Brian Armstrong’s recent announcement that Coinbase would start requiring in-person orientation and restricting certain roles to US citizens generated skepticism over whether the company’s new policies would violate US anti-discrimination laws.
In an interview with BeInCrypto, a Coinbase spokesperson clarified that the company is not adopting a blanket “US citizens only” policy. The changes, implemented to combat North Korean hackers, will only affect roles with access to sensitive systems.
The North Korean Infiltration Threat
Coinbase is preparing to adopt radical new security policies in response to an escalating threat from North Korean hackers.
CEO Brian Armstrong announced last week that the company will reorient its business operations toward the US, restricting certain roles to American citizens only.
The new policies mandate that all new hires attend an in-person orientation. Additionally, employees who handle sensitive systems will now be required to be US citizens and undergo fingerprinting.
Coinbase’s problem is far from minor. As a leading centralized exchange, it is a constant target for North Korean hackers. These state-sponsored threat actors have evolved their methods beyond traditional cyberattacks, shifting towards a more insidious tactic: infiltration.
This new approach involves North Korean operatives applying for remote Web3 and IT roles at crypto companies. They use deceptive identities and sophisticated social engineering to gain a foothold from the inside, enabling them to carry out massive thefts and funnel funds back to the regime.
Despite the graveness of the situation, the announcement has sparked immediate controversy and a central legal question: Do these policies, particularly the citizenship requirement, violate US federal anti-discrimination laws?
Can Coinbase Defend Its Measures Under Existing Law?
At first glance, Coinbase’s new policy appears to be in direct conflict with US federal law.
The Immigration and Nationality Act (INA) generally prohibits employers from discriminating based on a person’s citizenship or immigration status.
Given that the system is designed to ensure the fair treatment of US citizens, permanent residents, asylees, and refugees, a blanket “US citizens only” rule for all jobs would likely be illegal.
However, the INA does recognize several crucial exceptions. For instance, federal law can permit employers to deny opportunities to individuals who do not meet specific national security requirements. This rule often applies to roles requiring a formal security clearance or access to classified information.
Export control laws also prevent sensitive technology from falling into the wrong hands. The stricter of these, the International Traffic in Arms Regulations (ITAR), governs military and defense-related items. The broader Export Administration Regulations (EAR) rules cover “dual-use” items with commercial and military applications.
These laws don’t mandate citizenship-based hiring. However, they can make it easier for a company to hire a US citizen and avoid the complex process of getting a special government license to share technology with non-Americans.
Lastly, a company may be legally required to hire only US citizens for certain roles under a federal contract.
Coinbase’s core legal puzzle remains whether it can successfully argue that its security-driven measures fall within one of these permissible exceptions or whether its approach sets a dangerous precedent for the tech industry.
A Targeted Policy, Not a Blanket Ban
The initial news of Coinbase’s announcement sparked speculation that it was adopting a company-wide “US citizen only” hiring policy, which would have directly violated federal law.
However, a spokesperson corrected this narrative in an email exchange BeInCrypto had with Coinbase.
“We are not adopting a company-wide ‘US citizens only’ hiring policy… These changes will primarily affect employees in roles with access to sensitive systems and Coinbase roles remain open to qualified candidates regardless of nationality,” the spokesperson told BeInCrypto.
This distinction suggests the company is not relying on a specific federal regulation to justify its policy. In fact, a spokesperson clarified that Coinbase’s new security measures are not about leveraging any legal exceptions laid out by US federal law.
“This isn’t about invoking ITAR/EAR or creating citizenship-based hiring restrictions. The changes under discussion are about adding new safeguards at the onboarding stage, things like in-person identity verification, fingerprinting, and orientation, to reduce risks from malicious actors,” Coinbase said.
Regarding the mandatory in-person orientation, Coinbase clarified that these events will occur in regional hubs for non-US employees.
While Coinbase’s policy apparently avoids the most obvious legal pitfalls, it does venture into a new and untested gray area.
Beyond Hiring: Protecting the Workforce
Coinbase’s position rests on the argument that the threat from North Korean actors is so severe that it requires a measure that would otherwise be considered overreach. It’s essentially betting that a court would find its security rationale compelling enough to outweigh a discrimination claim.
In defending its stance, Coinbase placed its new measures in the context of a broader sector-wide shift.
“Given the rise in fraudulent applications and malicious actors attempting to infiltrate tech companies, we expect that stronger proof-of-identity and limited in-person requirements will become more common across the industry,” the Coinbase spokesperson told BeInCrypto.
Complementing this broader trend of stricter identity verification, the company also implemented a multi-layered security approach to combat internal vulnerabilities.
“We take insider threat risks seriously, including the possibility of external coercion or bribery attempts. Our layered approach includes technical monitoring, background checks, mandatory security training, and, going forward, stronger in-person onboarding safeguards,” Coinbase added.
By showing that its policies address both new hires and existing employees, Coinbase positions its measures not as discriminatory, but as a holistic response to a threat that federal law may not have fully anticipated.
Coinbase as a Test Case for the Crypto Industry
The debate over Coinbase’s policy is representative of a larger struggle facing the entire industry. As state-sponsored actors and malicious groups grow more sophisticated, companies are forced to adopt security measures that blur the lines between traditional hiring practices and national security.
Given its extensive reach, Coinbase’s response to these threats will likely set a precedent. The question is no longer whether a company can hire a non-citizen.
It also involves walking the legal and ethical tightrope of protecting itself and its customers from these increasingly sophisticated attacks.
While Coinbase has defended its actions, it remains unclear whether its model will set a new industry standard or be the first test case in a new era of legal battles.
The post Does Coinbase’s New Hiring Policy Contradict US Federal Law? appeared first on BeInCrypto.
Source: https://beincrypto.com/coinbase-hiring-policy-us-federal-law-debate/