US state mistakenly disclosed passwords for voting system

Colorado authorities have unintentionally shared passcodes for their voting equipment online. Read Full Article at RT.com.

US state mistakenly disclosed passwords for voting system
The passcodes were "improperly" stored on Colorado's government website, officials have said.

The Colorado Secretary of State’s Office acknowledged on Tuesday that a document containing multiple passwords for the voting system was inadvertently posted on its website.

According to 9News, Hope Scheppelman, the Colorado Republican Vice Chair, shared a file through a mass email which contained a hidden tab. This file also included an affidavit from an unnamed individual who stated they had accessed the Excel document from the state secretary's website and were able to reveal the hidden tab merely by selecting ‘unhide.’

In response to the breach, the Colorado Secretary of State’s Office stated that it took immediate action and notified the Cybersecurity and Infrastructure Security Agency. “The spreadsheet located on the Department’s website improperly included a hidden tab including partial passwords to certain components of Colorado voting systems,” officials mentioned.

The incident, however, has been downplayed by spokesman Jack Todd, who asserted that “This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted.”

Todd emphasized that the passwords represented only one layer of security for state elections. He explained that each piece of election equipment is protected by two unique passwords, which require "physical in-person access" to the voting system for use. Todd also noted that these systems are further safeguarded by video surveillance and the necessity of ID badges for access: “It is a felony to access voting equipment without authorization,” he remarked.

Colorado Secretary of State Jena Griswold reiterated the lack of threat posed by the incident, stating, “To be very clear, we do not see this as a full security threat to the state. This is not a security threat,” in an interview with 9News on Tuesday evening. She pointed out that the document had been publicly available on the government website for several months prior to the disclosure of the error.

The Colorado Republican Party expressed concern in a statement, claiming that over 600 so-called BIOS passwords for voting equipment in 63 out of the state's 64 counties were compromised. Colorado GOP chair Dave Williams remarked, “It’s shocking really. At best, even if the passwords were outdated, it represents significant incompetence and negligence, and it raises huge questions about password management and other basic security protocols at the highest levels within Griswold’s office.”

This incident arises just days before the US presidential election set for November 5, amid ongoing accusations from both Republicans and Democrats regarding attempts to undermine confidence in the electoral process and using dubious tactics to influence the election outcome.

Earlier this month, former Colorado county clerk Tina Peters received a nine-year prison sentence for permitting unauthorized access to the election system. Peters claimed her actions were an effort to uncover evidence of alleged voting machine fraud, a claim made by Republican presidential candidate Donald Trump who insists that the 2020 election was “stolen,” despite courts and investigators failing to find supporting evidence for such assertions.

Jessica Kline for TROIB News