Colorado Secretary of State

10/29/2024 | Press release | Distributed by Public on 10/29/2024 21:58

October 29 - Statement from Colorado Department of State on Systems Passwords

Denver, October 29, 2024 - The Colorado Department of State is aware that a spreadsheet located on the Department's website improperly included a hidden tab including partial passwords to certain components of Colorado voting systems. This does not pose an immediate security threat to Colorado's elections, nor will it impact how ballots are counted.
Colorado elections include many layers of security. There are two unique passwords for every election equipment component, which are kept in separate places and held by different parties. Passwords can only be used with physical in-person access to a voting system. Under Colorado law, voting equipment must be stored in secure rooms that require a secure ID badge to access. That ID badge creates an access log that tracks who enters a secure area and when. There is 24/7 video camera recording on all election equipment. Clerks are required to maintain restricted access to secure ballot areas, and may only share access information with background-checked individuals. No person may be present in a secure area unless they are authorized to do so or are supervised by an authorized and background-checked employee. There are also strict chain of custody requirements that track when a voting systems component has been accessed and by whom. It is a felony to access voting equipment without authorization.
Every Colorado voter votes on a paper ballot, which is then audited during the Risk Limiting Audit to verify that ballots were counted according to voter intent.
The Department took immediate action as soon as it was aware of this, and informed the Cybersecurity and Infrastructure Security Agency, which closely monitors and protects the county's essential security infrastructure. The Department is working to remedy this situation where necessary.