Riana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society. Her work, made possible through funding from the Stanford Cyber Initiative, focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
I'm pleased to have written the cover story for the latest issue of NWLawyer, the magazine of the Washington State Bar Association. The article, available here, discusses the impact that so-called "deepfake" videos may have in the context of the courtroom. Are existing authentication standards for admission of evidence sufficient, or should the rules be changed? What ethical challenges will deepfakes pose for attorneys? How will deepfakes affect juries?
I recently had the pleasure of speaking at the Crypto & Privacy Village, which is part of the massive DEF CON computer security conference (and which I help organize). My talk was about a topic that basically everyone seems to be interested in: Can you invoke your Fifth Amendment right against self-incrimination when the police demand that you unlock your smartphone? The answer, unsurprisingly, is: It depends.
Attorney General Bill Barr gave a speech yesterday at Fordham that revived the encryption debate in the U.S. after a relatively quiet period. Since the departure of Rod Rosenstein, we hadn’t had a federal law enforcement official out there regularly giving speeches condemning encryption (though FBI Director Chris Wray threw his hat in here and there).
You may recall that in February, a federal district court in Fresno denied a petition I filed with the American Civil Liberties Union, the ACLU of Northern California, and the Electronic Frontier Foundation to attempt to shed light on the Department of Justice's attempt to force Facebook to break the encryption on its Messenger app for encrypted voice calls so that Facebook could carry out a wiretap order the DOJ had obtained.
Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
Submission to the Australian Independent National Security Legislation Monitor's review of the Assistance and Access Act 2018.
The client shows his lawyer a video he says he took on his cell phone. It shows the defendant saying things that, if seen by the jury, will be a slam dunk for the client’s case. The attorney includes the video in her list of evidence for trial, but the defendant’s lawyers move to strike. They claim it’s a fake. What’s the plaintiff’s lawyer—and the judge—to do?
Welcome to trial practice in the new world of "deepfake" videos.
Submission to Australia's Parliamentary Joint Committee on Intelligence and Security (PJCIS) regarding its review of the Assistance and Access Act that had passed into law in early December 2018.
Opening brief of Movants-Appellants EFF, ACLU, and Riana Pfefferkorn to the Ninth Circuit in our appeal from the district court's denial of our motion to unseal filings in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
The key term that recurs throughout Henry Farrell’s and Bruce Schneier’s essay is “trust.” That is no surprise, as the concept unites both authors’ bodies of work: Schneier, a security expert, and Farrell, a political scientist, have each written books about it. Security enables trust, and trust enables a functioning democracy.
"Riana Pfefferkorn, a cryptography fellow at the Stanford Law School’s Center for Internet and Society, said FlexiSPY is “kind of an app version of a wire.” Wiretaps are the traditional monitoring tool used by law enforcement after obtaining a warrant signed by a judge.
“It can be done quickly, but it’s not something that can be done remotely,” Pfefferkorn said. “That raises the question for me of whether this was a U.S. law enforcement agency that installed this on Chapo’s phone, if it was his phone.”"
"“There's nothing preventing an Apple employee from doing the exact same thing in a world where there's mandatory key escrow for exceptional access to smartphones,” said Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society. “Once the deed is done by an insider, then what was supposed to be a tool only for the ‘good guys’ is out there for the ‘bad guys’ as well.”"
"On Friday, Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society, explored in an article for national security blog Just Security what this approach with exigent circumstances may look like.
""Third-party tools such as Cellebrite and GrayKey, combined with other sources of data such as cloud backups, metadata, the Internet of Things, and so-called 'lawful hacking,' mean law enforcement still has a wealth of information available to it for investigations and prosecutions," said Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society."
"Encryption is the best tool people have for defending against hackers, cybercriminals and government surveillance, said Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society. Still, “your communications encryption choices are only worth as much as the trustworthiness of the people you're talking to,” she said.
Associate Director of Surveillance and Cybersecurity | Center for Internet and Society at Stanford Law School
Compelled Device Decryption and the Fifth Amendment
You can unlock your smartphone with a passcode, your finger, even your face. When the cops demand you decrypt your phone or other device for them, can you successfully invoke your Fifth Amendment right against self-incrimination? Well, it depends. This talk quickly walks through the when, where, why, and how of compelled decryption and the Fifth Amendment under current case law. It ends with some practical takeaways, including "don't talk to the cops" and "stay out of Florida."
A media nonprofit summit celebrating World Press Freedom Day.
Hosted by the Society of Professional Journalists, the oldest and most broad-based journalism professional association in the United States.
In this episode, The Stream speaks with tech industry experts and policy analysts to explore whether the Indian government’s plan will ensure public safety or set a dangerous precedent.
We're yet to see the details of the deal between the Government and Labor which would allow the passage of laws to give police and investigators access to encrypted messages.
That leaves one more day in this sitting of Parliament to get the laws through, after the Government claimed there was an urgent need to do so before Christmas.
Riana Pfefferkorn is a digital security expert and Cryptography Fellow at the Stanford Center for Internet and Society. She says that we are living in the “Golden Age of Surveillance,” in which the growing ubiquity of data-rich smart devices has produced a fundamental tension between the rights of users to protect their personal data and the needs of law enforcement to investigate or prevent serious crimes.