By BRIAN PORTER | Rocky Mountain Voice
DENVER — Some daylight may have been breathed Monday afternoon into what some have called the largest coverup in the history of Colorado’s mail-in balloting era, and perhaps ever in its secretary of state’s office.
A day before Election Day, the top ranking officials in the Colorado Libertarian Party were in a Denver courtroom down the street from where Secretary of State Jena Griswold hours earlier made what sounded like a mea culpa over a password maintenance blunder that may affect half the counties in Colorado.
At issue is hundreds of passwords which were posted in a public place on the secretary of state’s website and discovered by an expert of voting system components, only after they may have been public for four months.
“I am regretful for this error,” Griswold wrote in a press release shortly before Judge Kandace Gerdes gaveled in a hearing in the Libertarian Party v. the State of Colorado. Several high-ranking Republicans in Colorado have called for her immediate resignation, one Griswold says she will not give.
The error potentially put the security of the state’s election at risk, with even Griswold’s top ranking staffer unable to state under oath that the security of voting machines had not been compromised.
“I have no information that any unauthorized person has accessed any voting machine, and I also have no information no unauthorized person has accessed any voting machine,” said Deputy Secretary of State Christopher Beall under direct examination by Gary Fielder, attorney for the Libertarian Party.
He was the final witness called by the plaintiff Libertarian Party, seeking a full and fair investigation into the leak by the attorney general, that all voting systems associated with the leak be immediately decommissioned, that all affected counties hand-count ballots, asking for a ban on any new rules or regulations by the secretary of state’s office until the issue reaches a resolution, and seeking court and attorney fees to be paid by the state in addition to any other relief.
Judge Gerdes indicated she would soon issue a written order related to the case. Election Day is Tuesday, Nov. 5, 2024.
Many members of the court learned for the first time that Shawn Smith was the person who had discovered the public posting of passwords, and who alerted Colorado Republican Party Chairman Dave Williams. The secretary of state’s office claims to have realized the issue on Oct. 23, 2024, but it was Williams who alerted the public a week later through an email to Republicans and dissemination in the media.
“They looked like complete passwords for the voting systems,” Smith said.
He indicated, as an expert witness, that a compromised BIOS system could allow access to the computer, although he also testified that he was not aware of a compromised system.
“Someone could reconfigure the BIOS to display a false status,” Smith said, testifying that 15 large counties still have wireless components on voting machines and Las Animas County to be the only unaffected by the password leaks.
At first, his name was withheld by Williams from an affidavit, along with a notary, because of a “pattern of targeting” the secretary of state has demonstrated, he said.
The court heard Smith detail a life in and out of the military in which he wrote highly classified computer code, which led to his status as an expert.
“Foreign adversaries are scanning IP addresses looking for changes,” he said. “They are looking for state and federal government information.”
The public posting of passwords is “unprecedented”, Fielder said in his opening, adding that the passwords were not just “up a day or so.” He says they remained up for four months.
“All candidates, and I would suggest the public, would be interested in a fair count,” Fieldler said. “The secretary of state had this knowledge on Oct. 24.”
“Our position is the secretary of state, deputy secretary of state and office are all in compliance with election code,” said LeeAnn Morrill, the first assistant attorney to the Colorado attorney general. “We do not believe there is a reason to reward this exceptional and unnecessary relief.”
She described a finding by Gerdes for the plaintiffs as “chaos”, likely pointing to a statewide hand-count.
The two named plaintiffs — Hannah Goodman, chairwoman of the Colorado Libertarian Party, and James Wiley, executive director of the Colorado Libertarian Party — are also candidates. Goodman noted the party is running 25 candidates for various offices in Colorado.
“My candidates are known as spoilers,” she said. “I’m deeply concerned we will not see accurate voting totals. It is a huge concern for anyone on the ballot at this time.”
Judge Gerdes failed to accept another witness for the plaintiff as an expert, but allowed Clay Parikh to testify on cybersecurity fact.
“I’m a little confused how I was accepted as an expert witness in Grand Junction, during the Tina Peters trial, but not here in Denver,” he said.
Following Smith’s testimony, Parikh told the court that “a four-month time period is enough [for passwords] to be discovered and used. They were full passwords.”
The state defends the passwords were only part of what is necessary to access the system. There is a BIOS password, they say, and then local passwords maintained by a county clerk. The secretary of state’s office does not dispute it could be upwards of 600 passwords, Beall said.
“It is fair to say it shouldn’t have happened,” he said. “It is fair to say I wish it wouldn’t have happened. It is not fair to say it is a security breech.”
Griswold was not called to testify, but others in the office were, such as Hillary Rudy who detailed the policies and procedures of Colorado’s voting system.
Fielder discussed with Beall the matter of how many counties could possibly be impacted. There were 46 counties with passwords which were “exposed”, he testified, but 12 of those counties did not have the machinery in use. That left 34 counties affected, Beall said.
“Was it significant those BIOS passwords were released?” Fieldler asked.
“There’s no question it was significant,” Beall said.
He also readdressed the issue of whether the passwords were complete: “They were full BIOS passwords, they weren’t all of the password needed to get into the system.”
Additionally, secretary of state employee Ben Edelen testified.
Link to original article