Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.

She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.

In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.

She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.

2107 Collaborative Innovation Center
Google Scholar
Lorrie Cranor
Lorrie Cranor's website

Improving Transparency for Online Privacy

Online Security and Privacy


1996 Doctor of Science, Engineering and Policy, Washington University

1996 MS, Computer Science, Washington University

1993 MS, Technology and Human Affairs, Washington University

1992 BS, Engineering and Public Policy, Washington University


Media mentions

CyLab Security and Privacy Institute

CyLab faculty, students to present at the 32nd USENIX Security Symposium

Carnegie Mellon faculty and students will present on a wide range of topics at the 32nd USENIX Security Symposium. Held in Anaheim, CA, on August 9-11, the event brings together experts from around the world, who will highlight the latest advances in the security and privacy of computer systems and networks.

Washington Post

Cranor quoted on IoT 'nutrition' labels

CyLab Director and University Professor Lorrie Cranor shared her thoughts on the future of IoT security and privacy labels.

CyLab Security and Privacy Institute

CyLab presents at White House's launch of new Cyber Trust mark

Carnegie Mellon's CyLab Security and Privacy Institute met with government officials and technology industry leaders, as the White House launched its new Cyber Trust mark. Associate Professor Yuvraj Agarwal represented CMU at the event, sharing key findings from CyLab’s five plus years of IoT security and privacy label research.


Faculty, alumna receive “Test of Time” awards

ECE’s Lujo Bauer, EPP/ECE’s Nicolas Christin, EPP/ECE’s Lorrie Cranor, and ECE's Bryan Parno received the “Test of Time” award at the Institute of Electrical and Electronics Engineer’s 44th Symposium on Security and Privacy.

CyLab Security and Privacy Institute

CyLab faculty earn two ‘Test of Time’ awards at IEEE Symposium on Security and Privacy

The Institute of Electrical and Electronics Engineers (IEEE) awarded two ‘Test of Time’ awards during its 44th Symposium on Security and Privacy, both going to papers co-authored by CyLab faculty members.

CyLab Security and Privacy Institute

Less is not more; Mapping a better route to user ad settings

For users looking to change their privacy settings on websites like Facebook, it often feels like a scavenger hunt. Now, researchers from Carnegie Mellon and the University of Michigan are exploring design options to make settings related to advertising preferences more findable.

CyLab Security and Privacy Institute

Cookie consent banners need improvement, may not be the answer

Over the past several years, websites have begun implementing cookie consent banners to meet regulatory requirements, allowing users to make choices about how their personal information is collected and shared. However, CyLab researchers say many of these banners miss the mark and may not be the best way to offer users privacy options.

Carnegie Mellon University

Three Engineering faculty named University Professors

Three College of Engineering faculty members have been elevated to the rank of University Professor, the highest distinction a faculty member can receive at Carnegie Mellon: CEE Head Burcu Akinci, CyLab Director Lorrie Faith Cranor, and CEE’s Greg Lowry.

CyLab Security and Privacy Institute

CyLab researchers to present at ACM CHI 2023

CyLab Security and Privacy Institute researchers are set to present seven papers at the upcoming ACM CHI 2023 (Conference on Human Factors in Computing Systems).

CyLab Security and Privacy Institute

CyLab icon connects users with online privacy choices

Have you noticed the new icon popping up on websites across the Internet? Thanks to researchers at Carnegie Mellon’s CyLab Security and Privacy Institute, the University of Michigan, and Fordham University, users can now easily make choices about how websites use their personal information, all in one convenient spot.

Wall Street Journal

Cranor quoted on why forced password resets are actually making accounts less secure

CyLab Director Lorrie Cranor spoke with the Wall Street Journal to explain why forced password resets are actually making accounts less secure. She notes the need for well-designed security systems.

Ars Technica

Cranor discusses Twitter’s two-factor authentication changes

CyLab Director Lorrie Cranor discusses Twitter changing its two-factor authentication policy.