I am an assistant professor in the economics department at the University of Maryland, Baltimore County and an affiliate of the UMBC Cybersecurity Institute. My research focuses on the economics of privacy and information, with a particular interest in cybercrime. My CV can be found here.
Occasionally (seldomly), I'll write about projects I'm working on, You can find my most recent posts below. I recently open sourced Satchel, my MLB projection model, and you can find its projections for the current season here.
Latest Research
The Effects of Privacy Regulation on the Supply of Stolen Data
Abstract: Individuals are constantly generating streams of data collected by businesses, educational institutions, data brokers, and many other organizations. These organizations are regularly targeted by cyber criminals attempting to steal that data in order to exploit or sell it in online markets. In this paper I propose a model of the stolen data economy to show how privacy regulations may affect the market. I then introduce a novel dataset of data breaches to study the effects of the European Union's General Data Protection Regulation (GDPR), a policy governing the collection and storage of user data, on the quantity of data available in the illicit market. Using a difference-in-differences design, I find that the GDPR caused a 60 percent reduction in the number of data breaches traded, but no reduction in the aggregate amount of data available. Analyzing the contents of the individual breaches, I find a nearly 70 percent increase in the amount of data they contain. These results are consistent with the model's prediction that low-value hacking targets becoming disproportionally less valuable after the GDPR, which in turn causes higher-value targets to make up a larger portion of post-GDPR data breaches.