Examining the #DeleteCoinbase Controversy: Is Coinbase Selling User Data?
One Coinbase executive recently said that its partners were “selling client data to outside sources,” stoking privacy concerns.
One Coinbase executive recently said that its partners were “selling client data to outside sources,” stoking privacy concerns. Controversy has been brewing since the exchange’s acquisition of blockchain analytics company Neutrino on Feb. 19th. Purportedly, the founder of Neutrino is also the founder of spyware development firm Hacking Team, a company which was criticized for selling its surveillance technology to authoritarian regimes.
Update March 11: On Twitter, Grant Blaisdell of Coinfirm, a company mentioned in this article, denies that Coinfirm ever had any formal involvement with Coinbase. The mention of Coinfirm has been removed.
Coinbase Lambasted for Hiring Alleged Spyware Developers
Coinbase says it accidentally hired a group of mercenaries, who sold cyberweapons to Saudi Arabia and Sudan, and is now firing them https://t.co/EaWbOHmWS3
— Mark Milian (@markmilian) March 6, 2019
Once Coinbase made its acquisition of Neutrino, a number of different publications lambasted the company for associating itself with the ethically questionable employees. The publicity storm intensified into the Twitter campaign #DeleteCoinbase, with users calling for a boycott of the service.
“Known to pass information with Kaspersky Lab, GroupIB, and other Russian firms closely linked with FSB [Federal Security Service of the Russian Federation].”
According to a report from Motherboard, Hacking Team sold spyware to countries including Saudi Arabia, Sudan, Kazakhstan, as well as the US Federal Bureau of Investigation (FBI), and the Drug Enforcement Administration.
Coinbase CEO Brian Armstrong Responds to Accusations
“We had a gap in our diligence process. While we looked hard at the technology and security of the Neutrino product, we did not properly evaluate everything from the perspective of our mission and values as a crypto company. We took some time to dig further into this over the past week, and together with the Neutrino team have come to an agreement: those who previously worked at Hacking Team (despite the fact that they have no current affiliation with Hacking Team), will transition out of Coinbase.”
In response, the announcement seemed to have curtailed some of the criticism from the community. Joseph Young, a renowned cryptocurrency analyst and investor gave credit to Coinbase for rectifying the situation:
Coinbase let go of The Hacking Team leaders. The company made a mistake, owned up to it, and fixed it. Kudos.
— Joseph Young (@iamjosephyoung) March 5, 2019
Anthony Pompliano, co-founder of Morgan Creek Digital and recognized Bitcoin supporter, also suggested that the company was responding effectively to the allegations:
Say what you want about Coinbase, but the people spoke and the company listened.
— Pomp ? (@APompliano) March 5, 2019
Yet, it seems that the accusations have also inflamed concerns around Coinbase “selling user data” to associated firms.
Does Coinbase Sell Client Data?
In an interview with Cheddar—when asked why Coinbase acquired Neutrino, Christine Sandler, the director of institutional sales at Coinbase—stated:
“It was important for us to migrate away from our current providers… They were selling client data to outside sources and it was compelling for us to get control over that and have proprietary technology that we could leverage to keep the data safe and protect our clients.”
Yet, Sandler’s statements also suggest that Coinbase’s current blockchain intelligence providers were, or are currently, selling Coinbase user data. Now, by association, Coinbase’s partner intelligence companies, including Elliptic, Blockchain Intelligence Group, and Ciphertrace are now under scrutiny from the cryptocurrency community. Given that crypto users are far more security conscious than the average person these concerns are not trivial.
If you use Coinbase, now you are not only paying for your own surveillance but the salary of a person who contributed to the murder of journalists, targeting of minority populations, and spouse-ware around the world. https://t.co/fcjoTij8l9
— Janine (@J9Roem) February 20, 2019
“We may share your information with service providers under contract who help with parts of our business operations such as bill collection, marketing, and technology services. Our contracts require these service providers to only use your information in connection with the services they perform for us, and prohibit them from selling your information to anyone else.”
“We take care to allow your personal information to be accessed only by those who really need to in order to perform their tasks and duties, and to share with third parties who have a legitimate purpose for accessing it. [Coinbase] CB will never sell or rent your personal information. [emphasis in original]”
Partner Firm Responds to Rumors
Elliptic, one of the firms responsible for aiding with KYC-compliance through its service and identifying “illicit activity in Bitcoin… [by] providing actionable intelligence,” posted a response after getting swept up in the negative publicity. Elliptic co-founder and CEO Dr. James Smith wrote:
“I have been disappointed to see reporting in the past few days which has incorrectly implied that Elliptic is distributing personal information for financial gain. Such comments fundamentally misunderstand the data we analyse, the insight we share with our clients, and the role we play in the industry.”
The CEO went on to assert that Elliptic does not have access to “end users’ personally identifiable information”:
“[We have] no access to end users’ personally identifiable information. Our exchange clients including Coinbase, do not provide us with any personally identifiable information about their users.”
Whether the same applies to other firms that have done business with Coinbase is still uncertain.