All Internet Observatory News News January 21, 2021

Q&A with Riana Pfefferkorn, Stanford Internet Observatory Research Scholar

Riana Pfefferkorn joined the Stanford Internet Observatory as a research scholar in December. She comes from Stanford’s Center for Internet and Society, where she was the Associate Director of Surveillance and Cybersecurity.
Riana Pfefferkorn

 In her new role, Riana will continue her work researching and analyzing the U.S. and other countries’ policies regarding encryption, particularly as it relates to law enforcement access to user data and communications. Riana also studies novel forms of electronic surveillance and data access by U.S. law enforcement and their impact on civil liberties. Prior to joining Stanford, Riana was an associate in the Internet Strategy & Litigation group at the law firm of Wilson Sonsini Goodrich & Rosati. She started her career as a law clerk to a federal magistrate judge.

Q: Why is the debate around encryption so important?

A: Encryption is crucial to protecting the security and privacy of our important data. That includes banking, financial transactions, web surfing, email, cloud storage, sensitive health data—the list goes on. In recent years, it’s become easy for us to encrypt our smartphones, computers, chat messages, and (lately) video calls, mostly without having to think about it or fiddle with confusing software settings.

Using encryption to shield our data and communications from malicious actors or accidental breaches has become even more vitally important since the world shut down last March due to the COVID-19 outbreak. Many of the sensitive conversations that we might once have had face-to-face were forced to move online, from “telehealth” doctor appointments to video calls with therapists to heart-to-hearts with dear friends.

People deserve privacy, period. Our data deserves to be secure. And beyond average people like you or me, there’s also a major economic need for strong data protection—not to mention that it’s a serious national security issue. Our elected officials, government agencies, military, financial institutions, businesses, and even scientific researchers have to worry about keeping their data private and secure, too.

Encryption is just about the best tool we’ve got for protecting all of those interests and preventing the very real harms that come from poor data security. It seems like every day brings another headline in the news about a devastating hack by a foreign adversary, or the latest company to suffer a major data breach.

That’s why the periodic calls from law enforcement and some politicians to weaken the encryption that protects our communications and electronic devices are so misguided. Law enforcement officials point out that encrypted devices and apps are also used by criminals, not just innocent people, making their jobs harder. But what they fail to highlight is how vital encryption is to protecting us from criminals, terrorists, and foreign adversaries. The benefits of encryption far outweigh the downsides.

Q. Can you explain where that debate stands now and where it might be heading?

A. I think 2021 is shaping up to be a really momentous year. We might see the same trends that we saw in 2020 around the introduction, both domestically and in other countries, of much more aggressive laws and regulations about online data, content moderation, and companies’ ability to provide strong encryption capabilities to their users.

The encryption debate and entwined debates around content moderation and platform regulation—what my colleague Daphne Keller works on here at CPC—all those things are going to come to a head. And none of it is going to go away due to the change in the administration. We’re going to have a lot of the same members of Congress who are pushing the same regulatory proposals in this Congress that we saw in the 116th Congress when it comes to encryption, trust and safety, and content moderation issues.

Q: Will the change in Washington, D.C., change the debate around these issues?

A: The change in administration is helpful in some ways. It will mean a more consistent approach to national security issues and how cybersecurity fits in with national security issue. The approach will be less scattershot and more based on evidence rather than prejudices.

Mostly, I’m looking forward to a return to norms, predictability, and as a lawyer, respect for the rule of law, for procedure and for doing things the correct way. I’m sure a lot of America’s allies are looking forward to that too. In the near term, following the violent insurrection at the Capitol on January 6, I’m just hoping for a peaceful transfer of power with no assassinations, which is not a sentence I ever thought I’d say about my own country. Those events and their aftermath have put a new twist on the debates around encryption and content moderation that is still playing out.

And within the Cyber Policy Center, I think we will have the ear of the administration and that they will listen to us, given how many people at CPC formerly were in government. Encryption policy and content moderation have been solidly bipartisan concerns in recent years, so it’s no longer just a topic for one or the other party to stump on when they’re in power. The way the political parties approach the issue may differ, or why they think it’s an issue may differ, but there are threats to strong encryption, threats to cyber security and to the freedom of the net that come from a bipartisan place. So we will have to think carefully about how to speak to policymakers, or what messages we can use to impress upon people coming from various sides of the issue and different sides of the aisle why strong cyber security matters, why strong encryption matters.

Q: After five years with the Center for Internet and Society, what are the reasons you decided to join the Stanford Internet Observatory?

A: For a few years, I’ve been working with Alex Stamos, who founded and directs SIO. He brought me in to co-teach the Hack Lab, which shows students the common types of attacks used in cybercrime and cyberwarfare. In the course, I fill in the gaps around the legal issues that students were interested in hearing about. It turned out to be a very complementary combination to talk about not just the technologies involved that he teaches around offensive cyber security issues but to bring in, ‘Well, what are the legal implications?’ And now that the Hack Lab is a required course for the Master’s in International Policy students, we also ask ‘What are the policy implications?’

At SIO, Alex has assembled a team of people who are technologists and social scientists and who have a government background. With my training in the law and a legal background, I look at the issues from the civil liberties tradition that we had at CIS. I also look through a business needs lens, having been an outside counsel to big tech companies.

Q: With CIS, you blogged at an impressive rate. Will you post as often in your new role?

A: That’s always been my goal, at least since I’ve been at CIS, to publish regularly and publish in a format that is accessible to a broad audience and speaks to a relatively broad audience and obviously a policymaker-type focus.

Having come to Stanford originally to work on the encryption debate as an issue back in 2015, it’s something where I feel that explaining why encryption matters, why strong cybersecurity matters to a lay audience is very important, because everyday people and everyday users are in a position to need to understand how to protect themselves and their data and to be able to talk to their legislators about the issue. I thought it was important to dissect what can be dense legislative proposals, or talk about the latest idea for how to give access for law enforcement to encrypted content, and to explain it in a way that would reach more people.

Riana Pfefferkorn

Research Scholar, SIO
Riana Pfefferkorn