Faculty Details

Photo of Rahul  Telang

Rahul Telang

Professor of Information Systems; PhD Program Chair

Email: rtelang@andrew.cmu.edu
Personal Website

Media Links


Professor Telang’s research interest lies in two major domains. First is on Digital Media Industry with a particular focus on digitization of songs, movies, TV and books is affecting the incentives of content provider, content distributors as well public policy challenges in terms of innovation and copyright. In particular, he has examined the issue proliferation of distribution platforms including online piracy and its impact on traditional music, movies and books industry. Recently, he is investigating the role of social networks on music diffusion, technology adoption, and employee job search. Some of his prior work explored the challenges of interaction of multiple platforms (web portals vs telephony for customer service; SMS and voice for cellular phones). He was the recipient of Sloan Foundation Industry Study fellowship for his work in this domain and is a co-director of Digital Media Research Center at the Heinz College. His work is also funded extensively by industry participants including Google.

His second area of work is on economics of information security and privacy. He has examined the issue of vendors’ incentives to improve the quality of their products and role of policy making and standards in changing these incentives. His earlier work explores the challenges of vulnerability disclosure and how competition and policy making affect these patch release decisions. Recently, he is examining the role of data breach disclosure laws on identity thefts. He was the recipient of NSF CAREER award for his work on economics of information security.

Dr. Telang has published extensively in many top journals like Management Science, Marketing Science, Information Systems Research, MIS Quarterly, and Journal of Marketing Research. He is on the editorial board of Management Science and ISR. He has organized many conferences and workshops and many of his papers have received top honors at journals and conferences.

Representative Publications:

Anuj Kumar, Rahul Telang, “Product Customization and Customer Service Costs: An Empirical Analysis”, forthcoming, Manufacturing and Service Operations Management (MSOM).

S Romanosky, R Telang, A Acquisti, “Do Data Breach Disclosure Laws Reduce Identity Theft?”,forthcoming, Journal of Policy Analysis and Management (JPAM).

Michael Smith, Rahul Telang (2010), “Competing with Free: The Impact of Movie Broadcasting on DVD Sales and Internet Piracy”, MIS Quarterly, 33(2), 321-338.

Ashish Arora, Rahul Telang, Hao Xu (2008), “Optimal Policy for Software Vulnerability Disclosure”, Management Science, 54(4), 642-656.

B Danaher, S Dhanasobhon, M Smith, R. Telang (2010), “Converting Pirates without Cannibalizing Purchasers: The Impact of Digital Distribution on Physical Sales and Internet Piracy”, Marketing Science, 29(6), 1138:1151.

Anindya Ghose, Michael Smith, Rahul Telang (2006), "Internet Exchanges for Used Books: An Empirical Analysis of Product Cannibalization and Welfare Impact", Information Systems Research (ISR), 17(1), 3-19.


PhD, Information Systems, Carnegie Mellon University (Tepper School of Business)

Working Papers

Estimating App Demand from Publicly Available Data

Garg, Rajiv and Telang, Rahul, "Estimating App Demand from Publicly Available Data" (2012)


To Be or Not To Be Linked on LinkedIn

Garg, Rajiv and Telang, Rahul. “To Be or Not To Be Linked on LinkedIn: Job Search Using Online Social Networks” NBER Summer Institute Working Paper 2012



Converting Pirates without Cannibalizing Purchasers: The Impact of Digital Distribution on Physical Sales and Internet Piracy

With the rise of Napster, BitTorrent, and other tools facilitating Internet piracy, rights holders have understandably become very concerned with the development of strategies to mitigate the impact of piracy on sales. These tools fall into three general categories: litigation, countermeasures, and competition. The literature has addressed the effectiveness of the first two anti-piracy strategies. In this paper we address the third strategy using NBC’s decision to remove its content from Apple’s iTunes store in December 2007 as a natural shock to the legitimate supply of digital content. To address this question we collect two large datasets from Mininova and Amazon.com documenting the levels of piracy and DVD sales for both NBC and other major networks’ content around this event. We then analyze this data in a difference-in-difference model and find that NBC’s decision to remove its content from iTunes is causally associated with a 19.99% increase in the demand for NBC's pirated content. This is roughly equivalent to an increase of 92,612 downloads a day for NBC’s content. Moreover, we see no change in demand for NBC’s DVD content associated with this change.


Impact of Software Vulnerability Announcements on the Market Value of Software Vendors - An Empirical Investigation

Researchers in the area of information security have mainly been concerned with tools, techniques and policies that firms can use to protect themselves against security breaches. However, information security is as much about security software as it is about secure software. Software is not secure when it has defects or flaws which can be exploited by hackers to cause attacks such as unauthorized intrusion or denial of service attacks. Any public announcement about a software defect is termed as ‘vulnerability disclosure’. Although research in software economics have studied firms’ incentive to improve overall quality, there have been no studies to show that software vendors have an incentive to invest in building more secure software. This paper uses the event study methodology to examine the role that financial markets play in determining software vendors’ incentives to build more secure software. Data is collected from leading national newspapers and industry sources like CERT by searching for reports on published software vulnerabilities. It is shown that vulnerability disclosures lead to a negative and significant change in market value for a software vendor. On average, a vendor loses around 0.6% value in stock price when a vulnerability is reported. This is equivalent to a loss in market capitalization values of $0.86 billion per vulnerability announcement. To provide further insight, the  information content of the disclosure announcement is used to classify vulnerabilities into various types.


Optimal Policy for Software Vulnerability Disclosure

Software vulnerabilities represent a serious threat: most cyber-attacks exploit known vulnerabilities. Unfortunately, there is no agreed-upon policy for their disclosure - white-hats who discover vulnerabilities, security mailing lists and CERT follow different ad-hoc policies. This paper develops a framework to analyze the optimal timing of disclosure policy (time given to vendor to patch the vulnerability). Disclosure policy indirectly affects how the speed and quality of the patch that a vendor develops, and thus CERT and similar bodies acting in the public interest can use it to influence behavior of vendors and reduce social cost. This paper formulates a game-theoretic model involving a social planner who sets disclosure policy and a vendor who decides on patching. It is shown that vendors always choose to patch later than a socially optimal disclosure time. The social planner can optimally shrink the time window of disclosure to push vendors to deliver patch in a timely manner. The basic model is extended in a number of directions, most importantly, allowing for the proportion of users implementing patches to depend upon the quality of the patch, which is itself a choice variable for the vendor. The paper provides a decision framework for understanding how disclosure timing may affect vendor’s decision and in turn, what should a policy maker do.


An Empirical Analysis of Cellular Voice and Data Services

Cellular telephony and associated data services has been a major social phenomena for well over a decade now. It has changed the way - in some countries more than others - in which people communicate. In many countries in Northern Europe and Asia, its penetration rates are very high and in others less so but in all cases it has engendered change at multiple levels - socially as noted and in terms of market structure and competition with the established Incumbent Local Exchange and Inter Exchange service providers. However, there has been little work published in the academic literature on user consumption of cellular voice and data services. This has been due to the unavailability of longitudinal data at the individual user level on their consumption of voice and data services. We have such data from a large cellular service provider in Asia. Demand for voice and data services is influenced by the tariffs or "service plans" offered by firms. In our analysis we empirically estimate the drivers for cellular services how demographic and plan characteristics affect the user choices. We first provide a theoretical model and then provide insight into consumption patterns over a one year period of cellular voice and data services and relate it to service plan design.


Sell First Fix Later: Impact of Patching on Software Quality

This paper presents an economic model of fixing or patching a software problem after the product has been released in the market. Specifically, a software firm’s trade-off in releasing a buggy product early and investments in fixing it later is modelled. It is first shown that patching investments and time to enter the market are strategic complements such that higher investments in patching capability allow the firm to enter the market earlier. Just as the marginal cost of producing software can be effectively zero, so can be the marginal cost of repairing multiple copies of defective software by issuing patches. It is shown that due to the fixed cost nature of investments in patching, a vendor has incentives to release a buggier product early and patch it later in a larger market. This result is contrasted with other physical good markets. Thus, it is shown that a monopolist releases a product with fewer bugs but later than what is socially optimal. The model is extended to incorporate duopoly competition and show that in competition, the high value firm always enters earlier than the monopolist. Ironically the firm offering greater value to customers releases a product that initially is of lower quality (more bugs), but provides the greater value by releasing early (so customers can use the product sooner) and by investing more in patching so it can provide better after-sale support to its customers.


Competition Between Internet Search Engines

This paper develops a model of vertical differentiation in the Internet search engine market. A key property of the model is that users who try out one engine may be dissatisfied with the results, and consult another engine in the same session. This residual demand allows lower quality engines to survive in the equilibrium. We consider a two-period game between an incumbent and an entrant who enters in the second period. Since users prefer to try out a higher quality engine first, the demand for an engine is discontinuous in quality, depending on whether the engine has high or low quality. We take into account brand loyalty for the incumbent. The interaction of brand loyalty and a cost advantage for the entrant determines which engine has higher quality in equilibrium.