Missouri Gov Slams Paper for Detecting Data Security Flaws

Republican Governor. Republican Gov. Mike Parson condemned Thursday's Missouri newspaper for reporting on a flaw within a state database that allowed the public to access thousands of teachers' Social Security numbers. The paper waited until the state had fixed the problem before it reported about the flaw.

Missouri Gov Slams Paper for Detecting Data Security Flaws

Parson stated to reporters that the Missouri State Highway Patrol's Digital Forensic Unit would be investigating "all of those involved". He also said that his administration had spoken with the Cole County prosecutor, which includes Jefferson City, the state capital. Parson didn't explain what "involved", or whether investigators would investigate whether the St. Louis Post-Dispatch violated the law in reporting on the data vulnerability.

The Post-Dispatch reported the security flaw Wednesday. According to the newspaper, the vulnerability was discovered in a web application which allowed the public search for teacher credentials and certificates.

After being informed by the Post-Dispatch about the issue, the Department of Elementary and Secondary Education took the pages off its website Tuesday. The Post-Dispatch stated that it had given the state enough time to resolve the issue before publishing its story.

Based on pay records, the Post-Dispatch calculated that over 100,000 Social Security numbers could be vulnerable. It discovered that the HTML source codes of the pages were containing the Social Security numbers of school workers.

The DESE stated in a press release that the state was unaware of any misuse or inappropriate access to individual information.

Although the Post-Dispatch reported the problem to the agency and waited to publish the story, the agency's news releases called the person who discovered it a hacker -- an apparent reference back to the reporter -- and declined to comment on the matter beyond what it stated in its news release.

You can access source codes by right-clicking any public webpage.

Ian Caso, the newspaper's publisher and president, stated in a statement that the Post-Dispatch supports the story and the reporter. He said, "It's regrettable that the governor has chosen deflect blame onto journalists who discovered the problem and brought it up to the Department of Elementary and Secondary Education."

Parson suggested, too, that the reporter had somehow broken the law.

Parson stated to reporters that this individual was not a victim. They were attempting to sell headlines and embarrass the state by compromising teachers' personal data. This crime against Missouri teachers will not go unpunished.

Peter Swire is a cyber law expert and professor at Georgia Institute of Technology's School of Cybersecurity and Privacy. He said that flagging security holes on publicly accessible websites was a "public service" and "clearly is not criminal under federal law."

Swire stated that right clicking is not considered criminal hacking.

Joseph Martineau, an attorney representing the Post-Dispatch, stated in a statement that the reporter did the right thing and reported his findings to DESE to ensure that there was no misuse or disclosure. Hackers are those who attempt to subvert computer security in malicious or criminal ways. This case shows that there was no security breach and no malicious intent.

Martineau stated that DESE's attempts to distract from its failures by calling this 'hacking' was unfounded.

Jean Maneke, an attorney representing the Missouri Press Association, stated that she was skeptical that any judge would allow it to go this far.

Maneke stated that "Clearly, the Post-Dispatch warned state about this issue." There is no evidence that the act was motivated by criminality or malice. It is not possible to steal information. Parson (the Post-Dispatch) has no reason to claim that there is any illegal act.

Byron Clemens of AFT St. Louis Local 420 said that the teachers union was unaware of any misused educators' information.

Clemens stated in a statement that "but we are concerned over how the attempt to deflect blame and politicize what's very clearly a security breach of the state," Clemens stated.

Parson stated that the state would address security concerns raised by the newspaper's reporting.

Parson stated that "we are working to strengthen security to prevent this from happening again." "The state is taking responsibility for its part and we are working to address areas where we can do better than before."

You need to login to comment.

Please register or login.