By Jen Schumann | Rocky Mountain Voice
In a recent turn of events, Colorado Secretary of State Jena Griswold is now expressing regret over the actions coming from her office.
In a November 4th press release, Griswold stated, “I am regretful for this error. I am dedicated to making sure we address this matter fully and that mistakes of this nature never happen again.”
Griswold’s sentiment is in response to her office’s exposure of BIOS passwords for election equipment in 63 counties. The passwords, vital for securing voting system components, were posted on a subpage of the Department’s website and had been accessible online since June.
This apology, however, has drawn attention due to Griswold’s previously strict stance on election security breaches, especially in the high-profile case of former Mesa County Clerk Tina Peters. For some, Griswold’s current appeal for understanding contrasts sharply with her hardline approach toward Peters, raising questions of consistency and fairness.
Griswold said that in late October, a voting machine vendor alerted the Colorado Department of State. She went public with the information after the Colorado GOP alerted news media of the breach.
The November 4th Secretary of State update stated that the incident involved passwords for voting system components in 34 of Colorado’s 64 counties.
Griswold said her office acted quickly upon finding the problem. Upon discovery, the exposed information was taken down, and passwords were updated. Her office cooperated with the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) and the Colorado Bureau of Investigation to address the breach.
The press release also shared that the Department of State is hiring a law firm to conduct an external investigation. When the investigation ends, the Department will release its findings if the law permits.
Griswold’s apologetic statement was unusual for the Secretary of State. She made a direct appeal to Colorado voters, emphasizing the Department’s commitment to addressing the matter. She vowed that new cybersecurity training for staff would prevent future lapses, while continuing to reassure the public of the multiple layers of security in place and what she calls a quick and complete response by the Department of State.
Griswold cited cybersecurity best practices and warned that an early public disclosure could fuel election-related disinformation.
The exposed BIOS password inevitably draws comparisons to a case involving former Mesa County Clerk Tina Peters, who was convicted on multiple charges relating to a security breach.
On August 12, Griswold condemned Peters’ actions in a statement, saying Peters “willfully compromised her own election equipment” to validate fraud claims. Griswold called Peters’ conviction a win for election security, stating that Colorado would “not tolerate any effort to threaten the security of our gold standard elections.”
Griswold’s uncompromising stance toward Peters is notable when compared to her recent apology for the BIOS password exposure. In her own breach, Griswold has been more reflective, framing the exposure as a minor procedural error that was fixed. This difference in treatment raises the question: is Griswold now seeking the leniency she was unwilling to extend to Peters?
Griswold’s apology and the handling of the password leak have sparked mixed reactions.
The Trump campaign has asked Griswold to identify affected counties and direct them to take specific actions. These measures include halting ballot counting in affected counties, installing a new Trusted Build under Election Rule 20.6.1, conducting new Logic and Accuracy tests on the updated systems, and then rescanning all mail-in ballots after these updates and tests.
The Colorado GOP and El Paso County Clerk Steve Schleiker have called for Griswold’s resignation, citing the BIOS password leak as evidence of poor oversight in the Secretary of State’s office.
The Libertarian Party has since filed a lawsuit, demanding accountability for what they describe as a serious security failure. The first hearing is scheduled for November 4th at 1:30 p.m. in Denver District Court.
Governor Polis, in an interview with CBS News, said he wants an independent investigation. “Was it nefarious? Who did this?” Polis asked. “I read in one article that the person was no longer there. What does that mean? Were they fired? Were they reprimanded? Was there a crime committed? I know none of this. We should find this out.”
Griswold took a strict stance on Peters’ sentencing for releasing sensitive election information. Now it remains to be seen if she will face similar charges for this statewide security breach.