Secretary of State will not resign after partial passwords for voting systems posted online
KDVR Fox 31
DENVER (KDVR) — Colorado Secretary of State Jena Griswold is addressing concerns about partial passwords that were connected to Colorado's voting systems that were placed on the Secretary of State's website.
On Tuesday, the state's Republican Party said the posted partial passwords could compromise election results. According to Griswold, an employee who mistakenly put those passwords on a hidden tab is no longer with the agency.
The Colorado County Clerk's Association said many clerks across the state have been trained to begin safety protocols during incidents like these.
"This is actually a scenario that we've worked through. So, we're just all going through what we've trained on and making sure that we continue to have our security protocols in operation and move forward with making sure all of our elections stay secure," Colorado County Clerks Association Vice President Carly Koppes said.
The Colorado Republican Party said it believes the partial passwords may have been posted on the site since August. Koppes says she's confident voting systems across the state will still be secure.
"Even if you had that partial password, we still have all of the physical security aspects that will defend against you. We also have all of my security passwords that defend against you. And you just would not be able to use that partial password that was provided," Koppes said.
Griswold said posting the passwords was a mistake.
"A civil servant made this error. Out of an abundance of caution, we have people in the field resetting passwords. But again, we don't think this poses an immediate security threat," Griswold said.
Griswold assures voters that security measures are in place
Griswold said Wednesday that several security measures were already in place long before the partial passwords were made public.
"And again we go back to those layers and layers of security, there are two passwords that are held by different parties and for voting equipment you need physical access to use those passwords," Griswold said.
Matt Crane, executive director of the Colorado County Clerks Association, told FOX31 on Wednesday night that the association learned about the passwords posted online on Tuesday.
"We have expressed to the Secretary of State’s Office our frustration with their failure to notify us in a timely fashion," Crane said. "With that being said, our highest priority right is to focus on conducting the safe and accurate election that all Coloradans expect.
The Secretary of State’s Office told FOX31 on Tuesday that many layers of security are built into Colorado elections, including two unique passwords for “every election equipment component,” and said the passwords are kept separately and by different parties."
There have been some calls for Griswold to resign. However, Griswold said Wednesday that she will stay in office and help make sure this election is safe and secure.
Security measures for Colorado's election systems
The office spokesperson said Tuesday that passwords can only be used with physical, in-person access to a voting system.
“Under Colorado law, voting equipment must be stored in secure rooms that require a secure ID badge to access,” the spokesperson said. “That ID badge creates an access log that tracks who enters a secure area and when.”
Additional security measures noted by the spokesperson include:
- 24/7 video camera recording of all election equipment
- Requirements for clerks to maintain restricted access to secure ballot areas
- Requirements for clerks to only share access information with background-checked individuals
- Restrictions on secure areas to allow only authorized people in a secure area unless supervised by an authorized and background-checked employee.
“There are also strict chain of custody requirements that track when a voting systems component has been accessed and by whom,” the spokesperson told FOX31. “It is a felony to access voting equipment without authorization.”
The Secretary of State’s Office said that every Colorado voter uses a paper ballot, which is audited during the Risk Limiting Audit to verify that ballots were counted according to the voters’ intents. The office also said that it took “immediate action” when it became aware of the password access, and informed the Cybersecurity and Infrastructure Security Agency.