Messenger: Missouri has an award-winning cybersecurity team. Why is Parson calling such work a crime? | Tony Messenger

That’s what the news release with the dead link says. I copied and pasted the link into an internet site called the “Wayback Machine,” which captures websites in real time, so that when future links go dead, for whatever reason, the information is still archived. Here’s what it says about why state workers looked at publicly available HTML code at government and private business sites:

“The program identifies high-risk systems that, if left insecure, could lead to disruptions within critical infrastructure or significant data loss, and contacts the owners of the impacted systems to mitigate risks. … The primary business goal of this program is to protect the critical infrastructure belonging to governments, businesses, utilities, and academic institutions across the State of Missouri. Critical infrastructure provides the foundation of many life sustaining services such as healthcare, government, public safety, energy, transportation, communication, food/agriculture, and manufacturing. Keeping these services available around the clock are critical to today’s way of life. A secondary business goal is to safeguard the data belonging to Missouri citizens, students, and customers. Our data lives online as much as we do, and to safeguard it has become essential to prevent identify theft, financial loss, and brand reputation impact.”

This is the same sort of motivation that drives data journalists to check state websites, and, when they find something that could lead to citizens’ personal information being insecure, letting government officials know of the potential weakness. That’s what Renaud found out. He discovered the state’s Department of Elementary and Secondary Education was storing social security numbers of teachers in publicly available HTML code. Then he told the state about it so they could fix the problem.