Colorado Secretary Of State's Office Mistakenly Exposes Voting System Passwords

The office of Colorado's secretary of state has recently made headlines after it was revealed that partial passwords for voting system components were unintentionally posted on its official website. This incident, which involved a hidden tab in a publicly available spreadsheet, was discovered and rectified on October 24. State officials have assured the public that this was an inadvertent error and that it has not impacted the election process.

In a statement issued on Tuesday, the Colorado Department of State emphasized, "This does not pose an immediate security threat to Colorado's elections, nor will it impact how ballots are counted." The timing of this incident comes during a heightened focus on election integrity, especially with the upcoming elections on November 5, as former President Donald Trump continues to propagate claims regarding widespread voter fraud in the 2020 election.

Last week, Secretary of State Jena Griswold reassured Coloradans about the security of the state's elections, particularly after election staff uncovered a dozen fraudulent mailed ballots during a signature verification process. With such serious concerns regarding election integrity, the accidental exposure of sensitive information has raised eyebrows and sparked discussions about the safeguards in place to protect the electoral system.

According to a release from the Colorado Republican Party, it was reported that the spreadsheet contained over 600 partial BIOS passwords for voting system components across 63 of Colorado's 64 counties. BIOS passwords are critical for maintaining security within computer systems, essentially acting as a master key to essential hardware settings. Alarmingly, the passwords in question were neither encrypted nor adequately protected.

Despite this concerning revelation, state officials have reassured citizens that multiple layers of security are in place to safeguard the election process. The Colorado Department of State highlighted that each election equipment component has two unique passwords, which are stored separately and handled by different parties. Furthermore, passwords can only be utilized with physical access to the voting system, thus providing an additional layer of security.

The department has also engaged with the Cybersecurity and Infrastructure Security Agency (CISA) to inform them about this incident. A spokesperson from CISA confirmed that they are collaborating with Colorado officials to monitor the situation. In their communication, they stated, "We understand the incident only impacts voting systems in Colorado and defer to the Secretary of State's office for mitigation specifics."

The accidental exposure of passwords has raised significant concerns among members of the Colorado Republican Party. Dave Williams, the chair of the Colorado GOP, publicly criticized the secretary of state's office for what he deemed "significant incompetence and negligence." In a statement, he expressed his hope that the incident would dispel the notion that Colorado maintains the "Gold Standard" for election integrity, as touted by Secretary Griswold and Governor Polis.

In light of these events, Williams has formally requested written confirmation from Griswold within 24 hours that the passwords in question have been changed and that the election systems remain secure. His letter demanded assurance that all disclosed passwords have been altered or were not current when they were made public and that any new passwords adhere to best practices for strength and encryption.

For further clarity, Newsweek has reached out to Griswold for comment outside of normal business hours. In their response, the Colorado Department of State has outlined the stringent security measures around access to voting equipment, which, by state law, must be stored in secure rooms that necessitate secure ID badges for access. This ID badge system creates an access log tracking entries into secure areas, complemented by 24/7 video surveillance of all election equipment.

Moreover, clerks are required to maintain restricted access to secure ballot areas, sharing access information only with individuals who have undergone background checks. The statement further elaborated that all votes in Colorado are cast on paper ballots, which undergo rigorous auditing during the "Risk Limiting Audit" process to ensure accurate counting.