Josh Mendelsohn

Today the Business Software Alliance (Wikipedia) released their 2011 ‘Piracy Report’. What a doozy. Their methodology alone really speaks to why they are less and less legit.

The industry association’s annual report — supported by large software companies including Microsoft, Symantec, and Intuit — focuses on global anti-piracy efforts. As many media outlets explain today, this report is used by the organization as a piece to encourage policymakers to take dramatic steps to reign in software piracy. There’s no question software piracy is widespread, but the BSA’s approach does far more harm than good. Over correcting the piracy problem stifles innovation and competition by raising barriers to entry for startups.

The report today uses almost entirely self-reported data. Obtaining a statistically reliable sample from a self-selected group of participants across the developing world seems unlikely and raises questions about BSA’s method. Further, in their definition of piracy they included software that is not fully licensed. How is an average user going to have any idea whether or not an application they downloaded is fully licensed or not?

The numbers seem rigged to overstate the BSA’s point; this is clearly not an academic report, but something far closer to political propaganda. Nevertheless, we should be able to expect a level of intelligent data analysis that is completely missing here. Almost every year BSA’s total “commercial value” estimate grows, generating headlines about piracy and fostering wrongheaded policies like those we saw in SOPA and PIPA. What’s missing from this conversation is unbiased, statistically sound research that shows the true nature of online piracy. My suspicion is that this kind of data would be much less useful tool to wield in a fight for drastic policy legislation

Related articles

• Well Over Half the World’s Computer Users Admit Pirating Software, BSA Study Finds (prnewswire.com)

Bubbles and their subsequent bursts are part of the landscape of our economy, our culture; our lives. Silicon Valley is no stranger to this cycle — first the dot com, now the much-talked-of second tech bubble. But the bubble we’re in right now is undeniably focussed around patents.

Let me start off by stating baldly that I believe patent litigation — like the “patent wars” that have been exploding over the tech news recently — is absolutely horrible for innovation. Perversely, the standard counter-argument of those accused of trollery is that patents, and protecting them with litigation, are good for innovation.

That may have been the original aim of patents, but it seems pretty clear that the spirit of the law has been severely compromised when companies exist exclusively to license patents and on taking a cut of the damages awarded in patent lawsuits. The patent wars have been in the news a lot recently (Yahoo’s litigation against Facebook, Facebook licensing AOL patents from Microsoft who bought from AOL, Google buying Motorola as a defensive bulwark), and I recently sat on an entreprenuership panel at Stanford with a representative from Intellectual Ventures and a partner at Morrison Forrester’s patent litigation group, in which they stated that startups would need to spend $300 thousand in legal expenses in their first two years in order to protect their intellectual property. If that video is ever made public, you’ll see two things: what my poorly contained (for the sake of decorum) frustration looks like, and an example of the insidious scare tactics used by patent trolls.

Startups don’t need to be worrying about spending $300K on lawyers in their first two years; they need to worry about building a great product. That money would be much better spent on hiring 3 or 4 developers. Unfortunately, the current system — which Intellectual Ventures profits from — leaves startups (and potential entrepreneurs) in fear of legal battles and thus deterred from building great products and services. That’s not to say legal counsel isn’t important for startups. I believe firmly that good attorneys can be one of a startups greatest assets — but I would be extremely hesitant to trust counsel that advocated for spending that much money on what amounts to patent warfare at such an early stage in a company’s growth.

Intellectual Ventures is happy enough to accept the status quo, but it doesn’t make sense for the vast majority of companies to follow their lead. The (justified) anger that has been mounting from the startup community toward patent trolls indicates that the system is unsustainable — this bubble is set to burst. The cracks are already beginning to appear — Twitter’s commitment to use patents only for defensive purposes may well turn out to be practically meaningless, unless other large patent holders follow suit. But the stand was taken nonetheless, and a step taken in the process of getting real, useful patent reform.

We need to explore better ways to protect intellectual property reasonably, but not so much that we can’t improve on and innovate basic frameworks. Patent reform should end the current system in which patents are assets. One way to do this is to revoke patents from owners who do not actively use it after a period of time, to ensure that patents are actually available for use and to cut down on patents granted that are not useful. We need to have a clear system of transferability of patents. We need to build an international framework for filing patents, so that patent holders don’t have to file for a patent in every country. We need a system that encourages innovation, not stagnation and cumbersome litigation.

The best way for tech companies to innovate is to continue to build great products and remain ahead of any competition by continuing to innovate. There’s a famous Samuel Sass quote — actually a misquote — that says “everything that can be invented has been invented”. I don’t believe this is true. But it might be if we don’t change the framework for patents.

I’ve been working on a longer-form piece on what I believe is the new bubble in the tech community: patents. Hopefully I’ll find time to finish and post that this week. But in the interim, the news of Facebook licensing AOL patents from Microsoft is just so ironic and dismaying at the same time, it can’t be ignored. A smart move by Facebook, but demonstrates how far down a bad path we are getting. Those of us that are actively building companies know this is a dangerous and sad road.

Last night Engine Advocacy sent out the first of its hopefully frequent Legislative Updates, addressing the JOBS Act and Startup Act. Mike Masnick of TechDirt also posted his latest thoughts, which include discussion of the amendments announced yesterday by Senator Wyden that would add a number of trade-related provisions to the bill. Here’s the NYT’s coverage.

Some have argued this is the Senate Democrats’ way of bringing attention to the bill. Others see it as a way to kill it off by adding in very controversial issues that would force a Presidential veto.

UPDATE: replaced an incorrect link (h/t Craig)

For most of last week, the Hattery team has been hotly debating the merits and risks of the JOBS Act. We’ve had a lot of trouble figuring out how assiduously we can support this legislative package.

All of us very much support the ability for entrepreneurs to raise funds for their businesses by asking for small investments from “non-qualified” investors — the general public. Think of it as Kickstarter with equity. Such activity is currently illegal, which disadvantages entrepreneurs who don’t have access to traditional capital sources. We believe it will spawn many great products and companies while also letting the entire U.S. population join in not just using these products but also sponsoring them and sharing in the upside.

However, the current bills, which have passed through the House with resounding support, will likely do the same in the Senate, and have the White House’s strong endorsement, also have a poison pill of sorts. Ill-intentioned entities could exploit this legislation to mislead investors in both public and private markets. In making it easier to use diversified sources of capital without the regulatory overhead, there are new vulnerabilities.

My concern is that the tech community — spurred by a petition hosted by AngelList — has rallied behind this election-year legislation. But I think that the AngelList team, and most of the people who have signed their petition, believe this legislative package is narrowly targeted toward startups as we know them: well meaning organizations with inventive ideas that just need some cash to get started. Even Engine Advocacy, an organization with which I am closely affiliated, has come out in relatively strong support, albeit before the full text of the bill was released. And while I think the bill is directionally correct, I also want to make sure we’re taking careful steps towards creating policy, especially with regard to financial regulation. We need to make be certain that we as a community cannot be accused of helping railroad a bill through the Congress which, in a few months or years, yields scandal. And as citizens, we need to be certain we are advocating for legislation that supports and protects us all; as entrepreneurs and as investors.

Let’s take a pause. Tomorrow the Senate will begin debate and two amendments that strengthen protections in the bill are brought to a vote. When we know more, we’ll see where to go. I’ll also likely post some additional thoughts. Nevertheless, it is great Congress is focused on issues of importance to startups and I hope this is a trend that continues.

Want to know more?

• Christian Science Monitor JOBS Q&A
• WSJ debate on Crowdfunding
• Bloomberg editorial

No encryption method is ever unbreakable. Advancements simply require more computational power to crack. Privacy is time-dependent, and the ways in which we deal with data security and data privacy should reflect this.

The other day, I was casually told “AES is unbreakable.” Which is pretty intriguing to me. I want to believe that there is a universal encryption standard that can really protect my data, and yet, this also sounds a lot like saying the Titanic is unsinkable. So I started wondering out loud to the Hattery team whether or not we can ever really have an unbreakable encryption scheme.

I’m no mathematician, but I believe that by the very nature of cryptography, you can never build a scheme that can’t be broken. And that only partially has to do with the math itself. There’s also the element of human creativity and tenacity — if we built it, we can take it apart. The data you retain now and believe to be private because it is encrypted is not a reality that will last forever.

AES, the Advanced Encryption Standard, was first published in 1998, which is to say, the algorithm that powers the standard was published then. You can read more on Wikipedia if you are interested in the details, but the core idea here is that AES is based on an algorithm like all cyphers. And it is single-key encryption, which means the same key you use to encrypt is used to decrypt. For AES, this means 128, 192, or 256 bit keys.

Typically you break codes in one of two ways. Either through brute force — trying all the possible key permutations — or by essentially reverse-engineering the algorithm to find weaknesses. AES keys would take millions of years under current computational conditions (processor efficiency) to brute force attack. While pretty much all widely-used encryption schemes have been broken using a variety of methods, AES remains the gold standard. 192 bit keys have the National Security Agency’s seal of approval for Top Secret data. AES has been broken through side attacks that exploit flaws and vulnerabilities in the system running the encryption scheme, but never directly.

Nevertheless, the notion that it is unbreakable just seems immensely foolish. As processor computational output improves — which inevitably it will continue to do — the potential for a brute-force attack becomes more and more credible. Nevermind that we are still human and it is only a matter of time before other mathematicians figure out the vulnerabilities in AES and crack that or reverse-engineer the algorithm. So those embarrassing emails you thought you had protected? Forget it. Your grandchildren will almost certainly be reading them.

Whatever is built by man can be taken apart by man — it’s just a matter of time. If the data that we protect is valuable enough, then people will always be hacking at it. Conceiving of everything on the internet as breakable will change how we deal with data security and data privacy. Like everything we do, encryption should be creative and constantly reinvented.

We have some time. Just don’t get too comfortable. And let’s keep building better algorithms.

The focus should be on building great products. Everything else, like attending events and conferences, should be secondary.

Recently the question came up as to whether my partners and I are part of the “startup scene”. The easy answer is yes, since our firm is focused on investing in and helping to grow startups. But the more I thought about it, the more I realized I found the phrase and the thinking behind it troublesome.

When I think about what we do at Hattery it’s pretty clear: we help build great companies that want to create products and services that will serve millions. We want our investments to be accessible and useful. Whether they are medical devices or micropayments, the objective is the same: we invest so that companies can grow and have significant impact, and so that we can be a part of that growth.

But what we do is not a scene; it’s a serious business. There are stakes; not just the obvious financial stakes, but also the resources, talent, and time spent by the entrepreneur and the startup’s team in pursuing one opportunity over another. I want to hope it is obvious, but building great companies doesn’t come from being in the scene; it’s the result of innovative entrepreneurship that builds with a heads-down focus on the product and the user. But that seems to be missed in practice.

I’m still not sure what the scene really is, but my hunch is that we use it to refer to events like launch parties and hot conferences, maybe even demo days. In essence, who you know, not what you know. The scene might also refer to those of us on the “inside” of the startup world who trade on the latest gossip of who’s in and who’s out, and which company is about to drop a massive C round.

That’s not to say entrepreneurs shouldn’t attend events and conferences. Making connections is always going to be critical to a startup’s survival, especially where that includes meeting investors and potential employees, and even gaining some earned media exposure. That makes sense. But the main focus should be on building a great product. The startup scene may be a gateway to getting the product out there, but a lot of time and resources that are used to attend events would be much better invested in creating truly great products. Far too often that math is miscalculated.

At Hattery, our raison d’etre is not the scene. That said, you will find us at events from time to time. But any member of our team at any event we attend will be able to explain their purpose there with ease —  because being there helps our entrepreneurs and their companies or our investors. Any other reason and we are losing focus.

I’ll be going to SXSW this year, but I’ll be keeping my focus: I am going to speak on a panel to raise awareness and get more entrepreneurs involved in Engine Advocacy. More to come.

I recently attended a handful of incubator demo days during demo day season. I was really taken aback by how few companies even remotely struck my interest. In fact, there was only one exception. Far too many of these startups are focused on chasing markets. Typical story: The wedding industry is a big business…great, let’s somehow bring some part of it to the web. And then claim the entire wedding market is the market opportunity for said startup.

Put simply, that’s not how it works.

Good companies change the market, they change how it is defined. The rules do not apply. They are not features. The market number in these cases is interesting, but perhaps the least compelling. Show me a product, show me why it changes a market; show me how it grows a market, redefines a market, or eliminates a market and creates a new one. Case-in-point: if Etsy pitched on the market for handmade and vintage goods, investors would have balked. Instead, they built a community that changed a market, redefined it, and built a new one. And that made them a brand we know and love and have welcomed into our homes.