By Zachary Stieber
Machines being audited may have been compromised, Arizona’s secretary of state alleges.
Arizona’s secretary of state on Thursday warned the state’s largest county not to try to use election machines that are being audited or she would decertify the equipment.
“I have grave concerns regarding the security and integrity of these machines, given that the chain of custody, a critical security tenet, has been compromised and election officials do not know what was done to the machines while under Cyber Ninjas’ control,” Arizona Secretary of State Katie Hobbs, a Democrat, wrote in a letter to Maricopa County officials.
Auditors hired by the Arizona Senate, including Cyber Ninjas, have been reviewing over 2 million ballots cast and 385 tabulators used in the 2020 election, along with other materials.
Auditors have said they’re following strict forensics protocols.
“We don’t turn on a system if it’s delivered to us in a powered-off state. We remove the hard drives, we perform forensics imaging with write blocks to prevent any changes to those hard drives, and we produce a bit for bit forensics copy of that particular drive,” Ben Cotton, founder of CyFIR, the company leading the technology component of the audit, told Arizona senators in a meeting this week.
Ken Bennett, the former Republican Arizona secretary of state who is serving as the liaison for the state Senate for the audit, added that immediately upon receiving the machines on April 21, the equipment and ballots were placed into locked cages and have been under armed guard the entire time since.
“We have not had any breaches of the cages where the ballots or the machines have been kept,” he said.
But Hobbs alleged that it is unclear what security procedures, if any, were put into place to secure the machines.
“Indeed, our expert observers, as well as multiple news reports, have noted troubling security lapses. And Cyber Ninjas has failed to provide full transparency into what they did with the equipment,” she wrote to Maricopa County officials.
“The lack of physical security and transparency means we cannot be certain who accessed the voting equipment and what might have been done to them,” she added.
There are no comprehensive methods to fully rehabilitate compromised equipment, meaning the county “should acquire new machines to ensure secure and accurate elections” moving forward, Hobbs said.
If the county chooses to re-deploy the subpoenaed equipment for use in future elections, Hobbs’ office may consider moving to decertify it.
Before the audit started, Arizona Republican Senate President Karen Fann signed a document that provided indemnification to Maricopa County against third-party claims of any damages occurring to materials the county gave over to auditors.
Representatives for the audit team, Arizona Senate Republicans, and Maricopa County did not immediately return overnight requests for comment.
A county Elections Department spokesperson told news outlets that the department was “working with our attorneys on next steps, costs and what will be needed to ensure only certified equipment is used in Maricopa County.”
“We will not use any of the returned tabulation equipment unless the county, state and vendor are confident that there is no malicious hardware or software installed on the devices,” the county added.
The county is reviewing Hobbs’ letter, a county spokesperson also said.
Maricopa County’s Board of Supervisors in June of 2019 approved a three-year contract to lease election equipment from Dominion Voting Systems through July 2022. The contract was worth $6.1 million.
According to Hobbs, her concerns don’t involve the Dominion voting system, which remains certified for use in Arizona, nor any election equipment that was not turned over to auditors.