A summary of yesterday’s AZ Senate meeting on the 2020 audit.
by Wendy Strauch Mahoney
Arizona Senate President Karen Fann had hoped the Maricopa County Board of Supervisors (BOS) would show up to the voluntary meeting she called yesterday to ensure the Senate and the people of Arizona adequately understand and “feel confident about how the election process works” concerning the 2020 election. It has been a costly and contentious battle between the Senate and the BOS since December. Fann disclosed that she is “disappointed and saddened by the hurtful comments” that were made yesterday by the BOS, “some of whom are friends.”
“It has caused nothing but delays, delays, delays,” said Fann, “Every time we have asked them to please work with us on this, we have received nothing but push-back—to the point where they don’t even want to answer our simplest questions. This is frustrating, but we will get this. This is our job. We owe it to our constituents to get their questions answered.”
The May 18 meeting followed on the heels of Tuesday’s Board of Supervisors’ emergency session. After which, two letters were issued responding to a letter sent by Fann on May 12— although the May 18 meeting had been requested before the BOS had decided to call an emergency session. The emergency session and letters were covered in an UncoverDC article on Tuesday.
Present for Wednesday’s special meeting were Senate President Fann; Warren Petersen, chairman of the Senate Judiciary Committee; Ken Bennett, who was a former Secretary of State and is now Fann’s selection for liaison for the forensic audit; and two experts—Cyber Ninjas’ CEO Doug Logan, and Ben Cotton, the founder of CyFIR.
Several important issues were clarified in the meeting—one of them pertained to how this audit is different from the audits already performed there. Logan explained that the first audit was primarily a review of the version of software on the voting equipment that was the one actually in use during the election. He said that they ran some “off-the-shelf software” to detect whether there was malware on the machines, and they ran logic and accuracy testing on sample ballots.
Logan explained, “At no point in any of those audits did they take a look at actual ballots, run those ballots through the system, and do actual counting of it to validate the results.” Logan added that the audit being conducted now is “focused specifically on the results—are the results exactly as they came through, the way they were cast? And does it go all the way through the system that way?” Logan also clarified that the issue with the blue pens was immediately rectified, and there were never any ballots on the floor while the blue pens were present.
Ken Bennett spoke about the chain of custody issue. He was present for the hand-off of all 2.1 million ballots on April 21 and 22. However, he clarified that the chain of custody questions posed in Fann’s letter pertained not to the hand-off in April but the paperwork and procedures having to do with the period between the election and April 21. Counties do not all perform chain-of-custody procedures exactly the same way, although there are statutes and guidelines in place for the state.
Bennett also addressed the issue of routers. About a week before the machines were to be delivered, he contacted the Deputy County Attorney to offer a contractor who could travel to the location where the routers were stored and look at them on location “while they were still installed and in place at the Maricopa County Tabulation and Election Center (MCTEC).” Bennett relayed that LaRue called him the next day to tell him that the equipment had already been removed and had “been replaced at great expense to the county and that all of that would be delivered on a palette with the rest of the equipment on April 21st.” On April 21st, LaRue decided not to deliver it and told Bennett he would receive only virtual access. Within a few days, that offer was also rescinded “because the routers in MCTEC were somehow connected to the Sheriff’s department and other county departments and that if they gave them to us or even virtual access, social security numbers and county health records would be at risk.” They were also promised detailed logs of network activity, called Splunk Logs. No access was granted.
Cotton, who has testified before Congress on high-level cybersecurity issues, explained the function of routers. “It is the carrier that delivers the envelope (or packets) to the correct mailbox.” The “PII [personally identifiable information] and Maricopa County resident data should not be present on the routers.” He said the assertion that the data would be compromised is confusing at best and an “inaccurate” characterization of what would be on those routers. There have been “statements by the county that these election systems don’t actually touch the internet, therefore, the extension of that would be that they do not touch the county network because that’s exposed to the internet. And to say that the data corresponding to these networks would somehow compromise law enforcement activity, or PII data seems incongruous to the previous statements.”
Cotton added that if you take the BOS letter at face value, it would follow that “election data had to be exposed to the internet… and is something we need to explore, given the inconsistencies in these statements.” CyFIR is routinely entrusted with highly sensitive data with large private and government entities at the highest level, according to Cotton.
Logan spoke about some of the exhibits from the BOS letter regarding record keeping with the duplicate ballots. He gave examples of how the specific exhibited explanations offered on Tuesday do not measure up to their understanding of how those ballots should be recorded. The box counts are still off, according to Logan, and he still doesn’t understand why.
Bennett added that serial numbers on duplicate ballots also do not match original ballots in many cases, “batch after batch after batch of duplicate ballots…do not match up one for one.”
Bennett explained that the duplicate should be a “true duplicate copy in every way.”Bennett also recounted that Maricopa county officials have said repeatedly on the phone and in emails “that they will not interact directly with the auditors, which is very unfortunate because the auditors can’t pose these questions directly to the county.” This serial number issue was discovered only “a few days ago,” Bennett added.
Logan was satisfied with how Maricopa County answered the questions about the seals and the bags of ballots. He was expecting that the ballots would be delivered to him sealed. However, according to Bennett, ballot batches need to be delineated and organized better than how they are now. Logan explained that consistent recordkeeping for a detailed audit like the one being performed in Maricopa County is critical. With the current procedures, it is very difficult to match batches of ballots with the ballots provided—a problem if accuracy is the goal of the audit.
Part of Cotton’s purview is the configuration of the tabulators. He has questions about the configuration and capabilities of the tabulators because he is missing admin passwords. It is difficult to determine those configurations without access to admin passwords.
Maricopa County employs two full-time contractors from Dominion Voting Systems who have access to that information, according to Cotton. Cotton wants to understand whether Verizon wireless cards are inside the tabulators but hasn’t been able to verify that with the county. Cotton questioned why Maricopa County does not have control over their equipment when it comes to “preparing for their own election” and “cannot validate their own systems” because they have no access to the passwords. The meeting clarified that the passwords requested do not give access to the source code. Cotton said it would only take about two days to examine the equipment if provided with the admin passwords.
With regard to the deleted database, Cotton’s findings contradicted the answers in the BOS response letter. He stated he did, in fact, find that a database directory was deleted, but he has since been able to recover those files.
Security was discussed in the meeting and Bennett made it clear that security is extremely tight. The ballots are in locked cages, secured by guards, with 24-hour live-streaming security cameras. The only breach was a person from the press who was later identified as an official observer for Secretary of State, Katie Hobbs.
In her May 18 daily audit check-in, GOP Chair, Kelli Ward, said that Tuesday’s meeting represented “everything that is right with America’s audit.”