Lorrie Faith Cranor is the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. In 2016 she served as chief technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company.
She has authored more than 150 research papers on online privacy, usable security, and other topics. Cranor played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals.
Cranor was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. She was named an ACM Fellow for her contributions to usable privacy and security research and education, and an IEEE Fellow for her contributions to privacy engineering. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a Ph.D. in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, and runs after her three children.
Online Security and Privacy
1996 Doctor of Science, Engineering and Public Policy, Washington University
1996 MS, St. Louis, MO, Computer Science
1993 MS, Technology and Human Affairs, Washington University
1992 BS, Engineering and Public Policy, Washington University
- access control and authorization
- AI and ML for security
- Applications of security and privacy
- authentication and passwords
- censorship resistance and measurement
- data security and privacy
- elections security
- information and communication technology (ICT)
- Internet of Things (IoT)
- IoT security and privacy
- ML and AI
- mobile and app security and privacy
- network security
- privacy engineering
- privacy enhancing technologies
- risk analysis
- secure systems
- security and privacy economics
- security education, awareness, and training
- security policy and regulation
- social networks security and privacy
- software security
- systems security
- Usability and human behavior
- usable privacy and security
Cranor on Sony’s robot dog Aibo
Cranor discusses CyLab and cybersecurity with PBT
In an interview with Pittsburgh Business Times, CyLab Director Lorrie Cranor discussed security and privacy of Internet of Things (IoT) devices. “There is a growing number of IoT devices that are everywhere in the home environment, but also in businesses and in cities,” said Cranor. “The problem is that a lot of them are fairly low cost devices and not enough effort has been put into making sure that they are actually secured.” Aside from IoT devices, CyLab has also been involved in privacy policies, artificial intelligence, and anti-phishing research, as well as outreach projects.
The Wall Street Journal
Cranor expresses concerns about tools that monitor children online
Although parental monitoring tools ask for children’s passwords to keep them from encountering troubles online, CyLab Director Lorrie Cranor says that any service provider that asks for passwords is fundamentally insecure.
The Washington Post
Cranor comments on British spy agency proposal to access encrypted messages
CyLab Director Lorrie Cranor has signed an open letter to Britain’s Government Communications Headquarters (GCHQ) to condemn their proposal that would allow law enforcement to spy on encrypted messages.
BUYER UNAWARE: Security and privacy rarely considered before buying IoT devices
In a study presented at the ACM CHI conference in Glasgow earlier this month, researchers from Carnegie Mellon University’s CyLab found that security and privacy risks may not be on the list of considerations when consumers purchase new IoT devices.
Cranor quoted on the future of privacy
CyLab Director Lorrie Cranor was quoted in a recent article discussing the future of privacy, specifically how much access companies can have to personal information and how long they can retain it.
First round of Secure and Private IoT Initiative funded projects announced
CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has broken ground as the first round of funded proposals have been announced. Twelve selected projects will be funded for one year, and results will be presented at the IoT@CyLab annual summit next year.
Cranor named Andrew Carnegie Fellow
CyLab Director Lorrie Cranor has been named to the 2019 Class of Andrew Carnegie Fellows by the Carnegie Corporation of New York.
Lorrie Cranor, Brian Kovak Named Andrew Carnegie Fellows
Carnegie Mellon University faculty members Lorrie Cranor and Brian K. Kovak have been named to the 2019 Class of Andrew Carnegie Fellows by the Carnegie Corporation of New York, a philanthropic foundation that has supported the advancement of education and knowledge for more than a century.
Cranor speaks at WiCyS Conference
CyLab Director Lorrie Cranor was among a collection of prominent names in cybersecurity speaking before over 1,300 attendees at last month’s Women in Cybersecurity (WiCyS) Conference. The conference provided opportunities for networking and encouraged continued growth in the number of women represented in cybersecurity, which has risen from 11% of the workforce five years ago to 20% today.
CMU women shine at Women in Cybersecurity Conference
Women make up about one-fifth of the national cybersecurity workforce. That statistic, coupled with Carnegie Mellon's accelerating number of women working in the field, may help explain why the annual Women in Cybersecurity (WiCyS) conference was hosted by Carnegie Mellon University last month.