Skip to main content

​P@$SWORD PROTECTOR

​Lorrie Faith Cranor, the Federal Trade Commission’s chief technologist, 
wants to make online privacy more secure, using computer science, engineering and policy to safeguard information​

Written by Christopher Tritto

Lorrie Faith Cranor is one of the nation's leading experts on online privacy, password protection and technological security. So much so that Federal Trade Commission Chairwoman Edith Ramirez tapped the Washington University in St. Louis–trained computer science professor in January to take a leave of absence from Carnegie Mellon University and become the agency's chief technologist.

The appointment apparently cued the gods of irony. Two months into Cranor's new gig, thieves stole her identity and used it to hijack her mobile number and pocket a couple of new iPhones charged to her wireless account.

"I was very annoyed, but it helped me understand what it's like for someone going through this and how they can use FTC tools to help," Cranor says.

Cranor's firsthand experience helped her spur improvements in FTC consumer protection programs. It prompted her to publish a blog post on the subject and even led to a June appearance on NBC's "Today" show to warn others about this form of identity theft.

The experience also validated the importance of her ongoing research on passwords and data protection. As technology continues to infiltrate our everyday lives — through desktop and mobile devices, personal fitness trackers, internet-connected devices in our homes and more — security measures are becoming increasingly vital to privacy protection but also becoming more difficult to navigate.

"There are a lot of exciting but scary things on the horizon," Cranor says. "Smart cars are collecting increasing amounts of information about drivers and passengers that are almost completely unregulated. Virtual reality systems can collect information on what you are looking at, your heart rate and who knows what else. Makers of many health monitoring devices and fitness wearables have privacy policies, but studies show a lot of these companies are not adequately protecting the information they collect."


Her most famous quilt, inspired by her research, is one emblazoned with common passwords. Its name? What else? Security Blanket.

Add to that the dizzying array of privacy practices and legal disclosures consumers encounter on a regular basis — check the box, "Agree" to terms — and technology users rarely know what information is secure as it moves about the Web.

Cranor is working to make privacy tools and disclosures simpler and more functional for consumers. At Carnegie Mellon in Pittsburgh, she is director of the CyLab Usable Privacy and Security Laboratory and co-directs the master's program in privacy engineering. She has written more than 150 research papers on privacy-related subjects, co-edited the book "Security and Usability" and founded the Symposium on Usable Privacy and Security.

Now at the FTC, she advises the chairwoman and staff on a variety of technology issues, is helping the White House shape a national privacy research strategy and is organizing workshops on how to evaluate disclosures on everything from energy labels and clothing care tags to nutrition labels and drug risk statements.

All of this has grown out of Cranor's seven years of education at Washington University, where she earned a bachelor of science and two master of science degrees before ultimately receiving a doctorate in engineering and public policy from the School of Engineering & Applied Science in 1996.


To see more of Cranor’s quilts and her explanations of the designs, visit lorrie.cranor.org/quilts.

Cranor grew up in Maryland immersed in science and technology. Her mother was a mathematics professor, and her father worked as a biomedical engineer. They brought home computers before people had PCs, and as doctoral students, printed Cranor's birth announcement on punch cards.

When it came time for college, her mother heard about WashU and its engineering scholarships.

"My first reaction was, 'I've never been to Missouri. I don't think I want to go to Missouri,'" Cranor says.

"But I was a finalist for a Langsdorf Scholarship and went to visit. I was blown away and turned down my other admissions."

As a doctoral student, she researched electronic voting systems with guidance from Ron Cytron, professor of computer science & engineering.

"Ron was a wonderful adviser and taught me a lot about how to do research," Cranor says. "Often in graduate school, people are very focused on their particular narrow research area. But I found a lot of things I learned in other courses turned out to be helpful later."

Indeed, Cranor balanced her primary academic focus with interests in people, government and art. She helped found the Association of Graduate Engineering Students, served as a student representative on the university's Board of Trustees, edited XRDS (formerly Crossroads), the student magazine of the Association for Computing Machinery, and minored in fine art.

Today Cranor balances her career with family — she and her husband, Chuck Cranor, also a WashU alumnus, have three children. She practices yoga, enjoys photography, helps run the parent-teacher organization at her kids' school and has founded a local soccer organization for moms. On sabbatical during the 2012–13 academic year, Cranor cultivated her love of quilting, a hobby that has earned her national awards, a public exhibit and a feature in Science magazine.


Cranor’s family hiking in Colorado (from left): Lorrie, Nina, Shane, Chuck and Maya. Courtesy photo.

Cranor's tips for avoiding identity theft

After Cranor's identity was stolen, she shared tips for consumers to avoid it on her blog:

“One of the most important steps you can take is to establish a password or PIN that is required before making changes to your mobile account. Using this extra password or PIN is a good idea and should help reduce your risk of mobile account takeovers. However, it does not offer complete protection, so make sure you remain alert for phishing attacks, protect your financial account information, and examine your mobile phone and credit card bills carefully every month for signs of fraud. If your phone stops receiving a signal and says ‘emergency calls only’ or ‘no network,’ even after you restart your phone, contact your mobile carrier to see whether your account has been hijacked.”

Follow Lorrie Cranor’s blog, Tech@FTC at https://www.ftc.gov/tech