Voting system breaches raise concerns for midterms
Authorities are investigating whether rogue election workers are involved.
ATLANTA — Sensitive voting system passwords posted online. Copies of confidential voting software available for download. Ballot-counting machines inspected by people not supposed to have access.
The list of suspected security breaches at local election offices since the 2020 election keeps growing, with investigations underway in at least three states — Colorado, Georgia and Michigan.
The stakes appeared to rise last week with the news of a federal investigation involving a prominent loyalist to former President Trump who has been promoting voting machine conspiracy theories across the country.
Though much remains unknown about the investigations, one of the most pressing questions is what the breaches could mean for the security of voting machines in the midterm elections, less than two months away.
Election security experts say the breaches by themselves have not necessarily increased threats to the November voting. Election officials already assume hostile foreign governments might have the sensitive data, so they take precautions to protect their voting systems.
The more immediate concern is the possibility that rogue election workers, including those sympathetic to the lie that the 2020 presidential election was stolen from Trump, might use their access to election equipment and the knowledge gained through the breaches to launch attacks from within. Such attacks could be used to give their candidates or party an advantage, or to introduce system problems that would sow further distrust in election results.
In some of the suspected security breaches, authorities are investigating whether local officials provided unauthorized access to people who copied software and hard drive data, and in several cases shared it publicly.
After the Georgia breach, a group of election security experts said the unauthorized copying and sharing of election data from rural Coffee County presented “serious threats” to the November election. They urged the state election board to replace the touchscreen devices used throughout the state and use only handmarked paper ballots.
Harri Hursti, a leading expert in voting security, is concerned about another possibility: Access to the voting equipment data or software could be used to develop a realistic-looking video in which someone falsely claims to have manipulated a voting system, he said.
Such a video posted online or to social media on or after election day could create chaos for election officials and prompt voters to challenge the accuracy of the results.
“If you have those rogue images, now you can start manufacturing false, compelling evidence — false evidence of wrongdoing that never happened,” Hursti said. “You can start creating very compelling imaginary evidence.”
There is no evidence to date that voting machines have been manipulated, either during the 2020 election or in this year’s primaries. But conspiracy theories widely promoted among some conservatives have raised concerns that the machines could be targeted by people working at election offices or polling places, and have led to calls for replacing the machines with hand-marked and handcounted ballots.
The suspected breaches appear to have been orchestrated or encouraged by people who falsely claim the 2020 election was stolen from Trump. In several cases, employees of local election offices or election boards gave access to voting systems to people who were not authorized to have it. The incidents became public after the voting system passwords for Mesa County, Colo., were posted online, prompting a local investigation and a successful effort to prevent the county clerk from overseeing elections.
MyPillow Chief Executive Mike Lindell, who has organized or attended forums around the U.S. peddling conspiracy theories about voting machines, said last week that he had received a subpoena from a federal grand jury investigating the Colorado breach, and had been ordered to hand over his cellphone to FBI agents who approached him at a fast-food restaurant in Minnesota.
“And they told me not to tell anybody,” Lindell said in a video afterward. “OK, I won’t. But I am.”
Lindell and others have been traveling the country over the last year, holding events where attendees are told that voting machines have been corrupted, that officials are “selected” rather than elected and that widespread fraud cost Trump the 2020 election.
Lindell said FBI agents had questioned him about the Colorado breach and Dominion Voting Systems. Dominion provides voting equipment used in about 30 states, and its machines were targeted in the Colorado, Georgia and Michigan breaches.
Lindell said that when agents asked why he had been flying from state to state, he told them: “I’m going to attorney generals and politicians, and I’m trying to get them to get rid of these voting machines in our country.”
The Justice Department did not respond when asked for details about its investigation.
Dominion has sued Lindell and others, accusing them of defamation. In a statement last week, the company said it would not comment about ongoing investigations, but that its systems were secure. It noted that no credible evidence had been provided to show that its machines “did anything other than count votes accurately and reliably in all states.”
The scope of the federal grand jury investigation in Colorado isn’t known, but local authorities have charged Mesa County Clerk Tina Peters in what they described as a “deceptive scheme which was designed to influence public servants, breach security protocols, exceed permissible access to voting equipment and set in motion the eventual distribution of confidential information to unauthorized people.”
Peters has pleaded not guilty, and has said it was within her authority to investigate concerns that the voting equipment had been manipulated. She has appeared at numerous events with Lindell over the last year, including his August 2021 “cybersymposium” in which a digital copy of Mesa County’s election management system was distributed.
David Becker, a former Justice Department attorney who now leads the nonprofit Center for Election Innovation and Research, notes the irony that those raising the loudest alarms about voting equipment have been involved in allegations of breaching the same systems.
“The people who have been attacking the integrity of elections are destroying the actual integrity of elections,” he said.
‘The people who have been attacking the integrity of elections are destroying the actual integrity of elections.’
— DAVID BECKER, Center for Election Innovation and Research