Riana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society. Her work, made possible through funding from the Stanford Cyber Initiative, focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
Today was the deadline for the public to submit comments on the Australian government's draft Assistance and Access Bill 2018. The proposed legislation drew sharp criticism from numerous tech companies and civil society groups, in Australia and elsewhere, for the threats it poses to computer security, human rights, due process, and transparency.
Today, CIS is publishing a whitepaper called “Security Risks of Government Hacking.” Also called “equipment interference” or “lawful hacking,” government hacking allows investigators to exploit hardware and software vulnerabilities to gain remote access to target computers. We hope our new publication will make a valuable contribution to policy discussions about this important topic.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
Included in this PDF are:
- Petitioners' Notice of Motion and Motion for Leave to file Motion for Reconsideration
- Exhibit A Petitioners' [Proposed] Notice of Motion and Motion for Reconsideration of the May 1, 2018 Order
- Declaration of Jennifer Stisa Granick in Support of Petitioners' Motion for Leave to File a Motion for Reconsideration
- [Proposed] Order Granting Petitioners' Motion for Leave to File Motion for Reconsideration Pursuant to Local Rule 7-9.
Which would you prefer: keeping your valuables in a locked safe, or keeping them in a shoebox and trusting that everyone will adhere to laws against theft and their concomitant penalties? Most, if not all, of us will choose the former. That’s so even if we realize that safe-crackers may ultimately find a way someday to bust open even the most top-of-the-line safe currently on offer.
Abstract. Federal law enforcement officials in the United States have recently renewed their periodic demands for legislation to regulate encryption. While they offer few technical specifics, their general proposal—that vendors must retain the ability to decrypt for law enforcement the devices they manufacture or communications their services transmit—presents intractable problems that would-be regulators must not ignore.
Last week, Deputy Attorney General Rod Rosenstein gave a speech about encryption that prompted a considerable amount of well-deserved blowback. His speech rehashed a number of long-discredited technical proposals for “solving” the “going dark” problem, and it also misstated the law.
""This case adds to the disagreement over how to analyze compelled decryption orders in the context of passcodes," said Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, in an email to The Register."
News of governments such as Russia and North Korea deploying their tech teams to hack into companies for political reasons has made headlines (think Sony after release of the movie The Interview). But what about when the U.S. government “hacks” to get around security measures designed to protect consumers?
Advanced technologies are revolutionizing how the government investigates, charges and prosecutes criminal cases—and defense attorneys must keep pace. Even small police departments can purchase powerful surveillance technologies, and internet companies collect vast troves of data on virtually everyone. This two-day CLE conference will discuss the government's use of technologically advanced investigative techniques in criminal cases, and the issues raised by those techniques under the Fourth Amendment and other federal law.
New software tools use artificial intelligence to create realistic-looking but fake videos of real people seeming to say and do things they never did. These so-called "deepfakes" will soon cause a number of problems for the courts, particularly when it comes to authenticating evidence in litigation. They may even undermine the justice system by eroding juries' belief in the knowability of what is real. Come discuss the implications of deepfakes for trial practice with CIS Associate Director of Surveillance and Cybersecurity Riana Pfefferkorn.
Since its start in 2001, the SF ISACA Fall Conference continues to be the premier education event for information technology audit, security, governance, risk and compliance professionals in Northern California. The SF ISACA Fall conference features five tracks packed with top flight speakers and cutting edge topics. CIS's Riana Pfefferkorn and Ryan Singel will be speaking at the event.
For more information visit the conference website.
Widespread availability of advanced encryption technology has improved security for consumers and businesses. But as digital products and services have become more secure, some in the law enforcement and intelligence communities have voiced concerns that encryption inhibits their ability to prevent terrorism and prosecute crimes. For example, the Department of Justice is exploring a potential legal mandate requiring companies to design their technologies to allow law enforcement to access consumer data during criminal investigations.
Riana Pfefferkorn is a digital security expert and Cryptography Fellow at the Stanford Center for Internet and Society. She says that we are living in the “Golden Age of Surveillance,” in which the growing ubiquity of data-rich smart devices has produced a fundamental tension between the rights of users to protect their personal data and the needs of law enforcement to investigate or prevent serious crimes.
Cryptography Fellow Riana Pfefferkorn was a guest on the WashingTech Policy Podcast with Joseph Miller.
"While the battle against encryption has been going on within federal law enforcement circles (dubbed "going dark") since at least the early 1990s, Rosenstein has now called for "responsible encryption."