A Denver judge declined Monday night to rule immediately on a lawsuit seeking to force the hand-counting of ballots in more than half of Colorado’s counties as the fallout from an accidental leak of voting equipment passwords continued in the final 24 hours of the election.
District Court Judge Kandace Gerdes heard four hours of testimony in a hearing called in a lawsuit filed by the Libertarian Party of Colorado. The leak had been reported separately last week by the state Republican Party and Secretary of State Jena Griswold, a Democrat.
A lawyer for the Libertarian Party argued that the leak, discovered by a prominent 2020 election denier, compromised the election’s integrity. The suit also seeks the destruction of affected election equipment.
Griswold, meanwhile, announced she would be hiring a “well-regarded” law firm to conduct an outside investigation into how the information was posted to her office’s website — in a hidden tab on a spreadsheet — for months before it was discovered.
In court Monday, attorneys representing Griswold argued that the passwords were not enough to jeopardize voting systems and that the Libertarians’ request would sow “chaos” across the state as clerks prepared for polls to close at 7 p.m. Tuesday. Griswold’s office has said that in order to use the passwords, a person would need physical access to the equipment, along with additional passwords that were not included in the released spreadsheet.
During the hearing, no evidence was presented indicating any voting systems were compromised or had been improperly accessed. First Deputy Attorney General LeeAnn Morrill said suggestions otherwise were based on “supposition” and “fear mongering.”
Last week, after the breach was revealed, Griswold immediately came under fire. Regardless of how Gerdes rules on the Libertarian suit, other election officials are bracing for additional litigation and fallout from the release of the passwords, which came just days before a presidential election that some elements of the Republican Party were already seeking to undermine.
Matt Crane, the executive director of the Colorado County Clerks Association, told The Denver Post that some Colorado Republican officials were already planning to challenge the certification of ballots in the state.
“The software leak is a valid leak for people to be concerned about,” Crane, a Republican who formerly served as the Arapahoe County clerk, said. “But I think it’s mitigated. … But bad actors will do what they do. We know that.”
Griswold calls leak “regrettable”
The release of the passwords was revealed Oct. 29, when the Colorado Republican Party announced that a spreadsheet posted on the secretary of state’s website included a hidden tab specifying the codes. The party also released a redacted version of an affidavit from an unnamed person who found the passwords in the spreadsheet.
The affidavit was filed by Shawn Smith, a retired Air Force officer who has previously sought to undermine the 2020 election results. The Post obtained a copy of the affidavit Monday, and it was later described by Smith during the court hearing.
Smith testified that he discovered the passwords while reviewing the spreadsheet on Oct. 24. In his affidavit, Smith indicated he’d accessed the spreadsheet twice in October and once in August, though the affidavit itself doesn’t make clear when Smith identified the presence of the passwords.
In February 2022, Smith baselessly told a conservative group that Griswold had committed election crimes and that anyone involved in election fraud should be executed.
It’s unclear how the state Republican Party — led by another election denier, chairman Dave Williams — became aware of Smith’s claims. Smith testified that attorney John Case contacted him to ask him to prepare an affidavit about his findings, though he did not indicate how Case knew to contact him. Case, who was in the courtroom Monday, declined to answer when asked by a reporter how he learned of Smith’s findings.
In a statement Monday, Griswold’s office said officials learned of the password leak on Oct. 24 — the same day Smith said he learned of it — from a voting machines vendor.
After conducting an assessment of how widespread the breach was, officials determined that 34 of Colorado’s 64 counties were affected.
Griswold’s office didn’t alert the public — or county clerks — about the passwords’ release until after the Colorado GOP announced it. In an interview Monday, Griswold said she regretted both the release of the passwords and that county clerks learned of it via the media, rather than from her office.
All of the released passwords have since been changed, she said, and the state’s elections remain secure.
“We discovered an error that is regrettable and took as thoughtful and measured of steps to address it (as we could), in an atmosphere that is full of threats and disinformation,” Griswold said.
Griswold’s office confirmed that the staff member who created the spreadsheet — which was posted online June 21 — “amicably left” their job well before the passwords were discovered.
She said her office was also contracting with Garnett Powell Maximon Barlow & Farbes, a metro Denver law firm, to conduct an outside investigation into what happened. She said the timeline for that investigation was still being determined.
Reviewing security footage
Christopher Beall, Griswold’s deputy, testified in court Monday that the state was reviewing 24-hour surveillance footage, among other security monitoring, to determine if anyone had improper physical access to voting equipment in Colorado’s counties. Those procedures were put in place after former Mesa County Clerk Tina Peters improperly accessed voting systems after the 2020 presidential election.
Beall said the ongoing review had not identified any improper access.
“We’re continuously working on building trust in our elections,” Griswold told The Post. “Colorado’s elections are secure. We have multilayer security at every step of the way. We have strong security measures, internally and externally, and we are always trying to move as quickly as possible in the environment.”
While machines are used to count votes, people still cast votes on paper ballots. And counties across the state conduct reviews called risk-limiting audits that compare the ballots to tallied results after each election.
Griswold has faced Republican ire for her criticism of former President Donald Trump and election conspiracies. One man pleaded guilty last month to making death threats against her and others. Earlier this year, state House Republicans sought to impeach her for calling Trump an insurrectionist and other criticisms made from her official position.
Soon after the breach was made public last week, Sen. Kevin Van Winkle, a Highlands Ranch Republican, requested that the Legislative Audit Committee hold an emergency meeting to assess if the state’s election systems were compromised. Doing so would provide a venue to address questions such as whether the breach was intentional when the passwords were posted, he wrote.
Related Articles
The Latest: All eyes on Pennsylvania as candidates spend final day campaigning there
As Colorado Democrats pursue dual legislative supermajorities, Republicans search for a toehold
Denver warns of election result delays due to ballot crush: “We are really pushing people to vote early”
Colorado voting machine password breach: Polis declares fix completed
Last-minute Colorado voter guide for the 2024 election
The committee voted on party lines against holding a meeting. Despite Democratic majorities in the legislature, that committee has a 4-4 bipartisan split. Its members could still raise the issue at the next normally scheduled meeting in December.
Rep. Lisa Frizell, a Castle Rock Republican who chairs the committee, declined to comment on the decision until after the election. Rep. Andrew Boesenecker, a Fort Collins Democrat and vice chair of the committee, said the tight timeframe of the request, along with assurances from multiple agencies that there’d been no security compromise and that passwords have been switched, made him question the need for expediency.
He also pointed to the independent investigation being commissioned by the Secretary of State’s Office as likely providing more information for the committee to explore — on its normal timeline.
“With all respect to Sen. Van Winkle, it’s really hard to understand this request as anything other than a partisan request to undermine voters’ confidence, and I think that’s the last thing we need to be doing in this moment,” Boesenecker said in an interview.
Stay up-to-date with Colorado Politics by signing up for our weekly newsletter, The Spot.