ICOs for Cyber Start-Ups

My former AT&T Labs boss Krish Prabhu had a great way of explaining software-defined anything: He would point out that calculators are no longer physical devices, but rather software apps. Similarly, he’d point out that flashlights no longer hang with your car keys (also being virtualized), but are now features on your phone. Physical devices are being recast as software, he would explain, and the process is accelerating.

These examples suggest that gadgets are the primary victims of software, but big things can also be software-defined. John Donovan at AT&T, for example, has taken the bold step of virtualizing the carrier’s entire network – a feat he refers to correctly as a Hoover Dam-sized initiative. So, big things can be virtualized, which is why I am not at all surprised that finance is now feeling the pangs of software nipping at its heels.

My friend Steven Sprague from Rivetz contacted me last week to chat about something called an initial coin offering (ICO) for his company. I immediately rushed to Google because I didn’t know what the hell an ICO was – and after reading several articles and watching some YouTube videos, I think I understood about ten percent of it. I got on the phone with Steven, and afterward, I felt sufficiently dangerous to write this note.

Here is my understanding of this software-defined financial vehicle: Parties who like an ICO company buy so-called virtual tokens using Bitcoin in the hopes that they will rise in value to be resold at a profit. What’s interesting is that tokens are essentially licenses to use the product – and that buyers can actually use the product. It’s sort of like commodities dealers investing in pork bellies and then snitching a couple for lunch.

In the case of Rivetz, the license bought by ICO participants is for security functionality that utilizes the underlying hardware-based trusted execution environment on your Android phone to support high assurance authentication. This functionality is enabled (bought) using virtual tokens (licenses) obtained with Bitcoin via the ICO. Rivetz, in turn, uses the proceeds from the ICO to ensure that the capability is widely supported.

A scenario involves someone investing enough Bitcoin to buy, say, ten Rivetz tokens as part of the ICO. Perhaps one of these tokens would be peeled off to protect that person’s Android devices, as well as to support other applications, such as improving the security of stored virtual currency. The remaining nine licenses would remain in a secure wallet until eventually, their value would rise sufficiently that they can be sold at a nice profit.

The most interesting aspect of an ICO for a company like Rivetz is that unlike virtual commodities such as ether, these tokens are real functionality. Their resale can help define market pricing. Thus, if a big company like IBM or Boeing standardizes on Rivetz functionality, then they’d buy up all the tokens from the early ICO investors. This is like Hershey scooping up cocoa futures from bold little commodities investors.

Let me be clear: My purpose in writing this note is not to attract or influence investors, and I am not planning on participating in Stephen’s ICO. I have enough trouble keeping track of my own dwindling checking account. But our industry should expect to see more creative instruments such as ICOs as a means for bringing the best available security technology to market. We need to understand how this type of funding works.

So, I will ask you now to do the following – but with a caveat: Please share your experiences and views on initial coin offerings with the rest of us here. But I would beg that you please avoid all the hysterical claims that 95% of ICOs are junk. I think we all know that bad investments are bad investments. The question for our community is whether ICOs will be a viable tool for good security companies like Rivetz.

I look forward to hearing what you think.