Gov. Mike Parson of Missouri made a mistake in accusing a reporter from the St. Louis Post-Dispatch
of hacking a state website that had a significant security flaw. Instead, the governor
should praise the newspaper for helping to avoid a costly data breach and potential legal liabilities.
Post-Dispatch reporter Josh Renaud last week notified education officials
that a government website listing the names of certification status of teachers also made it easy to find their Social Security numbers. Before reporting the story, the newspaper gave the Missouri
Department of Elementary and Secondary Education enough time to remove the web
Warning those officials about the exposed data was the right decision for the paper. While it didn’t spare the state government from embarrassment, it likely prevented the
personal information of those teachers from falling into the hands of nefarious hackers.
Gov. Parson announced he had asked for an investigation of the reporter, whom he
laughably accused of “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet.”
It’s silly to mischaracterize a reporter as an outlaw hacker for discovering that private information about state employees was readily available in a web page’s source
code. That coding is easy to see by toggling the view in a web browser — a skill that every budding website designer is taught during their first day at code camp.
Parson claimed that it was “unlawful to access encoded data and systems in order to examine other people’s personal information.” He pointed to a state law that described a
hacker as someone who accessed data or content without authorization.
Considering that the personal information about the teachers was on a public website, it’s hard to
see how the Post-Dispatch’s investigation could be considered an illegal hack. Instead of vilifying the reporter, Parson should focus his efforts on upgrading the security of the
state’s information technology before something worse happens, like a massive ransomware attack.