Former FTC Chief Technologist outlines better user privacy policies

| Staff Writer

Dr. Lorrie Cranor, Former Chief Technologist for the Federal Trade Commision (FTC), former undergrad and graduate student at WashU, and current Carnegie Mellon University computer science professor, discussed her proposals for user friendly privacy policies on Friday, Oct. 13. 

The talk was hosted by the McKelvey School of Engineering’s Computer Science and Engineering department. 

Cranor discussed the current situation with website privacy policies in which users have to accept to make accounts. She also talked about her research on privacy and security transparency, privacy icons, and her privacy choice evaluation guidelines and website cookies.

The event began with her highlighting the history of privacy policies since the FTC required them in the 1990s.

“Privacy policies started appearing on websites in the 1990s, and people said ‘wow that’s really long, who’s going to read that?’” Cranor said. “At the time, the U.S. FTC was strongly encouraging companies to post these policies, but they were getting pushback from consumer groups.”

She presented examples of privacy policies for major websites,and outlined how it is not feasible for people to read the entire script. Since many of them are thousands of words long, most people simply scroll to the bottom and click accept. 

Cranor proposed a different kind of privacy policy. Instead of lengthy legalese text, she conjectured one which could be more friendly towards users. 

“We have nutrition labels on food and they’re short. Could we do something like that for privacy?” Cranor said. 

Cranor then discussed her research on privacy policies and ways to better them. At WashU and CMU, she has authored 200 research papers on online privacy, usable security, and other topics. 

One of the various methods of better privacy transparency she discussed was an information bar at the top of websites to show users what data is being used. 

Cranor also showed privacy policies in the form of user-friendly graphs and infographics created by her and her students at CMU.

“This is just a research prototype, but there is some privacy ‘nutrition label,’” Cranor said.

Cranor also discussed her research into banking privacy policies. Unlike most websites, every bank in the United States has standardized and more user friendly privacy policy pages. Cranor and her team collected data from these banks’ privacy policies and sorted them on a website to show consumers which ones have the most transparent and comprehensible policies. 

Cranor discussed her analysis of 6000 banks’ privacy policies, most of which she described as “not good.”

She ended by discussing her research on privacy icons. She ran a study showing that the Digital Advertising Alliance  ‘AdChoices’ button next to the close ad button wasn’t an ineffective industry standard.

Cranor and her team at Carnegie Mellon University’s CyLab and the University of Michigan’s School of Information developed an innovative and user-friendly privacy icon which would be adopted after the California Consumer Privacy Act.

“We started with some ideas and made lots of designs,” Cranor said. “What we found is that this  California privacy choices icon best conveys choices about privacy information.”

Sign up for the email edition

Stay up to date with everything happening at Washington University and beyond.