Antrim County lawyer Matt DePerno filed a motion for reconsideration on June 9 related to his election integrity lawsuit representing Antrim County, MI resident Bill Bailey. Judge Elsenheimer dismissed the case on May 18 due to lack of standing and because a “citizen does not get to choose his own audit criteria” after DePerno contended that the audit performed was not sufficient given the strong evidence of fraud.

Elsenheimer also refused to allow additional evidence to be entered. DePerno is now appealing to the court for a hearing of the additional evidence he has continued to collect, stating in the brief that the court erred in “failing to consider the amended complaint.”

Motion for Reconsideration/William Bailey v Antrim County/SoS Jocelyn Benson/June 9, 2021

Per reporting as of Friday, DePerno continues to maintain that voting machines were connected to the internet, saying, “We have been lied to…this is fraud. This decertifies the Antrim County election.”

Secretary of State Jocelyn Benson continues to deny there was any fraud in the 2020 election in Michigan. She says the threat against our Democracy “remains chilling.” She says she is “simply doing her job in defending Democracy.

The Gateway Pundit (GP) reported“[T]wo of the major ballot printing shops in the United States certified to print Dominion paper ballot products, Runbeck Election Services in Tempe, Arizona, and the Fort Orange Press in Albany, NY, are both 2021 major donors to the National Association of Secretaries of State (NASS) and the National Association of State Election Directors (NASED).” Jocelyn Benson is currently co-chair of the NASS elections committee.

According to GP, “Dominion Voting Systems, ES&S, and Hart InterCivic, the top election machine vendors in the United States also donated to NASS and NASED. In addition, Smartmatic donated to NASS.”

DePerno has growing additional evidence that allegedly proves there was fraud in the election. He and his client, William Bailey, want to see a full forensic audit of the ballots and machines in Antrim County similar to the one being performed in Maricopa County, Arizona. He contends that the election should be decertified based on the internet connections alone because of the potential vulnerability to hacking and vote switching.

New Affidavits and Evidence

DePerno filed a number of new documents the second week in June. One such affidavit, in his newly filed motion for reconsideration, is captured in Exhibit 6 below. It shows a sworn declaration by the Central Lake Township County Clerk, Judith Kosloski.

Kosloski has served in the position twice—once for two years starting in 2006 and then again in 2012-present. As she states below, the county clerk’s job is to guarantee a safe, legal election. Kosloski noted some irregularities when she was called back in on Nov. 6 to retabulate the votes. Hers was the only county to retabulate, something to this day she does not really understand, per her statement below.

Oddly, the numbers had changed in her county between the tape read on Nov. 3 and the retabulation performed on Nov. 6. She contacted the Board of Canvassers, but no one responded.

Exhibit 6/Kosloski Affidavit/Central Lake Township/DePerno/June 9, 2021

On Nov. 26, a lawyer contacted her asking permission to examine her tabulator and other election equipment. She met with a team of cyber forensics experts on Nov. 27. They found “a discrepancy on the tape of 600+ votes on the Ellsworth School Board contest alone. Ellsworth Township had only six voters eligible to vote on that contest and three exercised their right to vote. Other races had discrepancies of one or two votes between the first and second tape.” The Marijuana Proposal also changed from a “tie vote to winning by one.”

Exhibit 7 in the motion pertains to testimony from digital forensics expert Ben Cotton, the founder of CyFIR, LLC (CyFIR). Per his affidavit, he examined the following:

  • The Antrim County Election Management Server Image;
  • Thirty-eight (38) forensic images of the compact flash cards used in Antrim County during the November 2020 elections that were imaged on 4 December 2020 by a firm named Sullivan and Strickler;
  • One (1) SID-15v-Z37-A1R, commonly known as the Image Cast X (ICX), was used in the November 2020 elections;
  • Two (2) thumb drives that were configured for a precinct using the ES&S DS400 tabulator[s] that were used during the November 2020 election;
  • One ES&S server was used in the November 2020 election.

During his examination, he found evidence of internet “communications to a number of public and private IP addresses.” Alarmingly, he noted the following:

  • An IP address that resolves back to the Ministry of Education Computer Center, 12F, No 106, Sec.2, Hoping E. Rd., Taipei Taiwan 106.
Ben Cotton Affadavit/DePerno Motion for Reconsideration/p.3

He also discussed IP address artifacts and configurations that “definitively identify two things, 1) the device has been actively used for network communications and 2) that this device has communicated to public IP addresses not located in the United States. Further analysis and additional devices would be required to determine the timeframe of these public IP communications.”

With regard to the ESS DS400 devices and thumb drives, he found “a Verizon cellular
wireless communications card installed and that the card was active on powerup, which meant that there is the ability to connect to the public internet on these devices as well.” 

He did not have the entire communications infrastructure for the private network, per his testimony, so he was not able to determine the full extent of communications or remote access. Nor could he determine “which other devices would have been connected to the private network.

There was also only a single password shared for “shared for the EMSADMIN01, EMSADMIN, EMSUSER, ICCUSER01, ICCUSER02, and emsepsuser.” Those passwords had never been changed. Two local administrative accounts had no passwords. He found it “inconceivable that a system would have shared passwords or null passwords and still meet accreditation standards.”

Microsoft SQL Authentication was Set to Authenticate to Windows User Mode, per the exhibit—”a significant breach of sound practice for accessing the Microsoft SQL server.

Ben Cotton/Exhibit 7/SQL/p. 5

The Microsoft SQL database was also found on Dominion Voting Machines in Fulton County, PA., in February.

There were out-of-date virus and security updates.

“None of the operating systems examined had been patched nor the antivirus definition files updated for years. The Antrim EMS operating system was last updated on 04/10/2019. Furthermore, when the operating system was updated on 4/10/2019, the user did not apply the most recent patches, instead used the 10.9.1 patch, which was already 15 patches behind at that point in time. It is important to understand that these patches are critical to fixing vulnerabilities and protecting the system from unauthorized access,” Cotton stated.

Also found was a remote Anonymous logon. The “first occurred on 11/5/2020 at 5:55:56 PM and the second occurred on 11/17/2020 at 5:16:49 PM EST.” Those are significant timestamps because they correlate with the dates the county clerk, Sheryl Guy, and SoS Benson were trying to correct the computer problems found at the time. Cotton noted the following:

Given that this computer was supposed to be on a private network, this is very alarming. One would expect that any network logon if authorized by the accreditation authority, would require specific usernames and passwords to be utilized, not anonymous users. Given the vulnerable state of the operating system and antivirus protections, this apparent unauthorized access is particularly alarming and certainly would not have been authorized on an accredited system.

The March 26 Halderman report validates these findings, according to Cotton. He also notes emphasized the following:

It also validates that the system is in a state such that an unauthorized user can easily bypass the passwords for the system and database to achieve unfettered access to the voting system in a matter of minutes. These manipulations and password bypass methodologies can be performed remotely if the unauthorized user gains access to the system through the private network or the public internet.

Cotton concluded with the failure of Antrim County to “produce all of the voting equipment for digital preservation and analysis.” According to the affidavit, “Antrim County failed to produce the following system components listed on the purchase documents. It is very difficult to determine the impact on the Antrim County election of the irregularities found without the missing components.” The missing items and systems components as listed in the affidavit are pictured below:

Missing Equipment/Cotton Affidavit/DePerno/Exhibit 7

Expert witness Jeffrey Lenberg also submitted additional testimony. UncoverDC reported his finding that modification and manipulation of votes at the tabulator is possible and can go undetected—making it possible to flip votes “of any and all races on the ballot.

He has continued to examine the equipment and logs associated with the 2020 election. He performed a “case study” on Banks Township where he allegedly proves the Election Management System (EMS) had been subverted. He looked at the project files and the errors they produced. He saw a shifting of indexing in the project file, similar to what was discovered in Antrim County, “large enough to move all votes off the ballot.” According to Lenberg, when this happens, it

Nullifies the cast votes and changes the status of each contest to an undervote. An undervote occurs when no vote is cast for the contest or an insufficient number of votes for a multi-vote contest. This kind of shift of the indexes must result in an error at the EMS due to routine error handling in modern software applications. Indeed, all modern programming languages would throw an exception that must be caught and handled by the programmer. In the case of the Antrim County EMS, it does not produce any errors on the EMS because the exception is handled in a fashion to create an undervote and disregard the authentic vote. The subversion intentionally suppresses the errors that would likely occur in order to allow manipulation of the votes without detection.

He found that the EMS had been programmed to suppress error messages. The 39-page affidavit on this subject is technical, but he explains how things seem to have been programmed and manipulated in such a way that “the subversion of the Antrim County EMS actually allowed twelve (12) additional townships compact flashcards to load successfully despite the flawed configuration that resulted in the shifting of votes. These additional townships would have failed to load on the EMS if not for the subversion in the Antrim County EMS system that allowed for the cards to load normally and not trigger any rejection of the cards or errors in the EMS.” 

The townships referenced are captured here per his exhibit 2.

Townships in Michigan/Lenberg/June 9

Lenberg states that the “[T]he Antrim County EMS is capable of generating an error when attempting to load results from corrupt compact flashcards, but did not due to the subversion.”

Lenberg Exhibit 2/Halderman Data

Exhibit 8 shows evidence of ballot abnormalities and ballot calibration errors. A shift of an image in the wrong direction one way or another has the potential to affect the way a vote is recorded. He also commented on the feeding of ballots into the tabulator:

Exhibit 8/Ballot Calibration and Irregularities/Lenberg/DePerno/June 9, 2021

The above does not represent the entirety of the evidence presented in the newest Motion to Reconsider.

A candidate for Secretary of State in Michigan, Kristina Karamo, visited the Arizona audit to examine how they are conducting their audit. She joins multiple other states who have already made the trip.

The current Secretary of State, Jocelyn Benson, still has pinned to her Twitter profile her belief that her state’s “elections were the most secure, accessible and successful in history.”

Meanwhile, she is also promoting the idea that an investigation of the election has been a push to “deceive the public…and spread the #BigLie.” The cartoon below indicates that its author does not seem to understand the difference between a forensic audit and the one already performed in Michigan. Or possibly its author hopes to convince the public of something that isn’t true.

The forensic audit examines ballots and machines with granularity and requires experts in various cyber and materials fields to investigate. A tabulation audit takes a small, randomized sampling of ballots and then compares the tabulation of the ballots with the results of the election. Per Lenberg’s testimony, there is evidence that votes can be switched at the tabulator level and then made to align with the results in the system.