Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.
She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.
In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.
She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.
Online Security and Privacy
1996 Doctor of Science, Engineering and Policy, Washington University
1996 MS, Computer Science, Washington University
1993 MS, Technology and Human Affairs, Washington University
1992 BS, Engineering and Public Policy, Washington University
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- authentication and passwords
- censorship resistance and measurement
- data security and privacy
- elections security
- information and communication technology (ICT)
- Internet of Things (IoT)
- IoT security and privacy
- mobile and app security and privacy
- privacy engineering
- privacy enhancing technologies
- risk analysis
- security and privacy economics
- security education, awareness, and training
- security policy and regulation
- social networks security and privacy
- Usability and human behavior
- usable privacy and security
Cranor quoted on password security
CyLab Director Lorrie Cranor was quoted on CNET on CyLab’s password strength meter that gives suggestions to help users create more secure passwords.
Cranor quoted on online passwords
CyLab Director Lorrie Cranor was quoted on Yahoo on keeping online accounts secure with passwords.
Cranor quoted on Internet cookies
California voters approved a privacy-oriented ballot measure in November that creates an incentive for companies to stop pestering Internet users about data-tracking cookies. The cookie pop-ups aren’t limited to Californians’ web browsers, something CyLab Director Lorrie Cranor noticed from personal internet use in Pittsburgh.
Cranor quoted about privacy and security for nonexperts
In the spring, hackers managed to insert malicious code into a software product from an IT provider whose client list includes 300,000 institutions. The breach has highlighted a weakness shared by large institutions and individuals, and countless breaches like it have many feeling helpless. “There definitely is a sense of resignation,” CyLab Director Lorrie Cranor told Bloomberg.
Cranor quoted on privacy labels
Apple unveiled new privacy labels in its App Store, which give consumers a detailed look at what personal information apps are collecting and how that data is used. CyLab Director Lorrie Cranor, who has led an effort to build a prototype privacy and security nutrition label for IoT devices, says that such “labels enable consumers to choose products, in this case apps, taking privacy into account.”
Cranor quoted on privacy
CyLab Director Lorrie Cranor was quoted in WIRED on Apple’s app privacy labels.
CyLab Security and Privacy Institute
CyLab researchers design privacy icon to be used by California law
The state of California has proposed an official icon to include next to opt-out text—a blue stylized toggle icon developed by researchers from Carnegie Mellon University’s CyLab and the University of Michigan’s School of Information. Users may begin seeing the new stylized icon at the bottom of websites’ footers early next year.
The Wall Street Journal
Cranor mentioned on security and privacy
CyLab Director Lorrie Cranor was mentioned in The Wall Street Journal on a cybersecurity “nutrition label.”
Cranor quoted on password managers
CyLab Director Lorrie Cranor was quoted on Yahoo on the benefits of using a password manager.
Lorrie Cranor named AAAS Fellow
Lorrie Cranor has been named a Fellow of the American Association for the Advancement of Science (AAAS) for her contributions to usable privacy and security research, policy, and education.
Cranor quoted on online scams
CyLab Director Lorrie Cranor was quoted on Yahoo on holiday scams.
CyLab Security and Privacy Institute
CMU launches new privacy engineering options
CMU is offering two flexible options for privacy engineering education and training: a part-time privacy engineering master's degree, and a privacy engineering certificate.