= Norman Sadeh =

Norman Sadeh
- Nationality: American, Belgian
- Fields: Artificial Intelligence, Privacy, Cybersecurity, Human AI Interaction, Societal Computing, Mobile Computing, Internet of Things, Language Technologies, AI Governance, Scheduling, Supply Chain Management
- Workplaces: Carnegie Mellon University
- Education: Ingénieur Civil Physicien (BS/MS Electrical Engineering & Applied Physics), M.Sc., Computer Science, Ph.D., Computer Science
- Alma Mater: Free University of Brussels, University of Southern California, Carnegie Mellon University
- Thesis Title: Look-ahead Techniques for Micro-opportunistic Job Shop Scheduling
- Thesis Url: https://www.ri.cmu.edu/pub_files/pub1/sadeh_koniecpol_norman_1991_1/sadeh_koniecpol_norman_1991_1.pdf
- Thesis Year: 1991

Norman Sadeh is a Belgian American computer scientist, scholar, entrepreneur and author. He is a Professor at Carnegie Mellon University.

Sadeh is most known for research contributions in privacy, cybersecurity, mobile computing, societal computing, scheduling, and supply chain management. He was the founding CEO and chairman of Wombat Security Technologies. At Carnegie Mellon University, he has led research projects including Usable Privacy Policy project, Personalized Privacy Assistant project) and also founded and directed academic programs. This includes the Privacy Engineering Program (founded in 2012), the Societal Computing PhD Program (founded in 2003) and the MBA Track in Technology Strategy and Product Management (founded in 2005). In the late nineties, he served as Chief Scientist of the European Union's new 550 million Euro program in e-Commerce and e-Work, which he had helped establish. He is also the author of the 2002 book, M-Commerce: Technologies, Services and Business Models.

==Education and career==
Sadeh was awarded a fellowship from the Belgian American Educational Foundation to pursue his graduate studies in the US and went on to enroll at the University of Southern California, where he worked on multi-agent planning and scheduling under the supervision of Les Gasser. In 1987, he was admitted into the PhD Program in Computer Science at Carnegie Mellon University. As part of his dissertation, he developed a probabilistic model of constraint satisfaction problems and demonstrated how this model could inform the development of particularly effective search heuristics for scheduling problems. His PhD advisor at Carnegie Mellon University was Mark S. Fox.

In 1991, following the completion of his PhD, he joined the faculty in the School of Computer Science at Carnegie Mellon University, starting as an Assistant and later Associate Research Professor at the Robotics Institute. During that time, he co-founded and co-directed the Intelligent Coordination and Logistics Laboratory, where he conducted research in intelligent planning and scheduling and agent-based supply chain management. In the late nineties, he was on leave from Carnegie Mellon University, working at the European Commission in Brussels, initially as program manager in the European Union's ESPRIT Research Program, and later as Chief Scientist of the 550 million Euro EU Program in New Methods of Work and e-Commerce from 1998 to 2000. As Chief Scientist of the Program, he was in charge of organizing the program's research priorities and also contributed to EU public policy activities related to the Internet, e-commerce, cybersecurity, privacy, mobile computing and the Internet of Things with a focus on human-centered issues and Artificial Intelligence.

Upon returning to Carnegie Mellon University from the European Commission, Sadeh joined the Institute for Software Research (now the Software and Societal Systems (S3D) department) within the School of Computer Science. There, he founded and directed the e-Supply Chain Management Lab. He also established the Mobile Commerce Lab. After his return from the European Commission, a significant portion of his research centered on cybersecurity and privacy. He served as principal or co-principal investigator on projects including Personalized Privacy Assistant Project, Privacy Question Answering Project, Privacy and Security Nudging Project, Preventing Semantic Attacks Project, User-Controllable Security and Privacy Project, User-Controllable Policy Learning Project, Usable Privacy Policy Project, and Contextual Integrity from Theory to Practice.

In 2008, Sadeh co-founded Wombat Security Technologies, serving as founding CEO (2008-2011), Chairman (2008–2018) and Chief Scientist (2011-2018). At Wombat Security Technologies, he oversaw the development and launch of user-oriented cybersecurity training products. The company was acquired by Proofpoint in 2018 for $225 million. In 2018, he was named Outstanding Entrepreneur of the Year by the Pittsburgh Venture Capital Association for his roles as founding CEO, chairman and chief scientist at Wombat Security Technologies.

Sadeh's contributions to education at Carnegie Mellon University include the co-founding in 2003 of the Societal Computing PhD Program in the School of Computer Science, a program he co-directed for 10 years. It also includes the founding and directing of the MBA Track in Technology Strategy and Product Management in 2005. He also co-founded CMU's Master's Program in Product Management, a 1-year program. In 2012, he co-founded Carnegie Mellon University's Master's Program in Privacy Engineering.

Sadeh holds around 30 patents. This includes a cybersecurity training system developed at Wombat Security Technologies that customizes and delivers personalized training interventions to users based on their specific risk profiles for various security threats, with an administrator interface for customization and scheduling. His patents also cover personalized privacy assistant technologies using machine learning to recommend and configure user-specific privacy settings for mobile apps and IoT devices. Other patents cover clustering technologies to understand the dynamics of cities as shaped by human activities. These patents relate to his work on the Livehoods project. His patent on user-controllable machine learning covers early techniques that incorporate human feedback to refine machine learning models.

==Research==
Sadeh is most known for AI-based privacy-enhancing technologies, including privacy assistants, automated privacy compliance tools, and NLP-based privacy solutions. His foundational work on modeling privacy expectations and preferences, as well as privacy and security nudging, has influenced developments in both research and industry. His work on mobile app privacy has shaped public policy and product development at organizations like Google and Apple. This includes the introduction of mobile app permission managers, of increasingly expressive mobile app privacy settings, of privacy nudges, of mobile app privacy labels and of mobile app privacy compliance tools.

Sadeh's privacy research has highlighted the complexity and diversity of people's privacy expectations across domains such as mobile apps, location sharing, social media, and IoT. His work exposed shortcomings in the Android permission model and iOS privacy management. His research with Kelley and Cranor in 2013 played influenced the introduction of mobile app privacy and safety labels in Apple's and Google's app stores.

Sadeh's work on automated mobile app privacy compliance was the first to integrate code analysis with privacy policy text analysis using language techniques. As part of the MAPS system, he analyzed over one million Android apps for compliance issues. Over the years, his research has spanned mobile and IoT systems, usable security and privacy, online privacy, human-AI interaction, and societal computing. His early work in constraint satisfaction problems (CSPs) for scheduling introduced probabilistic frameworks for job shop scheduling, informing the design of particularly effective search heuristics for scheduling problems. In supply chain management, he contributed to multi-agent modeling frameworks and decision support systems, enabling adaptive e-supply chain management practices through enhanced coordination and agility.

Sadeh's anti-phishing research contributed to the development of machine learning technology to detect phishing emails and a suite of cybersecurity training technologies, both originally commercialized by Wombat Security and, following the company's acquisition by Proofpoint.

Sadeh's work on modeling people's privacy expectations and preferences played a role in illustrating their complexity and diversity. It further demonstrated how machine learning technologies could assist users in managing the explosion of privacy settings made available to them in the form of recommendations they can review and informed the development of functionality such as Chrome permission prompting. His work evaluating privacy policy comprehensibility exposed ambiguities that undermine informed consent, contributing to discussions on the limitations of the notice and choice framework.

Beyond privacy, Sadeh explored leveraging social media data to analyze the dynamics of city life, developing clustering models to understand at scale how people perceive cities, neighborhoods, and venues and how these mental maps are reflected in their behavior. He also investigated the role of nudges in privacy and security decisions, and demonstrated how these nudges can help motivate users to pay attention to security and privacy issues they would likely otherwise ignore. His work on large language models demonstrated how these technologies can be used to develop particular effective privacy and security assistants.

==Other works==
Sadeh has made contributions to books throughout his career. In 2002, he authored M-Commerce: Technologies, Services, and Business Models, which explored both the technical and business aspects of mobile commerce. The book covered technologies such as WAP, 3G, and mobile payments, as well as emerging services, evolving industry roles, and future trends. He has edited several volumes of Agent-Mediated Electronic Commerce and Trading Agent Design and Analysis, which featured conference proceedings. Moreover, he has authored or co-authored over 300 scientific publications.

==Awards and honors==
- 2005 – IBM Best Faculty Privacy Award, IBM Research
- 2010, 2013, 2015, 2016, 2017, 2021 – Google Faculty Research Awards
- 2016 – IAPP SOUPS Privacy Award
- 2018 – Outstanding Entrepreneur of the Year, Pittsburgh Venture Capital Association
- 2019 – Mozilla Research Award, Mozilla Foundation
- 2023 - Test of Time Award for work on Livehoods, International Conference on Web and Social Media
- 2025 - Test of Time Award for work on Android permission interfaces, Symposium on Usable Security and Privacy

==Bibliography==
===Books===
- M-Commerce: Technologies, Services, and Business Models (2002) ISBN 9780471135852

===Selected articles===
- Swaminathan, J. M., Smith, S. F., & Sadeh, N. M. (1998). Modeling supply chain dynamics: A multiagent approach. Decision Sciences, 29(3), 607–632.
- Fette, I., Sadeh, N., & Tomasic, A. (2007, May). Learning to detect phishing emails. In Proceedings of the 16th International Conference on World Wide Web (pp. 649–656).
- Cranshaw, J., Schwartz, R., Hong, J., & Sadeh, N. (2012). The Livehoods Project: Utilizing social media to understand the dynamics of a city. In Proceedings of the International AAAI Conference on Web and Social Media, 6(1), 58–65.
- Lin, J., Amini, S., Hong, J. I., Sadeh, N., Lindqvist, J., & Zhang, J. (2012, September). Expectation and purpose: Understanding users' mental models of mobile app privacy through crowdsourcing. In Proceedings of the 2012 ACM conference on ubiquitous computing (pp. 501–510).
- Liu, B., Andersen, M. S., Schaub, F., Almuhimedi, H., Zhang, S., Sadeh, N., Acquisti, A., & Agarwal, Y. (2016, June). Follow my recommendations: A personalized assistant for mobile app permissions. Symposium on Usable Privacy and Security (SOUPS '16).
- Wilson, S., Schaub, F., Liu, F., Sathyendra, K. M., Smullen, D., Zimmeck, S., Ramanath, R., Story, P., Liu, F., Sadeh, N., & Smith, N. A. (2018). Analyzing privacy policies at scale: From crowdsourcing to automated annotations. ACM Transactions on the Web, 13(1).
- Zimmeck, S., Story, P., Smullen, D., Ravichander, A., Wang, Z., Reidenberg, J., Russell, N. C., & Sadeh, N. (2019, July). MAPS: Scaling privacy compliance analysis to a million apps. Privacy Enhancing Technologies Symposium (PETS 2019).
