Oh My Fraud

As a co-teacher of Stanford University’s Introduction to Cybersecurity course, Riana Pfefferkorn regularly had to guide enterprising students away from violating the law. And it was one of those laws, the federal wire fraud statute, that initially caused her to connect with Caleb and Greg. In this conversation, the three of them discuss Jeff Skilling, cybersecurity, hacker movies, and more.

Sponsors
MakersHub- https://ohmyfraud.promo/makershub
RightRev - https://ohmyfraud.promo/rightrev
Settle - https://ohmyfraud.promo/settle

HOW TO EARN FREE CPE

In less than 10 minutes, you can earn 1 hour of NASBA-approved accounting CPE after listening to this episode. Download our mobile app, sign up, and look for the Oh My Fraud channel. Register for the course, complete a short quiz, and get your CPE certificate.

Download the app:

Apple: https://apps.apple.com/us/app/earmark-cpe/id1562599728
Android: https://play.google.com/store/apps/details?id=com.earmarkcpe.app

Questions? Need help? Email support@earmarkcpe.com.

CONNECT WITH RIANNA
Rianna Pfefferkorn [LinkedIn]
https://cyberlaw.stanford.edu/about/people/riana-pfefferkorn

CONNECT WITH THE HOSTS

Greg Kyte, CPA
Twitter: https://twitter.com/gregkyte
LinkedIn: https://www.linkedin.com/in/gregkyte/

Caleb Newquist
Twitter: https://twitter.com/cnewquist
LinkedIn: https://www.linkedin.com/in/calebnewquist/

Email us at ohmyfraud@earmarkcpe.com

Sources:

Stanford University Institute for Human-Centerd Artificial Intelligence

Hack Lab: Introduction to Cybersecurity [Stanford Law School]

Riana Pfefferkorn, Shooting the Messenger: Remediation of Disclosed Vulnerabilities as CFAA “Loss” [Richmond Journal of Law & Technology]

Skilling v. United States [Wikipedia]

Creators & Guests

Host

Caleb Newquist

Host

Greg Kyte, CPA

Mega-pastor of @comedychurch and the de facto worlds greatest accounting cartoonist.

Guest

Riana Pfefferkorn

Riana Pfefferkorn is a cyber security scholar at Stanford

What is Oh My Fraud?

"Oh My Fraud" is an irreverent podcast from CPA/comedian Greg Kyte and blogger/former CPA Caleb Newquist.

The two come together to unpack their favorite frauds and explore the circumstances, psychology, and interpersonal dynamics involved. They also fully indulge in victim-blaming the defrauded widows, orphans, infirm and feeble-minded—because who can resist?

If you fancy yourself a trusted advisor—or prefer your true crime with spreadsheets instead of corpses—listen to this show to learn what to watch out for to keep your clients, your firm, and even yourself safe.

There may be errors in spelling, grammar, and accuracy in this machine-generated transcript.

Caleb Newquist: Hey! Oh my fraud listeners. Caleb here, just a quick word about today's episode. We recorded our conversation with Rihanna Pfefferkorn back in April, and since then she's gotten a new job. She's still at Stanford, but is leaving the Internet Observatory to join Stanford's Institute for Human Centered Artificial Intelligence on July 1st. And that's it. Okay, here's our episode.

Earmark CPE: If you'd like to earn CPE credit for listening to this episode, visit earmark Cpcomm. [00:00:30] Download the app, take a short quiz, and get your CPE certificate. Continuing education has never been so easy. And now on to the episode.

Caleb Newquist: This is Oh My Fraud, a true crime podcast where our criminals hack with a computer, not with a machete. I'm Caleb Newquist.

Greg Kyte: And I'm Greg kight.

Caleb Newquist: Greg kite. You are Caleb.

Greg Kyte: You are Greg Kite. He. And yes. And you are [00:01:00] Caleb Newquist back again? Uh, yeah, with a fun interview show this time. Yeah.

Caleb Newquist: Another fun interview show. Uh, today on the show, we have Rianna Pfefferkorn. She is a research scholar at the Stanford Internet Observatory, and her work focuses on cyber security, electronic surveillance, the Fourth Amendment and privacy. And prior to that, she was an associate director of surveillance and cybersecurity at the Stanford Center for Internet and Society. Now, [00:01:30] I just that's two very strange names for like, academic institutions. She kind of gets into it, so I won't spoil it. But in any case, uh, she's at Stanford, and, um, we had a nice time talking to her.

Greg Kyte: And it's funny, the Stanford Center for Internet and Society, it's like, is there anything else? Is that is it just the Stanford Center for everything? I don't know, I think broadly enough, anything could fall under either the internet or society. Yeah.

Caleb Newquist: So perhaps yeah, society [00:02:00] is pretty broad.

Greg Kyte: It is pretty.

Caleb Newquist: And then yeah, the internet is super broad. And so I.

Greg Kyte: Mean, I guess maybe like fungi doesn't fall underneath that.

Caleb Newquist: The Stanford Center for everything under the sun.

Greg Kyte: Right? Right. So well, regardless, Rihanna got in touch with us after our episode on wire fraud. That's episode 44. If you're keeping score at home. She co-teaches a very popular course at Stanford called Hack Lab [00:02:30] Introduction to Cybersecurity, and she covers the wire fraud statute in that class. Anyway, in that episode, we briefly mentioned Jeff Skilling, the former CEO of Enron, and how he was not charged with wire fraud.

Caleb Newquist: Right. Rihanna informed us that skilling did get charged with another kind of fraud, honest services fraud. And he fought it all the way to the Supreme Court. And we get into that, too, a little bit. So we're not going to spoil it. But needless to [00:03:00] say, uh, we had a fascinating conversation with Rihanna and we got into some cybersecurity stuff. Greg, because I know you wanted to talk about some cybersecurity stuff, and she she I have to say, very impressive and very, very impressed with her, the breadth and depth of knowledge in these areas.

Greg Kyte: Absolutely.

Caleb Newquist: All right. With all that said, here's our conversation with Rihanna. Pfefferkorn. Uh, Rihanna, the way we start [00:03:30] these things is we usually ask our guests to, uh, summarize their lives in about, I don't know, three minutes if that's doable. Um, and go way back. You know, we want we want all the we want all the gory details. As long as you're comfortable sharing those, we.

Greg Kyte: Want to know how you're how your family lost all their money to cybercrime and how that gave you a personal vendetta to, uh, just to dedicate your life to eradicating it from the face of the earth. So really, your origin story is a cybercrime [00:04:00] superhero. Go.

Riana Pfefferkorn: Uh, great. So thanks for having me. Um, I, uh, work at Stanford now. I'm born and raised in the San Francisco Bay area. I've lived most of my life here in the Bay area. Love it here. Um, I came to Stanford after being an attorney at a big law firm in the Bay area for a few years. Uh, had clerked for a federal judge for a couple of years after getting out of law school up in Seattle, University of Washington. So [00:04:30] Washington state represent Greg? Yeah, yeah, yeah. Um, I had spent my ill spent youth on the internet in the 90s, second half of the 90s. Caleb, I think you and I are about the same age. And, uh, I knew a lot of, uh, what we now call white hat hackers in the, in the late 90s via the internet. And so that, uh, got me interested in cybersecurity and in digital civil liberties issues. And so [00:05:00] after spending some time working on internet law litigation and counseling at my firm, I started what was supposed to be a one year fellowship at Stanford in 2015. And I have just been there, uh, hanging on by my fingernails ever since. And I've gotten to study cybersecurity. I've gotten to work on the kinds of digital civil rights and liberties issues that I was interested in going back to, you know, the turn of the century. And, [00:05:30] um, it's terrific job. Uh, couldn't ask for a better workplace. Love working at Stanford. And I co-teach a class now, um, my co instructor is a former CISO of. Several big companies, and he teaches the basics of cybersecurity. And then I come in and I teach all the ways that you can get arrested or be sued, uh, for violating the legal side of cybersecurity.

Caleb Newquist: Oh, that's that has to be. I mean, that's [00:06:00] that sounds like you get the best part.

Riana Pfefferkorn: I love seeing the fear in their eyes, basically. It's happened several times at this point that after I give one particular lecture, somebody comes up with a worried look on his face and describes his startup. Because everybody at Stanford has their startup and describes a business model. To me that is just squarely addressed by court decisions, saying, that's not a great idea. And they're always this isn't a request [00:06:30] for legal advice, and it totally is a request for legal advice. So that's that's not even one time. It's happened multiple times. I'm like, oh, you guys keep having the same. Did those do.

Greg Kyte: Those conversations start with the students saying, so, uh, Rihanna, if you're a cop, you have to tell me that you're a cop. Is that how that is?

Riana Pfefferkorn: It's it's more like if I give you a dollar, can I be, you know, can I be your client? So, um, training as a lawyer? No clients anymore. Much happier and less stress that way.

Greg Kyte: Nice. [00:07:00]

Caleb Newquist: So I can I ask you a point of clarification. You work in, uh, you don't work in the law school per se, right? Remind me, where do you work in? So I university.

Riana Pfefferkorn: Um, at the Stanford Internet Observatory. Okay. I started out at Stanford at the center for Internet Society. The center for Internet and Society is part of the law school. Okay. And the internet Observatory rolls up into the Cyber Policy Center, which in turn is a joint effort between, um, the Institute [00:07:30] for International Studies and the law school. So it's all very complicated. Most of Stanford is all of these overlays of centers that aren't necessarily tied to any given department. It's just somebody's got a bunch of funding and had the ego to need a director title is what I think is basically how most of this works. And so you just have all these different centers that may or may not be tied to anything that you might just recognize as the Department of X or Y or Z.

Caleb Newquist: Okay. And you but you do teach law students. [00:08:00] The class that you co-teach is for the for law students.

Riana Pfefferkorn: So the the class I co-teach, we get students from all over the university, which is one of the challenges of it. So we have everybody from literal freshmen and sophomores all the way up through PhD students, law students, business school, public policy, master's students. A lot of them take the class. And so that is part of the challenge, is trying to teach law material to a bunch of people who the vast majority aren't studying law, and [00:08:30] they come from a wide variety of, uh, some we have a lot of international students. Um, and so they may not even be familiar with the US legal system, much less how to plow your way through reading court cases and statutes.

Greg Kyte: Which is, uh, which is horrible. That's the that's the worst. I, I remember, uh, when I was taking every tax class that I took where we had to do research. Uh, I was always like, here's the case, nailed it and sent it in. And the professor was like, no, [00:09:00] there was like 13 other cases after this that invalidated this. And I was like, how do you find how do you find the right answer? Uh, that the legal research is just that's why I would never be a lawyer, because I would go insane.

Riana Pfefferkorn: It's like doing homework for a living is what it's been compared to. But, you know, the tax people at law school, they love tax law. They love it like it's some people. That is their thing. They will devote their lives to helping others [00:09:30] maximize, you know, what they can wring out of the tax code. And they are really into it.

Greg Kyte: Absolutely.

Caleb Newquist: They love it so much that it's one of the few, uh, correct me if I'm wrong, but it's one of the few areas of the law where you can do your three years of law school, and then you can choose to do more school just specifically in tax.

Riana Pfefferkorn: That's exactly right. Yeah. Everybody gets their Juris Doctor degree. And then a lot of tax people go and they get an LLM, a master's of law in tax because [00:10:00] they just love it that much.

Greg Kyte: Yeah, they love that but hate themselves. So um, one of the things that we really do want, well, we found you because, uh, because you sent us an email after our wire fraud case that we did, which was very which was very fun. And, um, so first off, how did how did we do it? Just as a as B give us, give us feedback on our wire fraud episode, if you can remember any of the details, any, any glaring [00:10:30] errors that we had in our in our summary of wire fraud.

Riana Pfefferkorn: It was.

Riana Pfefferkorn: Really good. And I thought you guys tied it in really well to all of the past episodes that you'd been doing. The only gloss I would put on how you presented it is, I recall one of the things that was puzzling you was, well, but where is the misrepresentation in this internet or phone call or whatever? And there the, the nuance [00:11:00] of the law is that while you have. I have to make some sort of wire communication in furtherance of your fraud scheme. The communication itself that you get done for by the feds doesn't have to be itself like the lie, the misrepresentation, the fraudulent thing. It just has to further the fraud scheme. So, for example, um, when the fraud or one of the wire fraud cases I teach in my class, the wire communication was the two [00:11:30] defendants emailing each other about their fraud scheme. So it wasn't even that you have to send the fraudulent communication to your victim, although that often is the case, it just has to further the scheme somehow. But other than that, you guys nailed it.

Greg Kyte: Gotcha. So one Facebook Messenger message that says, hey bud, how you doing? And that's the guy that you're committing a fraud with. It's like wire fraud. You're done. Because that's going to further the fraud, because if somebody's [00:12:00] feeling good they're going to fraud better is I mean, that's just science.

Riana Pfefferkorn: That's if I were a US prosecutor, that is absolutely the the theory I would be taking.

Caleb Newquist: Well let me so let me ask you this. So you so you, you, you have this encounter, you have this regular encounter with students who have a business and they are looking for free legal advice. And I mean it. Do you find like in, in in teaching this class? [00:12:30] I mean, that's kind of what you want, right? You want people to get their brains kind of working in terms of it's like, oh, this is what what do you okay, I'll rephrase. What do you want your students to learn? I think about like, the wire fraud. Let's just start with the wire fraud statute. What do you want them to learn about that? Like what's what's what's kind of the goal for your class?

Riana Pfefferkorn: So the overall goal for the students, I mean, they they take this because they want to learn about offensive cyber security. And so my overarching [00:13:00] goal is please don't get yourselves arrested with the things you are learning how to do. Or maybe if you're like a CS major already, the background skills that you already have. And so we give them labs to complete each week, um, to help them test out their new skills. And we are very express about saying we are giving you this sandbox to play in. If you go outside of that sandbox and you start going around and playing around on your own, we can't be held responsible for [00:13:30] what you might what you might go out and do. And so it's it's not just giving them, um, you know, an education in how the law works. It's also, I think maybe for some of them, the first time, they may be introduced to the idea that the law exists and might apply to their preferred activities. Um, and just trying to, you know, keep, keep the kids off the streets. And now the trouble is a lot of it, honestly, um, and so at least must be hitting home for them when I get the ones [00:14:00] coming up to me with a worried look on their face right after class.

Greg Kyte: What are some of the what are some I mean, give us some concrete stuff. Like what? I guess if you were to pick maybe 1 or 2 of the biggest things that your students are either getting in trouble with or worried about getting in trouble with, what would those be?

Riana Pfefferkorn: So the thing that I want them to not run afoul of is the main federal Anti-hacking law that I teach the Computer Fraud and Abuse Act, which is, uh, now kind [00:14:30] of a workhorse for all of the ransomware and hacking, uh, you know, Colonial Pipeline, um, various international, state sponsored hackers, etc. it doesn't have to be, uh, some super sophisticated hacker group, you know, sponsored by the Chinese government or whatever, or some Romanian hackers trying to fish you out of your credit card details. I also want to make sure for students that they have some sense of [00:15:00] the boundaries of using their own skills for good or for ill. I remember one time this was one of my students, but our CISO talked about how there were students running crypto miners in their dorm rooms, you know, or you get you read the stories of people who managed to change their own grades in, you know, the system. Again, not my own students, but those are the kinds of things where I want them to know, like laws exist and they will potentially be invoked against, uh, misuse [00:15:30] or hacking into university systems.

Greg Kyte: So I saw I saw the movie War Games with Matthew Broderick. That's that actually is based on a true story.

Riana Pfefferkorn: So the law.

Riana Pfefferkorn: The Computer Fraud and Abuse Act was inspired in part by that film.

Riana Pfefferkorn: Get out of here. No, that's absolutely true.

Riana Pfefferkorn: When part of the origin story for this law is that there was a screening of wargames at the white House, and Reagan turned to his advisors afterwards and said, well, could that actually happen? And they came back [00:16:00] to him and said, actually, it's even worse than you.

Riana Pfefferkorn: I think, you know, there.

Riana Pfefferkorn: Was very poor, you know, cybersecurity in the early days of, of the early 80s. And so Congress's response was to pass the law that, uh, was originally intended to deal with sort of classic hacking, but which has since been expanded in all sorts of ways to encompass, uh, activities that may look nothing like what he was doing in wargames. But, yeah, so that's one of the ways that Hollywood has inspired [00:16:30] Congress, right?

Greg Kyte: I mean, really, and they get such a bad rap for being vapid and, uh, just all about their, their, their, their Botox and their bad ponytails. Now, um, what can you give us a like what's a in terms of that fraud statute that you were talking about. What are some of the is there just some I mean, and again, I'm a, I'm an idiot when it comes to this stuff. Can you, can you dumb it down and give me some of the basic, uh, talking points for that? Like, what are the main things I can't [00:17:00] do under the hacking statute that you're just talking about?

Riana Pfefferkorn: Well, so the hacking.

Riana Pfefferkorn: Statute prohibits both unauthorized access to a computer system and, um, exceeding the authorized access that you have. And so, um, the the core of that would be, you know, if you are snooping around in somebody else's system, stealing data out of it, altering or deleting files off of it. Um, that [00:17:30] is kind of the core offense we have seen over time that the CFA got kind of weaponized to try and punish departing employees who took, uh, customer lists with them, um, or even violations of terms of service online. And so it took a Supreme Court decision a couple of years ago in a decision called Van Buren to try and rein in the breadth of what had been sort of a frighteningly broad law and say, [00:18:00] just because you violate the terms of service of a website, for example, that's not also a federal felony.

Riana Pfefferkorn: Gotcha.

Greg Kyte: And so so then the way your students are, are exposed to that, I'm sure, is that they go, okay, I've set up my startup. It's an online startup in that people have to create usernames and passwords, and likely that's the same username and password that they use everywhere else. And so that's how they exceed their access to these, these people's, uh, computer systems and data [00:18:30] is that the main thing is that the business model, where they go, if we get enough usernames and passwords, we have to be able to, I don't know, find out there something else.

Riana Pfefferkorn: That's actually one thing that that did happen at Stanford. And this did actually involve some of my students. And Tas was um, like I mentioned, every everybody at Stanford has their own startup. There were some students who created an app where you could anonymously make posts without having your name tied [00:19:00] to it. Okay. This kind of app keeps getting reinvented over and over again. And so they had launched this, uh, it was popular on college campuses, including Stanford. And so some of my students and Tas a couple of years ago said, well, we want to look for vulnerabilities, flaws in this app. And they figured out that it was actually possible to go in and both see who all the people were, who were their true identities, and change the postings that they were made. They disclosed what they had found to the kids who had made the app, only to get a cease and [00:19:30] desist threat letter from lawyers that their own classmates had hired to threaten to sue them. Um, and it took me and my co instructor helping to introduce them to some attorneys here in the Bay area who could represent them pro bono to get the lawyers for their own classmates to back off. And that annoyed me so much. I wrote an entire law review article. Um, because I just, I just despise seeing that, that you would prioritize trying to punish your own classmates again for responsibly [00:20:00] looking for and reporting to you vulnerabilities in the security and privacy of your own app. Yeah, over saying thank you, for example.

Greg Kyte: Right? Right, right. Thanks. Thanks for the free the free work you did for me, pal.

Riana Pfefferkorn: That's exactly right.

Caleb Newquist: So I want to, um, address one thing, and then we'll get more into, like, your work and cybersecurity. But when you emailed us, you mentioned we talked about Jeff Skilling in that wire fraud episode. [00:20:30] And one of the things that you brought to our attention was that or will you confirm for us is that Jeff Skilling was not convicted of wire fraud? And Jeff Skilling, for people listening who are not familiar, Jeff Skilling was the CEO of Enron. And Enron is a very famous fraud. And, uh, and Jeff Skilling went to jail for his role in that. And but he was convicted of something initially called honest services fraud. And I'm wondering if you can just, like, tell the story of that. [00:21:00] Uh, and, you know, in just a few minutes, if you can kind of cover that and what honest services fraud is.

Riana Pfefferkorn: Yeah.

Riana Pfefferkorn: Honest services fraud is fascinating because it is a type of basically public or private corruption that the law is trying to address. So originally, the mail and wire fraud statutes had been interpreted by the courts of appeals to include what's known as honest services fraud, which means you are depriving the public or somebody whom you owe a fiduciary [00:21:30] duty. If you are a private actor of the intangible right to your honest services. In traditional fraud, there is a mirror relationship between the fraudster and the victim. If I charge you $10 for some magic beans, then you are out $10 and I am enriched by $10 with honest services fraud. It's more of a triangle. So I may be a public official. I take a bribe and from somebody who knows full well that they are bribing [00:22:00] me and giving me money to do something corrupt, and the victim there is not the person who's giving me that bribe. It's the public to whom I owe this. You know this duty to give them my honest services. So in the Jeff Skilling case, he was originally charged with conspiracy to commit honest services fraud, where the idea was he had a fiduciary duty to the shareholders of Enron to render them his honest services. But he hadn't disclosed the financial [00:22:30] situation that Enron was in. He was collecting his salary, his bonus.

Riana Pfefferkorn: He sold quite a lot of stock at the inflated prices before the stock crashed. And so the government's theory was he had this undisclosed private conflict of interest and that was depriving shareholders of his honest services. And the Supreme Court said no, um, under the honest services fraud statute, which had been acted after in the 80s, uh, Congress had had to enact [00:23:00] it specifically because Supreme Court had said that traditionally mail fraud and wire fraud statutes didn't include that. Okay, Congress spun by enacting an honest services fraud specific statute. Um, in the skilling case, uh, fast forward to 2010, the Supreme Court said no. The honest services fraud statute only means bribes and kickbacks, those sorts of more traditional schemes. It doesn't include things that don't fit within those boxes. And so that part of his [00:23:30] conviction was vacated. Of course, he still went to prison for like a dozen years. And all the other counts he'd been brought up for. Um, there's actually sort of a Stanford link later on to that skilling case in that after the Supreme Court narrowed the ambit of honest services fraud. Um, you may recall the Varsity Blues scandal that happened a few years ago with all the parents, um, paying their way for their kids to get into Stanford among Aunt Becky schools.

Caleb Newquist: Aunt [00:24:00] Becky.

Riana Pfefferkorn: That's right. Yeah. Becky, I'm so disappointed. Um, and the first Circuit Court of Appeals, which is the federal appellate court that covers Boston, where all of these people were prosecuted, issued a ruling in 2023 saying that honest services fraud does not include paying a bunch of money to the university that is supposedly being deprived of the honest services of its corrupt employee, who is allowing students to basically [00:24:30] have their way paid to be on the sailing team. Um, the court said this you can't have a bribe. And where the bribe goes to the university that is supposedly being victimized like that doesn't make any sense, essentially. And so under the skilling ruling, that part of the the indictment against one of the few parents who fought back and went to trial, instead of pleading out that part, had to get dropped out of the out of that [00:25:00] prosecution. It was too late for a lot of the parents who had already pled out to charges, including the honest services, uh, conspiracy charge there. But nevertheless, it's an interesting echo. One of the things that I love to teach when I'm teaching wire fraud is the long and not so proud list of people associated with the Stanford community who have gone to prison for wire fraud, including, uh, Elizabeth Holmes for Theranos and then Sam Bankman-Fried, who was undergoing trial, uh, last [00:25:30] fall as I was teaching this class. So we know from wire fraud at Stanford, I guess.

Riana Pfefferkorn: Yeah.

Greg Kyte: Well, you know, nobody, nobody. It's really you've got an elite, an elite alumni. Uh, and so they're gonna if anybody's going to do it right, uh, including wire fraud, it's going to be it's gonna be Stanford alum.

Caleb Newquist: Uh, and I'll just mention that, um, you sent a meme to us with, I don't remember the I don't remember the movie, but Merrick Garland is like, I think his his his [00:26:00] face is on Marilyn Monroe's body, and it's it's supposed to be diamonds are a girl's best friend. But actually, wire fraud is a prosecutor's best friend. Like, that's the that's that's a very that's a very law. It feels like a very law school meme. But it is. It's it's still a very, uh, appropriate meme. Thanks.

Riana Pfefferkorn: Yeah. I wrote a whole, uh, take on the Elizabeth Holmes case. Uh, that wire fraud is a girl's best friend, which I will not sing for you here, but nevertheless, I have burned that image of Merrick Garland's face on Marilyn [00:26:30] Monroe's body into dozens of people's eyeballs at this point.

Caleb Newquist: Well done, well done.

Greg Kyte: Nice. So. So just to sum up the, uh, the honest services fraud. So it so basically, if somebody bribes somebody else and I get hurt, that's honest services fraud.

Riana Pfefferkorn: Right where you may are, maybe you are a member of the general public. If the person who's taking the bribe is a government official or you are the recipient of a fiduciary [00:27:00] duty to, you know, honestly render services to you, as with the shareholders of Enron.

Riana Pfefferkorn: Okay.

Greg Kyte: Well, but I thought that's what we just covered, though, is that the Supreme Court said, nope, that this the shareholder thing does not is not part of the umbrella of.

Riana Pfefferkorn: Well, if you're taking a.

Riana Pfefferkorn: Bribe or a kickback. Yes.

Riana Pfefferkorn: But here the.

Riana Pfefferkorn: Problem was that he had this undisclosed conflict of interest where he was, you know, in secret. He and the other folks like Ken Lay knew that the company was in trouble. They'd been inflating their financials, [00:27:30] inventing Mark to market accounting, and then playing around with that. As I'm sure you guys know, far more than I do. If he had taken a bribe from somebody to inflate those financials, etc., then the court said that that might have stuck, but they pointed out that there wasn't any third party involved in giving bribes, arranging a kickbacks here. It was purely this, this undisclosed self-interest. And that decision has since been criticized by commentators for [00:28:00] helping, along with other Supreme Court decisions, pave the way for a state of affairs in US law where undisclosed conflicts of interest are kind of business as usual, whereas we still have a fairly robust set of laws applies to foreign corruption. So bribing officials in other countries? Yeah, but we've seen a much narrower sense from the Supreme Court of what domestic corruption looks like. And. Especially with regards to private private actions.

Riana Pfefferkorn: Yeah.

Caleb Newquist: We [00:28:30] Greg, we we talk about this on the show a lot where it's a very fine line between. Two people acting in the ordinary course of business and bribery. Right. Like so. If I take you if I took you to the Nuggets Lakers game last night. Yeah. And we're in business together, that's perfectly fine. And those are probably relatively expensive tickets. And people are like, hey, that's great. That's people doing business together.

Greg Kyte: Wait, why are you talking courtside?

Caleb Newquist: Yeah, [00:29:00] courtside. Do I.

Greg Kyte: Get popcorn?

Caleb Newquist: You bet you do.

Greg Kyte: Still not a bribe. Still not a bribe. Unbelievable.

Caleb Newquist: But if we go out to the. If we go out to the ball arena parking lot, and I hand you a suitcase filled with cash so that I win your business.

Greg Kyte: Right. And it's the same amount of cash as those courtside seats. And the popcorn would have been. Yeah, right.

Caleb Newquist: Rihanna. I'm in the ballpark. Right? Like, this is, this is the kind of the awkward dance that we do in the American corruption is, is its own kind of flavor of of nuance. [00:29:30]

Riana Pfefferkorn: Yeah.

Riana Pfefferkorn: And this was what the Supreme Court was concerned with in the skilling case was there is a fundamental entitlement to due process in criminal court here. And there had been concerns based on how broadly the federal government had been charging on a services fraud was. Okay. Well, if if I work for the local government and I take off work for the afternoon to go to the ball game instead of doing my job, like, is that honest services fraud, right. The idea is that everybody [00:30:00] has to be on notice of what the law does, and does not forbid, so that you can conduct yourself accordingly, and likewise that law enforcement, those with charge, with enforcing the laws, have to know what the scope is so that you aren't going to be subject to really random or, uh, selective enforcement of the laws. And so the Supreme Court said, look like this doesn't people would not have been on notice that this is within the scope of [00:30:30] honest services fraud. And likewise with the Varsity Blues case, the First Circuit Court of Appeals said there would be no reason for these parents to think that giving a quote unquote, donation to the five different universities, whatever it was there, um, so that some employee would sneak their kid onto a sports team, why would you be on notice that that was honest services fraud. And so that was one of the reasons for striking down that [00:31:00] part of the the indictment there. Um, so, you know, I think there's a lot to critique about the trends in US law, but I think you guys are right on in saying everybody wants to know where the line gets crossed. And the the law says there should be a relatively bright line so that we aren't all living with this uncertainty of whether something you do is going to end up getting you put behind bars.

Caleb Newquist: Right. And that's it comes down really to just a question of fairness, right? Like, because in one situation, somebody [00:31:30] might get charged with a crime, in another situation they might not get charged with the crime.

Riana Pfefferkorn: Exactly. We want the law to treat everybody equally. That's still an aspirational dream, I think, especially for something like Varsity Blues, where it must be some of the most unsympathetic defendants. I was just going to say.

Caleb Newquist: Especially celebrities, we want to make sure our celebrities are being treated fairly in the court of law.

Riana Pfefferkorn: And Enron CEO and CEO.

Riana Pfefferkorn: Right.

Caleb Newquist: Absolutely, absolutely. For [00:32:00] sure.

Greg Kyte: Um, so, so with honest services because, uh, because that does seem then like it's really just it's a pile on charge because you basically already have to have proven corruption, uh, to be able to show that, that to be able to be exposed to an honest services charge, is that correct? Rihanna?

Riana Pfefferkorn: Well, it's.

Riana Pfefferkorn: Certainly one of a number of laws that federal prosecutors can use [00:32:30] to bulk up, um, an indictment. Um, and that was also the case with Jeff Skilling, like we talked about, even after getting rid of that particular theory, he got done for multiple counts of lying to auditors, for securities fraud, etc.. It wasn't that it, um, you know, was the make or break in terms of letting him be a free man. But yeah, with with any of these and with wire fraud in particular. And remember, honest services fraud is kind of a variety of wire mail fraud usually. [00:33:00] Um, wire fraud is a great thing for prosecutors to bring as kind of the workhorse of a lot of federal prosecutions, because as you guys discussed on the wire fraud episode, it can carry penalties of up to 20 years in prison. So it can add a lot more heft to an indictment and that can help obtain a plea deal. It can help get somebody to roll over and cooperate with the government. There's a lot of ways that, um, the more tools that are available to the government, the more they can try and, uh, get their way. You [00:33:30] know, to be quite honest, um, and for that reason, um, both as a workhorse for federal prosecutors and for having an expanded well beyond the original bounds of a law that, when it was enacted in the 50s, was supposed to just address, like false advertising on TV or over the radio, it's now expanded again to be so broad that there are critiques of how, uh, how the the use of this law has expanded well beyond what Congress ever contemplated, and that it's become [00:34:00] just another means of sending people to prison for longer in a country where, you know, we sure love sending people to prison for a much longer period of time than a lot of other countries do.

Caleb Newquist: Right? Yeah. And I mean, this is this is this is kind of irrelevant, but it's kind of happening. And Zach can probably cut all this out because it's going to get slightly political. But like in the case of the January 6th insurrectionists, they are being charged with obstruction of an official [00:34:30] proceeding under the Sarbanes-Oxley act. If and keep me honest, Rihanna. But like they're that's that's part of the statute that they're using to charge those folks. And some people have been convicted and there's a there was a court just heard before, uh, there was a case just heard before the Supreme Court challenging that premise because the idea was, well, Sarbanes-Oxley was enacted because there was a big hairy accounting fraud known as Enron and Worldcom and everything else. And it was mostly the idea was [00:35:00] that it was aimed at executives, uh, that were were that were, you know, carrying out these accounting frauds. But in this case, they're using it for an attempted coup. So it's it's just a very interesting it's a it's a novel use of the law. And I guess what the court's going to sort out is like whether or not they can do that.

Riana Pfefferkorn: Right. So I don't know a lot about Sarbanes-Oxley per se, but one of the things that wire fraud can get used for is if you have [00:35:30] something where you're going out on a limb with a much more novel application of some other charge. Yep. Uh, at least you've got wire fraud in most cases. Maybe not attacking the Capitol as a fallback, but yeah, I mean, you're absolutely right. This is kind of the dance that you always have between. This is why we have checks and balances, right? Is that the executive can try and push the envelope a bit with the interpretation of the laws that Congress passes, and then it can be up to the courts to say, well, let's let's rein that in a little bit. But, you know, you make the point that Matt Levine makes [00:36:00] a lot, which is that like everything is securities. That's right. Apparently even attacking the capital can be a Sarbanes-Oxley. Yeah. Violation.

Riana Pfefferkorn: Right, right.

Riana Pfefferkorn: You'd think that we have other laws that you would hope would be adequate to that.

Riana Pfefferkorn: And this is the right and this is with a lot of.

Riana Pfefferkorn: These, with a lot of these, um, prosecutions where maybe one theory gets struck down and, you know, the courts say you went too far with charging on this particular wild theory. But in so many of these cases, as we've been [00:36:30] discussing, there's a bunch of other charges and indictments. And so it's not that we don't have the tools available usually to hold people accountable for their actions. So there may not necessarily be any need to expand the boundaries of what Sarbanes-Oxley means, expand the boundaries of what the Pure Fraud and Abuse Act means. Where you see wire fraud charges didn't half the time with cfAa cases, too. We have an awful lot of criminal laws. There's usually one that prosecutors could probably find that's fit to purpose.

Greg Kyte: But but that's that's just that's just classic [00:37:00] American legal system. We know Al Capone went to jail for tax fraud, not for murdering all those people.

Caleb Newquist: So, Greg, should we. So maybe we can switch gears into cybersecurity a little bit since this is like Rihanna's that's like really her wheelhouse. So yeah, I guess my opening question for cybersecurity is that. How do you explain cybersecurity to, say, your grandmother or, you know, someone like, what is it that? And [00:37:30] it seems obvious sometimes, but I guess, like how do you try to like. I don't know, make it accessible for people to understand, like why it's important and how it works.

Riana Pfefferkorn: Yeah. Um, that's a great question. I think at this point, most people have computers and cell phones so embedded into their daily lives and have so much experience with getting spam phone calls or phishing emails or whatever, that it's relatively straightforward to tie it to people's everyday [00:38:00] experience now. And just to say that, like the way that we decide to tie every single part of our society in modern life to computers has maybe been a mistake in some ways, insofar as we didn't necessarily decide to secure all this computers super well, first, um, and we're trying to play catch up, where we have very complex systems that will then have emergent properties of there being some sort of flaw in them. Sometimes it's something really dumb, sometimes it's [00:38:30] stringing a bunch of different things together to create an opening that an adversarial attacker could make use of. And just trying to explain to people, you know, here are some ways that we can try and put pressure on the people who create and deploy these systems to do a better job, to try and hold accountable the people who exploit them. And what are the things that you and I could be doing? So, one of the things that I do is that I occasionally, uh, give talks in public on how to avoid online [00:39:00] or phone scams and how to spot those things.

Riana Pfefferkorn: Uh, precisely because, um, I have an uncle who has a PhD in computer science, but who is elderly now, has dementia, fell prey to a lot of these computer support scams, phone scams. I found so many like iTunes gift cards in his house. I've never even had the the guts to actually add up how much those were all worth. But it just goes to show that like one of the things that I impressed on my students, again, students at Stanford, they [00:39:30] get there because they're pretty bright. Nobody is too smart to fall for scams and frauds. I think that's a big lesson of all of your episodes as well. Is that a lot of the time you're talking about sophisticated investors or people who you might think as an outsider should know about it. But like all of us are vulnerable to being taken in. And that extends to the systems that we use and the people that we interact with online.

Greg Kyte: Yeah, absolutely. Do you [00:40:00] do you have a do you have a favorite cybersecurity case?

Riana Pfefferkorn: Oh, that's that's maybe not a favorite.

Greg Kyte: But like is there a go to that. You go, this is this is a or is cybersecurity too broad where it's like I'd have to I'd have to break it down. Like what's your favorite Trojan horse case? What's your favorite, uh, ransomware case. What's your favorite? Uh, you know, uh, USPS has a package and cannot be delivered because of an incomplete address. Please click this link case. [00:40:30]

Riana Pfefferkorn: I mean, you have.

Riana Pfefferkorn: All of these relatively recent prosecutions of some fairly young people because they hack into the Twitter accounts of extremely famous high profile people like President Obama or Elon Musk. And all they do with it is like post some dumb tweets or some, you know, crypto scam. And it's like, man, you could have you could have moved markets. Think about how big you could have thought if you were really going to go just swing for the fences. Yeah. In terms [00:41:00] of, you know, doing insider trading or what have you. And instead it's sometimes maybe to our societal benefit that there may be people who only do a little prank with the level of access that they manage to hack their way into.

Greg Kyte: Right? So that so basically your favorite cases are missed opportunity cases where it's like you could have done so much more damage. Why did you just post a yo mama joke on Elon Musk's Twitter handle? [00:41:30]

Riana Pfefferkorn: I'm not.

Riana Pfefferkorn: Mad. I'm just disappointed, right?

Greg Kyte: Oh, man.

Caleb Newquist: You're taking me back to my youth right there. Rihanna.

Greg Kyte: Right. Well, and then so with that, okay. And I and I know it wouldn't but but I am interested. Well I guess before I do want to talk, you mentioned white hat hackers when we first started. I want to I want to wrap back around to that because I got some questions there. But I guess before we get too far away from just cybersecurity itself, do you have any like, uh, like I'm always [00:42:00] looking for a fresh, uh, exciting new tip for like, how to protect yourself in terms of cyber security and stuff. Like, I'm looking for something we're not already bored with. Um, because, you know, like, uh, like, make sure you have a strong password or use multifactor authentication or something. And I'm saying we're bored with it, not saying that we're actually doing it, because that's the other thing. I'm also bored with dietary, you know, without how to eat. Well, I know what to do. I just don't do it. Same [00:42:30] with cybersecurity. I know a lot of stuff. I may not be doing it, but is there something novel, unique? Something? Than that you feel like is getting overlooked or isn't getting enough attention in the cybersecurity protection side of things?

Riana Pfefferkorn: I mean.

Riana Pfefferkorn: Unfortunately, like the basics of security, hygiene and basics of any hygiene, like using a password manager, you know, there's LastPass. Although they had a breach a couple of years ago. I use one password and it is such a time saver. You know it. It really does make a difference. If you can generate a strong, [00:43:00] unique password for each one of your accounts that you don't have to remember. And because you can keep more than just passwords in it, like one of the things that I can blow your mind with, maybe Greg, is that if you have all this security challenge questions like, you know, it was the color of your first car, most of the time that's a free text entry box. You can generate a strong, unique string of letters and numbers and symbols and put that in there, too. It doesn't have to be like the actual answer to like, your mother's maiden name or whatever. Okay? And that will also help out because, [00:43:30] you know, your mother's maiden name is information that may be floating around on the dark web. But if the answer to your security challenge question is just a string of gobbledygook, that is a lot harder to figure out.

Greg Kyte: That's a good point. I used to I used to answer all of those, uh, you know, it's like, what was your high school mascot? What was the what was the city you honeymooned in? I used to answer them all. Yes, because I figured hackers wouldn't guess yes to those. Uh, what.

Riana Pfefferkorn: Was your favorite prog rock band?

Greg Kyte: Yeah, yeah. Oh, that. [00:44:00] See, now that could.

Caleb Newquist: Oh, yeah. There you go.

Greg Kyte: Well. Well done. Well played. That's why. That's why she's a professor at Stanford, not at Utah Valley University. Because she can grab prog rock just at will.

Caleb Newquist: So a lot of what I think you study and teach and talk about like it. I mean, you're you're one of the white hats you're trying to help people understand. It's like how to work within the confines of the law, but also [00:44:30] how people can protect themselves. So countermeasures to fraud. And I guess what I'm wondering is because you think about this a lot and you and and you're just better informed than the vast majority of people. I'm just curious, do you think the bad guys are winning? Because sometimes when you watch the news, it feels like the bad guys are winning and that that we're all we're constantly susceptible. There's always another breach of some kind. There's. And [00:45:00] in a lot of ways, I think regular people have probably feel kind of hopeless. They just think there's some kind of inevitability to cybercrime. And I'm just curious if if you're optimistic about the technology that is being built that protects regular people or if you're kind of like, yeah, no, there's lots of work to do. I'm just. Yeah. So what your take is on that. Yeah, I.

Riana Pfefferkorn: Think.

Riana Pfefferkorn: We've, we've seen a concession from federal prosecutors who've said, like, look, we're never going to arrest and indict our way out [00:45:30] of the problem of cyber attacks and breaches. And so we've seen a lot more interest in recent years, really, throughout a lot of state and federal regulators, as well as renewed interest within the executive branch itself in trying to force the people who make these systems to do a better job and subject them to greater liability if they do a shoddy job with regard to poor data security, with regard to data breaches, with regard to getting hacked over something [00:46:00] that you should have patched already, you know, years ago. Um, one of the things that I think surprises people about software is that we don't have traditional products. Liability for software the way that we do for if your tire on your car blows up and so it comes around every so often, should we be changing that to open up shoddy software to greater liability? And, um, there's actually a part of the law I've been talking about, the Pure Fraud and Abuse Act that expressly says you can't use this as a vehicle for suing [00:46:30] software manufacturers for negligent design of their software. Um, but this is a moment right now where we're seeing renewed interest in greater accountability for the makers of software and computer systems and hardware in order to bring it more in line with great, more long standing traditions of products liability. But we've seen so many different regulators that can have something to say. If you do have a terrible data security regime that the if you're a publicly [00:47:00] traded company, the SEC is going to get involved.

Riana Pfefferkorn: Uh, if you unless you're like a nonprofit, the Federal Trade Commission is going to get involved because they now see privacy and data security as part of their consumer protection mission. Um, the New York Department of Financial Services has been very active in, uh, cybersecurity regulation. And the federal government is calling for just doing a better job of basics, um, so that you're not just trying to punish people after the fact for poor data security, for data breaches, but [00:47:30] insisting on doing a better job up front of building these systems, because the more secure the system is up front, the fewer gaps there are for attackers to to wriggle through. Because we've acknowledged, yeah, there may always be some gaps, but you don't have to make it quite so easy, and we're not going to be able to get all the Russian and Chinese and North Korean government affiliated hackers together in a courtroom to send them to prison. That's never going to happen. Not going to happen. So we better be imposing some greater price [00:48:00] for doing a bad job in the first place. One of the other ways that the federal government has done this is by using their own purchasing power, because they are, you know, a significant purchaser of goods and services themselves. They can do things like a few years ago saying, we're going to insist on minimum security for all Internet of Things connected devices that the that the federal government buys. And then that's supposed to have a trickle down effect of saying, okay, let's make it so we don't have another botnet made up of light bulbs that for some reason have to be internet connected.

Riana Pfefferkorn: Yeah, right. [00:48:30]

Caleb Newquist: So if I hear you right, we kind of need like a 21st century Ralph Nader, somebody who basically is super visible and calls attention to, like, this particular issue and kind of puts pressure on those organizations so that they are, as you say, don't, just so that they can be held responsible or that they are kind of not self-regulating, but like that they build safer products. I mean, in Nader's case, he was talking about automobiles way back in the day. And nowadays we need people to like to really [00:49:00] kind of hold tech companies feet to the fire so that they build software that's that's more secure.

Riana Pfefferkorn: I think that's that's certainly right. We've seen, you know, Lina Khan has been out there in front of the FTC doing this. I don't know that we have a 21st century Ralph Nader yet. It might just be Ralph Nader. He's still.

Riana Pfefferkorn: Around.

Riana Pfefferkorn: Reviewing felt pens for the New York Times or something. Um, but, you know, I think it's it's also it's a, it's a market thing where, you know, you and I can just say, like, [00:49:30] we can treat data security as a differentiator in terms of product selection. And instead of just leaving to the federal government to use its own power, um, and use mechanisms for accountability, like if everything is securities fraud and it's really, you know. Shareholders who are the real victims of any data security attack, then? That's also been a mechanism for trying to reform, at least for public companies, what their data security practices are.

Caleb Newquist: Plaintiff. Plaintiff litigators, I think, [00:50:00] are underrated as far as innovation goes. Like that seems to be something that there's no shortage of creativity happening there.

Riana Pfefferkorn: As a former defense side litigator, I will say that plaintiff's side creativity is definitely one of the things that I won't say we appreciate exactly, but that we understand and see quite a lot of. Yes. Yeah.

Greg Kyte: Um, so, so in terms of just to this is, like I said, [00:50:30] top of the show, you mentioned white hat hackers. And if I just just to make sure I understand what what you meant by that because that's the term I'm not I mean, I think it can figure it out, but I'm not particularly familiar with. But is that just like hacker like people who have these vast computer skills and these hacking skills who end up becoming like, uh, vigilante justice, uh, you know, they're the Batman. The Batman and women of the, uh, of the internet who were saying, this is wrong, [00:51:00] and I'm going to use my hacking skills to punish bad guys.

Riana Pfefferkorn: Well, it's the people.

Riana Pfefferkorn: Who are trying to use their hacking skills to make the state of security better, rather than exploiting the vulnerabilities they find. They're doing things like my own students have done and, uh, looking for vulnerabilities instead of monetizing them for their own gain, responsibly disclosing them to the vendor, or maybe to a government agency to say, hey, I found this flaw. It could really be harmful if you know, somebody with more malicious intent were to find it. [00:51:30] Gotcha. And, um, responsibly disclosing those so that vendors can patch them. We now have a system where there are bug bounties that you can get paid out, and some people make their whole living off of, uh, earning those for the flaws that they find in report. Okay. Um, and that just helps to make it harder for the malicious hackers to exploit the vulnerabilities that exist. Um, and so one of the things that I do that I'm interested in is trying to make the world safer [00:52:00] for the people who are trying to help, including through, um, important steps, like when the Supreme Court, like I said, reined in the scope of the Computer Fraud and Abuse Act. That was important because, um, terms of service can often include forbidding the kinds of things that somebody who's trying to test a system for vulnerabilities in order to report them might look for. But you don't want to have the sort of system that we long had where the people who were finding vulnerabilities would often be scared that if they reported them, that they might [00:52:30] end up getting in trouble. Um, getting sued, getting prosecuted. Even to this day, we see news stories, especially at the state level, where, uh, people who responsibly report vulnerabilities that they stumble across or that they find intentionally still to this day can get threatened with being sued, even though the federal government has now backed off and said, you know, we recognize that good faith security research is something that we should be encouraging rather than discouraging, and we will back off from threatening to prosecute [00:53:00] people under the CFR for that kind of work.

Greg Kyte: So but bug bounties, you mentioned that that's basically a modern day version of the Robert Redford movie sneakers from 1992. Is that more or less correct?

Riana Pfefferkorn: Well, we we show.

Riana Pfefferkorn: Clips from that in class because at least my co instructor thinks that it is just about the best hacker movie ever made. It is it's a great classic. And yeah. Bug. Yeah, bug bounties are a way of trying to pay people to [00:53:30] compensate them for doing the right thing. Right. When you could sell a vulnerability on the black market, potentially for a lot of money, there should be some way of saying, well, if we want people to get more than just the feeling of, you know, being a Boy Scout and getting a gold star, make sure that they have a financial incentive to disclose vulnerabilities to us instead of to somebody else who will use it for for ill. Um, and so that's a, that's a way of not just saying, okay, not only are we not going to sue you or call the cops on you, we're [00:54:00] also going to pay you, uh, for having told us about this.

Caleb Newquist: America is still America.

Riana Pfefferkorn: Is America is still America, you know, and this is the thing when we when we look at proposals for how to protect good faith security researchers, I've seen a lot of debate over. Okay, well, what exactly how do we define that over what I've said seems to be a fear of sending too few people to jail. Like, well, what if some bad faith guys cloak themselves as being, you know, good faith researchers who are trying to do good? And [00:54:30] it's like, okay, only in America would be afraid that people are going to misuse this system, you know, and, and we might end up sending fewer people to jail than we otherwise might see.

Greg Kyte: And that's that's the next big blockbuster movie. Then it's called like, Evil Sneakers, where they do that. And flip it all around that I'd be into that.

Riana Pfefferkorn: There's plenty of those. I'll look forward to seeing the Sandra Bullock vehicle for that, you know, hopefully in the next year.

Caleb Newquist: So what? So what's next for your work? I'm curious. Like, what should we look, uh, [00:55:00] what should we look for? Uh, coming from you, uh, in terms of either your research or your writing or. Yeah. What's what's next for you?

Riana Pfefferkorn: You know, it's a pleasure to come on this podcast and talk about merely like the Enron scandal that ruined a bunch of people's retirement savings, because for the last year and a half, basically everything I've been working on has related to child safety, which is just, you know, a real bucket of chuckles right there. Um, so most recently, um, just a week ago, a group of my coworkers and I put out a big report about how [00:55:30] to improve the federal system by which tech companies report child abuse on their systems, uh, to, uh, a nonprofit that then hands those reports off to law enforcement. Um, that's the product of months and months of work and dozens of interviews that we've been conducting. So it has nothing to do necessarily with fraud, per se. Uh, but it's something that had been a long time in the making. It's been, uh, well covered in the media, and we've gotten lots of acclaim for it. I'm very proud of it. Um, and yeah, in case people are tired of being fascinated [00:56:00] by frauds and scams and the kind of delightful rascals and rapscallions that tend to populate a lot of your stories, you can go read about something incredibly grim in the context of, uh, the abuse of children.

Greg Kyte: Right? If you're if everything's just going great and you're feeling good today and you want to stop that right now, go check out Rihanna's most recent, uh, publications, that'll really real, real big downer.

Riana Pfefferkorn: Io dot stanford.edu. That's where you can find it.

Greg Kyte: If you wonder why [00:56:30] you're taking your antidepressants, uh, just go ahead and read Rihanna's most recent publications, and then you'll you'll remember why I'm.

Riana Pfefferkorn: A hit at parties.

Caleb Newquist: Oh, man. Uh, well, this is.

Greg Kyte: This has been a great interview. We have, we've we've touched on a movie from 1983. We've touched on a movie from 1992. Rihanna. Most people just know you from your music and Super Bowl halftime shows and had no idea your last name was Pfefferkorn, [00:57:00] or that you had so much more depth to you in terms of cybersecurity, honest services fraud. Uh, and, and, and, you know, teaching law in general. So this has been this has been amazing eye opener for me and I think for Caleb. And and I'm going to speak for all of our listeners as well.

Riana Pfefferkorn: Thanks very much.

Caleb Newquist: All right. That was great. Greg Rihanna. Very impressive. I, I, I don't know what else to say other than, [00:57:30] um, I feel like I got a little smarter.

Greg Kyte: Yeah. It's it definitely felt like she has been talking to lots of people about these topics for possibly up to ten years, and she knew she knew what she was. It was yeah, she's obviously brilliant. She's obviously an excellent communicator. And it's so cool that she took some time out of her schedule to, to, uh, drop some of that knowledge on you and me and our listeners.

Caleb Newquist: So we had all that. We had all that, [00:58:00] like, good brain food coming at us. Did we did we take in any of it in did we learn anything?

Greg Kyte: Oh, so much. I, I had so many awesome takeaways from that conversation. I learned that it was possible to extend a one year internship into a ten year internship. I learned that bug bounties are not necessarily how the men in black get paid. I learned that if you're a Stanford student and you don't have a startup, you're a fucking loser. Uh, apparently the kids with startups drop out, but [00:58:30] the students without startups should get kicked out, in my opinion. I also learned that a Stanford lecturer who grew up in the 1990s could be familiar just to pull a 1970s prog rock reference right out of thin air. Yeah, so lots of lots of actionable takeaways. I'm going to.

Caleb Newquist: Say. Yeah, absolutely. Uh, let's see, what did I learn? Oh, the the, uh, she kind of closed the loop for us on something right near the beginning when we when we were talking about the wire fraud episode, [00:59:00] she, she clarified that the the the use of the wire write in wire fraud, all it has to do is further it. All it has to do is basically advance the fraud. It doesn't have to include the misrepresentation or anything like that. It could just be me, uh, emailing you Greg. I'd be like, hey, Greg, good day today. Right. And like if, if that was code for, you know, it's like, hey, we're frauding this thing, right? And it would be. And. Yeah. Or if [00:59:30] I.

Greg Kyte: If I email you a if I send you a Google Calendar invite that says, uh, it says fraud today, then that's then boom. Yeah.

Caleb Newquist: Wire fraud. We did. Yeah. Yeah. So I feel like and I mean I if I, if I do say so ourselves what how do what what's that expression if I do.

Greg Kyte: Say if I do say so myself, I do.

Caleb Newquist: Say so myself.

Greg Kyte: I don't think we usually use that in the, the plural. What, the second person. All right. Yeah.

Caleb Newquist: Anyway, it sounds, [01:00:00] uh, it sounds like she validated our wire fraud episode, so I felt good about that.

Greg Kyte: Yeah. For sure. Well, that's it for this episode. And remember, the Stanford Internet Observatory is a place where you can watch Elizabeth Holmes and Sam Bankman-Fried implode.

Caleb Newquist: And also remember, Jeff Skilling's naked self-interest wasn't honest services fraud. It was just the plain old American way.

Greg Kyte: If you want to drop us a line, send us an email at omai. Fraud at earmarked. Com. Caleb, if [01:00:30] people want to get a hold of you, where can they find you? Out there in the internet and society.

Caleb Newquist: They can observe me at LinkedIn. My full name Caleb Newquist Greg. Where can you be observed on the internet?

Greg Kyte: Same place. Uh, LinkedIn is the best thing to to do it. Uh, my my profile is just Greg Kyte, CPA.

Caleb Newquist: Bald beard, glasses.

Greg Kyte: That's me.

Caleb Newquist: Oh, my fraud is written by Greg Kyte and myself. Our producer is Zach Franc. Rate [01:01:00] review and subscribe to the show wherever you listen to podcasts. If you listen on earmark, you can get free CPE. So you're welcome. Join us next time for more ever swindlers and scams from stories that will make you say oh my fraud.

More episodes

Chapters

Creators & Guests

What is Oh My Fraud?