DENVER, Colorado (PNN) - November 16, 2024 - The Colorado voting machine security breach, overseen by Secretary of State Jena Griswold, is a masterclass in incompetence and deceit - an epic calamity not of malice but of unchecked ineptitude. A recently leaked conference call with Colorado's county clerks lays bare the ineffectiveness of the response and adds a new layer of bureaucratic bungling. Deputy Secretary of State Christopher Beall admitted that the Secretary of State’s office actively kept the leak of the passwords hidden from county clerks in order to avoid media exposure. Their plan? Keep the secret until after the election - without even bothering to change the passwords in a timely manner.

Four full months passed as this ticking time bomb lay in wait, passwords exposed to anyone who cared enough to look online. It was like an open buffet for anyone with ill intent. Worse yet, when county officials finally learned of the breach, the office's response was dismal at best - an ad hoc rush five days before the election to change the compromised passwords.

This isn't merely a local administrative error. It is a significant threat to the very foundation of electoral integrity - a threat fostered by a combination of bureaucratic negligence, lax security protocols and Griswold’s dogged refusal to take meaningful action. Not only was the BIOS password exposed but it was maintained unencrypted, sitting vulnerably in an Excel spreadsheet on state network drives. One might think these officials were desperate to be hacked. Apparently, securing voting systems is a task too advanced for those in charge.

Contrary to Griswold's initial reassurances that this was a minor, isolated error, it later emerged - through the admissions of Deputy Secretary Beall - that more than half of Colorado's counties were affected. One cannot help but marvel at the level of ineptitude required to let a disaster like this go unnoticed for so long.

The absurdity didn’t end with merely downplaying the scope of the breach. When Adams County Clerk Josh Zygielbaum challenged Beall, pointing out the recklessness of making last-minute changes to voting systems during an election week, Beall’s response was cold comfort. "There is no possibility that any of these password changes will 'crash the system,'" Beall claimed, speaking as though he could guarantee the flawless execution of hasty password changes conducted by staff with little to no specific training in election systems. In fact, Griswold's team admitted that some technicians being dispatched had never worked on voting machines before. Their credentials? Generic cybersecurity experience - with the assumption that this was enough to secure the infrastructure of free elections.

It wasn’t just the BIOS passwords. Once one voting system component is compromised, anything connected to it - LAN cables, HDMI cables, even air-gapped systems using removable media - must be assumed compromised as well. It’s Cybersecurity 101. Cybersecurity and Infrastructure Security Agency (CISA), the lead federal agency for election infrastructure security, lays out clear standards and procedures for handling such incidents. The very least Colorado could have done is follow them. Instead, they opted for a comedic routine of denial, delay and deception.

Days passed, and when the state GOP learned of the breach and media caught wind of it, Griswold finally came out of her bunker. Her strategy? A classic: evade, obfuscate and pretend everything was under control. Griswold claimed that each voting machine required two separate passwords, with different people or groups entrusted with only one password each, making it supposedly impossible for the machines to be compromised. This claim was false. Even if it was true, the group not supposed to have the BIOS passwords could have simply downloaded them from the Internet, meaning that multiple individuals certainly had complete and unfettered access to the machines.

They dispatched people to change a handful of passwords and Griswold went on a media blitz, making a futile attempt to gloss over the enormity of the breach. Day 9 saw Governor Jared Polis attempt his own desperate act of damage control, ordering a broader, albeit equally ineffective, response to ensure password changes. Apparently, it takes helicopters to change passwords in Colorado.

But what Griswold and Polis both failed to do was address the real danger: the integrity of the voting systems themselves. The affected machines were still in use, election officials continued to tabulate votes with them, and - most damningly - no real forensic analysis was ever conducted to determine the scope and impact of the compromise.

A proper response would have been as follows: first, halt the use of all affected systems; second, image the compromised machines to preserve the evidence; third, bring in qualified cyber forensic experts to determine if, when and how the systems were breached; fourth, address the timing and impact of any compromise, especially since this breach was active during the Colorado primary election. Fifth - and only after all other steps were satisfactorily completed - remove any malicious influence, if possible, and restore functionality. None of this happened.

Instead, what did happen was a spectacle of bureaucratic incompetence that would be almost humorous if it wasn’t undermining the sanctity of Colorado’s elections. The public was told, "Nothing to see here, folks, move along," as if we’re all too stupid to understand the ramifications of a four-month breach that affected a majority of the state’s counties. Anyone insisting today that Colorado’s voting systems are secure, or that citizens can rest assured their votes have been accurately counted, is either woefully ignorant or has a vested interest in upholding the false narrative of a "swift response".

In the wake of the breach, the Libertarian Party of Colorado filed a lawsuit against Griswold, demanding she step aside from her election responsibilities, remove compromised devices from service, and order ballots to be hand-counted in affected counties. Yet Griswold’s lawyers, in a performance of unrepentant arrogance, argued that such actions would create “chaos" with Election Day looming. It’s always chaos that’s to be avoided, never accountability of the responsible evildoers.

During the subsequent court hearing, it became clear just how deep the rot went: 46 counties had systems with the passwords exposed, and 34 of those still had active passwords. The court dismissed the testimony of expert Clay Parikh, an election systems analyst for nearly a decade, because he supposedly wasn't qualified to discuss Colorado's specific voting systems. The absurdity of the objection would be laughable if it didn’t have real-world consequences. Yet this is where we are: justice obstructed, integrity compromised and those responsible for safeguarding free and accurate elections performing nothing but a hollow pantomime of action.

The Colorado voting machine breach reveals a deeper problem than just passwords. It is a vivid illustration of an administration that is either grossly incompetent or wilfully misleading - a regime more concerned with optics and public relations than with the actual mechanics of secure elections. It is an indictment of a system where a blatant error can go ignored, where citizens are left in the dark and where those tasked with protecting our Republic seem more interested in protecting themselves.

Griswold and Polis’ “swift action”? Hardly. This was no more a "swift response" than a glacier moving to the sea. It was, at its heart, a lesson in deception, designed to mask the fact that those entrusted to secure our free elections were asleep at the wheel, dreaming of positive headlines, while anyone with half a brain could see the road to disaster unfolding right in front of them. This entire failure underscores the necessity of adopting paper ballots and same day voting for federal elections, eliminating the vulnerabilities inherent in electronic voting systems, and restoring confidence in our democratic processes.