Jenna Griswold, Colorado Secretary of State, has a lot to explain to the state’s voters. She is supposed to oversee election integrity, and the passwords to dominion voting machines were found on the website. They had apparently been up there since August. Assuming officials are mistaken, they claim that the exposure poses no immediate security risk to Colorado elections. However, this is the same office that has yet to clear out non-voters, with many reports of ballots being received from people who have long since left.
Security Breach
The breach occurred when a spreadsheet posted on the Colorado Secretary of State’s website incorrectly displayed partial BIOS passwords for Dominion voting machines in a hidden tab. This tab was available on the site since August and remained public until it was removed. These BIOS passwords are critical because they allow for broad manipulation of voting systems and data.
Despite the potential severity, officials maintain that the incident poses no immediate threat to Colorado’s election security. Remember that this is the same group that claimed to have cleaned the voter rolls. However, many people have claimed that they continue to receive ballots for people who are no longer in the state.
Colorado Secretary of State posted spreadsheet with voting system passwords https://t.co/Jqoluw2rFy
— 9NEWS Denver (@9NEWS) October 29, 2024
Response and Controversy
Following the discovery of this breach, the Colorado Secretary of State’s office promptly addressed the error, informing the Cybersecurity and Infrastructure Security Agency (CISA) and, allegedly, initiating steps to strengthen cybersecurity measures. Republican leaders, including GOP state party chair Dave Williams, have voiced concerns about how election security protocols are enforced.
Dave Williams referred to the lapse as “significant incompetence,” calling into question Colorado’s much-touted “Gold Standard” of electoral integrity. This lapse, as highlighted by Williams, undermines confidence in the electoral system, an assertion strongly refuted by officials who claim that there are no immediate threats or impacts on ballot counting.
It should be noted that the same government agency has promoted election security in the state through television commercials.
😏 Nothing to see here. Colorado Secretary of State posted spreadsheet with voting system passwords
On Tuesday morning, Colorado Republican Party Vice Chair Hope Scheppelman shared the hidden tab discovery in a mass email, along with an affidavit from someone who claims they had… pic.twitter.com/LTjtKUAZhb
— Melissa Hallman (@dotconnectinga) October 30, 2024
Measures Moving Forward
This incident raises serious concerns about what steps should be taken to prevent similar breaches from occurring again. While the Secretary of State’s office emphasizes the safety and security of its election systems, this exposure highlights the urgent need to review and possibly overhaul existing cybersecurity practices. Ensuring that voting systems meet “Trusted Build” standards ahead of elections will remain critical.
At a time when public trust in election processes is shaky, transparency and stringent safeguards are the public’s minimum expectation. Colorado officials must rebuild trust and demonstrate that past mistakes will not affect future electoral processes.
Sources:
- Passwords for voting equipment posted on Secretary of State’s website, but officials say there’s no immediate security risk
- Partial Passwords to Colorado Voting System Accidentally Posted on Secretary of State’s Website
What damage has already been done by this breach? Why doesn’t there appear to be much concern? What are they doing to fix anything that’s already been affected by this incompetence? How could this even occur to begin with and so close to the election? How do officials know for a fact that there’s no immediate security risk – has it been “tested” before?