Lorrie Faith Cranor is the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University, where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-director of the MSIT-Privacy Engineering masters program. In 2016 she served as chief technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company.

She has authored more than 150 research papers on online privacy, usable security, and other topics. Cranor played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O'Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals.

Cranor was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. She was named an ACM Fellow for her contributions to usable privacy and security research and education, and an IEEE Fellow for her contributions to privacy engineering. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a Ph.D. in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, and runs after her three children.

2107 Collaborative Innovation Center
Google Scholar
Lorrie Cranor
Lorrie Cranor's website

Online Security and Privacy


1996 Doctor of Science, Engineering and Public Policy, Washington University

1996 MS, St. Louis, MO, Computer Science

1993 MS, Technology and Human Affairs, Washington University

1992 BS, Engineering and Public Policy, Washington University


Media mentions


Cranor on Sony’s robot dog Aibo

CyLab Director Lorrie Cranor was interviewed by CNET about Sony’s robot dog Aibo and the product’s access to users’ personal data. According to Sony’s privacy policy, it may share “non-personal” and hashed/de-identified data with third parties. However, Cranor says this data can still be used as identifiers.

Cranor discusses CyLab and cybersecurity with PBT

In an interview with Pittsburgh Business Times, CyLab Director Lorrie Cranor discussed security and privacy of Internet of Things (IoT) devices. “There is a growing number of IoT devices that are everywhere in the home environment, but also in businesses and in cities,” said Cranor. “The problem is that a lot of them are fairly low cost devices and not enough effort has been put into making sure that they are actually secured.” Aside from IoT devices, CyLab has also been involved in privacy policies, artificial intelligence, and anti-phishing research, as well as outreach projects.

The Wall Street Journal

Cranor expresses concerns about tools that monitor children online

Although parental monitoring tools ask for children’s passwords to keep them from encountering troubles online, CyLab Director Lorrie Cranor says that any service provider that asks for passwords is fundamentally insecure.

The Washington Post

Cranor comments on British spy agency proposal to access encrypted messages

CyLab Director Lorrie Cranor has signed an open letter to Britain’s Government Communications Headquarters (GCHQ) to condemn their proposal that would allow law enforcement to spy on encrypted messages.

CMU Engineering

BUYER UNAWARE: Security and privacy rarely considered before buying IoT devices

In a study presented at the ACM CHI conference in Glasgow earlier this month, researchers from Carnegie Mellon University’s CyLab found that security and privacy risks may not be on the list of considerations when consumers purchase new IoT devices.

SC Magazine

Cranor quoted on the future of privacy

CyLab Director Lorrie Cranor was quoted in a recent article discussing the future of privacy, specifically how much access companies can have to personal information and how long they can retain it.

CMU Engineering

First round of Secure and Private IoT Initiative funded projects announced

CyLab’s Secure and Private IoT Initiative (IoT@CyLab) has broken ground as the first round of funded proposals have been announced. Twelve selected projects will be funded for one year, and results will be presented at the IoT@CyLab annual summit next year.


Cranor named Andrew Carnegie Fellow

CyLab Director Lorrie Cranor has been named to the 2019 Class of Andrew Carnegie Fellows by the Carnegie Corporation of New York.

CMU Engineering

Lorrie Cranor, Brian Kovak Named Andrew Carnegie Fellows

Carnegie Mellon University faculty members Lorrie Cranor and Brian K. Kovak have been named to the 2019 Class of Andrew Carnegie Fellows by the Carnegie Corporation of New York, a philanthropic foundation that has supported the advancement of education and knowledge for more than a century.

Cranor speaks at WiCyS Conference

CyLab Director Lorrie Cranor was among a collection of prominent names in cybersecurity speaking before over 1,300 attendees at last month’s Women in Cybersecurity (WiCyS) Conference. The conference provided opportunities for networking and encouraged continued growth in the number of women represented in cybersecurity, which has risen from 11% of the workforce five years ago to 20% today.

CMU Engineering

CMU women shine at Women in Cybersecurity Conference

Women make up about one-fifth of the national cybersecurity workforce. That statistic, coupled with Carnegie Mellon's accelerating number of women working in the field, may help explain why the annual Women in Cybersecurity (WiCyS) conference was hosted by Carnegie Mellon University last month. 

CMU Engineering

A new era for the Bosch Chair

Lorrie Cranor has received the Bosch Distinguished Professorship in Security and Privacy Technologies, enabling her to lead a new era of security and privacy research at the university.