A mistake at the Secretary of State’s office that saw sensitive passwords posted online should not shake voter confidence, says Secretary of State Jena Griswold.
The Secretary of State’s Office said the information, which appeared on a hidden tab online, contained only one-half of the passwords needed and would not be sufficient to access sensitive voter systems.
Griswold said the mistake was made by a “civil servant” in the Secretary of State’s Office, who no longer works there.
“Ultimately, a civil servant made a serious mistake and we're actively working to address it,” Griswold said. “Humans make mistakes.”
Griswold spoke with Colorado Matters host Ryan Warner about the fallout from the news, and what comes next.
Editor’s note: This interview transcript has been edited for length and clarity.
Ryan Warner: Your office says there's no threat to election security with these passwords having been online, that there are other security measures in place. What about an erosion of people's trust?
Jena Griswold: Well, I think situations like this are exactly why we have so many layers of security behind Colorado's elections and being really clear about the situation is important.
A spreadsheet located on the department's website was improperly posted and it had a hidden tab that included partial passwords to certain components of Colorado's voting equipment. Now, we do not think there is an immediate security threat to Colorado elections, in part because partial passwords don't get you anywhere. Two unique passwords are needed for every election equipment component. Physical access is needed. And under Colorado law, voting equipment is stored in secure rooms that require secure ID badges. There's 24/7 video cameras. There's restricted access to the secure ballot areas, strict chain of custody, and it's a felony to access voting equipment without authorization.
Warner: You say that a spreadsheet was improperly posted. Who's ultimately responsible for this and what does accountability look like to you?
Griswold: A civil servant accidentally made this error. Out of an abundance of caution, we have people in the field working to reset passwords and review access logs for affected counties. The employee responsible for the hidden tabs on the spreadsheet no longer works with the department and we are doing everything that we can to, of course, assure the public and work with the counties. And, again, this is out of an abundance of caution. We do not believe there is a security threat to Colorado's elections.
Warner: There are Republicans in the legislature as well as GOP Congressman Lauren Bobert asking for your resignation. You have told 9News that you wouldn't step down. Why doesn't this rise to that level?
Griswold: Well, (State) House Republicans and Congresswoman Lauren Boebert are the same folks who have spread conspiracies and lies about our election systems over and over and over again.
Ultimately, a civil servant made a serious mistake and we're actively working to address it. Humans make mistakes. That's exactly why I have passed major legislation to add layers of security to our electoral process and ensure that no one mistake endangers our voting systems. Since being in office, I have faced violent threats. I have faced conspiracy theories from elected Republicans in this state, and I have not been stopped by any of their efforts and I'm going to keep on doing my job.
Warner: Is there a pattern of you falling short on this job?
Griswold: Absolutely not. I take my job very seriously. We take election administration very seriously. At the end of the day, I think it's very important to underline that overall, the people in my office have done a really good job under a trying situation. Because of the lies, the conspiracies, the threats, we have 38 percent new county clerks in the state of Colorado. The legislature has refused increased funding for my office over and over. People are working around the clock to deliver elections and, honestly, we have delivered. Even with all the lies in the conspiracies, we are seeing in prior elections since 2020, over 98 percent or so of Coloradans across the political spectrum, choose to use their mail ballots. We do have a remarkably high amount of confidence. Over the summer, Colorado was marked tied for number one in confidence in our elections. Situations happen in elections. There's 64 counties. We want everything to go really, really well. And God forbid, we never want any of our employees to make a mistake. But with elections, it's how you address it.
Warner: And just to be clear, this came to your attention because of the GOP press release and coming to your office, the state GOP?
Griswold: No, that is not correct.
Warner: How did this come to your attention?
Griswold: We learned about it at the end of last week. We immediately contacted federal partners and then we began our investigation.
Warner: Did you inform clerks as soon as you could?
Griswold: We ended up launching an investigation and by the time this was public, had not informed clerks at that point. We have subsequently alerted the clerks. We're working with every single county. We wanted to be responsible in gathering our information and had pursued that investigation.
Warner: The Colorado legislature passed a law making intentional password leaks a felony. How do you know this was an accident?
Griswold: From our initial investigation. It sure seems like an accident. I want to take a step back and say that secretaries of state, elected secretaries do not have access to these passwords. And it's the same thing with the statewide voter registration system.
This information is held by civil servants. These are the civil servants who have been here through various administrations under Scott Gessler, under Wayne Williams. With that said, this was a mistake, it's an error, and we do take it very seriously.
Warner: Are you throwing civil servants under the bus here? I don't hear you say, ‘I'm Jenna Griswold. I'm Secretary of State. The buck stops with me.’
Griswold: You are asking me how this happened, and I am explaining to you how it happened. I myself did not hide passwords on a spreadsheet and, of course, I take responsibility. I've said that to other reporters who have asked me that directly. We take this whole scenario very seriously.
Again, this does not pose an immediate security threat and I think it's really important to be measured in a response because there is a lot of things happening here in the state and all across the United States of America with this election. There have been increased threats of violence now for several years. We want to be very measured in making sure that we have good information out there,
Warner: And I want to emphasize that you have been the subject of any number of those threats and that indeed the party that helped bring this to the public's attention, the Republican Party from the top of the ticket down, has also spread misinformation about elections and election results. They are asking that there be an independent audit, some kind of review of what happened. Would you welcome that?
Griswold: We are actually already pursuing that. We have no reason to believe, whatsoever, that the partial passwords were posted with malicious intent. With that said, a personnel investigation will be conducted by an outside party to look into the particulars of how this occurred and will continue to address it moving forward.