I am a sixth year PhD candidate in the Department of Economics at the University of Virginia. My research focuses on the economics of privacy and information, with a particular interest in cybercrime. I will be graduating in May 2025 and am on the 2024-2025 job market. My CV can be found here.
Occasionally (seldomly), I'll write about projects I'm working on and you can find my most recent posts below. I recently open sourced Satchel, my MLB projection model, and you can find those projections here.
Job Market Paper
The Effects of Privacy Regulation on the Supply of Stolen Data
Abstract: Individuals are constantly generating streams of data collected by businesses, educational institutions, data brokers, and many other organizations. These organizations are regularly targeted by cyber criminals attempting to steal that data in order to exploit or sell it in online markets. In this paper I use a novel dataset of data breaches to study the effects of the European Union's General Data Protection Regulation (GDPR), a policy governing the collection and storage of user data, on the quantity of data available in the illicit market. Using a difference-in-differences design, I find that the GDPR caused a 61 percent reduction in the number of data breaches traded, but no reduction in the aggregate amount of data available. Analyzing the contents of the individual breaches, I find a nearly 70 percent increase in the amount of data they contain. The model I present in the paper shows that these results are consistent with low-value hacking targets becoming disproportionally less valuable after the GDPR, which in turn causes higher-value targets to make up a larger portion of post-GDPR data breaches.