SNEAK PEEK
- If ordered, users’ private seed phrases could be shared with governments.
- The Recover upgrade helps to recover seed phrases if users lose them ever.
- The fact that an average individual gets subpoenaed everyday isn’t true.
Ledger CEO Pascal Gauthier has confirmed that the private seed phrases of users who choose the new Recover upgrade could be handed over to governments, provided they are ordered.
According to the company, the new Recover upgrade is an optional firmware upgrade that enables backing up seed phrases with third-party entities to help users retrieve seed phrases if they lose them.
If a user chooses the service, the seed phrase breaks into three encrypted fragments known as shards. These parts are stored in three separate parties: Ledger, Coincover, and a backup service provider.
Gauthier confessed on Peter McCormack’s podcast that though the new Recover update could have seed phrases of users given to government entities, it would be reserved for acts like crimes that include terrorism and drugs.
McCormack pushed back on the claim and pointed out that in 2018, the United States Internal Revenue Service ordered Coinbase to hand over the personal details of 13,000 users.
Calling the example an inaccurate comparison, Gauthier said that Ledger is not a banking institution and isn’t subject to the same legal constraints as Coinbase.
While some users, like pseudonymous crypto commentator 0xFoobar, view the update as an unforgivable breach of privacy, representatives at Ledger say that such issues are largely overblown.
Exciting update, Ledger has a new product, Ledger Recover, that’s launching soon: https://t.co/nT1VHnnSYz
?Here’s what Ledger Recover is and what it isn’t, explained by @P3b7_ & in the thread below. pic.twitter.com/RW1w07H6pK
— Ledger (@Ledger) May 16, 2023
Providing further clarity on what the new Recover update actually means for users, a Ledger spokesperson shared that the key value proposition is the same as always, i.e., the ethos of self custody and self sovereignty ensure one gets to choose. Ledger Recover doesn’t change it, and it is totally up to users if they find it to be a service they would like to subscribe to.
The spokesperson added that even though there have been several allegations, the original seed phrase doesn’t exit the device on its own.
If someone chooses it, they create an SSS encrypted and sharded backup. Such shards are of no use unless the user restores the backup exclusively on a Ledger device, where several parts are required to decrypt.
Those who don’t wish to use Ledger Recover will have nothing changed for them.
Talking about plans to open source the firmware code, Ledger claimed that making the inner workings of the secure element chip open source isn’t possible owing to legal restrictions from the chip manufacturer.
However, Ledger will open source more and more of their code unless a level similar to the Raspberry Pi is reached, where a tiny portion of the code associated with the Secure Element is closed, something the company is legally bound to.