The SafeLogic Blog

Blackberry is for sale, and many are predicting that the key to any sale is the portfolio of encryption patents held by subsidiary Certicom.  Boasting over 350 patents and patents pending worldwide total, including what is considered a near-monopoly on elliptic curve cryptography, Certicom is the subject of much interest.  Unfortunately for Waterloo’s most famous product, it appears to be the fascination of journalists’ speculation more than investors’.

Is the commentary on the patent portfolio about the high value of elliptic curve cryptography?  Or is it saying more about the relative worth of the rest of Blackberry’s holdings?  Maybe both?

The biggest issue with the patents is this: who is going to pay strong licensing fees when there are plenty of other algorithms available, many of which are are able to be validated by NIST’s CAVP?  I understand that elliptic curve is the shiny new toy, and the NSA has openly supported it, but even their own Suite B algorithms still include AES and SHA alternatives.

Pushing for ECC is an uphill battle with a challenging dependency and catch 22.  In order to realize significant profits from the patents, elliptic curve cryptography must become a widespread standard.  However, for it to become mainstream, it cannot be subject to licensing fees that create instantly prohibitive financials.

Think of alternative fuel.  If Chevron owned the intellectual property for a fuel that was twice as efficient as gasoline, and a fraction of the cost to manufacture, they would make more money that we could count… right?  Possibly.  We didn’t factor in the demand.  If Mercedes, BMW, Ford and Chevrolet received subsidies to develop new engines to run on this miracle fuel, (and probably were included in a profit sharing arrangement,) demand could be created.  Then other manufacturers would likely adopt the new specs to meet changing demands and stay competitive.

Blackberry isn’t in a strong position to create this demand or to subsidize it, however, so I just don’t see the potential for organic growth that could justify it.  Licensing fees would have to be relatively paltry to garner enough interest in the current climate.

What if the climate changed drastically?  Last month at the Black Hat conference in Las Vegas, some researchers theorized that RSA and classic Diffie-Hellman could become obsolete within five years.  This is more in the seemingly growing trend of Chicken Little activity in cryptography.  Sure, it’s possible, but they are giving a lot of credit to potential accelerations in codebreaking technology.

Even in this case, licensing the patents would be a tough sell.  One of those same doomsday researchers admits that the U.S. government would probably overturn Certicom’s patents for the sake of national interest.  Alex Stamos, CTO of Artemis, figures that “if the cryptopocalypse happens, those patents are not going to last.”

So where does that leave Blackberry’s portfolio?  Possibly gathering dust alongside Betamax tapes, HD DVD’s, and the Microsoft Zune.  It was the right strategy to acquire Certicom in 2009, for $106 Million, but the demise of Blackberry’s core business may have submarined the market for their crypto patents.

Let’s entertain an alternate ending to this same story.  Blackberry’s devices would have continued to accumulate market share.  With a stranglehold on the government and private enterprise mobile device demand, Certicom would have earned its purchase price and then some, as elliptic curve cryptography was established as the standard.  Other handset manufacturers and app developers would have been at the mercy of Blackberry to either license the ECC algorithms or fall by the wayside, incompatible with the incumbent.

With Apple showing weakness for the first time in years, Microsoft stumbling again with hardware, and Google continuing to remind everyone “Don’t Be Evil”, we should be happy that there is no single 800 pound gorilla in mobility.  Otherwise, they might have wielded that power as Blackberry envisioned, and we’d all be forced to fall into line.

Thanks but no thanks.  In reality, I see ECC as being relegated to local encryption, embedded in the device hardware manufactured by whoever buys the patent portfolio, unless it is released without royalties.  Most folks are satisfied with current algorithm options and there is no obvious incentive to pay licensing fees.

So unless the landscape turns, I’ll take my chances with the ‘cryptopocalypse’ and wait to see how things pan out.