What Coinbase Needs to Learn from the Neutrino Scandal
Michael J. Casey is the chairman of CoinDesk’s advisory board and a senior advisor for blockchain research at MIT’s Digital Currency Initiative.
The following article originally appeared in CoinDesk Weekly, a custom-curated newsletter delivered every Sunday exclusively to our subscribers.
If you want to test a cryptocurrency newcomer’s grasp of the design principles of permissionless record-keeping networks, tell them it wouldn’t matter to bitcoin if ISIS were running a node.
The statement can provoke a look of alarm. But it helps to make the point that the security model behind bitcoin and other decentralized cryptocurrencies – the way they resolve the Byzantine General’s Problem – is independent of the question of who is participating in the network. ISIS’s intent, evil as it would no doubt be, is irrelevant if it has less than 50 percent control of the network.
It’s also a good way to draw a distinction between the ostensibly “trustless” nature of the underlying ledger and the fact that so many of the businesses that provide services for cryptocurrencies – exchanges, custodians, price feeds and so forth – actually function as trusted third parties.
The point is that once you have to trust someone or some entity, then the question of who they are really does matter. That’s the lesson everyone should take from the PR disaster that Coinbase brought upon itself with its recent acquisition of the rather dodgy blockchain analytics firm Neutrino.
Precisely because it acts as a steward and custodian of a very large amount of people’s funds and assets, Coinbase’s business model depends on it building up and maintaining trust with its customers.
And as it learned last week, that can be a complicated exercise, one that goes far beyond what the entity does, to include how its messaging and its dealings with others are perceived.
The Neutrino-Hacking Team connection
After BreakerMag’s David Z. Morris pointed out that the founders of Neutrino were the same folks who headed up Hacking Team, a notorious Italian IT firm whose software has helped authoritarian governments spy on their citizens, a #DeleteCoinbase movement arose on Twitter and elsewhere.
The backlash isn’t surprising. In a report that identified Hacking Team as one of five “corporate enemies of the Internet,” Reporters Without Borders documented the outfit’s cooperation with a wide range of governments around the world, including Sudan and Morocco, enabling them to “commit violations of human rights and freedom of information.”
The Washington Post reported that Hacking Team once worked with the Saudi enforcement unit that was later involved in the murder of the newspaper’s correspondent, Jamal Khashoggi. A Toronto human rights group found that the firm had helped the repressive Ethiopian regime monitor expatriate dissidents’ activities.
It’s not clear how many users have actually deleted their Coinbase accounts in response to these revelations. Some reported difficulty in withdrawing their bitcoin balances to zero, a pre-requirement for closing an account; the amounts left were too small to easily transfer on-chain.
That prompted developer Udi Wertheimer to create #DeleteCoinbaseTrustChain – a play on the Lightning Network Trust Chain – to create a chain of Coinbase users transferring residual bitcoin to each other on the company’s books so they could drain and delete their accounts.
Either way, it’s impossible to put a positive spin on the branding impact of the Neutrino decision – which is why it’s also really important to look at Coinbase’s response to it.
As of the time of writing there had been no update on the Coinbase blog beyond the upbeat announcement of the acquisition from engineering director Varun Srinivasan.
In a statement to The Block, however, Coinbase said it was “aware that Neutrino’s co-founders previously worked at Hacking Team, which we reviewed as part of our security, technical and hiring diligence,” adding that “Coinbase does not condone nor will it defend the actions of Hacking Team,” but “it was important for Coinbase to bring this function in-house to fully control and protect our customers’ data and Neutrino’s technology was the best we encountered in the space to achieve this goal.”
Elaborating on why this was important, Christine Sandler, the company’s head of institutional sales, told Cheddar that the previous third-party providers “were actually selling client data to outside sources.”
Well, good thing that’s coming to an end. But the company’s argument – that this is best-of-class tech and that by bringing it “in-house” the company can be sure that it will “fully control and protect our customer’s data” – depends entirely on the presumption that users can trust Coinbase to act in their interests.
And trust isn’t as easily maintained as Coinbase seems to think it is. Hiring people who worked on such unsavory projects as the Hacking Team is a good way to lose it.
I’m not suggesting that Coinbase intends to surveil or otherwise abuse the rights of its customers. It has been a mostly faithful and trustworthy steward of its more than 20 million users’ assets. There’s nothing to indicate that it won’t continue to work hard to protect them.
But Coinbase is a trusted third party. To succeed it must develop, nurture and maintain the public’s trust. And as the saying goes, it’s very difficult to engender trust and easy to lose it.
This requires more than just living up to legal and de-facto fiduciary duties. It’s about how the entire company behaves, with everything from its blog posts to its corporate decisions under scrutiny.
An alternative that can be trusted
Banks and other financial institutions have been well aware of this challenge for years. It’s why they work hard on their branding – using words like “trust” and “fidelity” in their names and product offerings, and associating their logos and other corporate iconography with images of strength and dependability.
Even so, because of their poor behavior in recent years, public trust in banks is near all-time lows. Not that this has caused them to lose much business; most people feel they have no choice but to deal with banks if they are to transact in the real world. (Even among competing banks, switching costs, such as the hassle of changing direct deposit for paychecks, have historically made consumers “sticky,” or disinclined to switch providers.) It’s a captive audience, but a miserable one.
Perhaps Coinbase is relying on similar inertia, and maybe it can even afford to, given its massive user base and relative ease of use compared to most crypto exchanges. But if it wants to be a real alternative to the complacent, too-big-to-fail banks, Coinbase and others like it must hold themselves to a higher standard. They have to win the public’s trust.
Even if the Lightning Network and other decentralized technologies start to allow cryptocurrency users to more easily “be their own bank” and manage their assets without relying on exchanges or custodians, trusted entities will continue to play vital roles in the crypto ecosystem. In any case, we’re a long way from having those new technologies operate at scale.
Can Coinbase survive the Neutrino controversy and the #DeleteCoinbase movement? Possibly.
Yet the fallout from its decision and response affect confidence in the entire field of cryptocurrencies.
If the company and other such intermediaries want to help the industry grow and, in so doing, succeed in building their own respected brands, they need to work a lot harder at winning the trust of the people they serve.
Coinbase image via Shutterstock