Florida State Police Raid Home Of COVID Whistleblower, Point Guns At Her & Her Family, Seize All Her Computer Equipment
from the this-is-fucked-up dept
This is insane. Earlier this year, we wrote about Rebekah Jones, the data scientist working for Florida, who put together that state’s COVID-19 database (that had received widespread praise), and who was fired by the state for her failure to fake the data to make it look like Florida was handling the pandemic better than it actually was. Governor Ron DeSantis had made it clear he wanted data showing good results in order to justify reopening the state.
As Jones herself explained after being fired:
I was asked by DOH leadership to manually change numbers. This was a week before the reopening plan officially kicked off into phase one. I was asked to do the analysis and present the findings about which counties met the criteria for reopening. The criteria followed more or less the White House panel’s recommendations, but our epidemiology team also contributed to that as well. As soon as I presented the results, they were essentially the opposite of what they had anticipated. The whole day while we’re having this kind of back and forth changing this, not showing that, the plan was being printed and stapled right in front of me. So it was very clear at that point that the science behind the supposedly science-driven plan didn’t matter because the plan was already made.
Since then, Jones has been running Florida COVID Action, which is a dashboard of Florida COVID information, like the one she used to run for the state.
And apparently Florida’s Governor Ron DeSantis couldn’t allow that to stand. This afternoon Rebekah posted a short Twitter thread, with video, showing Florida state police raiding her home. As she notes, when they asked her who else was in the home, she told them that her husband and children were upstairs, and they pulled out their guns:
There will be no update today.
At 8:30 am this morning, state police came into my house and took all my hardware and tech.
They were serving a warrant on my computer after DOH filed a complaint.
They pointed a gun in my face. They pointed guns at my kids.. pic.twitter.com/DE2QfOmtPU
— Rebekah Jones (@GeoRebekah) December 7, 2020
This is horrifying on so many levels. Why was her home raided? Why did they pull out guns? Why did they do it after she told them that it was her children upstairs? Why did they seize all of her electronics equipment? Why are they doing any of this?
Jones has been doing everything to better inform the public of what’s happening in the middle of a pandemic, and this is the thanks she gets? Having her home raided by the police and having guns drawn on her children?
This is what happens to scientists who do their job honestly.
This is what happens to people who speak truth to power.
I tell them my husband and my two children are upstairs… and THEN one of them draws his gun.
On my children.
This is Desantis' Florida.
— Rebekah Jones (@GeoRebekah) December 7, 2020
This is not supposed to happen. This should not happen. It is horrifying and I hope that Jones is able to retain powerful legal help to fight back against this clear violation of her civil liberties, and a clear authoritarian overreach by Governor DeSantis.
Update: Since the original story broke, Florida state police claim that the search warrant was in response to someone breaching an emergency alert system and sending a group text saying: “It’s time to speak up before another 17,000 people are dead. You know this is wrong. You don’t have to be a part of this. Be a hero. Speak out before it’s too late.” The warrant claims that the breach was tied to an IP address at Jones’ house. Jones has vehemently denied she had anything to do with this:
“I’m not a hacker,” Jones said. She added that the language in the message that authorities said was sent was “not the way I talk,” and contained errors she would not make.
“The number of deaths that the person used wasn’t even right,” Jones said. “They were actually under by about 430 deaths. I would never round down 430 deaths.”
Later in the evening, the full search warrant was published, and it raise serious questions… not about Jones, as much as what the fuck Florida’s Dept. of Health is doing with its communications systems. The service that Jones is accused of using involves a shared password among a ton of people:
On November 10, 2020, at approximately 1420 hours and 1442 hours, an unidentified subject gained access to a mull?user account group StatoESF? 8 Planning” and sent a group text stating the following: “it’s time to speak up before another 17,000 people are dead. You know this is wrong. You don’t have to be part of this. Be a here, Speak out before it’s too late? From StateESF8 Planning”. FDOH estimates that approximately 1,750 messages were delivered before the software vendor was able to stop the message from being transmitted.
FDOH has several groups within ReadyOp’s application platform, one of which is StateESF8.Planning. ESF8 is Florida’s Emergency Support Function for Public Health and Medical with which they coordinate the state?s health and medical resources, capabilities, and capacities. They also provide the means for a public health response, triage, treatment, and transportation. The group StateESF8.Planning is utilized by multiple users, some of which are not employees of FDOH but are employees of other government agencies. Once they are no longer associated with ESF8 they are no longer authorized to access the multi?user group.
All users assigned to StateESF8.Planning group share the same username and password. SA Pratts requested and received a copy of the technical logs containing the Internet Protocol (IP) address for users accessing the ReadyOp web?based platform for the multi?user StateESF. Planning.
As security pro Jake Williams notes, it is bizarre beyond belief that (1) you have an important system relying on a single shared username and password and that such login info is not changed after someone is fired:
As someone who has done forensics on non-standard software, let me just note that you have to REALLY make sure you know what the logs are telling you.
Oh, also WHY DOES SOMETHING SO CRITICAL RELY ON A SHARED ACCOUNT?
— Jake Williams (@MalwareJake) December 8, 2020
Still, it sounds like we may end up seeing a classic CFAA-style case here, regarding “unauthorized access.” Unfortunately, there are some cases on the books where logging into a system where you had a password after you’ve been instructed not to do so any more means you’ve violated the CFAA. This is kind of stupid, because it should be on the organization itself to actually change the password, rather than putting the burden on the user… but if there’s real evidence here that she did access the system, she could be in serious CFAA trouble.
Even so, that’s no excuse for raiding her home with guns drawn.