Newsletter
All
Home All 50 US States All USA Updates Minute by Minute Investigator determines that Colorado voting system passwords were not purposefully revealed online.

Investigator determines that Colorado voting system passwords were not purposefully revealed online.

@USLive
-
0

DENVER — An investigation into a Colorado voting system password leak concluded that a “series of inadvertent and unforeseen events” led to the passwords being made public on the Secretary of State’s website. The investigation, conducted by an external attorney, did not find any deliberate misconduct by Secretary of State Jena Griswold or her team, but it did highlight two policy breaches.

In a report released on Sunday, attorney Beth Doherty Quinn recommended that the office implement more stringent document reviews before any materials are published online. Additionally, she suggested enhancing the security measures surrounding password management to prevent future occurrences. The incident took place when a spreadsheet, which included passwords—some of which may still have been active—was inadvertently shared on June 21. This spreadsheet featured hidden tabs that contained sensitive information about county voting systems, an update from a previously posted PDF that could not be edited. The hidden tabs were uncovered on October 24.

According to Griswold’s spokesperson, Jack Todd, the passwords were part of two necessary credentials for accessing components of Colorado’s voting systems, although Griswold asserted that this did not pose a security risk. Notably, the sections containing passwords originated from files maintained by a former employee, and the staff who uploaded the document were unaware that the software had a feature allowing for tabs to be hidden.

Doherty Quinn’s report indicated that the overwhelming majority of evidence suggested the passwords were published “mistakenly, unknowingly, and unintentionally,” as those involved did not know about the existence of the hidden worksheets. She advised the office to adopt a password management system, specifically a “password safe,” and to create a checklist to verify that all necessary reviews are conducted prior to uploading anything to the website. This checklist should include checks for hidden tabs and the removal of any metadata that could expose additional sensitive information.

Subscribe Personal Site
Newsletter
Follow us
Place an Ad
Media Kit: Why USLive?
Site Map
About us
Contact
USLive Careers

Copyright @2024 | USLive | Terms of Service | Privacy Policy | CA Notice of Collection |  [privacy-do-not-sell-link]