close
close

All Affected Voting Machines Updated After Password Leak, Colorado Officials Say • Colorado Newsline

Colorado officials said Friday that state employees had completed the process of updating passwords on voting machines across the state that had been affected by the improper disclosure of certain system passwords.

Employees were deployed to affected counties across the state to coordinate with local election officials, update passwords and review access logs to ensure no systems were compromised. The effort “was successfully completed Thursday evening,” Colorado Secretary of State Jena Griswold’s office said in a news release.

“We appreciate the quick work to update these passwords and increase voter confidence in Colorado’s election system,” Gov. Jared Polis, a Democrat, said in a statement. “While the leaked passwords compromised just one of many layers of security protecting our election integrity in Colorado, we knew it was important to act quickly and work with Secretary Griswold and county officials to immediately update the passwords.”

GET TOMORROW'S HEADLINES.

Griswold revealed Tuesday that a document posted on her office's website contained a hidden but accessible spreadsheet containing passwords for the Basic Input Output System (BIOS). The passwords reportedly applied to more than 700 voting system components in every Colorado county except Las Animas. Her office was reportedly alerted to the leak through an affidavit from an unnamed person and distributed in a mass email by the Colorado Republican Party this week.

As of Thursday, eight Colorado Secretary of State employees and another 22 state cybersecurity employees had been deployed to affected counties to complete the process of changing the passwords. Employees worked in pairs under the supervision of local election officials.

“This password disclosure never posed an immediate security threat to Colorado elections, nor does it affect how ballots are counted,” the secretary of state said. “Password changes were made out of an abundance of caution.”

In the days following the leak's disclosure, county officials from both parties and independent election security experts confirmed that assessment. Duncan Buell, a computer scientist who researches voting systems and is chair emeritus of the computer science and engineering department at the University of South Carolina, told Newsline on Wednesday that while the leak was “concerning,” he believes “it There are adequate safety precautions.” Make sure this is not a disaster.

The Colorado County Clerks Association said Thursday that anyone in possession of the BIOS passwords and seeking to manipulate voting systems would still require “physical access to voting equipment, something tightly controlled by each county clerk and 24 hours a day, seven.” Monitored for days a week via video surveillance.”

“I want to thank Gov. Polis for providing additional state funding to support this effort,” Griswold, a Democrat, said in a statement. “Colorado has many layers of security in place to ensure our elections are free and fair, and every eligible voter should know their voice will be heard.”

YOU MAKE OUR WORK POSSIBLE.