And the reason Coinbase has to keep all that sensitive stuff, much more than what would be required to identify and authenticate you, which you hope will never be stolen, is because of know your customer laws, so you can thank your government that pictures of your passport got stolen and for whatever criminals and rogue Coinbase employees do with that info.
There are very good reasons for KYC, the problem here is not the government regulation, it's once again private companies being sloppy with their customer's data because sloppy is cheap and it's not their info on the line, it's yours, so there's little motivation for them to safeguard it _unless_ they're compelled to do it by law.
The people who designed a government regulation to deputize private companies couldn't possibly have known how sloppy private companies are with other people's data?
They could have designed KYC to minimize long-term storage requirements etc at some cost to what they could enforce, but a government like the US is inherently sloppy with the rights that are reserved for parties besides itself.
I think if I coloured it as [gov't] deputizing [companies], and prioritized financial banks not knowing their customers, in case they decide they get hacked, I could sort of get excited about blaming regulation.
At the end of the day it'd be hard for me to continue holding that because, on the balance, we expect companies to keep data private and to not enable illegal activity, not gov't to avoid asking companies to do things, lest they screw up.
This is costing Coinbase $400M. They are well incentivized to prevent this.
In formal logic we would call this kind of argument a "post hoc justification". Any company who does anything payments-related is going to be primarily motivated to allow the most amount of transactions possible (including risky ones), everything else is a secondary consideration (including data security). I mean think about it, even if your company has a data breech, it's primarily brand reputation that's on the line, at that point your money has already been made. Of course, now that damage has been done there is a motivation to prevent it from happening in the future, but for companies like Coinbase who operate in emerging markets with little regulatory oversight, it's extremely hard to argue that they have are motivated to do anything besides grow and make money. After all, the mantra has always been "move fast and break things".
They're not just another free-to-use site where you're the product. Their reputation and viability are on the line.
For a site such as this the odds aren't in their favor anymore.
> And the reason Coinbase has to keep all that sensitive stuff, much more than what would be required to identify and authenticate you, which you hope will never be stolen, is because of know your customer laws
Real cop out here, be honest. Why should every single agent have access to your identity documentation (which is only required for KYC) in perpetuity?