Education

Carnegie Mellon University Engineering & Public Policy Ph.D., graduation anticipated Summer, 2010. Thesis: Footprints Near the Surf: Individual Privacy Decisions in Online Contexts. Committee members: Lorrie Faith Cranor (chair), Alessandro Acquisti, Deirdre K. Mulligan, Jon M. Peha.

Carnegie Mellon University Engineering & Public Policy M.S., May, 2008.

Carnegie Mellon University H. John Heinz School of Public Policy and Management. M.S. in Public Policy and Management with a concentration in Internet Policy, May, 2006.

Carnegie Mellon University B.A., Professional Writing, 1993.

Additional non-degree course work in law at Golden Gate University (Contracts, Torts, Civil Procedure, Criminal Law, and Legal Writing) and De Anza College (Real Estate Law).

Publications

McDonald, A. M, and Cranor, L. F. Beliefs and Behaviors: Internet Users’ Understanding of Behavioral Advertising. To appear in 38th Research Conference on Communication, Information and Internet Policy (Telecommunications Policy Research Conference) (October 2010).

McDonald, A. M. Cookie Confusion: Do Browser Interfaces Undermine Understanding? In Proceedings of the 28th International Conference Extended Abstracts on Human Factors in Computing Systems (2010). CHI EA '10. [Author's version]

McDonald, A. M., Reeder, R. W., Kelley, P. G., and Cranor, L. F. A Comparative Study of Online Privacy Policies and Formats. Privacy Enhancing Technologies Symposium, August 5-7 2009. [Author's version]

McDonald, A. and Cranor, L. The Cost of Reading Privacy Policies. I/S: A Journal of Law and Policy for the Information Society. 2008 Privacy Year in Review issue. [Author's version]

Cranor, L., Egelman, S., Sheng, S., McDonald, A., and Chowdhury, A. P3P Deployment on Websites. Electronic Commerce Research and Applications, Volume 7 , Issue 3 (November 2008). Pages 274-293. [Author's version]

Reeder, R., Cranor, L., Kelly, P. and McDonald, A. A User Study of the Expandable Grid Applied to P3P Privacy Policy Visualization. In Proceedings of the Workshop on Privacy in the Electronic Society (WPES 2008), Washington, DC, USA, October 2008.

James, R., Kim, W. T., McDonald, A. M., McGuire, R. A Usability Evaluation of a Home Monitoring System. SOUPS '07: Proceedings of the 3rd Symposium on Usable Privacy and Security. Pages 143-144, July 2007.

McDonald, A. M. and Cranor, L. F. How Technology Drives Vehicular Privacy. I/S: A Journal of Law and Policy for the Information Society, 2(3), Fall 2006, 981-1015. [Author's version]

In Submission

McDonald, A. M., and Cranor, L. F. Americans’ Attitudes About Internet Behavioral Advertising Practices

Leon, P. G., Cranor, L. F., McDonald, A. M., and McGuire, R. Token Attempt: The Misrepresentation of Website Privacy Polices through the Misuse of P3P Compact Policy Tokens

In Preparation

McDonald, A. M., and Cranor, L. F. Flash Cookies and Respawning Rates

McDonald, A. M., Papasian, D. and Peha, J. M. Technical and Policy Responses to Spyware

Technical Reports

McDonald, A. M., and Cranor, L. F. An Empirical Study of How People Perceive Online Behavioral Advertising. CyLab Technical Report 09-015. November 10, 2009. [CyLab version]

Cranor, L. F., McDonald, A. M., Egelman, S. and Sheng, S. 2006 Privacy Policy Trends Report. CyLab Privacy Interest Group. January 31, 2007. [Author's version]

Presentations

Testimony

Supported Lorrie Faith Cranor's panel discussion on consumer privacy expectations at the Federal Trade Commission's first privacy roundtable, December 7, 2009.

Supported a portion of Lorrie Faith Cranor’s testimony to the Federal Trade Commission Ehavioral Advertising: Tracking, Targeting, & Technology town hall meeting, November 2, 2007.

Invited Talks

Google Tech Talk. Privacy Targets: Three User Studies on Internet Privacy and Targeted Advertising. June 1, 2010.

eMetrics panel discussion with Bob Page (Yahoo! Analytics) and John McKean (Center for Information Based Competition.) "The Great Cookie Debate or Your Personally Identifiable Information or Your Life!" October 22, 2009. [Overview]

Google Tech Talk. Online Privacy: Industry Self Regulation in Practice. September 17, 2009. [Video | Slides in PDF]

Conferences

Privacy Law Scholars Conference (PLSC). Impressions and Privacy: A study of American Internet Users’ Attitudes about Targeted Advertising. June 3, 2010.

McDonald, A. M., Reeder, R. W., Kelley, P. G., and Cranor, L. F. A comparative study of online privacy policies and formats. Privacy Enhancing Technologies Symposium, August 5-7 2009.

McDonald, A. and Cranor L. The Cost of Reading Privacy Policies. In The 36th Research Conference on Communication, Information and Internet Policy (TPRC), Sep 27, 2008, The National Center for Technology and Law, George Mason University School of Law, USA.

Poster Sessions

Cookie Confusion: Do Browser Interfaces Undermine Understanding? Human Factors in Computing Systems (CHI) April 12, 2010.

A Comparative Study of Online Privacy Policies and Formats. Symposium on Usable Privacy and Security (SOUPS) July 15-17, 2009.

The Time Value of Reading Online Privacy Policies. Computers, Freedom and Privacy (CFP) June 1, 2009.

A Comparative Study of Online Privacy Policies and Formats. Freedom and Privacy (CFP) June 1, 2009.

The Time Value of Reading Online Privacy Policies. CyLab Partners Conference, October, 2008.

Technical and Policy Responses to Spyware. Telecommunications Policy Research Conference (TPRC) September, 2008.

2006 Privacy Policy Trends Report. Carnegie Mellon Privacy Mind Swap Poster Fair, October 19, 2007.

A User Study of the Expandable Grid Applied to P3P Privacy Policy Visualization. Carnegie Mellon Privacy Mind Swap Poster Fair, October 19, 2007.

P3P Deployment on Websites. Carnegie Mellon Privacy Mind Swap Poster Fair, October 19, 2007.

Technical and Policy Responses to Spyware. Anti-phishing Working Group eCrime Researchers Summit, October 7, 2006.

How Technology Drives Vehicular Privacy. Gordon Science & Technology Policy Conference, August, 2006.

Technical and Policy Responses to Spyware. CyLab Partners Conference, April, 2006.

How Technology Drives Vehicular Privacy. Carnegie Mellon Privacy Poster Fair, December 14, 2005.

Experience

Technology Policy

Carnegie Mellon University, Research Assistant, staff position, 5/06 – 8/06
Under the direction of Dr. Jon M. Peha, managed a group of three students to investigate spyware traffic on the Carnegie Mellon network. Determined schedule and priorities for students. Used Snort on Red Hat with custom anonymization tools to ensure privacy. Responsible for IRB (Institutional Review Board) interactions. Performed data analysis in mySQL, SAS, and R.

Center for Democracy & Technology, Washington, DC. Summer intern, 5/05 – 7/05
Authored two internal papers on RFID (Radio Frequency Identification) including research on security issues and privacy. Participated in events on layered privacy notices, Real ID, and the PATRIOT Act. Edited written comments to the Federal Election Committee. Attended FEC and Senate Intelligence Committee hearings.

Teaching Experience — Carnegie Mellon

Project manager. Policy Dimensions of New Space Technologies, Spring, 2008. Responsible for a team of six undergraduate students as they defined, designed, and performed research regarding “new space” (entrepreneurial rather than NASA-led) business models, technologies, and federal policies. We submitted findings to our client, the Federal Aviation Agency. Created and graded quizzes. Contributed to assigning midterm and final grades.

Guest lecturer. Useable Privacy and Technology, Spring, 2008. Topic: Online privacy policies. Also led a class tour of a biometrics laboratory.

Guest lecturer. Useable Privacy and Technology, Spring, 2007. Topic: Visualizing privacy [slides]

Guest lecturer. Privacy Policy, Law, and Technology, Fall, 2007. Topic: Privacy policies and privacy communication.

Editorial Experience

Reviewer, Information Systems Frontiers, 2010.

Program Committee, Privacy Enhancing Technologies Symposium (PETS), 2010.

Political Experience

Advance volunteer from 1997-2002 for the Vice President of the United States and a United States Senator. Worked with the Secret Service and Silicon Valley CEOs. Part-time volunteer for multiple campaigns from 1995 to 2008, full-time volunteer for three months in 2002. Experience with campaigns at all levels (Town Council, San Francisco Board of Supervisors, VA House, United States Senate, United States President.) Responsibilities: campaign manager, site lead, event planner, media coordinator, motorcade lead, phone bank manager, delegate to a State convention.

Writing Experience

A decade of experience working for software startups. Specialized in single-source cross-platform documentation, ranging from online help to API manuals. Wrote and edited thousands of pages; as team lead, was responsible for scheduling and mentoring new hires; advocated for usability testing and customer contact to meet reader's needs.

Technical Writer, Contractor for San Francisco Bay area software companies	7/01 – 5/04
Ariba, Mountain View, CA Software Quality Engineer; Technical Writer	4/98 – 7/01
Z-AXIS, San Mateo, CA. Technical Writer	3/97 – 4/98
Visix Software, Reston, VA. Technical Writer	3/95 – 3/97

Awards and Honors

CyLab Usable Privacy and Security Meritorious Achievement Certificate, 2010.

Barbara Lazarus Women@IT Fellowship, 2006-7. Received full tuition and stipend support for one year of doctoral scholarship.

Friedman Fellowship, summer 2005. Received support for a summer of technology policy work in Washington, DC.

Service

Volunteer work on conference logistics for multiple years:

• Symposium on Usable Privacy and Security (SOUPS)
• Freedom to Connect (F2C)
• Anti-Phishing Working Group (APWG) eCrime Summit

Department representative to Graduate Student Assembly (GSA) 2006-7. Successfully argued against two proposed university policies, leading to improved compromise solutions for case-by-case evaluation of non-resident PhD health care coverage and multiple sheltered locations for smokers. Co-created guidelines to fund events with non-department attendees. Finished the year with a modest surplus.

Media Coverage

Coverage of mental models of online advertising and behavioral targeting:

• Davis, Wendy. Study: Consumers Equate BT With `Privacy Harm' Daily Online Examiner. (17 Nov, 2009) [original | cached PDF]

Radio interview with Free Press on The Cost of Reading Privacy Policies (17 Oct, 2008) [Original transcript | cached PDF | cached audio]

Our findings about the value of the time required to read privacy policies were covered by technology and legal publications, and blogged internationally in multiple languages. Highlights:

• Anderson, Nate. Study: Reading online privacy policies could cost $365 billion a year. Ars Technica. (8 Oct 2008) [original | cached PDF]
• Davis, Wendy. Online Execs Object To Privacy Statement Report. MediaPost's Online Media Daily. (9 Oct 2008) [original | cached PDF]
• McGee, Matthew. Average privacy policy takes 10 minutes to read, research finds OUT-LAW News. (6 Oct 2008) [original | cached PDF]
• Slashdot, 20 Hours a Month Reading Privacy Policies (10 Oct 2008) [original]
• Whoriskey, Peter. Lost in the Fine Print: It Would Take a Week to Read All Your Privacy Policies. Washington Post I.T. (26 Sept 2008) [original | cached PDF]
• Wilson, Tim. Users, Enterprises Pay for Poor Privacy Policies, Study Says. Dark Reading. (7 Oct 2008) [original | cached PDF]