Missouri governor continues attack on reporter who found security flaw in state website

Missouri Gov. Mike Parson once again on Sunday took aim at a reporter who notified the state of a security flaw in one of its websites, questioning the journalist’s motives and noting he’d support prosecution of any state employee found to have assisted the reporter.

In a TV interview with Scott Faughn, a longtime Parson supporter, the governor said the criminal investigation he ordered to be conducted by the Missouri State Highway Patrol is still ongoing. 

Asked if he would support prosecution of any state employee discovered to have helped uncover the security flaw, Parson quickly answered, “most certainly.”

Last month, reporter Josh Renaud of the St. Louis Post-Dispatch alerted the state that Social Security numbers of school teachers and administrators were vulnerable to public exposure due to flaws on a website maintained by Missouri’s department of education.

The Social Security numbers were contained in the HTML source code of publicly available pages — information that could easily be discovered by any person who knows how to access the standard web-browser function of displaying a page’s HTML code.

Emails obtained by The Independent show Renaud informed the state of the issue and promised to withhold publishing any story about it until the problem was fixed and the Social Security numbers were no longer exposed. 

He also laid out to state officials in an email the steps he’d taken to find and confirm the security flaw. That included contacting three teachers to verify the information in the HTML code was their Social Security numbers. 

Parson responded to the revelation by labeling Renaud a “hacker” and vowing to seek criminal prosecution. Soon after, a political action committee backing Parson began raising money off of his attacks. 

During his interview Sunday, Parson said he couldn’t understand why Renaud was even looking for the security flaw. And even though the reporter informed the state of the problem and held off publishing a story about it, Parson asked, “Why would you simply not just say, ‘Hey, you got a problem here. You need to fix it.’”

At one point in the interview, Faughn suggested the criticism Parson has faced over his attacks — from cybersecurity experts, the media, First Amendment advocates and even some of his fellow Republicans — could be blamed on elitism.

“The folks that overwhelmingly elected you about a year ago, I don’t think they elected you for your IT skills. It just feels like there’s a hint of elitism in some of this stuff,” Faughn said, later adding: “It just feels a little hint, in some of those highfalutin ivory towers in St. Louis, a hint of elitism about how they talk about this.”

Parson said that he is “no computer expert. I’ll be the first to admit that.”

But if Renaud and the Post-Dispatch did nothing wrong, Parson reasoned, they shouldn’t be afraid of a criminal investigation. 

“Why wouldn’t they want an investigation?” Parson said. 

He then accused the media of misrepresenting the situation. 

“They pretty well spun the story from day one that it was a right click,” he said. “Well trust me, it’s much more than a right click. Because you got to talk about decoders and all these kinds of things that were used.”