May 24, 2023

Hardware crypto wallet provider Ledger has pledged to accelerate their open-sourcing roadmap and delay the launch of its private key recovery service after criticism from the crypto community.

Video transcript

This week in the news we've been hearing all about Ledger and a new product. So Ledger has pledged to more open source code and to delay the launch of their new product Ledger recovery after criticism from the crypto community off the heels of a Twitter A ma yesterday, Pascal Gauthier Ledger CEO and chairman joins us now. Welcome, Pascal. Thank you. Thank you for having me. Thanks for being here. So a lot going on for, for you and your company in the last week, we have the announcement of this news product. We have a ton of criticism online from the crypto community and now we have your response. You've, you've delayed the launch of the product. You've committed to a few different things that we'll get into in the, in the segment. But tell me what's the, what's been most surprising to you amongst all of this? Look, I, I don't know if we can say that he was surprising. I think Ledger um has a history of launching new features, you know, it started with the uh Nano X and, and Bluetooth. Uh Well, actually, before that, it, it started with the launch of Ethereum it was certainly, we're not a Bitcoin only wallet and we were Bitcoin and Ethereum and then Bitcoin Ethereum and other coins. And then after that, it was the launch of the Bluetooth Feature. And every time that we tried to, to innovate, you know, there is always a strong reaction from the community which is very well understood and it is very good because this is, this is how we make progress. So we always take the feedback, we incorporate them uh in our road map, which is what we've done with, with Ledger Recover. But we have a history of this. And so it's just uh the way that uh crypto evolves, you know, our customers are very loyal and very vocal on Twitter and Reddit. Uh And uh it has always been like this, you know, has been in his, in his, in his business since 2014 and I've seen this happen uh again and over again. So, were you expecting this reaction then? You know, a lot of, a lot of people are saying maybe there was a, a communications uh gap here. You say you're not surprised. Were you expecting this? No, I mean, so 22 things happen. A we uh we discussed uh Ledger recovery and seed recovery at length before launching the product. Uh Ian Rogers myself. If you look at past interviews, we, we've discussed the product very openly and we were actually quite surprised that nobody was picking up on it or commenting. Uh and also on the other side, we had a lot of customers that were actually asking for it and waiting for it. So that, that was the thing wired actually a few weeks ago, wrote an article about recover, uh even giving the, the, the price of the service. So the, so the news was, was already out there. It's just that no one had picked up on it. The what happened though is uh we by mistake, we released uh a new operating system and in the note of the operating system that we released because we always work in transparency, there was a description of the new service. And so that's what sort of triggered the emotion, the reaction and the surprise of our community and sort of rightfully. So, you know, this is typically a product where, you know, our intention was to promote it in the right way before sort of launching it. And uh there was a, there was a communication mistake that was done. But uh you know, again, we, we were surprised because it is not, it is not if, as we had kept this product as a secret and, and, and so just nobody picked up on it. Uh and, and, and um and, and not surprised because again, you know, this is usually how the community reacts. And I think, you know, in the, if, if you look at uh at the results, I think you know, we as a community, we did a great job and we adjusted a few things and, and I think going forward and after the ma a yesterday, the reactions were actually very positive and some people that, you know, hated the idea and the product to start sort of understood what we're trying to achieve and, and change their opinion. So I think going forward, uh this is a much needed product for the community. So what did, what did the comm the crypto community get wrong? Uh If that's the case because you said that this has happened a few times where you, you, you, you've launched a new feature, a new product um and you get some sort of backlash. Uh you say you, you say that there is a communication uh problem on your end. What do you think is the problem on the uh the general consumer, the general markets end? It's not so much what they get wrong. I think, you know, we underestimate how complex uh this space is and how fragile trust is. And so a lot of people that use our products, you know, think that the product works one way. But, but, but actually, you know, the product has sort of always work in a different way. Um uh And so there are, there were many misconceptions about like what a hardware, what it is, how is it supposed to work? How does it protect secrets? How does it you know, the private key that is inside the we has it being used and encrypted, et cetera. So it's not that people get it wrong. It's just that it's very, very, very complicated. If you listen to the A MA that is available on Twitter, you have like, you know, uh you know, in depth explanation by uh by Charles our CTO or by Nicola, our founder and Chief Innovation Officer on how hard work it works. But these are very, very complex, you know, security schemes. And so it's very normal that people are, you know, sort of puzzle what's happening. And so there is a huge need for education in the space always, you know, and on uh matters that are extremely complex because what crypto is doing is, you know, crypto is a sort of Trailblazer of security going forward. This has never happened that the product that is a hardware wallet is something that was never built in the past. This is the first time that you have a security product that is a, a consumer product, you know, think about a security company that is a consumer company. There aren't many in the past. And so we try, we, we're doing something very new and it's very normal that people have questions and we try to answer the questions. So with that said, II, I mean, have you done any sort of shake up internally when it comes to communication? Are you investing more in communications and uh hiring people and, and, and uh how you say what your product does? I mean, have you had a stern talk with your marketing team? What, what exactly have you done internally uh to prevent this sort of thing from happening again? Well, so first of all, I think, and you might agree that in terms of communication, uh Ledger in the past two years has been pretty good uh in the sense that uh both in terms of the Ledger brand and also uh ledger content around education have been like two big forces in the crypto industry. So I think in terms of communication, we have very good and strong communication team here. The mistake was to release uh a technical notes regarding the operating system before we had actually release clear communication about the product. So II I, it was just uh it's not a mistake, it's a, it's a, it's a technical mistake terms of publishing something first. They shouldn't have never been published before. We had actually released the right communication content. When we'll go to market with the Ledger recover product, you will see the communication material that we have for this and then you will be able to judge the quality of, you know, ledger communication. So, you know, mistakes and mistakes. Uh and uh and, and we're not denying it. So I started uh my CEO letter yesterday and the A MA by sort of apologizing for the mistake in publishing this operating system. Uh Not before we could actually explain what the project was. And so taking our customers by surprise is not the style of leisure, but this is really the uh the thing that happened. Um If I understand correctly, Ledger has now delayed the launch of the key recovery service. Um in open source, it is that, is that a correct assessment of the situation? Ok. So I guess the question there would be um you know, why, why not open source it from the beginning if this is something that is kind of a a reply to some of the sort of the community uproar, like, why, why was this just not done originally? Um There are a lot of uh the, the, the part of the ledger code that is already open source, there are some parts that are closed and, you know, so far we've always worked with our customers and our community uh with a certain level of trust. Uh There is, you know, in everything that you do in life, there is a certain level of trust that you need to have. You trust that Bitcoin works because other people have done their work at looking at the code. Uh but you haven't looked at the code yourself. Um uh And not everyone is able to look at Bitcoin code to, you know, see if it works. And so if you trust in Bitcoin, it's not necessarily that you've done the work yourself, but you trust other people to have done the job. And so in the end, trust is something that is sort of enforced over time. Uh, because, you know, Bitcoin has been operating since 2008. Uh, it is actually the best system to exchange value online, peer to peer. Uh, and you trust in Bitcoin because you trust that it has been up and running for so long without, uh any major bugs and so similar, you have certain level of trust that you need to give to any product that you're gonna use in the market, any hardware wallet, uh coin base anything. Uh And so, uh you know, we, we, we, we took the product to market the same way that we took other products to market before, based on the trust that our customers have for us, the backslash was actually we might not trust you as much on this one. And so, you know, understanding how that we need to do a better job at explaining what the hardware, what it is, what it does. But specifically on that product, there is a, there is a AAA high need for transparency. And so, you know, when our customers give us feedback, we take the feedback, we listen. Uh and the need for transparency in this product is much higher than for other products. And this is why we open sourcing it. I, I think that some might say, you know, they trust in Bitcoin because there's no one single point of failure. And ledger might be a little bit different as it is a centralized company. You know, on that. A ma yesterday people were bringing up Q IC concerns, um data leak concerns. How, how can you, our customers continue to trust you? And I asked this question just on the back of what the industry has experienced over the last, I don't know, six months, there have been, you know, centralized players who have really eroded the trust of the industry. What do you say to these people who are saying, you know, why should we trust um Ledger with our data? Um So 1st, 1st of all, I didn't draw a parallel between sort of Bitcoin and Ledger. The only thing that I said is, you know, whatever you do in life, you need to have a minimum trust because nothing is absolutely trust less in the sense that you can't verify everything yourself, you can't build everything yourself. So you trust that other people have done the job for you. You're right to say that, you know, the Bitcoin protocol and Ledger uh are not the same because they are not be all the same. And uh and even though Ledger is your key to enter your world of Bitcoin and crypto currency, uh it is a centralized company, it is a, it is a company with a CEO etcetera. So very, very different from, from Bitcoin, I think what we tried to say yesterday is we're gonna try to be as trust less as possible. Uh And uh we're gonna try the, when we say we say two things a we're going to open source recover, but also we're gonna open source, the maximum of our road map going forward so people can verify as much as possible. And uh the, and, and so the piece that they have to trust has to be uh minimized. Now, I think uh to be absolutely trust less uh in the world of consumer electronic is impossible. So there is a minimum trust that you need to have in a company like Ledger. But also we said, we said other things yesterday in a sense that um if you understand the way that a company like Ledger works, you understand that the people that are working on the firmware. So you know what you put in the device, I actually uh you know, of course, working in my team but not reporting directly to me. So in a security company, you have a segregation of duties between the CEO who, who is the administrator and the uh and executes. But you have some security teams at Ledger that don't have to take orders from me. So I cannot actually force any anyone, the team that is working in a firm where me as CEO I cannot force them to execute anything. Uh So there are, you know, uh uh countermeasures inside a security company. So a CEO cannot go rogue and do whatever he wants. And so therefore, for a company to go rogue, you would have to have all of its employees to become masu employees to actually do something wrong in the firmware. So, you know, these scenarios starts to be extremely, extremely unlikely. There is always a minimum of trust that you need to have in uh any hardware, whether that you're going to use, you know, let it on, you know, anything else that you're gonna use in the market, you need to have a minimum of trust and we're trying to make the part of the operating system as the, the one that you have to trust as small as possible and open everything else. Pascal, thank you so much for joining us this morning. We appreciate your time. That was Pascal Goutier CEO and chairman of Ledger.

Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.