I am an Associate Professor in the College of Computer and Information Science at Northeastern University. I am a member of the Cybersecurity and Privacy Institute and the Director of the BS in Cybersecurity program in the College.

My research lies at the intersection of Big Data, security, and privacy. It draws on methods from computer, social, political, and economic sciences.

News

  • July 2018: Two IMC papers accepted this year! Congrats to TJ and Team PKI on their new paper "Is the Web Ready for OCSP Must Staple?", and to Ahmad on the conference version of his paper "How Tracking Companies Circumvented Ad Blockers Using WebSockets".
  • July 2018: Fun video, in which I warn Molly Callahan from News@Northeastern that she will starve if she tries to live on Bitcoin for a day.
  • June 2018: Achievement: unlocked. I am now an Associate Professor! Thank you to all my students and collaborators over the last six years, without whom this would not have been possible. Thank you to my family, for their unconditional support. And of course, thanks to the boss.
  • May 2018: We have two new papers appearing at PETS 2018: Elleen and Jingjing have a paper examining leaks of audio, video, and images from Android apps, Ahmad has one on modelling the diffision of tracking data in the ad ecosystem.
  • February 2018: Our CHI 2018 paper on gender discrimination on hiring websites has been selected for an Honorable Mention award!
  • December 2017: Congrats to Le, Ancsa, and Ruijun on their upcoming CHI paper, which examines gender discrimination on hiring websites. This is our first CHI paper ever!
  • December 2017: Usenix ;login: magazine has a slick article this month covering the highlights of our recent measurements of DNSSEC deployment. TL;DR DNSSEC deployment remain low, but even worse is that a large fraction of existing deployments are incorrect, and local nameservers are failing to validate DNSSEC records even after they explicitly ask for them. Registrars make the problem worse by not having consistent or secure (or on-by-default) mechanisms for managing DNSSEC records.
  • December 2017: TJ has a post up on the APNIC blog about our recent IMC paper on why DNSSEC adoption is so low, and potential ways to spur deployment.
  • September 2017: Congratulations to James Larisch and the rest of the CRLite team for winning the 2017 IEEE Cybersecurity Award for Innovation!
  • September 2017: I am thrilled to be helping to organize the inaugural Conference on Fairness, Accountability, and Transparency (FAT*). Paper submissions are due October 6, 2017!
  • August 2017: Update your links: my homepage has moved to a new home at https://cbw.sh/.
  • August 2017: Honored and excited to receive a distinguished paper award at Usenix Security 2017 for TJ's DNSSEC ecosystem paper!
  • August 2017: Paper news: congrats to TJ on his IMC 2017 paper on the misbehavior of DNS registrars with respect to DNSSEC, and to Ron on his CSCW 2018 paper on design interventions to prevent the search engine manipulation effect.
  • June 2017: The San Francisco County Transportation Authority (SFCTA) just released their first report on ridesharing in San Francisco, in collaboration with us. They've put together some awesome visualizations of the Uber and Lyft data!
  • June 2017: I'm honored to be serving as the Director of the brand-new Bachelors in Cybersecurity degree program, starting in Fall 2017. I'm excited to help craft the new curriculum for our first students!
  • June 2017: Congrats to TJ and the rest of Team PKI on our Usenix Security 2017 paper, which examines systematic flaws in the way DNSSEC is being deployed and administered.
  • April 2017: My office is moving from West Village H to the new Interdisciplinary Science and Engineering Complex (ISEC), along with the rest of the faculty in the Security and Privacy Institute. I am thrilled be in such a gorgeous building!
  • February 2017: The PKI Research Group strikes again: congrats to Northeastern undergrad James Larisch on his accepted paper to IEEE Security and Privacy 2017! Our new system compactly represents all certificate revocations (<1 byte per) so that they can be efficiently pushed to all browsers.
  • October 2016: Congrats to Zhenhua, Toby, and Beri on their NDSS 2017 papers! One paper examines inclusion of vulnerable JavaScript libraries into websites, while the other evaluates a system for detecting fake cellular base stations in the wild. We've been incredibly fortunate to get papers into the last three consecutive top-tier security conferences!
  • September 2016: Congrats to Dr. Ancsa Hannak on her recently accepted CSCW 2017 paper that examines racial and gender biases on gig economy websites!
  • August 2016: It's a big month for papers. Congrats to Ahmad, Sajjad, Chris, Jingjing, TJ, and Yabing on their IMC papers! All told, Northeastern got 7 paper into IMC this year. Also, congrats to Frank and TJ on their CCS 2016 paper!
  • July 2016: The CFP for the Data and Algorithmic Transparency Workshop is now available. DAT is being colocated with FatML and the Data Transparency Lab Conference in November at Columbia. This whole event is going to be awesome!
  • July 2016: Alan Mislove, Christian Sandvig, Karrie Karahalios, and I are plaintiffs in a lawsuit being brought against the federal government by the ACLU, seeking to overturn specific provisions of the CFAA. Christian has penned a nice explanation of the suit.
  • June 2016: I am now the proud recipient of an NSF CAREER award, which will support our continued work on algorithmic auditing.
  • June 2016: Our work on Amazon Marketplace is getting a lot of press coverage lately.
  • May 2016: Congrats to Ahmad on his Usenix Security 2016 paper! The paper presents a methodology for detecting cookie matching between ad networks, even when the process is obfuscated.
  • February 2016: We have received a contract to help the European Commission identify online price discrimination and other market distortions in their Digital Single Market initiative.
  • December 2015: Congrats to Zhenhua on his NSDI 2016 paper (Baidu TrafficGuard), and Le and Gary on their WWW 2016 papers (dynamic pricing on Amazon, and personalized online maps, respectively)! An auspicious start to 2016!
  • October 2015: Huge press coverage (more and more!) for our study of Uber's surge pricing algorithm.
  • June 2015: Exciting news about grants. We are the proud recipients of one of the inaugural Data Transparency Lab grants! We also received an award from the Knight Foundation Prototype Fund to build a public version of our tools for detecting online price discrimination.
  • February 2015: Our online price discrimination study was cited in the White House Economic Advisers' Report on Big Data.
  • February 2015: Our work on uncovering personalization algorithms is part of this weeks cover story in New Scientist!
  • October 2014: The CBS Evening News ran a piece on our price discrimination work, including an interview with yours truly. The video can be found here.

Contact and Links

cbw@ccs.neu.edu

Twitter: @bowlinearl

Office: 615 Interdisciplinary Science and Engineering Complex (ISEC)
+1 617 373 2177

PGP 7EB8 AD53 F9FD 7D44 5228 1F70 48A1 BA39 6541 3475
SSH hEVw0Q4tH270d2qAAwXQHjxiTiEVZqUosnkzzY4N2EU

CV
Google Scholar

Research

Algorithmic Auditing

There is growing concern about the impact of powerful, opaque algorithms on our daily lives. In our work, we are focused on auditing algorithms: we use carefully controlled experiments to understand the data and algorithms used by companies, and assess the impact of these algorithms on normal people. Examples of our work include examining the "Filter Bubble" on Google Search, the geopolitics of online maps, online price discrimination, and Uber's surge price algorithm. Our ultimate goals are to make algorithmic systems more transparent to the public, and to develop tools that help users avoid unwanted or harmful systems. We are also actively collaborating with regulators like the European Commission to turn our research findings into practical policy outcomes.

More information about our algorithmic auditing research, including source code and data, can be found on the project website.

Tracking and Privacy

Tracking is ubiquitous on the Web today, and yet we have only the most basic understanding of who collects data about us, and how this data is shared with third-parties. We are currently delving inside the tracking ecosystem to answer these questions, including looking at how information collected about consumers in the offline world gets moved into online contexts. Based on our findings, we plan to empower users with tools to help protect their privacy. Our work on this topic has appeared at Usenix Security.

TLS and Web Security

The SSL/TLS protocol is a critical element of online security that protects everything from online banking to e-commerce to health records. However, recent events like the Heartbleed vulnerability have demonstrated that SSL/TLS is vulnerable to both software and human-induced failures. We are working with researchers at University of Maryland, Duke, and Stanford to understand the threats to SSL/TLS on the modern Web, and develop novel systems to address these challenges. Our work on SSL/TLS has appeared at IMC 2014 and IMC 2015.

More information about our SSL/TLS research, including source code and data, can be found on the project website.

Teaching

In Spring 2018, I will be teaching CS 2550: Foundations of Cybersecurity. In the past I have taught:

I spend an inordinate amount of time animating and tuning my slide decks.

Funding

My work is currently supported by the National Science Foundation under the following grants:

Additionally, I am grateful for support from the Data Transparency Lab, the European Commission, the Russell Sage Foundation, the Knight Foundation, Verisign Labs, and Northeastern University under the TIER 1 grants program.

Service

In 2018, I am serving as co-General Chair of IMC '18, which will be held at Northeastern. I served as co-PC Chair of the inaugural Fairness, Accountability, and Transparency Conference (FAT*) 2018, and I continue to serve on the Executive Committee for FAT*.

Recently, I served on the WWW '17, IMC '18, and CSCW '18' Program Committees, as co-Chair of the Crowdsourcing Systems and Social Media Track at WWW '16, and on the Senior PC at ICWSM '16 and '17. I also regularly present our work to audiences outside academia.