Colorado Secretary of State Jena Griswold’s office mistakenly posted a spreadsheet to its website that contained partial passwords to some parts of the state’s voting systems, it has confirmed.
The office took “immediate action” as soon as it became aware of the incident and informed the Cybersecurity and Infrastructure Security Agency (CISA), the statement said.
Colorado’s Department of State is “working to remedy this situation where necessary,” according to the statement.
The accidental posting “does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” Griswold’s office said.
The GOP also shared an affidavit from an unnamed individual claiming to have downloaded the spreadsheet and opened the hidden file on three separate occasions between Aug. 8 and Oct. 23.
According to the affidavit, the individual was able to access the hidden file simply by clicking “unhide.”
The Epoch Times was not able to independently verify the affidavit.
Colorado’s Republican Party said the file shared on the Secretary of State’s website contained more than 600 BIOS (basic input output system) passwords for voting systems in 63 of Colorado’s 64 counties.
The passwords were not encrypted or otherwise protected, meaning they were “available for public consumption,” the party said.
The spreadsheet also appears to have been posted on the website since at least August, it noted.
“BIOS passwords are highly confidential, allowing broad access for knowledgeable users to fundamentally manipulate systems and data and to remove any trace of doing so,” Colorado’s Republican Party said.
Due to the highly confidential nature of BIOS passwords, only a limited number of people are allowed access to the passwords under Colorado election regulations.
Republicans Condemn ‘Significant Incompetence, Negligence’
Dave Williams, chairman of the Republican Party of Colorado, said the leak demonstrates “significant incompetence and negligence” and raises questions about password management and other basic security protocols “at the highest levels” within Griswold’s office.“We hear all the time in Colorado from Secretary Griswold and Governor Polis that we represent the ‘Gold Standard’ for election integrity, a model for the nation,” Williams said “One can only hope that by the Secretary of State posting our most sensitive passwords online to the world dispels that myth.”
The state’s Republican party said that the leak could have “far-reaching implications” and put the entire Colorado election results for the vast majority of races, including the presidential race, in “jeopardy” unless all of the machines can meet the standards of a “Trusted Build” before the election on Nov. 5.
In its statement announcing the leak, the secretary of state’s office said Colorado elections include “many layers of security” and that there are two unique passwords for every election equipment component, which are kept in separate places and held by different parties.
Passwords can only be used with physical in-person access to a voting system, the office noted.
“Under Colorado law, voting equipment must be stored in secure rooms that require a secure ID badge to access,” the office said. “That ID badge creates an access log that tracks who enters a secure area and when.”
There is also 24/7 video camera recording on all election equipment, and clerks are required to maintain restricted access to secure ballot areas and may only share access information with background-checked individuals, the office stated.
“No person may be present in a secure area unless they are authorized to do so or are supervised by an authorized and background-checked employee,” the statement said.
Additionally, there is a “strict chain of custody requirements” that track when a voting systems component has been accessed and by whom, the office said.
The scheme was uncovered thanks to the various processes and tools Colorado has in place, such as signature verification, according to Griswold’s office.
Colorado has a “secure signature verification process,” the secretary of state’s office said in an Oct. 24 statement.
“Colorado’s elections are safe and secure,” Griswold said. “Every eligible Colorado voter will be able to make their voice heard this election,” the office said.
A CISA spokesperson told The Epoch Times in an emailed statement that the agency is aware of the incident and is in communication with the Colorado Secretary of State’s Office.
“We understand the incident only impacts voting systems in Colorado and defer to the Secretary of State’s Office for mitigation specifics,” the spokesperson said.
