Partial passwords for Colorado election machines were accidentally revealed on the secretary of state's website and have been available since late August, according to an affidavit accompanying a letter the Republican vice chair, Hope Scheppelman, sent to Jena Griswold, secretary of state.
"The Colorado Department of State is aware that a spreadsheet located on the Department’s website improperly included a hidden tab including partial passwords to certain components of Colorado voting systems. This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted," a statement from the Secretary of State's Office read.
So no "immediate security threat." How about later?
As we've seen in recent years, access to top aide's email accounts can lead to all kinds of hacking nightmares. Trump advisor Roger Stone's email account was hacked, which led to the exposure of campaign vetting documents for eventual vice presidential nominee JD Vance.
Griswold's office claims the ballots are secure.
But while the breach of password data is likely to erode confidence and invite disinformation in Colorado, there are multiple layers of security to protect the integrity of election machines in the state.
Election machines are not connected to the internet, and they are required to be kept in secure rooms that require ID badges for entry. They also have “24/7 video camera recording on all election equipment,” according to the secretary of state’s office.
What good are "secure rooms" and "24/7 video cameras" when the hack, if it's possible, will be conducted below the security radar?
“There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties,” Jack Todd, a spokesman for Griswold, said in a statement. “Passwords can only be used with physical in-person access to a voting system.”
Then why have passwords at all?
Chris Krebs, the former director of the Cybersecurity and Infrastructure Security Agency thinks the leak will have a "negligible" effect on security. The breach “highlights the critical importance of the various compensating controls in place that protect our nation’s election systems.”
“While this is an extremely unfortunate leak that may serve to undermine confidence in some circles and feed into conspiracy theories in others, it nonetheless has negligible if any technical impact on Colorado’s systems,” Krebs added.
If that's true, why did the spokesman for the secretary of state say that the password leak posed no "immediate threat" to elections? It either poses no threat or it poses a threat. And if it was just a clumsy attempt to assure us that there was no danger, why not issue an immediate clarification?
Am I exaggerating the danger? Probably. But these are the same clowns who apparently didn't realize that the partial passwords had been exposed since August.
And we're supposed to have confidence in their words of reassurance?
Meanwhile, Colorado Republicans want answers.
"It goes without saying how significant this is," the Colorado GOP wrote to the Secretary of State’s Office. "We can only imagine that, since the discovery last week, you and your staff have been working tirelessly to remedy these vulnerabilities."
That the vice chair of the Colorado Republican Party had to bring the security vulnerability to the Democratic secretary's attention only serves to highlight the number of ways that ballots can be compromised.
Stop telling Republicans to sit down, shut up, and accept the results of this election come what may. Questioning the ballot is not treason (yet), nor is it a "threat to democracy." Stop trying to keep Republicans quiet, and stop using their questions about the ballot as a political weapon against them.
Join the conversation as a VIP Member