Carnegie Mellon University
College of Engineering  ›  Engineering and Public Policy  ›  People  ›  Faculty  ›  Lorrie Faith Cranor

Lorrie Faith Cranor

Lorrie Faith Cranor

FORE Systems Professor
Engineering & Public Policy, and School of Computer Science
Director and Bosch Distinguished Professor in Security and Privacy Technologies, CyLab Usable Privacy and Security Laboratory
Co-director, MSIT-Privacy Engineering Masters Program

Address
CyLab Usable Privacy and Security Laboratory
Carnegie Mellon University
5000 Forbes Avenue
Pittsburgh, PA 15213

Bio

  • Professor, Carnegie Mellon, 2014-present
  • Chief Technologist, US Federal Trade Commission, 2016
  • Associate Professor, Carnegie Mellon, 2008-2014
  • Associate Research Professor, Carnegie Mellon 2003-2008
  • Adjunct Assistant Professor of Information Systems, New York University Stern School of Business, 2003
  • Principal Technical Staff Member, AT&T Labs-Research 2001-2003
  • Senior Technical Staff Member, AT&T Labs-Research 1996-2001

Lorrie Faith Cranor is a Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company. She has authored over 150 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier FoundationBoard of Directors, and on the editorial boards of several journals. In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was named an ACM Fellow for her contributions to usable privacy and security research and education, and an IEEE Fellow for her contributions to privacy engineering. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, and runs after her three children.

Assistant: Jamie Scanlon, (412) 268-6415, jlscanlo@andrew.cmu.edu

Education

  • B.S. (Engineering and Public Policy) 1992, Washington University in St. Louis
  • M.S. (Technology and Human Affairs) 1993, Washington University in St. Louis
  • M.S. (Computer Science) 1996, Washington University in St. Louis M
  • D.Sc. (Engineering and Policy) 1996, Washington University in St. Louis

Research

My research focuses on usable privacy and security. My current projects fall into several overlapping areas: privacy decision making (including applications of P3P), user-controllable security and privacy (including location-sharing privacy and file access control in the home), and usable cyber trust indicators, and and usable and secure passwords. Prior to coming to CMU I did research on P3P, electronic voting, security vulnerabilities in the movie production and distribution proces, and other topics.

Publications

Selected Publications

  1. Hana Habib, Megan Li, Ellie Young, and Lorrie Cranor. 2022. "Okay, whatever": An Evaluation of Cookie Consent Interfaces. In CHI Conference on Human Factors in Computing Systems (CHI '22). Association for Computing Machinery, New York, NY, USA, Article 621, 1–27. https://doi.org/10.1145/3491102.3501985
  2. Tianshi Li, Kayla Reiman, Yuvraj Agarwal, Lorrie Faith Cranor, and Jason I. Hong. 2022. Understanding Challenges for Developers to Create Accurate Privacy Nutrition Labels. In CHI Conference on Human Factors in Computing Systems (CHI '22). Association for Computing Machinery, New York, NY, USA, Article 588, 1–24. https://doi.org/10.1145/3491102.3502012
  3. Hana Habib, Sarah Pearman, Ellie Young, Ishika Saxena, Robert Zhang, and Lorrie FaIth Cranor. 2022. Identifying User Needs for Advertising Controls on Facebook. Proc. ACM Hum.-Comput. Interact. 6, CSCW1, Article 59 (April 2022), 42 pages. DOI:https://doi.org/10.1145/3512906
  4. Hana Habib, Yixin Zou, Yaxing Yao, Alessandro Acquisti, Lorrie Cranor, Joel Reidenberg, Norman Sadeh, and Florian Schaub. 2021. Toggles, Dollar Signs, and Triangles: How to (In)Effectively Convey Privacy Choices with Icons and Link Texts. In Proceedings of the 2021 CHI Conference on Human Factors in Computing Systems (CHI '21). Association for Computing Machinery, New York, NY, USA, Article 63, 1–25. https://dl.acm.org/doi/10.1145/3411764.3445387
  5. Peter Story, Daniel Smullen, Yaxing Yao, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. Awareness, adoption, and misconceptions of web privacy tools. Proceedings on Privacy Enhancing Technologies, 2021 (3) 308-333. DOI 10.2478/popets-2021-0049.
  6. Shikun Zhang, Yuanyuan Feng, Lujo Bauer, Lorrie Faith Cranor, Anupam Das, and Norman Sadeh. "Did you know this camera tracks your mood?": Understanding privacy expectations and preferences in the age of video analytics. Proceedings on Privacy Enhancing Technologies, 2021 (2) 282-304. DOI 10.2478/popets-2021-0028.
  7. Hana Habib, Sarah Pearman, Jiamin Wang, Yixin Zou, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. "It’s a scavenger hunt": Usability of Websites' Opt-Out and Data Deletion Choices. CHI 2020. https://dl.acm.org/doi/abs/10.1145/3313831.3376511
  8. Jessica Colnago, Yuanyuan Feng, Tharangini Palanivel, Sarah Pearman, Megan Ung, Alessandro Acquisti, Lorrie Faith Cranor, and Norman Sadeh. Informing the Design of a Personalized Privacy Assistant for the Internet of Things. CHI 2020. https://dl.acm.org/doi/abs/10.1145/3313831.3376389
  9. Hana Habib, Yixin Zou, Aditi Jannu, Neha Sridhar, Chelse Swoopes, Alessandro Acquisti, Lorrie Faith Cranor, Norman Sadeh, and Florian Schaub. An Empirical Analysis of Data Deletion and Opt-Out Choices on 150 Websites. SOUPS 2019. https://www.usenix.org/conference/soups2019/presentation/habib
  10. Pardis Emami-Naeini, Henry Dixon, Yuvraj Agarwal, and Lorrie Faith Cranor. 2019. Exploring How Privacy and Security Factor into IoT Device Purchase Behavior. In CHI Conference on Human Factors in Computing Systems USA, Paper 534, 12 pages. https://dl.acm.org/citation.cfm?id=3300764
  11. Pardis Emami-Naeini, Martin Degeling, Lujo Bauer, Richard Chow, Lorrie Cranor, Mohammad Reza Haghighat, and Heather Patterson. The Influence of Friends and Experts on Privacy Decision Making in IoT Scenarios. The 21st ACM Conference on Computer-Supported Cooperative Work and Social Computing (CSCW '18), Nov 2018. https://dl.acm.org/citation.cfm?id=3274317
  12. Hana Habib, Pardis Emami Naeini, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. User Behaviors and Attitudes Under Password Expiration Policies. Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), Baltimore, MD, pp. 13-20.  https://www.usenix.org/system/files/conference/soups2018/soups2018-habib-password.pdf
  13. Hana Habib, Jessica Colnago, Vidya Gopalakrishnan, Sarah Pearman, Jeremy Thomas, Alessandro Acquisti, Nicolas Christin, and Lorrie Faith Cranor. Away From Prying Eyes: Analyzing Usage and Understanding of Private Browsing. Fourteenth Symposium on Usable Privacy and Security (SOUPS 2018), Baltimore, MD, pp. 159-175. https://www.usenix.org/system/files/conference/soups2018/soups2018-habib-prying.pdf

  14. Joshua Tan, Lujo Bauer, Joe Bonneau, Lorrie Cranor, Jeremy Thomas, and Blase Ur. Can unicorns help users compare crypto key fingerprints? CHI 2017, Denver, CO, May 6-11, 2017. https://dl.acm.org/citation.cfm?id=3025733

  15. Maggie Oates, Yama Ahmadullah, Abigail Marsh, Chelse Swoopes, Shikun Zhang, Rebecca Balebako, and Lorrie Cranor. Turtles, Locks, and Bathrooms: Understanding Mental Models of Privacy Through Illustration. Proceedings on Privacy Enhancing Technologies, 2018 (4):5–32. [Best student paper award] https://petsymposium.org/2018/files/papers/issue4/popets-2018-0029.pdf

  16. Jessica Colnago, Summer Devlin, Maggie Oates, Chelse Swoopes, Lujo Bauer, Lorrie Cranor, and Nicolas Christin. 2018. “It's not actually that horrible”: Exploring Adoption of Two-Factor Authentication at a University. CHI 2018, Montreal, QC Canada, April 21-26, 2018. https://dl.acm.org/citation.cfm?id=3174030
  17. Sarah Pearman, Jeremy Thomas, Pardis Emami Naeini, Hana Habib, Lujo Bauer, Nicolas Christin, Lorrie Faith Cranor, Serge Egelman, and Alain Forget. Let’s go in for a closer look: Observing passwords in their natural habitat. 24th ACM Conference on Computer and Communications Security (CCS’17). 2017.  https://dl.acm.org/citation.cfm?id=3133956.3133973
  18. Blase Ur, Felicia Alfieri, Maung Aung, Lujo Bauer, Nicolas Christin, Jessica Colnago, Lorrie Faith Cranor, Henry Dixon, Pardis Emami Naeini, Hana Habib, Noah Johnson, and William Melicher. 2017. Design and Evaluation of a Data-Driven Password Meter. CHI 2017. http://dl.acm.org/citation.cfm?id=3026050&CFID=931599301
  19. W. Melicher, B. Ur, S. Segreti, S. Komanduri, L. Bauer, N. Christin, L. Cranor. Fast, Lean, and Accurate: Modeling Password Guessability Using Neural Networks. USENIX Security, August 10-12, 2016, Austin, TX. https://www.ece.cmu.edu/~lbauer/papers/2016/usenixsec2016-neural-passwords.pdf
  20. B. Ur, J. Bees, S. Segreti, L. Bauer, N. Christin, and L. F. Cranor. CHI'16. Do users' perceptions of password security match reality? http://www.ece.cmu.edu/~lbauer/papers/2016/chi2016-pwd-perceptions.pdf
  21. F. Schaub, R. Balebako, A. Durity, and L. Cranor. A Design Space for Effective Privacy Notices. SOUPS 2015. https://www.usenix.org/system/files/conference/soups2015/soups15-paper-schaub.pdf
  22. R. Shay, L. Bauer, N. Christin, L. Cranor, A. Forget, S. Komanduri, M. Mazurek, W. Melicher, S. Segreti, and B. Ur. A Spoonful of Sugar? The Impact of Guidance and Feedback on Password-Creation Behavior. CHI 2015. http://cups.cs.cmu.edu/rshay/pubs/Feedback.pdf
  23. Chandrasekhar Bhagavatula, Blase Ur, Kevin Iacovino, Su Mon Kywe, Lorrie Faith Cranor, Marios Savvides. Biometric Authentication on iPhone and Android: Usability, Perceptions, and Influences on Adoption. USEC 2015, February 8, 2015. http://www.internetsociety.org/doc/biometric-authentication-iphone-and-android-usability-perceptions-and-influences-adoption
  24. F. Schaub, R. Balebako, A. Durity, and L. Cranor. Designing Effective Privacy Notices. SOUPS 2015. https://www.usenix.org/conference/soups2015/proceedings/presentation/schaub
  25. B. Ur, F. Noma, J. Bees, S. Segreti, R. Shay, L. Bauer, N. Christin, and L. Cranor. "I Added '!' at the End to Make It Secure": Observing Password Creation in the Lab. SOUPS 2015. https://www.usenix.org/conference/soups2015/proceedings/presentation/ur
  26. Saranga Komanduri, Richard Shay, Lorrie Faith Cranor, Cormac Herley, and Stuart Schechter. Telepathwords: Preventing Weak Passwords by Reading Users' Minds. USENIX Security 2014. August 20-22, 2014, San Diego, CA, pp. 591-606. https://www.usenix.org/conference/usenixsecurity14/technical-sessions/presentation/komanduri
  27. L. Cranor, A. Durity, A. Marsh, and B. Ur. Parents' and Teens' Perspectives on Privacy in a Technology-Filled World. SOUPS 2014.  https://www.usenix.org/conference/soups2014/proceedings/presentation/cranor
  28. C. Bravo-Lillo, L. Cranor, S. Komanduri, S. Schechter, M. Sleeper. Harder to Ignore? Revisiting Pop-Up Fatigue and Approaches to Prevent It. SOUPS 2014.  https://www.usenix.org/conference/soups2014/proceedings/presentation/bravo-lillo
  29. Richard Shay, Saranga Komanduri, Adam L. Durity, Philip (Seyoung) Huh, Michelle L. Mazurek, Sean M. Segreti, Blase Ur, Lujo Bauer, Nicolas Christin, and Lorrie Faith Cranor. Can long passwords be secure and usable? In CHI 2014: Conference on Human Factors in Computing Systems, April 2014. ACM.  http://lorrie.cranor.org/pubs/longpass-chi2014.pdf
  30. Y. Wang, P. Leon, A. Acquisti, L.F. Cranor, A. Forget, N. Sadeh. A Field Trial of Privacy Nudges for Facebook. ACM SIGCHI Conference on Human Factors in Computing Systems (CHI2014).  http://yangwang.syr.edu/papers/CHI2014.pdf
  31. M.L. Mazurek, S. Komanduri, T. Vidas, L. Bauer, N. Christin, L.F. Cranor, P.G. Kelley, R. Shay, and B. Ur. Measuring Password Guessability for an Entire University. ACM CCS 2013.  https://www.cylab.cmu.edu/research/techreports/2013/tr_cylab13013.html
  32. C. Bravo-Lillo, L.F. Cranor, J. Downs, S. Komanduri, R.W. Reeder, S. Schechter, and M. Sleeper. Your Attention Please: Designing security-decision UIs to make genuine risks harder to ignore. In Proceedings of the Eight Symposium On Usable Privacy and Security (SOUPS ’13), Newcastle, United Kingdom, 2013.  http://cups.cs.cmu.edu/soups/2013/proceedings/a6_Bravo-Lillo.pdf
  33. P.G. Leon, B. Ur, Y. Wang, M. Sleeper, R. Balebako, R. Shay, L. Bauer, M. Christodorescu, L.F. Cranor. What Matters to Users? Factors that Affect Users' Willingness to Share Information with Online Advertisers. In Proceedings of the Eight Symposium On Usable Privacy and Security (SOUPS ’13), Newcastle, United Kingdom, 2013.  http://cups.cs.cmu.edu/soups/2013/proceedings/a7_Leon.pdf
  34. B. Ur, P.G. Kelley, S. Komanduri, J. Lee, M. Maass, M. Mazurek, T. Passaro, R. Shay, T. Vidas, L. Bauer, N. Christin, and L.F. Cranor. How does your password measure up? The effect of strength meters on password creation. USENIX Security 2012.  http://www.ece.cmu.edu/~lbauer/papers/2012/usenix2012-meters.pdf
  35. P. Klemperer, Y. Liang, M. Mazurek, M. Sleeper, B. Ur, L. Bauer, L.F. Cranor, N. Gupta, and M. Reiter. Tag, You Can See It! Using Tags for Access Control in Photo Sharing. CHI 2012.  http://www.ece.cmu.edu/~lbauer/papers/2012/chi2012-tags.pdf
  36. L.F. Cranor. Necessary But Not Sufficient: Standardized Mechanisms for Privacy Notice and Choice. Journal of Telecommunications and High Technology Law, Vol. 10, No. 2, 2012.  http://www.jthtl.org/content/articles/V10I2/JTHTLv10i2_Cranor.PDF

Secretary:

Tiffany M. Todd - (412) 268-6367