Eagle County’s top election official says vote remains secure after state-level data breach
David Zalubowski/AP
Colorado officials said Friday that the state’s elections are secure after a spreadsheet including a list of passwords used to access voting systems was inadvertently posted on the Secretary of State’s website.
Eagle County Clerk and Recorder Regina O’Brien said the state-level data breach has been “disheartening,” but added that several scans and checks indicate that the county’s vote-scanning remains secure.
The spreadsheet included a list of one of the two passwords needed to make any changes to voting systems, according to Secretary of State Jena Griswold. The passwords for affected equipment have since been changed.
“Colorado has countless layers of security to ensure our elections are free and fair, and every eligible voter should know their ballot will be counted as cast,” Griswold said in a news release.
‘Everything we could verify checked out’
To use the passwords, someone would also have to have physical access to the voting machines. Voting equipment in Colorado is stored in secure rooms that require an ID badge to access, and anyone who enters has to have authorization or be supervised by an authorized and background-checked employee. Those rooms are surveilled 24/7 with video cameras.
Support Local Journalism
O’Brien said in Eagle County that access logs to the room that holds Eagle County’s voting machines were pulled back to June 1, and there had been no unauthorized access.
In addition, the room is secured with deadbolt locks, and only members of O’Brien’s team have keys. The room is also under full-time video surveillance, and O’Brien said there haven’t been any gaps.
On the technology front, there was a “trusted build” of a system in July of 2023. That system has a unique value set. O’Brien’s team ran the values, and nothing had been changed.
“Everything we could verify checked out,” she said.
In addition, O’Brien talked with the county’s information technology team, and those people confirmed that the proper steps had been taken.
In addition, the clerk’s office as of the night of Oct. 31 changed all the system’s access passwords. And, as of Nov. 1, there are 25 different backups of the data for this election.
O’Brien added that as of Nov. 1, her office has had “no direction” of a need to rescan any of the more than 12,600 ballots received as of Oct. 31.
Griswold faces heat
Gov. Jared Polis announced Friday morning that his office had deployed resources to help the secretary of state’s office secure any affected systems and verify that no settings were changed in any election equipment. The state staff members worked in pairs and were observed by county election officials.
Griswold has fielded questions during several media interviews since the discovery, which was made public earlier this week by the state Republican Party. She has said multiple times that the password disclosure doesn’t pose any security threat to Colorado’s elections.
In an interview with Colorado Public Radio, Griswold said the civil servant who was responsible for the error is no longer with their office.
Republicans locally and nationally have heaped criticism on Griswold over the error.
After Republican members of the Colorado House called on Griswold to resign, she said she wouldn’t consider it.
“Absolutely not,” she said in a Wednesday interview with 9News’ Kyle Clark.
Former President Donald Trump’s campaign is also demanding that the counties whose voting equipment passwords were posted start over on processing all ballots. Griswold responded to this request Thursday evening, saying the error presented “no immediate threat to the security of Colorado’s voting systems or the 2024 General Election.”
Election Day is Nov. 5. Any ballots not yet mailed must be dropped off directly at ballot boxes to ensure they are counted by next Tuesday.
— The Vail Daily’s Scott Miller contributed reporting.
