Riana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society. Her work, made possible through funding from the Stanford Cyber Initiative, focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
On January 17, the Minnesota Supreme Court issued its opinion in State v. Diamond. It affirmed the appellate court’s holding that compelling a defendant to provide a fingerprint to unlock a seized cellphone (for which police had a warrant) did not violate the Fifth Amendment privilege against self-incrimination.
My article Everything Radiates: Does the Fourth Amendment Regulate Side-Channel Cryptanalysis?, 49 Conn. L. Rev. 1393 (2017), has recently been published by the Connecticut Law Review. You can download it from SSRN here. I contributed this piece as part of my participation in the law review's 2017 Symposium last January.
The following are my opening remarks for the encryption panel during the IGF 2017 main session, "Local interventions, global impacts: How can international, multistakeholder cooperation address Internet disruptions, encryption, and data flows?"
On October 10, Deputy Attorney General Rod Rosenstein gave a speech at the U.S. Naval Academy about encryption. I have a lot to say about his remarks, so this will be a long post. Much of Rosenstein’s speech recycled the same old chestnuts that law enforcement’s been repeating about crypto for years. I’m happy to roast those chestnuts.
Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
Submission to Australia's Parliamentary Joint Committee on Intelligence and Security (PJCIS) regarding its review of the Assistance and Access Act that had passed into law in early December 2018.
Amicus brief of Electronic Frontier Foundation and Riana Pfefferkorn in support of Petitioners-Appellants Jason Leopold and Reporters Committee for Freedom of the Press, filed in the D.C. Circuit. The petition in the court below sought to unseal certain sealed surveillance matters in the District of D.C.'s docket and also sought prospective changes to enhance the transparency of the court's surveillance docket going forward.
Objections to Magistrate Judge's Report and Recommendation to deny the Petition, plus supporting documents (supporting declaration of Jennifer Granick, administrative motion, proposed orders).
Motion to unseal the docket and court's legal reasoning in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
Letter to Australia's Parliamentary Joint Committee on Intelligence and Security (PJCIS) regarding a proposed "compromise" version of the Assistance and Access Bill.
"Or how Riana Pfefferkorn, a Stanford University professor put it: “There is a body of secret law that we simply can't see.” Pfefferkorn, also with the help of the EFF, sued in federal court in Central California to unseal a case that involved the federal government trying to force Facebook to secretly hand over Facebook Messenger conversations.
"“That’s at odds with the way that the case law has been developing in other courts,” said Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society.
For a firm answer on whether Florida law enforcement can require someone to provide their passcode, Stanford’s Pfefferkorn said, the state’s Supreme Court will need to weigh in.
“The takeaway is that this guy is unlucky enough to be in a court that is kind of at odds with the other courts that have considered” this issue, she said."
"Even Riana Pfefferkorn—a cryptography expert and attorney at Stanford Law School who submitted formal October 2018 testimony to the Australian parliament arguing against the law—doesn't know what is meant exactly by "systemic weakness."
"Nobody knows!" she said, while laughing for a brief moment. "Whenever you open up a vulnerability in a piece of software or a piece of hardware, it's going to have consequences that are unforeseeable.""
"“What kinds of criminals mask their location, and for what kinds of crimes? Child pornography, yes; violent threats, yes; but also organized-crime rings engaged in cybercrime. A business email compromise scam, like those at issue in these warrants, falls squarely in that camp,” Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, told Motherboard in an online chat after reviewing the documents."
""This case adds to the disagreement over how to analyze compelled decryption orders in the context of passcodes," said Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, in an email to The Register."
Advanced technologies are revolutionizing how the government investigates, charges and prosecutes criminal cases—and defense attorneys must keep pace. Even small police departments can purchase powerful surveillance technologies, and internet companies collect vast troves of data on virtually everyone. This two-day CLE conference will discuss the government's use of technologically advanced investigative techniques in criminal cases, and the issues raised by those techniques under the Fourth Amendment and other federal law.
New software tools use artificial intelligence to create realistic-looking but fake videos of real people seeming to say and do things they never did. These so-called "deepfakes" will soon cause a number of problems for the courts, particularly when it comes to authenticating evidence in litigation. They may even undermine the justice system by eroding juries' belief in the knowability of what is real. Come discuss the implications of deepfakes for trial practice with CIS Associate Director of Surveillance and Cybersecurity Riana Pfefferkorn.
Since its start in 2001, the SF ISACA Fall Conference continues to be the premier education event for information technology audit, security, governance, risk and compliance professionals in Northern California. The SF ISACA Fall conference features five tracks packed with top flight speakers and cutting edge topics. CIS's Riana Pfefferkorn and Ryan Singel will be speaking at the event.
For more information visit the conference website.
Widespread availability of advanced encryption technology has improved security for consumers and businesses. But as digital products and services have become more secure, some in the law enforcement and intelligence communities have voiced concerns that encryption inhibits their ability to prevent terrorism and prosecute crimes. For example, the Department of Justice is exploring a potential legal mandate requiring companies to design their technologies to allow law enforcement to access consumer data during criminal investigations.
We're yet to see the details of the deal between the Government and Labor which would allow the passage of laws to give police and investigators access to encrypted messages.
That leaves one more day in this sitting of Parliament to get the laws through, after the Government claimed there was an urgent need to do so before Christmas.
Riana Pfefferkorn is a digital security expert and Cryptography Fellow at the Stanford Center for Internet and Society. She says that we are living in the “Golden Age of Surveillance,” in which the growing ubiquity of data-rich smart devices has produced a fundamental tension between the rights of users to protect their personal data and the needs of law enforcement to investigate or prevent serious crimes.
Cryptography Fellow Riana Pfefferkorn was a guest on the WashingTech Policy Podcast with Joseph Miller.