Sunday, October 24, 2021

Missouri needs to throw the governor out with the garbage

Gov. Mike Parson escalated his war with the St. Louis Post-Dispatch on Wednesday when his political operation published a video doubling down on his attack against a reporter who informed the state that a state website revealed teacher Social Security numbers.

[...]

The ad comes less than a week after Parson’s widely criticized demand for an investigation and prosecution of the reporter who discovered the security flaw in a state website, along with “all those involved.” Parson read a statement calling the reporter “a hacker” to reporters gathered outside his Missouri Capitol office last Thursday, then left without taking questions.

[...]

In the incident that enraged Parson, a Post-Dispatch reporter found that Social Security numbers for teachers, administrators and counselors was visible in the HTML code of a publicly accessible site operated by the state education department. HTML code is the programming that tells the computer how to display a web page.

The newspaper informed the state of the problem and promised not to publish any story until the issue was fixed.

“We stand by our reporting and our reporter who did everything right,” Post-Dispatch Publisher Ian Caso said in a story in his newspaper. “It’s regrettable the governor has chosen to deflect blame onto the journalists who uncovered the website’s problem and brought it to DESE’s attention.”

  Missouri Independent

What's regrettable is that we have Parson as our governor.
Parson said the Missouri State Highway Patrol would investigate and that Cole County Prosecuting Attorney Locke Thompson had been notified.
The Highway Patrol?
The video continuing the attack on the Post-Dispatch was posted online as Democrats on the House Budget Committee continued to question Parson’s estimate that it will take $50 million to respond “to this one incident alone and divert workers and resources from other state agencies.”

The Public Schools and Education Employees Retirement System responded to a different potential data exposure on Sept. 11 by offering all 350,000 members credit monitoring, identity theft protection and the services of a call center through a contract with Experian, according to Dearld Snider, the agency’s executive director.

The cost of that response was just under $600,000.
After having done some substitute teaching for a few months a couple of years ago, I received a letter this time about a possible breach, but I don't recall that September letter.
And since there is likely a large amount of overlap between the people who have education credentials registered with the education department and those who are members of the retirement system, [State Rep. Peter] Merideth believes the ultimate cost will come nowhere near Parson’s $50 million figure.
And so what if it does? Is Parson suggesting that the cost of the state's failure excuses it?
“I wouldn’t be surprised if it was less than $100,000 for credit monitoring,” Merideth said.

The biggest cost, he said, will be studying the state’s computer systems and upgrading them to provide better service and security.

“It is not about what the reporter did,” Merideth said, “it is about the vulnerability and the outdated systems we have.”

[...]

The Missouri National Education Association said it is still trying to understand exactly what happened, both with the data that the Post-Dispatch found and the potential data loss at the retirement system, said spokesman Mark Jones.

“It is important we take data security as seriously as physical security,” Jones said.

The union has not joined Parson’s call for prosecution of the journalist.

“There is nothing that indicates to me,” Jones said, “that the reporter did anything but act ethically within the bounds of good journalism.”
Acting ethically is something Governor Parson knows nothing about.

...but hey, do what you want...you will anyway.

No comments: