Directory

Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.

She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.

In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.

She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.

Office
2107 Collaborative Innovation Center
Phone
412.268.7534
Email
lorrie@cs.cmu.edu
Google Scholar
Lorrie Cranor
Websites
Lorrie Cranor's website

Online Security and Privacy

Education

1996 Doctor of Science, Engineering and Policy, Washington University

1996 MS, Computer Science, Washington University

1993 MS, Technology and Human Affairs, Washington University

1992 BS, Engineering and Public Policy, Washington University

Affiliations

Media mentions


Lifehacker

Privacy policy guide references Cranor-McDonald study

A recent Lifehacker article on skimming privacy policies references a study by CyLab’s Lorrie Cranor and Aleecia McDonald, published in 2008, which estimates that, at the time, it would take 76 work days to read through all the privacy policies encountered in a year.

CMU Engineering

Why people (don’t) use password managers effectively

A recent study by a team of CyLab researchers, including Pearman, provides some insight into how ineffectively people may be using password managers, potentially nullifying the benefits the managers are meant to provide.

CMU Engineering

Opting out of data use is hard, but it doesn’t have to be

A recent study by researchers from Carnegie Mellon University and the University of Michigan found that while many websites share users' browsing data with advertisers, it is difficult for users to figure out how to prevent this practice.

TIME

Cranor on FaceApp security and privacy

CyLab Director Lorrie Cranor spoke with TIME about security and privacy of the recent FaceApp Challenge, which has led to photos being shared on social media of people as the older version of themselves. However, the challenge has also led to privacy concerns due to the photo access.

CMU Engineering

Security and privacy need to be easy

In 2005, Carnegie Mellon hosted a first-of-its-kind conference that brought together researchers from dozens of universities and companies around the world with one mission: make privacy and security tools easier to use. That conference, the Symposium On Usable Privacy and Security (SOUPS), is holding its 15th annual meeting next month. SOUPS, as well as the entire usable privacy and security field, have deep roots at CMU.

CNET

Cranor on Sony’s robot dog Aibo

CyLab Director Lorrie Cranor was interviewed by CNET about Sony’s robot dog Aibo and the product’s access to users’ personal data. According to Sony’s privacy policy, it may share “non-personal” and hashed/de-identified data with third parties. However, Cranor says this data can still be used as identifiers.

Cranor discusses CyLab and cybersecurity with PBT

In an interview with Pittsburgh Business Times, CyLab Director Lorrie Cranor discussed security and privacy of Internet of Things (IoT) devices. “There is a growing number of IoT devices that are everywhere in the home environment, but also in businesses and in cities,” said Cranor. “The problem is that a lot of them are fairly low cost devices and not enough effort has been put into making sure that they are actually secured.” Aside from IoT devices, CyLab has also been involved in privacy policies, artificial intelligence, and anti-phishing research, as well as outreach projects.

The Wall Street Journal

Cranor expresses concerns about tools that monitor children online

Although parental monitoring tools ask for children’s passwords to keep them from encountering troubles online, CyLab Director Lorrie Cranor says that any service provider that asks for passwords is fundamentally insecure.

The Washington Post

Cranor comments on British spy agency proposal to access encrypted messages

CyLab Director Lorrie Cranor has signed an open letter to Britain’s Government Communications Headquarters (GCHQ) to condemn their proposal that would allow law enforcement to spy on encrypted messages.

CMU Engineering

BUYER UNAWARE: Security and privacy rarely considered before buying IoT devices

In a study presented at the ACM CHI conference in Glasgow earlier this month, researchers from Carnegie Mellon University’s CyLab found that security and privacy risks may not be on the list of considerations when consumers purchase new IoT devices.

SC Magazine

Cranor quoted on the future of privacy

CyLab Director Lorrie Cranor was quoted in a recent article discussing the future of privacy, specifically how much access companies can have to personal information and how long they can retain it.

CMU Engineering

First round of Secure and Private IoT Initiative funded projects announced

CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has broken ground as the first round of funded proposals have been announced. Twelve selected projects will be funded for one year, and results will be presented at the IoT@CyLab annual summit next year.