Colorado Secretary of State site ‘improperly’ displayed partial passwords for voting systems
The Colorado Secretary of State’s Office mistakenly posted a spreadsheet to its website with a hidden tab that included voting system passwords on Wednesday.
The Colorado Department of State issued a statement and acknowledged it was aware of the situation.
“The Colorado Department of State is aware that a spreadsheet located on the Department’s website improperly included a hidden tab including partial passwords to certain components of Colorado voting systems. This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” the statement read.
The Colorado Secretary of State spokesperson told FOX31 that the partial passwords leaked do “not pose an immediate threat to Colorado’s elections, nor will it impact how ballots are counted.”
EARLY IN-PERSON VOTING BEGINS IN DC, COLORADO
The state office said that Colorado elections include many layers of security and include two unique passwords for every election equipment component, which are kept in separate places and held by different parties.
“It goes without saying how significant this is,” the Colorado GOP wrote to the Secretary of State’s Office. “We can only imagine that, since the discovery last week, you and your staff have been working tirelessly to remedy these vulnerabilities.”
The state office added that passwords can only be used with physical in-person access to a voting system.
“Under Colorado law, voting equipment must be stored in secure rooms that require a secure ID badge to access. That ID badge creates an access log that tracks who enters a secure area and when,” the state office said.
According to the state office, there is also 24/7 video camera recording on all election equipment.
MILLIONS OF VOTERS HAVE ALREADY CAST BALLOTS FOR NOV. 5 ELECTION
“Clerks are required to maintain restricted access to secure ballot areas, and may only share access information with background-checked individuals. No person may be present in a secure area unless they are authorized to do so or are supervised by an authorized and background-checked employee,” the office explained.
The state office added that there is also a strict chain of custody requirements that track when a voting systems component has been accessed and by whom, stating it is a felony to access voting equipment without authorization.
Every Colorado voter votes on a paper ballot, which is then audited during the Risk Limiting Audit to verify that ballots were counted according to voter intent, the state office said.
Colorado Republican Party Chairman Dave Williams called the possible exposure of the election system’s passwords “shocking.”
“We hear all the time in Colorado from Secretary Griswold and Governor Polis that we represent the ‘Gold Standard’ for election integrity, a model for the nation,” Dave Williams, Chairman of the Republican Party of Colorado said in a statement to FOX31. “One can only hope that by the Secretary of State posting our most sensitive passwords online to the world dispels that myth.”
The Colorado Republicans also asked for confirmation or a plan regarding how the “exposed systems” will or still meet the certification requirements of a “trusted build,” noting that a breach by a party with BIOS access may be difficult or impossible to identify.
CLICK HERE TO GET THE FOX NEWS APP
“The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the county’s essential security infrastructure. The Department is working to remedy this situation where necessary,” the state office said.
Fox News Digital reached out to the Colorado Secretary of State and Colorado GOP for comment but did not immediately receive a response.