Riana Pfefferkorn is the Cryptography Fellow at the Stanford Center for Internet and Society. Her work, made possible through funding from the Stanford Cyber Initiative, focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
Today was the deadline for the public to submit comments on the Australian government's draft Assistance and Access Bill 2018. The proposed legislation drew sharp criticism from numerous tech companies and civil society groups, in Australia and elsewhere, for the threats it poses to computer security, human rights, due process, and transparency.
Today, CIS is publishing a whitepaper called “Security Risks of Government Hacking.” Also called “equipment interference” or “lawful hacking,” government hacking allows investigators to exploit hardware and software vulnerabilities to gain remote access to target computers. We hope our new publication will make a valuable contribution to policy discussions about this important topic.
On August 19, the CRYPTO 2018 conference on cryptographic research hosted a one-day workshop in Santa Barbara called “Encryption and Surveillance.” The goal of the workshop was to “examine how encryption and related technologies pose both challenges and opportunities for surveillance and reform of surveillance.” I was fortunate to be able to attend this workshop, listen to the panelists’ presentations, and observe the intelligent discussion between speakers and attendees about the topics at hand.
Earlier this month, the Department of Justice’s “Cyber-Digital Task Force” released a report “assess[ing] the Department’s work in the cyber area.” The report, which runs over 150 pages, covers a broad range of topics. Among these, in the “Looking Ahead” chapter, is “Going Dark”: DOJ’s name for a constellation of issues that render the government “unable to obtain critical information in an intelligible and usable form (or at all),” primarily encryption (and default encryption in particular).
In the upcoming version of the Apple iPhone iOS operating system, iOS 12, the phone’s Lightning cable port (used for charging and data transmission) will be disabled an hour after the phone is locked. The device will still charge, but transferring data to or from the device via the Lightning cable will require entering the device’s password first.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
Comments submitted to the Australian Government's Department of Home Affairs on its exposure draft of the Assistance and Access Bill 2018.
Abstract: As the use of encryption and other privacy-enhancing technologies has increased, government officials in the United States have sought ways to ensure law enforcement’s capability to access communications and other data in plaintext. One of those methods is government hacking, also called “equipment interference.” Government hacking allows investigators to exploit hardware and software vulnerabilities to gain remote access to target computers.
Apple recently confirmed the introduction of a new feature called “USB Restricted Mode” in the latest version of the iPhone’s mobile operating system, iOS 12. If enabled in the user’s settings, USB Restricted Mode will disable data transfer from the iPhone over the Lightning cable once the phone has been locked for an hour unless the phone’s password is entered.
Included in this PDF are:
- Petitioners' Notice of Motion and Motion for Leave to file Motion for Reconsideration
- Exhibit A Petitioners' [Proposed] Notice of Motion and Motion for Reconsideration of the May 1, 2018 Order
- Declaration of Jennifer Stisa Granick in Support of Petitioners' Motion for Leave to File a Motion for Reconsideration
- [Proposed] Order Granting Petitioners' Motion for Leave to File Motion for Reconsideration Pursuant to Local Rule 7-9.
"“I certainly see this banding together as a way for the U.S. government to try to exert more gravitas in the U.S. debate,” said Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society.
“Many of the tech companies that are in the Five Eyes' sights are U.S.-based, and it naturally exerts more pressure on those companies to have five countries (most of which presumably provide significant user bases for those companies), not just the U.S., band together to press them on encryption,” she told me in an email."
"“It just shows how much education users need to do when they switch around between half a dozen apps, trying to figure out how each one works,” says Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society. “It would be great if we had a default encryption that any service would use so you wouldn’t have to be such a detective on your own behalf.”"
"“She wouldn't outright say, ‘Yes, I want a backdoor,’ yet she voiced support for the idea of providers keeping the keys to decrypt data,” Riana Pfefferkorn, cryptography fellow at Stanford Center for Internet and Society, told me. “None of that really suggests to me that she's going to be better on ‘going dark’ or on surveillance and government access more generally.”"
"The encryption push may be harder now that the public knows about law enforcement's errors. “DOJ has had years to 'collect accurate metrics' on encryption's impact on investigations on prosecutions, but the only number it has ever provided to the public is the one the DOJ had to admit was inaccurate,” said Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society. “If they're serious about this, they should release those metrics once they have them, plus info about how they arrived at those numbers.”"
Stanford CIS brings together scholars, academics, legislators, students, programmers, security researchers, and scientists to study the interaction of new technologies and the law and to examine how the synergy between the two can either promote or harm public goods like free speech, innovation, privacy, public commons, diversity, and scientific inquiry. Come hear CIS Directors Jennifer Granick + Daphne Keller and Resident Fellows Riana Pfefferkorn + Luiz Fernando Marrey Moncau talk about our work, and the assistance CIS provides to students in learning about these issues, selecting courses, identifying job opportunities, and making professional connections.
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s).
Today, the debate over encryption is making headlines in nations around the world. Together, we’re working toward solutions at Crypto Summit 2.0.
The first Crypto Summit, held in July 2015 in Washington, D.C., brought together technologists, lawyers, and policy professionals from different sectors. Since then leading experts have considered proposals that would legislate the future of encryption — and the future of privacy and security online.
What's all this hullaballo about encryption? What's the latest in the FBI's ongoing dispute with Apple over encrypted iPhones? What's at stake? What could happen next? Find out all this and more at April's
Our Speaker will be Riana Pfefferkorn:
Cryptography Fellow Riana Pfefferkorn was a guest on the WashingTech Policy Podcast with Joseph Miller.
"While the battle against encryption has been going on within federal law enforcement circles (dubbed "going dark") since at least the early 1990s, Rosenstein has now called for "responsible encryption."