The Federal Trade Commission has tapped privacy guru Lorrie Faith Cranor, a computer scientist with Carnegie Mellon University, to serve as its next chief technologist.
Cranor is not only a leading researcher but also a tough critic of the online ad industry's privacy initiatives. "The problem with self-regulatory privacy
standards seems to be that the industry considers them entirely optional, and no regulator has yet stepped in to say otherwise," she wrote in a 2012 blog post.
Cranor will advise FTC Chairwoman Edith Ramirez on technology and policy issues. "Technology is
playing an ever more important role in consumers’ lives, whether through mobile devices, personal fitness trackers, or the increasing array of Internet-connected devices we find in homes and
elsewhere,” Ramirez said Thursday in a statement announcing Cranor's appointment.
Cranor, who has authored more than 150 research papers on online privacy and security, also has helped
develop practical mechanisms aimed at preserving privacy.
Her academic research, combined with her efforts to design privacy-friendly features, "clearly will be valuable to the FTC," says
Jules Polonetsky, executive director of the think tank Future of Privacy Forum (where Cranor serves on the advisory board).
"She brings a unique mix of technological prowess, scholarship and
understanding of consumer attitudes toward privacy," Polonetsky says.
But Mike Zaneis, general counsel at the Interactive Advertising Bureau, sounded a more critical note. "The revolving door
of privacy advocates masquerading as Chief Technologists continues at the FTC," he said in an email to MediaPost. "It's like they are funding a one semester internship for anyone with advocate bona
fides."
Cranor helped pioneer an early effort to automate online privacy -- the Platform for Privacy Preferences, or P3P. The idea behind P3P (now largely defunct) was that sites would post
privacy policies and Web browsers would then "read" those policies and decide whether to block cookies on those sites.
That determination would hinge on how users had configured their
browsers' privacy settings. Cranor reported several years ago that P3P didn't function as intended because publishers
did not submit accurate information.
In 2008, she blasted Web companies for crafting unreadable privacy policies. She said in a report that online privacy policies take users an average of 10
minutes to read. That report also said that if every U.S. Web user read the privacy policy at every site visited, the time spent reading privacy policies would total an estimated 44.3 billion hours
per year.
Cranor's report concluded that regulation might be necessary to "provide basic privacy protections."
She will replace privacy researcher Ashkan Soltani, who has served as
chief technologist since last November. Before joining the FTC, Soltani contributed to the Washington Post's prize-winning articles about former National Security Agency contractor Edward
Snowden's surveillance revelations. Soltani also consulted with The Wall Street Journal for a series of pieces about tracking by online ad companies.
Other former chief
technologists include privacy experts like Harvard's Latanya Sweeney, who became famous for research that cast doubt on anonymization techniques, and Princeton's Ed Felten.