Missouri is continuing its persecution of the St Louis Post-Dispatch, its reporters, and Professor Khan of UMSL.^1 It makes me sick to my stomach that unscrupulous politicians like Governor Parsons have spent the past few months seeking to ruin the good names and livelihoods of those who ethically exposed the state's gross negligence.^3,^4
To anyone reading this who is unaware of the context, a reporter at the St Louis Post-Dispatch discovered that the state's publically accessible education website served HTML with teachers' plaintext Social Security Numbers. Subsequently, they informed the government of the vulnerability and held off on publishing the story until the problem was sufficiently remediated.
The Parsons administration initially planned to thank the paper for discovering that the state had inadvertently(?) published the personal identifiable information of Missourian teachers.^2 Instead, at the last moment, they decided to publically accuse^5 the heroes of this story of "hacking".
Governor Parsons is participating in a worsening political trend of attacking the legitimacy of the free press.^6,^7,^8 As an American with interest in foreign news, I'm aware that this type of abuse of political power has inspired politically aligned radicals to assassinate journalists in countries around the world.^10 I have found the numerous attacks in America by police against journalists covering stories like the Black Lives Matter protests profoundly disturbing.^11,^12,^13,^14,^15 The January 6th Insurrection[^9] saw attacks against journalists covering the event by those aligned with the Republican Party.^16
With that said, Missouri has taken the next step in its attack on journalism and (somewhat humorously) HTTP: the Missouri State Highway Patrol's Digital Forensic Unit has recently forwarded its (secret) findings to the Cole County prosecutor.
Do I have an axe to grind? Hell yes, I do. Democracy is fragile; I believe it's worth protecting it and those who play a role in maintaining the integrity of that order.
I would ask that those who understand the absurdity -- and danger -- of what Missouri is doing to take it a step further. For my part, I wrote a letter to Cole County prosecutor Locke Thompson, imploring him to not participate in this farce.
For reference, here is the email I wrote to him:
Good evening, Mr Thompson,
My name is Christopher and I’m writing you to implore that your office not seek charges against the Post-Dispatch, its employees, Professor Khan, or anyone else falsely accused of accessing state managed data in an unauthorized fashion.(1)
In fact, the accused did the ethical thing by notifying state officials that the state was leaking teachers’ personal identifiable information (PII).
A quote from Governor Parsons:
"If somebody picks your lock on your house — for whatever reason, it’s not a good lock, it’s a cheap lock or whatever problem you might have — they do not have the right to go into your house and take anything that belongs to you."
This statement makes it clear that Governor Parsons does not understand how computer networks work. Whether intentionally or not, the PII in question was provided by the state to everyone who accessed the now removed Education Department webpage. Because the state embedded PII in the HTML response from servers in question, it is the state that erred.
To put it simply, when one loads a website with their browser, one is making a request for resources (HTML, images, movies, etc) from some server. In turn, whatever the server’s response, it is given freely to the requester. It is then the browser that chooses how to present the server’s response.
The state’s server did not request credentials to access the PII embedded in the HTML; therefore, it follows that all accessors of this webpage — intentionally or not — were authorized to access the PII.(2,3)
While I might mention that I’m a software engineer, I would also add that it doesn’t take an expert to see what’s going on here: the state government is embarrassed by their negligent failure to protect PII of Missourians. In fact, it would be perfectly reasonable for Missouri teachers to sue the state for negligent publication of their PII.
Mr Thompson, I implore you to dismiss these farcical allegations; please do not bow to political pressure. Justice matters.
Missouri is continuing its persecution of the St Louis Post-Dispatch, its reporters, and Professor Khan of UMSL.^1 It makes me sick to my stomach that unscrupulous politicians like Governor Parsons have spent the past few months seeking to ruin the good names and livelihoods of those who ethically exposed the state's gross negligence.^3,^4
To anyone reading this who is unaware of the context, a reporter at the St Louis Post-Dispatch discovered that the state's publically accessible education website served HTML with teachers' plaintext Social Security Numbers. Subsequently, they informed the government of the vulnerability and held off on publishing the story until the problem was sufficiently remediated.
The Parsons administration initially planned to thank the paper for discovering that the state had inadvertently(?) published the personal identifiable information of Missourian teachers.^2 Instead, at the last moment, they decided to publically accuse^5 the heroes of this story of "hacking".
Governor Parsons is participating in a worsening political trend of attacking the legitimacy of the free press.^6,^7,^8 As an American with interest in foreign news, I'm aware that this type of abuse of political power has inspired politically aligned radicals to assassinate journalists in countries around the world.^10 I have found the numerous attacks in America by police against journalists covering stories like the Black Lives Matter protests profoundly disturbing.^11,^12,^13,^14,^15 The January 6th Insurrection[^9] saw attacks against journalists covering the event by those aligned with the Republican Party.^16
With that said, Missouri has taken the next step in its attack on journalism and (somewhat humorously) HTTP: the Missouri State Highway Patrol's Digital Forensic Unit has recently forwarded its (secret) findings to the Cole County prosecutor.
Do I have an axe to grind? Hell yes, I do. Democracy is fragile; I believe it's worth protecting it and those who play a role in maintaining the integrity of that order.
I would ask that those who understand the absurdity -- and danger -- of what Missouri is doing to take it a step further. For my part, I wrote a letter to Cole County prosecutor Locke Thompson, imploring him to not participate in this farce.
For reference, here is the email I wrote to him:
[^9]: Chronicle of the insurrection, https://www.washingtonpost.com/politics/interactive/2021/jan-6-insurrection-capitol/