Investigator finds Colorado voter system passwords were not intentionally posted online
An investigation has found a series of inadvertent and unforeseen events resulted in Colorado voting system passwords being posted on the Secretary of State's website earlier this year
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.A “series of inadvertent and unforeseen events” resulted in Colorado voting system passwords being posted on the Secretary of State’s website, an outside investigator said.
A Denver attorney did not find any intentional wrongdoing by Secretary of State Jena Griswold or staff in her office, but said two policies were violated. Attorney Beth Doherty Quinn suggested in her report, dated Sunday, that the agency require a more thorough review of documents before they are posted on the secretary's website and better protection of passwords.
The passwords — “only some of which were still active,” Doherty Quinn said — were on hidden tabs in a spreadsheet containing information about county voting systems that was posted on the secretary's website on June 21. The information had previously been posted as a PDF that could not be manipulated, but an employee suggested posting the information in a spreadsheet software in the interest of transparency. The hidden sheets were discovered on Oct. 24.
The passwords were one of two needed to access components of the Colorado voting system, Griswold's spokesperson Jack Todd has said. Griswold said it was not a security threat.
The tabs that included the passwords had been hidden in a file kept by a former employee. None of the employees involved in posting the document online knew that hiding tabs was a feature of the software, the investigation found.
The “substantial weight of the evidence” shows the hidden tabs with the passwords were posted “mistakenly, unknowingly and unintentionally,” because the employees involved were unaware the hidden worksheets existed, Doherty Quinn wrote in her report.
Doherty Quinn recommended the office require all passwords to be stored using software called a “password safe," and to create a checklist of things that need to be reviewed before something is posted on the website, including seeing if there are hidden tabs and removing any metadata.