Politicians, especially those who didn’t grow up with computers, occasionally stumble in embarrassing ways during discussions about technology. An unfortunate reference to “finsta” during a recent Senate hearing, for example, became fodder for a “Saturday Night Live” sketch.
And while that was funny, some politicians’ tech confusion is far less amusing. NBC News had this discouraging report yesterday about Missouri’s Republican governor.
Missouri Gov. Mike Parson on Thursday called for a criminal investigation into a journalist who discovered a vulnerability on a state website that left the Social Security numbers of thousands of public school teachers exposed.
One of the extraordinary things about this story is that the journalist in question did everything perfectly. The St. Louis Post-Dispatch’s Josh Renaud uncovered a vulnerability in a state education website, which revealed teachers’ names and their Social Security numbers. Uncovering the vulnerability did not require particularly sophisticated tech skills: All anyone had to do was right-click on the site, choose to look at the HTML source code, and see the private information.
How the reporter and his editors handled the story could be taught in a Journalism 101 course: Renaud contacted a few teachers to verify that the Social Security numbers were authentic and then wrote a story — which the newspaper held for publication until after the website administrators ensured that the private information was no longer publicly visible.
In other words, Renaud and the Post-Dispatch did the right thing the right way. They exposed a data risk, which was fixed as a result of good journalism. Common sense suggests the governor should be thanking the reporter and the newspaper for helping address a problem.
Parson, however, apparently doesn’t quite see it that way. In fact, the GOP governor published an oddly accusatory tweet yesterday: “Through a multi-step process, an individual took the records of at least three educators, decoded the HTML source code, and viewed the [Social Security Numbers] of those specific educators. We notified the Cole County prosecutor and the Highway Patrol’s Digital Forensic Unit will investigate.”
This is just bizarre. There was no “multi-step process” — again, all it took was two simple clicks over the course of a few seconds — and the reporter didn’t “take” anything. He also didn’t have to “decode” anything beyond simply reading the private information the state website inadvertently exposed.
And yet, the Parson administration nevertheless issued a statement yesterday referring to Renaud yesterday as a “hacker.”
I’m not overly concerned about the reporter actually facing some kind of criminal charges. Hopefully, Missouri law enforcement will understand the tech basics well enough to recognize the governor’s weird complaints as laughable.
But the fact that a sitting governor is equating good journalism with a tech crime is nevertheless unsettling.
Tony Lovasco is a Republican state legislator in Missouri who’s worked for decades in IT sales. “It’s clear the governor’s office has a fundamental misunderstanding of both web technology and industry standard procedures for reporting security vulnerabilities,” the GOP state lawmaker explained yesterday. “Journalists responsibly sounding an alarm on data privacy is not criminal hacking.”