Coinbase CISO Philip Martin speaks passwords, Libra keys


Philip Martin, head of information security at Coinbase


Coinbase's head of security, Philip Martin, has a big challenge: to explain the fundamentals of security to customers whose financial value absolutely depends on remembering their passwords and keeping their keys safe.

"We have the problem of a global cryptocurrency company that understands how to talk about security, in a way that is played in Japan in San Francisco and in Europe, and through the division of the age, in a way that really resonates to people. we're talking, "he said.

Coinbase is one of the largest cryptocurrency trading and payment platforms, recently valued at around $ 8 billion and supports over a quarter of a million bitcoin transactions per day.

Financial companies deal with cryptography as part of daily security activities. But in a typical bank, cryptography is often limited to two basic categories: disguising personal information, such as social security numbers, and ensuring that websites are protected. But cryptocurrency portfolios are different, because cryptography plays such a fundamental role. This is new to many consumers working with Bitcoin for the first time, Martin said.

"We are dealing with long-lasting keys that we generate that live for a very long time, which are the direct controller of the liquid value," said Martin, who previously worked as information security manager at Palantir Technologies and in counter-intelligence of the US Army.

"The possession of a key is the possession of your currency. This means that you cannot revoke a cryptocurrency key, if that key is lost, compromised, it is not possible to obtain [the value] back."

This makes the stakes of encrypted data theft more serious than the theft of encrypted social security data at a financial institution, he explained. "The consequences of the loss are much higher." It also means that the attackers are much more aggressive in gaining access to this cryptography, he said.

These high consequences mean that Coinbase's security organization must help contribute to a broad customer communication plan, which clearly explains how to manage their keys, passwords and other important information to protect their accounts.

For those unfamiliar with cryptocurrency, "a lot of work will be done on how to interact with the ecosystem? How can I act differently here than if I protect my account on social media?" He said.

The traditional banks have an advantage, he added, as "transactions in the traditional fiat system are reversible", while blockchain transactions are essentially irrevocable. Banks may have more problems with cable fraud involving the representation of the CEO, but cryptocurrency users are often subject to cold calling "technical support" scams, in which a criminal calls a client to convince them to give up valuable assets. security information, starting with "I'm here to help you with your coinbase account problem."

Know your client

"Coinbase uses traditional banking procedures to register new customers, an area that new people consider to be attractive," he said. This includes collecting the usual personal information from people using the platform and participating in the "Know Your Customer" (KYC) due diligence that most banks employ, which entails the benefit of customers who could use the own account for illegal transactions.

However, cryptocurrencies have the reputation of supporting any kind of illicit transaction. Making KYC was a step in reassuring new investors that cryptocurrencies are not all obscure. One of the reasons why the reputation persists in the United States, according to Martin, is because Americans are not used to the alternative use of currencies.

"The most difficult part of this conversation is that in the United States we have a fairly reliable financial system. It is easy to use, we have credit cards, bank accounts, we believe those institutions do the right thing," he said. "When we leave the United States, utility use cases become much more obvious … in places like Venezuela, as a valuable bank in a place where everyday citizens have lost faith in their government for manage their money ".

The use of cryptocurrency by guest workers in other countries, where the use of a "Western Union" style service can be difficult or prohibitive in terms of costs, is another convincing use of the platform beyond outside the United States, he said.

When it comes to illicit use of cryptocurrencies, the problem is real but not exclusive to these currencies, Martin believes. "You could say the same thing about money, due to its lack of public traceability. It is much easier to buy a high-end watch and sell it," using cash without being discovered than moving funds with Bitcoin, he said, because in in the case of cryptocurrency, "all these transactions are recorded".

"You may not be able to associate the identity with a single address, but now you have a perfect retrospective view of everything that has been done."

As for adoption, Martin has high hopes in the Bilancia project led by Facebook to create a new cryptocurrency, of which Coinbase is a member. But it is too early to judge the security implications of cryptocurrency expansion so broadly.

"From our point of view, Libra has the potential to bring cryptocurrency to a billion people because of the people involved. I think that while the potential is there, it is really too early to talk about the technical implications of the currency, their protocols and the currency, because it is still under development. "

Follow @CNBCtech on Twitter for the latest technology news.

[ad_2]Source link