Cybersecurity Blog

Cybersecurity researchers from across Georgia Tech and the Georgia Tech Research Institute share their thoughts about emerging threats, trends, and technologies in the constant fight to secure data and information systems. Read what's capturing their attention and new insights they offer about cybersecurity topics in the news.

Blog entires are aggregated monthly into the Source Port newsletter, with additional research and updates from Georgia Tech. Source Port is published on the first business day of the month.


Carpenter v U.S. Gives New Privacy Coverage for Locational Data

June 26, 2018  |  By Holly Dragoo

A closely watched Supreme Court case came to conclusion with another 5-4 ruling against law enforcement's use of cell-site location information (CSLI) without a warrant. Using CSLI data obtained from a mobile service provider, officials had been able to reconstruct a history of plaintiff Timothy Carpenter at or near a series of robberies, leading to his conviction. Historically speaking, law enforcement has been granted access to non-content data that is necessary for telecommunication since it had been considered, by definition, publicly available data (Smith v. Maryland, 1979). However, the Supreme Court now states that such precedents from prior years did not take into account the “exhaustive chronicle of location information casually collected by wireless carriers today.”


IISP Analyst Holly Dragoo: "With the disclaimer to say I am not a lawyer, I can say that on the surface this departure (from the prior precedent of Smith vs. Maryland) will significantly hurt law enforcement efforts to pursue criminals in an ever-evolving digital landscape. Yes, they can always go get a warrant for the data – and in this case maybe they could have – but in many cases, analysis of CSLI is the basis that allows for warrants in the first place. It may be controversial, but fundamentally this is about the fourth amendment definition of “private property” and what a “search” is. Places where you have been are not “things” you can possess or safeguard, and therefore in my opinion do not have an expectation of privacy. Rapid periods of technological change will continue forever. Fear of big data should not be the basis of altering fourth amendment definitions."



Recent Posts

Supreme Court Moves to Tax Online Sales
June 25, 2018

When EU Copyright Laws Lean 'Copywrong'
June 25, 2018

Microsoft Document Provides Insight into Tech Giant's Philosophy for Addressing Vulnerabilities
June 22, 2018

New Malware 'VPNFilter' Takes Advantage of Three Convenient Truths
May 30, 2018

A Top Cyber Post Goes Vacant
May 30, 2018

Georgia Vetoes Hacking Bill... For Now
May 29, 2018

The Lessons Behind an Attack that Decodes Encrypted Email
May 17, 2018

Microsoft Announces Azure Sphere, a Promising Approach to IoT Security
Apr. 27, 2018

Cybersecurity Industry Leaders Sign a Pact To…Be Security Leaders
Apr. 27, 2018

Orangeworm Proves How Cyber Damage Can Be Done to Those Not Using Computers
Apr. 26, 2018

About the Analysts

​Farzaneh Badiei is a research associate at the School of Public Policy and executive director of Internet Governance Project (IGP) who research interests include online private justice systems, Internet governance and accountability, online intermediaries and dispute resolution, as well as cybersecurity and digital trade. After earning her Ph.D. from the University of Hamburg, Institute of Law and Economics, she worked at the United Nations' Internet Governance Forum Secretariat and chaired the Noncommercial Users Constituency at ICANN.



Holly Dragoo is a research associate with the Advanced Concepts Laboratory (ACL) at the Georgia Tech Research Institute. Her previous work with the U.S. Department of Defense and Federal Bureau of Investigation give her a unique understanding of intelligence community requirements. Dragoo’s research interests include cybersecurity policy issues, threat attribution, metadata analysis, and adversarial network reconstruction. More By Holly



Panagiotis Kintis is a Ph.D. student at Georgia Tech's School of Computer Science and a researcher in the Astrolvaos Lab. His research examines new techniques for data analysis and cyber attribution with special focus on clues that can be obtained from the network layer of the Internet, such as bot activity and domain name abuse (combosquatting). More by Panos



Brenden Kuerbis, Ph.D., is a postdoctoral researcher at Georgia Tech’s School of Public Policy and a former Fellow in Internet Security Governance at the Citizen Lab, Munk School of Global Affairs, University of Toronto. His research focuses on the governance of Internet identifiers (e.g., domain names, IP addresses) and the intersection of nation-state cybersecurity concerns with forms of Internet governance. More by Brenden



Joel Odom leads a team of researchers focused on software security as branch head for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. He and his team research static and dynamic software analysis, software testing techniques, software reverse engineering, and software vulnerability discovery and mitigation. More by Joel



Caleb Purcell s a research engineer for the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute. His interests in cybersecurity research have been shaped by his background in industrial control system (ICS) environments and have expanded to include reverse engineering, vulnerability assessment of embedded systems, and network protocol analysis. More by Caleb



Chris M. Roberts is a senior research engineer with the Cybersecurity, Information Protection, and Hardware Evaluation Research (CIPHER) Laboratory at the Georgia Tech Research Institute specializing in embedded firmware reverse engineering and hardware analysis.  Mr. Roberts’ technical expertise has expanded to cover radio frequency system design, electronic and cyber warfare, hardware and firmware reverse engineering, vulnerability assessments of embedded systems and assessment of vulnerability to wireless cyberattacks. More by Chris