Riana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society. Her work focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
In October, we covered a significant case in Brooklyn federal court that tackles the hot-button issue of whether tech companies should be compelled to provide law enforcement with the ability to access information that’s protected by encryption.
Last week, the government of the United Kingdom proposed a bill that would codify and expand the surveillance powers afforded to UK intelligence and law enforcement agencies. The Draft Investigatory Powers Bill would consolidate current laws governing surveillance and police investigations, codify the UK government’s and courts’ interpretations of what those laws permit, and in some instances extend existing law to grant new powers to government.
Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
In Enigma Software v. Malwarebytes, the Ninth Circuit ruled that 47 U.S.C. 230(c)(2)(B) does not protect anti-threat classification decisions that are allegedly based on "anti-competitive animus." This amicus brief, written by Prof. Eric Goldman of Santa Clara Law and Venkat Balasubramani and joined by 7 professors, explains how the Ninth Circuit's ruling makes the Internet less safe.
Reply brief of Movants-Appellants EFF, ACLU, and Riana Pfefferkorn to the Ninth Circuit in our appeal from the district court's denial of our motion to unseal filings in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
Submission to the Australian Independent National Security Legislation Monitor's review of the Assistance and Access Act 2018.
The client shows his lawyer a video he says he took on his cell phone. It shows the defendant saying things that, if seen by the jury, will be a slam dunk for the client’s case. The attorney includes the video in her list of evidence for trial, but the defendant’s lawyers move to strike. They claim it’s a fake. What’s the plaintiff’s lawyer—and the judge—to do?
Welcome to trial practice in the new world of "deepfake" videos.
Submission to Australia's Parliamentary Joint Committee on Intelligence and Security (PJCIS) regarding its review of the Assistance and Access Act that had passed into law in early December 2018.
"Riana Pfefferkorn, associate director of surveillance and cybersecurity for Stanford Law School, said antitrust suspicion and the calls for backdoors to encryption are “absolutely” tied together. “I’ve been saying for two years that the techlash is playing into the strategy on behalf of law enforcement to try to turn public opinion against tech companies, even with regards to something like security, where the whole point is to enhance user privacy and security,” Pfefferkorn said."
"But not all court cases are just about getting a jury verdict. “I think it’s a sincere attempt to use the C.F.A.A. in a novel way,” said Riana Pfefferkorn, associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society. “But I think it’s partially a P.R. exercise, in that they’re calling out NSO and saying they won’t let them use vulnerabilities to attack users.”"
"However, Riana Pfefferkorn, associate director of Stanford Law’s surveillance and cybersecurity program, said she doesn’t think it would be as simple as rolling back encryption.
“I don’t think it’s going to be the same as waving a magic wand and having everything go back to the way it was five years ago,” she said.
In addition to extensive reengineering, the costs and logistics of fielding a flood of law enforcement requests could have economic effects, she said.
"But WhatsApp's lawsuit doesn't make any mention of prior notice to NSO to stop abusing its services or hacking its users. "I don’t see anything that says they sent a case and desist or attempted to block them," says Riana Pfefferkorn, associate director of surveillance and cybersecurity at Stanford Law School's Center for Internet and Society. "Absent more, they won’t be able to hook the CFAA violation on the terms of service.""
"Perhaps the most obvious path to expanding law enforcement access to encrypted products is legislation. Riana Pfefferkorn, associate director of surveillance and cybersecurity for Stanford Law School, said the legislation would have to cover a fairly broad range of industries, depending on if it was centered on unlocking encryption for devices, such as cell phones, or platforms, such as messaging apps.
A media nonprofit summit celebrating World Press Freedom Day.
Hosted by the Society of Professional Journalists, the oldest and most broad-based journalism professional association in the United States.
Advanced technologies are revolutionizing how the government investigates, charges and prosecutes criminal cases—and defense attorneys must keep pace. Even small police departments can purchase powerful surveillance technologies, and internet companies collect vast troves of data on virtually everyone. This two-day CLE conference will discuss the government's use of technologically advanced investigative techniques in criminal cases, and the issues raised by those techniques under the Fourth Amendment and other federal law.
New software tools use artificial intelligence to create realistic-looking but fake videos of real people seeming to say and do things they never did. These so-called "deepfakes" will soon cause a number of problems for the courts, particularly when it comes to authenticating evidence in litigation. They may even undermine the justice system by eroding juries' belief in the knowability of what is real. Come discuss the implications of deepfakes for trial practice with CIS Associate Director of Surveillance and Cybersecurity Riana Pfefferkorn.
Since its start in 2001, the SF ISACA Fall Conference continues to be the premier education event for information technology audit, security, governance, risk and compliance professionals in Northern California. The SF ISACA Fall conference features five tracks packed with top flight speakers and cutting edge topics. CIS's Riana Pfefferkorn and Ryan Singel will be speaking at the event.
For more information visit the conference website.
Increasingly, we are incorporating into our daily lives devices and services that collect metadata: from our smartphones, to our web browsers, to an ever-expanding assortment of IoT-connected appliances, and even our cars.
In this episode, The Stream speaks with tech industry experts and policy analysts to explore whether the Indian government’s plan will ensure public safety or set a dangerous precedent.
We're yet to see the details of the deal between the Government and Labor which would allow the passage of laws to give police and investigators access to encrypted messages.
That leaves one more day in this sitting of Parliament to get the laws through, after the Government claimed there was an urgent need to do so before Christmas.
Riana Pfefferkorn is a digital security expert and Cryptography Fellow at the Stanford Center for Internet and Society. She says that we are living in the “Golden Age of Surveillance,” in which the growing ubiquity of data-rich smart devices has produced a fundamental tension between the rights of users to protect their personal data and the needs of law enforcement to investigate or prevent serious crimes.