Public Lecture by Lorrie Faith Cranor "Security, Privacy, and Usability: Better Together"

The Computer Science Department’s Class of 1960 Scholars Lecture
Thursday, October 25 at 8:00 pm in Wege Auditorium (TCL 123)

Security, Privacy, and Usability: Better Together

Usable privacy and security research aims to consider security, privacy, and usability goals together in order to develop solutions in which these goals are not in conflict with each other. In this talk I will highlight some of our projects that illuminate the insights that can be gained through consideration of human behavior together with security and privacy. First, I will discuss our work exploring the usability of tools designed to help users control online behavioral advertising. Our empirical user studies are helping to inform the public policy debate about privacy regulation. Next I will discuss our work on usability and access control. We have explored the access-control needs of non-expert computer users and developed and tested approaches to make access control policy management more natural. We have also explored the ways that underlying access-control system models interact with user interface components and demonstrated that even seemingly small changes to a system’s semantics can fundamentally affect the system’s usability. Finally, I will discuss our research on the usability and security of text passwords. In a series of online studies, we have asked over 34,000 users to create passwords and return to our website several days later and try to recall their passwords. These studies allow us to compare password policies, for example, requiring long passwords or requiring passwords to include uppercase and lowercase letters, digits, and symbols. By examining usability and security properties together, we have identified several common misconceptions about the impact of password composition policies on user behavior. Throughout this talk I will argue that examining security/privacy and usability together is often critical for achieving either.

Lorrie Faith Cranor is an Associate Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University where she is director of the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the Privacy Engineering masters program. She is also a co-founder of Wombat Security Technologies, Inc. She has played a key role in building the usable privacy and security research community, having co-edited the seminal book Security and Usability (O’Reilly 2005) and founded the Symposium On Usable Privacy and Security (SOUPS). She also chaired the Platform for Privacy Preferences Project (P3P) Specification Working Group at the W3C and authored the book Web Privacy with P3P (O’Reilly 2002). She has served on a number of boards, including the Electronic Frontier Foundation Board of Directors, and on the editorial boards of several journals. She was previously a researcher at AT&T-Labs Research and taught in the Stern School of Business at New York University.