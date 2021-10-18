In the clerk’s office at City Hall, anyone looking through a paper tray will find copies of meeting minutes, departmental reports and other public records.
Although much of the information is available online, the “media tray” is a delightfully old-fashioned way to keep the public informed of what’s going on in St. Joseph’s city government.
Here’s a purely hypothetical scenario: What if a newspaper reporter found a copy of the Social Security numbers of city employees accidentally placed in this tray? What if this reporter, before writing something about it, notified city officials so that the vulnerability could be eliminated and no one would be harmed?
Would this reporter be considered a hacker, even though the intent wasn’t malicious but was instead meant to foil a bad actor? No, of course not. Only a fool would believe that.
Well, a fool and Gov. Mike Parson.
The governor is demanding a criminal investigation of a St. Louis Post-Dispatch reporter who discovered a flaw that could have exposed the Social Security numbers of teachers on a Department of Elementary and Secondary Education web application. Parson takes this hard line despite action on the part of the newspaper that suggests good faith instead of malicious intent.
Before publication, the newspaper contacted DESE so that the problem could be remedied. Nevertheless, Parson, during a news conference, promises “swift justice.”
Who knows why the governor is digging in on this one, but he seems to be the one who is exposed, not DESE or the teachers.
Maybe he’s just thin-skinned or maybe he had a bad week with all the departures and ousters from his cabinet. Or perhaps the governor is just your typical boomer who can’t believe that so much gosh-darned information is available just from right-clicking or hitting the F12 button on your PC.
It’s easy to make light of this situation because, as far as we know, no one was hurt. For that, everyone should be thankful, but there’s a more serious undercurrent to consider.
Parson’s stance won’t provide much comfort to anyone else who comes across a potential security weakness on a state-affiliated website. You would have to think twice about saying anything. Rep. Tony Lovasco, an O’Fallon Republican with a background in IT, told Missourinet that the whole experience might prompt elected officials to clarify the law on whistleblowers who discover data security weaknesses.
That would be a good move because your typical Russian hacker won’t be nearly as accommodating as a newspaper reporter from St. Louis. A better course of action for Parson would be to demand an internal investigation of the data security of other state websites.
(0) comments
Welcome to the discussion.
Log In
Keep it Clean. Please avoid obscene, vulgar, lewd, racist or sexually-oriented language.
PLEASE TURN OFF YOUR CAPS LOCK.
Don't Threaten. Threats of harming another person will not be tolerated.
Be Truthful. Don't knowingly lie about anyone or anything.
Be Nice. No racism, sexism or any sort of -ism that is degrading to another person.
Be Proactive. Use the 'Report' link on each comment to let us know of abusive posts.
Share with Us. We'd love to hear eyewitness accounts, the history behind an article.