Irrefutable testimony from the Arizona Senate audit team debunks the left’s “big lie”. Arizona senators have been vindicated in their search for information on the 2020 election.  Senate President Karen Fann and Senator Warren Petersen, Chairman of the Senate Committee on Judiciary presided over a hearing today on the progress of the unprecedented full forensic audit of the Maricopa county election. Cyber Ninjas CEO, Doug Logan who led the audit, and Ben Cotton, founder of CyFIR, testified about some of their findings. Ken Bennett, Senate Liaison for the audit, was also present. Fann opened with remarks, stating the “audit was not easy and has been a national, if not international event.”

The Senate audit was not about merely counting ballots. Over 1500 people were involved from all over the country and about 1100 of them were volunteers, according to Fann’s opening remarks. The independent auditors painstakingly combed through upwards of 2.1 million ballots. An audit with this level of detail has never been performed. The hearing opened with a detailed video accounting of the caution and care with which the audit was performed.

The Senate audit was

“a bipartisan effort with the intent to provide feedback to [voters] to enable them to get better in their election process or to provide findings to the Arizona Senate to enable them to create measures that would ensure that in the future that the residents of Arizona could have confidence in the election process.

To date, issues were found with the storage and labeling of ballots, record keeping, failure to do security updates, failure to provide system logs to the auditors, and a breach of public server with unauthorized access. It is now undeniably true that county officials failed to follow a myriad of rules regarding the proper conduct of free and fair elections. Unfortunately, the Maricopa County Board of Supervisors (MCBOS) has yet to deliver routers, passwords, and hardware keys previously subpoenaed by the Arizona State Senate.

Bennett and Logan discussed specifics in the hearing. Highlights of their testimony were issues with chain of custody, ballot counting, and security issues. They also discussed the materials received and procedures for ensuring a secure audit. Beginning on April 21 the following materials were received:

  • Once auditors received material, 1691 boxes of “mostly ballots” were received on 46 pallets.
  • They ended with 1711 boxes on 47 pallets,
  • 26 mis-marked boxes,
  • 8 boxes on the pallets that were not on the manifest and a “couple of boxes on manifests that were not present,”
  • Two boxes had data cards, hard drives, and fobs, all of which were transferred to Ben Cotton of CyFIR for data analysis,
  • Boxes that had personally identifiable information (PII) interspersed with “spoiled ballots” were separated and secured immediately—those created another 16 new boxes.
  • All other materials were put back exactly as found with security tape on them,
  • Some boxes were received with regular packing tape and broken seals,
  • 9 high-volume scanner machines were received,
  • 20 adjudication stations were received,
  • EMS (election management system) workstation and EMS servers along with some miscellaneous equipment were also received,
  • 385 precinct tabulators were received on racks and each were identified and recorded by serial number,
  • 24/7 Livestream cameras (two petabytes worth by the end) and strict chain of custody within view of a camera with a paper trail and two or more people of different political parties every time something was moved,

Bennett explained that there were significant issues with ballot batches being properly identified on the outside of the boxes. “Mostly from the voting centers” he continued, “There were around 1000 in a batch in some boxes.. and you would see a batch number on some…[but not others]…some had cut seals.” Often, batch counts were not matching or were poorly documented.

Poor Documentation of Ballots

Bennett added that “2,089,0563 were processed in total. 1.9 million ballots were processed through the mail at central count and about 168,000 were processed at the 171 polling locations.” In many cases, the pink sheets associated with the ballots were not properly documented or they were stuffed down the sides of the boxes. Via FOIA requests, they obtained blue sheets in some cases that helped explain some of the discrepancies. They were not aware of the use of blue sheets prior to the audit, and did not receive blue sheets from Maricopa officials.

Bennett also mentioned that it was difficult throughout the process to get the Maricopa County Board of Supervisors (MCBOS) to cooperate with record requests, evidenced by the need to use third parties to request public records to access the blue sheets, and other challenges. Bennett stated that while violations of the law may not have taken place with regard to record-keeping, he recommended changes in “directives or state law that says you have to put ballots in the boxes in a specific way” with the proper identification and documentation on the pink sheets.

Notably, there was also a discussion of the ballot paper which should not allow bleed-through. A “Just the Facts” flier was sent out in June of 2021 by the Maricopa Elections Department. The flier showed details on the ballots used, the paper used, the importance of ballot alignment and other critical details of elections to reassure the voters of Arizona about the security of their election.

The auditors noticed significant differences in the thickness of the paper in many instances. VoteSecure paper is usually used in elections and has a certain coating and characteristic thickness.  Bleed-through is an incredibly important kinematic artifact because it can skew votes (ballot offsets), resulting in voters not voting for their intended candidate.

There were ballot offsets in 168,000 on-demand, election day ballots due to poorly aligned printing issues. Logan stated that more work needs to be done to find out what printers caused those offsets and where those ballots were printed. Ballots were calibrated so poorly, in some cases they were 3200 percent off the mark.

Ballot Offsets/Exhibit from Hearing

Maricopa County specifically had indicated that they were using  “VoteSecure” paper. As previously mentioned, the special paper is designed to prevent problems with calibration and bleed-through. Logan explained, “This is an indication of problems that could cause an overvote situation or cause votes to be cast for a different candidate than intended.” As a reminder, Petersen remarked that “sharpie-gate” happened in Maricopa and “the Maricopa elections people came back and said that bleed-through ‘would not have affected other votes’.

Mail-In Votes, Illegal Late Registrations and Voters Who Magically Appear

There were 74,243 more ballots received than sent out—with no records attached. “Why don’t the numbers between those sent out and those received not match?”, Logan wondered.

Additionally, 11,326 people didn’t show up in election files on November 7 but suddenly appeared on December 4, and it was recorded that they had voted in the 2020 election

3,981 voters were registered after October 15 who voted. It was decided in court that voters registered after that date would not be able to vote.

18,000 voters who voted were shown to have been removed right after the election. Documentation is needed on those voters and canvassing would help, according to Logan.

Signatures Were Not Properly Verified Over Time

Due to the large volume of mail-in ballots, Logan explained that “standards for verifying signatures degraded over time.” The signature verification process went from 20-point verification method to 10-point and, finally, to not verifying at all.”

UncoverDC spoke with Rep Mark Finchem on Thursday:

“One of the best safeguards to prevent fraud is the validation of voter signatures. If that is removed from the system, then there is no way to stop fraudulent votes. It nullifies legitimate votes. I will be calling on colleagues to stop using electronic tabulation as a primary means of processing ballots. Hand tabulation using electronic verification after the vote is counted will be a must in the future.” 

Finchem added, “It is no longer incumbent upon us to prove this election was clean. It is incumbent upon the Maricopa County Board of Elections to prove it wasn’t. If the logs are what contain the records of intrusion and they refuse to give them up, we must assume those machines were compromised. This election in Arizona is a steaming garbage heap with the limited information we saw in the hearing today.”

Thousands of Duplicate Ballots With No Matching Serial Numbers

Duplicate ballots were not handled according to procedures in many cases. The end result of the poor documentation, Bennett explained, is that “You wouldn’t know which ballot was which. There is no way to know that votes are reflected properly.” Bennett further explained:

“There is a very specific process in election procedures manual…for duplicating ballots…which says that they are to record an identical serial number on both the original and duplicate ballot including spoiled duplicates. This ties the ballots together and creates a paper trail as required by statute. We found, I would have to say, thousands of duplicate ballots where those serial numbers are not on them and so it creates a great difficulty to try to match up a duplicated ballot to its duplicate.”

Later in the hearing, Logan showed images of instances of the poor attention to serialization:

Poor Documentation with Duplicate Ballots

Cotton, who handled the forensic data end of the audit, spoke extensively about his concerns with regard to egregiously poor security measures. He assured all present that “not a single bit of data was ever changed once it came into our possession.

Safe Guards on Data Side of Audit

  • He made sure that everyone knew that there were “zero changes to original media or devices.” There was total preservation of the data reviewed.
  • Carefully documented all serial numbers, preventing “digital chain of custody…and [precisely] preserving digital fingerprint of the evidence as acquired.”
  • Digital copies are now preserved as primary evidence in U.S. government GSA-approved safe.
  • “Not a single bit of data was ever changed once it came into their possession,” said Cotton.

Cotton’s security concerns with regard to the election are as follows:

  • Keyword searches were performed, “looking for Internet connections, looking for anomalous or unauthorized connections into the system.
  • Searches for malware were also conducted.
  • They have yet to receive the promised, subpoenaed router configuration files.
  • They have not yet received the promised subpoenaed router data.
  • SPLUNK data has not been provided. They need that data for 90 days prior to the election and 60 days after.
  • There was a public statement by Maricopa County as well as legal action and law enforcement action surrounding a particular incident with the registration server that was public-facing that did have unauthorized access. There was speculation that the unauthorized access may have to do with this FBI investigation.

Cotton stated that it is “a matter of fact that the public element record of the election was breached…The public-facing registration server had unauthorized cybersecurity breaches.”

  • No antivirus updates or system security patches have ever been performed since the installation of the software by Dominion in August of 2019.
  • No operating updates or patches have ever been applied.
  • Additionally, in March 37,646 queries hit the system for a “blank password on a system that only contained 8 accounts,” according to Cotton.

Cotton explained that “clearly, there was a script executed by an EMS admin.” He has no idea where that script came from. That is why he needs the router logs and Splunk data. The system works on a FIFO basis, first in first out. This is a critical point because once the system hits 20 megabytes of information, the older information is deleted. Therefore, as Petersen summarized, those 37,646 queries churned the data deleting the older data. As a result, the available data is only goes back to February of 2021.

Cotton explained that the audit team “does not have data from the window of time between election day and February of 2021” because of those queries.

Notably, as known from previous discussions, the county does not have access to admin passwords. Only Dominion has access. CyFIR still needs admin passwords and hardware fobs. Cotton explained:

“If you as a county cannot validate independent of the vendor then how do you validate an election system that it is safe to vote? I would suggest, based on evidence Maricopa County does not have the ability to verify EMS configuration independent of Dominion officials.”

Passwords

According to Cotton, there were shared passwords or “commonality of passwords, no matter the name. Passwords appear to have been established in August of 2019 and none appear to have been changed…Shared passwords mean you cannot attribute user actions back to an individual” making it impossible to identify and hold accountable those who have access to the voting system.

“Accountability is out the window and we still do not have the authentication fobs for the tabulators,” he continued. However, he mentioned they were able to recover the passwords for the tabulators.

Abnormal Windows Behavior Found

Normal Microsoft Windows behavior authenticates the user. Windows logs the user name requesting action, IP address and the hostname of originating client. All of this is identified in a certain order or pattern. Cotton found anonymous logins that did not follow that pattern of behavior and he has no way to validate what that behavior means without the missing subpoenaed materials.

The Maricopa County Board of Supervisors (MCBOS) has yet to deliver routers, passwords, and hardware keys previously subpoenaed by the Arizona State Senate.

Senate Majority Whip Sonny Borelli is understandably frustrated with the lack of cooperation. He says “this obstruction and defiance needs to stop.” His interview with Gail Golec shortly after the audit can be found below:

As Petersen stated toward the end of the 2-hour hearing:

“It will either be an incomplete forensic audit with the findings and the things that we’ve got so far or it will be incomplete if we don’t have those items…we do need to have this information and answer these questions so that we can make sure that the voters of Arizona have solid answers as to how our election systems work…the check and balances to know that they have a safe and secure ballot.”

It is perplexing to many to witness the lack of cooperation from Maricopa County with regard to ensuring a secure, fair election for its voters. Senate President Karen Fann reminded Maricopa County that they did indeed “agree to a forensic audit and, according to the FEC, there are no ‘certified auditors.'”