Riana Pfefferkorn is the Cryptography Fellow at the Stanford Center for Internet and Society. Her work, made possible through funding from the Stanford Cyber Initiative, focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
The Berklett Cybersecurity Project of the Berkman Center for Internet and Society at Harvard University has just released a new report on the so-called “going dark problem” that is fueling law enforcement demands for access to encrypted information. The report, “Don’t Panic: Making Progress on the ‘Going Dark’ Debate,” concludes that new consumer technologies will increasingly provide a wealth of data to governments about individual movements and activities.
In October, we covered a significant case in Brooklyn federal court that tackles the hot-button issue of whether tech companies should be compelled to provide law enforcement with the ability to access information that’s protected by encryption.
Last week, the government of the United Kingdom proposed a bill that would codify and expand the surveillance powers afforded to UK intelligence and law enforcement agencies. The Draft Investigatory Powers Bill would consolidate current laws governing surveillance and police investigations, codify the UK government’s and courts’ interpretations of what those laws permit, and in some instances extend existing law to grant new powers to government.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
Included in this PDF are:
- Petitioners' Notice of Motion and Motion for Leave to file Motion for Reconsideration
- Exhibit A Petitioners' [Proposed] Notice of Motion and Motion for Reconsideration of the May 1, 2018 Order
- Declaration of Jennifer Stisa Granick in Support of Petitioners' Motion for Leave to File a Motion for Reconsideration
- [Proposed] Order Granting Petitioners' Motion for Leave to File Motion for Reconsideration Pursuant to Local Rule 7-9.
Which would you prefer: keeping your valuables in a locked safe, or keeping them in a shoebox and trusting that everyone will adhere to laws against theft and their concomitant penalties? Most, if not all, of us will choose the former. That’s so even if we realize that safe-crackers may ultimately find a way someday to bust open even the most top-of-the-line safe currently on offer.
Abstract. Federal law enforcement officials in the United States have recently renewed their periodic demands for legislation to regulate encryption. While they offer few technical specifics, their general proposal—that vendors must retain the ability to decrypt for law enforcement the devices they manufacture or communications their services transmit—presents intractable problems that would-be regulators must not ignore.
Last week, Deputy Attorney General Rod Rosenstein gave a speech about encryption that prompted a considerable amount of well-deserved blowback. His speech rehashed a number of long-discredited technical proposals for “solving” the “going dark” problem, and it also misstated the law.
"Whether people decide to keep PGP or make the switch, the flaw shows how difficult it is to perfect the art of sending secure messages, said Riana Pfefferkorn, a cryptography fellow at Stanford University.
“Even after withstanding years' worth of widespread scrutiny by security experts, a flaw in an encryption standard may still turn up,” she told me. “Plus, even if the vulnerability is fixed by the maintainers, users' configuration of their email client may not be perfect, potentially leaving them unwittingly exposed.”"
"The Apple-FBI fight over encryption was a rare event. Most of the time, the public never has a clue when authorities come knocking and ask a company for “technical assistance” to help get access to digital communications. That makes the true scale of U.S. government surveillance hard to assess—even if we can glean that it’s pervasive nowadays. And probably equally as important, it doesn’t really allow the public to tell just how difficult it is for prosecutors to convince a judge that communications should be turned over.
"Riana Pfefferkorn, cryptography fellow at Stanford Law School's Center for Internet and Society, said the enforcement action could "light a fire" under other public companies to disclose their own cybersecurity incidents, though the case may not help determine where to set the bar for reporting.
"Another attorney, Riana Pfefferkorn, a cryptography fellow at Stanford Law School, underscored the fact that not only was going to a dead person’s fingerprints unsettling, but that it was questionable from a practical perspective.
"This gives cops a perverse incentive to delete any evidence and films or text messages," she told Ars. "What's to stop them from doing that if they learn that this is a viable technique and if the person is dead?""
When you give sites and services information about yourself, where does it go? Who else will get hold of it, and what will they use it for? The recent revelations about Cambridge Analytica's acquisition of data about tens of millions of Facebook users without their knowledge or consent have prompted renewed interest in how data about us gets shared, sold, used, and misused -- well beyond what we ever expected. Join us for a SLATA/CIS lunchtime conversation with three experts from Stanford’s Center for Internet and Society as we discuss the legal and policy implications of the Cambridge Analytica scandal and responses from Congress and courts. How can we prevent this from happening again? What new problems might we create through poorly-crafted legal responses?
CIS Cryptography Fellow Riana Pfefferkorn will be speaking on a panel on "Cryptography and Ethics"at the 2018 Cybersecurity Law Symposium. Leading experts from academia and industry will discuss the legal and policy issues that arise from the latest developments in cybersecurity. This event is open to the public, but registration is required.
Cryptography Fellow Riana Pfefferkorn will be speaking at the 2018 InfoSec Southwest.
Encryption shields private information from malicious eavesdroppers. After years of slow adoption, encryption is finally becoming widespread in consumer-oriented electronic devices and communications services. Consumer-oriented encryption software is now more user-friendly, and much of it turns on encryption by default. These advances enhance privacy and security for millions of people.
Cryptography Fellow Riana Pfefferkorn was a guest on the WashingTech Policy Podcast with Joseph Miller.
"While the battle against encryption has been going on within federal law enforcement circles (dubbed "going dark") since at least the early 1990s, Rosenstein has now called for "responsible encryption."
Lecture held during the First International Congress of Fundamental Rights and Criminal Procedure in the Digital Age, organized by InternetLab in partnership with the Faculty of Law of the University of São Paulo.
Cryptography Fellow Riana Pfefferkorn gave a lecture titled "The American debate on surveillance and encryption".