Aggregator
FPF statement on special prosecutors’ report on Marion County Record raid
Against all odds, the Marion County Record managed to publish an edition of the newspaper the week after the raid on its newsroom last August, despite the seizure of its computers and equipment.
AP Photo/John HannaSpecial prosecutors today finally released their report on the police raid of the Marion County Record last August 11. The report recommends criminal charges against former Marion Police Chief Gideon Cody, and clears the Record and its reporters of wrongdoing. It also warns against search warrants and raids of newsrooms, which almost always violate federal law.
“Last August’s police raid of the Marion County Record’s newsroom and its owners’ home was an affront not only to the U.S. Constitution but to human decency. That’s why Americans across the country and the political spectrum were outraged by what Record co-owner Joan Meyer called ‘Hitler tactics,’” said Freedom of the Press Foundation (FPF) Director of Advocacy Seth Stern. Meyer, 98, died the day after the raid, possibly from shock.
Last August’s police raid of the Marion County Record’s newsroom and its owners’ home was an affront not only to the U.S. Constitution but to human decency.
Stern added, “While we welcome the news that the former police chief who orchestrated the raid, Gideon Cody, will be criminally charged, he should’ve been charged with more than after-the-fact obstruction – the raid itself was criminal. And Cody is far from the only one at fault here. We hope he and everyone else behind the raid will also be held accountable, through the criminal courts, civil courts, and courts of public opinion. They should never work in law enforcement or government again.
“We also welcome the finding that the investigation of the Record and its reporter for using a government website to verify a news tip was baseless. That being said, it should not have taken nearly a year for investigators to reach these extremely obvious conclusions. As we said the night of the raid, journalists are fully entitled to access government records to do their jobs, and raids of newsrooms based on legal theories that criminalize newsgathering are plainly against federal law.”
The Kansas Reflector also reported yesterday that Judge Laura Viar, who authorized the warrant, told investigators an entirely different story about the events leading up to that egregious judicial error than the one Cody and others told. Nonetheless, she escaped discipline by the Kansas Commission on Judicial Conduct.
“Judges across the country are displaying an alarming lack of understanding of or concern for First Amendment protections for the press, with a disturbing lack of accountability,” Stern said. “The investigation of Viar should be reopened in light of the Reflector’s reporting. But she should’ve been disciplined the first time around. There is no excuse for a judge in the United States thinking it’s acceptable to authorize a raid of a newsroom.”
Judge finds that Google is a very, very evil monopolist
Toddlers saved from 'massive' High Ridge fire by teenage babysitter
Webster Groves School District superintendent to retire
Found this glass-encased photo buried under some insulation while renovating an attic. It says 3826 Olive on the back, which looks like it might be an empty lot now. Anyone know anything about its possible origins? Bonus pack of cards I found with it!
NYC Proudly Announces Rollout Of Gun-Detecting Tech Even Tech Producer Says Won’t Reliably Detect Guns
Wells Fargo: Fed risks ‘vicious circle’ downturn without ‘aggressive’ rate cuts
Gov. Pritzker Signs Bill Eliminating State Grocery Tax
Fatal shooting investigation in Bellefontaine Neighbors
Metal recycler expands Western operations with acquisition
Remember that if you're in St.Louis County or City and you're eligible to vote you can do it at any polling place in the County or City
Man shot, dead in Bellefontaine Neighbors
JPMorgan Chase CEO bullish on Midwest, calls for anti-poverty action
Judge orders St. Louis to stop guaranteed basic income payments
U.S. Supreme Court rejects Missouri AG push to delay Trump sentencing in hush money case
Bourbon/whiskey hunting in St Louis?
Tragic Night: Three Dead in Pontoon Beach Crashes
“A Terrible Vulnerability”: Cybersecurity Researcher Discovers Yet Another Flaw in Georgia’s Voter Cancellation Portal
ProPublica is a nonprofit newsroom that investigates abuses of power. Sign up for Dispatches, a newsletter that spotlights wrongdoing around the country, to receive our stories in your inbox every week.
Until Monday, a new online portal run by the Georgia Secretary of State’s Office contained what experts describe as a serious security vulnerability that would have allowed anyone to submit a voter cancellation request for any Georgian. All that was required was a name, date of birth and county of residence — information easily discoverable for many people online.
The flaw was brought to the attention of ProPublica and Atlanta News First over the weekend by a cybersecurity researcher, Jason Parker. Parker, who uses they/them pronouns, said that after discovering it, they attempted to contact the Georgia Secretary of State’s Office. The office said it had no records of Parker’s attempts to reach out.
“It’s a terrible vulnerability to leave open, and it’s essential to be fixed,” Parker said.
The issue Parker exposed was “as bad as any voter cancellation bug could be” and “incredibly sloppy coding,” said Zach Edwards, a senior threat researcher at the cybersecurity firm Silent Push, who reviewed the flaw at the request of ProPublica. “It’s shocking to have one of these bugs occur on a serious website.” Edwards said that even a basic penetration test, in which outside experts vet the security of a website before its launch, “should have picked this up.”
ProPublica and Atlanta News First jointly alerted the Secretary of State’s Office to the vulnerability and held the publication of their articles until it was fixed.
“We have updated the process to include an error message letting the individual know their submission is incomplete and will not be processed,” Blake Evans, Georgia’s elections director, said in a statement from the Secretary of State’s Office.
In the days after the portal launched last Monday, The Associated Press and The Current each reported the existence of separate security vulnerabilities that exposed voters’ sensitive personal information, including the last four digits of their Social Security number and their full driver’s license number. The Secretary of State’s Office told the news organizations that it quickly fixed the portal. Democrats warned that the system could be abused, as right-wing activists have been challenging tens of thousands of voter registrations in a different process that a 2021 state law expanded. Over the weekend, ProPublica reported that users of the portal had unsuccessfully attempted to cancel the voter registrations of two prominent Republican officials, Secretary of State Brad Raffensperger and Rep. Marjorie Taylor Greene.
The flaw found by Parker was different from the two previously reported ones. This one would allow any user of the portal to bypass the screen that requires a driver’s license number and submit the cancellation request without it.
The Secretary of State “needs to consider this an all-hands-on-deck” moment “and hire multiple testing and security firms and stop relying on the public’s goodwill and pro bono security researchers to test the quality of their website,” Edwards said. “At this point, we should assume there are other subtle bugs that could have potentially serious impact.” Edwards said that it would have been easy for a malicious actor to automate cancellation requests to get around security measures built into the website and submit thousands of them.
In a video shared with ProPublica, Parker, who is moving from Georgia to another state, demonstrated how the registration cancellation tool could be exploited in roughly a minute. First, they entered their name, date of birth and county of residence to get past the website’s initial screening page. When the portal asked them for a driver’s license number, Parker right-clicked to inspect the browser’s HTML code — a basic option available to anyone — and deleted a few lines of code requiring them to submit their driver’s license number. Parker then hit submit. A window popped up stating that “Your cancellation request has been successfully submitted” and that county election workers would process the request within a week.
Parker said it took them less than two hours of poking around the website to find the vulnerability.
“Incomplete paper and online applications will not be accepted,” Evans said in the statement. (Parker’s cancellation request would have lacked a driver’s license number.) The Secretary of State’s Office did not respond to individual questions about what testing the portal underwent before launch, the system’s security procedures, what happened to Parker’s cancellation request and how the public could be sure of the portal’s security given the recent disclosures of security flaws.
Cybersecurity Researcher Shows Flaw With Georgia’s Voter Registration Cancellation Website“The Secretary of State’s Office needs to do better,” said Marisa Pyle, the senior democracy defense manager for Georgia with All Voting is Local, a voting rights advocacy organization. “The state needs to be really intentional about how it rolls out these things. It needs to make sure they’re secure and provide their rationale for making them.”
Jake Braun, the author of a book on cybersecurity flaws in election systems and lecturer at the University of Chicago, said that there is a long history of elections-related websites suffering from easily exploitable security failures, including Russians hacking election infrastructure during the 2016 election and public-interest competitions in which participants breached replicas of state election websites in minutes. Online elections infrastructure, he said, “needs more standards and better standards.”
Edwards said that the portal’s vulnerability-plagued rollout showed the necessity of improving the vetting process.
“Georgia should step up and pass a law saying all new websites in which the public interacts with government documents should have an outside review,” Edwards said. The public “should expect” officials “did some due diligence.”
Do you have any information about the Georgia voter registration cancellation portal, voter challenges or anything voter-related that we should know? Contact reporter Doug Bock Clark by email at doug.clark@propublica.org and by phone or Signal at 678-243-0784. If you’re concerned about confidentiality, check out our advice on the most secure ways to share tips.
stLouIST