Missouri Will LOCK HER UP Journalist For Criminal F12 Key Assault

(Photo by KIRILL KUDRYAVTSEV/AFP via Getty Images)

“Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the SSN of those specific educators,” Missouri Gov. Mike Parson tweeted last night. “We notified the Cole County prosecutor and the Highway Patrol’s Digital Forensic Unit will investigate.”

Leave aside for the moment the fact that the Missouri Highway Patrol is apparently in charge of “The Cyber” — the states are laboratories of democracy, and sometimes they cook up some weird shit. The issue here is that the governor is threatening to lock up a reporter for discovering that the Department of Elementary and Secondary Education (DESE) had embedded 100,000 teacher’s social security numbers in the HTML source code of its website, a boneheaded mistake easily discoverable by anyone with a passing understanding of web development.

Best Practices In Trust Accounting: What Every Lawyer Needs To Know

Learn legal trust accounting best practices to ensure compliance and protect client funds. Discover expert tips to set your firm up for success.

By Mary Elizabeth Hammond

In plain English, Saint Louis Post-Dispatch reporter Josh Reynaud just had to hit the F12 key and scroll through what popped up in the window. (Try it yourself, it’s fn + F12 on a Mac.) He’s not a “hacker,” as Parsons and his minions have described him, and he even held off on publishing the story to give DESE time to clean up its own mess.

Nevertheless, DESE sought to cast the blame on Reynaud in communications to its own members. The Post-Dispatch reports:

In the letter to teachers, Education Commissioner Margie Vandeven said “an individual took the records of at least three educators, unencrypted the source code from the webpage, and viewed the social security number (SSN) of those specific educators.”

In reality, the Post-Dispatch discovered the vulnerability and confirmed that the nine-digit numbers were indeed Social Security numbers. The paper then told the department that it had confirmed the vulnerability with three educators and a cybersecurity expert.

But in the press release, DESE called the person who discovered the vulnerability a “hacker” and said that individual “took the records of at least three educators” — instead of acknowledging that more than 100,000 numbers had been at risk, and that they had been available to anyone through DESE’s own search engine.

It’s ridiculous, and yet Parson keeps doubling down.

This data was not freely available, and by the actors own admission, the data had to be taken through eight separate steps in order to generate a SSN. (2/3)

— Governor Mike Parson (@GovParsonMO) October 14, 2021

Why, yes, that is the same governor who just pardoned gun nuts Mark and Patricia McCloskey for waving guns at racial justice protestors walking down the street. Because that’s not a “real” crime.

But noticing that the state is cavalierly exposing its own employees to identity theft? LOCK HER UP.

Missouri teachers’ Social Security numbers at risk on state agency’s website [St. Louis Post-Dispatch]

Elizabeth Dye lives in Baltimore where she writes about law and politics.