Riana Pfefferkorn is the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society. Her work focuses on investigating and analyzing the U.S. government's policy and practices for forcing decryption and/or influencing crypto-related design of online platforms and services, devices, and products, both via technical means and through the courts and legislatures. Riana also researches the benefits and detriments of strong encryption on free expression, political engagement, economic development, and other public interests.
Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati, where she worked on litigation and counseling matters involving online privacy, Internet intermediary liability, consumer protection, copyright, trademark, and trade secrets and was actively involved in the firm's pro bono program. Before that, Riana clerked for the Honorable Bruce J. McGiverin of the U.S. District Court for the District of Puerto Rico. She also interned during law school for the Honorable Stephen Reinhardt of the U.S. Court of Appeals for the Ninth Circuit. Riana earned her law degree from the University of Washington School of Law and her undergraduate degree from Whitman College.
High Res Photo of Riana Pfefferkorn
In October, we covered a significant case in Brooklyn federal court that tackles the hot-button issue of whether tech companies should be compelled to provide law enforcement with the ability to access information that’s protected by encryption.
Last week, the government of the United Kingdom proposed a bill that would codify and expand the surveillance powers afforded to UK intelligence and law enforcement agencies. The Draft Investigatory Powers Bill would consolidate current laws governing surveillance and police investigations, codify the UK government’s and courts’ interpretations of what those laws permit, and in some instances extend existing law to grant new powers to government.
Encryption helps human rights workers, activists, journalists, financial institutions, innovative businesses, and governments protect the confidentiality, integrity, and economic value of their activities. However, strong encryption may mean that governments cannot make sense of data they would otherwise be able to lawfully access in a criminal or intelligence investigation.
Arguing that if the court should not compel Apple to create software to enable unlocking and search of the San Bernardino shooter’s iPhone, it will jeopardize digital and personal security more generally.
In Enigma Software v. Malwarebytes, the Ninth Circuit ruled that 47 U.S.C. 230(c)(2)(B) does not protect anti-threat classification decisions that are allegedly based on "anti-competitive animus." This amicus brief, written by Prof. Eric Goldman of Santa Clara Law and Venkat Balasubramani and joined by 7 professors, explains how the Ninth Circuit's ruling makes the Internet less safe.
Reply brief of Movants-Appellants EFF, ACLU, and Riana Pfefferkorn to the Ninth Circuit in our appeal from the district court's denial of our motion to unseal filings in a sealed case wherein the Department of Justice allegedly sought to compel Facebook to comply with a wiretap order for Facebook's end-to-end encrypted voice calling app, Messenger.
Submission to the Australian Independent National Security Legislation Monitor's review of the Assistance and Access Act 2018.
The client shows his lawyer a video he says he took on his cell phone. It shows the defendant saying things that, if seen by the jury, will be a slam dunk for the client’s case. The attorney includes the video in her list of evidence for trial, but the defendant’s lawyers move to strike. They claim it’s a fake. What’s the plaintiff’s lawyer—and the judge—to do?
Welcome to trial practice in the new world of "deepfake" videos.
Submission to Australia's Parliamentary Joint Committee on Intelligence and Security (PJCIS) regarding its review of the Assistance and Access Act that had passed into law in early December 2018.
"The encryption push may be harder now that the public knows about law enforcement's errors. “DOJ has had years to 'collect accurate metrics' on encryption's impact on investigations on prosecutions, but the only number it has ever provided to the public is the one the DOJ had to admit was inaccurate,” said Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society. “If they're serious about this, they should release those metrics once they have them, plus info about how they arrived at those numbers.”"
"Even if authorized by a warrant, the dissemination of vulnerable devices could create a risk of significant harm. Riana Pfefferkorn, a cryptography fellow at Stanford Law School’s Center for Internet and Society, told Human Rights Watch it would be “frightening to use a wiretap order to authorize seeding compromised devices among people.” She suggested that anyone who might accept such a tactic when the targets are suspected drug traffickers should consider a hypothetical scenario in which agents secretly gave such non-secure devices to “journalists or activists.”"
"Riana Pfefferkorn, a cryptography fellow at the Stanford Law School’s Center for Internet and Society, said FlexiSPY is “kind of an app version of a wire.” Wiretaps are the traditional monitoring tool used by law enforcement after obtaining a warrant signed by a judge.
“It can be done quickly, but it’s not something that can be done remotely,” Pfefferkorn said. “That raises the question for me of whether this was a U.S. law enforcement agency that installed this on Chapo’s phone, if it was his phone.”"
"“There's nothing preventing an Apple employee from doing the exact same thing in a world where there's mandatory key escrow for exceptional access to smartphones,” said Riana Pfefferkorn, a cryptography fellow at the Stanford Center for Internet and Society. “Once the deed is done by an insider, then what was supposed to be a tool only for the ‘good guys’ is out there for the ‘bad guys’ as well.”"
"On Friday, Riana Pfefferkorn, cryptography fellow at the Stanford Center for Internet and Society, explored in an article for national security blog Just Security what this approach with exigent circumstances may look like.
Stanford CIS brings together scholars, academics, legislators, students, programmers, security researchers, and scientists to study the interaction of new technologies and the law and to examine how the synergy between the two can either promote or harm public goods like free speech, innovation, privacy, public commons, diversity, and scientific inquiry. Come hear CIS Directors Jennifer Granick + Daphne Keller and Resident Fellows Riana Pfefferkorn + Luiz Fernando Marrey Moncau talk about our work, and the assistance CIS provides to students in learning about these issues, selecting courses, identifying job opportunities, and making professional connections.
To celebrate the one-year anniversary of the Stanford Cryptography Policy Project, we are holding an afternoon event highlighting our research and accomplishments over the past year. As our keynote speakers, it is our pleasure to welcome the Honorable Stephen W. Smith, Magistrate Judge of the Southern District of Texas, and Paul S. Grewal, former Magistrate Judge of the Northern District of California.
What kind of surveillance assistance can the U.S. government force companies to provide? This issue has entered the public consciousness due to the FBI's demand in February that Apple write software to help it access the San Bernardino shooter's encrypted iPhone. Technical assistance orders can go beyond the usual government requests for user data, requiring a company to actively participate in the government's monitoring of the targeted user(s).
Today, the debate over encryption is making headlines in nations around the world. Together, we’re working toward solutions at Crypto Summit 2.0.
The first Crypto Summit, held in July 2015 in Washington, D.C., brought together technologists, lawyers, and policy professionals from different sectors. Since then leading experts have considered proposals that would legislate the future of encryption — and the future of privacy and security online.
What's all this hullaballo about encryption? What's the latest in the FBI's ongoing dispute with Apple over encrypted iPhones? What's at stake? What could happen next? Find out all this and more at April's
Our Speaker will be Riana Pfefferkorn:
Increasingly, we are incorporating into our daily lives devices and services that collect metadata: from our smartphones, to our web browsers, to an ever-expanding assortment of IoT-connected appliances, and even our cars.
In this episode, The Stream speaks with tech industry experts and policy analysts to explore whether the Indian government’s plan will ensure public safety or set a dangerous precedent.
We're yet to see the details of the deal between the Government and Labor which would allow the passage of laws to give police and investigators access to encrypted messages.
That leaves one more day in this sitting of Parliament to get the laws through, after the Government claimed there was an urgent need to do so before Christmas.
Riana Pfefferkorn is a digital security expert and Cryptography Fellow at the Stanford Center for Internet and Society. She says that we are living in the “Golden Age of Surveillance,” in which the growing ubiquity of data-rich smart devices has produced a fundamental tension between the rights of users to protect their personal data and the needs of law enforcement to investigate or prevent serious crimes.