WBD336 Audio Transcription
Ledger Hack Revisited with Pascal Gauthier & Matt Johnson
Interview date: Monday 19th April
Note: the following is a transcription of my interview with Pascal Gauthier & Matt Johnson. I have reviewed the transcription but if you find any mistakes, please feel free to email me. You can listen to the original recording here.
Listeners of the podcast still have questions regarding the hack, so I asked the Ledger CEO and CISO Pascal Gauthier and Matt Johnson to come on the show and answer some more questions and explain the changes they have made internally.
“ It’s not data that we need, it’s not data that we want, and so the only reason why we are doing all of this and why it sounds complex is because we have these legal obligations everywhere in the world.”
— Pascal Gauthier
Interview Transcription
Peter McCormack: Pascal, good morning, how are you?
Pascal Gauthier: Good morning, Peter, I'm great. Thank you for having me and having us today.
Peter McCormack: You're welcome, very welcome. And, Matt, nice to meet you for the first time, how are you doing?
Matt Johnson: Very well thanks, Peter, nice to meet you too; very good to be here.
Peter McCormack: So, my audience have been introduced to Pascal before, they are aware that he is the chief honcho over at Ledger; but they haven't met you before. Do you want to just introduce yourself and explain why you're joining us today?
Matt Johnson: Yeah, sure, Peter. So, I'm Matt Johnson. I joined Ledger early January. I am the Chief Information Security Officer. Now, my background is I started in policing, so I used to actually be a policeman with the Australian Federal Police; you can hear the accent. I'm actually an Australian, but I've been living internationally and abroad for more than the last 20 years, so most recently my other roles include Group CSO, Group CISO, for some fairly large financial organisations. So, very pleased to be here and please to have joined Ledger in this challenging time.
Peter McCormack: Yeah, so you joined Ledger after an incident that we're all aware of and we've discussed before. Pascal came onto the show and discussed that before. I guess the first question for me is, in joining and being aware of what happened, how did you approach the role; what specifically have you been looking at with regards to Ledger; and obviously, you're there to improve the security of Ledger and customer data; how have you approached this?
Matt Johnson: Sure, so I was aware and it obviously all dropped just prior to my joining, so I very much had to hit the ground running. So, I tackled and approached this as I have done so for a number of other organisations where we've been involved in incidents; so, first of all going back to the bare basics about, what is the data that we hold; why do we hold it; what do we need to do; what are the internal process flows; and basically driving right underneath the bonnet there to go, do we actually need to hold and retain this; do we actually need to be passing that as part of shipping, fulfilment, warranty purposes; does that really need to be required there?
Then, basically stripping and pairing that all the way back to go, what is the absolute minimum we need to hold; what is the shortage period of time that we can do; and at the same time, being able to keep within the legal bounds that we have to for various reasons, as I mentioned warranty, but there's also taxation, shipping, customs, all of those parts that we've got to be able to balance.
So, I've put the challenge out there to Ledger and the teams to go, how can we do even better; how can we go beyond the auspices of things like GDPR and what's required there for holding that information and go, actually we want to be even more brutal. It's more important to me and to us that we actually retain our customers' and our clients' trust and faith, rather than me being able to go, "Actually, I can follow through on sales and marketing"; it's more important to me that we've got that trust and confidentiality with them.
Peter McCormack: Okay, great. Pascal, great to see you again. We've done a couple of interviews before. We've hung out in, I think it was Hong Kong; I got to know you a little bit. And I'm know, I'm sure, for you with wanting to run Ledger, especially during a bull market, you do just want to focus on product and business and growth and want to put this behind you.
But I appreciate you coming on, because it's a couple of months ago now since Benoît approached me and asked to sponsor the show, which I did have to consider strongly; but I did speak to some people and the consensus was, from those that I trust, that despite what happened, it's actually very important for the security of the industry that we have a robust and competitive marketplace for hardware devices and I guess you have an opinion on that as well?
Pascal Gauthier: I will second exactly what you just said. Security's paramount for this industry in general. Hardware security is the best way to do security for this industry and I think it's important that Ledger and all the others actually compete in this market to bring the best products to the end users that then will make the decision on whether they want to use Ledger products or not.
But, I think that because the security of the private key is such an important issue for this industry and the endpoint security is the weakness of every blockchain, I think we all need to work very hard to increase the security barrier; and we've seen in the past it has to do with the device, and I think Ledger is doing a great job with this. But, it also has to do with everything around and this is why Matt joined, because security is not just the device; it's not just the hardware security; it's everything else that we can put around our customers to make sure that their experience is ever more secure.
Peter McCormack: Okay. Well, like I say, I had to consider the sponsorship carefully and one of the conditions of working with you was that we can have this direct relationship, that I can speak to you directly, that I can build this bridge between questions people have regarding Ledger and the community; and you've given me that, so I appreciate that. Just so people know, Pascal's pretty much said I can speak to him whenever I like and bring to him any idea, so I think that's important. I think building that bridge is super important, so I appreciate that.
So, I do have questions. I put out an AMA on to Twitter to allow people to ask the questions. I won't ask all of them, because some of them were a bit pointless, but I have collected them up. I just think not everyone will have heard the previous interview. Shall we just do a reminder of what actually happened? I don't know if you want to handle that, Matt, if you're fully up to speed, or if that's something Pascal will handle?
Matt Johnson: Look, there are two very distinct elements here that we need to look at. First and foremost, there was an issue with some third-party developments and an API key was left available and accessible in a location that it shouldn't have been. That API key enabled malicious individuals to obtain some records from us and we received a mail in July notifying us and making us aware that that was there. The same day that we received that email, that was fixed; that was all done.
So, a couple of days, we looked into that and we notified the French Data Protection Authority and then ran some forensic analysis. We got the report back on 29 July from the forensic organisation that ran the report for us and we communicated out to what we believed were the impacted customers of Ledger at that time; so, did a notification out to them to say, "Hey, look, this is what's happened". We put a statement up on our website to say, "This has happened, be aware".
Now unfortunately, at the same time, in the background of all of this, on 18 April and on 16 June, there were basically rogue agents working for an organisation that we use for order fulfilment. Now, what they did, they had legitimate access to the systems and they then downloaded copies of all of the data that we were using for shipping devices out to people. So, as I said, that was on 18 April and 16 June. We didn't become aware of that. They went public on 23 September as an organisation to say that these individuals had accessed more than 200 merchants, but we were not identified or public acknowledged that actually our data was in amongst that.
It wasn't until 23 December that they actually came to us and said, "Oh, and by the way, your data was included in all of this and that was actually after the full public dump of that data on the database on 20 December". So, we were sort of caught a little bit on the back foot believing we'd done all the right things, notified our customers; we'd notified the relevant data protection authorities, had those conversations; we'd done the forensics; the forensic report was very specific in what it believed was the data that had been accessed; but ultimately, that wasn't correct.
We then noticed that there was a broader series of attacks that had been started and commenced on our customers, so we started seeing these coming out in early October. So, what we did was we did some very proactive email warnings out to our users about these targeted phishing campaigns; and what we saw, from round about 22 October, was that this really started to ramp up. So, what we suspect has happened in the background is that the database has been acquired by particular threat actors and they've stood up a very specific number of campaigns.
So from this, we've doubled down on education, awareness, communication with our customers; so, not only have we told those who we believe impacted in the first instance a couple of months prior, we then sent out email warnings to our customers to say, "Look, be aware, scams, phishing attacks", and anybody who goes to Ledger.com will say a very prominent banner at the top of the page that says, "Beware of these ongoing scams and attacks".
If you click on that link, it brings you through and we're continuously updating that with all of the new scams and schemes that we're seeing. We update the stats and the metrics. We've taken down over 300 websites that have been associated with these phishing campaigns and attacks. We work with a number of external organisations to not only identify them, but to take them down; but to also look at where we can get information that leads us to be able to track funds that are being used and taken by these scammers and to try and track those wallets.
We've also gone and doubled down on the education part there. So, if you go through the Ledger Academy, there is a lot of material there around how to keep yourself safe. And once again, I'm sorry, I'm going to take this moment to reiterate to everybody yet again, Ledger's never going to ask you for your PIN or for your 24 words. If it's not a PIN you've created or it's not the 24 words that you've generated, you've got to treat it as suspect. Always validate the address that you're sending any funds to because you and you alone are in sole and total control of your funds and assets that are protected by your Nano.
So, I've just got to continue to replay that as a message and go, "We'll never ask for it". It's like in the old days, your bank and your PIN; you get told and we all learned and got educated that you never share that. Likewise, we don't need it; we don't want it; we will never ask you for it. If somebody does, they're trying to do something bad. Alongside all of this, we went --
Peter McCormack: Matt, can I just -- a couple of questions I've got just before you go on from that bit? So, specifically with regard to the API key, some people won't even know what an API key is. Can you just explain what that is?
Matt Johnson: Sure. An API key is an Application Programming Interface. Basically, it's a key that you need to enable you to access particular functionality. In this instance, it was enabling a call to the back end that would then actually deliver data. So, they used that key to unlock and basically read off the data, if I try and break it down into the simplest of terms.
Peter McCormack: And was that a third-party company you worked with for distribution of devices?
Matt Johnson: No, sorry. There are two things here. One was a third-party organisation that we were using to assist in development and it was through one of their -- and to once again be very, very clear, they were working for Ledger on doing the development work that the individual left the key that was exposed. The second part that I referred to was an organisation that we used and still use for order fulfilment and distribution; correct. So, that was where the customer service agents were involved and downloaded the data from the order fulfilment and distribution organisation.
Peter McCormack: So, speaking to various companies involved in Bitcoin, whether it's exchanges; Kraken used to be a sponsor, I spoke to their Head of Security; speaking to Casa; one of the things that they have to do is have very robust internal procedures for protecting against rogue staff, or staff even being exploited through social attacks, etc. I'm assuming Ledger has something similar, but when you start working with third parties, whether it's, say, a development company, you suddenly have exposure to that data from people working from that company.
Have you had to change things so that in future, when you're working with companies like that, somebody can't just make an API call and take a copy of your data; how does that work now?
Matt Johnson: Yeah, Peter, absolutely; and this is something that once again, since I've come on board we've completely looked at the data and the potential for exposure from data; we're also going back and re-examining all of the third parties that we're using with whom those data flows go through to make sure that they've got the appropriate data controls revalidating.
When we first started working with them, we validated and said, "What are the controls; how are you protecting this data; how do your individuals have access to it?" so, going through each and every single one of them to make sure that the controls that they have in place are commensurate with the controls that we have internally, not only just around the people and the staff and potentially vetting, but things like logging and monitoring and going, "Hang on, why is that agent now suddenly downloading such vast numbers or such vast volumes of data touching so many of our customers or so many merchants?"
Then also, going back to some of those organisations specifically and saying, "You need to better; you need to change these things", and indeed they have very much stepped up to the plate as well, acknowledging, "Well actually, maybe having our customer service agents being able to do that legitimately isn't the right need, so we will reduce the numbers of people who have access to that, reduce the scope for them being able to potentially abuse" and if it is being used, knowing that we've got the right auditing and logging and monitoring available to that.
Peter McCormack: I think the one biggest fear people have as bitcoiners is access to their address information, more than anything. There are different levels of attacks. If it's your phone number, maybe you can get your SIM swapped; if it's your email, you can get phished. With home address data, people fear somebody knocking on their door knowing they're a bitcoiner.
So, you've talked about, you can analyse and see if someone's accessing and trying to download vast volumes of data, but there are even risks, I guess, if somebody is just looking through and finding individual, just individual addresses. But, I don't know the solution to distribution, how you actually arrange the distribution of a device like this, but do not expose somebody to that kind of risk. What exists for something like that; what can you actually do?
Matt Johnson: Yeah, exactly, and once again, coming from a law enforcement background, I can understand why people have these concerns and why it is potentially worrisome to them; I absolutely get that. It is very difficult and it is very challenging to be able to deal with this specific one.
One of the things we always say is you don't use a personal home address, so you can have your device shipped to work, if you employer is happy for you to have personal deliveries made to it. Otherwise, there are other organisations that will allow for drop boxes, or PO boxes, or parcel delivery services that you can actually use to be able to do it.
But, one of the challenges that we have and exposure to a number of serious incidents over the year with things being posted that you don't want to be opening up yourself, that some regions, some countries, they don't like having these postal drop boxes anymore, so it makes it very difficult in being able to ship these, because you still need, at the end of the day, a physical shipping address, which what most of us use would be the home address; so it is a very, very challenging problem for us.
Once again, one of the things that we always go back to is you say, "Try not to expose that". I personally have other things shipped to PO boxes where I go down, but that's not always possible for people and it's not always convenient.
Peter McCormack: Is there any way you guys can obfuscate what the delivery is, and have you guys even considered handling, I guess what I'm saying is, the first point of distribution yourselves, rather than going through a third party?
Matt Johnson: Right, okay, so on the obfuscation of the data, that is very much something that we are doing as part of all that data review and processing what's being held; but at the end of the day, there still needs to be something that goes through to a despatch organisation to be able to take it off and put a label on it to print off and say that's the address it needs to be shipped to. But what we're again looking at, the minimisation that once that's done, can we actually remove all of that and hold it back to obfuscate it; records that if we need to look at things like returns, warranty, chargebacks, that we can actually still do all of those things.
Peter McCormack: Yeah, okay. So that takes -- sorry, actually, I interrupted you. Were you about to --
Matt Johnson: Yeah. So, what I was talking through was, with the actual timeline of the incident, one of the other comments was around not only just what happened, the exposure of the data via those mechanisms, the notifications out to the customers; but, when we became aware of this ramp-up of attacks, one of the other things we did was we doubled down.
Now, something that's important to me is not just the safety and security of Ledger and Ledger as a device, but to all of the bitcoiners and for everybody else coming out into the crypto or alternative payments market, they need to understand the ecosystem is safe and secure. So, what I did after talking with Pascal and the rest of the organisation is, we raised what we call the Phishing Bounty.
So, we put a sum in there of 10 Bitcoins and we said, "This is going to be part of our fighting fund". I've been reaching out to other organisations to see if they're also willing to contribute towards that. What we do with this is we've created a contact mechanism to ask people that if they have novel, new information, that directly leads to the identification, arrest and prosecution of individuals, that we would then make a payment, so a reward for them coming forward for either their time and research, or coming forward with the information to allow us.
It's not just about protecting not only our customers, but for me it's also about making sure that the ecosystem in which we play is seen as being safe and secure and trustworthy, not the Wild Wild West where scammers abound and anything and everything can happen. So, we're looking at trying to be able to do with that. And that's why we're also working with law enforcement, working with all of these other external organisations doing the tracking, tracing, shutdown of websites, removal of the abilities of the scammers to be able to do this. But, as fast as we do that, we're seeing more stuff standing up. So, we are very attractive targets within this space.
Peter McCormack: Yeah, okay.
Pascal Gauthier: And, Peter, I just want to say one thing which is, everything that Matt just explained is all documented online, has been documented online for a long time; and we've published, actually, many things, whether it's on our website or on YouTube. Matt actually gives several interviews going into detail of everything that we just described in a few minutes. And I often hear the comments, or I often read the comments on Twitter that, "Ledger is trying to hide", we're trying to shy away from the programme; that we're not telling the truth.
We're trying to be as open and transparent as we can, publishing everything as soon as we have it; trying to communicate with our users as soon as we can and giving them all the information that we have at the time that we give the information. And everything that Matt explained is well documented online and so, when I read people to say that, "Ledger only sent one email a few months ago"; actually, that's not true. We've done a lot and will continue in doing a lot, in the sense that we understand that this problem is not going to go away just like that, and we need to do a lot of work to make it right.
With everything that Matt said around looking for the guys who did that and the hackers and to prosecute them, I think this is very important to us. And probably, if we get there, that will be an important day for Ledger and the community.
Peter McCormack: Have you made any progress with identifying who the hackers are and prosecuting; is there anything you can talk about with that?
Matt Johnson: I can talk about it to say, yes, we have made some very, very good progress and we're actually working with law enforcement across a number of jurisdictions to follow that up. Obviously, the challenges that we're facing aren't new. This is something that every industry faces and it's a well-known thing globally. So it means, given the distributed nature of some of these organisations and individuals and infrastructure, it means we've got to work with multiple parties, which makes it all the more complex. But, the longer it's going on, the greater the thing is that we're seeing the coordination and communication between them.
I don't really want to go any further than that, because obviously this is still very much in progress and I don't want to tip our hand on it, but other than to say we've had some fantastic information sent in to us, which has been very, very helpful; and also, we've been following down a number of leads and will continue to do so.
Peter McCormack: Matt, were you new to Bitcoin when you were recruited by Ledger; had you had any previous experience?
Matt Johnson: Very minimal. I've got a very good friend of mine who's been into it for years. When I joined, he sent me this fantastic little graph, "Price of Bitcoin when I first talked to Matt about it", and this was back in 2015; "Price of Bitcoin when Matt finally joins Ledger". It was quite amusing!
But my background, coming from very much traditional financial organisations and institutions, it's been a fantastic learning journey for me. And once again, it's coming back to that ecosystem of being able to provide financial services to people who traditionally have been locked out of that market; the freedom to know that actually, I can control and look after these things and it's all in my own hands; very, very exciting to me.
Peter McCormack: It must have been a bit of a baptism of fire. There are some very unique things about this industry in terms of immutable records and the ability to just move money, essentially instantly around the world.
Matt Johnson: Yeah, and not only a baptism of fire and some very interesting concepts to get around of being able to do that; but also very, very exciting, the ability and knowing that actually, it is immutable; to know that actually, I am in control and when I commit to that, that's is. And once again going back, I've got to put the message out there; make sure you always validate the address you're sending it to, because once you do that and you have pressed that button; that's it. Then it becomes a much bigger thing to try and unpick.
Peter McCormack: Are you a bitcoiner now, Matt; have you got skin in the game?
Matt Johnson: I have skin in the game!
Peter McCormack: Good man. Okay, so strange question when you think it through, but could this happen again?
Pascal Gauthier: It's a good question. Look, I think I'll take a first stab at this and then let Matt, as the expert, speak on this. I think we're doing everything we can so it doesn't happen again and we've been working really hard over Christmas last year, the first few months of this year, not just Matt, but there is a whole team that is actually working on this nonstop so it never happens again.
But, when it comes to security, nothing is absolute. And, when we were challenged with this, the decision that we took at the time was to invest a lot into increasing the level of security for our users. So, the best answer that we can give to the market, to our consumers, to our users, to our clients is this: we are investing heavily into security right now; whether it's the product, whether it's the system, the process; everything that we can. It's not just Matt, it's not a one-man job, so Matt is recruiting a team of, I think it's 14 people now, that we're recruiting actually everywhere in Europe. So, if you want to apply, now is the time; and this is our commitment, to invest a lot to make this as secure as possible.
Peter McCormack: So, let's talk about data. How long are you holding onto that pertinent data; the email, phone number, address?
Matt Johnson: So, the answer to that, Peter, is it depends. And the reason why I have to say that at this moment is, because of the systems and the process flows it all works through, some of those systems we can get rid of and it's heading there. Some of it we're actually even removing, so it's not even being used in the first instance. But then, there is some of that data that we actually need to retain for a longer period of time.
So, for example, were we to have a recall issue due to a problem with a battery within one of the devices, it means I've got to be able to go back through for the warranty period and retain some of that information, not all of it; but, we've got to be able to show, as an organisation, that we're being responsible enough within that bound to be able to address those concerns. Once again, being really clear, we haven't had any warranty issues, there are no problems with the batteries, that is all fine; but, it's just being used as an example that we can.
Peter McCormack: What's the maximum you need to keep for that, because if you kept my email address, you could communicate that, but you wouldn't need to keep my home address for that issue, right?
Matt Johnson: Correct. So then, the issue's also then on the return. So we're looking and, once again, this is the challenge that we're setting, is to be able to remove things like home email addresses within three months.
Peter McCormack: You said "Home email address"; you mean home address?
Matt Johnson: Home addresses, correct.
Peter McCormack: Okay.
Matt Johnson: So, that's the sort of thing where we're setting the bar saying, "Actually, that's where we want to get to". Now, that's what I am driving with the systems and the teams for the development and making sure that we're still able to meet our legal obligations.
Now, it may well be that we can't get rid of that, because we've got to be able to show, for taxation purposes, that we sold this device to a particular geography, a particular country, so that we can recognise that within those locations. But, what my commitment then is that actually, we'll be moving that data into a segregated environment so that it's no longer accessible externally via the internet.
Peter McCormack: Almost like a cold wallet?
Matt Johnson: Yeah, exactly. So, if I have to get down to the point where we'll actually take that and remove it and it will be put in an entirely segregated environment, if the most effective way for me to do that is to print the record out, delete the record, store it in a binder in a fireproof safe, we're going to go down to that level of effort. Now, that's what I'm suggesting we're doing at the moment, because that's got its own problems with it; but once again, all avenues are on the table and that's the kind of drive that we're putting forward to it.
Peter McCormack: Could you not just keep country and remove home address, or is that not enough for the tax authorities?
Matt Johnson: Correct.
Peter McCormack: So, you have to keep the full home address?
Matt Johnson: So, there is part of that where we need to. And once again, that requirement is different based on country.
Peter McCormack: Yeah. We often find a lot of the problems with data, whether it's what you're doing here or KYC AML, it's actually the requirements from the government and central authorities that are putting people at risk, that companies are required to keep certain data.
Matt Johnson: Correct.
Pascal Gauthier: Look, it's a very complex problem. Some people try to waive it and say, "We just remove the data after three months and that's it". For our business, at scale, shipping products globally, I mean we ship products in more than 200 countries. So, it is certainly a complex operational problem that we're facing with that, because each country has its data protection laws. If you take Europe, we have GDPR; US doesn't have it; etc. So, it is a very, very complex issue. And if you want to run a business at scale legally, you need to take those issues very seriously and go almost state by state or country by country to understand what are your legal obligations, etc.
So, this is why we didn't come back to the market overnight with a very, very simple answer because honestly, the answer that I would like to give all of our customers is, "We actually don't really need your data". So, if it was just me, once we ship you the products and we make sure that you can return it, etc, we'll just trash it, because we don't need it actually. It's not data that we need; it's not data that we want. So, the only reason why we're doing all of this and why it sounds complex is because we have these legal obligations everywhere in the world.
Peter McCormack: Is it legal obligations from the countries themselves, or are these French Authority obligations specifically?
Pascal Gauthier: They're both actually. French authorities have some obligations. If we take away the data problems for two seconds, typically when you ship to the US, you ship to more than one state and so, you have tax obligations in all states that you ship the products to; this is actually a complex problem. And so, you have the same problem with data everywhere. The only point that I'm making is there's no silver bullet here or super simple answer, because our answer otherwise would be, "We don't need the data and we're deleting it".
Peter McCormack: What about if I want my data removed, do you have a way for me to contact you and say, "Look, I just want all my records removed"; and are you allowed to do that?
Matt Johnson: We do have the way and once again, within the rights of the relevant legislation, if people contact through our customer service, and we've had a number of people do this saying, "Please delete all of our data", that once again, outside of that timeframe and within the bounds, absolutely we do that and remove those records.
What I'm trying to do as part of the data work is actually be proactive about that and go, "If we don't still need to hold it, get rid of it", because the smaller the footprint that I've got, the less I have got to worry about. But this, once again, is just that challenge on being able to make sure that we can meet and discharge our obligations, as a complex business operating around the world, and balance that with the rights of the individuals. But, I would always go, smallest amount of data possible works in my favour, and that's what I want.
Peter McCormack: Okay. I guess rebuilding trust has been one of the big focal points for you guys. What happened was unfortunate and I understand the frustrations of some people, especially if they were on the database. I wasn't actually on it, for whatever reason, but I am a Ledger customer. I bought my first two Nano Ss back in 2017; I'm still using one of those today. I've always been a fan of the product. But, trust was an issue.
So, I guess you've had a big focus therefore in rebuilding trust through the things that you've said to me now and the things you're doing? My expectation is that this will be something that will just continue.
Pascal Gauthier: Yeah but, Peter, just one thing. So typically, you or myself, people have asked me, "So, why don't you put your information online if it's so easy for Ledger to lose it?" Actually, you can find my information online pretty easily --
Peter McCormack: Me too.
Pascal Gauthier: -- and I'm pretty sure that if we look hard enough, we'll find you.
Peter McCormack: Yeah. A couple of these hacks makes that easy.
Pascal Gauthier: So, I think we all need to think about what that means. A data leak is one thing and again, we're talking openly here about it and everything that we just said; but equally we have to realise us that, if people know us and are really after us, then eventually they'll find us. So, we need to figure out what it means for our security and to what Matt was saying, where certainly we now have ownership of the coins; so, what is the security that we put around us then to make sure that these coins stay safe.
I think you did, just after the incident, yourself and a few other people did a very interesting podcast around personal security and how do you handle your privacy and your coins. I think what I suggest is, we all need to do some hard work in order to understand what security means and there is a lot of education. So, we've made available a lot of documents around education around security. I think there are other pieces that exist online that are very good to read.
But I think we need to understand also that there is a shift between the web too and what we knew with security, where you trust your bank and basically your bank is in charge of your security; to suddenly, you're in charge of your assets. It's as if all of us now had gold bars at home. So, it means something else in terms of security and we need to worry about that. It's not just about yes, yes, yes. When we open an app, we click on every "yes" button without even really looking at what we click.
I think the security has completely changed where we need to be very careful. So, when you set up your Ledger or any other devices, you need to take your time. You need to be in a quiet room; this is not something that you do with the children playing in the back; you need to be very focussed; you need to read everything that is written; you need to do your own research, etc. So, there is some form of that that we all need to do, I think.
Peter McCormack: Yeah, it's a really good point. Somebody only the other week posted my home address on Twitter, somebody that doesn't like me or my show, for whatever reason; another one of these angry haters. But, they were able to find that data because, if you really search, for someone like myself, it's not that difficult to find. So, I've had to change things.
I had to set my security up thinking that someone could come to my house any day, with a weapon, and threaten me for my Bitcoin, so you can't access my Bitcoin in my home; I've been very clear about that. There just aren't the devices here and I talk about multisig, which I'll talk about with you soon, but I think multisig solutions are good. I'm a big fan of Casa, another sponsor; I'd recommend them highly; I'd recommend them if they weren't a sponsor. But I think that personal security thing is an important thing.
I also think we're going to see a lot more people move to using pseudonyms. It's a bit too late for me now, but I think a lot more people are going to move towards using pseudonyms. But, we did have someone put on Twitter earlier, "Why don't all the Ledger executives post their addresses and details online?" I understand the point he's making, but that's just not a solution, that doesn't fix anything; that just adds to the problem. So, I tend to just ignore stuff like that.
One thing I will raise though is that a few times, and we talked about this last time, people said, "Are you going to compensate people?" and I thought about that for a while and I covered it with you previous. But, I ran the maths and even if you were to compensate everyone $100, that would actually probably bankrupt Ledger, because of the scale and the numbers; so, I never felt like compensation was something that would scale for the business, or really achieve anything. It's not like you can pay for everyone to move house, or such and such.
But, one thing I did think would be a good thing, and I will raise it, is that I think it would be a good thing for Ledger to be supporting and making contributions towards open-source development, especially in the privacy area. How much time or consideration have you given to that and, sorry, I pressure everyone on this; I did it to Brian Armstrong at Coinbase, I did it to the Winklevoss'; I like doing it on the podcast, because it puts somebody in a bit of a spot! But, how do you feel about doing that.
Pascal Gauthier: I think we discussed it last time also, so this is probably the second time that we discussed this. I think that we, at Ledger, what we are trying to do is we are trying to enhance the ecosystem security. This is what we do with the Donjon; we have a team of white hats that are working hard on our security, but also trying to solve very difficult security problems for Ledger, but also for the rest of the industry and working with other security teams to make sure that the bar's always increasing.
So, there is really a lot of work and it's actually very well documented online that the Donjon is doing to pro bono and in a full, transparent way actually, which is very new in security, because usually security is by opacity and I think a lot of companies, including Trezor, have done a lot and Ledger, to a certain extent, have done a lot to make security less opaque and more open; and, I think we're all going in the same direction.
So, there is already a part of Ledger that is giving a lot for free to the industry and the community to make sure that security ever increases. I think this question is probably the next show and the next interview with Ian Rogers because I think, to that question, Ian has a lot to say and he's working on a lot of things right now and so, it's probably a good question for him.
But in general, Ledger wants to be a good player in the space and make sure that everyone is more secure in the future.
Peter McCormack: You know I'm going to text Ian now and pressure him!
Pascal Gauthier: Yeah.
Peter McCormack: Well listen, look, with Bitcoin at about, what is it, about $64,000, it's fucking ridiculous and heading towards $100,000 and we're at a $1 trillion market cap, probably going to $10 trillion at some point, I still think one of the most important things we support is the devs, the open-source devs working on it. So, I'm going to text Ian and suggest some ideas to him; but, I appreciate you being open on that, Pascal.
Pascal Gauthier: Peter, one more thing. The reason why you should really reach out to Ian is because we're working on this open platform strategy as we speak, so for us to build a developers' community around Ledger has been important in the past and will be critical for the future, so this is definitely a strong topic for us. It's just, I don't want to steal Ian's thunder, because he's the one working on it!
Peter McCormack: All right, well Ian's great anyway; me and him speak regularly and I think he's a great addition to the team, so I will speak to him.
Okay, the next thing that comes up, and this is moving on from the hack, just another question and this comes up a lot and I think it's a fair question: what are your thoughts with regard to open-sourcing the code, because you're not open-source at the moment; some people are? Is there any reason that you're not; are there any plans to open-source the code?
Pascal Gauthier: So, Ledger right now is partially open-source, not totally open-source. The reason why we're not totally open-source has to do with our chip manufacturer, because we have some obligations towards their code, I guess, so it has nothing to do really with the Ledger operating system that could be completely open-source, and it has more to do with the hardware security and the chip manufacturer that we work with; STMicroelectronics.
So, I think for us, there is a bit of a moot discussion between open-source and not open-source, because the question is, what is the most secure; and right now, I think Ledger has demonstrated a high level of security with our device. We actually are the only certified device in the market and that's worth noting. And so, yeah, maybe there will be one day where Ledger will be 100% open source, but that day will only happen if we're allowed by the third-party vendor that we work with and if the device is as secure as. So for me it's more, is it secure versus is it open-source completely or not.
Peter McCormack: Okay.
Pascal Gauthier: But here, it's a bit of a religious debate.
Peter McCormack: I know.
Pascal Gauthier: Some people will say, "Oh my God, this is so bad; it needs to be fully open-source in order to be true". We disagree and it's okay sometimes to disagree.
Peter McCormack: Yeah, okay. Another question that came up, which is something I'm out of my depth on, but your Random Number Generator; how do you verify it's actually random?
Matt Johnson: That's actually a particular component that is subject to specific certification. So, that has actually been independently verified as part of the certification process itself. That is actually a very good technical question regarding the actual randomness of it, but that is independently verified, yes.
Peter McCormack: I always thought random was binary; either it is random or it isn't! Something new you learn. So, with regards to Ledger Live and the Android, what location data are you using and what are you not using?
Matt Johnson: So once again, going back to the security discussion earlier, the things that I don't want to be holding is things like IP addresses and those sorts of records. However, full localisation, where we're able to see that a particular device is set to a geo country that's actually been set in the device, we will then use that for the localisation for the representation of it.
Peter McCormack: What about coin control; is that coming? That's something I learned about recently. I made a show with Shinobi and I didn't realise what coin control was and I've learned about it recently. Are there any plans to offer that?
Pascal Gauthier: Coin control I think is already operational in our experimental mode. Actually, there are many features and coin features in general sometimes that are either available in experimental mode and/or available at the hardware level only, meaning that they're not available in Ledger Live. So, we try to cater for two categories of users: the super advanced user; and also, the new users that are coming into the market today.
There are some functionalities that are very important to the power users, such as coin control, PDSD and so on and so forth, but are really not top of mind for someone that just joined crypto and wants to have the basic functionalities of Ledger Live. So, our strategy, but also that's a good question for Ian next time you speak with him; but, what we're going to try to do is make sure that the advance users have what they need, which is typically why we have coin control and we have the full node capacity now.
There is a roadmap of taking these novelties to our users and to market, even if sometimes we are a little late to the party, but we're working on it. And typically, PDSD is something that we don't have today, but we will have at the hardware level. But, we don't intend to bring it in Ledger Live, for example, because we think that it's too much of an advanced feature and so for the power users, we'll make sure that they can use it if they want to, but we won't bring it to the masses because we think, in terms of UX, it's hard to make it work for someone who doesn't really know what it is.
Peter McCormack: Yeah, and look, I appreciate that. I'm always fighting the UX battle and it's a conversation I have where I think I have quite a firm grip on what I think new users are capable of and what takes people too far and whilst there are power users out there that want these advanced features, I agree that sometimes it's a bit too far.
I guess personally, I would almost like the power user version of Ledger Live where I have these features available switched on, but coin control would be interesting. Okay, I'm going to take some notes.
Pascal Gauthier: Check it out.
Peter McCormack: Yeah, but I'll speak to Ian on some of these questions. Another important thing is full node support. I know that's something you've been working on and it was due to come. Do you know what the status is of that?
Pascal Gauthier: It's available; people are using it.
Peter McCormack: Built directly into Ledger Live?
Pascal Gauthier: Oh, well this is again part of the experimental features that we're talking about. There are people using it today, but it's not -- we've released it but it is not a massive usage. It is limited to a few hundred people.
Peter McCormack: Oh, interesting. Okay, just a couple of questions left them. Matt, in terms of fake resellers, any advice on that; how people can spot them?
Matt Johnson: I would say, make sure that you come through to Ledger.com and purchase through there, would be the number one. We're doing a lot of active work to take down and monitor for fake resellers. That is one of the streams of very active investigation and closure that I'm working through with the team; but the primary piece of advice is, make sure you come through Ledger.com and do your purchase there.
Peter McCormack: All right. And, is there anything I've not asked you, Matt, that you wish I had, anything you want to cover, anything additional you want to add in before we close out?
Matt Johnson: I think the only comment that I'd make is, and reaching out to every one of Ledger's clients and customers is, I've joined recently, I've hit the ground running; I hear the concern; I absolutely get it. And, having worked and been involved in similar sorts of investigations over the years, I can understand some of these concerns.
I'm not going to rest; the team's not going to rest; we're going to keep doing this until we can hopefully win back that trust from them. Their trust is much more important to me than their data and I'll continue to drive down this avenue and this path and look forward to engaging with them, the community, the entire ecosystem over the coming weeks, months and years.
Peter McCormack: Brilliant, well I appreciate you coming on. Pascal, yourself, anything else you want to add; close out with; any other final messages?
Pascal Gauthier: I think all I would say is thank you again for having us, Peter. I think it's been important to me from day one of this data breach to quickly come on your show and talk to the community and say how sorry we were and what we're doing for this, so I'm actually glad that this is the second show we're doing just to present the progress that we've made and show that we care and that we've been working hard and that we have super talented people like Matt that are helping us solve these complex issues.
So, I'm grateful that you gave us the platform and the opportunity to speak again today, so thank you.
Peter McCormack: Well, no worries. As I said, you were open to any question, which was great. And as I said with the sponsorship, I had to consider it very carefully; and one of those conditions was having this bridge between the community and yourself, that any questions can be brought to you; and you've honoured that. So, I do appreciate that. Not everyone is going to be convinced, or is going to be supportive of Ledger but as I said, I think it's really important that we have a robust, competitive marketplace for hardware devices.
My multisig setup with Casa uses a Ledger, it uses a Coldcard and it uses a Trezor and it does that for a reason so I'm not reliant on one manufacturer; and that's really important that I see that all three still exist. So, yeah, appreciate the open book. I'm sure we're going to speak again regularly. I'm going to follow up with Ian on a number of these items, because I think it would be good to cover some of the features that people want and some of the ongoing development. But, look, I appreciate you coming on and, yeah, let's just keep the dialogue open.
Matt, now we have an open dialogue. If anything specifically comes that I think needs to be addressing, I will come to you directly.
Matt Johnson: Perfect, Peter, look forward to that; no problem at all.
Peter McCormack: All right, all the best, guys. Thank you and see you soon.
Matt Johnson: Thank you.
Pascal Gauthier: Thank you, Peter.
