Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Colorado blunder accidentally exposes voting machine passwords online - but officials say everything is secure

Colorado’s Secretary of State has claimed the breach does not present an immediate threat to the upcoming election

Jesse Bedayn
Wednesday 30 October 2024 18:07
Comments
Voting system passwords were mistakenly put on the Colorado Secretary of State’s website for several months before being spotted and taken down.
Voting system passwords were mistakenly put on the Colorado Secretary of State’s website for several months before being spotted and taken down. (AP)

Your support helps us to tell the story

This election is still a dead heat, according to most polls. In a fight with such wafer-thin margins, we need reporters on the ground talking to the people Trump and Harris are courting. Your support allows us to keep sending journalists to the story.

The Independent is trusted by 27 million Americans from across the entire political spectrum every month. Unlike many other quality news outlets, we choose not to lock you out of our reporting and analysis with paywalls. But quality journalism must still be paid for.

Help us keep bring these critical stories to light. Your support makes all the difference.

Voting system passwords were mistakenly put on the Colorado Secretary of State's website for several months before being spotted and taken down, but the lapse did not pose an immediate threat to the upcoming election, said state election officials Tuesday.

The passwords were only one of two that are needed to access any component of Colorado's voting systems, and are just one part of a layered security system, said Jack Todd, spokesperson for the the Secretary of State's office, in a statement. The two passwords are "kept in separate places and held by different parties," he said.

"This is not a security threat," said Colorado Secretary of State Jena Griswold in an interview on 9News Tuesday evening. She said her office is investigating, that not all of the passwords in the spreadsheet were active and there is no reason to believe there's been a security breach.

Griswold said workers are changing passwords, looking at access logs and chain of custody books.

Colorado Secretary of State Jena Griswold said there was no security threat - despite the password’s being on her website for several months.
Colorado Secretary of State Jena Griswold said there was no security threat - despite the password’s being on her website for several months. (Copyright 2024 The Associated Press. All rights reserved.)

She frequently calls Colorado the gold standard for election security, though there have been some hiccups in the past. The error has brought criticism from the chairman of the Colorado Republican Party at a time of heightened scrutiny of the country's election systems, though U.S. elections remain remarkably reliable.

Colorado law requires that election equipment is surveilled and stored in secure rooms — access to which is guarded, tracked and logged. Colorado voters fill out paper ballots, which are audited after the election.

Election officials learned last week that the spreadsheet, which held the passwords in a hidden tab, was available online. Once the lapse was discovered, Todd said, they acted immediately and informed the U.S. Cybersecurity and Infrastructure Security Agency.

The executive director of the Colorado Clerks Association, Matt Crane, told 9News that while the lapse was concerning, the association was satisfied with the Colorado Secretary of State's response.

Chairman of the Colorado GOP, Dave Williams, sent a letter to the department Tuesday demanding that, among other things, the secretary of state confirm that the exposed passwords have since been changed.

Earlier this month, a Colorado county clerk, Tina Peters, was sentenced to nine years behind bars for a data-breach scheme based in false claims about voting machine fraud in the 2020 presidential race.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in