Viewing the HTML codes of a website does not amount to illegal activity or “hacking,” a professor has told the Missouri government. And it’s not just any professor, but rather one who is an expert in cybersecurity and has helped uncover the State government’s failure to protect the Social Security numbers of teachers.
Unencrypted Codes and Baseless Accusations
Cybersecurity professor Shaji Khan, from the University of Missouri-St. Louis, is seeking for the State drop its probe into him, and stop making “baseless accusations” about him having prevented a crime. This comes in the wake of Governor Mike Parson threatening to prosecute and demand civil damages from a St. Louis Post-Dispatch journalist who revealed a security flaw which had left the Social Security numbers of teachers and school employees exposed. He was apparently helped by Khan, hence the investigation into the latter.
Nevertheless, the professor has pointed out through his attorney that accessing unencrypted HTML source code (which was how the Social Security numbers had been made available on a publicly accessible website) isn’t really illegal. Moreover, the governor has become the target of major trolling online, with a lot of people being well-versed with the easily noticeable “view source” function in web browsers.
State to be Held Accountable?
Khan’s attorney has sent a litigation hold and demand letter to Parson and certain state agencies, holding them accountable for defaming him and violating his “right to speak freely without the threat of government retaliation” under the First Amendment. The letter further highlights how laws don’t prohibit the public from accessing publicly available sites or viewing unencrypted source codes.
The communication also notes how Khan was asked by Post-Dispatch reporter Josh Renaud to verify the security flaw in the State government’s website which provided the certifications and credentials of teachers. It calls for a probe to instead be launched into the government, alleging leaders and authorities of having violated a Missouri law which bars state entities from making Social Security numbers publicly accessible. Another legislation which is said to have been violated is one which requires government officials to grant accurate information of data breaches to victims.
October 13 had seen the Office of Administration of Missouri issue a press release, alleging a “hacker” of having accessed teachers’ Social Security numbers. This, however, has been falsified by Khan’s letter, which states that the numbers were “automatically transmitted” to every visitor to the website, without the need for any unauthorized access.
The attorney has said that while they havent received any response from the authorities following the letter, the investigation hasn’t stopped either.
Source: Ars Technica