Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.
She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.
In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.
She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.
Online Security and Privacy
1996 Doctor of Science, Engineering and Policy, Washington University
1996 MS, Computer Science, Washington University
1993 MS, Technology and Human Affairs, Washington University
1992 BS, Engineering and Public Policy, Washington University
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- authentication and passwords
- censorship resistance and measurement
- data security and privacy
- elections security
- information and communication technology (ICT)
- Internet of Things (IoT)
- IoT security and privacy
- mobile and app security and privacy
- privacy engineering
- privacy enhancing technologies
- risk analysis
- security and privacy economics
- security education, awareness, and training
- security policy and regulation
- social networks security and privacy
- Usability and human behavior
- usable privacy and security
IoT labels will help consumers figure out which devices are spying on them
A team of CyLab researchers have developed a prototype security and privacy “nutrition label” that performed well in user tests. To develop the label, the team consulted with a diverse group of 22 security and privacy experts across industry, government, and academia.
Cranor on password managers
CyLab Director Lorrie Cranor discussed the importance of password managers in a WIRED article. Password managers keep track of all your passwords for different accounts and help identify weak and easily broken passwords. Cranor explains that many people don’t follow all the rules for creating strong passwords and often reuse them, putting multiple accounts at risk.
Cranor on phishing
CyLab Director Lorrie Cranor discussed increased cybercriminal activity during the COVID-19 pandemic with WBUR, specifically phishing, which occurs when a scammer sends an email that appears to come from a legitimate source. Cranor advises people to check email addresses carefully and to be vigilant with giving out their personal information.
Passwords research group awarded the 2020 Allen Newell Award for Research Excellence
A group of CyLab faculty and graduate students were just awarded the Allen Newell Award for Research Excellence for their contributions from a decade of passwords research.
Cranor on increased scams during COVID-19
CyLab Director Lorrie Cranor was interviewed by TODAY about “sextortion” scams that contact people to tell them they have been recorded looking at pornography and demand money or cryptocurrency. Cranor said that many people are subject to scams even if they have never visited any specific sites, and that scammers often don’t have any blackmail fodder.
Cranor on contact tracing apps
CyLab Director Lorrie Cranor was quoted in a Pittsburgh Post-Gazette article about the development of contact tracing apps tracking the spread of COVID-19, and the potential issue of privacy. Cranor argues that data may reveal perfectly legitimate activities that people may just not want to share. She also says that tech companies have the power to do what they want unless they are challenged by the government or public.
Cranor on usability in security
CyLab director Lorrie Cranor was interviewed by Dark Reading for an article about user experience and usability in security. “Many vendors do not take usability seriously enough,” said Cranor. “Their expertise is on the back-end security components, and they either ignore the user experience or address it only after the product is mostly developed.”
Cranor quoted on data privacy
CyLab/EPP’s Lorrie Cranor was quoted on data privacy in the Morning Consult.
Cranor quoted on data privacy
CyLab Head Lorrie Cranor was quoted in Consumer Reports on the use of data and privacy.
Q&A with Lorrie Cranor
As COVID-19 continues to spread around the world, CyLab director Lorrie Cranor says there are number issues related to privacy and cybersecurity that people need to be aware of.
CMU’s big showing at RSA 2020
The Human Element” was the theme of this year’s RSA Conference in San Francisco, which featured CyLab Director Lorrie Cranor talking about usable security research as a warm-up act for magician duo Penn & Teller.