Shhh. That's Classified

From the Front Lines

Awhile back, some friends bestowed a new title upon me: the King of Stealth. I'm not sure I like it, because I don't enjoy being secretive. Admittedly, I've spent 10 years of my life working for three of the most secretive organizations in the world: the Office of Special Investigations (OSI -- known from The Six Million Dollar Man TV series, for those old enough to remember); the CIA; and the National Reconnaissance Office (NRO), an organization so secretive that one legend claims that just the letters N-R-O on a sheet of government paper would be considered classified.

In those organizations, multimillion-dollar programs can be affected if word leaks. Loose lips can lead to lethal results since espionage is punishable by death, or worse, in most countries. There is no room for error. Every employee from the janitor to the director undergoes a 15-year background investigation, takes repeated polygraphs, and is protected by armed guards and the most advanced security systems in the world. People never discuss classified information in public places. Conversations about work occur within special facilities and on secure encrypted telephones. And don't accidentally bring a cell phone or a computer into one of the buildings these agencies inhabit -- unless you want to donate it to the government, since it can never go back into the unclassified world. I come from a background where if someone said, "If I told you, I'd have to kill you," it wouldn't be funny (though I did mean that to be funny). "We in the government don't have a sense of humor," I used to say.

So when venture capitalist Vinod Khosla, whose firm -- Kleiner Perkins Caufield & Byers -- had just invested $5 million in our new Internet company, suggested that my cofounder, Brian Axe, and I should put the business into stealth, my first question was "How much stealth do you really want?" His answer: Enough. We were developing a whole new way of communicating on the Internet, and we feared that someone would copy our idea before we could protect it.

I'm sure I think about stealth and secrecy considerably differently from the way the average Silicon Valley entrepreneur views it. The word stealth means a lot of things to me, but here Vinod was talking about hiding the technology our new company was building from potential competitors. We'd watched as other dot-coms got funding and suddenly became surrounded by a whole field of copycats. Keeping our developing business under wraps would help us gain strategic advantage. We weren't going to let anyone know what we were doing -- not a potential employee, a partner, our neighbors, or our friends.

Here's what we were trying to keep secret: we were pretty sure that the new Internet platform we had invented, called Zaplets (available at www.zaplet.com), would be the next big thing after E-mail and instant messaging. The technology allows Web applications to be delivered by E-mail, thereby eliminating the greatest barrier to using the Web: having to visit a particular site. It's that reality that forces dot-coms to spend billions trying to attract people to their sites.

The opportunity was so big that we feared others would jump into it at a time when we were vulnerable.

A Zaplet works like this: I send one to a list of friends, inviting them to my office picnic and asking them to RSVP. As people respond, the Zaplet in my friends' in-boxes is updated to reflect who's coming. Or a financial service might send out a Zaplet in the morning with the stock quotes you've requested. Look at that Zaplet later in the day and the quotes have changed -- they're up-to-the-minute. Zaplets reduce E-mail clutter by consolidating messages, and they also support such things as secure messaging, self-destructing E-mail, project management, auctions, stocks -- the list is as big as everything that exists on the Web. And Zaplets bring it all to people's in-boxes.

Stealth was critical for us because the opportunity was so big that we feared others would jump into it at a time when we were vulnerable. (One study says that 96% of Internet users spend more time on their E-mail than they do browsing the Web.) At the time, we had filed only one patent. Though the network of copycats and potential competitors wasn't as dangerous as a hostile intelligence service, without maintaining some secrecy we could have inadvertently created a lot of unwanted exposure.

Deep Stealth
So we did a host of things designed to keep our company in "deep stealth" for more than nine months. We used some tactics that I had learned in my days at the CIA, the OSI, and the NRO, and some that I had learned from other entrepreneurs who were also hiding their new companies. During that time we grew the business from 2 to 120 people while we fully developed our product. We finally debuted in March to the complete surprise of the entire computer industry.

The key to good stealth is having people not notice the stealth. It's the difference between armor and concealment. The former protects you if you're found; the latter prevents you from being found in the first place.

First, we changed our name. Company names can be a dangerous source of speculation -- especially in our case, where it wouldn't have taken a rocket scientist to deduce that a Zaplet might be a combination of a "zap" (an E-mail) and an application. So we held a quick brainstorming session for a name that sounded like a cool company that you'd want to work for but that would say nothing about our business or what we did. FireDrop worked just fine.

Second, we kept our funding under wraps. That was awkward, because before Kleiner Perkins funded us, we'd pitched three other VCs. Brian received E-mail messages from the other firms asking, "How's the funding going?" He'd show me the messages, but we couldn't respond to them without revealing that we'd been funded. One persistent VC sent an E-mail message that said, "How's the funding, and why didn't you reply to our E-mail?" We couldn't answer that one, either.

Third, we had to hire fast and well, but without telling applicants what the company did. I didn't feel I had to worry about the people I'd already brought on board who had salaries and equity; their interests were aligned with mine. I worried about the people we would interview but not hire -- they could do a lot of damage. Naturally, it wasn't easy to get applicants in the door. Even our outside recruiters didn't know what we did. So after a few months, when we no longer had to keep our financing secret, we enticed potential hires by telling them about the people we'd already attracted. We told them that Kleiner Perkins had funded us, that Vinod was involved, and that some well-known Internet engineers, software developers, and marketing gurus had come to work for us. The fact that Vinod had taken all of 15 minutes to decide to invest in us -- and that Kleiner Perkins had given us a term sheet only four days after we started talking -- raised a few eyebrows. Nevertheless, at the end of the interviews, most applicants would look at me with some frustration and say, "I still don't know what you're doing." It takes tact to uphold stealth. I would empathize -- but I wouldn't answer. I would say, "I understand how someone would want to know what we're doing. You'll know soon."

"Soon" may not have been soon enough for our first few hires -- they knew little of the product until after they showed up for work. But most applicants didn't have to actually start working for us before they learned what a Zaplet was. Instead, to learn our secrets, they signed a nondisclosure agreement. NDAs aren't foolproof -- they are as trustworthy as people are. But NDAs set the tone for how seriously an organization takes its confidentiality. When government agents specify that information is classified, they determine how secret it should be by how much damage a leak would cause. The release of secret information, for instance, would cause grave damage to the country; the release of top-secret information would cause extremely grave damage.