Colorado Gov. Jared Polis speaks during a news conference about a bipartisan property tax reduction bill on May 6, 2024, at the Colorado Capitol. (Quentin Young/Colorado Newsline)
Gov. Jared Polis said Thursday that he is deploying state resources to complete the process of securing voting systems in 63 of Colorado’s 64 counties after it was revealed that partial system passwords had been exposed in a document published on a state elections website.
In a press release, Polis’ office said that state employees “who have cybersecurity and technology expertise and have undergone appropriate background checks and training” will be deployed throughout the state using “air and ground assets” to coordinate with local elections officials, update the passwords and review access logs to ensure that no systems were compromised. An emergency rule adopted on Thursday by the Colorado Department of State authorizes these state employees to change the passwords and “take actions to investigate the voting system.”
“Colorado has countless layers of security to ensure voters’ voices are heard,” Secretary of State Jena Griswold said in a statement. “I’m thankful to the Governor for his support to quickly resolve this unfortunate mistake.”
“We want to resolve the current situation quickly by lending resources to help get the necessary passwords changed as quickly as possible with minimal impact on county clerk operations,” Polis said.
Griswold disclosed on Tuesday that a document posted to her office’s website included a hidden but accessible worksheet that contained Basic Input Output System — or BIOS — passwords for more than 700 election system components in every Colorado county except Las Animas. The leak reportedly was brought to her office’s attention by an affidavit sworn by an unnamed person and shared in a mass email this week by the Colorado Republican Party.
GET THE MORNING HEADLINES.
Griswold, a Democrat, says that the leak “does not pose an immediate security threat to Colorado’s elections,” a position echoed by county clerks from both parties as well as independent election security experts. Duncan Buell, a computer scientist who researches election systems and serves as the chair emeritus of the Computer Science and Engineering department at the University of South Carolina, said Wednesday that while the leak is “concerning,” he believes “there are sufficient safeguards in place that this is not a disaster.”
The Colorado County Clerks Association reiterated in an update Thursday that anyone in possession of the BIOS passwords who wished to tamper with elections systems would still “require physical access to the voting equipment, something strictly controlled by each county clerk and monitored 24 hours a day, seven days a week by video surveillance.”
“We have been preparing for this election, including incident response and remediation, for years,” Boulder County Clerk and Recorder Molly Fitzpatrick, president of the CCCA, said in a statement. “We are confident that our security protocols will protect all ballots and ensure that each ballot is counted according to each voter’s intent.”
Trump campaign responds
In a letter to Griswold dated Oct. 30, an attorney for former President Donald Trump’s 2024 campaign demanded the secretary of state take a series of actions to “immediately to protect the integrity of Colorado’s general election.”
The Trump campaign’s demands include the completion of a new “trusted build” — the secure process by which software is installed and configured on local elections equipment — in every affected county, as well as a halt to all processing of mail ballots until such a process is completed.
“We recognize these steps may be an inconvenience for your office and for the affected counties,” wrote attorney Scott Gessler. “But this inconvenience is necessary because it is the only way to guarantee that the elections equipment in those counties whose current BIOS passwords were disclosed by your office are secure and that the chain-of-custody for that equipment required by Colorado law and regulations is unbroken.”
Gessler, who served one term as Colorado’s secretary of state from 2011 to 2015, has represented Trump in multiple legal proceedings in Colorado over the last several years, and has a history of spreading false and exaggerated claims about elections.
In an unsuccessful bid for chair of the Colorado Republican Party in 2021, Gessler echoed Trump’s false claims that the 2020 presidential election was stolen. During his term in office, he was a vocal promoter of allegations of voter fraud, which elections experts and law enforcement agencies have consistently found is extremely rare. Following the 2012 election, Gessler announced that he had referred 155 suspected cases of voter fraud to local prosecutors across Colorado. Only four people were charged, and prosecutors ultimately only secured a single conviction.
Claims of widespread fraud in 2020 and in other recent U.S. elections have been debunked by elections officials, experts, media investigations, law enforcement, and the courts. Throughout the 2024 campaign, Trump has continued to deny the legitimacy of his 2020 defeat and consistently evaded questions about whether he will accept the results of this year’s election.
Matt Crane, executive director of the CCCA and a former Republican clerk in Arapahoe County, urged Coloradans on Thursday to “cast their ballots with confidence in our system.”
“It was built with many layers of security to protect against just this type of occurrence,” Crane said. “Every clerk is taking this issue seriously and is staying laser-focused on delivering the safe and accurate elections that Coloradans have come to expect from us.”
Mail ballots were sent to all eligible Colorado voters beginning Oct. 11. It’s too late to return ballots through the mail, but voters can return them through a secure drop box or vote in person by visiting a polling center.
YOU MAKE OUR WORK POSSIBLE.