The accidental online posting of BIOS passwords for Colorado's voting systems by the Secretary of State has triggered a security and political controversy.
The Federalist reported that the office of Colorado Secretary of State Jena Griswold, a Democrat, exposed BIOS passwords vital for the security of voting systems across nearly all counties. This alarming situation unfolded after an Excel file named "VotingSystemInventory," containing a hidden sheet with passwords, made its way onto a public platform.
The privacy breach, involving passwords that secure county voting systems against unauthorized system boot-up changes, was first detected by the Colorado Republican Party.
They assert that this mishap could have severe implications for the integrity of the voting process and are now pushing for accountability through legal and legislative measures.
It should be noted that Griswold is the same figure who attempted to remove former President Donald Trump from the ballot in Colorado and has now compromised the security of Colorado's election by giving hostile actors passwords.
On a Tuesday earlier this fall, the Colorado GOP circulated an email alerting stakeholders of the breach.
The file had been available since August until its quiet removal on October 24. An individual, whose identity is undisclosed, accessed the data multiple times between these months. This has raised significant concerns within the GOP about the possibility of unauthorized system access using the leaked information.
The state’s guidelines are stringent about how BIOS passwords should be managed—mandating secure and confidential storage by civil servants. Despite this, Griswold’s office initially downplayed the severity by stating that only partial passwords had been exposed, a claim they later retracted to acknowledge the full extent of the leak.
According to Griswold’s team, these passwords, although critical, require physical access to affect any voting equipment, ostensibly minimizing the risk of remote exploitation.
They further stated that each voting machine component operates under dual-password protection, a claim contested by the GOP. In response to the crisis, Griswold's office notified the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) to assess the implications of the leak.
Despite these reassurances, the GOP's concerns persist. They highlighted the ease with which individuals with physical access to the machines could misuse the passwords.
This contradicts the nonchalant stance taken by Griswold at a press conference where she denied any potential harm to Colorado's election integrity. Griswold claimed that only partial leaks had occurred but it became apparent quickly that she lied.
The political fallout from this incident is intensifying. Colorado GOP Chairman Dave Williams criticized the Secretary of State, suggesting that this incident undermines the state’s reputation as a benchmark for election integrity. The party has formally requested an emergency legislative audit and is pursuing court actions to address this debacle.
This incident unfolds against the backdrop of ongoing elections, with over 1.27 million votes already cast in Colorado.
The potential exposure duration of these passwords and the feasibility of unauthorized personnel altering election outcomes form a central pillar of the GOP's critique.
As the political landscape reels from these revelations, the debate over election security and the competence of those tasked with safeguarding democratic processes remains fervent. The GOP's outcry emphasizes the need for stringent oversight and rapid response strategies to repair public trust and ensure the sanctity of the electoral process.