[tyingq]

What the reporter saw was the base64 encoded contents of the typical .Net "VIEWSTATE" session stuff, that looks like this:

  <input type="hidden" name="__VIEWSTATE" id="__VIEWSTATE" value="[SOME_BASE_64_HERE]" />

Meaning he likely just pasted the contents into a web based base64 decoder.

I am totally mystified how a competent DA wouldn't have dropped this immediately.

[dfxm12]

Missouri Gov. Mike Parson on Dec. 29, 2021, talks about possible charges against the Post-Dispatch from the Cole County prosecuting attorney after the paper in October alerted officials to a data vulnerability on a state website.

Whistleblowers getting punished is just a feature of an authoritarian regime. It has little to do with competency.

[ensignavenger]

The county prosecutor just got the case from the MSHP. It awaits to be seen what the prosecutor does with it- I imagine there are some political pressures at this point. But if prosecution proceeds, it will be a waste of taxpayer money, as it highly unlikely it succeeds.

[ZoomerCretin]

>I am totally mystified how a competent DA wouldn't have dropped this immediately.

Competence and morality aren't the most important factors here. Some people want to advance their career, even if it means screwing over someone like this. The governor probably wanted to shift blame away from himself and his administration, and is likely willing to make promises or exchange favors to further that goal.

[tyingq]

Seems risky though. A judge or jury could then publicly hand you your ass making you look incompetent.

[rolph]

in this case the government is breaking the law allowing confidential data to be distributed by thier servers to whomever connects with a browser.

it is civic duty to report a crime, and within the law to be prosecuted for not reporting a crime.

it is also a crime to make misleading or false statements or acting in a manner that obstructs a legal investigation.

the government of missouri has spun this around, 180 degrees attempting to make someone revealing the matter look like a criminal, and validate government obstruction of legal recourse.

the pot is painting the kettle an offcolour to hide its own.

[anigbrowl]

Prosecutors are politicians. Competency is often not the first concern of voters.

[rchaud]

> I am totally mystified how a competent DA wouldn't have dropped this immediately.

DAs have elections to win, and the risk of not having the governor's endorsement would put them in a tricky position.

[Bud]

This is Missouri. It might be hard to find a competent DA in the entire state.

[nobleach]

I know you're probably saying this half-jesting... But the harsh reality is that if a judge cannot understand the minutiae of "browser requested one thing and the PLANTIFF's server sent personal info, unencrypted", then the precedent that is set is an awful one. I get that the amount of technical stuff that needs to be understood here is beyond what your average NON-hacker-news type might understand... but when it comes to prosecution, wouldn't an expert be consulted??

[ozfive]

It's really not though. Even my parents know and understand what view source is in the browser. A browser is simply a way to render information sent. Once it was wilfully sent and in your browser you are not accessing a machine in a criminal way. I hope that if they even try to bring charges the reporter and the newspaper counter sue for violation of rights. Mozilla and the Chrome team need to weigh in on the defendant side. Anyone here from those teams willing to stand up for this guy?

[nobleach]

Yep, the counter-suit would be the angle I'd hope they'd pursue. "YOU exposed PII, you are in breach... no one 'broke into a system'"... but as others are mentioning in this thread, the article doesn't explicitly say the reporter is being charged. So I'm probably getting my blood-pressure up for no reason.

[ozfive]

Same here... Damn it's supposed to be vacation and project time!

[vineyardmike]

> wouldn't an expert be consulted??

All the prosecutes need is an expert that says "Base64 is an encryption. Sending data encrypted means they don't want you to read it.. they tried to break encryption and succeeded when they werent supposed to"

And then just fear-monger the risk of broken encryption and government and how you have to try to break it and its dangerous or something.

Lots of people claim to be experts, and know enough to pass. Plenty of people want to curry gov favor, or get their 10 seconds of attention.

[_y5hn]

Base64 is a well-known plain-text encoding format. Using it as an encryption format violates privacy laws.

[vineyardmike]

You sure the courts will know that if an "expert" paid by the state says otherwise?

[dfxm12]

According to the article, charges haven't been filed yet. Likely the DA is very closely examining the letter of the law with an expert right now to see if they have a reasonable case. A judge wouldn't be involved until there's a trial. Even then, the judge doesn't have to play a role in deciding if the defendant is guilty or not (see bench trial vs trial by jury). If there is a trial, in either case, there would likely be an expert witness testifying.

[rolph]

i hope someone realizes prosecuting this would mean the government thinks it is illegal to use a webbrowser to request HTML et. al. from a webserver.

by extension missouri is deliberating a court case that questions the legality of public access to WWW.

[tshaddox]

The concern is not about what a competent DA would do.