Last month, journalist Josh Renaud with the St. Louis Post-Dispatch discovered that the state of Missouri's Department of Elementary and Secondary Education (DESE) had teachers' confidential information, including social security numbers, unprotected on their website.
Renaud, as a test, looked up a random teacher, click their profile, and then viewed the page's source code, an option built-in to every browser used by anyone who uses the Internet. Within the code, he found the confidential information publicly displayed. Immediately, Renaud, like many others do across the world when finding issues such as this, reported the exposed information to DESE and waited for them to rectify the issue.
Once solved, Renaud then published the story he had been working on titled "Missouri teachers’ Social Security numbers at risk on state agency’s website."
What Renaud didn't expect, was the state's Governor Mike Parson holding a press conference defaming the reporter, paper, and telling taxpayers that he was launching a $50 million investigation into the "hacking."
In other words, instead of thanking the good guy in this situation, Gov Parson demonized him.
According to Gov Parson, the reporter was “acting against a state agency to compromise teachers’ personal information in an attempt to embarrass the state and sell headlines.”
What Renaud actually did was what is expected of everyone to do: report potential exploits, breaches, or exposed information.
The effects of Gov Parson's threat are not yet known. The easiest way to make sure your data is insecure and open to getting hacked is to reveal that anyone reporting a potential exploit will be pursued with legal action. This may cause those in the state with technical know-how to never report anything, putting any and all confidential information any resident might have registered with the state of Missouri in danger of being breached.
"We should not be prosecuting someone who very clearly did not have malicious intent," said Missouri State Rep Tony Lovasco (R). “There’s a cliche we hear a lot in government that, you know if you see something, say something. This gentleman saw something. He said something. Now, he’s getting threats. I don’t think that’s how it’s supposed to work,” he said.
On Wednesday, Oct. 20, superPAC "Uniting Missouri" which supports Gov Parson, uploaded a new attack ad on the St. Louis Post Dispatch. "Exploiting private information is a squalid excuse for journalism. And hiding behind the noble principle of free speech to do it is Shameful. (sic)," the ad stated.