1. Smart cards issued by governments to identify their citizens (Electrionic Identification Cards: e-IDs).
2. Smart cards issued by banks to substitute magnetic strip cards (EMVs).

This third post describes the second type. We’ve analysed the situation in 31 european countries (EU-27 plus Liechtenstein, Iceland, Norway and Switzerland). This is what we’ve found:

In 2010, all European bank cards, some 590 million of them, will be smart cards (EMVs) with strong authentication and digital signature capabilities.

If you don’t believe us, read on:

European banks that plan to launch EMV smart cards

Short answer: all of them.

In 2000 the European Commission decided that to foster innovation (Lisbon Agenda) the single market must make it easier to move money around the EU. Specifically, cross-border payments should not cost more than domestic payments. In other words, you can use your bank card in another EU country and they won’t charge you any more commission to withdraw money as they do in your home country. This initiative is known as the Single Euro Payment Area or SEPA. The SEPA zone encompasses 31 european countries (EU-27 plus Liechtenstein, Iceland, Norway and Switzerland).

To make SEPA a reality, all the EU banks need to agree on the same standards and implement the same procedures to ensure interoperability at the moment of accepting a card. To give an example, a cash machine (ATM) in Austria should be capable of accepting and understanding a card issued by an Italian bank. Said and done: the standard was developed by Europay, Mastercard and Visa and they called it EMV (the initials of the three companies). EMV will mean that there will be no difference between national and transfers within Europe. EMV will make SEPA a reality – meaning cheaper payments and faster money transfers between countries in the eurozone.

The EMV standard is based on “Smart cards with a microprocessor chip” and this microprocessor chip is capable of storing not just financial applications (EMV) but also other types of application such as strong authentication and digital signature. As you can see, EMV cards are (or have the capability to be) similar in functionality to eID smart cards. The only difference is that they are issued by a bank instead of a government.

EMV deployment phases in Europe

The banks of these 31 countries are obliged by SEPA to migrate all their magnetic strip cards to EMV smart cards. They have from January 2008 to 31st December 2010 to do the migration.

Experts consider that most of these countries will have completed the migration to EMV by 2009, one year before the deadline:

• 2006: United Kingdom has already completed 90-100%. France 50-90%. Rest 10-50%.
• 2007: United Kingdom and France will have completed 90-100%. Rest 50% to 90%.
• 2008: All will have completed 90-100%, except for Germany, which will have completed 50-90%.
• 2009: All will have completed 90-100% of migration to EMV.

Conclusions

If you live in Europe, you will soon have an EMV smart card in your pocket.
Europe is the undisputed leader at global level in EMV deployment (since 2002 – see slides 3 and 5 of this presentation). Europe has more than 50% of the total number of smart cards in the world (of the 590 million smart cards worldwide, 300 million are in Europe). Europe has more smart cards than magnetic strip cards (of the 587 million bank cards in Europe, 300 million are smart cards). The obligations imposed by SEPA on European banks mean that Europe will increase this lead.

We’re not saying that all EMV cards will be capable of digital signature (like the majority of eID cards). We are saying that (1) if the banks want to use it, the technology is there and (2) many do plan on using it. In our conversations with the main card issuers in Spain, the majority have plans to incorporate signature certificates in the chips. The objective is that the client identifies his/her self and signs online with a card and the look and feel of the bank. Once the adverts start, it’s difficult to imagine the rest of the banks failing to offer the same functionality.

EMV around the world

Europe is not alone: Banks in various countries are migrating their magnetic strip cards to EMV smart cards (Turkey, Brazil, Taiwan, Japan, Malaysia etc.).

As of year-end 2006 there were 3 billion bank cards in circulation. Of these, between 515 (source: GIA Cartes Bancaires) and 590 million (source: Deutsche Bank) were microprocessor smart cards:

• Europe: 300 million smart cards.
• Asia/Pacific: 150 million smart cards.
• South America: 140 million smart cards.
• USA: Has no EMV-compliant cards and, as with e-ID cards, is reluctant to introduce them.

Given the benefits of smart cards, it is just a matter of time before banks around the world change from magnetic strip to smart cards. The growth potential in this sector lies in the prospective migration of the 2.5 billion magnetic strip cards in circulation. Deutsche Bank estimates smart card growth of 18% CAGR in the payments industry between 2006 and 2010. In 2006 430 million smart cards were sold – 12% penetration, with France and Germany leading the way. In 2007 544 million were expected to have been sold (34% attributable just to EMV migration). In 2010, 600 million smart cards are expected to be sold every year with 26% penetration.

By 2010 there will be 830 million EMV cards in Europe, Asia and Latin America.

Something is changing, don’t you think?

Next post (and the last in the series): “Smart cards in Europe: Conclusions”.

1. Smart Cards issued by governments in order to identify their citizens (“Electronic IDentification Cards” or “e-IDs”).
2. Smart Cards issued by banks to replace magnetic strip bank cards (“EMVs”).

This second post focus on the first case. We have analyzed the current status of e-ID implementations in 32 European countries, representing 565 million people (source: Eurostat). Our findings can be summarized as follows:

By 2010, 437 million people (82% of the European population) will live in countries with electronic ID cards (e-IDs).

If you don’t believe us, keep on reading:

Countries in Europe that already have an e-ID scheme

Ten countries, representing 153 million inhabitants (27% of the European population):

1. Spain (44,474,600): Spain started to introduce an e-ID sheme ( DNI electrónico ) in March 2006. As of November 2007 a total of 1,500,000 e-IDs had been issued. From December 2007 e-IDs will be issued throughout Spain. Projections are: 6.5 million e-IDs issued by December 2008 and 18 million by December 2009. Besides the electronic ID, Spain also has 14 commercial certification authorities (lawyers, notaries, registrars, regional governments, banks, etc.). See also physical description, demo and video of the DNIe.
2. Italy (58,751,711): Having completed two experimental phases in 2003 and 2004, Italy is currently deploying its Carta d’identità elettronica (CIE). By October 2005 2 million CIEs had been issued. The aim is to replace 40 million conventional ID cards by 2011 at a rate of 8 million per year. Apart from the CIE, Italy has 19 commercial certification authorities.
3. Portugal (10,569,600): Following the initial introduction of e-ID cards in February 2007, Portugal is preparing to start a full-scale rollout in 2008 and expects to issue 2 million Cartão de Cidadão per year. By July 2008 the new e-ID should be available throughout the country. Portugal also has 1 commercial certification authority.
4. Belgium (10,511,400): Belgium started deployment of its eID in September 2004. To date, 6,500,000 eIDs have been issued. Plans are to reach 8,000,000 by December 2009. Belgium has 2 commercial certification authorities. The Belgian government also issues e-IDs to minors and non-nationals.
5. Sweden (9,047,800): Sweden began to introduce its nationellt identitetskort in October 2005. So far, some 3,000,000 e-IDs have been issued (almost all in software format). Sweden is a special case in that e-IDs are not issued by the government but by authorized companies (banks, system integrators, etc.).
6. Austria (8,265,900): The rollout started in 2000 and is already complete. There are some 8,000,000 Bürgerkarte (citizen cards) in circulation. An original feature in this case is that there is no “one” type of e-ID: an e-ID can be stored in government-issued cards, bank cards or SIM cards.
7. Finland (5,255,580): The Finnish e-ID, or FINEID , like the Austrian one, can be stored in smart cards, bank cards or SIM cards. It was launched in 1999 but did not include an electronic signature until 2004. The Finnish government announced plans to issue around 135,000 FINEIDs by the end of 2007. Citizens who so wish may include their health insurance information in their FINEID.
8. Estonia (1,344,700): Estonia is probably the most advanced country in Europe in the adoption of electronic signatures by the general population. The Estonian ID-Card was launched in January 2002 and today is used by more than 1,000,000 citizens (almost 90% of the population). The Estonian government is working to create a Mobile-ID, so that the certificate can be stored in mobile devices.
9. Norway (4,770,000): Norway’s main commercial certification authorities are Telenor and the banks. Norwegians can obtain their e-ID from lottery offices, social security offices and banks. The certification authorities responsible for issuing certificates are ZebSign and BankID.
10. Iceland (307,700): The Icelandic government has reached an agreement with the banks under which all debit cards issued after the end of 2007 will incorporate government e-IDs.

Countries in Europe that are planning to launch e-IDs in 2008

Eight countries, representing 184 million inhabitants (32% of the European population):

1. Germany (82,438,000): Germany has declared on various occasions that it intends to deploy its Digital IDCard in 2008, which will include the ability to use pseudonyms online. Germany has 8 commercial certification authorities.
2. France (62,518,600): After various delays (to incorporate feedback from the public), France has stated its intention to put its Identité Nationale Electronique Sécurisée (INES) into effect in 2008. The plan is to include electronic signatures, although the first generation of cards may not have this functionality. France has 11 commercial certification authorities.
3. Netherlands (16,357,992): The Dutch DigiD service offers three levels of security: low (username & password), medium (SMS authentication) and high (on-card PKI). So far, 6 million citizens use low DigiD for authentication, while 2 million use medium DigiD. The high-security DigiD, known as eNIK , may be introduced in 2008. The Netherlands has 4 commercial certification authorities.
4. Hungary (10,076,600): Requirements and specifications for the development of the Hungarian e-ID, HUNEID, and its prototype implementation were published at the end of 2004. Introduction is expected in January 2008.
5. Bulgaria (7,679,200): Following the optimistic government announcement that issuance of e-IDs would start in 2007, the rollout is now expected to start in 2008. The Bulgarian Government owns 1 commercial certification authority, which is authorized to issue digital certificates to citizens.
6. Latvia (2,291,000): Following the passing of e-ID regulations by the Latvian Council of Ministers, the introduction of e-IDs is scheduled for 2008. Latvia has 1 commercial certification authority.
7. Slovenia (2,003,400): The Slovenian e-ID project was officially launched in February 2003 but was then suspended. A fresh start is expected in 2007-2008. Slovenia has 4 commercial certification authorities.
8. Malta (404,346): Malta is taking a four-pronged approach to the deployment of electronic IDs. The third phase started in 2007. All that remains is the fourth stage, which includes the issue of e-ID cards. Everything suggests this could happen in 2008.

Countries that are planning to launch e-ID schemes after 2008

Seven countries, representing 134 million inhabitants (23% of the European population):

1. United Kingdom (60,393,100): The National Identity Scheme is currently under development by the UK Identity and Passport Service (IPS). Its main goal is to introduce e-ID cards in the UK. Procurement of e-ID cards has already started and suppliers will be selected in May 2008. The first e-IDs are expected to be issued to British citizens in 2009 or 2010. The United Kingdom also has 4 commercial certification authorities.
2. Ireland (4,209,000): In June 2004 the Irish government established the framework for Public Service Cards(PSC), which will be used for authentication and electronic identification. Following Portugal’s example, the PSC will include a range of functions (social services, medical card, etc.).
3. Poland (38,518,241): Poland is studying the possibility of introducing an e-ID card, known as a Multifunctional Personal Document (MPD), to replace a variety of identity cards. Poland is aware of the need for an e-ID and is undecided whether to set up a new state-owned CA to issue MPDs or to delegate the role to commercial CAs. Changes in the law are needed. Poland has 4 commercial certification authorities.
4. Romania (21,610,200): Romania has started to work on e-IDs and biometric passports and has already issued an international invitation to tender for these projects. Romania has 5 commercial certification authorities.
5. Slovakia (5,389,100): The Slovakian government has plans to introduce e-IDs (called “BIFO”) and passports. Slovakia has 9 commercial certification authorities. Since March 2007, Slovakian citizens holding a digital certificate have had 1,000 “contact points” where they can sign electronically.
6. Lithuania (3,403,300): No e-IDs have been issued as yet, but the government is treating e-IDs as a priority. The Lithuanian e-ID will be multifunctional (government, health, loyalty programs, tickets, etc.). It is thought that it could be launched in 2009-2010. Lithuania has 1 commercial certification authority. To popularize electronic signatures, the government will issue 300,000 certificates to citizens completely free of charge before 2009.
7. Cyprus (766,414): The government of Cyprus has stated its intention to issue e-IDs but has provided no further information.

Countries that have no plans to launch e-ID schemes but that have commercial certification authorities

Three countries, representing 83 million inhabitants (14% of the European population):

1. Turkey (72,500,000): Turkey has 3 commercial certification authorities.
2. Czech Republic (10,251,790): The Czech Republic has 3 commercial certification authorities.
3. Luxembourg (480,222): Luxembourg has 1 commercial certification authority.

Countries that have no plans to launch e-ID schemes and no commercial certification authorities

Four countries, representing 21 million inhabitants (4% of the European population):

1. Greece (11,125,200): The Greek government has plans to create 5 government-owned certification authorities.
2. Denmark (5,427,400).
3. Croatia (4,442,803).
4. Liechtenstein (34,905).

Conclusion

In Europe, in terms of population:

• 27% of the population of the 32 European countries lives in a country that has an e-ID scheme (at varying stages of implementation).
• 32% lives in a country that is planning to launch e-IDs in 2008.
• 23% lives in a country that is planning to launch e-IDs after 2008.
• 14% lives in a country that has no plans to launch e-IDs but that does have commercial certification authorities.
• 4% lives in a country that has no plans to launch e-IDs and no commercial CAs.

Europe is not alone: Various countries have started issuing national identity cards in the form of e-ID smart cards (China, Qatar, Morocco, Thailand, Hong Kong, Oman, etc.). Some are planning to do so in the near future (Peru, Argentina, Brazil, Mexico, etc.). Others are considering the possibility (U.S.A., Russia, etc.). Although eID is a small segment of the overal smart card market, all the experts agree that it has the strongest growth prospects (21% CAGR) and is likely to grow dramatically over the next few years. Of all the emerging new applications of smart cards this is the largest market because the number of ID cards in circulation (worldwide, 1 in 2 people has an ID card, i.e. 3 trillion IDs) is much greater than the number of passports (1 in 10 people), transport cards (1 in 3), or driving licenses. According to the “Deutsche Bank Smart Cards report 2007″, e-ID smart cards in the “Other: Government ID, Passport, Health, Transport” category had 7% penetration worldwide in 2006. Projections are that an average of 400 million e-ID smart cards will be issued each year, reaching 17% penetration in 2010. If these projections are met:

In 2015, 84% of people with an ID will have an e-ID.

Something is changing, don’t you think?

Next post: Smart Cards in Europe: EMV Avalanche.

What is a smart card?

It is a card, similar to a credit card, that includes a chip/microcomputer capable of executing different types of applications including “authentication” and “digital signature”.

This is a smart card issued by the Portugese government:

This is a smart card issued by a Belgian bank:

This is a smart card issued by a German telecommunications firm:

The main idea: many different organizations in many different companies issue many different smart cards.

There are two types of smart card, depending on the type of chip:

• Smart card with memory chip: cheaper. Contain only non-volatile memory, perform a single function and don’t process data. Not capable of performing digital signature. Used predominantly in transport, PayTV, corporate security, pre-paid telephones, loyalty programs etc. This type of card is becoming obsolete. They represent 4% of the market (by value) and demand is increasing but only in single-digit figures.
• Smart card with microprocessor chip: more expensive. They are a type of mini-computer that includes processor, memory and an operating system on the chip. Can be single- or multi-application, in which case, the microprocessor is capable of running different applications, including authentication and digital signature. Predominately used in government (“e-IDs”), banking (“EMV”) and telecommunications (“SIM”), health etc. applications. Microprocessor cards represent the future of smart cards. They are applicable to a wide range of sectors, a large part of which are in the early phases of development. They represent 96% of the market (by value) and demand keeps rising.

Why should I care?

Because a smart card with a microprocessor chip allows strong authentication (verification of identity) and digital signature. Both (authentication and signature) are extremely powerful tools which will soon become ubiquitous. The massive deployment of smart cards with authentication and digital signature have the potential to change the way we interact on the Internet, do electronic commerce and how we deal with anonymity and privacy online.

And there’s more. Europe, for technological and legislative reasons, is at the centre of the tsunami:

1. Technology: Europe has (and will have) the highest concentration of smart cards capable of digital signature in the world. It’s not just that Europe has more than 50% of the smart cards in the world (300 million according to “Deutsche Bank Smart Cards report 2007″) but also that, as we’ll demonstrate in this series of posts, it is about to receive 1 billion smart cards with microprocessors issued by governments and banks.
2. Legislation: European directive 1999/93/CE on digital signature names “qualified digital signature” as the most advanced form of digital signature and gives it the same effect as a hand-written signature. For a digital signature to have “qualified” status, it should be generated by a “Secure Signature Creation Device” like, for example (you’ve guessed it) the chip on a smart card. And yes, you read that correctly – “the same effect as a hand-written signature”. So, the discussions as to whether the technology is secure or not are irrelevant. The law, by default, assumes that it is. If one of the parties denounces the signature, they bear the responsibility of proof i.e. they must demonstrate that the technology and processes used in the qualified digital signature were not secure (I’ll save you the suspense…no one is going to do this). A technology blessed by the law. Checkmate. End of discussion. We’ve studied 30 countries (the EU-27 plus Croatia, Turkey and Liechtenstein) and they’ve all implemented the directive. In summary, Europe enjoys uniform “qualified digital signature” legislation that gives the same power to digital signatures as hand-written ones.

The massive deployment of smart cards with digital signature backed up by the law promises great benefits (more agile relationships with government, secure electronic commerce, lower bank commissions…) but also serious implications for your rights and liberties as a citizen and consumer. Surprisingly, whether it’s for lack of knowledge, incredulity or voluntary blindness, this matter is not receiving the attention it deserves from the internet community.

We all know what happens when you don’t make a decision: reality decides for you.

Why is no one talking about this?

There are three reasons:

1. Whether we like it or not, the “conscience” of the internet, the A-list bloggers, the main thinkers and analysers of the net are in the USA. Whether we like it or not, europeans typically echo the movements, initiatives and debates that are generated in the USA and there they don’t know, understand or care what happens in Europe.
2. The majority of Europeans think that this is nothing new. Smart cards have been in circulation for years and nothing bad has happened. They don’t understand that they are thinking of smart cards with memory chips and not the microprocessor type. They look the same from the outside but inside they’re not.
3. Many people doubt that “digital signature” will be widely adopted. Digital signature and Public Key Infrastructure (PKI) have been around many years and nothing bad has happened. They don’t realise that it hasn’t worked until now for business not technological reasons. Before there was no business case: no company was willing to assume the cost of issuing digital signature cards to their employees, providers and clients. Now that the costs have fallen, European governments have decided to assume this responsibility and oblige the banks to do the same.

This time it’s serious. The ball is in our court.

Next post: “Smart cards in Europe: e-ID avalanche“.

Ultimately, for the Web to be a useful medium for social transactions, people must be able to trust other parties who have earned their trust. While technology cannot guarantee trust, it should enable secure transactions with trusted parties, be they people, organizations, or services. One of the long-term goals of W3C is thus to promote technologies that enable a more collaborative environment, a Web where accountability, security, confidence, and confidentiality are all possible, and where people participate according to their individual privacy requirements and preferences.

Ian Jacobs, Head of W3C Communications, in “W3C Goals“.

To install it, you just have to go to the mycroft project page and click on the “Tractis templates” link. Once installed, you can perform a search directly from the search bar of your browser.

We hope you find it useful. Now it’s a bit easier to search all the contract templates available in Tractis directly from your browser.

• Microsoft as “the lions”.
• SCO as “the crocodiles”.
• GNU/Linux as “baby buffalo”.
• The Free Software movement as “the buffalos”.

The Movie

- Battle at Kruger National Park, via Musings of an Entrepreneur

Google is a good case study because, as a result of its IPO in May 2004, it was forced to disclose partial information about shareholders and percentages to the US Securities and Exchange Commission (SEC). Moreover, its unquestionable success predicted fabulous returns, so many investors were unable to resist the temptation of boasting about their shares in the web’s star company. Its veil was lifted for once….

Founders – 31.3%

• Larry Page – 15.7%
• Sergey Brin – 15.6%

Key employees – 7.9%

• Eric Schmidt, Google CEO – 6%
• Omid Kordestani, Google Sr. VP of Sales – 1.9%

Advisory Board – 0.68%

Not including investors or their representatives (see further below):

• Wayne Rosing: 0.60%
• John Hennessy, President of Stanford University: 0.03%
• Arthur Levinson, President and CEO of Genentech: 0.03%
• Paul Otellini, President and COO of Intel: 0.03%

Investors – 25%

Silicon Valley venture capital firms, which invested 25 million each in 5 years:

• Kleiner Perkins Caufield & Byers, represented by John Doerr: 9.7%
• Sequoia Capital, represented by Michael Moritz: 9.7%

Main Business Angels, which invested 1 million dollars among them:

• Ram Shriram, former member of the executive team at Netscape and Amazon: 2.2%
• Andy Bechtolsheim, founder of Sun Microsystems: 1.10% (estimated)
• David R. Cheriton, Computer Science Professor at Stanford: 1.10% (estimated)
• Undisclosed investors: 1.10% (estimated)

Undisclosed – 35%

This is where the research and facts end and where speculation begins. Everything mentioned so far totals 65%, so where is the other 35%? Below are some Google investors whose percentage is undisclosed:

• Angel Investors Venture Fund: a failed investment fund despite Google’s success and the fact that it had contributions from famous people such as Tiger Woods, Shaquille O’Neal, Henry Kissinger, Arnold Schwarzenegger, Frank P. Quattrone, Marc Andreessen (founder of Netscape), Pierre M. Omidyar (founder of eBay), Shawn Fanning (founder of Napster) and Bill Joy (founder of Sun Microsystems).
• Stanford University: the university where the founders of Google studied owns the PageRank technology. In exchange for the user license, Google gave it an undisclosed amount of shares (“a bit of stock“) and annually pays it royalties.
• Yahoo!: In 2000-2001, Yahoo! used Google technology as its search engine. In that stage, Yahoo! invested 10 million dollars in Google in exchange for an undisclosed stake. (Google’s IPO must have left it with a bittersweet taste.)
• AOL: In 2002, America Online (AOL), now Time Warner, reached an agreement with Google that enabled it to buy 2 million shares of Google (1% of the total) for 22 million dollars. They have probably exercised that option.

We assume that the undisclosed 35% is as follows: Angel Venture Fund (10%), Stanford University (5%), Yahoo (4%), AOL (1%), stock plan (4%), other members of the board and the advisory board (1%), other key employees (2%) and undisclosed investors (8%). The result is as follows (remember that this is just an assumption):

• Founders: 31.3%
• Key employees: 10%
• Stock plan: 4%
• Advisory Board: 1.7%
• Investors: 53%

Conclusions: the risk of unreal expectations

This ends the series of posts on “How to distribute shares in an Internet start-up“. There is no (and there will never be any) single answer since the actual percentage will depend on the company, the perceived value of the collaborator/investor, the stage at where the company is, and your ability to negotiate. However, we detect certain correlation in the answers from Charlie Tillett, Guy Kawasaki, Brad Feld and the Google case. Using external objective criteria gives a very useful pattern for establishing realistic expectations for everyone and increasing the likelihood of an agreement.

An example of unreal expectations is an entrepreneur who wants to create a company with those characteristics and retain its control. This is practically impossible. Even the founders of Google had to decrease their share from 100% to 31,3%. Nevertheless, there are always some exceptions. A paradigm was eBay, which sought investors not for their money (it earned 400,000 dollars/month) but for obtaining a “seal of confidence”, which is theoretically provided by having an institutional investor and thus being able to hire a good CEO. When eBay was listed, the distribution was as follows (The Perfect Store, hardcover, page 150):

• Founders – 70% (Pierre Omydiar 42% & Jeff Skoll 28%)
• Key employees – 6.6% (Meg Whitman, CEO)
• Investors – 21.5% (Benchmark Capital)

Another example of unreal expectations is the business angel that wants to support the “next eBay” and keep 50% of the company in exchange for its 250,000 euros, and the advisor who wants 15% of the company in exchange for its sporadic services. Both are asking for too much, so they are unlikely to reach an agreement.

In the case of Google, apart from the list of famous and rich people, the initial investors had also been successful entrepreneurs previously. History repeats itself: the founders not only reinvest their fortune in new projects but this culture also extends to their employees. I am not going to idealize them but it is clear that they have come up with the cake’s recipe and the exact weight of the ingredients: in terms of both percentages and efforts. Fairy tales aside, creating a giant like Google required talent, collaboration from many heavyweights with contacts, nearly 65 million dollars of investment, and fair profit-sharing. They all understand the mechanics of the cake, they contribute to the “virtuous cycle of Silicon Valley” and they have realistic expectations.

The entrepreneur’s response

Charlie Tillett was CFO of NetScout for 10 years. Before leaving the company in 2000, he completed two rounds of financing for 6 and 45 million dollars and the IPO in August 1999. He now provides advice to technology start-ups. In 2003, he gave a presentation at MIT, which summarizes much of what he learnt and which I believe is excellent. According to Tillett, the percentages at the time of the IPO were something like this:

• Founders: 35.1%
• Key employees: 5.3%
• Stock plans: 3.5%
• Advisors: 1.1%
• Investors: 55%

If you are interested in a more in-depth view of these numbers, I have put the presentation data in this spreadsheet, which describes how the percentages change during the financing rounds. Two scenarios are included:

• Scenario 1: A company receives 570,000 dollars from business angels and 5,700,000 dollars in a first round from venture capital investors. This is the case described above.
• Scenario 2: A company receives three rounds: 745,000 dollars, 7,450,000 dollars and 7,450,000 dollars.

The investor’s response: key employees and stock plan

Guy Kawasaki is a former Apple evangelist who converted into a VC with Garage Technology Ventures, a venture capital firm in Silicon Valley. He is author of the famous book “The Art of the Start“, and talks regularly on entrepreneurship in his blog and at presentations around the world.

Kawasaki wrote a post recommending a range of percentages for “key employees” and “stock plans” in a company that raises a first round of 1-3 million dollars and has no more than 15 employees:

Key employees:

• CEO (“adult supervision” brought in to replace the founder): 5-10%
• Vice-presidents: 1.5-3%
• Architect (the “main” (wo)man, though an individual contributor): 1-1.5%

Stock plans:

• Senior engineers: 0.3-0.7%
• Mid-level engineers: 0.2-0.4%
• Product managers: 0.2-0.3%

Kawasaki advises not to just latch onto the top end of the range but to consider the salary, cash bonuses, geographic location and, most importantly, the perceived value. If you notice, you’ll see that those percentages are in line with Tillett’s percentages in a similar company phase. Other influential factors are entrepreneurs’ training, their “star” status and the company’s performance. For example, the standard for a veteran CEO at Silicon Valley is 10%. However, Pierre Omydiar, the founder of eBay, hired Meg Whitman as CEO for 6.6% (eBoys, page 58). Larry Page and Sergei Brin, founders of Google, hired Eric Schmidt as CEO for 6%. Niklas Zennström and Janus Friis went further and did not hire a CEO and distributed only 1% among their 150 employees. Nevertheless, when the size of the pie (sale of eBay) was 2.6 billion dollars, plus 1.5 billion dollars if certain objectives were met, the employees are unlikely to harbor a grudge.

The investor’s response: Board and advisors

Brad Feld is another VC with a blog. He works at Mobius Venture Capital where he has invested in (and is member of the board at) companies such as FeedBurner and NewsGator (he seems to have a soft spot for RSS ). He writes about concentrating on the reward for board members and the advisory board. Again, his recommendations are similar to those in Tillett’s presentation:

• Board: from 0.25% to 1% vesting annually over 4 years per board member and single trigger acceleration in the event of a change of control. Vesting means that the person does not own the shares but has the option to acquire them at a symbolic price at a specific time. Assume that board members receive 1% with an annual 4-year vesting. Each year they can exercise their option to acquire 0.25%. If they leave the company before the term ends, they lose their unvested options. Acceleration means that they can exercise all their options once in the event that the company changes control (e.g. the company has been sold or floated). Board members should understand those terms clearly and not receive cash compensation (only reimbursement for expenses incurred on behalf of the company) and they should be given the opportunity to invest in each financing round under the same conditions as venture capital.
• Advisors: there are no figures. This will depend on the value perceived for their contribution. Their contribution is smaller than that of a board director and, therefore, their percentage is also smaller. Feld recommends not using vesting with advisors. Since they tend to provide a larger contribution at the start, it is better to deliver shares (not options) for a year and reassess the situation annually in order to ensure that the relationship maintains the expectations of both parties.

Tomorrow: How to distribute shares in an Internet start-up: Google

Today I begin a series of three posts called “How to distribute shares in an Internet start-up?” This is a difficult question. To answer it, we will have to take the bull by the horns and decide how much percentage goes to each group.

A possible answer is as follows.

It is practically impossible to create a large company without a good team. You need the best you can get: tireless, intelligent people with talent and ambitions to change the world, and the energy and madness to try and do this. They don’t grow on trees. They all expect recognition and a just reward for their efforts and contributions. How do we divide the pie? The first answers that come to mind are the easiest, which are also subjective and useless: “the distribution should be fair”, “reasonable”, “equitable”, etc., which mean nothing. Remember: if you don’t do your homework in advance, you will soon find problems such as “that’s unfair!” “you’re being unreasonable!”, “your proposal isn’t equitable!” What comes afterwards is just as bad: physical and emotional exhaustion, bad vibes, etc. to say the least.

Get to know all the players

The first decision is how many players will receive a piece of the pie. Many entrepreneurs believe that the problem lies in deciding how much corresponds to each founder. Nothing could be further from the truth. A company can have a long life and live through different phases. Each phase requires different types of people and help. Decide how many shares you will reserve for each phase and type of player:

1. Founders: if there is only one founder, the problem of distribution is resolved (the bad news is that he/she must also be prepared for very HARSH solitary times). If there are more founders, the same percentage is usually distributed to everyone. “This way we avoid arguments“. I personally believe that this is a good option but not the only one. Sometimes each founder provides different experience, knowledge and dedication. On those occasions, the “everyone is equal” option brings problems.
2. Key employees: they help the founders to make their dream come true. They are exceptional in their work (there is always a lack of resources in a start-up, so inefficient employees find it difficult to conceal themselves) and have low risk aversion. Many end up being friends forever after sharing mutual respect, hours (and hours) of work, uncertainties and risks. The reward should be on the same level.
3. Stock plan: once everything starts working, the risk for new employees is lower and so are the rewards. Nevertheless, lower risk does not mean that it does not exist.
4. Advisory board: this includes board members and advisors; people with know-how and know-who (not postcard fame or hot air) and people with experience and contacts who can derail a train but stay down to earth. They should be full of action and ready to get going by making phone calls, investing, finding partners and visiting potential clients if necessary (and it is). If not, out they go.
5. Investors: they include both business angels and initial informal investors such as venture capital firms and institutional investors, which hardly ever invest less than seven figures.

Some believe that none or only some of those players are required for the project in mind. That’s perfect. All I’m saying is that, if you believe that you need them, decide how many shares you are going to reserve for them.

Size of the pie when eating it

There is a trick to this: suppose you are an entrepreneur with 100% of the shares of your company. Your service has become very popular and it receives many visits and obtains some revenues. You decide that it is time to seek investment in order to boost the project (more employees, servers, advertising, agreements, sales force, etc.). You find an investor who values your company at 2 million euros and wants to invest a further 2 million euros. Your company is worth 2 million euros pre-money and 4 million euros post-money (2 +2). However, the investor wants shares in exchange for its investment. Since it provides 2 million euros to create a company worth 4 million euros, it owns 50%. Your 100% has diluted to 50% in order to bring in the new investment partner. Nothing has changed: you still have the same amount of money (100% of 2 = 50% of 4). Now you have to make that money work in order to increase the size of the pie (company).

The dilution as a result of the entry of investors affects not only the entrepreneur but also the other stakeholders: managers, advisors, employees, etc., including investors from a previous round. The problem is that all of them want to agree on a percentage of shares before working but they will do so considering the number of rounds of financing (and dilution) that they believe will occur at the company and its value at the time of “leaving” (IPO or sale). The entrepreneur must also consider this and estimate (bet) how much should be offered to each group. The difference in estimates for each group can lead to a heated discussion. All of them will talk about “fairness”, “reasonableness” and “equity”. If the entrepreneur gives each group what it wants, he/she may end up without any shares or with a ridiculous percentage that does not justify his/her efforts. Conversely, if he/she distributes a small amount, he/she stands to lose valuable collaborators in a market full of competitors fighting like cats and dogs in the search for talent. This is a difficult but key decision. Mistakes should not be made.

Tomorrow: How to distribute shares in an Internet start-up: The market

Defeat

This series of posts is a bit sad because it only talks about governments’ success and the web’s defeat. It didn’t matter whether the key players were idealists, pragmatists or technocrats. They all resisted more or less energetically but were unable to avoid governments’ interference. Despite their initial good intentions:

• Yahoo agreed to ban the auction of Nazi articles when a French judge threatened with fines.
• eBay, behind its façade of a self-policing community, eBay worked hand in hand with the governments to persecute fraud.
• Google agreed to filter the search results in China in order to compete on an equal basis with the other search engines.

O.K. These are battles, but not the war. There are also success stories, reasons to be proud of (blogs, wikipedia, etc.) and a lot to do. And yes: the governments are still far from occupying the central role they already have in regulating human behavior in the world. As you wish. But we should learn from what has happened. Otherwise, we will continue to dream wide awake without knowing what hit us. Where did they go wrong? What should have they done instead?

Governments cannot impose their Internet law!

All those entrepreneurs were victims of some of the web’s myths: “Governments cannot enter the Internet” and “Borders do not exist on the Internet.” The logical conclusion was that “Here we’re safe.” Unfortunately, those statements have to be nuanced and their importance diminished. This series of posts shows that governments do not need to enter the Internet in order to impose their law. All they have to do is threaten to use physical force on:

• People, companies and equipment. Example: Yahoo in France.
• Customers and suppliers. Example: to avoid the previous case, you can decentralize your company (Kazaa) but you cannot decentralize all the players that you do business with (e.g. the threat of lawsuits frightened off advertisers in Kazaa and potential FastTrack licensees) or even find out that they’re not appropriate (e.g. eBay with its customers).
• Information intermediaries. Example: the Chinese government controls access to information, with Google’s collaboration.
• Transmission intermediaries. The governments cannot enter but they can control the entry gate and service quality.
• Financial intermediaries. A few years ago, the US threatened Visa, MasterCard and PayPal to stop processing online payments of tax-free cigarettes and online casinos. Most of those businesses tanked. It did not matter that their headquarters were outside US territory.

Web sayings

This is a serious subject and leads me to a wider point: a number of web “sayings” have been used in recent years (information wants to be free, code is law, cyberspace blurs borders and renders the nation-state obsolete, on the Internet nobody knows you’re a dog, the world is flat, etc.). They have been repeated so many times that they have become popular, trivial and acquired a “wisdom” status. A false wisdom which creates victims and fails to explain the web’s current reality. They should be reexamined and, if necessary, reworded or abandoned. Otherwise, we run the risk of remaining in the comfort zones, in the blogosphere’s echolalia, which makes us feel comfortable, important and even immune. That is to say, a ghetto, not a liberating tool.

Think for yourself. Don’t be a victim of this enormous echo chamber or repeat everything like a parrot. Take a more critical position. If you repeat those sayings because it’s cool and you know your audience will applaud, you’re doing no favors to the web. Use your brains. Poetry is good but change is better.

Rectify to win

The stories described in “Remembering” dismantle the myth created 10 years ago by John Perry Barlow, founder of the EFF:

Governments of the world [...] you have no sovereignty where we gather [...] (nor) do you possess any methods of enforcement we have true reason to fear.

Barlow clearly captured the beauty of the moment, the excitement of the web’s potential, but he was wrong: governments impose their law de facto on the Internet and there are reasons to fear that their actions jeopardize the source of innovation, which is what the web has become. Instead of taking refuge in “mythical quotes” and living on his earned status, he has continued to fight, reformulating the strategy to defend the Internet. In 2001, after the defeat of Napster, he participated in a conference with Lawrence Lessig where he acknowledged that:

I originally thought Larry was the enemy, because he wanted to introduce law into cyberspace. Then I came around to the idea that laws were the only way to protect us from the lawyers.

I wish we all saw less dogma and more ideas to question.