Brian Armstrong’s recent announcement has created skepticism about whether Coinbase requires in-person orientation, limiting certain roles to U.S. citizens and whether the company’s new policies violate the US anti-discrimination laws.
In an interview with Beincrypto, a Coinbase spokesman revealed that the company is not adopting blanket’s “US citizens only” policy. Changes implemented to combat North Korean hackers only affect roles that involve access to confidential systems.
The threat of North Korea’s penetration
Coinbase is preparing to adopt a radical new security policy in response to escalating threats from North Korean hackers.
CEO Brian Armstrong announced last week that the company will turn its operations towards the US and limit certain roles to American citizens only.
The new policy requires that all new recruits participate in in-person orientations. Additionally, employees who handle sensitive systems must be US citizens and receive fingerprints.
Coinbase issues are far from minor. As a major central exchange, it is a constant target of North Korean hackers. These state-sponsored threat actors have evolved their methods beyond traditional cyberattacks and are shifting towards a more insidious tactic: penetration.
This new approach involves North Korean operatives applying for remote Web3 and roles in Crypto Companies. They use deceptive identity and sophisticated social engineering to gain foothold from within, carry out massive thefts and execute funds that have returned to power.
Despite the severity of the situation, the announcement caused immediate controversy and central legal issues. Do these policies, particularly citizenship requirements, violate the US federal anti-discrimination laws?
Can Coinbase adhere to its measures under existing laws?
At first glance, Coinbase’s new policy appears to be in direct conflict with US federal law.
The Immigration and Nationality Act (INA) generally prohibits employers from discriminating based on an individual’s citizenship or immigration situation.
Given that the system is designed to ensure fair treatment of US citizens, permanent residents, Asilies and refugees, the “US citizens only” rule for all work blankets may be illegal.
However, INA recognizes some important exceptions. For example, federal law can allow employers to deny opportunities for individuals who do not meet certain national security requirements. This rule often applies to roles that require formal security clearance or access to classification information.
Additionally, export control laws prevent sensitive technologies from falling into the wrong hands. These stricter international weapons regulations (ITARs) manage military and defense-related items. The broader export control regulations (ear) regulations cover the “double use” item with commercial and military applications.
These laws do not require citizenship-based employment. However, it makes it easier for businesses to hire US citizens and avoids the complicated process of obtaining special government licenses to share technology with non-Americans.
Finally, the company may be legally required to hire only US citizens for certain roles under a federal contract.
It remains whether Coinbase’s core legal puzzles can argue that security-driven measures fall under any of these acceptable exceptions, or whether their approach sets a dangerous precedent for the tech industry.
Not blanket ban, target policy
The first news of Coinbase’s announcement sparked speculation that it was adopting a company-wide “US citizen only” employment policy that was directly violating federal law.
However, the spokesman corrected the story in an email he had at Coinbase in an email exchange.
“We do not adopt a company-wide “US citizen only” employment policy. These changes will affect employees in roles with access to sensitive systems, and Coinbase’s role remains open to qualified candidates regardless of nationality,” a spokesman told Beincrypto.
This distinction suggests that we do not rely on certain federal regulations to justify our policy. In fact, the spokesman has made it clear that Coinbase’s new security measures are not to exploit legal exceptions set by federal law.
“This is not about calling ITAR/ears or creating citizenship-based employment restrictions. The changes under discussion are adding new safeguards to the onboarding stage, reducing the risk of malicious actors, including face-to-face identity verification, fingerprinting, orientation, and more,” Coinbase said.
Regarding mandatory face-to-face orientation, Coinbase has revealed that these events will occur in local hubs for employees outside the US.
Coinbase’s policy clearly seems to avoid the most obvious legal pitfalls, but it challenges new and untested gray areas.
Beyond Employment: Protecting the Workforce
Coinbase’s position is based on the argument that the threat from North Korean actors is so serious that it requires measures that would otherwise be considered excessive. The court is confident that the court will find attractive security grounds enough to outweigh the discrimination claims.
In defending its stance, Coinbase placed new measures in the context of a broader sector-wide shift.
“We expect stronger identities and limited face-to-face requirements to become more common across the industry given the rise in fraudulent applications and the malicious actors trying to break into high-tech companies,” a Coinbase spokesperson told Beincrypto.
Complementing this broader trend in stricter identity verification, the company also implemented a multi-layered security approach to combat internal vulnerabilities.
“We take insider threat risks seriously, including the possibility of external enforcement or bribery attempts. A layered approach includes technical surveillance, background checks, forced security training, and more powerful in-person onboarding safeguards going forward,” Coinbase added.
By showing that its policy addresses both new hires and existing employees, Coinbase positions its measures as a non-discriminatory and overall response to threats that federal law had not fully anticipated.
Coinbase as a test case for the crypto industry
Coinbase’s policy debate represents the huge struggles facing the entire industry. With state-sponsored actors and malicious groups growing more sophisticated, businesses are forced to adopt security measures that blur the line between traditional employment practices and national security.
Given its wide reach, Coinbase’s response to these threats would likely set precedent. The question is whether businesses can hire non-citizens anymore.
It also includes walking the legal and ethical tightrope of protecting itself and its customers from these increasingly sophisticated attacks.
Coinbase defends its actions, but it remains unclear whether its model will set new industry standards or the first test case in a new era of legal battles.
In this post, do Coinbase’s new employment policy contradict US federal law? It first appeared in Beincrypto.
