DENVER - Today, Governor Jared Polis and Secretary of State Jena Griswold announced that the effort to update all passwords and verify the security of affected active voting systems in Colorado is complete. The joint effort concluded successfully Thursday evening.
“All of the passwords in affected counties have been changed. I want to thank Governor Polis for deploying extra state resources to help in this effort,” said Secretary of State Jena Griswold. “Colorado has countless layers of security to ensure our elections are free and fair, and every eligible voter should know their ballot will be counted as cast.”
“We appreciate the swift work to update these passwords. Every Coloradan can rest assured that their vote will be counted fairly and accurately. While the leaked passwords compromised just one of many layers of security that protect our election integrity in Colorado, we knew it was critical to take swift action and to work with Secretary Griswold and the county clerks to update the passwords immediately,” said Governor Jared Polis. “I want to especially thank the hardworking state employees and county clerk personnel who were part of this effort.”
Within hours of being briefed on Wednesday, October 30, Governor Polis deployed human capital, air and ground assets, and other logistical support to the Secretary of State’s Office to complete changes to all the affected passwords and verify that no settings had been changed in any piece of election equipment.
Last evening, the operation was completed quickly to change all impacted passwords. This included eight staff from the Department of State and an additional 22 state cybersecurity personnel who were directed to support the operation by Governor Polis. All staff had appropriate background checks and underwent training pursuant to rules promulgated by the Secretary of State prior to beginning work on election systems. Additionally, state agency staff worked in pairs and were observed by county elections officials.
This password disclosure did not pose a security threat to Colorado’s elections, nor will it impact how ballots are counted. Changes to passwords were made out of an abundance of caution.
Colorado elections include many layers of security. The passwords that were improperly disclosed were one of two passwords needed in combination to make changes to a voting system and can only be used with in-person physical access. Under Colorado law, voting equipment must be stored in secure rooms that require a secure ID badge to access. That ID badge creates an access log that tracks who enters a secure area and when. There is 24/7 video camera recording on all election equipment. Clerks are required to maintain restricted access to secure ballot areas and may only share access information with background-checked individuals. No person may be present in a secure area unless they are authorized to do so or are supervised by an authorized and background-checked employee. There are also strict chain of custody requirements that track when a voting systems component has been accessed and by whom. It is a felony to access voting equipment without authorization.
Every Colorado voter votes on a paper ballot, which is then audited during the Risk Limiting Audit to ensure ballots were counted according to voter intent.
If Coloradans see something suspicious near an election site or experience election intimidation, please report it to the CIAC through their online Community Member Suspicious Activity Report Form.
###