Lorrie Faith Cranor is the Director and Bosch Distinguished Professor in Security and Privacy Technologies of CyLab and the FORE Systems Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She also directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the MSIT-Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission, working in the office of Chairwoman Ramirez. She is also a co-founder of Wombat Security Technologies, Inc, a security awareness training company that was acquired by Proofpoint.

She has authored more than 200 research papers on online privacy, usable security, and other topics. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O'Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards and working groups, including the Electronic Frontier Foundation Board of Directors, the Computing Research Association Board of Directors, the Aspen Institute Cybersecurity Group, and on the editorial boards of several journals.

In her younger days she was honored as one of the top 100 innovators 35 or younger by Technology Review magazine. More recently she was elected to the ACM CHI Academy, named an ACM Fellow for her contributions to usable privacy and security research and education, and named an IEEE Fellow for her contributions to privacy engineering. She has also received an Alumni Achievement Award from the McKelvey School of Engineering at Washington University in St. Louis, the 2018 ACM CHI Social Impact Award, the 2018 International Association of Privacy Professionals Privacy Leadership Award, and (with colleagues) the 2018 IEEE Cybersecurity Award for Practice.

She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University. She holds a doctorate in Engineering and Policy from Washington University in St. Louis. In 2012-13 she spent her sabbatical as a fellow in the Frank-Ratchye STUDIO for Creative Inquiry at Carnegie Mellon University where she worked on fiber arts projects that combined her interests in privacy and security, quilting, computers, and technology. She practices yoga, plays soccer, walks to work, and runs after her three children.

2107 Collaborative Innovation Center
Google Scholar
Lorrie Cranor
Lorrie Cranor's website

Improving Transparency for Online Privacy

What's Next

Online Security and Privacy


1996 Doctor of Science, Engineering and Policy, Washington University

1996 MS, Computer Science, Washington University

1993 MS, Technology and Human Affairs, Washington University

1992 BS, Engineering and Public Policy, Washington University


Media mentions

CyLab Security and Privacy Institute

CyLab researchers to present at the IEEE Symposium on Security and Privacy

CyLab faculty members and students will present their research on topics ranging from mobile money practices in Africa to uncovering and identifying side-channel and evasion attacks at the 45th Institute of Electrical and Electronics Engineers (IEEE) Symposium on Security and Privacy.


Cranor quoted on “broadband nutrition labels” for internet service

CyLab Director Lorrie Cranor was quoted on the introduction of “broadband nutrition labels” for internet service.

CyLab Security and Privacy Institute

CyLab researchers to present at ACM CHI 2024

CyLab Security and Privacy Institute researchers are set to present 10 papers and participate in one special interest group at the upcoming Association for Computing Machinery (ACM) Conference on Human Factors in Computing Systems (CHI 2024).


Cranor speaks on internet frauds in TribLive

CyLab Director Lorrie Cranor speaks on internet frauds in TribLive. “If you get any message through any channel that says you should transfer money or buy gift cards, it’s a scam,” she says.

News 5 Cleveland

Cranor discusses cybersecurity labels for smart devices

CyLab Director Lorrie Cranor discusses the idea of creating cybersecurity labels for smart devices.

USA Today

Cranor speaks about Roblox privacy concerns

CyLab Director Lorrie Cranor spoke with USA Today about the spotlight cast on Roblox’s privacy settings. While it was established that the online game doesn’t collect precise location data, Cranor noted that sharing personal information in chats could leave users vulnerable.

The Washington Post

Cranor comments on House speakers’ porn-monitoring software

CyLab Director Lorrie Cranor comments on House speaker Mike Johnson’s porn-monitoring software in The Washington Post. Cranor is “concerned about a government official using it knowingly on his own devices, as it may expose potentially sensitive information to a third-party service provider or even his 17-year-old son.”


Cranor shares thoughts on smartphones and their listening capabilities

CyLab Director Lorrie Cranor shares her thoughts on smartphones and their listening capabilities on WTAE. “Your phones are mostly not listening to you, but they could be listening to you,” she says.

CyLab Security and Privacy Institute

CyLab faculty, students to present at ACM CCS 2023

Carnegie Mellon faculty and students will present on a wide range of topics at the Association for Computing Machinery Special Interest Group on Security, Audit and Control’s (SIGSAC’s) Conference on Computer and Communications Security (ACM CCS). Held at the Tivoli Congress Center in Copenhagen, Denmark on November 26-30, the event brings together information security researchers, practitioners, developers, and users from all over the world to explore cutting-edge ideas and results.

CyLab Security and Privacy Institute

CyLab receives a $250,000 gift from Craig Newmark Philanthropies to support research on IoT security and privacy labels

Craig Newmark Philanthropies has announced a $250,000 gift to support the Carnegie Mellon University CyLab Security and Privacy Institute’s research on privacy and security labels for IoT devices.

CyLab Security and Privacy Institute

CyLab faculty, students to present at the 32nd USENIX Security Symposium

Carnegie Mellon faculty and students will present on a wide range of topics at the 32nd USENIX Security Symposium. Held in Anaheim, CA, on August 9-11, the event brings together experts from around the world, who will highlight the latest advances in the security and privacy of computer systems and networks.

Washington Post

Cranor quoted on IoT nutrition labels

CyLab Director Lorrie Cranor shared her thoughts on the future of IoT security and privacy labels.