On November 5, 2023, Coloradans will head to the polls amid concerns surrounding the security of the state’s voting systems due to an accidental online posting by the Colorado Department of State. A spreadsheet, which was improperly uploaded to the department’s website, contained hidden tabs that revealed partial passwords for certain voting systems throughout the state. The Colorado Department of State has reassured residents that the incident poses no immediate security threat to the upcoming election and will not impact the integrity of how ballots are counted. The state has taken immediate action to rectify the situation and has communicated the incident to the Cybersecurity and Infrastructure Security Agency (CISA) for further assistance.
The issue came to light when Hope Scheppelman, the vice chair of the Colorado Republican Party, announced that over 600 passwords associated with voting systems in 63 of Colorado’s 64 counties had been publicly shared. According to Scheppelman, these passwords were left unencrypted on the website and had been accessible since at least August. To further substantiate her claims, she released an affidavit from an individual who purportedly accessed the passwords between August 8 and October 23. However, the identity of this individual was redacted, and Reuters has not been able to verify the authenticity of the allegations independently.
In response to the incident, the Colorado Department of State emphasized the rigorous security measures embedded within the state’s election processes. They noted that every component of the election equipment is protected by two unique passwords, each held in different locations and by different parties to mitigate the risk of unauthorized access. The department underscored that these passwords can only be utilized with physical, in-person access to the voting systems. The layered security measures they have in place are meant to significantly strengthen the integrity of the voting process, providing an additional level of assurance to voters.
Furthermore, the department has stringent chain-of-custody protocols in place, meticulously tracking access to voting system components and documenting who accessed them and when. These measures are designed to enhance oversight and security throughout every stage of the election process. Despite the alarming disclosure regarding the passwords, Colorado officials maintain confidence in their voting systems and the structures in place to protect them.
CISA has acknowledged the situation and is actively coordinating with the Colorado Secretary of State’s office to navigate any potential risks stemming from the incident. A spokesperson for CISA indicated that while they are aware of the passwords leak, the agency believes that the impact is limited to Colorado’s voting systems. They have deferred to the Secretary of State’s office for further details and mitigation strategies, reflecting a unified approach among federal and state agencies in addressing any concerns regarding election security.
As the election date approaches, the Colorado Department of State is working diligently to reassure voters regarding the integrity and security of the systems they utilize for casting their ballots. It is critical for state officials to maintain public trust and emphasize that significant safeguards are in place to prevent any unauthorized access to voting systems. The Colorado Department of State remains vigilant in monitoring the situation and implementing any necessary measures to ensure that the general election will proceed smoothly and fairly, allowing voters to have confidence in the electoral process.
