Lorrie Faith Cranor
"UNLESS someone like you cares a whole awful lot, nothing is going to get better. It's not."
I came to Carnegie Mellon University in December 2003 after seven years at AT&T Labs-Research. I am a faculty member in the Institute for Software Research, International in the School of Computer Science and in the Engineering and Public Policy department in the College of Engineering. I am director of the CMU Usable Privacy and Security Laboratory (CUPS). I am also affiliated with the Ph.D. Program in Computation, Organizations and Society, Cylab, the Human-Computer Interaction Institute, and the Privacy Technology Center.
For information about current research projects, see the current projects list on the CUPS web site. The following is a list of projects I started prior to coming to CMU.
Interests and Activities
The Real ID Act: Fixing Identity Documents with Duct Tape. To appear in I/S: A Journal of Law and Policy for the Information Society, Fall/Winter 2005 (with S. Egelman).
An Analysis of P3P-Enabled Web Sites among Top-20 Search Results. November 2005. Draft paper, under review (with S. Egelman and A. Chowdhury).
User Interfaces for Privacy Agents. To appear in ACM Transactions on Computer-Human Interaction, 2006 (with P. Guduru and M. Arjula).
Counter-Forensic Privacy Tools: A Forensic Evaluation. ISRI Technical Report. CMU-ISRI-05-119 (with M. Geiger).
Peripheral Privacy Notifications for Wireless Networks. In Proceedings of the 2005 Workshop on Privacy in the Electronic Society, 7 November 2005, Alexandria, VA. (with B. Kowitz).
Privacy in India: Attitudes and Awareness. In Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005), 30 May - 1 June 2005, Dubrovnik, Croatia (with P. Kumaraguru).
Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine. In Proceedings of the 2004 Workshop on Privacy Enhancing Technologies (PET2004), 26-28 May, 2004, Toronto, Canada (with S. Byers, D. Kormann, and P. McDaniel).
Analysis of Security Vulnerabilities in the Movie Production and Distribution Process. Proceedings of the 2003 ACM Workshop on Digital Rights Management, October 27, 2003, Washington, DC. (with S. Byers, E. Cronin, D. Kormann, and P. McDaniel)
'I Didn't Buy it for Myself': Privacy and Ecommerce Personalization. Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society, October 30, 2003, Washington, DC.
Automated Analysis of P3P-Enabled Web Sites. In Proceedings of the Fifth International Conference on Electronic Commerce (ICEC2003). Pittsburgh, PA, October 1-3, 2003. (with S. Byers and D. Kormann)
Use of a P3P User Agent by Early Adopters. Proceedings of the ACM Workshop on Privacy in the Electronic Society, November 21, 2002, Washington, DC (with M. Arjula and P. Guduru).
A Webmaster's Guide to Troubleshooting P3P. O'Reilly Network. November 2002.
Help! IE6 is blocking my cookies! O'Reilly Network. October 2002.
Can user agents accurately represent privacy notices?. TPRC 2002 (September 2002) (with Joel Reidenberg).
Web Privacy with P3P (2002). Lorrie Faith Cranor. Sebastopol, CA: O'Reilly & Associates, Inc.
The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation. 16 April 2002. (with M. Langheinrich, M. Marchiori, M. Presler-Marshall, and J. Reagle).
Why P3P is a Good Privacy Tool for Consumers and Companies. GigaLaw.com. (April 2002) (with Rigo Wenning).
The role of privacy advocates and data protection authorities in the design and deployment of the platform for privacy preferences. Proceedings of the Twelth Conference on Computers, Freedom and Privacy, April 16-19, 2002, San Francisco, CA.
Voting After Florida: No Easy Answers. Ubiquity: An ACM IT Magazine and Forum. Issue 47 (February 13-19, 2001).
Beyond Concern: Understanding Net Users' Attitudes About Online Privacy. (2000). In Ingo Vogelsang and Benjamin M. Compaine, eds. The Internet Upheaval: Raising Questions, Seeking Answers in Communications Policy. Cambridge, Massachusetts: The MIT Press, p. 47-70 (with M. Ackerman and J. Reagle). [First published as AT&T Labs-Research Technical Report TR 99.4.3, 14 April 1999. Presented at the Telecommunications Policy Research Conference. Alexandria, VA, September 25-27, 1999.]
Publius, A robust, tamper-evident and censorship-resistant web publishing system. Proceedings of the 9th USENIX Security Symposium, August, 2000 (with M. Waldman and A. Rubin).
Ten years of computers, freedom, and privacy: a personal retrospective. Proceedings of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions, April 4 - 7, 2000, Toronto, ON Canada, p. 11-15.
Protocols for Automated Negotiations with Buyer Anonymity and Seller Reputations. (2000). Netnomics 2(1):1-23. (with P. Resnick).
Privacy in E-Commerce: Examining User Scenarios and Privacy Preferences. Proceedings of the ACM Conference on Electronic Commerce (EC'99), 3-5 November 1999, Denver, Colorado, p. 1-8 (with M. Ackerman and J. Reagle).
Bias and Responsibility in 'Neutralí Social Protocols, Computers & Society, September 1998, p. 17-19. Originally presented at the DIMACS workshop on Design for Values: Ethical, Social and Political Dimensions of Information Technology, Princeton, NJ, 28 February 1998.
Designing a Social Protocol: Lessons Learned from the Platform for Privacy Preferences. In Jeffrey K. MacKie-Mason and David Waterman, eds., Telephony, the Internet, and the Media. Mahwah: Lawrence Erlbaum Associates, 1998. [Paper presented at the Telecommunications Policy Research Conference, Alexandria, VA, September 27-29 1997. (with J. Reagle)]
Sensus: A Security-Conscious Electronic Polling System for the Internet. Proceedings of the Hawai`i International Conference on System Sciences, January 7-10, 1997, Wailea, Hawai`i, USA (with R. Cytron).
Declared-Strategy Voting: An Instrument for Group Decision-Making. Washington University Dissertation. December 1996.