Riana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society. Her work focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
Right now, Chinese users of WeChat, an app that includes text, video, and picture messaging plus a Facebook-style news feed (among many other features), can't message each other a meme of Winnie the Pooh. Why not? Because, being short and rotund, he supposedly evokes an unflattering comparison to President Xi Jinping.
I'm pleased to have written the cover story for the latest issue of NWLawyer, the magazine of the Washington State Bar Association. The article, available here, discusses the impact that so-called "deepfake" videos may have in the context of the courtroom. Are existing authentication standards for admission of evidence sufficient, or should the rules be changed? What ethical challenges will deepfakes pose for attorneys? How will deepfakes affect juries?
I recently had the pleasure of speaking at the Crypto & Privacy Village, which is part of the massive DEF CON computer security conference (and which I help organize). My talk was about a topic that basically everyone seems to be interested in: Can you invoke your Fifth Amendment right against self-incrimination when the police demand that you unlock your smartphone? The answer, unsurprisingly, is: It depends.
Attorney General Bill Barr gave a speech yesterday at Fordham that revived the encryption debate in the U.S. after a relatively quiet period. Since the departure of Rod Rosenstein, we hadn’t had a federal law enforcement official out there regularly giving speeches condemning encryption (though FBI Director Chris Wray threw his hat in here and there).
Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
The key term that recurs throughout Henry Farrell’s and Bruce Schneier’s essay is “trust.” That is no surprise, as the concept unites both authors’ bodies of work: Schneier, a security expert, and Farrell, a political scientist, have each written books about it. Security enables trust, and trust enables a functioning democracy.
Brief of amici curiae ACLU, ACLU of Georgia, and Riana Pfefferkorn in support of appellant Victor Mobley in Mobley v. State, a Georgia Supreme Court case presenting the question of whether the Fourth Amendment requires a warrant for the seizure of digital data stored by a vehicle -- specifically, a car's event data recorder (EDR).
Reply brief in support of January 2019 objections to magistrate judge's report and recommendation.
The following was excerpted from an article that will appear in a future issue of NWLawyer. The author was also recently interviewed for the “What’s Next” newsletter on LAW.COM, which you can read here.
Submission to Australia's Parliamentary Joint Committee on Intelligence and Security (PJCIS) regarding its review of the Assistance and Access Act that had passed into law in early December 2018.
"Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford University’s Center for Internet and Society, said the strategy provided a false choice. "There’s this fundamental gut-level disgust that basically everyone has for the abuse of children,” Pfefferkorn said. “So, you can paint people who are trying to protect security and enhance [digital] protections as unsympathetic to preventing child sex abuse. I think it’s extremely cynical.”
"“The (Supreme) Court says the record is way too thin to justify such a sweeping invasion into his private life,” said Riana Pfefferkorn, a researcher who teaches about cybersecurity law at Stanford University. “Probationers have reduced constitutional rights, but they still have rights, and if the state is to be allowed to intrude upon them to the severe degree that an electronics search condition permits, that invasion has to be justified, and it wasn’t here.”"
"“Even if the phones are well secured, allowing the vendor to take the data off the device and store it on their servers would be a source of security risk,” said Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford University’s Center for Internet and Society. “Obviously this data, if held by a private vendor, would be a target for hacking by America’s enemies. Plus, careless security practices could lead to a data breach, or the data could be compromised due to an insider threat, such as an employee selling it without authorization.”"
"Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society, said the issue of compelling defendants to give up access to their phones may be an issue the Supreme Court ultimately takes up, too.
“The constitutional questions are still developing,” Pfefferkorn said."
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s).
Today, the debate over encryption is making headlines in nations around the world. Together, we’re working toward solutions at Crypto Summit 2.0.
The first Crypto Summit, held in July 2015 in Washington, D.C., brought together technologists, lawyers, and policy professionals from different sectors. Since then leading experts have considered proposals that would legislate the future of encryption — and the future of privacy and security online.
What's all this hullaballo about encryption? What's the latest in the FBI's ongoing dispute with Apple over encrypted iPhones? What's at stake? What could happen next? Find out all this and more at April's
Our Speaker will be Riana Pfefferkorn:
BIPLA Presents Riana Pfefferkorn: "Apple vs. the FBI: Where Does It Come From? What Is It? Where Is It Going?"
Monday March 7th
12:45pm-1:45pm - 170 Boalt Hall
Lunch will be served
In this episode, The Stream speaks with tech industry experts and policy analysts to explore whether the Indian government’s plan will ensure public safety or set a dangerous precedent.
We're yet to see the details of the deal between the Government and Labor which would allow the passage of laws to give police and investigators access to encrypted messages.
That leaves one more day in this sitting of Parliament to get the laws through, after the Government claimed there was an urgent need to do so before Christmas.
Riana Pfefferkorn is a digital security expert and Cryptography Fellow at the Stanford Center for Internet and Society. She says that we are living in the “Golden Age of Surveillance,” in which the growing ubiquity of data-rich smart devices has produced a fundamental tension between the rights of users to protect their personal data and the needs of law enforcement to investigate or prevent serious crimes.