Riana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society. Her work, made possible through funding from the Stanford Cyber Initiative, focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
Today was the deadline for the public to submit comments on the Australian government's draft Assistance and Access Bill 2018. The proposed legislation drew sharp criticism from numerous tech companies and civil society groups, in Australia and elsewhere, for the threats it poses to computer security, human rights, due process, and transparency.
Today, CIS is publishing a whitepaper called “Security Risks of Government Hacking.” Also called “equipment interference” or “lawful hacking,” government hacking allows investigators to exploit hardware and software vulnerabilities to gain remote access to target computers. We hope our new publication will make a valuable contribution to policy discussions about this important topic.
On August 19, the CRYPTO 2018 conference on cryptographic research hosted a one-day workshop in Santa Barbara called “Encryption and Surveillance.” The goal of the workshop was to “examine how encryption and related technologies pose both challenges and opportunities for surveillance and reform of surveillance.” I was fortunate to be able to attend this workshop, listen to the panelists’ presentations, and observe the intelligent discussion between speakers and attendees about the topics at hand.
Earlier this month, the Department of Justice’s “Cyber-Digital Task Force” released a report “assess[ing] the Department’s work in the cyber area.” The report, which runs over 150 pages, covers a broad range of topics. Among these, in the “Looking Ahead” chapter, is “Going Dark”: DOJ’s name for a constellation of issues that render the government “unable to obtain critical information in an intelligible and usable form (or at all),” primarily encryption (and default encryption in particular).
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
Comments submitted to the Parliamentary Joint Committee on Intelligence and Security (PJCIS) of the Australian Parliament on the revised draft (20 September 2018 version) of the Telecommunication & Other Legislation Amendment (Assistance & Access) Bill 2018.
Comments submitted to the Australian Government's Department of Home Affairs on its exposure draft of the Assistance and Access Bill 2018.
Abstract: As the use of encryption and other privacy-enhancing technologies has increased, government officials in the United States have sought ways to ensure law enforcement’s capability to access communications and other data in plaintext. One of those methods is government hacking, also called “equipment interference.” Government hacking allows investigators to exploit hardware and software vulnerabilities to gain remote access to target computers.
Apple recently confirmed the introduction of a new feature called “USB Restricted Mode” in the latest version of the iPhone’s mobile operating system, iOS 12. If enabled in the user’s settings, USB Restricted Mode will disable data transfer from the iPhone over the Lightning cable once the phone has been locked for an hour unless the phone’s password is entered.
Included in this PDF are:
- Petitioners' Notice of Motion and Motion for Leave to file Motion for Reconsideration
- Exhibit A Petitioners' [Proposed] Notice of Motion and Motion for Reconsideration of the May 1, 2018 Order
- Declaration of Jennifer Stisa Granick in Support of Petitioners' Motion for Leave to File a Motion for Reconsideration
- [Proposed] Order Granting Petitioners' Motion for Leave to File Motion for Reconsideration Pursuant to Local Rule 7-9.
"Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society, said the issue could be resolved by Congress first with the decision on "a pending change to Rule 41 of the Federal Rules of Criminal Procedure, which governs the issuance of search and seizure warrants by federal judges."
""Building secure software is a highly challenging task, even for a world-class team such as Apple's," Riana Pfefferkorn, Cryptography Fellow at the Stanford Center for Internet and Society, told CPJ via Twitter. Government attempts to undermine security for law enforcement purposes only make the problem worse., she said.
"The Stanford Center for Internet and Society's Jennifer Granick, director of civil liberties, and Riana Pfefferkorn, cryptography fellow, said at Black Hat 2016 that companies are often under no legal obligation to comply with law enforcement data requests, because data requests are not orders and even court orders are not the law.
"“If you’re ever asked to do something like this, you have a lot of strong legal arguments to say no,” said Jennifer Granick, the Director of Civil Liberties at the Stanford Center for Internet and Society in a Black Hat talk on Thursday. Granick and her Stanford colleague Riana Pfefferkorn, a Cryptography Fellow, ran down relevant laws and what’s currently known about their parameters and limits. They suggested that companies should plan ahead and assume that law enforcement agencies will eventually send them some kind of technical request—if they haven’t already.
"In a session at the Black Hat conference in Las Vegas, Stanford Center for Internet and Society director of Civil Liberties Jennifer Granick and Cryptography Fellow Riana Pfefferkorn, acknowledged that there is more information about us than ever before, with sensors both on and offline. All encryption is doing, they said, is removing a fraction of law enforcement.
New software tools use artificial intelligence to create realistic-looking but fake videos of real people seeming to say and do things they never did. These so-called "deepfakes" will soon cause a number of problems for the courts, particularly when it comes to authenticating evidence in litigation. They may even undermine the justice system by eroding juries' belief in the knowability of what is real. Come discuss the implications of deepfakes for trial practice with CIS Cryptography Fellow Riana Pfefferkorn.
Since its start in 2001, the SF ISACA Fall Conference continues to be the premier education event for information technology audit, security, governance, risk and compliance professionals in Northern California. The SF ISACA Fall conference features five tracks packed with top flight speakers and cutting edge topics. CIS's Riana Pfefferkorn and Ryan Singel will be speaking at the event.
For more information visit the conference website.
Widespread availability of advanced encryption technology has improved security for consumers and businesses. But as digital products and services have become more secure, some in the law enforcement and intelligence communities have voiced concerns that encryption inhibits their ability to prevent terrorism and prosecute crimes. For example, the Department of Justice is exploring a potential legal mandate requiring companies to design their technologies to allow law enforcement to access consumer data during criminal investigations.
When you give sites and services information about yourself, where does it go? Who else will get hold of it, and what will they use it for? The recent revelations about Cambridge Analytica's acquisition of data about tens of millions of Facebook users without their knowledge or consent have prompted renewed interest in how data about us gets shared, sold, used, and misused -- well beyond what we ever expected. Join us for a SLATA/CIS lunchtime conversation with three experts from Stanford’s Center for Internet and Society as we discuss the legal and policy implications of the Cambridge Analytica scandal and responses from Congress and courts. How can we prevent this from happening again? What new problems might we create through poorly-crafted legal responses?
Riana Pfefferkorn is a digital security expert and Cryptography Fellow at the Stanford Center for Internet and Society. She says that we are living in the “Golden Age of Surveillance,” in which the growing ubiquity of data-rich smart devices has produced a fundamental tension between the rights of users to protect their personal data and the needs of law enforcement to investigate or prevent serious crimes.
Cryptography Fellow Riana Pfefferkorn was a guest on the WashingTech Policy Podcast with Joseph Miller.
"While the battle against encryption has been going on within federal law enforcement circles (dubbed "going dark") since at least the early 1990s, Rosenstein has now called for "responsible encryption."