News Analysis: Missouri governor’s investigation of St. Louis Post-Dispatch shows misunderstanding of press, tech

Missouri Gov. Mike Parson’s threat to prosecute the St. Louis Post-Dispatch for publishing a story on the state’s failure to keep teachers’ private information confidential is a reflection of the misunderstanding of the press’ role as the watchdog and computer coding, experts say.   

Joseph Martineau, the Post-Dispatch attorney, put it this way: “I think the thought of threatening a journalist who has acted in a responsible manner, which is exactly this situation here, who discovered, while legitimately reviewing a website, that information, which he was not looking for, was available on a site, reporting that had occurred without disclosing the information and after identifying the vulnerability to the public agency involved so that it could correct it is extremely chilling to a reporter’s rights.

 The St. Louis Post-Dispatch article, reported that more than 100,000 Social Security numbers were “vulnerable.” 

“This situation is extraordinarily rare,” Martineau said. “I have never seen a case where information that is available in the HTML code, on a website, that the viewing of that information is, that is put up there by the governmental entity, or anybody for that matter, is subject to any sort of criminal prosecution.” 

Parson and the State of Missouri’s press release refers to the person who discovered the vulnerability as a “hacker.” 

HTML code is not hidden in any way, Mark Sableman, an Intellectual Property, Media, and Internet Law Partner at Thompson Coburn LLP in St. Louis, said via email. 

“By its nature, it is public,” he said. “Saying that it is hacking when someone looks at a web page’s HTML code is a bit like saying it is hacking when someone opens the cover of a book and begins reading the pages inside. The HTML code, like the words inside the book, have always been readily accessible for anyone to see, without any locks, keys, passwords, or other access restrictions.”

Hacking means accessing part of a computer or network without authorization or beyond authorization, he said. 

“HTML code is always public, so no one needs special authorization, and hence the concepts ‘without authorization’ or ‘beyond authorization’ cannot apply to accessing of HTML code,” Sableman said.

Ginny Whitehouse, Director of the School of Communication at Eastern Kentucky University, said Gov. Parson is trying to punish a news outlet that he doesn’t like for reporting lawfully obtained information.  

The governor’s anger is “misdirected, at best, and malicious, at worst,” Whitehouse said. 

It is discouraging whenever governmental officials don’t recognize the value of the media being a watchdog on the government and bringing out things that can and should be corrected, Sableman said.

“Governmental officials not liking the fact of the press brought out news embarrassing to them, and then they accuse the press to divert attention from themselves, I think that happens a lot,” Sableman said.

As an internet lawyer and adjunct law professor, Sableman said he has regularly looked at HTML code since the mid-1990s. 

“If you need to understand a website, you often need to look at its HTML code,” he said. “For several decades, it was very easy to examine, as most browsers had a readily accessible function called ‘view source’ that would bring up the entire HTML code. Most newer editions of browsers, because they are designed for consumers, no longer have that function quite so accessible, but the HTML code has always been readily accessible to professionals and anyone else who wanted to examine websites.”

Sableman said HTML source code for a webpage frequently includes metatags that describe the webpage. 

“The developer of the page wants search engines to read and index these parts of the HTML code,” he said. “They want search engines, and people who may want to link to the page, to know about and use those descriptions. A lot of what you see on a search engine results page is often taken from those metatags, which are part of the public HTML code. I suspect many state of Missouri webpages use descriptive and keyword metatags in their HTML code, and expect them to be viewed, copied, and used. They put the metatags there because they know the HTML code is accessible to everyone, and in fact they want people to look at the code and use these keywords and descriptions found there.”

Sableman said the fact that HTML code is public and not private is so basic that it is hard to say more about it. 

“Complaining that someone looked at my HTML code, and noticed what was in it, is a bit like complaining that someone stood on my street, looked at the exterior of my house, and noticed that it was made of brick,” he said. “It is not hacking, and it is not invasion of privacy. It is simply looking at things that are in public view.   

Sableman said The Missouri highway patrol has descriptive metatags in the HTML code for its website. “These metatags are meant to tell the public that the highway patrol would like to have its website described as ‘the official website for the Missouri highway patrol’”:

<!DOCTYPE html><html lang=”en-us”><head><title>Missouri State Highway Patrol</title><meta name=”twitter:title” content=”Missouri State Highway Patrol”><meta property=”og:title” content=”Missouri State Highway Patrol”><meta name=”description” content=”The official website for the Missouri State Highway Patrol.”><meta name=”twitter:description” content=”The official website for the Missouri State Highway Patrol.”><meta property=”og:description” content=”The official website for the Missouri State Highway Patrol.Par” 

He said this is not secret information. It is something that the highway patrol is publishing to people it doesn’t know. 

“The highway patrol is expecting people they don’t know to look at their HTML code, and they want those people to know their preferred description of their website,” Sableman said. “And clearly, because they know that all sorts of people will be looking at their HTML code for their descriptive meta-tags are other reasons the highway patrol certainly knows and understands that their HTML code is public and not confidential.”

State agencies, including the highway patrol, wouldn’t be publishing information for the public in their HTML code if they thought that website HTML code was private and confidential, Sableman said.

“All due respect to the governor, he has absolutely totally mistaken when he calls looking at HTML code hacking,” Sableman said. “It is not.”

Anyone anywhere could have gained the same access, Whitehouse said.

“He didn’t break into the system, he accessed data that was already there,” she said. 

Whitehouse said people usually think about journalists being subpoenaed because they gain access to information the government wants. Then, they might be held in contempt because they refuse to give a source. 

“That a journalist would be accused of this, that anyone would be accused of this, this is anyone being accused of using data the government made available is ridiculous because the journalist is being punished, in this case, because the journalists embarrassed the governor,” Whitehouse said. “It is unacceptable.”

She said it is a bizarre claim.

“It is hard to say what it means for journalism as a whole,” Whitehouse said. “It is a governor who feels like he can lash out at someone who has embarrassed him. In a way, yes it is certainly a part of an anti-media climate, but at this point it is a direct response of saying: ‘hey, I don’t like the way you made me look, so I’m going to throw a criminal action against you.’ There is nothing valid in this. It is such a convoluted situation, that it is hard to see what the ramifications might be.”

Emily Cooper is a graduate student at Southern Illinois University Carbondale, where she studies Professional Media and Media Management. You can follow her Twitter @coopscoopp