Newly Revealed Details Show That Missouri Government Totally Knew That Journalists Were Not At Fault For Teacher Data Vulnerability

from the of-course-they-knew dept

Kudos for open records laws proving to us that not only is Missouri Governor Mike Parson a technologically illiterate hack, but he's a lying one as well. You'll recall, of course, that in October, the St. Louis Post-Dispatch reported on how the state's Department of Elementary and Secondary Education (DESE) website was designed in such a dangerous way that it was exposing the social security numbers of state teachers and administrators, and rather than thanking the journalists for their ethical disclosure of this total security fail by the state, DESE and Governor Parson called them hackers and asked law enforcement to prosecute them. Governor Parson continued to double down for weeks, insisting that reporting this vulnerability (and failed security by the government he runs) was malicious hacking until DESE finally admitted it fucked up and apologized to the over 600,000 teachers and administrators whose data was vulnerable -- but never apologizing to the journalists.

The Post-Dispatch, whose reporters potentially still face charges, put out an open records request to find out more about what the government was saying and discovered, somewhat incredibly, that before DESE referred to them as hackers, it already knew that it was at fault here and even initially planned to thank the journalists. As the documents reveal, the FBI flat out told DESE that this was a DESE fuckup and DESE had sent Gov. Parson a planned statement that thanked the journalists:

In an Oct. 12 email to officials in Gov. Mike Parson’s office, Mallory McGowin, spokeswoman for DESE, sent proposed statements for a press release announcing the data vulnerability the newspaper uncovered.

“We are grateful to the member of the media who brought this to the state’s attention,” said a proposed quote from Education Commissioner Margie Vandeven.

The Parson administration and DESE did not end up using that quote.

The next day, on Oct. 13, the Office of Administration issued a news release calling the Post-Dispatch journalist a “hacker.”

This is truly incredible. As are the details of the conversation between a Missouri employee and a local FBI agent.

Meanwhile, at 3:24 p.m. on Oct. 13, Angie Robinson, cybersecurity specialist for the state, emailed Department of Public Safety Director Sandra Karsten to inform her that she had forwarded emails from the Post-Dispatch to Kyle Storm with the FBI in St. Louis.

“Kyle informed me that after reading the emails from the reporter that this incident is not an actual network intrusion,” she said.

Instead, she wrote, the FBI agent said the state’s database was “misconfigured.”

“This misconfiguration allowed open source tools to be used to query data that should not be public,” she wrote.

So, by the time of the "hacker" statement by DESE, it was already pretty clear to people within DESE that it was DESE at fault and not journalists ethically disclosing DESE's terribly bad security practices. However, the report also notes that the FBI and the local Assistant US Attorney were still investigating whether or not they could bring criminal charges against the journalists:

“Kyle said the FBI would speak to Gwen Carroll, the AUSA (Assistant U.S. Attorney), with the updated information from the emails to see if this still fit the crime and if she was interested in prosecuting,” Robinson said.

Oh, and even worse: technically the criminal investigation is still ongoing:

As of Tuesday, the Highway Patrol’s investigation was still active, Capt. John Hotz told the Post-Dispatch.

That investigation needs to be closed, and everyone involved from DESE to Governor Parson to the Highway Patrol owe the St. Louis Post-Dispatch, its reporters, and the citizens of Missouri a massive apology.

Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: data breach, dese, ethical disclosure, mike parson, missouri, right click, view source, vulnerability
Companies: st. louis post-dispatch


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. identicon
    Anonymous Coward, 3 Dec 2021 @ 11:05am

    the truth is always what is said the loudest by the one who has most to lose/most to gain! the governor in this case just likes the sound of his own voice and wants to appear to be 'the good guy'! too many politicians are the same, with too little brain!

    link to this | view in thread ]

  2. identicon
    Rocky, 3 Dec 2021 @ 11:12am

    Now I'll just wait for tp to come here and apologize for how wrong he was.

    Oh wait, Satan just called and said that Hell isn't due to freeze over anytime soon...

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 3 Dec 2021 @ 11:25am

    Mike Parsons makes a habit of ignoring data when it disagrees with his imagined reality. He is denying masks work despite evidence to the contrary from cities in his own state.

    link to this | view in thread ]

  4. icon
    Nathan F (profile), 3 Dec 2021 @ 11:43am

    Does no one listen to their advisors or department managers anymore? I mean that IS why you hired them isn't it? To advise you on topics you aren't an expert on so you can make the best informed decision.

    link to this | view in thread ]

  5. identicon
    Glen, 3 Dec 2021 @ 12:00pm

    Re:

    Apparently it is better to be a blowhard idiot? That is the only thing I can come up with.

    link to this | view in thread ]

  6. identicon
    Anonymous Coward, 3 Dec 2021 @ 12:11pm

    Re: Re:

    Or pandering to a voter base of idiots who believe conspiracy theories.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 3 Dec 2021 @ 12:23pm

    Re: Re:

    better to blowhard on DESE nuts

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 3 Dec 2021 @ 1:25pm

    Dorsey has been more supportive of free speech than many on the American political right ̶m̶i̶g̶h̶t̶ ̶t̶h̶i̶n̶k̶ .

    Fixed.

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 3 Dec 2021 @ 1:27pm

    Re:

    Derp. Wrong article. Not sure how i managed that.

    link to this | view in thread ]

  10. icon
    ECA (profile), 3 Dec 2021 @ 1:56pm

    Re:

    A thought.
    he wont back down until someone higher tells him to.
    The Citizens are ashamed because they though they had someone smart in office.
    And if he backs down, he will look like a loser.
    And as with the masks, he will declare he won. Even if 2 times the people Die, and it can be proven.
    Has be past the idea that the sick stay home and not goto the hospital yet?
    Just waiting for it.

    link to this | view in thread ]

  11. icon
    That One Guy (profile), 3 Dec 2021 @ 1:58pm

    'That would be smart and honest, but not personally gainful...'

    I imagine the deciding factor was simply 'What would benefit me/us more, admitting that the state screwed up or blaming someone else?', with such minor tidbits like actual guilt and whether or not they were ensuring that the next massive security screwup by the state will only be found out after it's been fully exploited or is publicly announced set aside as inconsequential in comparison to personal gains.

    link to this | view in thread ]

  12. icon
    DeComposer (profile), 3 Dec 2021 @ 2:23pm

    Re: tp

    tp's only skill is sophistry. Admission of error is completely anathema to that.

    link to this | view in thread ]

  13. icon
    Samuel Abram (profile), 3 Dec 2021 @ 4:09pm

    Re: 'That would be smart and honest, but not personally gainful.

    A Republican admitting they made a mistake is rarer than a unicorn.

    link to this | view in thread ]

  14. icon
    That Anonymous Coward (profile), 3 Dec 2021 @ 5:55pm

    Politicians never letting truth get in the way of the constant campaigning for reelection.

    link to this | view in thread ]

  15. identicon
    Anonymous Coward, 3 Dec 2021 @ 6:26pm

    Re: "actual guilt"

    this does bear some resemblance to cops and DAs railroading people into prison, and then when evidence fully proves the innocence of the convicted, the same parties, now including courts and legislatures, will dance in circles, demanding that the wronfully imprisoned are guilty, and even if they are not, it doesn't matter.

    bit of a pattern.

    link to this | view in thread ]

  16. icon
    techflaws (profile), 4 Dec 2021 @ 1:37am

    Re: 'That would be smart and honest, but not personally gainful.

    But can they actually gain something by claiming what everyone and their mother know to be false?

    Is the rightwing base too stupid to realize it's BS or does is just not0 care as long as the liberal media are blamed?

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 4 Dec 2021 @ 3:04am

    Re: Re: 'That would be smart and honest, but not personally gain

    Their right wing base, and some of the politicians, are so far into conspiracy theories that their grasp on reality has gone awol.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 4 Dec 2021 @ 7:12am

    Re:

    I mean that IS why you hired them isn't it?

    Supposedly. Then again, being the governor is from the party of 'personal responsibility' the only thing he's probably learned is that he needs to install more simple-minded ignorant Luddites in those positions.

    Only then, can they sit back, assume they can do no wrong, and blame any fuckup of theirs that they clearly don't understand as 'derp, must've been a hacker. ZOMG!'

    link to this | view in thread ]

  19. identicon
    Benign Bodger, 4 Dec 2021 @ 7:57am

    Charges?

    In the UK at least, a person can be charged with "wasting police time". Does this exist in the State of Misery, err, Missouri? Was even a millisecond of "police time" wasted on this? If so, is the Guv going to be charged?

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 4 Dec 2021 @ 8:10am

    Re:

    TLDR: A ploitician is being a politician

    link to this | view in thread ]

  21. identicon
    Anonymous Coward, 4 Dec 2021 @ 8:13am

    Re: Re:

    It's sad really. He thinks that apologising and amending his world view makes him weak. If he did that, it would actually make him look like he had taken the time to actually understand something. THAT would make him look, not only SMART, but STRONG. He has shown that he doesn't have the capacity to be either.

    link to this | view in thread ]

  22. identicon
    Anonymous Coward, 4 Dec 2021 @ 8:17am

    Re: Charges?

    If only. I think the best that can happen here is libel. But if these FOIs are anything to go by, that is dead certain, which will make MP look really stupid

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 4 Dec 2021 @ 2:39pm

    not only is Missouri Governor Mike Parson a technologically illiterate hack, but he's a lying one as well

    Please, Mike, use the proper technical terms: Mike Parson is full of shit.

    link to this | view in thread ]

  24. icon
    That One Guy (profile), 4 Dec 2021 @ 3:40pm

    Re: Re: 'That would be smart and honest, but not personally gain

    Is the rightwing base too stupid to realize it's BS or does is just not0 care as long as the liberal media are blamed?

    Oh do I hope that was a rhetorical/sarcastic question. On the off chance that it wasn't though...

    An ongoing pandemic with a body count of well over half a million in the US alone has been politicized and is being used to keep the Trump cultists riled up about how the dastardly libs are out to steal their freedom (from personal consequences) with a deadly effect.

    Yes, they are that stupid.

    link to this | view in thread ]

  25. identicon
    Hugh G Rection, 4 Dec 2021 @ 8:41pm

    Re:

    Governor Parsnip likes his pickin and grinnin. What he's good at? Freedum!

    link to this | view in thread ]

  26. identicon
    Anonymous Coward, 5 Dec 2021 @ 2:53am

    'That investigation needs to be closed, and everyone involved from DESE to Governor Parson to the Highway Patrol owe the St. Louis Post-Dispatch, its reporters, and the citizens of Missouri a massive apology'

    i doubt if that'll happen because it's gonna make everyone from DESE and, of course, more importantly, Governor Parsons, look like the massive c***s that they are.

    the problem is that this sort of thing is not the first, nor will it be the last incident of this type. the even bigger problem is that it's so much easier for those who have made the massive fuck-up to blame others or to threaten others with legal action than to hold their hands up, say 'thank you' to those pointing out what's wrong, and correct the issue(s). no one likes it when it's pointed out that screw ups have been made but to pass the buck because it's embarrassing is a very poor way for people in positions of trust, amongst others, is pathetic!

    link to this | view in thread ]

  27. identicon
    Scott, 6 Dec 2021 @ 10:36am

    Re:

    The investigation is a sham to use so that they don't have to answer questions about it. My SSN was made vulnerable so I called the governor's office and asked, "would the governor have preferred for this private citizen to not have revealed this vulnerability to the Department of education?" But they won't answer any questions of substance related to this issue because it's under investigation.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.