Q&A: Privacy engineers could hold the key
Lorrie Faith Cranor is an associate professor of computer science and of engineering and public policy at Carnegie Mellon University. She serves as the director of the CyLab Usable Privacy and Security Laboratory and co-director of CMU's new master of science program in information technology-privacy engineering, which begins next fall.
Cranor spoke to the Trib about the new program — the first of its kind in the world — which is intended for students seeking to play a significant role in building privacy into future products, services and processes.
Q: How did this program originate?
A: There are a group of faculty members at Carnegie Mellon who have been doing research in online privacy, and we've offered a number of courses related to privacy over the years (but) we haven't actually had a degree in privacy. And increasingly we've been hearing from companies who approach us and say they're trying to hire a privacy engineer and ask if we have any graduating students who are qualified. We decided we really needed to start a master's degree program focused on privacy engineering. There are no other privacy engineering degrees in existence anywhere.
Q: And what exactly is privacy engineering? Can you put that in layman's terms?
A: Take a social networking company, for example, that is building new tools that help people share their photos and their thoughts with friends. But it raises a lot of privacy issues. The simple privacy solution is to turn off a lot of sharing and don't let people do the fun things. But that is not what you want to do. You want to find solutions that give people the ability to control who can see their posts and who can't and allow them to control their own privacy but still get to do the things for the reasons why they signed up for the social network. A privacy engineer is someone who understands the engineering and the privacy sides and works out strategies that allows people to protect privacy without getting in the way of building cool things.
Q: What curriculum will the program have?
A: It includes courses (offering) a background in privacy law and regulation in the United States and throughout the world, courses in how to use technology to protect privacy, which gets into encryption algorithms and some of the really technical nuts and bolts. We have courses in software engineering and privacy, courses in how to factor in usability and human factors in dealing with privacy and secure systems.
Q: You're saying the program is multidisciplinary, so what type of undergraduate degrees should students have coming into it?
A: We want students who have a solid technical background, so computer science or engineering degrees are good, and then (they also should have) an interest in privacy or public policy issues.
Q: How much interest in the program has there been thus far?
A: We've had a lot of interest from companies that are saying, “When are you going to graduate your first students, we want to hire them,” which is fantastic. We haven't yet had as much interest from prospective students — so we're attempting to get the word out that we have this program and we think there will be some very good jobs for people after they graduate.
Eric Heyl is a staff writer for Trib Total Media. He can be reached at 412-320-7857 or [email protected].