Lorrie Faith Cranor's Home Page

Lorrie Faith Cranor

lorrie.cranor.org

Painted Sun Quilt

What's New!
Teaching
Students
Research Projects
Interests and Activities
Publications
bio
resume
news clippings
recent talks
quilts

Thesis2 Quilt

"UNLESS someone like you cares a whole awful lot, nothing is going to get better. It's not."

--Dr. Seuss, from The Lorax

Happy Flowers Quilt

My current research focuses mostly on online privacy. I am particularly interested in applications of the Platform for Privacy Preferences (P3P), and in user interfaces and usability issues related to privacy enhancing software and secure systems. I chaired the P3P Specification working group and designed the Privacy Bird P3P user agent. I completed a book on P3P in 2002 and co-edited a book on Security and Usability in 2005. I have also done research on electronic voting and a novel voting procedure called declared-strategy voting.

I came to Carnegie Mellon University in December 2003 after seven years at AT&T Labs-Research. I am a faculty member in the Institute for Software Research, International in the School of Computer Science and in the Engineering and Public Policy department in the College of Engineering. I am director of the CMU Usable Privacy and Security Laboratory (CUPS). I am also affiliated with the Ph.D. Program in Computation, Organizations and Society, Cylab, the Human-Computer Interaction Institute, and the Privacy Technology Center.

I spend most of my free time with my husband (Chuck), son (Shane), and daughter, (Maya). Sometimes I find time to design and create quilts.

What's New!

The Security and Usability book is now available! If you've enjoyed it, please consider writing a review.
Symposium On Usable Privacy and Security (SOUPS) 2006 will be held at CMU July 12-14, 2006.
June 27, 2005: New tech report released - Counter-Forensic Privacy Tools: A Forensic Evaluation

The October 2003 issue of Technology Review magazine lists me as one of the top 100 innovators 35 or younger
Download Privacy Bird, a P3P user agent pluggin for IE6 or try our new Privacy Finder search.
Our house gets a bath!

Teaching

Spring 2006

5-899 / 17-500 Usable Privacy and Security
15-290 / 19-211 Computers and Society
COS PhD seminar
ISRI Seminar Series

Previous semesters

15-508 / 17-801 / 19-608 / 95-818: Privacy Policy, Law, and Technology (FA05, FA04, SP04)
15-290 / 19-211: Special Topics: Computers and Society (SP05)

ISRI Seminar Series

Students

Current PhD Students: Serge Egelman, COS (advisor)
Ponnurangam Kumaraguru, COS (advisor)
Steve Sheng, EPP (advisor)
Elaine Newton, EPP (committee member)
Current Masters Students: Matthew Geiger, MSPPM (project advisor)
Current Undergraduate Students: Joe Schwartz (project advisor)
Past Students: Christian Ratterman, MHCI 2005 (project advisor)
Charles Yiu, MHCI 2005 (project advisor)
Shannon O'Brien, MHCI 2005 (project advisor)
Alex Eiser, MHCI 2006 (project advisor)
Braden Kowitz, MHCI 2005(project advisor)
Ryan Mahon, MSISTM 2005(thesis advisor)
Pei-Chao Weng, MSIN 2004 (thesis advisor)
Kenneth Chu, MSIN 2005 (thesis advisor)
Patrick Feng, PhD 2002 Rensselaer Polytechnic Institute (committee member)

Research Projects

For information about current research projects, see the current projects list on the CUPS web site. The following is a list of projects I started prior to coming to CMU.

The Platform for Privacy Preferences (P3P): I have been working with the World Wide Web Consortium to develop version 1.1 of the Platform for Privacy Preferences Project (P3P), a standard way for web sites to express their privacy policies in a computer-readable format.
Privacy Bird and Privacy Finder: I designed a P3P web browser pluggin called Privacy Bird while at AT&T. It is now being maintained and extended by my students at CMU. We also deployed a P3P search engine called Privacy Finder.
Movies: I worked with several colleagues at AT&T to conduct an Analysis of Security Vulnerabilities in the Movie Production and Distribution Process.
Publius: Publius is a Web publishing system that is highly resistant to censorship and provides publishers with a high degree of anonymity. You can read about Publius in the O'Reilly book Peer-to-peer: Harnessing the Power of Disruptive Technologies. Publius also received an award from Index on Censorship for the Best Circumvention of Censorship
Voting: In 1997 my group at AT&T helped design the technical aspects of an electronic voting system trial for Costa Rica. The trial was originally planned for 1 Feb 1998, but was postponed indefinitely at the request of the government of Costa Rica. Declared-Strategy Voting is a novel group decision-making procedure in which preference is specified using voting strategies, thus allowing voters to cast ballots that are both effective and expressive. This project was the subject of my dissertation. Sensus is a security-conscious electronic polling system designed for conducting secure and private elections and surveys over the Internet. I developed a Sensus prototype as part of my master's research at Washington University. You can learn more about my voting-related projects by visiting my voting page.

Interests and Activities

ACM: I am a member of USACM, the ACM US public policy committee. I previously served on the ACM Publications board and on the advisory board for Crossroads, The ACM Student Magazine, a publication I was editor-in-chief of for two years while in graduate school.
Art: When I have time, I enjoy dabbling in art and photography. I took up patchwork and hand quilting while in graduate school. After I graduated I bought a sewing machine and started machine quilting. Click here for photos of some of my creations: Photographs, Paintings and Drawings, Art to Wear, Quilts.
Music: I played the flute and piccolo in high school, but decided I needed a louder instrument when I joined the Pep Band in college. So I learned how to play alto sax, and later switched to tenor sax. When I lived in New Jersey I played in the Chatham Community Band.
Social Informatics: I am interested in the impacts of computers on society, and attempts to control these impacts through technology and legislation. This is sometimes referred to as social informatics. The Computers, Freedom and Privacy conference is a great place to learn about these issues. A related area of interest is value-sensitive design.
Washington University: I attended Washington University in St. Louis from 1989 to 1996. One of my favorite WU activities was the Pep Band. I was also involved in graduate student government, serving as coordinator of the Association of Graduate Engineering Students and the 1995-96 graduate student representative to the board of trustees. My degrees are from the Engineering and Policy and Computer Science departments.
Yoga: I started practicing yoga the first time I was pregnant and have been doing it on and off ever since. I currently take yoga classes on campus at CMU.

Selected Publications

See the publications section of my resume for a more complete publications list. See also a list of essays I have written.

The Real ID Act: Fixing Identity Documents with Duct Tape. To appear in I/S: A Journal of Law and Policy for the Information Society, Fall/Winter 2005 (with S. Egelman).

An Analysis of P3P-Enabled Web Sites among Top-20 Search Results. November 2005. Draft paper, under review (with S. Egelman and A. Chowdhury).

User Interfaces for Privacy Agents. To appear in ACM Transactions on Computer-Human Interaction, 2006 (with P. Guduru and M. Arjula).

Counter-Forensic Privacy Tools: A Forensic Evaluation. ISRI Technical Report. CMU-ISRI-05-119 (with M. Geiger).

Peripheral Privacy Notifications for Wireless Networks. In Proceedings of the 2005 Workshop on Privacy in the Electronic Society, 7 November 2005, Alexandria, VA. (with B. Kowitz).

Privacy in India: Attitudes and Awareness. In Proceedings of the 2005 Workshop on Privacy Enhancing Technologies (PET2005), 30 May - 1 June 2005, Dubrovnik, Croatia (with P. Kumaraguru).

Searching for Privacy: Design and Implementation of a P3P-Enabled Search Engine. In Proceedings of the 2004 Workshop on Privacy Enhancing Technologies (PET2004), 26-28 May, 2004, Toronto, Canada (with S. Byers, D. Kormann, and P. McDaniel).

Analysis of Security Vulnerabilities in the Movie Production and Distribution Process. Proceedings of the 2003 ACM Workshop on Digital Rights Management, October 27, 2003, Washington, DC. (with S. Byers, E. Cronin, D. Kormann, and P. McDaniel)

'I Didn't Buy it for Myself': Privacy and Ecommerce Personalization. Proceedings of the 2nd ACM Workshop on Privacy in the Electronic Society, October 30, 2003, Washington, DC.

Automated Analysis of P3P-Enabled Web Sites. In Proceedings of the Fifth International Conference on Electronic Commerce (ICEC2003). Pittsburgh, PA, October 1-3, 2003. (with S. Byers and D. Kormann)

Use of a P3P User Agent by Early Adopters. Proceedings of the ACM Workshop on Privacy in the Electronic Society, November 21, 2002, Washington, DC (with M. Arjula and P. Guduru).

A Webmaster's Guide to Troubleshooting P3P. O'Reilly Network. November 2002.

Help! IE6 is blocking my cookies! O'Reilly Network. October 2002.

Can user agents accurately represent privacy notices?. TPRC 2002 (September 2002) (with Joel Reidenberg).

Web Privacy with P3P (2002). Lorrie Faith Cranor. Sebastopol, CA: O'Reilly & Associates, Inc.

The Platform for Privacy Preferences 1.0 (P3P1.0) Specification. W3C Recommendation. 16 April 2002. (with M. Langheinrich, M. Marchiori, M. Presler-Marshall, and J. Reagle).

Why P3P is a Good Privacy Tool for Consumers and Companies. GigaLaw.com. (April 2002) (with Rigo Wenning).

The role of privacy advocates and data protection authorities in the design and deployment of the platform for privacy preferences. Proceedings of the Twelth Conference on Computers, Freedom and Privacy, April 16-19, 2002, San Francisco, CA.

The Architecture of Robust Publishing Systems. (November 2001). ACM Transactions on Internet Technology 1(2):199-230. (with M. Waldman and A. Rubin).

Voting After Florida: No Easy Answers. Ubiquity: An ACM IT Magazine and Forum. Issue 47 (February 13-19, 2001).

Beyond Concern: Understanding Net Users' Attitudes About Online Privacy. (2000). In Ingo Vogelsang and Benjamin M. Compaine, eds. The Internet Upheaval: Raising Questions, Seeking Answers in Communications Policy. Cambridge, Massachusetts: The MIT Press, p. 47-70 (with M. Ackerman and J. Reagle). [First published as AT&T Labs-Research Technical Report TR 99.4.3, 14 April 1999. Presented at the Telecommunications Policy Research Conference. Alexandria, VA, September 25-27, 1999.]

Publius, A robust, tamper-evident and censorship-resistant web publishing system. Proceedings of the 9th USENIX Security Symposium, August, 2000 (with M. Waldman and A. Rubin).

Privacy Tools. (August 2000). In Helmut Baumler, Ed., E-Privacy: Datenschutz im Internet. Braunschweig/Wiesbaden: Vieweg & Sohn Verlagsgesellschaft, p.107-119. [Revised version available online.]

Ten years of computers, freedom, and privacy: a personal retrospective. Proceedings of the Tenth Conference on Computers, Freedom and Privacy: Challenging the Assumptions, April 4 - 7, 2000, Toronto, ON Canada, p. 11-15.

Protocols for Automated Negotiations with Buyer Anonymity and Seller Reputations. (2000). Netnomics 2(1):1-23. (with P. Resnick).

Privacy in E-Commerce: Examining User Scenarios and Privacy Preferences. Proceedings of the ACM Conference on Electronic Commerce (EC'99), 3-5 November 1999, Denver, Colorado, p. 1-8 (with M. Ackerman and J. Reagle).

Influencing Software Usage. Proceedings of the Telecommunications Policy Research Conference. Alexandria, VA, October 3-5, 1998. (with R. Wright)

Bias and Responsibility in 'Neutral’ Social Protocols, Computers & Society, September 1998, p. 17-19. Originally presented at the DIMACS workshop on Design for Values: Ethical, Social and Political Dimensions of Information Technology, Princeton, NJ, 28 February 1998.

Spam! Communications of the ACM. Vol. 41, No. 8 (Aug. 1998), Pages 74- 83. (with B. LaMacchia)

Designing a Social Protocol: Lessons Learned from the Platform for Privacy Preferences. In Jeffrey K. MacKie-Mason and David Waterman, eds., Telephony, the Internet, and the Media. Mahwah: Lawrence Erlbaum Associates, 1998. [Paper presented at the Telecommunications Policy Research Conference, Alexandria, VA, September 27-29 1997. (with J. Reagle)]

Sensus: A Security-Conscious Electronic Polling System for the Internet. Proceedings of the Hawai`i International Conference on System Sciences, January 7-10, 1997, Wailea, Hawai`i, USA (with R. Cytron).

Declared-Strategy Voting: An Instrument for Group Decision-Making. Washington University Dissertation. December 1996.