By BRIAN PORTER | Rocky Mountain Voice
In response to an inquiry made by the Colorado Republican Party, the office of secretary of state Jena Griswold claims only partial passwords to certain components of the Colorado voting systems were improperly made available in a public area of the website she manages.
“This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” a statement from her office reads.
The statement received by the Rocky Mountain Voice did not include comment from Griswold in a long explanation of election security measures, which never addressed how the passwords were placed in a public area of the website and by whom.
In fact, the statement failed to address much of the concern from Colorado Republican Party Chairman Dave Williams. He had specifically asked for confirmation the passwords had since been changed and that they are secure, that the election systems have not been accessed physically or remotely by any unauthorized person or persons, confirmation of a plan for certification to meet requirements of a “trusted build” and a list of any and all other steps being taken to address vulnerabilities.
“Colorado elections include many layers of security,” the release from Griswold’s office stated. “There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties. Passwords can only be used with physical in-person access to a voting system.”
In a long explanation generally followed by Griswold’s office with “gold standard”, the secretary of state’s office detailed lengthy security measures.
“There is 24/7 video camera recording on all election equipment. Clerks are required to maintain restricted access to secure ballot areas, and may only share access information with background-checked individuals,” the statement reads. “No person may be present in a secure area unless they are authorized to do so or are supervised by an authorized and background-checked employee. There are also strict chain of custody requirements that track when a voting systems component has been accessed and by whom. It is a felony to access voting equipment without authorization.”
The statement only partially answered the last question posed by Williams, seeking to understand steps taken to address vulnerabilities.
“The department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the county’s essential security infrastructure,” the statement reads. “The department is working to remedy this situation where necessary.”