(Last updated on 2023-12-14.)

I am a senior researcher at the European Center for Algorithmic Transparency (ECAT) where I contribute scientific and technical expertise in support of policy to the European Commission on technology regulation in various contexts including for example in the context of the Internet intermediaries and online platforms ( Digital Services Act - DSA) as well as artificial intelligence technology (AI-Act).

Shortly stated, my research examines problems in the intersection of technology and society. Despite the many exciting opportunities of tech, our ever-increasing societal reliance on it also introduces complex societal problems which can become systemic risks. People have lost life savings due to crypto scams or online cybercrime, hacked toasters and fridges have caused havoc by causing Internet outages, election outcomes affected through micro-targeted online political advertising, including via disinformation and deepfakes, not to mention the recent AI advances that are leading to phenomena like deepfake/revenge porn, and ultra realistic ransom calls in the voices of loved ones just to name a few instances. These are all examples of the types of complex problems that are created or exacerbated through tach, are extremely difficult to tackle, and require interdisciplinary and evidence based approaches to tackle. My research approaches such problems by blending computer science, in particular cybersecurity and Internet measurement techniques, with other empirical research from broader interdisciplinary areas of inquiry such as computational social sciences and economics to help measure their spread and harms, understand their roots, and find potential mitigations / solutions whether through technical means, or through non-technical means such as aligning incentives, policy and/or regulation.

Prior to taking on my current position at ECAT, I held a post-doctoral research position at the university of Amsterdam where I conducted research under the umbrella of ICDS, a joint research initiative from the University of Amsterdam's Institute for Information Law (IVIR) and the university's School of Communication Research (ASCoR) that focuses on the way AI and algorithms affect society. Prior to that, I held a post-doctoral research position at Delft university of Technology's cybersecurity group where I focused on the problems that arise from our ubiquitous reliance on information and communication technologies in relation to the role of Internet intermediaries in tackling them, for instance the structural insecurity problems brought about by insecure Internet-of-Things (IoT) devices that are flooding consumer markets. My doctoral research similarly examines methods for measuring and quantifying the effectiveness of Internet intermediary security practices through the lens of data on harmful content such as malware, phishing websites and botnets.

My research has been published in top-tier academic venues and covered in both national (Dutch) and International news and media outlets (see News section below). Some of this work has also been applied by the Dutch high-tech crime police unit, in legal hearings, and continues to benefit policy making. For an overview of some of my peer-reviewed research please refer to the publication list below.

My Research

Peer Reviewed Publications

Other platforms

News

Coverage of my Research/Projects + Personal News

European Center for Algorithmic Transparency
(Personal News)

I have joined the European Center for Algorithmic Transparency (ECAT) as a senior reseacher where I will be contributing scientific and technical expertise in support of policy and technology regulation to the European Commission. ECAT (website)
Impacting EU Policy on Transparency in Political Advertising
(Transparency in Political Advertising)

Our Dutch election dashboard is cited in the European Commission's Impact Assesment Report on regulatory proposals to improve transparency in political advertising. Transparency around online advertising particularly around what happens within walled-off platforms is increasingly an important problem that needs to be tackled through regulation. Report available at: Report (See p.91 for our dashboard work)
Media Coverage of Dutch Election Dashboard
(Transparency in Political Advertising)

The Dutch political advertising dashboard that I helped build, has been a great success and we have been seeing great coverage of our work in Dutch media. Below some links to some of the articles/stories covering and discussing the dashboard, as well as other dashboards we helped build.
Harmful Content and Abuse Benchmark
(Hosting Security)

On the basis of my work and research the Dutch Ministry of Economics Affairs and SIDN Fonds have funded a project that tackles the prevalence of harmful content on Dutch Internet and hosting infrastructure through empirical measurements and establishing benchmarks for security. A platform (in Dutch) has been set up through which data and benchmarks on Dutch hosting providers' security efforts towards combating harmful content are communicated, including with the service providers themselves. The initiative incentivizes industry players to take more effective action against harmful content. Happy to see the results of my research come to fruition.
NRC Coverage of my research on "bullet-proof" hosting
(The Phenomen of Bad Hosting)

The NRC has published an article discussing the phenomenon of "bullet-proof" hosting, also covering in part my PhD research. This is the second time that a major media outlet has covered my PhD work. They didn't approach myself for an interview (similar to when the New Yorker also covered my research) but that doesn't make me any less proud. The article features an interview with Michel van Eeten, my PhD advisor, in which he discusses parts of my PhD work. The article is now behind a paywall (as most articles are these days) but I will include an archived link here anyway for those who are interested, because it tells a fascinating story about a notorious Dutch hosting company and how difficult it is to deal with "bullet-proof" hosting in practice. It is definitely worth the read. Important side note: Keep and eye on regulatory developments around the European Digital Services and Digital Markets Act (DSA/DMA), as a lot will probably change within the hosting world in terms of regulation, and so there will be a lot of changes and questions with respect to their impacts on the phenomenon of bad hosting.
Letter of complaint to ACM Regarding 2020 Turing Award Selection
(On the selection of Jeffery Ullman)

I have decided to sign on to this letter of complaint to the ACM for their selection of Jeffery Ullman as a recipient of the 2020 Turing Award, despite his troubling statements. The Turing award is widely regarded as the highest distinction in computing, and the bestowal of the award to prof. Ullman goes against the spirit of the person whom this award is named after. A short thread on why I have decided to sign on via this link.
Hello UvA/IViR, Goodbye TU-Delft
(Societal Impact of Political Micro-Targeting)

I have joined IViR (University of Amsterdam) since Oct. 2019 as a computer scientist to study the societal effects of political ads on platforms like facebook.
The project is an integral part of the Information, Communication & The Data Society (ICDS) initiative headed by Prof. Natali Helberger and Prof. Claes De Vreese, which investigates the ways AI and algorithms affect the role, impact and regulation of information and communication in the Data Society. Our team of researchers consists of Natali, Clases, as well as Prof. Beate Roessler, Dr. Eva Groen-Reijman, Dr. Tom Dobber and Fabio Votta.
This of course also means that I will be leaving TU-Delft after a long affliation with the univeristy and a city which I have liked soo much. I still maintain research collaboration as a guest researcher with the cyber security research group at Delft University of Technology's TPM faculty headed by Prof Michel van Eeten where I have and continue to examine problems in the cross section of Internet security, economics, governance, and policy.
The New Yorker Coverage of my Bullet-Proof Hosting Research Article
(Bullet-Proof Hosting)

The New Yorker has published an article discussing of the phenomenon of `Bullet-Proof Hosting' featuring my research into a notorious Bullet-Proof hosting company which was done in collaboration with the Dutch high-tech crime police. As an academic I must admit that it is quite exciting when a major magazine covers your work. The New Yorker have interviewed my former advisor Michel van Eeten, in which he discusses our research. The article is well worth the read, if I may say so, because it also paints a story with much more exciting details that is usually missing from academic research articles.
Krebs on Security Blog Post featuring my Research
(Bullet-Proof Hosting)

Brian Krebs of the infamous Krebs on Security blog has covered my research article on bullet-proof hosting in a fascinating post discussing some of the real world challenges of dealing with the phonemonon of bullet-proof hosting. Criminals that willingly provide hosting services on the Internet and thereby facilitate lots of cybercrime. One of my main findings in this work is that the bullet-proof hosting business seems to be not so profitable as many have imagined them to be. My research is the first to have looked at the finances of such a business. What I have also come to realize after doing this research is that the `Economics of Cybersecurity' needs to have a harder look at and understanding of how cybercriminals make money. Something which interestingly enough some key figures of the field like Prof Ross Anderson and colleagues have also been apparently recently thinking of and publishing about: "Cybercrime gangs as tech startups"
Projects

Involved In

  • PMT - Political Micro-Targeting: Safeguarding Public Values
  • MINIONS - Mitigating IOT-based DDoS attacks via the DNS
  • REMEDI3S - Reputation Metrics Design to Improve Intermediary Incentives for Security - PhD Research
  • REMEDI3S-TLD - Reputation Metrics Design to Improve Intermediary Incentives for Security of TLDs
  • Clean Netherlands (Nederland Schoon) - Collaboration with Dutch Law Enforcement, Public Prosecutor and Market Authority to Measure Online Abuse of Dutch Hosting Provider Industry

Reviewing and other Community Contributions

I serve as a PC member on the European IEEE Security and Privacy collocated workshop on Traffic Measurements for Cybersecurity (WTMC) and do academic reviewing on an ad-hoc per request basis. I accept reviewing work that falls within in my areas expertise: Internet measurements, and economics of cybersecurity and more broadly empirical cybersecurity research. For reviewing inquires that falls within my expertise please reach out, note however that I generally do not accept reviewing work on short notice and prefer reviewing for open-access work.

Code & Datasets

As a researcher I have developed or contributed to the development of tools which may be useful to others researchers and engineers. The most useful of these is probably pyasn. Pyasn is a python package that, allows one to historically lookup IP address to Autonomous System mappings from raw BGP data. In simpler language to find out in which network an IP addresses resided over different points of time. Below you will find a link to its source code and other useful information.

More recently, I have been working on padsxiv. It is a tool to collect extensive data from social media platforms' so-called (political) ad-libraries. with the purpose of making data collection, archiving, and analysis more accessible and easy. padsXiv can for instance be used to collect data on all political ads that ran in the US 2020 elections on Facebook's platforms retrospectively, or to collect ad data on the current ongoing elections as events are happening. A distintive feature of the tool is that the data it collects includes the images and videos that run along side ads which is part of the data not provided by the platforms through their standard APIs by default, nor via other transparency tools. If you are interested in this tool feel please contact me as it is still underdevelopment and not publicly available (yet).

Along side padsxiv, I'm also currently working on an political ads archiving project, to automatically collect all political-ads from social media platforms using padsxiv, on a daily basis, and further enrich the data with automatically transcribed video text, as well as extracted information from ad images, to enable more deep topic and context analysis. and extract text format content form archived ad images. If this is something that interests you don't hesititate to contact me as I am looking for funding to make this happen on a large scale.

pyasn
Historical ASN Lookup
padsXiv
Tool for Archiving of Political Ads

Resume

Academic Positions
2023 - Current
Senior Researcher
European Center for Algorithmic Transparency (ECAT)
2020 - 2023
Post-Doctoral Researcher
UvA, Amsterdam, The Netherlands
2012 - 2020
Researcher (PhD and PostDoctoral)
TU-Delft, Delft, The Netherlands
Industry Positions
2023 (6 months)
Senior Data Science Consultant
Eraneos
2019 (8 months)
External Researcher
Dutch High-Tech Crime Police Unit
2010 - 2012
Software Developer
TOPdesk, Delft, The Netherlands
2008 - 2009
Software Developer
West Consulting BV, Delft, The Netherlands
Education
2014 - 2019
PhD
TU-Delft, Delft, The Netherlands
2006 - 2010
MSc Computer Science
TU-Delft, Delft, The Netherlands
2001 - 2006
BSc Computer Science
University of Tehran, Tehran, Iran
Data Science & Programming Skills
Data
I have strong data scraping, wrangling, (parallel) processing, analysis, and visualization experience as a researcher. Most of my work is done with python these days (I can also find my way around in R). A lot of times, my research involves applying statistical and machine learning techniques to data; applying techniques such as regression, clustering, factor-analysis, classification, NLP are the bread and butter of my work.
Programing
I have strong professional experience with programming languages such as Python and Java, am well-versed in database technologies (MySql, Postgres, Elastic, Cloud) and am quite seasoned with Unix scripting, CLI, and networking topics as well as web technologies and cybersecurity related topics.

Teaching and Supervision

Supervision

Below a list of MSc theses that I have supervised during my time at TU-Delft. TU-Delft MSc students that are still interested in working on economics of information security topics, can still contact me if they are interested in exploring options for their graduation work that are 'data analytics' heavy and want to try their hands at some programming experience specially with Python. I am still able to advise you as your external supervisor.

Supervised Theses
Brennen Bouwmeester
(Daily Supervisor)
Faculty of TPM, TU-Delft, Delft, The Netherlands
MSc Thesis Title
A Visit to the Crime Scene - Monitoring end-users during the remediation process of Mirai infected Internet of Things devices
Susanne Verstegen
(Advisor)
Faculty of TPM, TU-Delft, Delft, The Netherlands
MSc Thesis Title
Understanding the role of IoT end users in Mirai-Like bot remediation
Jan Koenders
(Daily Supervisor)
Faculty of TPM, TU-Delft, Delft, The Netherlands
MSc Thesis Title
The DDoS plague from a Law enforcement view - A data analytical approach to getting a deeper insight into DDoS reporting
Ryan Cheung
(Daily Supervisor)
Faculty of TPM, TU-Delft, Delft, The Netherlands
MSc Thesis Title
Targeting financial organisations with DDoS: a multi-sided perspective
Teaching, Lectures and Invited Talks
2016
Economics of Security - (MSc DelftX - WM0824)
Course Assistant
Faculty of TPM, TU-Delft, Delft, The Netherlands
International Grand Challenges - (MSc - EPA1101)
Guest Lectures
Faculty of TPM, TU-Delft, Delft, The Netherlands
2013‐14
(Sept. -- Jan.)
Artificial Intelligence Techniques (MSc – IN4010)
Lectures and Tutorials
Faculty of EECMS, TU-Delft, Delft, The Netherlands
2012 - 2014
Introduction to Artificial Intelligence
Guest Lectures
De Haagse Hogeschool, Den Haag, The Netherlands
Contact Information

Other platforms