Wasn't a government agency rendering citizen SSNs client-side and when someone discovered it, they went after them? Wouldn't be surprised if the anti-DRM part of the DMCA is used to persecute these non-crimes.
I think you're thinking of this case [1] from Missouri where a reporter notified the state that teacher SSNs were exposed, and the Governor went ballistic. Luckily, it seems like the local law enforcement set the record straight.
I never figured out if the governor was that inept that he was truly convinced the person was a hacker despite every tech professional's opinion, or if he was merely doubling down on the hacking accusations to try to save face.
Yes, that was in MO. Their idiot governor threatened the journalist that discovered it with prosecution.
An investigation by the Missouri State Patrol and a MO county later determined that the executive branch screwed up and leaked the SSNs and that the reporter committed no crime.
I imagine governments tend to be the same way, though my only direct experience here is that I don't report anything and nothing bad happens. The funny thing to me is that the discovery of these issues is not what triggers retaliation, but the audacity of reporting them.
Were I personally impacted, I would just submit information to the media as an anonymous whistleblower to get it fixed.
Really? If you’re personally impacted then surely you don’t want the media bringing attention to an open vulnerability where anyone can steal your data.
I’d opt for silence in this case and hope that some future update patches the bug (accidentally or otherwise).
