Griswold’s Office Pushes Back Against Trump Campaign’s Demand to Stop Colorado Mail Ballot Processing After Voting System Password Leak
President Donald Trump’s campaign issued a formal demand on Wednesday, calling on Colorado Secretary of State Jena Griswold (D) to temporarily cease processing mail-in ballots after her office reportedly leaked critical BIOS passwords online.
The Gateway Pundit previously reported that Colorado Secretary of State Jena Griswold’s website had published approximately 600 BIOS passwords for the election equipment in 63 out of 64 counties in Colorado.
The illegal exposure of the passwords was first caught in August of this year but believed to have been published as early as June, before the state’s primary election. And they weren’t removed until late October.
Griswold’s passwords were neither incomplete nor were all of them outdated. However, Griswold attempted to call the BIOS passwords “partial” because they were 1 of 2 passwords used by the system: one for the BIOS and one for the operating system.
The Trump campaign’s letter outlined urgent actions Griswold must take, including identifying impacted counties, notifying them of the breach, halting ballot processing, and implementing new Trusted Builds along with Logic and Accuracy Tests.
The campaign argued that a temporary halt is necessary to “guarantee that the election equipment in those counties is secure” and restore public trust in the integrity of Colorado’s voting systems.
Read the letter below:
“Dear Secretary Griswold,
This firm represents Donald J. Trump for President 2024, Inc. Yesterday, it was revealed that your office publicly disclosed BIOS passwords for voting system equipment for 63 of Colorado’s 64 counties beginning in at least August, 2024 and continuing through Thursday, October 24, 2024. We are particularly concerned because your office knew of this security breach at least as early as October 24, yet concealed the problem by failing to notify anyone.
As you know, anyone in possession of current BIOS passwords and with access to the affected election systems would have the ability to alter the Trusted Build of those systems without leaving signs of tampering in the software. Hence, this disclosure by your office—which we assume was inadvertent given that knowing publication of this information constitutes a Class 5 felony under SB 22-153-makes it essential that you act immediately to protect the integrity of Colorado’s general election.
With six days remaining before Election Day, there is a path forward. Under Colorado law and current election regulations, you must immediately do the following:
(1) Identity those counties for whom the BIOS passwords listed in the spreadsheet disclosed by your office were current as of their most recent Trusted Build.
(2) Immediately notify the affected counties and order a new Trusted Build is required due to “another security issue” under Election Rule 20.6.1. Your office should complete the required Trusted Builds expeditiously. Once the Trusted Build is in place in the affected counties, these counties should be directed to immediately conduct a new Logic and Accuracy Test for their election equipment.
(3) For these counties for whom a new Trusted Build is required, direct them to immediately halt the processing of mail ballots received and to prepare to re-scan all mail ballots already scanned after the new Trusted Build and Logic and Accuracy Tests are completed. As you know, this is possible, because although most counties have already begun to process and scan returned ballots, no county is permitted to disclose results until 7:00pm on Election Day. C.R.S. § 1-7.5-107.5.
We recognize these steps may be an inconvenience for your office and for the affected counties. But this inconvenience is necessary because it is the only way to guarantee that the elections equipment in those counties whose current BIOS passwords were disclosed by your office are secure and that the chain-of-custody for that equipment required by Colorado law and regulations is unbroken.
Please confirm you will undertake these steps no later than 10:00am MT tomorrow, October 31, 2024”
NEW: Trump campaign demands Colorado Secretary of State @JenaGriswold (D) temporarily halt processing of mail ballots and re-secure voting systems in counties impacted by her office’s leak of voting system passwords online. #copolitics pic.twitter.com/OXon4eQCCj
— Kyle Clark (@KyleClark) October 31, 2024
In response, Colorado’s Deputy Secretary of State Christopher Beall downplayed the severity of the leak. In his statement, he insisted that “background-checked state cybersecurity experts” would help secure the systems, asserting there was “no immediate threat” to Colorado’s election integrity.
He promised additional security measures without specifying what they would entail.
“The Department determined that because Colorado’s voting systems are protected by layers of security and redundancies, no single error can compromise the integrity of the system. These measures are enshrined in statute and the Department’s election rules, including multiple layers of password protection, tightly controlled physical access to voting equipment, 24-hour daily video surveillance, among other measures. To reiterate, the security of our voting systems is not endangered,” Beall’s letter stated, according to Denver 7.
On Friday, Governor Polis and Secretary Griswold released a joint statement confirming that all passwords on Colorado voting machines have been updated and that the security of the machines has been thoroughly verified.
Read the statement below:
Today, Governor Jared Polis and Secretary of State Jena Griswold announced that the effort to update all passwords and verify the security of affected active voting systems in Colorado is complete. The joint effort concluded successfully Thursday evening.
“All of the passwords in affected counties have been changed. I want to thank Governor Polis for deploying extra state resources to help in this effort,” said Secretary of State Jena Griswold. “Colorado has countless layers of security to ensure our elections are free and fair, and every eligible voter should know their ballot will be counted as cast.”
“We appreciate the swift work to update these passwords. Every Coloradan can rest assured that their vote will be counted fairly and accurately. While the leaked passwords compromised just one of many layers of security that protect our election integrity in Colorado, we knew it was critical to take swift action and to work with Secretary Griswold and the county clerks to update the passwords immediately,” said Governor Jared Polis. “I want to especially thank the hardworking state employees and county clerk personnel who were part of this effort.”
Within hours of being briefed on Wednesday, October 30, Governor Polis deployed human capital, air and ground assets, and other logistical support to the Secretary of State’s Office to complete changes to all the affected passwords and verify that no settings had been changed in any piece of election equipment.
Last evening, the operation was completed quickly to change all impacted passwords. This included eight staff from the Department of State and an additional 22 state cybersecurity personnel who were directed to support the operation by Governor Polis. All staff had appropriate background checks and underwent training pursuant to rules promulgated by the Secretary of State prior to beginning work on election systems. Additionally, state agency staff worked in pairs and were observed by county elections officials.
This password disclosure did not pose a security threat to Colorado’s elections, nor will it impact how ballots are counted. Changes to passwords were made out of an abundance of caution.
Colorado elections include many layers of security. The passwords that were improperly disclosed were one of two passwords needed in combination to make changes to a voting system and can only be used with in-person physical access. Under Colorado law, voting equipment must be stored in secure rooms that require a secure ID badge to access. That ID badge creates an access log that tracks who enters a secure area and when. There is 24/7 video camera recording on all election equipment. Clerks are required to maintain restricted access to secure ballot areas and may only share access information with background-checked individuals. No person may be present in a secure area unless they are authorized to do so or are supervised by an authorized and background-checked employee. There are also strict chain of custody requirements that track when a voting systems component has been accessed and by whom. It is a felony to access voting equipment without authorization.
Every Colorado voter votes on a paper ballot, which is then audited during the Risk Limiting Audit to ensure ballots were counted according to voter intent.
Read more:
You can email Jim Hᴏft here, and read more of Jim Hᴏft's articles here.