Dem Colorado Sec. of State Griswold accused of incompetence, possible election security breach, over exposed passwords for voting system components
Top Democratic officials in Colorado, including Secretary of State Jena Griswold, had proclaimed themselves to be the "Gold Standard" in terms of protecting the instruments of democracy and guarding the integrity of the election process.
Yet, it was revealed this week that, for several months, Griswold had exposed critical passwords to the state's elections systems in a spreadsheet posted online by her office, Colorado Newsline reported.
That revelation has raised legitimate concerns that the systems may have been compromised, but Griswold and others are insistent that the exposed passwords did not constitute a "security breach" and posed no threat to the integrity and safety of Colorado's elections.
Sensitive passwords exposed for months in publicly accessible online spreadsheet
In a mass email released by the Colorado GOP earlier this week, it was announced that an anonymous whistleblower had attested in a notarized affidavit that they had discovered in a spreadsheet posted to Sec. Griswold's website the Basic Input Output System, or BIOS, passwords to more than 700 election system components in all but one of the state's 64 counties.
That spreadsheet was an inventory of the state's voting systems components, which had been posted online since August, and the secret passwords were unveiled by a simple right-click on a tab that unveiled options to "unhide" various hidden worksheets, some of which contained the unencrypted access codes to those components.
The Colorado GOP's email acknowledged that while the exposed passwords did not "constitute evidence of a breach by itself, it does demonstrate a major lapse in basic systems security and password management."
In a statement, Colorado GOP Chairman Dave Williams said, "We hear all the time in Colorado from Secretary Griswold and Governor Polis that we represent the 'Gold Standard' for election integrity, a model for the nation. One can only hope that by the Secretary of State posting our most sensitive passwords online to the world dispels that myth."
"It’s shocking really," he added. "At best, even if the passwords were outdated, it represents significant incompetence and negligence, and it raises huge questions about password management and other basic security protocols at the highest levels within Griswold’s office."
Griswold says leaked passwords are no big deal because of other security measures
Newsline noted that Sec. Griswold has downplayed the severity of the exposed passwords and explained that access to each piece of election equipment is controlled by two separate passwords and that the components, which can supposedly only be accessed in person, are kept guarded in secure facilities that are monitored with access logs.
In an interview Tuesday with local NBC affiliate KUSA, Griswold said, "To be very clear, we do not see this as a full security threat to the state. This is not a security threat." Nevertheless, her office previously announced that the leak had been immediately reported to the federal Cybersecurity and Infrastructure Security Agency (CISA) as soon as it was realized.
"There are two passwords to get into any voting component, along with physical access," she continued. "We have layers of security, and out of just an abundance of caution, have staff in the field changing passwords, looking at access logs and looking at the entire situation and continuing our investigation."
Griswold has been accused of a coverup and sharply criticized for not changing the passwords or notifying county clerks of what happened until after the exposure was made public, but she insisted to KUSA, "We did not decide not to disclose something to county clerks. We were actively investigating along with federal partners. We want to try to take as measured of approaches to situations as possible and gather good information. So, along those lines, we are still in an active investigation."
Colorado Republicans demand Griswold's resignation
Yet, while Sec. Griswold may think the exposed passwords to the state's voting systems components are no big deal, not everybody else is so nonchalant about it, as Colorado Politics reported that many of the state's elected Republicans at the local and federal level are demanding that she resign in shame.
The leaked passwords are just the latest alleged misstep by Griswold, her critics say, as she is also accused of having mailed thousands of postcards to ineligible noncitizens that encouraged them to register to vote as well as for inaccurately notifying some voters that they hadn't yet voted when they had already cast their ballot in prior elections.