Only We Can Audit Ourselves

The forensic audit in Maricopa County, Arizona poured fuel on the prairie fire of legislators and concerned citizens who are still asking questions, wondering what happened in their states, and looking to find the truth about the 2020 elections. The fact that AZ is doing the first audit of its kind in the nation has raised a number of interesting issues as to what needs to be looked at and how in an era of technology-dependent elections. It’s no longer simply canvassing, paper ballots, procedures, and tallies. Comprehensive and adequate audits now must include the tech that we’ve allowed to take over our elections. Databases, software, hardware, cybersecurity, data, accreditations, certifications, testing, tech competency, user management, access control, and more. Given all the technology used in our elections, state and federal laws mandating the preservation of unmolested election records must apply to all the tech that produces artifacts. Once these artifacts are reconstructed, it objectively illustrates what happened in any given election.

Up until now, Colorado has remained out of the national discussion about election integrity, fraud, and forensic auditing.  That changed on June 17th when Secretary of State Jena Griswold announced that she and her office would not allow Arizona-style forensic audits by third parties in Colorado. Which is ironic because, she’s essentially claiming that no one may audit the State but the State. Xi whiz, is she just Stalin for time? Given the incredibly complex technical nature of so many of today’s election systems, third parties are the only ones with sufficient technical expertise to provide any understanding of whether systems have been compromised.  Griswold’s announcement on Twitter was so heavily ratioed, she won “the gold standard” award for Tweeting (using the same criteria she used to determine that Colorado’s election system is the “gold standard”).  The responses to Griswold’s ham-fisted, panicked announcement show how witty, hilarious, and ticked-off Colorado voters are. Lauren Boebert, Ted Cruz, Jack Posobiec, Boris Epshteyn and other national figures joined in, publicly and rightfully roasting Griswold.  

Back home in Colorado, Rep. Ron Hanks let Griswold know Colorado voters are “pissed off”. A particularly colorful response to Rep. Hanks captures the feelings of integrity minded citizens, “finally, a legislator who has balls!” State GOP Chair Kristi Burton Brown finally issued a statement on election integrity aimed at Griswold’s power grab; garnering a slow-clap from GOP members who refuse to ignore 2020. These are the folks who believe that if Colorado elections aren’t fixed before ‘22, there’s no use in supporting candidates, donating time, or money. Colorado voters who have left the GOP see Burton-Brown’s statement as a positive move in terms of the types of actions that would entice them to return.

TIMING IS EVERYTHING

The real story is about the timing of Griswold’s announcement. Why now?  What precipitated Griswold’s DNC-backed fear-biting pronouncement on the national stage?  There may be several forcing functions, all pointing to an awakening among Colorado citizens: 

• Public awareness of the secretive Dominion voting systems modifications coordinated by the SecState and Dominion.
• Public revelation of evidence that Griswold has certified results of Colorado elections conducted on voting machines that weren’t properly certified according to Colorado State Law.
• The legions of concerned voters contacting Colorado County Clerk and Recorders asking for answers about the shady Dominion updates – and getting stonewalled with either inaccurate info or woefully inadequate excuses; because the SecState forbade them to tell voters (more on this later).
• The Colorado delegation that traveled at their own expense, including State Rep. Ron Hanks, to visit Maricopa County to observe and learn about the forensic auditing process to possibly replicate the model in Colorado.

SHHHH….IT’S A SECRET 

In recent weeks, an email sent by Dominion and presumably the SecState intended for CO County Clerks was leaked to the public. In it, a May schedule for voting machine “updates” and a handful of bullet points mentioning the features and functionality of the modifications. What is missing from all of this is the SecState’s proper public notification and information on the Dominion modifications. County Clerks showed they aren’t working for Colorado voters either, by obeying the SecState’s unethical directive to avoid public notices of modifications in their counties.

Since May, Dominion has updated at least seventeen Colorado counties.  There’s no telling how many counties are left to be modified. I reached out to Dominion asking for the June and July update schedule for Colorado.  Stahl, the Dominion customer service representative, declined to share it citing “safety concerns” for Dominion employees.  Before the call ended, Stahl asked how I got his contact information.  I said it came from the May newsletter.  Stahl’s reply, “This was only to be sent to the County Clerks.” After that exchange, it seems reasonable to ask: Are Dominion and the Secretary of State engaging in a coordinated effort to delete, change, or tamper with electronic election data, records, and artifacts from the 2020 election without notifying the public?  I also reached out to the Secretary of State’s Office for comment and have not received any response as of the writing of this article.  

ELECTION TECH = BLACK BOX

After having spoken to over a dozen County Clerks and Recorders across the state since November 2020, one thing is blatantly obvious, none of them have technical chops.  The County Clerk and Recorders rely on their internal IT staff and/or the word of the SecState and Dominion when it comes to “updating” the voting equipment. There’s no question The SecState and Dominion hold all the cards when it comes to if, how, and when they decide to inform and educate Clerks about voting system tech past and present SecStates have made indispensable to the Clerks.  Judging from how the newsletter covers the topic of the “updates”, SecState and Dominion are speaking down to their non-tech audience: 

“A few notable changes for the ICX are listed below:

• The ICX can now be configured to print a full ballot.

ICX Daily Print Report that will include:

• Election Title
• Date (of report)
• Number of Printed Ballots
• Number of Voted Ballots
• Number of Blank Ballots
• Ballot Duplication Mode. This will allow counties to designate an ICX as a duplication device.
• And more to come!”

Given the last bullet point sounds like it’s lifted from a Ginsu infomercial; County Clerks should be very, very concerned by how it reads as a weak attempt to non-technically, superficially cover what the Dominion modifications may or may not include. It doesn’t take a tech expert to figure out that the bullet points (above) are a far cry from the publicly posted  54 page Pro V&V Test Report, which lists significant and unexplained modifications included in the actual software and hardware updates Dominion and the SecState are currently executing.  The “more to come” deserves a good hard look.

And who will give our voting systems that “good hard look” if the SecState is allowed to prohibit independent third party review?  A white-paper titled  An Argument for Supporting the Dominon Delay written by systems testing expert Ret. USAF Col. Shawn Smith lists around a dozen specified updates from the Pro V&V Test Report, with informed speculation and reasoned questions about how the updates affect the functionality and capability of the Dominion technology suite in practical terms.  

Smith’s analysis is alarming.  Most concerning is the question of how many security vulnerabilities existed in the Dominion machines that were used in the 2020 Colorado elections.  An example:  

Dominion’s update is adding support for ICX BMD to produce a ballot without a barcode.  Smith explains, “This is a placebo; just because you can’t see a barcode/QR code on a paper ballot doesn’t mean there isn’t a steganographic code embedded on the ballot design [that can be] read by software on the scanning system.”  

And that’s just one example.  Smith’s write up on the Pro V&V Test Report provides interesting insight into the inner workings of the Dominion systems.  It also builds on his previous analysis presented in April of this year.  In the April presentation is a detailed explanation of a troubling array of concerns with the Dominion hardware and software including: undisclosed installed wireless modems, the possibility of hidden modems, other covert modifications, well-known vulnerabilities in the “commercial-off-the-shelf” hardware and software.  Among Smith’s conclusions:  There is no way voting machines manufactured in China, with zero supply chain security, have ever been secure or can ever be secured.

C’MON, YOU CAN TRUST ME

The Dominion modifications deserve a tremendous amount of scrutiny both by the County Clerks and the public before being implemented in Colorado.  The test report raises the larger issue of why these problematic features that might be used to facilitate covert and unauthorized connections, and to manipulate ballots and election data exist in the machines in the first place. In May 2021, at an Independence Institute hearing, Matt Crane, the Executive Director of the Colorado County Clerk’s Association was presented with the fact that our voting machines had been built in China with wireless modems installed he stated, “Well, the modems are turned off.”  

This begs the question how exactly would Crane, the County Clerks, the SecState or the public know for sure the wireless modems in Colorado’s voting machines weren’t turned on during the 2020 election, or at any other time?   For that matter, what about past elections? The answer is simple.  They can’t know.  Based on the technical capabilities available in any given County Clerk’s office in Colorado, there’s no way to prove it one way or the other.  It would take a highly trained technical forensic specialist to be able to capture, observe, and preserve this level of data.  

How do The County Clerks and Recorders verify the Dominion machine changes are what the Sec State and Dominion are promising – no more, no less?  In a system update, it’s incredibly easy to add, delete, move, remove, and obfuscate data and functionality from a machine.  Are the County Clerks running a forensic audit on the machines before and after the Dominion and Sec State comes in and works their magic?  The SecState and Dominion call each version of voting system software they install a “trusted build,” but the truth is that Dominion does the “building,” and the Clerks do the “trusting.” Voters get what they get, and they’d better not make a fuss about it. 

To adequately evaluate the ramifications of even a single character change in complex code would take a team of highly-capable analysts; to understand how it was used, after the fact, would take a team of specialists, including national security-level cyber security pros.  Given Griswold’s statement, we know it’s both a warning shot to the public and a clear message to County Clerk and Recorders – sworn oaths be damned: they’d better surrender their autonomy, disregard the will of their constituents, and bend-the-knee.  In fact Griswold’s edict restricts third parties from accessing the machines, which may even apply to County Sheriffs and the Colorado Bureau of Investigations.  

WHEN YOU CAN SMELL TROUBLE

One must wonder, how much legal liability are the County Clerks exposing themselves to by trusting the Secretary of State and Dominion? If the machine modifications violate records preservation requirements, impede public transparency, or worse; do the County Clerks actually believe that “following (the SecState’s) orders” will indemnify them?[1]

In the case of Colorado’s highest ranking election official, SecState Jena Griswold; she’s chosen to stand on the wrong side of election integrity and transparency.  We know her emergency proposed rule changes will most likely face legal challenges.  It’s hard to believe even CO Dems will go along with the power grab.  However, there is a second factor haunting Griswold that raises legal concerns.  According to Colorado public records, it appears she and her office may have broken State law and thereby violated the U.S. Constitution.  

In Colorado,  there are laws mandating certification standards for all voting machines. [2] [3] [4] [5]  These certifications require testing by a federally accredited lab; Pro V&V of Huntsville, Alabama, is one such lab. In June, 2019,  Griswold certified Dominion Voting Systems Democracy Suite 5.11-CO for use in Colorado on the basis of Pro V&V’s Test Report, signed the same day.  Unfortunately, Pro V&V’s U.S. EAC accreditation had expired in February, 2017 and wasn’t renewed until February, 2021. Griswold also certified ClearBallot Voting Systems, used in Garfield and Douglas counties, on the basis of testing conducted by Pro V&V while Pro V&V was not accredited. That means:  

• Both Clear Ballot and Dominion voting machines used in Colorado’s 2020 elections have  not been legally certified under Colorado law.
• All Colorado elections conducted since June, 2019 using those systems may not be legal.
• Sec State Griswold and Colorado County Clerks have certified potentially illegal elections. 

CHOOSING WISELY 

In light of this information Griswold has some explaining to do. There are few obvious excuses for Griswold to claim innocence. Although Pro V&V’s accreditation lapsed in February 2017, long before Griswold took office, she had an unlimited legal and ethical responsibility to faithfully execute Colorado law. Whatever transpired before she took office in January, 2019; it was her Jane Hancock on the voting system certification letters, and on the election results certifications. Looks like this one is up to the lawyers and courts to decide. Either way, can Colorado voters trust their election systems and results when the public officials who should be paying attention and following the law are just going through the motions, and then frantically trying to suppress valid concerns?

If Griswold and Colorado County Clerks continue to claim there is no problem with Dominion machines and electronic voting, it seems unlikely that they’ll restore the trust of the increasing X% of Colorado voters who have doubts about the integrity of our election system and the 2020 results. If the public’s trust and the citizens’ sacred right to suffrage to express their will and consent aren’t compelling, the SecState and Clerks have their reputations, careers, and legal liabilities to consider.

The review, scrutiny and signing of the Pro V&V’s contract is Griswold’s ultimate responsibility, even if she delegated the task to her staff. When it comes to the County Clerks the case can be made that they are responsible on the same level as Griswold. However there is room for a legitimate defense given the fact that the County Clerks by nature of the system and its structure have been set up to trust Secretary of State Griswold’s competency; including her legally mandated responsibility, due diligence, and umbrella contractual agreements with vendors – especially given she holds the highest election position in the state.

Colorado election officials are now being forced to take sides.  On one hand, they are required to lawfully conduct free and fair elections on behalf of their constituents.  On the other hand, Clerks are under pressure from a number of different parties to “follow procedure” and allow machine modifications per the SecState.  What side are Clerks going to choose,  The People or The State, unelected bureaucrats, and vendors? 

[1] (Fed law: 52 USC 20701 –  22 months  (https://uscode.house.gov/view.xhtml?req=granuleid:USC-prelim-title52-section20701&num=0&edition=prelim)) (state law: CRS 1-7-802, 25 months (https://codes.findlaw.com/co/title-1-elections/co-rev-st-sect-1-7-802.html))

[2] (CRS 1-5-608.5: https://tinyurl.com/ykshumm6)

[3]  And Colorado’s legislature made that prescription, in detail, in Colorado Revised Statutes, Title 1, which reads, in part, at § 1-5-608.5 

[4]  According to U.S. Constitution, Article I, Section IV, “The Times, Places and Manner of holding Elections for Senators and Representatives, shall be prescribed in each State by the Legislature thereof.”

[5]  “A federally accredited laboratory may test, approve, and qualify electronic and electromechanical voting systems for sale and use in the state of Colorado,” and “…if the voting systems tested pursuant to this section satisfy the requirements of this part 6, the secretary of state shall certify such systems and approve the purchase, installation, and use of such systems by political subdivisions and establish standards for certification.” The U.S. Election Assistance Commission (EAC) is responsible and authorized, by U.S. law, to accredit voting system testing laboratories that would satisfy the requirement of CRS 1-5-608.5.