Ledger CEO Addresses Privacy Concerns over Seed Phrase Handling
Ledger CEO confirms potential government access to seed phrases but asserts user control and downplays privacy concerns surrounding the optional Ledger Recover upgrade.
Introduction:
Ledger CEO Pascal Gauthier has confirmed that user seed phrases could potentially be shared with governments if subpoenaed, leading to privacy concerns. The controversial Ledger Recover upgrade allows users to back up their seed phrases with third-party entities. Ledger argues that the concerns are overstated, emphasizing the optionality of the service and the fact that the original seed phrase remains on the device. The company also cites legal constraints for not open-sourcing its firmware code.
The Recover Upgrade and Privacy Concerns:
Ledger's Recover upgrade has stirred discussions about user privacy. The firmware update enables users to back up their seed phrases with third-party entities, which has raised concerns about centralization and control. Ledger CEO Pascal Gauthier acknowledged that in theory, governments could request access to seed phrases via subpoena. However, he stated that such scenarios would typically involve serious criminal activities. Privacy advocates argue that this compromises the principle of self-custody. Ledger clarifies that the original seed phrase remains on the device, and the backup is encrypted and stored with separate entities.
Open-Sourcing and Legal Constraints:
Ledger has faced questions about open-sourcing its firmware code but states that legal constraints prevent it from open-sourcing the inner workings of its secure element chip. The company is committed to gradually open-sourcing more of its code, prioritizing transparency while complying with legal obligations.
Ledger's spokesperson emphasizes that the core value proposition of Ledger remains self-custody and self-sovereignty. Users have the freedom to choose whether or not to use the Ledger Recover service. The backup process involves encrypting and sharding the seed phrase, with decryption possible only on a Ledger device.
Conclusion:
Ledger's firmware update and the introduction of the Recover upgrade have sparked discussions about user privacy. While there are concerns about potential government access to seed phrases, Ledger argues that the original seed phrase remains on the device, and the backup process is optional. The company aims to strike a balance between convenience and security while addressing concerns by clarifying the backup process and their commitment to gradually open-source more of their code.
