Chesley Lecture Events May 1st – May 3rd

29 April 2024

Chesley Lectureship with Dr. Lorrie Cranor

The CS Department has the opportunity to host the Chelsey Lectureship this year (we only get to do this every 6 years). This year’s scholar is Dr. Lorrie Cranor, a Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University. Her research primarily focuses on the usability of privacy and security technologies or policies. She has also done research into anti-phishing and electronic voting and is currently working on a myriad of topics including usable privacy choices. 

She will give two public talks that you should consider stopping by:

There are also a number of opportunities to meet and chat with Dr. Cranor that are open to all students, staff and faculty.  Stop by for 5 minutes; or stay for the entire time!

  • Thursday, May 2, 9:30-10:30am in Olin 306 — Informal conversation hosted by the CS department
  • Thursday May 2, 10:30-11:30am in CMC 109 — Informal conversation hosted by ITS
  • Friday, May 3, 8:30-9:00am in Olin 306 — Informal conversation hosted by the CS department

More Information:

Dr. Lorrie Cranor is the Director and Bosch Distinguished Professor of the CyLab Security and Privacy Institute and FORE Systems University Professor of Computer Science and of Engineering and Public Policy at Carnegie Mellon University. She directs the CyLab Usable Privacy and Security Laboratory (CUPS) and co-directs the Privacy Engineering masters program. In 2016 she served as Chief Technologist at the US Federal Trade Commission. She co-founded Wombat Security Technologies. She is a fellow of the ACM, IEEE, and AAAS and a member of the ACM CHI Academy.

The main public Chesley Lecture on Wednesday, May 1 from 5:00-6:00pm in the Weitz Cinema

Do We Actually Have a Choice? Why Navigating Privacy Choice is Difficult and How We Can Make it Better

Users who wish to exercise privacy rights or make privacy choices must often rely on website or app user interfaces. However, too often, these user interfaces suffer from usability deficiencies ranging from being difficult to find, hard to understand, or time-consuming to use, to being deceptive and dangerously misleading. This talk will discuss user-centric approaches to designing and evaluating privacy interfaces that better meet user needs and help reduce the overwhelming number of privacy choices. I’ll present several explorations of privacy interfaces from my research including cookie consent banners, mobile app privacy and nutrition labels, IoT privacy and security labels, and a privacy options icon for the State of California.

CS Tea on Thursday, May 2 from 3:30-4:30pm in Anderson 329

Real Humans, Simulated Attacks: Usability Testing with Attack Scenarios

User studies are critical to understanding how users perceive and interact with security and privacy software and features. While it is important that users are able to configure and use security tools when they are not at risk, it is even more important that the tools continue to protect users during an attack. Conducting user studies in the presence of (simulated) risk is complicated. We would like to observe how users behave when they are actually at risk, but at the same time we cannot harm user study participants or subject them to increased risk. Often the risky situations we are interested in occur relatively infrequently in the real world, and thus can be difficult to observe in the wild. Researchers use a variety of strategies to overcome these challenges and place participants in situations where they will believe their security or privacy is at risk, without subjecting them to increases in actual harm. In this talk I will highlight the importance of security user studies and talk about a number of different user study approaches we have used at the CyLab Usable Privacy and Security Lab at Carnegie Mellon University to study passwords, security warnings, why people fall for phish, and more.