We Have a Contender for Dumbest MoterF%$#er on the Planet

A Cole County prosecutor has rebuffed Missouri Gov. Mike Parson’s request to file criminal charges against a St. Louis Post-Dispatch reporter who identified a major security flaw in a government website by viewing publicly available HTML code.

Post-Dispatch reporter Josh Renaud had been facing the threat of prosecution since his discovery that the state website’s HTML source code exposed the full Social Security numbers of teachers and other school employees in unencrypted form. Renaud merely viewed the website’s HTML and converted the Social Security numbers into plain text, and he gave the state time to close the gaping security hole before publishing his findings. Despite Renaud helping the state improve its security, Parson called the journalist a “hacker,” sought criminal charges, and threatened a civil suit.

………

Gov. Parson’s office continues to insist that the journalist committed a crime. “The hacking of Missouri teachers’ personally identifiable information is a clear violation of Section 569.095, which the state takes seriously. The state did its part by investigating and presenting its findings to the Cole County Prosecutor, who has elected not to press charges, as is his prerogative,” the governor’s office said in a statement to Missourinet.

Normally, an organization notified of a security flaw would thank the person who reported it. Missouri state government officials did in fact plan to publicly thank Renaud in a press release, according to internal emails published by the Post-Dispatch in December.

But that draft of the press release was scrapped as the governor insisted on calling Renaud a hacker and demanding a criminal investigation. “It is unlawful to access encoded data and systems in order to examine other people’s personal information, and we are coordinating state resources to respond and utilize all legal methods available,” Parson said in October. In addition to announcing that his “administration notified the Cole County prosecutor of this matter,” Parson said that state law “allows us to bring a civil suit to recover damages against all those involved.” No civil suit has been filed.

………

Khan previously explained in a letter to Parson and other government officials that viewing a website’s unencrypted source code is not illegal and does not make someone a “hacker,” and that “translating the source code into plain text… can be done by anyone.”

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store