Missouri governor Mike Parson threatens to prosecute reporter who found website security flaw
Politician accused of dodging blame and having ‘fundamental misunderstanding’ of how internet works
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Missouri’s governor has accused a news reporter of hacking a state web page and threatened to prosecute him, after the journalist warned that teachers’ private data was publicly accessible in the site’s source code.
Tens of thousands of social security numbers were visible as plain text within the HTML structure of an application that allowed users to review educators’ credentials, according to a St Louis Post-Dispatch report.
The newspaper alerted Missouri officials after discovering the vulnerability and waited until it had been addressed before publishing its story on Thursday.
In response to the embarrassing coverage, Missouri’s Republican governor Mike Parson called the Post-Dispatch reporter a “hacker” and ordered prosecutors to investigate.
He tweeted: “A hacker is someone who gains unauthorised access to information or content. This individual did not have permission to do what they did. They had no authorisation to convert and decode the code.”
After his comments were widely criticised, Mr Parson insisted the “hack” was “more than a simple ‘right-click’”. However, any web user can inspect a site’s source code with a few mouse clicks. This is a standard feature of browser software.
Making clear he intended to shoot the messenger, Mr Parson said in a press conference the Post-Dispatch reporter was “not a victim”.
He added: “They were acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines for their news outlet. We will not let this crime against Missouri teachers go unpunished.”
Criticism was even levelled by figures within Mr Parson’s own party. Tony Lovasco, a GOP state senator, tweeted that the governor’s office “has a fundamental misunderstanding of both web technology and industry standard procedures for reporting security vulnerabilities”.
The Post-Dispatch’s president and publisher, Ian Caso, stood by the story and the reporter, who he said “did everything right”. A lawyer for the paper said the reporter involved had acted responsibly and that there had been “no breach of any firewall or security and certainly no malicious intent”, meaning he had not broken the law.
And a spokesperson for the AFT St Louis, Local 420 teachers’ union said it was “concerned over the attempt to deflect responsibility and politicise what is very obviously a security breach by the state”.
Additional reporting by Associated Press
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments