• Instead of pulling the IPO, Darktrace dealt with the issues by cutting its valuation significantly and was rewarded with a first-day bounce that will go some way towards restoring the image of the LSE which was badly tarnished by the awful launch of Deliveroo.
• Darktrace is a cybersecurity company that uses pattern recognition (AI) to detect cyber threats which to date has been very successful but is not without risk.
• The nature of its technology means that while it is excellent at spotting previously identified threats and methods when something really novel comes along, it will struggle.
• That does not mean that Darktrace is not a good company as its 38% YoY growth is a testament that the solution that it offers is very valuable to its clients.
• The big problem with this IPO is that Mike Lynch and Sushovan Hussain (ex-CEO and CFO) of autonomy have been involved with the company and are still shareholders.
• Sushovan Hussain has been convicted on 14 counts of wire fraud in the USA and his appeal in August last year failed on all counts.
• Mike Lynch is also currently fighting extradition to the US to face similar charges while at the same time fighting a civil suit brought by HP related to its acquisition of Autonomy in 2011 for $10bn.
• This created a number of investors to have concerns about the company while the usual big banks that lead these transactions did not participate.
• The deal was led by Jeffries, KKR Capital Markets, and Berenberg in a welcome change to the top billing.
• Originally the company was hoping to get a valuation of around £3bn ($4.2bn) which would put the company on and 2021 EV / Sales of 16.8x.
• Following the uproar, press coverage, and investor concerns with regard to some of its investors (see here), there was real concern as to whether the IPO would succeed.
• Clearly staying private was not an option and so to compensate investors for the real or perceived risk of being associated with Mike Lynch and Sushovan Hussain the company reduced the IPO valuation by 43% to £1.7bn.
• This brings the valuation down to 2021 EV / Sales of 9.6x making the company look competitive when compared to its peer group and enough to ensure that investors swallowed whatever concerns they had.
• The result was a strong rally on the first day of trading with the shares settling at £3.30 giving a valuation of £2.2bn and a first-day gain of 32%.
• If the company had insisted on the £3bn valuation, then a 32% gain could easily have been a 26% decline with the shares ending up in the same place as they are now.
• I think that this was a very wise move by the company which clearly had to go through with this transaction and could not delay for another day.
• The IPO can now be called successful and good execution by the company should see a steady rally in the shares over the coming years.
• This will also have helped the LSE salvage some of its tattered reputation, but it is still clear that if a company wants to get the best price for going public then the NYSE or NASDAQ are the places to look.
• I suspect that a number of UK tech companies may still take the US option going forward.

Leaks look dated but still push Google towards proprietary Android.

• Even if Google could quickly fix the vulnerabilities in Android that are being exploited by state sponsored hacking, it would be around 4 years before the majority of Google Android users were protected.
• WikiLeaks has released 8,000 pages of documents that supposedly reveal all the tricks and hacks used by UK and US security services to turn ordinary consumer electronics products into surveillance devices.
• iPhones, Android smartphones and Samsung TVs appear to be most specifically targeted but I have a feeling that this data is not comprehensive and may actually be considerably dated.
• This is for two reasons:
  • First: there is no evidence in the leaked documents that any of the Android exploits apply to any version later than 4.4 (KitKat) meaning that 65.5% of Android devices may be unaffected by any of these revelations.
  • This leads me to think that these documents might in fact be very dated as I find it very hard to believe that vulnerabilities in Android suddenly went to zero with the release of version 5.0 (Lollipop) in 2014.
  • Whether these exploits were already known and have already been patched or whether these are new vulnerabilities is unclear at this time.
  • Second: Experts that have looked at the leaked iPhone vulnerabilities have stated that almost all of the leaked vulnerabilities are known and have in all likelihood already been patched.
  • Consequently, it seems likely that anyone running iOS10+ is already immune to these exploits.
  • Again, I find it difficult to believe that the occurrence of vulnerabilities has ceased and that these leaks could relate to pretty old data.
• Mobile security firm Check Point is of the opinion that this leak may be snapshot of exploits used in early 2016, but I think the Android data indicates a much earlier point in time.
• To make matters more difficult, assuming there are new exploits in this leak, no code has been released meaning that Google will have to search through millions of lines of code to find the exploits referred to before they can be patched.
• Furthermore, even when Google has found these vulnerabilities and fixed them, it will then take around 4 years for these fixes to make into the hands of all Google Android device users.
• This is for two reasons:
  • First: Most Android devices are not updatable.
  • Android is a commoditised, brutally competitive market meaning that in the mid-range, every cent of cost matters.
  • Making a device updateable means that extra resources have to be added to the device which are never reflected in the price.
  • Consequently, the vast majority of Android devices are not updateable to later versions of Android as there is no incentive for the device maker to add this capability.
  • Second: Google has no control over the update process for any of the devices that run its services.
  • It can update Google Mobile Services (GMS) from Google Play but lower level system updates (Android) are controlled by either the maker of the device or the mobile operator.
  • Google has no power compel these entities to update their devices and only has control of updates for its own, Pixel and Nexus devices.
• It seems possible that this data leak represents some of the oldest and least relevant tools used by state sponsored hackers which is going to put even greater pressure on Apple, Google, Samsung to ensure that their software is watertight.
• I think that this represents yet another reason for Google to take Android proprietary as having complete control over the code will enable it to quickly fix and distribute any vulnerabilities it identifies.
• It will also enable Google take greater control of the user experience resulting in a more consistent, fun and easy to use experience for its ecosystem users.
• I continue to hope to see signs of this at Google i/o in May this year.
• I still think that Google is more than fairly valued and prefer Microsoft, Baidu and Tencent with Apple for long-term, income based investors.