riana pfefferkorn – Techdirt (original) (raw)

Techdirt Podcast Episode 390: The Challenges Facing NCMEC’s CyberTipline

from the looking-closer dept

The National Center for Missing & Exploited Children‘s CyberTipline is a central component of the fight against child sexual abuse material (CSAM) online, but there have been a lot of questions about how well it truly works. A recent report from the Stanford Internet Observatory, which we’ve published two recent posts about, provides an extremely useful window into the system. This week, we’re joined by two of the report’s authors, Shelby Grossman and Riana Pfefferkorn, to dig into the content of the report and the light it sheds on the challenges faced by the CyberTipline.

Follow the Techdirt Podcast on Soundcloud, subscribe via Apple Podcasts or Spotify, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

Filed Under: csam, cybertipline, riana pfefferkorn, shelby grossman
Companies: ncmec

Will Nevada Kill End-To-End Encryption Next Week?

from the what-happens-in-nevada-makes-everyone-less-safe dept

Last month, we wrote about Nevada’s Attorney General filing an absolutely preposterous, but extremely dangerous, legal filing, demanding that a court bar Meta from offering end-to-end encryption for its messaging apps. Almost everything about this request was crazy. First, Nevada sued Meta, with vague, unsubstantiated claims of “harm to children,” and then it filed a demand for a temporary restraining order, blocking Meta from using encryption, giving the company basically a day to respond.

This all seemed weird, given that encryption has been available in tons of places for many, many years, including on some of Meta’s messaging offerings going back years. Why was it suddenly so necessary to stop them immediately? Nevada also claimed that Meta offering encryption was a “deceptive trade practice” because it says it’s offering encryption to keep people safer when, according to Nevada, it’s inherently harmful.

Thankfully, the court did not issue the immediate TRO, but asked the parties to brief the issue and appear for a hearing next Wednesday. Earlier this week, a bunch of organizations, including the ACLU, EFF, Fight for the Future, Internet Society, Signal, and Mozilla all filed an amicus brief that I’d describe as 43-pages of “what the fuck is this, I don’t even…”

The State’s motion for a preliminary injunction attempts to substitute the judgment of the Attorney General’s office for a national policy developed over decades of discussion with multiple stakeholders. The State paints a picture of E2EE as solely a danger to children. But the reason that E2EE has been widely adopted is that it prevents crime-crime affecting both children and adults. The State has many avenues for pursuing its child-safety investigations without this extraordinary order. It is especially ill-advised to upend decades-old, encryption- specific policies based on a reinterpretation of a broad, general purpose law such as the Nevada Unfair and Deceptive Trade Practices Act, N.R.S. 598.0903-598.0947.

While the Attorney General may disagree, the assertion that E2EE is good for children is a mainstream point of view and not properly classified as “deceptive” (Mot. at 16-17). Millions of children have long used E2EE platforms such as WhatsApp and iMessage. It can hardly be “unconscionable” for Meta to upgrade its product to meet the security and privacy standards that other exceedingly popular products-ones the Attorney General has not challenged have offered to the public for years.

The motion for a preliminary injunction that would stop Meta from providing secure communications to its users is baseless and dangerous. Meta’s provision of end-to-end encryption by default to all Messenger users is not deceptive or unconscionable, meaning the State is unlikely to succeed on the merits. To the contrary, because E2EE protects consumers, its continuation will not cause irreparable harm and in fact benefits the public interest (a preliminary injunction factor the State does not discuss). Clark Cnty. Sch. Dist. v. Buchanan. 112 Nev. 1146, 1150, 924 P.2d 716, 719 (1996). The Court should reject the State’s request.

The overall brief is fantastic. It points out, among other things, that historically most conversations were ephemeral and not recorded, and law enforcement didn’t think that people talking to each other was an inherent threat to children.

Society has long recognized that people thrive when we have the ability to engage in private, unmonitored conversations. Sharing confidences enables people to form friendships and intimate relationships, obtain information about sensitive matters, and construct different identities depending on the audience. We know this from our own lives, whether engaging in pillow talk, meeting a friend for a walk, or forming an invitation-only club. Important, human things happen when we can be confident that no one is listening in.

Before the Internet, these conversations were not recorded or preserved. Our words vanished into the air as they were spoken. Unless someone was eavesdropping, conversations were private, secret, and unrecoverable. Police could not access these interactions. Mail carriers did not make copies of letters and senders and recipients were free to write in code or foreign languages and to destroy the documents after they had been received.

In any other era, a claim that government may obligate us to record and preserve our conversations, just in case investigators wanted to review them later. would be laughably ridiculous. It would simply have been beyond the pale to suggest that people could be required to record their conversations in a language that law enforcement could readily understand and access. Basic conversational privacy was assumed, and rightly so.

The brief gives many examples of why end-to-end encryption makes everyone, including children, more secure. It highlights how many government agencies have endorsed encryption.

But also, importantly, it highlights just how stupid this demand is, given that Nevada law enforcement has plenty of ways to investigate criminal actions, even when there is encryption in messaging. After all, Meta has access to metadata, and any victims can directly provide the content to law enforcement as well.

Riana Pfefferkorn (who also signed onto the brief as an amicus) also wrote a column about this case. She notes that Nevada’s request would not only make children less safe, but it’s extremely unlikely that this destruction of encryption would remain local to Nevada.

If the court grants the Nevada AG’s latter-day request after this month’s hearing, the resulting injunction won’t just affect Nevada’s children. Anyone (adult or child) who talks to them, or is mistakenly identified by Meta as being one of them, will no longer get default E2EE on Messenger either. Plus, a successful request in Nevada might inspire copycat demands elsewhere. That multi-state social media addiction lawsuit against Meta that I mentioned above? It has 42 state AGs as plaintiffs. A copycat injunction for Messenger would mean no more default E2EE for most of the country’s children (and a significant number of adults, as said).

Hopefully those other state AGs would pick a wiser course than this one rogue state AG has chosen. Consumer protection regulators have spent years telling Meta to do better at protecting user privacy. Making Messenger E2EE by default is the best thing Meta has done in that regard in a long time. The Nevada AG’s own complaint against Meta says that “[i]n the digital privacy ecosystem, this is a move that might be lauded.” Yet rather than laud it, the Nevada AG is trying to undo it. He would rather force Meta to give the state’s youngest users worse digital privacy and security than everyone else. That isn’t promoting child safety online; it’s undermining it. Even more astonishing, he’s trying to rebrand default E2EE as an unconscionable and deceptive trade practice. Strong encryption isn’t a violation of consumer protection; it’s a vindication of it.

The Nevada AG’s request is so wildly contrary to well-established best practices and long-standing interpretations of consumer protection law that it would almost be funny if it weren’t so dangerous. We can only hope the judge in Nevada laughs him out of court. The children of Nevada deserve better than this.

Hopefully, the court agrees.

Filed Under: aaron ford, encryption, law enforcement, messaging, nevada, riana pfefferkorn
Companies: meta

Techdirt Podcast Episode 311: EARN IT Is Still Bad

from the they-didn't-learn-anything dept

More than a year and a half ago we were joined on the podcast by Riana Pfefferkorn, then the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society and now a research fellow at the Stanford Internet Observatory, to discuss the disastrous EARN IT Act. As you probably know, EARN IT is back, and this week, Riana joins us once again to discuss why it hasn’t gotten any better — and might in fact have gotten worse.

Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

Filed Under: earn it, encryption, podcast, policy, riana pfefferkorn, section 230

Techdirt Podcast Episode 248: The Most Serious Threat To Section 230

from the among-many dept

Attacks on Section 230 are relentless and coming from all sides — so we’ve got another podcast all about the attempts to ruin the most important law on the internet. This week, we’re joined by Riana Pfefferkorn, the Associate Director of Surveillance and Cybersecurity at the Stanford Center for Internet and Society, to discuss what is currently the most serious threat of all: the latest incarnation of the disastrous and nonsensical EARN IT Act.

Follow the Techdirt Podcast on Soundcloud, subscribe via iTunes or Google Play, or grab the RSS feed. You can also keep up with all the latest episodes right here on Techdirt.

Filed Under: free speech, internet, podcast, policy, riana pfefferkorn, section 230

from the great-unsealing-continues dept

This has the makings of a movement along the lines of the highly-unofficial “Magistrates Revolt.” More efforts are being made more frequently to push federal courts out of their default secrecy mode. The government prefers to do a lot of its work under the cover of judicial darkness, asking for dockets and documents to be sealed in a large percentage of its criminal cases.

Just in the last month, we’ve seen the ACLU petition the court to unseal dockets related to the FBI’s takedown of Freedom Hosting using a Tor exploit and Judge Beryl Howell grant FOIA enthusiast Jason Leopold’s request to have a large number of 2012 pen register cases unsealed.

Now, we have researchers Jennifer Granick and Riana Pfefferkorn petitioning [PDF] the Northern District of California court to unseal documents related to “technical assistance” cases — like the one involving the DOJ’s attempted use of an All Writs Order to force Apple to crack open a phone for it.

Petitioners Jennifer Granick and Riana Pfefferkorn, researchers at the Stanford Center for Internet and Society proceeding pro se, file this Petition to unseal court records. We file this Petition so that the public may better understand how government agents are using legal authorities to compel companies to assist them in decrypting or otherwise accessing private data subject to surveillance orders. Petitioners hereby seek the docketing of surveillance orders issued by this Court; the unsealing of those dockets; and the unsealing of the underlying Court records in surveillance cases relating to technical-assistance orders issued by this Court to communications service providers, smartphone manufacturers, or other third parties…

This district should contain a great number of documents fitting this description, seeing as it also contains a great number of service providers and third party tech companies.

More specifically, the researchers are looking to gain access to documents in cases where the government has used the following list of statutes to compel cooperation:

Not only that, but Granick and Pfefferkorn are asking the court to shift away from the default secrecy that has made this petition necessary.

[Petitioners request that] the Court revise its practices going forward, such that the Clerk’s office will assign case numbers to, docket, and enter into CM/ECF all applications and orders for search warrants, surveillance, and technical assistance; the Court will undertake a periodic review (e.g., annually or biannually) of sealed dockets, warrants, surveillance orders, and technical-assistance orders; and after such review, the Court will unseal those records for which there is no longer any need for continued sealing.

The researchers point out that secrecy in court records is a First Amendment issue: these documents were meant to be accessible by the general public. They also note that they aren’t asking for anything related to ongoing investigations or information that might compromise future investigations — like names of law enforcement personnel or other potential criminal investigation targets. All they’re asking is that the court stop granting the government permission to seal complete dockets so often and to perform periodic reviews of sealed cases to see whether the imposed secrecy is still warranted.

As it stands now, this large number of sealed documents prevents the public from knowing how law enforcement agencies and courts are interpreting (often outdated) tech-related laws. It’s preventing researchers like these two from gaining any insight on the government’s electronic surveillance efforts and it’s locking defense lawyers out of possibly precedential rulings that may affect current or future clients.

Filed Under: all writs act, electronic surveillance, jennifer granick, riana pfefferkorn, technical assistance, warrants