Colorado Secretary of State “improperly” posted partial election equipment passwords to website

The Colorado Secretary of State’s office posted a spreadsheet to its website that “improperly included” the partial passwords to some parts of the state’s voting systems, the department announced Tuesday.

The Colorado Republican Party first announced the incident in a news release earlier in the day, including an affidavit purporting to find the error. The name of the person who signed the affidavit was blacked out. They said they found a spreadsheet publicly posted on the secretary of state’s website that contained an inventory of voting systems used throughout the state.

When the user clicked “unhide” on the spreadsheet’s tabs, they found hidden tabs that appeared to show the passwords to some of the voting system components. In a letter to Secretary of State Jena Griswold, GOP Chair Dave Williams requested she confirm the passwords have been changed and other security protocols met.

“If, however, you fail to provide necessary assurances that our elections are secure, we are prepared to encourage county officials throughout the state to fulfill their duty to decertify any election machines with a password on the released list,” Williams wrote.

He called the leak “shocking” and a sign of “significant incompetence and negligence.” Griswold has been a longtime subject of Republican ire for her vocal opposition to former President Donald Trump and election conspiracies.

In an unsigned news release from Griswold’s office, officials wrote “This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted.”

The news release stated that all election equipment has two unique passwords kept by separate individuals and the passwords can only be used with in-person access to the equipment. Under Colorado law, voting equipment must also be stored in secure rooms that require ID badges to access, and it is subject to 24/7 video surveillance.

The news release also noted that all Colorado votes are cast on paper ballots, and a post-election audit of the ballots ensures they were cast appropriately. The department also immediately contacted the federal Cybersecurity and Infrastructure Security Agency once it became aware of the leak and is “working to remedy this situation.”

The reported password leak comes less than a week after Griswold held a news conference to announce a voter fraud scheme in Mesa County had been foiled, but that three of about a dozen stolen ballots had been fraudulently cast there.