Assistant Professor of Technology & Operations, Ross School of Business, University of Michigan
Research Interests: consumer privacy; operations management in interconnected information-based economies; social networks, platforms & marketplaces;
Teaching Interests: operations & supply chain management; platforms, networks, & data analytics; business model innovation.
Published & Forthcoming Papers
- Forthcoming at Management Science, 2023
with Yanzhe (Murray) Lei (Queen's University) and Sentao Miao (McGill University)
Media: What Your Company Needs to Understand About Digital Privacy (But Probably Doesn’t), Michigan Ross News, 2022; How Companies Can Do Data Privacy Better, Kellogg Insight, 2021; Three ways to encourage companies to keep our data safe The Conversation, 2021; How Can We Force Companies To Keep Our Data Safe?, HEC Knowledge, 2020; Le développement futur de l'IA se fera au détriment de la protection des données personnelles (in French), HEC Stories; 고객정보빨아들이는기업… 데이터稅매겨오남용막아야 (in Korean), Maeil Business Newspaper.
This paper examines how data-driven personalized decisions can be made while preserving consumer privacy. Our setting is one in which the firm chooses a personalized price based on each new customer's vector of individual features; the true set of individual demand-generating parameters is unknown to the firm and so must be estimated from historical data. We extend this classical framework of personalized pricing by requiring also that the firm's pricing policy preserve consumer privacy, or (formally) that it be differentially private -- an industry standard for privacy preservation. The two settings we consider are theoretically and practically relevant: central and local models of differential privacy, which differ in the strength of the privacy guarantees they provide. For both models, we develop privacy-preserving personalized pricing algorithms and derive the theoretical bounds on their performance as measured by the firm's revenue. Our analyses suggest that, if the firm possesses a sufficient amount of historical data, then it can achieve central differential privacy at a cost of the same order as the "classical" loss in revenue due to estimation error. Comparing the two models, we conclude that local differentially private personalized pricing yields better privacy guarantees but leads to much greater revenue loss by the firm. We confirm our theoretical findings in a series of numerical experiments based on synthetically generated and real-world On-line Auto Lending (CPRM-12-001) data sets. Finally, we also apply our theoretical framework to the setting of personalized assortment optimization.
- Forthcoming at Management Science, published online ahead of print, 2022
with Itay P. Fainmesser (Johns Hopkins University) and Andrea Galeotti (London Business School)
- Video recording of my talk at Toulouse School of Economics -- Economics of Platforms seminar
- How Business Is Navigating Digital Privacy Spotify / Apple Podcast, Luohan on Air by Luohan Academy
Media: How Companies Can Do Data Privacy Better, Kellogg Insight, 2021; Three ways to encourage companies to keep our data safe The Conversation, 2021; How Can We Force Companies To Keep Our Data Safe?, HEC Knowledge, 2020; The Optimal Data Policy Against Malicious Use of Data, Frontiers, Luohan Academy, 2020;
"For the Public, Data Collection during COVID-19 Offers Benefits – and Poses Hazards", 2020 at HUB Daily Johns Hopkins University; reposted by Newswise, Tech Xplore (Science X); 고객정보빨아들이는기업… 데이터稅매겨오남용막아야 (in Korean), Maeil Business Newspaper.
We study the incentives of a digital business to collect and protect users’ information. The information the business collects improves the service it provides to consumers, but it may also be accessed, at a cost, by third strategic parties in a way that harms users, imposing privacy costs. We characterize how the revenue model of the business shapes the equilibrium data policy. We compare the equilibrium data policy with the social optimum and show that a two-pronged policy, which combines a minimal data protection requirement with a tax proportional to the amount of data collected, restores efficiency.
We study customer-centric privacy management in service systems and explore the consequences of extended control over personal information by customers in such systems. Our stylized model of a service environment features a service provider and customers who are strategic in deciding whether to disclose personal information to the service provider – that is, customers' privacy or information disclosure strategy. A customer's service request can be one of two types, which affects service time but is unknown when customers commit to a privacy strategy. The service provider can discriminate among customers, based on their disclosed information, by offering different priorities. Our analysis yields three sets of main insights. First, when given control over their personal data, strategic customers do not always choose to withhold it. We find that control over information gives customers a tool they can use to hedge against the service provider's incentives, which might not be aligned with the interests of customers. Second, a customer's self-centered strategic decision may or may not be aligned with what is best for customers themselves. In fact, giving customers full control over information might backfire by leading to inferior system performance (i.e., longer average wait time) and hurting customers themselves. We demonstrate how a regulator can correct information disclosure inefficiencies through monetary incentives to customers and show that providing such incentives makes economic sense in some scenarios. Finally, the service provider itself can benefit from customers being in control of their personal information by enticing more customers joining the service. Our findings shed light on the market for pricing personal information in the service industry.
 The Use and Value of Social Network Information in Selective Selling of Exclusive Products - [Read full abstract] - [SSRN Link]
We consider the use and value of social network information in selectively selling goods and services whose value derives from exclusive ownership among network connections or friends. Our stylized model accommodates customers who are heterogeneous in their number of friends (degree)
and their proclivity for social comparisons (conspicuity). Firms with information on either (or both) of these characteristics can use it to make a product selectively available and increase their profits by better managing the exclusivity-sales trade-off. We find that the firm’s best
targets are high-conspicuity customers within intermediate-degree segments – in contrast with the practice of targeting high degree customers. We also find that information about degree is more valuable than information about conspicuity. Surprisingly, strategies informed only by degree
perform no worse than those informed by degree and conspicuity both, yet the opposite is not true. Customer self-selection is a perfect substitute for unavailable information on conspicuity, but there is no such recourse when degree information is unavailable. Examining alternate settings
(conformance social comparisons, functional value heterogeneity) suggests that there are two canonical categories of social information– less valuable information on characteristics where the firm’s preferred customers are also the most interested customers and more valuable information on
characteristics where they are not.
We study the incentives that agents have to invest in costly protection against cascading failures in networked systems. Applications include vaccination, computer security and airport security. Agents are connected through a network and can fail either intrinsically or as a result of the failure of a subset of their neighbors. We characterize the equilibrium based on an agent’s failure probability and derive conditions under which equilibrium strategies are monotone in degree (i.e. in how connected an agent is on the network). We show that different kinds of applications (e.g. vaccination, airport security) lead to very different equilibrium patterns of investments in protection, with important welfare and risk implications. Our equilibrium concept is flexible enough to allow for comparative statics in terms of network properties and we show that it is also robust to the introduction of global externalities (e.g. price feedback, congestion).
Working Papers & Papers Under Review
We develop a novel homomorphic encryption-based approach to privacy preservation in a dynamic personalized pricing setting. In each period, the firm offers a personalized price to an incoming customer based on their observable characteristics and the firm's estimate of the demand function (obtained using the data of the historical customers with whom the firm interacted in the past). Our method enables the firm to use homomorphic encryption to encrypt the data of incoming and historical customers, then estimate the demand function and personalize prices directly based on these encrypted data without needing to decrypt them. In contrast to the previous literature, which only preserves the privacy of historical customers via adding statistical noise to their data (so-called statistics-based approach), our approach allows the firm to protect the privacy of all customers. Our theoretical analysis further reveals that our approach i) provides perfect privacy protection (achieving 0-differential privacy) and ii) does so at no cost to the firm's expected revenue, thus achieving better revenue performance than statistics-based algorithms, but (iii) it is computationally expensive. We thus develop a hybrid approach to privacy preservation that leverages the strengths of both statistics- and encryption-based methods, achieving the required privacy protection at a comparatively lower computational cost without significant compromise on the expected revenue. We confirm our theoretical findings through a numerical example based on synthetically generated data.
Platforms use purchase histories to profile customers, create consumer segments, and disclose them to sellers. Sellers target price offers to these segments, generating new data that enables further profiling. We characterize the platform's ability to learn consumers' valuations using only information design in constructing segments disclosed to sellers and evaluate the implication for market outcomes. We find that there is a threshold so that the platform cannot accurately profile consumers with a valuation above it but can do so for those with a valuation below it. The threshold is a seller's optimal uniform price in the no-information case. As a consequence, the use of purchase data to create consumer segments and disclose them to sellers increases total welfare without harming consumers.
 Updated Information Elicitation from Teams of Privacy-Conscious Experts - [Read full abstract] - [SSRN Link]
- Rejected as a Fast Track submission at Management Science, invited to be resubmitted as a regular submission after a revision, 2022
with Marat Salikhov (New Economic School)
Firms' decision making commonly relies on processes that elicit information from teams of experts. Yet such processes perform poorly when experts fear their participation might reveal information that could be used against them. We address this problem---via a mechanism that protects the privacy of experts' information---to construct a parsimonious game-theoretic model that explores a firm's and its experts' incentives under this mechanism. In our model, the firm employs experts to predict the unknown state of the world and then makes a decision based on that prediction. The experts receive independent and informative signals about the state of the world, signals that the firm seeks to elicit. A key aspect of this model is that the privacy concerns of experts may render them unwilling to report their signals truthfully. Our analysis reveals that it may be optimal for the firm to intentionally garble (i.e., add noise to) experts' reports before they are made public and used for decision making. This garbling encourages the experts to report their signals truthfully because it addresses their privacy concerns by making their public reports differentially private and thus providing each expert with plausible deniability. We find that the conventional wisdom on judgment aggregation (which does not account for privacy concerns) is overturned when experts are privacy conscious. For example: a larger team of experts may actually perform worse than a smaller one; and the presence on the team of a more capable expert may, in fact, be detrimental to the team's performance.
A recent survey showed that 33% of businesses grant their employees access to all company data, with at least another 35% granting accesses to more data than is needed. Such overly permissive data access strategy allows the firms to run more efficiently, but at the same time, such strategies present growing cybersecurity risks. With work-from-home becoming more popular, remote employees are being increasingly exploited by the malicious adversaries to gain access to their organizations' data. To address this issue, we investigate the optimal design of data access architectures -- who should have access to what data. Our economic model captures a firm managing a set of employees and a set of datasets. For each employee the firm chooses which datasets this employee should have access to. An employee may be attacked by a potentially sophisticated adversary whose goal is to steal all their data. Therefore, the firm trades off the efficiency benefit of the more permissive data access architecture with the adversarial risk it incurs. We characterize the firm's optimal data access architecture and investigate how it depends both on the adversarial environment and the firm's technology.
 Updated A Disquieting Lack of Evidence for Disintermediation in a Home-Cleaning Platform - [Read full abstract] - [SSRN Link]
- Under review, 2022
with Ekaterina Astashkina (University of Michigan), Robert Bray (Kellogg, Northwestern), and Marat Salikhov (New Economic School)
We study a sample of data from an online platform that matches home cleaners with people who want their homes cleaned. The dataset has a key feature: it reports with high frequency the geographic distances between the cleaners and their appointed residences during both the cleaners' working hours and off hours---viz., anytime the app is open on their phones. For example, we observe 57 and 46 distance snapshots a day for the mean and median cleaner, respectively. We use these distance measurements to test whether the cleaners disintermediate the work, returning to the residences to perform some undisclosed cleanings for which they will not have to pay the platform middleman its cut. We find no evidence of such disintermediation---in fact, we find strong evidence to the contrary. Specifically, we reject the null hypothesis that at least one in 10,000 (cleaner, residence, date) triples without an official cleaning had an unofficial cleaning.
 Impact of Workforce Flexibility on Customer Satisfaction: Empirical Framework & Evidence from a Cleaning Services Platform - [Read full abstract] - [SSRN Link]
Problem definition: Contrary to classic applications of matching theory, in most contemporary on-demand service platforms, matches can not be enforced because workers are flexible – they choose their tasks. Such flexibility makes it difficult to manage workers while keeping customers satisfied. We build a framework to compare platform matching policies with less flexible and more flexible workers, and empirically quantify by how much worker flexibility hurts customer satisfaction and customer equity.
Academic/Practical relevance: In academic literature, there is no established framework that allows for the comparison of matching policies in on-demand platforms. Further, the link between worker flexibility and customer satisfaction is understudied.
Methodology: We propose a tripartite framework for empirical evaluation and comparison of the operational policies with different degrees of worker flexibility. Step 1: Predictive modeling of customer satisfaction based on estimation of individual unobservable characteristics: customer difficulty and worker ability (item-response theory model). Step 2: Evaluation of the effect of matching policy (under a given level of flexibility) on customer satisfaction (bipartite matching). Step 3: Quantification of the associated monetary impact (customer lifetime value model).
Results: We apply our framework to the dataset of one of the world's largest on-demand platforms for residential cleanings. We find that customer difficulty and cleaner ability are good predictors of customer satisfaction. Granting full flexibility to workers reduces customer satisfaction by 3% and customer lifetime revenue by 0.2%. We propose a family of matching policies that provide sufficient flexibility to workers, while alleviating 75% of the detrimental effect of worker flexibility on customer satisfaction.
Managerial implications: Our results suggest that, in platforms with flexible workforce, the presence of worker and customer heterogeneity translates into matching inefficiency – the drop in customer satisfaction. Our empirical framework helps practitioners to decide on the right level of worker flexibility and the means for achieving it.