The Colorado Secretary of State’s website posted a spreadsheet containing partial passwords to election machines.
The website has had the passwords on it since August. From The New York Times:
The passwords, which were exposed on a hidden tab in a spreadsheet online, were first revealed in a letter by Hope Scheppelman, the vice chair of the Colorado Republican Party. The passwords became visible when a user downloaded a voting systems inventory spreadsheet and clicked “unhide.”According to an affidavit that accompanied Ms. Scheppelman’s letter, the passwords had been exposed since at least August.But while the breach of password data is likely to erode confidence and invite disinformation in Colorado, there are multiple layers of security to protect the integrity of election machines in the state.Election machines are not connected to the internet, and they are required to be kept in secure rooms that require ID badges for entry. They also have “24/7 video camera recording on all election equipment,” according to the secretary of state’s office.Even if a person were to somehow gain access to a machine, the passwords revealed would not be sufficient.
Colorado’s Republican Party said the spreadsheet “contained BIOS [Basic Input/Output System] passwords for election systems in 63 of the 64 counties in Colorado.”
Colorado Secretary of State Jena Griswold promised the exposure didn’t compromise anything:
Colorado elections include many layers of security. There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties. Passwords can only be used with physical in-person access to a voting system. Under Colorado law, voting equipment must be stored in secure rooms that require a secure ID badge to access. That ID badge creates an access log that tracks who enters a secure area and when. There is 24/7 video camera recording on all election equipment. Clerks are required to maintain restricted access to secure ballot areas, and may only share access information with background-checked individuals. No person may be present in a secure area unless they are authorized to do so or are supervised by an authorized and background-checked employee. There are also strict chain of custody requirements that track when a voting systems component has been accessed and by whom. It is a felony to access voting equipment without authorization.
In other words, people with access to the machines can access them with the passwords.
It’s naive to think that those people with access wouldn’t take advantage of the password exposure.
You don’t think they could find a way around those other security layers?
Because, you know, people with access to high-level places have never caused problems! That only happens in the movies, right?
Jeff Hunt of 9NEWS reminded Griswold that the office has made numerous mistakes that have dampened the citizens’ faith in the state’s election process:
HUNT: This is not the first time that your office has made mistakes that have damaged voters confidence in our elections. In 2022, your office sent out mailers to 30,000 non citizens, inviting them to register to vote. They, of course, are not eligible to register to vote. That same year, your office used Colorado’s ballot tracking system to send messages to specific Coloradans, encouraging them to vote, when in fact they had already voted, causing confusion that had to be cleaned up by the county clerks. And now this leak of the voting system passwords.Given your office’s repeated errors that have damaged confidence in our elections, which you say is paramount, will you resign?GRISWOLD: Absolutely not.
CLICK HERE FOR FULL VERSION OF THIS STORY