The cybersecurity professor who helped uncover the Missouri government’s failure to protect teachers’ Social Security numbers has demanded that the state cease its investigation into him and stop making “baseless accusations” that he committed a crime.
As we reported on October 14, Missouri Gov. Mike Parson threatened to prosecute and seek civil damages from a St. Louis Post-Dispatch journalist who identified a security flaw that exposed the Social Security numbers of teachers and other school employees. The state is also investigating Shaji Khan, a cybersecurity professor at the University of Missouri-St. Louis who helped the Post-Dispatch journalist verify the security vulnerability.
This is all happening despite the fact that the state government made teachers’ Social Security numbers available in an unencrypted form in the HTML source code of a publicly accessible website. The governor’s strategy of blaming those who discovered the flaw earned him widespread mockery on social media from people who are familiar with the standard “view source” function present in major web browsers.