Missouri Plans to Prosecute Journalist who Uncovered Security Flaw

PowerKee’s Bastion of Privacy #46 — Governor sidesteps data privacy issue in boisterous press conference

Governments around the world have repeatedly hindered the adoption of advanced technological solutions that would make their citizens’ lives better. Missouri governor Mike Parson provided a prime example of how government officials fail to understand technology even from the earliest days of the internet. Parson recently announced plans to prosecute a journalist who did nothing more than click “view source” on a government website.

In the latest Bastion of Privacy, we look at this embarrassing incident and detail the governor’s heavy-handed response. We also examine how this incident illustrates the typical government’s approach to technology and their deep mistrust of anything that could remove power from their hands.

Development Update

We are completing the Masternode Testing in a static node environment. We’ll start distributing KEE tokens shortly. The masternode wallet function won’t be enabled once tokens are distributed. Please submit your native KEE token wallet here.

Government website security flaw leaks social security numbers

On Wednesday, October 13th, 2021, St. Louis Dispatch reporter Josh Renaud reported that a flaw on one of the government’s websites revealed the Social Security numbers of up to 100,000 school teachers, administrators, and counselors across Missouri. The Department of Elementary and Secondary Education’s website revealed this sensitive information in the page’s non-rendered HTML.

The newspaper withheld its story until relevant government officials were notified of the flaw and the issue was addressed. Once done, the paper ran a lengthy feature detailing the security issue, while also referencing issues with the department’s education-related data collection practices. The government initially announced an internal review of the matter but then ceased communication entirely.

Shaji Khan, a cybersecurity professor at the University of Missouri at St. Louis, described the vulnerability as “a serious flaw”, while noting how it could have easily been averted. Essentially, he described the error as one that even a beginner developer would avoid making.

Governor promises to prosecute “hacker” while neglecting security flaw

In the tech world, Renaud would have been commended and even rewarded for his discovery. However, things work differently with the Government of Missouri. In a humorous press conference that demonstrated his cluelessness (and presumably had people whispering “boomer”), Governor Parson announced his intention to prosecute Renaud and described him as a “hacker”.

Parson echoed his idol Donald Trump’s views as he claimed the story was a “political game by what is supposed to be one of Missouri’s news outlets.” While he stopped short of crying fake news, the governor was kind enough to explain how a “hacker took the records of at least three educators, decoded the HTML source code, and viewed the social security number of those specific educators.”

Twitter reacted with the usual mockery at this announcement. Freelance web developer Jonathan Sexton was particularly amused by the description of how the Dispatch’s Renaud “decoded the HTML source code” by simply clicking a button.

https://twitter.com/jj_goose/status/1448750470122688515?s=08

Meanwhile Governor Parson was busy claiming that the reporter was “attempting to embarrass the state and sell headlines for their news outlet.” Even Parson’s political colleagues branded his statements as a special kind of cluelessness while noting that the state had no chance of prosecuting the journalist.

Security design requires a rethink

Parson’s response to the situation highlights how citizens’ basic right to privacy and security gets lost in a bigger political game. The governor painting a political angle to what is a basic security flaw is not unintentional. It reveals where his priorities lie.

What’s needed is a complete redesign of our current centralized security infrastructure. Decentralized and privacy-focused networks like PowerKee are a good example of how users can store and exchange value across a privacy-focused blockchain network..

About PowerKee

PowerKee is a cryptocurrency network that makes privacy easy. Users can transact cheaply and instantly while maintaining anonymity. The PowerKee protocol uses a mixture of zero-knowledge proofs and coin mixing to provide strong privacy to its users.