News Briefs

Missouri governor continues attack on reporter who found security flaw in state website

By: - November 1, 2021 10:29 am

Missouri Gov. Mike Parson delivered his State of the State address on Jan. 27, 2021 (photo courtesy of Missouri Governor’s Office).

Missouri Gov. Mike Parson once again on Sunday took aim at a reporter who notified the state of a security flaw in one of its websites, questioning the journalist’s motives and noting he’d support prosecution of any state employee found to have assisted the reporter.

In a TV interview with Scott Faughn, a longtime Parson supporter, the governor said the criminal investigation he ordered to be conducted by the Missouri State Highway Patrol is still ongoing. 

Asked if he would support prosecution of any state employee discovered to have helped uncover the security flaw, Parson quickly answered, “most certainly.”

Last month, reporter Josh Renaud of the St. Louis Post-Dispatch alerted the state that Social Security numbers of school teachers and administrators were vulnerable to public exposure due to flaws on a website maintained by Missouri’s department of education.

The Social Security numbers were contained in the HTML source code of publicly available pages — information that could easily be discovered by any person who knows how to access the standard web-browser function of displaying a page’s HTML code.

Emails obtained by The Independent show Renaud informed the state of the issue and promised to withhold publishing any story about it until the problem was fixed and the Social Security numbers were no longer exposed. 

He also laid out to state officials in an email the steps he’d taken to find and confirm the security flaw. That included contacting three teachers to verify the information in the HTML code was their Social Security numbers. 

Parson responded to the revelation by labeling Renaud a “hacker” and vowing to seek criminal prosecution. Soon after, a political action committee backing Parson began raising money off of his attacks

During his interview Sunday, Parson said he couldn’t understand why Renaud was even looking for the security flaw. And even though the reporter informed the state of the problem and held off publishing a story about it, Parson asked, “Why would you simply not just say, ‘Hey, you got a problem here. You need to fix it.’”

At one point in the interview, Faughn suggested the criticism Parson has faced over his attacks — from cybersecurity experts, the media, First Amendment advocates and even some of his fellow Republicans — could be blamed on elitism.

“The folks that overwhelmingly elected you about a year ago, I don’t think they elected you for your IT skills. It just feels like there’s a hint of elitism in some of this stuff,” Faughn said, later adding: “It just feels a little hint, in some of those highfalutin ivory towers in St. Louis, a hint of elitism about how they talk about this.”

Parson said that he is “no computer expert. I’ll be the first to admit that.”

But if Renaud and the Post-Dispatch did nothing wrong, Parson reasoned, they shouldn’t be afraid of a criminal investigation. 

“Why wouldn’t they want an investigation?” Parson said. 

He then accused the media of misrepresenting the situation. 

“They pretty well spun the story from day one that it was a right click,” he said. “Well trust me, it’s much more than a right click. Because you got to talk about decoders and all these kinds of things that were used.”

Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.

Jason Hancock
Jason Hancock

Jason Hancock has spent two decades covering politics and policy for news organizations across the Midwest, with most of that time focused on the Missouri statehouse as a reporter for The Kansas City Star. A three-time National Headliner Award winner, he helped launch The Missouri Independent in October 2020.

MORE FROM AUTHOR