The Denver District Attorney’s office will not file charges against anyone at the Secretary of State’s Office for posting passwords to Colorado’s voting equipment in the hidden tabs of an online spreadsheet, after a seven-week investigation.
The Denver DA looked for evidence of criminal activity on behalf of several DAs around the state who had received citizen complaints about the situation.
Colorado law makes it a felony to “knowingly, arbitrarily or capriciously” post, or cause to be posted, passwords and other sensitive information about election equipment on the internet. However, the DA’s office concluded that the publication happened purely in error. It also noted, “There is no indication that the passwords were published in an effort to influence the outcome of an election.”
The timeline of events in the new report mirror the findings of a private law firm the Secretary of State’s office hired to conduct an outside investigation. That review concluded the situation, while accidental, did violate some state rules around information security.
The spreadsheet with the passwords was created by a former employee of the Secretary of State’s office as part of her responsibility to maintain the state’s Voting System Inventory file. That former employee told investigators she considered the tabs with the passwords like “scratch paper or a notepad” — a place to store information while she was working. She said she’d never bothered to tell her colleagues about the tabs because she didn’t think they were relevant to anyone else’s work.
After that employee left the office, the file was posted online. Inventory lists had previously been uploaded as pdfs, but employees in the elections division decided to keep the document as a spreadsheet this time to make the data more user-friendly.
The staff involved in posting the spreadsheet all told investigators they had no idea about the hidden tabs and agreed with the seriousness of accidentally having the passwords available to the public.
An employee of Clear Ballot, which makes the election equipment used by some Colorado counties, told investigators they initially found the hidden worksheets in July while conducting market research, but did not think anything of it at the time. In October, during an election security training course, he realized that it might be a problem and reported what he’d found to the company’s head of quality control, setting off a flurry of calls to the Secretary of State’s office.
The spreadsheet with the passwords was removed from the website shortly afterward.
The Colorado GOP publicly revealed the situation just days before the election. The Libertarian Party sued the state to try to require it to recount all ballots, but a judge rejected the case. Republicans in Colorado’s legislature have pushed for the state Auditor to conduct a broader investigation into the Secretary of State’s office, however, Democrats have blocked that effort.
