I am a senior researcher at the European Center for Algorithmic Transparency (ECAT) where I contribute scientific and technical expertise in support of policy to the European Commission on technology regulation in various contexts including for example in the context of the Internet intermediaries and online platforms ( Digital Services Act - DSA) as well as artificial intelligence technology (AI-Act).
Shortly stated, my research examines problems in the intersection of technology and society. Despite the many exciting opportunities of tech, our ever-increasing societal reliance on it also introduces complex societal problems which can become systemic risks. People have lost life savings due to crypto scams or online cybercrime, hacked toasters and fridges have caused havoc by causing Internet outages, election outcomes affected through micro-targeted online political advertising, including via disinformation and deepfakes, not to mention the recent AI advances that are leading to phenomena like deepfake/revenge porn, and ultra realistic ransom calls in the voices of loved ones just to name a few instances. These are all examples of the types of complex problems that are created or exacerbated through tach, are extremely difficult to tackle, and require interdisciplinary and evidence based approaches to tackle. My research approaches such problems by blending computer science, in particular cybersecurity and Internet measurement techniques, with other empirical research from broader interdisciplinary areas of inquiry such as computational social sciences and economics to help measure their spread and harms, understand their roots, and find potential mitigations / solutions whether through technical means, or through non-technical means such as aligning incentives, policy and/or regulation.
Prior to taking on my current position at ECAT, I held a post-doctoral research position at the university of Amsterdam where I conducted research under the umbrella of ICDS, a joint research initiative from the University of Amsterdam's Institute for Information Law (IVIR) and the university's School of Communication Research (ASCoR) that focuses on the way AI and algorithms affect society. Prior to that, I held a post-doctoral research position at Delft university of Technology's cybersecurity group where I focused on the problems that arise from our ubiquitous reliance on information and communication technologies in relation to the role of Internet intermediaries in tackling them, for instance the structural insecurity problems brought about by insecure Internet-of-Things (IoT) devices that are flooding consumer markets. My doctoral research similarly examines methods for measuring and quantifying the effectiveness of Internet intermediary security practices through the lens of data on harmful content such as malware, phishing websites and botnets.
My research has been published in top-tier academic venues and covered in both national (Dutch) and International news and media outlets (see News section below). Some of this work has also been applied by the Dutch high-tech crime police unit, in legal hearings, and continues to benefit policy making. For an overview of some of my peer-reviewed research please refer to the publication list below.
My Research
Coverage of my Research/Projects + Personal News
I have joined the European Center for Algorithmic Transparency (ECAT) as a senior reseacher where I will be contributing scientific and technical expertise in support of policy and technology regulation to the European Commission. ECAT (website)
Our Dutch election dashboard is cited in the European Commission's Impact Assesment Report on regulatory proposals to improve transparency in political advertising. Transparency around online advertising particularly around what happens within walled-off platforms is increasingly an important problem that needs to be tackled through regulation. Report available at: Report (See p.91 for our dashboard work)
The Dutch political advertising dashboard that I helped build, has been a great success and we have been seeing great coverage of our work in Dutch media. Below some links to some of the articles/stories covering and discussing the dashboard, as well as other dashboards we helped build.
- Link: RTL Nieuws (in Dutch)
- Link: Het Financieele Dagblad (in Dutch)
- Link: Folia (in Dutch)
- Link: UvA Press Release
- Link: on Twitter
- Link: FTM Dashboard
On the basis of my work and research the Dutch Ministry of Economics Affairs and SIDN Fonds have funded a project that tackles the prevalence of harmful content on Dutch Internet and hosting infrastructure through empirical measurements and establishing benchmarks for security. A platform (in Dutch) has been set up through which data and benchmarks on Dutch hosting providers' security efforts towards combating harmful content are communicated, including with the service providers themselves. The initiative incentivizes industry players to take more effective action against harmful content. Happy to see the results of my research come to fruition.
The NRC has published an article discussing the phenomenon of "bullet-proof" hosting, also covering in part my PhD research. This is the second time that a major media outlet has covered my PhD work. They didn't approach myself for an interview (similar to when the New Yorker also covered my research) but that doesn't make me any less proud. The article features an interview with Michel van Eeten, my PhD advisor, in which he discusses parts of my PhD work. The article is now behind a paywall (as most articles are these days) but I will include an archived link here anyway for those who are interested, because it tells a fascinating story about a notorious Dutch hosting company and how difficult it is to deal with "bullet-proof" hosting in practice. It is definitely worth the read. Important side note: Keep and eye on regulatory developments around the European Digital Services and Digital Markets Act (DSA/DMA), as a lot will probably change within the hosting world in terms of regulation, and so there will be a lot of changes and questions with respect to their impacts on the phenomenon of bad hosting.
I have decided to sign on to this letter of complaint to the ACM for their selection of Jeffery Ullman as a recipient of the 2020 Turing Award, despite his troubling statements. The Turing award is widely regarded as the highest distinction in computing, and the bestowal of the award to prof. Ullman goes against the spirit of the person whom this award is named after. A short thread on why I have decided to sign on via this link.
I have joined IViR (University of Amsterdam) since Oct. 2019 as a computer scientist to study the societal effects of political ads on platforms like facebook.
The project is an integral part of the Information, Communication & The Data Society (ICDS) initiative headed by Prof. Natali Helberger and Prof. Claes De Vreese, which investigates the ways AI and algorithms affect the role, impact and regulation of information and communication in the Data Society. Our team of researchers consists of Natali, Clases, as well as Prof. Beate Roessler, Dr. Eva Groen-Reijman, Dr. Tom Dobber and Fabio Votta.
This of course also means that I will be leaving TU-Delft after a long affliation with the univeristy and a city which I have liked soo much. I still maintain research collaboration as a guest researcher with the cyber security research group at Delft University of Technology's TPM faculty headed by Prof Michel van Eeten where I have and continue to examine problems in the cross section of Internet security, economics, governance, and policy.
The New Yorker has published an article discussing of the phenomenon of `Bullet-Proof Hosting' featuring my research into a notorious Bullet-Proof hosting company which was done in collaboration with the Dutch high-tech crime police. As an academic I must admit that it is quite exciting when a major magazine covers your work. The New Yorker have interviewed my former advisor Michel van Eeten, in which he discusses our research. The article is well worth the read, if I may say so, because it also paints a story with much more exciting details that is usually missing from academic research articles.
Brian Krebs of the infamous Krebs on Security blog has covered my research article on bullet-proof hosting in a fascinating post discussing some of the real world challenges of dealing with the phonemonon of bullet-proof hosting. Criminals that willingly provide hosting services on the Internet and thereby facilitate lots of cybercrime. One of my main findings in this work is that the bullet-proof hosting business seems to be not so profitable as many have imagined them to be. My research is the first to have looked at the finances of such a business. What I have also come to realize after doing this research is that the `Economics of Cybersecurity' needs to have a harder look at and understanding of how cybercriminals make money. Something which interestingly enough some key figures of the field like Prof Ross Anderson and colleagues have also been apparently recently thinking of and publishing about: "Cybercrime gangs as tech startups"
Reviewing and other Community Contributions
I serve as a PC member on the European IEEE Security and Privacy collocated workshop on Traffic Measurements for Cybersecurity (WTMC) and do academic reviewing on an ad-hoc per request basis. I accept reviewing work that falls within in my areas expertise: Internet measurements, and economics of cybersecurity and more broadly empirical cybersecurity research. For reviewing inquires that falls within my expertise please reach out, note however that I generally do not accept reviewing work on short notice and prefer reviewing for open-access work.
Code & Datasets
As a researcher I have developed or contributed to the development of tools which may be useful to others researchers and engineers. The most useful of these is probably pyasn. Pyasn is a python package that, allows one to historically lookup IP address to Autonomous System mappings from raw BGP data. In simpler language to find out in which network an IP addresses resided over different points of time. Below you will find a link to its source code and other useful information.
More recently, I have been working on padsxiv. It is a tool to collect extensive data from social media platforms' so-called (political) ad-libraries. with the purpose of making data collection, archiving, and analysis more accessible and easy. padsXiv can for instance be used to collect data on all political ads that ran in the US 2020 elections on Facebook's platforms retrospectively, or to collect ad data on the current ongoing elections as events are happening. A distintive feature of the tool is that the data it collects includes the images and videos that run along side ads which is part of the data not provided by the platforms through their standard APIs by default, nor via other transparency tools. If you are interested in this tool feel please contact me as it is still underdevelopment and not publicly available (yet).
Along side padsxiv, I'm also currently working on an political ads archiving project, to automatically collect all political-ads from social media platforms using padsxiv, on a daily basis, and further enrich the data with automatically transcribed video text, as well as extracted information from ad images, to enable more deep topic and context analysis. and extract text format content form archived ad images. If this is something that interests you don't hesititate to contact me as I am looking for funding to make this happen on a large scale.