Missouri Gov. Mike Parson took a page straight out of Trump's playbook when he threatened a reporter who exposed vulnerability in a Missouri Department of Elementary and Secondary Education Department web application. Parson should have been thanking the reporter informing the state about a flaw in their web application that left 100,000 Social Security numbers vulnerable to public disclosure, Parson threatened the reporter with criminal prosecution and accused them of "hacking."
“We are coordinating state resources to respond and utilize all legal methods available,” Parson said. “My administration has notified the Cole County prosecutor of this matter. The Missouri State Highway Patrol’s digital forensic unit will also be conducting an investigation of all of those involved.”
The Post-Dispatch reported Wednesday on a significant security flaw on a Department of Elementary and Secondary Education website.
A web application that allowed the public to look up teacher certifications and credentials contained the vulnerability, the newspaper reported.
No private information was clearly visible. The Social Security numbers for school teachers, administrators and counselors were present in the HTML source code of the publicly available pages involved.
The Department of Elementary and Secondary Education released statements Wednesday describing a Post-Dispatch journalist as a “hacker.”
On Thursday, Parson said the “individual” who alerted DESE was attempting to “embarrass the state and sell headlines for their news outlet.”
The governor continued, “We will not let this crime against Missouri teachers go unpunished. And we refuse to let them be a pawn in the news outlet’s political vendetta. Not only are we going to hold this individual accountable, but we will also be holding accountable all those who aided this individual and the media corporation that employs them.”
The reporter didn't need any help in embarrassing the state of Missouri. Parson is doing a fine job of that all on his own. And, as the Post-Dispatch reported yesterday, this isn't the only problem with the state's computer systems: Missouri state government wrestles with massive computer shortcomings:
Key computer systems used by the state of Missouri are so outdated officials are worried some of the only programmers who know how to work with the antiquated technology will retire.
Without their knowledge of a programming language that is rarely used anymore, they say, no one will know how to keep critical functions, such as tax reporting, payroll processing and budgeting, from failing.
But for years, Gov. Mike Parson and legislators have taken few steps to address what is an increasingly expensive problem.
According to budget officials, a true overhaul of the state’s systems will cost an estimated $83.5 million. That cost would also finance a new portal for residents to access various state services.
Parson's threat didn't sit well with his fellow Republican, state Rep. Tony Lovasco, who spoke out against the way he's handled this to multiple media outlets:
Representative Tony Lovasco, R-O’Fallon, tells Missourinet the newspaper was not trying to maliciously break into a system. Lovasco has worked in the IT business for about 20 years.
“Looking at the source code and even going through and decoding, as they say, some information that is otherwise open in the clear to anyone who has a web browser – that’s not at all the same as someone who is attempting to actually enter the network without authorization,” says Lovasco. “Regardless of what the law actually says, I think just decency says we should not be prosecuting someone who very clearly did not have malicious intent. I definitely think that the General Assembly ought to look at making the statute a little bit more clear as to how we handle whistleblowers in these types of situations. But I would just say the proper thing to do is to thank the guy for his service, fix the situation and move on.”
He says he does not think Parson’s threat is going to encourage people to come forward when future state data security problems are found.
“There’s a cliche we hear a lot a lot in government that, you know if you see something, say something. This gentleman saw something. He said something. Now, he’s getting threats. I don’t think that’s how it’s supposed to work,” Lovasco says.
Maybe Parson should keep this old adage in mind. "Better to remain silent and be thought a fool than to speak and to remove all doubt."