Recently, a shocking revelation about a serious security breach took the state of Colorado by surprise, shattering the days leading to the November election. This disclosure concerned BIOS passwords for the voting machines used in half of Colorado’s counties. These sensitive pieces of information were openly displayed on a hidden tab of a spreadsheet on the Secretary of State’s official website and had been there since June, only to be removed on Oct. 24.
The general public became privy to this startling news through an email from the Colorado Republican Party on Oct. 29. The BIOS passwords that were exposed on the website play a vital role in granting access to the underlying software of the tabulation machines. However, merely acquiring these passwords cannot lead to manipulation of the voting process, unless paired with physical access to the machines to input the password manually.
These crucial voting machines are safely stored in counties all across Colorado, with continuous video surveillance around the clock. Only a handful of staff members who have passed background checks are given key card access to these machines. After receiving the shocking email from the Colorado GOP, county clerks, who are responsible for Colorado’s elections, were left in a state of utmost concern, primarily due to the impact this could have on public trust.
Jena Griswold, the Democratic Secretary of State, claims that an internal review suggests that the situation occurred due to sheer negligence, insisting it was an accident rather than something intentional. This explanation, however, raises more questions than answers; how can such a vital piece of information be handled so carelessly by the people who are entrusted to maintain the highest level of security at all costs?
Based on her statements, the security compromise was due to a former employee. This person, who left their job at the office earlier this year on amicable terms, had created the password-containing spreadsheet. The blunder was further carried on by another employee, who posted the spreadsheet online without realizing the presence of the hidden tab. What’s concerning is that this culpable employee continues to work for the state even now.
The Secretary of State’s office acknowledges that keeping passwords in plain text format on a publicly accessible spreadsheet clearly violates their department’s policies and procedures. They are supposedly conducting a personnel review, but the current level of damage control seems shallow to say the least, leaving skeptics to ponder deeper security and policy questions.
At the moment, multiple investigations are underway. The law firm Baird Quinn LLC, with Attorneys Beth Quinn and J. Mark Baird leading the charge, is spearheading an investigation for the Secretary of State office. Additionally, the Denver District’s Attorney’s office has embarked on another investigation, tasked by three district attorneys offices who all received investigative requests.
Under Colorado law, deliberate publication or causing publication of passwords and sensitive voting equipment information is considered a felony. However, sources alleged that the Secretary of State is not under investigation, asserting that there is no evidence of criminal activity at this point. This, however, does not diminish the level of incompetence or negligence demonstrated by the events that unfolded.
The Colorado Republican Party and multiple key members are demanding the resignation of Jena Griswold, the Democratic Secretary of State. They cite this security breach incident as indicative of her incompetence and negligence. State party chair Dave Williams strongly affirms that the posting of the passwords shows a severe lack of competence and that the state’s response raises more doubts than reassurances.
The Trump campaign has echoed these sentiments, demanding the Colorado counties to reset their machines and recount the votes. Surprisingly, no action was taken when their demand wasn’t met. This can potentially increase the suspicion regarding the integrity of the count, especially when such grave errors are evident in the process.
The bipartisan Legislative Audit Committee has decided to discuss in December the potential of ordering a state auditor to investigate the Secretary of State’s office. Democrats, oddly, seem inclined to wait for the other investigations to conclude before taking any steps. This procrastination from the Democratic side could be perceived as a strategy to postpone the inevitable rather than tackle it head-on.
Democratic Governor Jared Polis, who has shown a curiosity to understand what exactly happened, does not seem to provide any concrete plans of action. In response to criticism from Republicans, Jena Griswold defends her work advocating for Colorado’s election system. However, the cold hard facts represent a different narrative; desperately needed funding increases for her office have been repeatedly denied by the legislature.
Taken as a whole, this sequence of events underlines severe lapses and negligence in terms of voting security and may undermine the public’s trust in the democratic process. While the Democratic administrators seem to lean on ‘accidents’ and funding deficits to explain their mistakes, the evidence of their actions and inaction spotlight a lack of competence and transparency in managing the sacred process of election.