The passwords are one part of a multi-step security process.
DENVER — The Colorado Secretary of State’s Office inadvertently posted a spreadsheet to its website with a hidden tab that included voting system passwords.
In a statement to 9NEWS, a spokesperson for the Colorado Secretary of State’s Office said that “the Department is working to remedy this situation where necessary.”
“The Department took immediate action as soon as it was aware of this and informed the Cybersecurity and Infrastructure Security Agency (CISA), which closely monitors and protects the county’s essential security infrastructure,” the spokesperson said.
On Tuesday morning, Colorado Republican Party Vice Chair Hope Scheppelman shared the hidden tab discovery in a mass email, along with an affidavit from someone who claims they had downloaded the Excel file from the Colorado Secretary of State’s website and discovered the hidden tab by simply clicking “unhide.” The name on the affidavit was blacked out in the Republican Party email.
9NEWS left a voicemail with Scheppelman on Tuesday afternoon.
The passwords that were in the hidden tab are known as BIOS passwords and are one part of the security process for Colorado’s voting machines.
They are passwords needed to configure system settings.
“There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties. Passwords can only be used with physical in-person access to a voting system,” a spokesperson for the Colorado Secretary of State’s Office said.
Under state law, voting equipment has to be in secure rooms with badge access and 24/7 surveillance. County clerks are supposed to keep a log of the secure ballot areas.
Matt Crane, a former Republican Arapahoe County Clerk and current executive director of the Colorado Clerks Association, said the fact that the passwords were online, albeit hidden, is concerning, but that the group is satisfied with the actions the Colorado Secretary of State’s Office is taking.
“The truth is, is this a concern? Yes,” Crane said. “Is it being mitigated? Yes. Does this mean that all of the computers are connected to the internet and that votes are being flipped? No.”
Crane said that because every voter votes on a paper ballot – yes, mail-in ballots are still paper ballots – any discrepancies can be audited and remedied.
“I want to stress here, this isn’t our Republicans, but you will have some Republicans who will use this for political and financial purposes. Whereas we as clerks, we will stay in the truth in honoring our oath of office to serve our constituents in a truthful and honest manner,” Crane said.
There is a risk-limiting audit that takes place after voting is complete, but before the election is certified, that can address any election discrepancy. A select number of ballots are pulled for a specific race in each county and compared to the machine count. Colorado started doing risk-limiting audits in 2017, and in every case, it has verified the machine count to the paper ballots.
This is a developing story and will be updated.
More Stories
US tech stocks send Nasdaq to hit record high, as Alphabet beats forecasts
Edgewater police officer who berated, threatened suspects resigns from department
Harris makes final pitch to voters one week before US election