Lorrie Cranor, Chief Technologist, FTC; Director, Cylab Usable Privacy and Security Laboratory at Carnegie Mellon University


by Fatima Khan

The WISP career series highlights extraordinary women working on security and privacy issues.  The second installment in this series features Lorrie Cranor and her career path, work, and advice to young professionals.

Lorrie Cranor is the quintessential donna universale, or Renaissance woman, at the frontier of privacy and security. Her work as an engineer, artist, advocate, professor and policymaker exemplifies the famed humanist (and cryptographer) Leon Battista Alberti’s philosophy that “a [wo]man can do all things if [s]he will.” (bracketed text added by author)  Incredibly enough, Cranor’s career in privacy and security parallels Alberti’s career.

Career Path

Cranor began her career in computer science in high school alongside very few girls.  Although she excelled in the area, she initially felt like an outsider amongst the groups of teenage boys that were able to bond together over a shared interest.  In efforts to test out of computer science in college, Cranor was instead lured into the field by taking a few classes to get a minor in the field.  Despite her reluctance to pursue computer science, she then received a bachelor’s degree in Engineering and Public Policy, master’s degrees in Technology and Human Affairs and Computer Science, and a doctorate in Engineering and Policy from Washington University in St. Louis. 

Cranor has made several contributions to the usable security movement – both practically and theoretically.  In 2002, Cranor led the development of the Platform for Privacy Preferences (P3P) at the World Wide Web Consortium and wrote the book Web Privacy with P3P. Building upon the practical Privacy Bird P3P user agent and the Privacy Finder P3P search engine. Cranor’s work has served as one of the foundations of the usable privacy and security movement. In 2005, she co-edited the book Security and Usability and founded the Symposium On Usable Privacy and Security (SOUPS).

As Alberti applied mathematics to art and painting, Cranor has used computer science and security as a base and applied it to art and quilting.  She took a “staybbatical” within CMU as a fellow at the STUDIO for Creative Inquiry in the Carnegie Mellon School of Art, built a software program for quilting design, and created her National Science Foundation awarded Security Blanket and Password Dress.  Having done extensive password research in the past, Cranor highlighted the most used passwords from the RockYou breach to demonstrate that similar to a security blanket, a password offers comfort, but no real security.  As an artist and technologist, her career also led her to become a founding member of the cyberfeminist collective, Deep Lab, which received a grant from the Warhol foundation to bring artists to complete residencies at CMU on security and privacy focused projects.

Advice to Young Professionals

It may be hard to believe that such an accomplished individual has faced obstacles in receiving equal pay, but just the statistics show, Cranor is one of the many women who has experienced it in the past.  When her boss refused to pay her equally for equal work to her male counterparts, she found another job offer, at which point her pay was promptly raised.  As a result, an early lesson she learned was to “always negotiate [salary] even if they tell you that you can’t.”  In addition, Cranor emphasized that “there is a lot of power in women getting together and supporting each other,” especially if there are very few women in the room.  She also suggested making “male allies” because it’s important to know “you’re not alone and find a support group.” 

Career Advice to Women in Security and Privacy

Cranor feels that both security and privacy benefit from having more viewpoints and encourages women to pursue the fields.  Cranor stated, “Security and privacy has traditionally been filled with those that are more mathematically or computer systems inclined, but it benefits from diversity and an interdisciplinary skill set; for example, people have recently realized the importance of understanding the human factor in addition to machine-based performance, such as to understand attacker behavior.” Cranor stressed that usable privacy and security requires a great deal of research, prototyping, and understanding of human behavior to integrate, making it a subset within privacy and security that would greatly benefit from varied viewpoints.

Lorrie Cranor has built her expertise across fields to become an accomplished modern day polymath.  She has achieved a great deal in privacy and security while simultaneously contributing to art, science and fulfilling her civic duty.  She is an inspiration to the WISP community and a reminder to our members that if you have an interest within security and privacy – whether as a technologist, policymaker, artist or somewhere in between – to build your expertise and pursue it!