Colorado Secretary of State Jena Griswold put blame for the release of election system passwords last week on the internet squarely on Mesa County officials, saying the breach could have allowed someone to access the settings of the county’s voting equipment, all of which may now have to be decertified.
“I can say at this time that Mesa County appears to have allowed this breach in election security,” Griswold, a Democrat, told The Colorado Sun during an interview Tuesday.
Griswold’s office is investigating the situation. It believes that images containing the passwords that were posted online were taken during a so-called “trusted build” systems update to Dominion Voting Systems election equipment completed in late May. The Mesa County District Attorney’s office has launched a parallel criminal probe into the leak.
At the center of the case is Mesa County Clerk Tina Peters, a Republican who as the investigation into her office heated up on Tuesday appeared at a “cyber symposium” hosted by MyPillow CEO Mike Lindell, who continued to make unsubstantiated claims about fraud in the 2020 presidential election.
(There has been no evidence of widespread fraud that would have changed the outcome of the election on the state or national level.)
“I am being persecuted,” Peters said Tuesday night during the conference in Sioux Falls, South Dakota, where she accused Griswold of “raiding” her office.
Peters also made baseless accusations that Griswold and Gov. Jared Polis are trying to “take over my office and control the way we vote.”
The leaked passwords are specific to Mesa County. State officials don’t believe that any other counties were affected by the breach. Since the breach didn’t happen during an election, state officials are also confident it didn’t and won’t affect any past or upcoming contests.
The trusted build update from which authorities believe the passwords were leaked is similar to an update that someone would run on their smartphone or computer. But because it has to do with election equipment, there are strict security protocols.
The Colorado Secretary of State’s Office sends a representative to each county to run the update with representatives from Dominion, the voting equipment vendor. County representatives are allowed to observe.
The Unaffiliated is our twice-weekly newsletter on Colorado politics and policy.
Each edition is filled with exclusive news, analysis and other behind-the-scenes information you won’t find anywhere else. Subscribe today to see what all the buzz is about.
A person familiar with the matter who requested anonymity because they aren’t allowed to discuss details of an ongoing investigation said Mesa County had three representatives at the trusted build update.
Griswold said she is confident the leak didn’t come from her office, which is why she believes Mesa County is to blame.
“What I can say is we do not believe it was someone in my office,” Griswold said. “And we have many reasons behind that.”
She said Peters was responsible for conducting background checks on the representatives she brought to the update. “That is a requirement under the election rules,” she said.
The passwords were posted on a far-right blog and shared, Griswold said, on social media by a man linked to the QAnon conspiracy.
Griswold said Peters is not cooperating with the investigation. “Peters has not answered any orders or calls from our office,” she said.
The breach is also under criminal investigation by prosecutors on the Western Slope.
“I can confirm that we have received information that there may be criminal acts related to the SoS investigation and I have assigned an investigator to look into it,” Dan Rubinstein, the Mesa County district attorney, told The Colorado Sun in an email. “We are conducting an independent, but parallel investigation to that of the SoS.”
Rubinstein said he couldn’t comment on who was under investigation because the probe is ongoing.
The Colorado County Clerk’s Association issued a statement late Monday supporting Griswold’s investigation. “We take any credible information that questions the integrity of the conduct of our elections seriously,” said Matt Crane, executive director of the group. “We offer our full support to this inquiry and hope that a thorough investigation will provide clear answers to the concerns raised by the Secretary of State’s office.”
The Colorado Secretary of State’s Office could decide to decertify all of the election equipment in Mesa County as a result of the leak. That would give local election officials just a few weeks to procure new equipment ahead of the Nov. 2 election, which includes school board and municipal contests and may include statewide ballot initiatives. If they are unable to get the new equipment in time, the county may have to hand count ballots.
Peters, a Republican whose term has been marked by controversy, did not return a phone call and text message from The Colorado Sun on Tuesday.
The Mesa County Clerk and Recorder’s Office came under fire in February 2020 after nearly 600 uncounted ballots from the 2019 election were discovered in a drop box outside the county’s election office. The votes would not have changed the results of any of the 2019 elections, Peters said at the time, but Griswold called the situation “unacceptable.”
Peters, who was elected in 2018, was then the target of an unsuccessful recall effort last year.
After the 2020 election, Peters posted voter fraud claims on social media without evidence. On Tuesday night, Peters lambasted Crane, a Republican, for urging her not to spread the baseless voter fraud claims.
There has been no evidence of widespread fraud that would have overturned the results of the 2020 presidential election. A risk-limiting audit in Colorado, completed after the 2020 election, confirmed the contest’s results.
Peters, who was joined at the MyPillow Guy’s conference by Sheronna Bishop, one of U.S. Rep. Lauren Boebert’s 2020 campaign managers, insinuated on Tuesday night that Griswold is responsible for the leaked passwords.
“These just happen to be passwords that only the secretary of state has,” Peters said. “As a matter of fact, when they were in doing this trusted build in my office, they told me that I’m not allowed to have those passwords.”
(The Secretary of State’s Office is the only place the passwords are stored. This provides an added level of security to ensure that when election infrastructure is updated no one can tamper with the software.)
Peters then questioned why the Secretary of State’s Office “has passwords that I can’t have to get into the back door of my system.”
“What do you think?” Peters asked. “That’s a question that we need answers to. And we’re going to find it.”