Missouri Governor Still Expects Journalists To Be Prosecuted For Showing How His Admin Leaked Teacher Social Security Numbers
from the let-it-go,-mike dept
Missouri Governor Mike Parson is nothing if not consistent in his desire to stifle free speech. As you'll recall, the St. Louis Post-Dispatch discovered that the state's Department of Elementary and Secondary Education (DESE) website was programming in such an incompetent fashion that it would reveal, to anyone who knew where to look, the social security numbers of every teacher and administrator in the system (including those no longer employed there). The reporting on the vulnerability was done exactly following ethical disclosure best practices -- getting just enough evidence of the vulnerability, alerting the state to the problem and not publishing anything until the vulnerability was fixed. The FBI told Missouri officials early on "that this incident is not an actual network intrusion" and DESE initially wrote up a press release thanking the journalists for alerting them to this.
But then Parson blundered his way into making a mess of it, insisting that the reporters were hackers and ordering the Missouri Highway Patrol to "investigate" them for prosecution. When people mocked him for this, he doubled down by insisting that this was real hacking and that those reporting otherwise were part of "the fake news."
A month later, DESE admitted that it had fucked up, apologized to all the teachers and administrators (current and former) who its own incompetence had exposed, and offered credit monitoring to them all. Notably, DESE did not apologize to the journalists who discovered this mess, and the governor has continued to stand by his call to prosecute them.
Earlier this week the Highway Patrol claimed it had completed its investigation... and turned the findings over to state prosecutors. That alone seems worrisome, as there's nothing to turn over to prosecutors here beyond "our governor is a very foolish man, who can't admit to his own failings."
Capt. John Hotz said the results were turned over to Cole County Prosecuting Attorney Locke Thompson.
“The investigation has been completed and turned over to the Cole County Prosecutor’s office,” Hotz told the Post-Dispatch on Monday.
And the Governor still thinks the end result will be the prosecution of journalists for exposing the fact that his own administration ran a dangerously incompetent computer system that put 600,000 current and former state employees' private info at risk:
Gov. Mike Parson on Wednesday expressed his opinion the Cole County prosecuting attorney would bring charges in the case of a Post-Dispatch reporter who alerted the state to a significant data vulnerability.
“I don’t think that’ll be the case,” Parson said when asked what he would do if the prosecutor didn’t pursue the case. “That’s up to the prosecutor; that’s his job to do.”
Parson's continued insistence that this was unauthorized hacking is absolute garbage.
“If somebody picks your lock on your house — for whatever reason, it’s not a good lock, it’s a cheap lock or whatever problem you might have — they do not have the right to go into your house and take anything that belongs to you,” Parson said.
That analogy is just dumb on multiple levels. They didn't pick any lock. They didn't intrude somewhere they weren't supposed to go. The website put the info on their computers in the HTML. They didn't break any locks. They didn't access a system they didn't have access to. They just went where they were allowed to go, and the state's incompetent technologists handed them info it should not have.
Under Parson's definition of "hacking" it would be easy to turn anyone into a hacker. Just expose data you shouldn't expose on a website, and wait until anyone visited the page. That's not how this should work and the fact that he's still pressing this issue raises serious questions about Parson's competence to do anything, let alone run an entire state.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: criminalizing security, ethical disclosure, hacking, journalism, mike parson, missouri highway patrol, vulnerability
Companies: st. louis post-dispatch
Reader Comments
Subscribe: RSS
View by: Time | Thread
"“That’s up to the prosecutor; that’s his job to do.”"
And if he doesn't do what I tell him to do I'll replace him with someone who will.
[ link to this | view in chronology ]
Dowload iolo System Mechanic call 805-261-3073
Dowload iolo System Mechanic call 805-261-3073
The topic is covering about the awesome Product #Iolosystemmechanic. System Mechanic is the single success resolution #easytouse that greatest stations a series of complex automated sustaining actions to support keep your PC reserved and Open clutter.
Iolo System Mechanic Features
Quickly Scan
On Demand Boost
LiveBoost
Data Security
If you like these features, the iolo system mechanic has more to offer. Download it now; it's in #affordableprice, so anyone can afford it. And get to know more: https://antivirusservice5.wordpress.com/dowload-iolo-system-mechanic/
[ link to this | view in chronology ]
Same song, verse ad nauseum
I've never once in my life disclosed a security fault where the report could be traced back to me*.
This situation is why.
*Except where I was working. Even then, I very carefully considered what kind of flack I'd get.
[ link to this | view in chronology ]
Mike Parson is trying to distract people away from his incompetence. It won't work. At the end of the day, he will still be an idiot.
[ link to this | view in chronology ]
Re:
He may be an idiot but he won't be in jail. Only fools tell the emperor he is not wearing any clothes.
[ link to this | view in chronology ]
Re: Re:
Well, unless he gets nailed for libel (afterall, he had a press briefing thanking the news outlets investigators, implying he knew better, and continuing further would be a fully informed malicious act). Sure, no prison, but he'll get a fine which won't look good for him
[ link to this | view in chronology ]
Re: Re: Re: The memo you didn't get....
That particular memo laid out two rules:
No sitting politician of the Republican party shall be fined for any reason.
Please try to keep up with current affairs, they're important.
[ link to this | view in chronology ]
Re: Re:
"Only fools tell the emperor he is not wearing any clothes."
And children. Surely the revelation the emperor is, in fact, naked will prompt people to think about why they noted that fact and kept silent? Right?
Eh, who am I kidding. It's Missouri. The bystanders will all agree the kid in question is some stripe of godless liberal and beat seven kinds of shit outta the snot-nosed brat brazen enough to confirm the evidence of their own lying eyes. Because these people are long past where they'd accept even the most bitingly obvious of facts...
[ link to this | view in chronology ]
lets see
And if you leave your door unlocked,
You would expect a person to, MAYBE, peek inside and declare they are there, and is anyone home.
And if, you were having problems. Come in and HELP YOU.
And what did the Journalists DO? They TOLD you something was wrong, and your door wasnt locked. And Showed you truth of it, so you would know they were not lying.
They didnt run around telling everyone that you had an unlocked door.
[ link to this | view in chronology ]
I lived in Missouri for 30 years.
This mindset is common for most of their politicians.
The Show-Me State shows lots of things but leaders with common sense aren't on display. (Josh Hawley, Eric Greitens...)
Gov. "Parsnip" needs to quit behaving like he has the intelligence of one, get his Mule head out of his ass (pun intended) accept that this FU occurred on his watch and is therefore at least partially his responsibility.
A man in his position can't afford to be more tech illiterate than his constituents.
At least, not for long.
[ link to this | view in chronology ]
Re:
Tell him,
That when he can setup his own VCR, DVD recorder, Blue ray player, CELLPHONE, and know how his 40+ button remote control.
Without his 4 year old Grand child showing him HOW.
He can THEN have an opinion.
[ link to this | view in chronology ]
No lock picks required!
Thus, a closer analogy for the situation is putting your working $1000 TV on your front lawn, putting a “For Free” sign on it, and then pressing theft charges against the people who picked it up. May not be a perfect analogy, but it’s a heck of a lot better and way more accurate to the situation than the governor’s lock picking analogy!
[ link to this | view in chronology ]
Re: No lock picks required!
Just putting it out on trash pickup day, where it is expected to be accessible to anyone.
[ link to this | view in chronology ]
Re: Re: No lock picks required!
There are LAws in many Major metro, about Stealing trash out of the cans.
It was put there because the Poor would go around collecting the recycling materials THEMSELVES, and take it in for the money.
F'ing stupid.
[ link to this | view in chronology ]
Re: Re: Re: No lock picks required!
Sadly, they don't apply to the police. And every now and then, they will arrest you because they saw a marijuana grow operation in the tea leaves.
[ link to this | view in chronology ]
Re: No lock picks required!
Well, the problem was that the hard disk in the TV contained really embarrassing not-to-be-distributed-oh-god-no videos and the people picking up the TV published a report for people dumping their TV sets how to avoid problems of that kind.
[ link to this | view in chronology ]
Re: No lock picks required!
Even better one: I call the department of education, ask for a school's phone number, and the person on the phone starts telling me the SSNs of everyone who works there.
[ link to this | view in chronology ]
Re: No lock picks required!
More like putting it in the journalist's closet in their own home
[ link to this | view in chronology ]
The Highway
No doubt Missouri Governor Mike Parson got the Missouri Highway Patrol to follow-up because the data was in the information highway and they might be able to intercept it.
[ link to this | view in chronology ]
Re: The Highway
No, no, no! It wasn't the Information Highway, it was the Information Super-Highway! He should have asked if Gotham City could loan him Batman.
[ link to this | view in chronology ]
'Why didn't anyone tell us?!'
At this point he is practically begging the state systems to be hacked because by repeatedly asserting the people properly informing the state of a vulnerability are 'hackers' he is ensuring that no white-hat will ever do that again, and if they aren't telling the state that they screwed up then those with less stellar motives will be all over the next vulnerability and the state will only learn about it after the fact.
[ link to this | view in chronology ]
Re: 'Why didn't anyone tell us?!'
I seem to recall the US in general has been doing that for decades, and it's the reason why many cybersecurity researchers are fearful of going anywhere near a US border. Fear of unjust retribution for just doing their jobs.
Given that Missouri is in the same nether regions of the US as Florida Man, absolutely no-one should be surprised that Missouri is more than willing to uphold the federal policy on the matter. It's unfortunate that said policy does nothing but harm it's own citizens and the US as a whole, but the US hasn't learned to care about it yet....
[ link to this | view in chronology ]
Analogy
[ link to this | view in chronology ]
Parson's playing to the MAGA crowd, pure and simple. Admitting his mistakes and apologizing to the journalists would result in losing that voter base and being shunned by Dump, so I wouldn't expect any change on this front anytime soon.
[ link to this | view in chronology ]
'My foot has always had a gunshot wound!'
It is so disturbing how so many people see and treat 'being able to admit to being wrong' as a sign of weakness rather than maturity.
[ link to this | view in chronology ]
Re: 'My foot has always had a gunshot wound!'
In this case, it's because Parson admitting he's wrong would be admitting that journalists who aren't conservative can be correct on something, a concept which contradicts Dump's proclamation that the only real news is in the conservative echo chamber - and since the GQP/MAGAts/QAnoners seem to think unwavering loyalty and fealty to Dump is the most important attribute of being a Republican, contradicting Dear Leader is paramount to treason and admitting one's mistakes or bullheadedness puts a stain on the infallibility of the Party (unless, of course, the mistake being admitted to is "I was wrong to question Dear Leader").
[ link to this | view in chronology ]
Re: Re: 'My foot has always had a gunshot wound!'
I'm just waiting for them to ramp up killing themselves to own the libs.
[ link to this | view in chronology ]
Re: Re: Re: 'My foot has always had a gunshot wound!'
Isn't that what they are doing over cover, dying to avoid the 'dangerous' vaccine that is 'killing' the libs?
[ link to this | view in chronology ]
Re: Re: Re: Re: 'My foot has always had a gunshot wound!'
Darwin Awards, Darwin Awards everywhere...
[ link to this | view in chronology ]
Darwin? No. Herman Cain? Yes.
[ link to this | view in chronology ]
Re:
Ah yes, I forgot that there's a specific name now for plague rats that die from their stupidity, good catch.
[ link to this | view in chronology ]
Re:
824k dead from Covid...and the loyal faithful of Dear Leader have doubled down so far on being morons there is now the need to go beyond the Darwin Award over the malicious and persistent stupidity of these people.
By now I'm just waiting for some Seventh Day Adventist offshoot to start claiming that dying of Covid is the Rapture.
[ link to this | view in chronology ]
Re: Re: Re: Re: 'My foot has always had a gunshot wound!'
Mother nature is screwing with us... they attend these super spreader events and before they end up dead they manage to kill off other people
[ link to this | view in chronology ]
Re: 'My foot has always had a gunshot wound!'
What? That's not my kind of personal responsibility.*
*The hunt for what kinds of personal responsibility fall under "personal responsibility" has changed from search and rescue to recovery operations.
[ link to this | view in chronology ]
Can’t wait till he gets the Rona lol
[ link to this | view in chronology ]
Re:
He already had it, in 2020:
https://governor.mo.gov/press-releases/archive/statement-regarding-governor-and-first-lady-parson-c ovid-19-test-results
[ link to this | view in chronology ]
So how about this...all HTML creators add a comment to their HTML source that says "Mike Parson is a f*cking idiot, and according to him you just hacked this computer."
[ link to this | view in chronology ]
Say what you will, using the site in this way clearly goes against the DESE site's Normal Use of Technology Systems policy (their terms of use). The journalists agreed to this policy, so they have to follow it. It's especially tricky with clickthrough terms of service that nobody reads, but whatever should happen, what the law says must happen is that the journalists must stick to the policy or face penalties.
For the relevant text of the Normal Use of Technology Systems agreement, look up DESE NUTS.
[ link to this | view in chronology ]