Newly Revealed Details Show That Missouri Government Totally Knew That Journalists Were Not At Fault For Teacher Data Vulnerability

from the of-course-they-knew dept

Kudos for open records laws proving to us that not only is Missouri Governor Mike Parson a technologically illiterate hack, but he’s a lying one as well. You’ll recall, of course, that in October, the St. Louis Post-Dispatch reported on how the state’s Department of Elementary and Secondary Education (DESE) website was designed in such a dangerous way that it was exposing the social security numbers of state teachers and administrators, and rather than thanking the journalists for their ethical disclosure of this total security fail by the state, DESE and Governor Parson called them hackers and asked law enforcement to prosecute them. Governor Parson continued to double down for weeks, insisting that reporting this vulnerability (and failed security by the government he runs) was malicious hacking until DESE finally admitted it fucked up and apologized to the over 600,000 teachers and administrators whose data was vulnerable — but never apologizing to the journalists.

The Post-Dispatch, whose reporters potentially still face charges, put out an open records request to find out more about what the government was saying and discovered, somewhat incredibly, that before DESE referred to them as hackers, it already knew that it was at fault here and even initially planned to thank the journalists. As the documents reveal, the FBI flat out told DESE that this was a DESE fuckup and DESE had sent Gov. Parson a planned statement that thanked the journalists:

In an Oct. 12 email to officials in Gov. Mike Parson?s office, Mallory McGowin, spokeswoman for DESE, sent proposed statements for a press release announcing the data vulnerability the newspaper uncovered.

?We are grateful to the member of the media who brought this to the state?s attention,? said a proposed quote from Education Commissioner Margie Vandeven.

The Parson administration and DESE did not end up using that quote.

The next day, on Oct. 13, the Office of Administration issued a news release calling the Post-Dispatch journalist a ?hacker.?

This is truly incredible. As are the details of the conversation between a Missouri employee and a local FBI agent.

Meanwhile, at 3:24 p.m. on Oct. 13, Angie Robinson, cybersecurity specialist for the state, emailed Department of Public Safety Director Sandra Karsten to inform her that she had forwarded emails from the Post-Dispatch to Kyle Storm with the FBI in St. Louis.

?Kyle informed me that after reading the emails from the reporter that this incident is not an actual network intrusion,? she said.

Instead, she wrote, the FBI agent said the state?s database was ?misconfigured.?

?This misconfiguration allowed open source tools to be used to query data that should not be public,? she wrote.

So, by the time of the “hacker” statement by DESE, it was already pretty clear to people within DESE that it was DESE at fault and not journalists ethically disclosing DESE’s terribly bad security practices. However, the report also notes that the FBI and the local Assistant US Attorney were still investigating whether or not they could bring criminal charges against the journalists:

?Kyle said the FBI would speak to Gwen Carroll, the AUSA (Assistant U.S. Attorney), with the updated information from the emails to see if this still fit the crime and if she was interested in prosecuting,? Robinson said.

Oh, and even worse: technically the criminal investigation is still ongoing:

As of Tuesday, the Highway Patrol?s investigation was still active, Capt. John Hotz told the Post-Dispatch.

That investigation needs to be closed, and everyone involved from DESE to Governor Parson to the Highway Patrol owe the St. Louis Post-Dispatch, its reporters, and the citizens of Missouri a massive apology.

Filed Under: , , , , , , ,
Companies: st. louis post dispatch

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Newly Revealed Details Show That Missouri Government Totally Knew That Journalists Were Not At Fault For Teacher Data Vulnerability”

Subscribe: RSS Leave a comment
28 Comments
ECA (profile) says:

Re: Re:

A thought.
he wont back down until someone higher tells him to.
The Citizens are ashamed because they though they had someone smart in office.
And if he backs down, he will look like a loser.
And as with the masks, he will declare he won. Even if 2 times the people Die, and it can be proven.
Has be past the idea that the sick stay home and not goto the hospital yet?
Just waiting for it.

Anonymous Coward says:

Re: Re: Re:

It’s sad really. He thinks that apologising and amending his world view makes him weak. If he did that, it would actually make him look like he had taken the time to actually understand something. THAT would make him look, not only SMART, but STRONG. He has shown that he doesn’t have the capacity to be either.

Anonymous Coward says:

Re: Re:

I mean that IS why you hired them isn’t it?

Supposedly. Then again, being the governor is from the party of ‘personal responsibility’ the only thing he’s probably learned is that he needs to install more simple-minded ignorant Luddites in those positions.

Only then, can they sit back, assume they can do no wrong, and blame any fuckup of theirs that they clearly don’t understand as ‘derp, must’ve been a hacker. ZOMG!’

This comment has been deemed insightful by the community.
That One Guy (profile) says:

'That would be smart and honest, but not personally gainful...'

I imagine the deciding factor was simply ‘What would benefit me/us more, admitting that the state screwed up or blaming someone else?’, with such minor tidbits like actual guilt and whether or not they were ensuring that the next massive security screwup by the state will only be found out after it’s been fully exploited or is publicly announced set aside as inconsequential in comparison to personal gains.

Anonymous Coward says:

Re: "actual guilt"

this does bear some resemblance to cops and DAs railroading people into prison, and then when evidence fully proves the innocence of the convicted, the same parties, now including courts and legislatures, will dance in circles, demanding that the wronfully imprisoned are guilty, and even if they are not, it doesn’t matter.

bit of a pattern.

That One Guy (profile) says:

Re: Re: 'That would be smart and honest, but not personally gain

Is the rightwing base too stupid to realize it’s BS or does is just not0 care as long as the liberal media are blamed?

Oh do I hope that was a rhetorical/sarcastic question. On the off chance that it wasn’t though…

An ongoing pandemic with a body count of well over half a million in the US alone has been politicized and is being used to keep the Trump cultists riled up about how the dastardly libs are out to steal their freedom (from personal consequences) with a deadly effect.

Yes, they are that stupid.

Anonymous Coward says:

‘That investigation needs to be closed, and everyone involved from DESE to Governor Parson to the Highway Patrol owe the St. Louis Post-Dispatch, its reporters, and the citizens of Missouri a massive apology’

i doubt if that’ll happen because it’s gonna make everyone from DESE and, of course, more importantly, Governor Parsons, look like the massive c***s that they are.

the problem is that this sort of thing is not the first, nor will it be the last incident of this type. the even bigger problem is that it’s so much easier for those who have made the massive fuck-up to blame others or to threaten others with legal action than to hold their hands up, say ‘thank you’ to those pointing out what’s wrong, and correct the issue(s). no one likes it when it’s pointed out that screw ups have been made but to pass the buck because it’s embarrassing is a very poor way for people in positions of trust, amongst others, is pathetic!

Scott says:

Re: Re:

The investigation is a sham to use so that they don’t have to answer questions about it. My SSN was made vulnerable so I called the governor’s office and asked, “would the governor have preferred for this private citizen to not have revealed this vulnerability to the Department of education?” But they won’t answer any questions of substance related to this issue because it’s under investigation.

Add Your Comment

Your email address will not be published.

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...
Loading...