which use the decay of certain isotopes to generate power.

I believe both of these sectors are far underfunded and overdue for major revolutions that will affect almost every other sector there is.

Programming languages are an interesting area of technology. On the one hand, they are the indispensable basis for everything that is done in software, the Internet, embedded devices, essentially everything in technology, and thus are invaluable. Advances in languages – from assembler up to the latest high level languages – are what have made possible the creation of portable devices, Google, Facebook, Microsoft Word, and everything else we do. On the other hand, from a business perspective, they are the arcane “language” (pun intended) of techies. From the end-user perspective, all that matters is that it works.

For those aware of the underlying languages, the choice of language and their development is often the subject of fierce debates among technologists. Whether to develop a project in Java or .Net, client-side in Flash or JavaScript/Ajax, can lead to wars that are called religious. The latest trend in Web development is an interesting language called Ruby, developed by a Japanese programmer who was displeased with his choices, and the development tools and framework around it called Rails, developed by a small company called 37Signals, the company behind Basecamp, Backpack and other highly popular Web 2.0 applications. Nonetheless, advances in languages have had a significant impact on the ability and ease with which developers build and maintain applications. Of course, anything that is easier to build and maintain, means less effort, which equals lower cost and less time to get to results. These matter greatly to businesses, who focus on return on investment. The right technology can lead to lower costs, faster delivery, and a much better profile for investment and success.

However, from the side of the language itself, it is interesting to note that very few organizations have actually made money on the languages themselves. There really are only three types:

• Language Service Organizations: These are organizations that build up expertise and then sell that expertise. These are primarily consulting firms and training houses. Every time a new language comes along that has demand, those organizations smart enough to see which one will have broad adoption gain early expertise and a name, and leverage it to sell training and consulting.
• Proprietary Owners: The specific example here is Microsoft, which owns .Net (and various “Visual” languages before it). I cannot think of another firm that has owned a language and made money on it in a similar manner. Even Sun, which largely owns Java, has never made serious money directly off of it. Certainly, it has leveraged its ownership to develop commercial products around it, but little to no direct financial benefit.
• Tools Providers: These are organizations that sell tools to help in development, whether Integrated Development Environments (IDEs), testing tools, debuggers, and similar tools that assist developers.

Proprietary Owners has existed in rare circumstances. Most of the languages in use today have no one getting direct ownership benefit: C/C++, Java, Perl, PHP, Ruby, etc. There is some money in debuggers and IDEs, probably a reasonable amount of money in training and consulting, but nothing in direct language leverage. Further, many of the critical infrastructure elements, like application servers and frameworks – think Rails for Ruby, JBoss or Tomcat for Java, Cake or Kohana for PHP – are open-source. In other words, real money, the kinds of high-growth firms that investors like, are hard to find directly around a language. There have been what would largely be called “arbitrage plays,” where commercial software takes a lead before open-source fills in – WebSphere and WebLogic for Java before JBoss – but they are few and far between.

Given this background, the growth of a new language is important and interesting, critical to understanding where to invest your labour, but it is hard to see how to make scaling money off of them.

Why bring this up now? Arguably, the single most well-known language in the world is not Java, .Net, C/C++, Perl, PHP or even Ruby. Since there are far more Web developers than programmers – Web pages are easier and require less structured engineering thinking, in most cases, than server programs, and developers may sometimes develop complex Web pages – the language of choice on Web pages likely has the single highest knowledge and adoption rate: JavaScript. Until recently, JavaScript was relegated primarily to client-side Web pages, running in your local browser – Internet Explorer, Firefox, Opera, Safari, Chrome, etc. Lately, a concerted effort has been made to put in place the missing elements that would allow JavaScript to run properly on a server. These projects – almost entirely open-source – include CommonJS, NodeJS, SpiderMonkey, Rhino, Jaxer, Helma, mod_js, the list goes on and on, and are spreading at a tremendous rate. Further, serious JavaScript conferences have begun to take place, both focused on a particular set of tools and, notably, general JavaScript, like the JSConf that occurred in 2009 in both the US and Europe.

This leads to an interesting question. A lot of effort is being put into JavaScript as a server-side language, essentially a competitor to Java/.Net/Perl/PHP/Ruby/etc. Clearly much of this effort is in open-source. I am not interested in whether or not JavaScript should succeed, from a technical perspective; lots of technology products that should fail from a technical perspective succeed in the market, and vice-versa (VHS vs. Betamax, anyone?). From a market perspective, having the same language on client and server has enormous financial benefits for Web application developers. I am not advocating for or against this or any other language. I am, however, interested in:

1. Will JavaScript be the next hot language?
2. If it does, other than becoming an expert firm and offering training and consulting, where is there real money to be made?

The answers could be interesting.

Business Insider, in its 18 January 2010 edition, referenced an article from September 2009 in the Washington Post by Bo Peabody, the founder of Tripod, arguably the first social networking site, founded way back in 1995. For those who do not (or are too young to) remember, 1995 was the year the Internet really took off. Morgan Stanley (where I had the great pleasure of working in IT at the time) took public a virtually unknown company, called Netscape. It has been called “the birth of the Web” (although Tim Berners-Lee might disagree). Bo argues in his article that social networking is a bad business. Social networking sites lose money, they always lose money, and so perhaps they should simply be run as non-profits, like Wikipedia.

Bo’s proposition is interesting. I have always found social media very interesting, but primarily from an operational perspective. Quite simply, they need to burn oodles of cash getting very big – and thus taking advantage of the “network effect” as it is know to economists – running massive bandwidth and server operations, along with significant (and expensive) expertise. The challenges inherent in growing a business to that scale at that speed are fascinating. Nonetheless, I have always largely avoided getting involved with them from an equity perspective. I love using social media: Facebook, LinkedIn, Twitter, they all provide invaluable services… but not necessarily valuable services. I am skeptical that anyone would use them if they had to pay, which is why they rely on advertising, which does not pay off in the majority of instances. The exceptions are those sites that provide niche services – nice in terms of either target audience or purpose – like LinkedIn. Thus, these sites are a social good, but an investment waste. The challenge, of course, is whether or not anyone would have gone to the trouble of founding these sites and inventing the ideas – and sometimes the technology – without the hope of serious payoff (a.k.a. exit).

In some ways, this is similar to work I have been doing on ice skating rinks. I spend a lot of time in Israel. Israel, a tiny (about 20,000 sq km), semi-arid country, with hot summers and mild winters, has a population of 7MM, and exactly one regulation-sized ice skating rink. Over the last decade, an enthusiastic hockey and figure skating movement has grown in Israel, comprised of US & Canadian expats, Russian emigres, and some natives. Indeed, Israel is about to hold its third international ice hockey tournament, with six teams, half of whom are traveling from overseas. The tournament is being covered by European and North American news networks, including the Canadian Broadcasting Corporation (CBC), and will include two NHL Hall of Famers, Darryl Sittler and Paul Henderson. The problem is that 70% of Israel’s population lives in the center of the country, but the one regulation-sized rink is at the country’s near-northernmost point, the town of Metulla, on the border with Lebanon.

It is clear that ice sports will not take off substantially in Israel until facilities are built within a reasonable driving distance of the 70% of the population, somewhere around Tel Aviv or between Tel Aviv and Jerusalem. As such, over the last 5 months, I have explored the economics of building and managing a facility. The net result is that building an ice rink is good for society, but bad for business. Because of economies of scale, no commercial rink is built with fewer than two sheets of ice, i.e. two facilities in one building. The cost of such construction, fully loaded, is $8-10MM USD. In the best of years, such a facility will generate around $2MM in revenue and incur around $1.3MM in operating expenses. Essentially, $10MM in investment leads to pre-tax free cash flow of $700,000, or a 7% return on investment… in the best of years. Most sane investors can find somewhere else to put their money, and do. This is why most facilities in the US, Canada and Europe are built as single sheets by a municipality, which is in the business of providing social goods that don’t make sense for businesses to provide. They view the investment as a community investment, not a financial one, and as long as the facility does not lose money each year, or at least not too much, they are satisfied (and the mayor gets re-elected).

From this perspective, social networking may be very similar to ice rinks: they provide an important social good, but are financially a waste.

As for the Israeli ice rink? I am still looking for a group of investors who love Israel, love ice sports, and are willing to donate to both at the same time.

Most businesses – and non-profit and government organizations, for that matter – fiercely protect their turf. In the case of business, it usually means not doing anything that might jeopardize the core income stream. For example, Microsoft has been loathe, at various stages in its history, to move towards the Web, cloud computing, or anything that might put a dent in its core operating system, desktop software and business server businesses. This is understandable. If your business made $58 BN in revenue from these core products in the last year, anything that would reduce dependence on your products, and thus that number, by providing more cost-effective solutions to your customers, would feel like suicide to you. The beauty of our market-based capitalist system, is that even if the incumbent players or regulators cannot (or do not want to) see a better way, someone else can, and can successfully sell it. It is probably fair to say that the only reason Microsoft released any such products is due to competitive threats, at various times, from Netscape, Yahoo, Google and others.

Clayton Christensen, in his brilliant Innovators series of books, calls this disruption of the market. In simple (and overly simplified) terms, you cannot beat a large incumbent at their own game, but if you can disrupt them in a way that changes the rules of the game, provides compelling benefits to customers, and moves in a way that the large player cannot – due to perceived gross margins, cultural inability to shift, existing relationships, or protection of a core market – the underdog can and often will win. Christensen recommends that incumbents can avoid this trap by disrupting themselves out of business. Essentially, they need to become their own competitors. In business terms, we call this a type of cannibalism: you cannibalize your own market-share by selling a product or service that is better for customers than the existing ones, by creating your own internal (or external) disruptive start-up. Of course, the devil is in the details, and few firms can succeed at doing so.

Every now and then I come across a business, large or small, that successfully cannibalizes its own business and grows because of it. Yesterday, I met a small Web design shop, just a handful of employees, that nonetheless cannibalized its own business, at least partially, and impressed me.

In most respects, Web Design Insight is like every other quality custom Web design shop out there. They have design talent, programmers, and provide high-quality service. However, unlike most such shops, they saw a pattern, saw a competitive opportunity, and decided to grab it themselves. WDI does a lot of work with synagogues. Synagogues are, as most readers know, Jewish houses of worship that also function as community centers. In general, they use the Web to publish information about themselves, whether static “we are Congregation So-and-So,” or more dynamic weekly updates. In addition, they have the usual activities of most non-profits, especially religious ones: keeping in touch with members, raising funds and membership dues, etc. Finally, they have the unique needs of a Jewish house of worship: language, as most Jewish ritual is in Hebrew and English; calendaring issues, as Jewish ritual revolves around the Hebrew calendar, distinct from the Gregorian one in common civil usage; unique lifecycle events, such as birthdays on the Hebrew calendar, bar/bat mitzvahs, etc.; times of prayer that vary weekly based on season and location; and many others. Thus, what a “normal” non-profit might be able to purchase for $15-20k, a full-service Web site for a synagogue would require significant amounts of custom work, boosting prices to multiples of that, perhaps as high as $50-60k. (These prices are my estimates; I have no actual pricing information from WDI). For a Web design shop, this is a book: lots of custom work means lots of consulting, with gross margins on each hour sold. Yet the husband-wife proprietors of WDI decided to cannibalize their own business. They built a product called Synagogue Launcher, which likely sells for a fraction of what a custom solution would. They took the common work in all of the synagogues, did it once in a generic fashion, and sell it as a synagogue platform. In doing so, they have robbed themselves of their own consulting revenue, i.e. cannibalized their core business, to create a new one. They disrupted their own business, took a big risk, and hopefully are reaping the benefits. They deserve credit… and if only the larger businesses could do so as well. At the same time, that would leave little opportunity for all of the entrepreneurs out there, so we should be grateful.

On the reverse side, I heard Esther Dyson speak 3-4 years ago. Esther is a fixture in the tech community. She also sits on the board of the advertising conglomerate WPP Group. As part of her address, Esther noted that WPP had recently acquired a small, brash interactive media player (whose name escapes me at the moment). When asked about the rationale for the acquisition – to be blunt, large companies tend to smother the creativity of smaller dynamic firms that they acquire, making acquiring a small firm whose success depends on its culture highly questionable, see in dictionary: IBM and _____ (you fill in the blank) – she said openly that they acquired the firm for it to be a catalyst for change in WPP. The world was moving rapidly towards dynamic, interactive, hyper-local advertising, and WPP needed to change. She (and assumedly the WPP board) viewed this acquisition as the kernel of change, the grain of sand that irritates the oyster leading to the pearl. In essence, WPP was trying to acquire a disruptor, rather than create one, but in doing so, it actually wanted to disrupt. I found two points very notable:

• WPP recognized it needed cultural change, and openly admitted it could not do so on its own. Whether or not it had tried and failed, they didn’t say. This public openness is refreshing, and is good.
• WPP’s board is incredibly naive in believing that some small, recently acquired group could effectively change the culture of a company with 140,000 employees across 107 countries. This naivete is bad.

So we have three examples:

• Microsoft, who refuses to disrupt itself until forced to, and poorly at that, and only then after it fails to crush the disruptors.
• WPP, who recognizes the need for change, yet tries to buy it from the outside, and shows naivete.
• WDI, who openly and willingly cannibalizes its own young business to serve its customers.

The world is always changing. The smart players are, like Gretzky, going to where the puck is going to be, not where it is.

Last week, Ars Technica had a great in-depth article on ENUM. For those who do not know, ENUM is a standardized method to use Internet technologies to translate your old, staid, telephone number (e.g. +12125551212 or +442076555555) into an Internet device connection. That connection could be simple voice, such as allowing you to use a VoIP connection rather than going through the PSTN (public switched telephone network) that we all love/hate, or even identifying a Skype user ID or email address based on the telephone number.

ENUM really has two purposes, which are related but are not exactly the same. The first is evolutionary, the second more radical.

1. Free from the carriers: If you enter a telephone number, you are essentially telling your phone company or carrier, “go to this country, this area code, lookup this number, find out which carrier holds the number, then connect to them and through them to a particular phone.” You are connecting through carriers, the same way you always have done. But now, you have VoIP phones. You are no longer directly bound to a traditional carrier; you may not even be bound to a carrier at all. There are well-defined ways of publishing your VoIP phone contact info over the Internet. ENUM allows you to publish a number and say, “hey, connect to me through the Internet at this VoIP address, which is how you would get to me.” You are setting yourself free from the carriers (at least to some extent). In the (almost) words of Sting, “if you love some(ph)one, set them free.” This is evolutionary, it assumes phones are pretty much the same as they always were and serve the same purpose, but we want to have a better, freer, cheaper route to get to them.
2. Universal identifier: Somewhere down the line, Internet people began to realize that we have a lot of identifiers. We have one or more email addresses, Skype IDs, Gmail IDs, Yahoo IDs, the list goes on and on. Wouldn’t it be great to have a single identifier that is me but can access all of the other parts? In essence, we are looking for something like a really smart email list. Just like I can set up an email list mygroup@atomicinc.com and have it send the email to 5 different email addresses, I want a single identifier that will allow anyone to reach me, and is smart enough to say, “I am trying to reach you via email, tell me which way to go,” or “I am trying via Skype, which way?” Since everyone has a phone number, the theory goes, why not use the phone number as that unique identifier, and have a system, let’s call it something really catchy, say, “ENUM,” to translate from the person’s unique identifier to the various methods of reaching them.

The first method is slowly gaining some ground, but not very much. e164.org, probably the largest and most well-known Public ENUM provider, says it has just under 47MM allocations. Considering that the total possible numbers under current numbering schemes is just under 100BN, and the US alone is estimated to have close to 300MM phone lines, these numbers really are tiny. e164.org does not publish how many are actually in use. There are two great challenges to adoption, one from the user side, one from the carrier side. From the user side, it is useful for dialing in, terrible for dialing out. Let’s explain why. If I am calling you, I don’t need to publish my ENUM, I just need yours. In having yours, I can get a much cheaper route to you. But you gain nothing from it. Similarly, when you try to call me, it is really useful to you if I have published my ENUM, but I gain nothing; you are the one who saves on all the carrier interchange fees. The net result is that the only real incentive to publish ENUM is, well, none. Who is left? The carriers. The carriers, who probably provided you with a telephone number, like these interchange fees. Sure, it would be nice if someone contacted them directly, but in the interim, everyone is getting a small piece of the pie, with the whole pie provided by the call originator. All in all, not a great recipe for them to publish ENUM either. Finally, as pointed out in the Ars Technica article, ENUM explicitly puts control of the number in the hands of the end-user, i.e. the phone subscriber. Needless to say, the carriers are not exactly going to be thrilled about relinquishing control.

From a universal identifier perspective, I do not believe ENUM will take off, due to sheer usability and control issues. From the control perspective, most numbers are still controlled by carriers. Unless and until it becomes easily possible for someone to purchase (not lease, rent or otherwise) a telephone number and directly control it, carriers will be the gateway for telephone numbers, which means users will not view them as their own. Yes, you can buy low-cost DIDs from many forwarding and ITSPs, but these are still owned by them and they remain the gateways. As long as this holds true, people will not view them as their unique identifier, but rather tied to whatever phone line they have, not to themselves. Additionally, in many countries and especially the United States, people do not want to be globally identified by a number, with apologies (but not too many) to former New York State Governor Eliot Spitzer. People would prefer obscure email addresses over even more obscure telephone numbers. Finally, it is easier to remember steve@apple.com than some long-winded telephone number. And while it is true that .com implies (but does not insist) on a US focus, +16055551212 is very clearly a US number. People are more global nowadays. On the other hand, steve@apple.com is a work address, and people change a lot. Further, people don’t want some material going through work, whether because it is a waste of work time, personally sensitive or any other reason.

The real question, then, is whether any unique global identifier would work. The answer, in my opinion, is a qualified yes. I think many people would be happy to have a unique identifier, that I can simply give someone my ID, whatever it is, most likely in email format, and they can use it to get everything about me. It is qualified, because I believe people want to maintain control. I don’t want every spammer to have my email address, I want business associates to have my work email and phone but not my mobile, and I may not want my home contractor to have my work number. I believe that if someone came up with a unique identifier system that could be used for real-time lookups across systems, while providing reasonable and non-burdensome access control for the owner of the data, it would likely be successful. Whether or not it can make money, and how it fits with existing social networks, is an entirely different topic.

Ask VCs, most will tell you that Information Security is, well, old. It has been around for a long time, and a lot of money is flowing into newer, hotter areas. While I cannot fault investors for looking for areas that will have the best combination of future follow-on investment, rapid growth and a high-value relatively quick exit, I believe InfoSec is still overlooked.

When following information security, I feel like I am listening to the scientist who said, at the turn of the century (right around the time that an obscure patent clerk in Bern was writing obscure papers that might have a minor impact on physics), that “Physics is Dead.” Perhaps it is similar to Francis Fukuyama’s “End of History” proclamation.

Information Security is not dead, it is live, it is hot, and it is a great sector to be in. InfoSec is great for the same reason that rifle design or tank design is great: the other side is always getting better. InfoSec is the combat divisions in a war, which, if you want to win, need have the best intelligence, be well-equipped, and always be ready, or the enemy at the doorstep is likely to conquer. Every organization in the world now has significant online activity, including funds and banking. Every one has levels of security behind which hide very sensitive and valuable data. If Willie Sutton were alive today, he wouldn’t go to the banks because, “that’s where the money is;” he would go to the laptop. Given that access is just as easy for a 14-yr-old from a low-level-law-enforcement country as it is for a 20-year veteran in the United States, and that the 14-yr-old likely has a far less developed sense of scruples or morals, the list of people willing to become the “digital enemy” is almost unlimited. Thus, the defenses and weapons (and thus budgets) that legitimate organizations need to deploy is constant and growing. And all this is before one takes into account the various compliance requirements such as HIPAA, PCI-DSS, SEC, Sarbox, BASEL II, etc.

I believe several areas will be particularly hot in the coming years:

• Authentication: Mail accounts, Web logins, cell phones, credit cards, the list of methods of identity theft is growing by the day. I believe that organizations, by desire or by force, will look for much better methods to authenticate each individual and partner than the standards available nowadays. The challenge, of course, is that most better methods available are intrusive and expensive, e.g. authentication tokens like RSA, or sidechannel SMS one-time codes. I find the keyboard typing pattern firms, like BioPassword, interesting. Nonetheless, they can still be spoofed, and are too sensitive to the person’s behaviour, such as typing while eating a burger, or using the left hand because of a cast. I am awaiting a new, better two-factor authentication that is harder to spoof, less sensitive to legitimate divergent behaviour, and relatively inexpensive.
• Transactions: Transaction changing, known as man-in-the-browser (MitB) attacks, (why are these called man-in-the-browser? I am fairly neutral on this issue, but if we are all equal, then it cuts both ways) are particularly nasty and hard to beat. In essence, all of the work we do to secure our transactions – encryption, digital signatures, etc. – all rely on some complex mathematical functions or relatively secured memory tokens like cookies. These are far too complex to perform in our heads, so we rely on our computers (and browsers) to do them for us. MitB attacks is like having the bad guys already in your house; the alarms and bars on doors and windows won’t do you much good then. A better method of securing the browser is one alternative, while authenticating each transaction – which is back to the difficult and expensive if we don’t trust the browser to do the complex work – is another. Neither of these, in its current implementations, is going to take off anywhere near as quickly as the evil they fight, namely MitB.
• Authorization: In small organizations, authorization is easy: either I am allowed to do something or I am not. In large, consumer-facing organizations, it is not that much harder: each person has an account and can do anything to that account, and only that account, that any person can to their own account. Internally to midsize to large organizations, however, authorization is particularly messy. Permissions can be controlled by who you are, your job, your relationship to a particular piece of information, your relationship to someone else, the list goes on. Role-Based Access Control (RBAC) has helped a lot, but still has limitations. These limitations by definition mean organizations put in place workarounds, which open up security holes. I believe we are going to see growth in better user authorization management that is both easier to use and more secure.
• Cloud Security: Cloud services are great: you basically can buy resources on demand and use them. However, they open up security holes that need to be addressed. While some services sweep the issues under the rug (bad), and others tell you what they are (better), for a firm with data and transactions that really need to be secure, whether because of their own internal needs or due to compliance, cloud is not an option. For example, right now, you cannot be PCI-DSS compliant on most cloud infrastructure. I have done lots of PCI-DSS work, and it just is not possible. I foresee much work on security in the cloud, both from the providers like Amazon and Google, as well as third-party providers, to provide compliant security in the cloud. I do not know if this means a new secure cloud provider, or security wrappers to the existing providers, but this area will grow.
• Trust the Untrusted Providers: Right now, if you use Google, they have access to your data; ditto for Yahoo, Hotmail, and all of the others. The same holds for Software-as-a-Service (SaaS) providers. For many people, “trust us” is sufficient, or perhaps a privacy agreement, or some other form of protection. For many, however, there is the same problem as general cloud infrastructure services: they are not willing to depend on the current statements or good will of the service provider, and thus are locked out of these services. I believe that new, secure services will start to appear to allow those organizations to take advantage of the general services like Gmail, Salesforce.com, etc. Once again, I do not know if these will be additional services from the existing providers (more likely) or third-party providers (less likely, especially in the case of those who make their money from knowing the content, like Gmail, but still possible), but there are too many organizations out there who are still doing Exchange/Lotus to ignore.

In sum, InfoSec is still a great area, and, in my opinion, will continue to be for the foreseeable future.

Everyone appears to have analyzed the Google and China issue to death, both from the China perspective and the Google perspective. One of the best comments I have seen is from Fred Wilson’s “A VC” blog, where he focuses on the reported fierce disagreements between Eric Schmidt, the hired gun non-founder CEO, who wanted to continue doing business in China and sweep the issues under the rug, and Sergei Brin, the founder born under Communism, who insisted on pulling out. Fred goes on to expand to the general differences between founder CEOs and non-founder CEOs. I suspect the late great Akio Morita of Sony fame would agree. When I was in business school at Duke, we looked at Sony under the wave of MBAs who ruled the roost after Morita-san, and the lack of innovation therein, in a company that invented and successfully marketed many of the great innovations of the second half of the 20th century.

I suspect, however, that there is more to the story than either the realists or idealists (or Jacksonites vs. Wilsonians, if you prefer foreign policy) may be seeing.

In its early years, Google was not only a much better, faster and more accurate search engine than Yahoo (or MSN, AskJeeves, Excite, AltaVista, and many of the competitors in the digital dustbin). Its motto was “Don’t be evil.” After some of the DoubleClick and other privacy debacles – some of which are laughable today – as well as the debate in the United States about government intrusion into calling records from major telecoms providers, there was great hunger for a company whose entire personality seemed to be, well, “behave.” Google’s foray into China, with its self-censorship, has definitely damaged its image in that respect. However, Google is too big and dominant to care that much.

Now, however, Google’s growth has slowed, other competitors are moving into the market, and, most importantly, mobile is the hot new area. Google wants its android, and possibly its HTC-partnered phone, to be major elements in its future growth plans. However, privacy in the old Web 1.0 or even 2.0 is child’s play compared with privacy in mobile. Your phone operator – and likely operating system provider, especially an online one like Google – knows who you called, where you are, where you were. It could probably even figure out if you were linked via Bluetooth to a car and the speed and route the car took; any local law enforcement would love to be able to boost revenues issuing tickets that way.

If Google really wants to dominate in the mobile area the way it has on the Web, it is desperately in need of regaining its “Don’t be evil” image. While I have great respect for Brin, and he undoubtedly does remember life under the Communists, Google’s plans for future growth are likely a major factor in its China decision.