I am an Associate Professor in the Khoury College of Computer Sciences at Northeastern University. I am a member of the Cybersecurity and Privacy Institute and the Director of the BS in Cybersecurity program in the College.

I am a faculty associate at the Berkman Klein Center for Internet & Society at Harvard University, and an affiliate member of the Center for Law, Innovation and Creativity at Northeastern University School of Law.

My research seeks to investigate the sociotechnical systems that shape our lives using a multi-disciplinary approach. I believe that by increasing transparency we can also improve accountability of these systems. If you're interested in my research, here is a brief video about algorithm auditing, and here is a longer video about our investigation of bias in hiring algorithms.

News

  • June 2021: The Supreme Court has ruled in the Van Buren v. US case that terms of service (ToS) violations are not CFAA violations. The ruling cites our case, Sandvig v. Barr, and our amicus brief. I am elated that SCOTUS has largely lifted the cloud of uncertainty surrounding the CFAA and ToS violations, and humbled that our own efforts played a teensy tiny part in the resolution of this case.
  • May 2021: I am excited to finally have a paper at SIGIR! Avijit's new research examines the use of inferred demographic features an input to fair ranking algorithms, and finds, unfortunately, that errors in inference completely undermine the fairness guarantees of these systems. Our results highlight that there is no free lunch when it comes to building fair systems: high-quality ground-truth data is key.
  • February 2021: In association we the Anti Defamation League, and researchers from Dartmouth and Exeter, we've published our first report on hate speech and anti-semitism on YouTube. We don't find strong evidence for recommendation-driven "rabbit holes" that lead ordinary people to extremist content, but we do observe a small and highly motivated community that watches a lot of hateful content on YouTube. Our results point to the need for stronger baseline standards of content moderation on YouTube.
  • February 2021: The lead story on MIT Tech Review is about our audit of pymetrics. The corresponding paper is available here. Great quotes from some some of my favorite law/policy scholars, Frank Pasquale and Pauline Kim.
  • December 2020: I'm excited to announce that we have a new paper accepted to FAccT (formerly FAT*) 2021. This paper presents the results of a collaborative algorithm audit where we critically examined the fair machine learning pipeline used by recruiting startup pymetrics. The paper is available here.
  • July 2020: My co-plaintiffs and I on Sandvig v. Barr have filed an amicus brief in the Van Buren v. US case that will be argued before the US Supreme Court. Like Sandvig, Van Buren concerns the limits of the Computer Fraud and Abuse Act (CFAA). The ACM have also filed an amicus brief that cites our research to motivate why the court should move to narrowly interpret the CFAA.
  • March 2020: I am elated to announce that the court has ruled in our favor in our lawsuit against the Department of Justice regarding the Computer Fraud and Abuse Act (CFAA). Here's the full opinion, and press from the ACLU. TL;DR, the court found that terms of service violations are not CFAA violations, which is amazing!
  • March 2020: Congrats to Shan on his accepted ICWSM 2020 paper entitled "Modeling and Measuring Expressed (Dis)belief in (Mis)information". There is a wealth of literature on the spread of misinfo on social media, but this paper takes a more nuanced dive, asking whether people actually believe this content. Turns out, things are complicated! The camera ready should be available in April.
  • August 2019: It is always a bittersweet day for an advisor when their PhD students defend. A huge congrats to Dr. Muhammad Ahmad Bashir for defending his thesis, entitled "On the Privacy Implications of Real Time Bidding". Ahmad will be starting a post-doc this fall with Serge Egelman in Berkeley.
  • July 2019: Congrats to Ahmad in his accepted IMC 2019 paper entitled "A Longitudinal Analysis of the ads.txt Standard". This is the first paper to look at the adoption and impact of the new ads.txt transparency protocol. Paper available here.
  • June 2019: I am excited and honored to be a 2019-2020 Fellow at the Berkman Klein Center for Internet & Society at Harvard University. I'm looking forward to spending my sabbatical working on cross-cutting research at the intersection of computer science and public policy.
  • June 2019: I am excited and honored to be a 2019-2020 Fellow at the Berkman Klein Center for Internet & Society at Harvard University. I'm looking forward to spending my sabbatical working on cross-cutting research at the intersection of computer science and public policy.
  • June 2019: Shan and Ron's paper, "Bias Misperceived: The Role of Partisanship and Misinformation in YouTube Comment Moderation", is the winner of a well-deserved Outstanding Analysis award at ICWSM 2019!
  • April 2019: Khoury College has been selected as one of the phase 1 winners of the Mozilla Foundation's Responsible Computer Science Challenge! This fall I'll be working with Ronald Sandler and John Basl to develop new ethics teaching materials and weave them throughout our undergraduate classes.
  • March 2019: I am thrilled and honored to receive the 2019 Excellence in Research and Creative Activity Award from Northeastern!
  • February 2019: I am deeply honored and humbled to be named a 2019 Sloan Fellow. Thank you to all my collaborators and students who made this possible!
  • December 2018: Congrats to Ahmad for winning best student paper at the Future of Privacy Forum's Annual Privacy Papers for Policymakers Awards! These papers are summarized and distributed directly to policymakers in Washington. We are humbled and honored by this distinction.
  • December 2018: Our IMC 2017 paper on the abysmal state of DNSSEC support by registrars was awarded one of the 2019 Applied Networking Research Prizes from the IRTF and the Internet Society. Congrats to the whole team!
  • November 2018: Congrats to Ahmad, Umar, and Maryam, on their accepted paper at NDSS 2019. This work presents the first large-scale study of the "interests" that ad networks infer about online users. Key takeaway: these interests are often wrong, and ads are being mis-targeted to uninterested people.
  • November 2018: Ron's CSCW 2018 paper on partisan bias in Google Search results received an Honorable Mention award!
  • October 2018: Congrats to John and Shan on their new FAT* paper that critically examines the A/B experiments that websites routinely run on their users, without their knowledge.
  • August 2018: Two CSCW papers accepted this year! Congrats to Ron and Shan on their papers. I'm very proud to say that this represents my first accepted paper that is full of emoji, which is an important professional milestone 😉
  • July 2018: Two IMC papers accepted this year! Congrats to TJ and Team PKI on their new paper "Is the Web Ready for OCSP Must Staple?", and to Ahmad on the conference version of his paper "How Tracking Companies Circumvented Ad Blockers Using WebSockets".
  • July 2018: Fun video, in which I warn Molly Callahan from News@Northeastern that she will starve if she tries to live on Bitcoin for a day.
  • June 2018: Achievement: unlocked. I am now an Associate Professor! Thank you to all my students and collaborators over the last six years, without whom this would not have been possible. Thank you to my family, for their unconditional support. And of course, thanks to the boss.
  • May 2018: We have two new papers appearing at PETS 2018: Elleen and Jingjing have a paper examining leaks of audio, video, and images from Android apps, Ahmad has one on modelling the diffusion of tracking data in the ad ecosystem.
  • February 2018: Our CHI 2018 paper on gender discrimination on hiring websites has been selected for an Honorable Mention award!
  • December 2017: Congrats to Le, Ancsa, and Ruijun on their upcoming CHI paper, which examines gender discrimination on hiring websites. This is our first CHI paper ever!
  • December 2017: Usenix ;login: magazine has a slick article this month covering the highlights of our recent measurements of DNSSEC deployment. TL;DR DNSSEC deployment remain low, but even worse is that a large fraction of existing deployments are incorrect, and local nameservers are failing to validate DNSSEC records even after they explicitly ask for them. Registrars make the problem worse by not having consistent or secure (or on-by-default) mechanisms for managing DNSSEC records.
  • December 2017: TJ has a post up on the APNIC blog about our recent IMC paper on why DNSSEC adoption is so low, and potential ways to spur deployment.
  • September 2017: Congratulations to James Larisch and the rest of the CRLite team for winning the 2017 IEEE Cybersecurity Award for Innovation!
  • September 2017: I am thrilled to be helping to organize the inaugural Conference on Fairness, Accountability, and Transparency (FAT*). Paper submissions are due October 6, 2017!
  • August 2017: Update your links: my homepage has moved to a new home at https://cbw.sh/.
  • August 2017: Honored and excited to receive a distinguished paper award at Usenix Security 2017 for TJ's DNSSEC ecosystem paper!
  • August 2017: Paper news: congrats to TJ on his IMC 2017 paper on the misbehavior of DNS registrars with respect to DNSSEC, and to Ron on his CSCW 2018 paper on design interventions to prevent the search engine manipulation effect.
  • June 2017: The San Francisco County Transportation Authority (SFCTA) just released their first report on ridesharing in San Francisco, in collaboration with us. They've put together some awesome visualizations of the Uber and Lyft data!
  • June 2017: I'm honored to be serving as the Director of the brand-new Bachelors in Cybersecurity degree program, starting in Fall 2017. I'm excited to help craft the new curriculum for our first students!
  • June 2017: Congrats to TJ and the rest of Team PKI on our Usenix Security 2017 paper, which examines systematic flaws in the way DNSSEC is being deployed and administered.
  • April 2017: My office is moving from West Village H to the new Interdisciplinary Science and Engineering Complex (ISEC), along with the rest of the faculty in the Security and Privacy Institute. I am thrilled be in such a gorgeous building!
  • February 2017: The PKI Research Group strikes again: congrats to Northeastern undergrad James Larisch on his accepted paper to IEEE Security and Privacy 2017! Our new system compactly represents all certificate revocations (<1 byte per) so that they can be efficiently pushed to all browsers.
  • October 2016: Congrats to Zhenhua, Toby, and Beri on their NDSS 2017 papers! One paper examines inclusion of vulnerable JavaScript libraries into websites, while the other evaluates a system for detecting fake cellular base stations in the wild. We've been incredibly fortunate to get papers into the last three consecutive top-tier security conferences!
  • September 2016: Congrats to Dr. Ancsa Hannak on her recently accepted CSCW 2017 paper that examines racial and gender biases on gig economy websites!
  • August 2016: It's a big month for papers. Congrats to Ahmad, Sajjad, Chris, Jingjing, TJ, and Yabing on their IMC papers! All told, Northeastern got 7 paper into IMC this year. Also, congrats to Frank and TJ on their CCS 2016 paper!
  • July 2016: The CFP for the Data and Algorithmic Transparency Workshop is now available. DAT is being colocated with FatML and the Data Transparency Lab Conference in November at Columbia. This whole event is going to be awesome!
  • July 2016: Alan Mislove, Christian Sandvig, Karrie Karahalios, and I are plaintiffs in a lawsuit being brought against the federal government by the ACLU, seeking to overturn specific provisions of the CFAA. Christian has penned a nice explanation of the suit.
  • June 2016: I am now the proud recipient of an NSF CAREER award, which will support our continued work on algorithmic auditing.
  • June 2016: Our work on Amazon Marketplace is getting a lot of press coverage lately.
  • May 2016: Congrats to Ahmad on his Usenix Security 2016 paper! The paper presents a methodology for detecting cookie matching between ad networks, even when the process is obfuscated.
  • February 2016: We have received a contract to help the European Commission identify online price discrimination and other market distortions in their Digital Single Market initiative.
  • December 2015: Congrats to Zhenhua on his NSDI 2016 paper (Baidu TrafficGuard), and Le and Gary on their WWW 2016 papers (dynamic pricing on Amazon, and personalized online maps, respectively)! An auspicious start to 2016!
  • October 2015: Huge press coverage (more and more!) for our study of Uber's surge pricing algorithm.
  • June 2015: Exciting news about grants. We are the proud recipients of one of the inaugural Data Transparency Lab grants! We also received an award from the Knight Foundation Prototype Fund to build a public version of our tools for detecting online price discrimination.
  • February 2015: Our online price discrimination study was cited in the White House Economic Advisers' Report on Big Data.
  • February 2015: Our work on uncovering personalization algorithms is part of this weeks cover story in New Scientist!
  • October 2014: The CBS Evening News ran a piece on our price discrimination work, including an interview with yours truly. The video can be found here.

Contact and Links

cbw@ccs.neu.edu

Blog: Internet of Thieves
Twitter: @bowlinearl

Office: 615 Interdisciplinary Science and Engineering Complex (ISEC)
+1 617 373 8802

PGP D95955E703474D7F0CC01FD0BDE2B89DD18E214A
SSH hEVw0Q4tH270d2qAAwXQHjxiTiEVZqUosnkzzY4N2EU

CV
Google Scholar

Research

Algorithmic Auditing

There is growing concern about the impact of powerful, opaque algorithms on our daily lives. In our work, we are focused on auditing algorithms: we use carefully controlled experiments to understand the data and algorithms used by companies, and assess the impact of these algorithms on normal people. Examples of our work include:

Our ultimate goals are to make algorithmic systems more transparent to the public, and to develop tools that help users avoid unwanted or harmful systems. We are actively collaborating with regulators to turn our research findings into practical policy outcomes.

This work has appeared in IMC, CSCW, CHI, and WWW. More information, including source code and data, can be found on the project website.

Tracking and Privacy

Tracking is ubiquitous on the Web today, and yet we have only the most basic understanding of who collects data about us, and how this data is shared with third-parties. We are currently delving inside the tracking ecosystem to answer these questions, including:

Based on our findings, we plan to empower users with tools to help protect their privacy. Our work on this topic has appeared at Usenix Security, NDSS, IMC, and PETS.

PKI and TLS

Public Key Infrastructure is the root of trust and security on the internet.Prominent examples include the SSL/TLS and DNSSEC PKIs. However, recent events like the Heartbleed vulnerability have demonstrated that critical PKIs are vulnerable to both software and human-induced failures. We are working to understand the threats to modern PKIs, and develop novel systems to address these challenges. Examples of our research include:

This work has appeared at IEEE S&P, CCS, Usenix Security, and IMC. More information about our SSL/TLS research, including source code and data, can be found on the project website.

Teaching

In Spring 2021 I will be teaching two sections of CS 2550: Foundations of Cybersecurity (one hybrid/in-person, the other fully online). In the past I have taught:

I spend an inordinate amount of time animating and tuning my slide decks.

Funding

My work is currently supported by the National Science Foundation under the following grants:

Additionally, I am grateful for support from the Sloan Foundation, the Mozilla Foundation, the Russell Sage Foundation, Google, Pymetrics the Democracy Fund, the Knight Foundation, the Data Transparency Lab, the European Commission, Verisign Labs, and Northeastern University under the TIER 1 grants program.

Service

I recently served as co-General Chair of IMC '18 an am currently serving as co-General Chair of WebSci '19. I served as co-Program Committee Chair of the inaugural Fairness, Accountability, and Transparency Conference (FAT*) 2018, and I continue to serve on the Executive Committee for FAT*.

Recently, I served on the IEEE S&P '20, IMC '18, and CSCW '18 Program Committees, as co-Chair of the Crowdsourcing Systems and Social Media Track at WWW '16, and on the Senior PC at ICWSM '16 and '17. I also regularly present our work to audiences outside academia.