After the St. Louis State Dispatch wrote that a government website was leaking the social security numbers of workers, Missouri Governor Mike Parson demanded that the journalists who reported the security failure be prosecuted as "hackers" for "decoding" the "HTMLM" (sic).
The newspaper agreed to hold off publishing any story while the department fixed the problem and protected the private information of teachers around the state. … According to the Post-Dispatch, one of its reporters discovered the flaw in a web application allowing the public to search teacher certifications and credentials. No private information was publicly visible, but teacher Social Security numbers were contained in HTML source code of the pages.
Serious security failure on a timescale of years, uncovered simply by looking at the underlying text of a website. And it proceeds to farce in the governor's struggle to read the statement written for him, of which he clearly understands nothing.
The claim that clicking "view source" is "hacking"—and also "decryption", according to education commissioner Margie Vandeven—is absurd even by the usual standards of false claims on the subject matter.
But remember that the point is not to win the hypothetical prosecution. It's to chill similar reportage by establishing the cost and danger of publishing it. And with the CFAA being such a terrible law, who knows? Maybe they can land the blow anyway.
The point to be understood: Missouri does not want anyone looking too closely at its IT infrastructure. Whatever may or may not be wrong with it—and the well-established incompetence of those responsible for it—is none of your business.
