Senate President Fann called for an update meeting on the audit of the Maricopa County Election
- It starts at 10 AM, Thursday, July 15
- This will be a running, live update of what is said.
- Read more...
Senate Hearing on the Election Audit in Maricopa
The hearing will start at 10 AM, MST.
Here's who will be in attendance:
- Senator Karen Fann, Senate President
- Senator Warren Petersen, Chairman, Senate Committee on Judiciary
- Ken Bennett, Senate Liaison
- Doug Logan, Cyber Ninjas
- Ben Cotton, CyFIR
There will be no public testimony.
Opening, by Karen Fann:
Fann states that they're learning a lot.
"We need to have some answers, and where we're going from here."
Intros first: Doug Logan.
Next: Ken Bennett.
Finally, Ben Cotton.
Fann asks: Where we've been, where we're going, what we need to finish.
She notes that they have not received all the Maricopa subpoena items still.
Doug Logan shows a video of what they've done so far.
Background checks were done, social media reviews.
We wanted everyone in the building to be beyond reproach.
This is not about Trump, it has never been about Trump. We must have faith in our election integrity.
Are we following the rules? Are we doing everything we possibly can to ensure election integrity?
Ken Bennett: Volunteered his time free of charge.
He thanks several others for their assistance.
Received ballots and equipment on April 21,22. Compliments Maricopa County on the professional handover.
1691 boxes - mostly boxes. They checked every box.
26 mis-marked boxes. 8 boxes not listed on the manifest, some that were on the manifest, but were not there.
A couple of boxes had some counterslips, to fill the box in case it ends up on the bottom.
Found some personal identifiable information.
Went from 1691 boxes in beginning to 1711 boxes.
EMS= Election Management System
24/7 live stream on ballots and equipment. Continuous and complete chain of custody on every box and every machine during the entire time.
Every time a box moved, two people signed for it.
Most boxes were sealed with regular packing tape. They intend to re-seal the boxes, with tamper evident tape and a numbered seal on every box.
They subpoenaed, but it has not been provided, the chain of custody from Maricopa County. They must be documented with a written log, according to State Law.
Must implement reasonable security measures for ballot on demand. But, the chain of custody has not been received from Maricopa County.
Their response, "We've provided what we're going to provide."
In many of the boxes, they found very little batch sheets.
10,341 batches - mostly around 200. 20 batches that were only 1 ballot. Some batches had 1000 ballots.
Maricopa had 171 voting centers.
They did find some cut seals in the boxes from the bags at the voting centers.
2,089,263 ballots processed. 168,000 ballots processed at the polling locations.
Some of the pink sheets had several discrepancies. But there are blue sheets that have additional information.
They have not been given the blue sheets by Maricopa County, but they were able to get the blue sheets from another source.
Much of this may stem from standard procedure, where they know that audits were not likely to occur.
Need to beef up how things are documented and stored. "I can find no election procedures manual directions on this."
Duplicate ballots - almost one whole pallet with damaged ballots. If a ballot is damaged and sent to duplication there are specific procedures that should take place. They found 1000s of duplicate ballots without serial numbers, making it difficult to match. Others, the serial numbers created difficulties in matching duplicates.
Fann: If the corresponding numbers are not on there, how would you know if the duplicate was created once or ten times?
Bennett: You wouldn't.
Ben Cotton: We have completed the forensics acquisition of all items received from County. There were zero changes to any of the digital devices we received.
They ensured the chain of command for each device.
None of the data was changed. They used a bit for bit copy.
This is like a digital fingerprint of the data.
They maintained one copy of the digital evidence. They created examination copies that they used.
Not a single bit of data was ever changed on any device that came into his possession.
None of the devices were damaged or changed so that they cannot be used again.
If there were any changes to the devices, it had to occur when they were in the possession of Maricopa County.
Fann asks why Hobbs said she will not allow Maricopa County to re-use these machines. Her point is that the machines must be calibrated, verified and certified before and after each election anyway.
Cotton points out that the statement that they must replace the machines, is at odds with former statements from Maricopy county.
County EMS server
Physical devices correlating to the EMS function, adjudication function
11 hard drives with cloned images (they did not use a forensically secure process, dates and times were altered by cloning process.)
Forensic copy created of each of the devices.
Conducted keyword searching, looking for Internet connections, malware, other connections, live memory analysis.
Router configuration files
They agreed to provide the information, but they didn't
They agreed to a compromise solution, but the County refused
Significance: Critically important to substantiate information they are seeing.
A number of things they know as a fact that they need to validate.
An element was compromised during the 2020 election. The registration server had unauthorized access, a breach.
The County issued a letter to some voters, acknowledging there was a breach.
There are severe cyber-security problems with the way the cyber security system and network was maintained.
The systems were not patched or up-to-date for security anti-virus. The last time they were updated is august 2019. No operating system updates since August 2019.
This created a tremendous vulnerability.
There would be no difficulty to obtain system-level access.
The vulnerabilities on these systems would take an average script expert about 10 minutes to breach.
Cotton states that the concerns stated for security from Maricopa County in turning over the router are not legitimate.
In a router, you have an address for each packet of data - where it's going, and where it's from.
You will not see sensitive data such as driver's license, name, etc.
Fann asks why the Maricopa Sheriff's office would use the same router as the election router.
What they've told the public is drastically different from the reality.
Also not received: Splunk logs (sp?), passwords or tokens.
Windows security only goes back to February 5, 2021.
Security log set to maintain 20 MB (or GB???) of data.
March 26: 37K+ queries on a system for a blank password that only contained 8 accounts. Obviously a script. But where did the script come from?
They need passwords and tokens for Dominion machines.
They are seeking a validation of whether or not it is safe to vote.
The Maricopa County officials cannot independently verify their machines.
Petersen: We want to ensure that the State/County have a higher level of access to the data than a 3rd party contractor.
Cotton would surmise that a full cyber-security audit was not part of the Maricopa county audit that they did themselves.
They all apparently shared the same password, and was not changed since August 2019.
We cannot attribute the access to any particular person.
They did not receive the fob, and apparently only Dominion has the fobs.
Logan - Hand Counted Ballots
They have not been able to ask questions of Maricopa County.
Some of the delay is because the duplicate ballots cannot be matched to originals.
Paper examinations: Utilized artifact detection.
Door to door - they are highly recommending that the canvassing be done.
There are 74,000+ ballots where there are no clear records of them being sent out to them.
11,326 that did not show up on the November 7th version of the file, but they did show up on voter roles in December. These ballots were cast.
3,981 voted in the election, but were registered after October 15th.
18K + voted, and were removed shortly after the election.
Envelopes: Affadavit that stated that signature comparison standards were reduced.
Maricopa County has not provided envelope images. Bennett recommends that these envelopes be re-subpoenaed.
What do they need to provide a complete and final report in addition to what they have:
- Splunk Logs
- Backup copy of database of voter rolls.
- Chain of custody
- Are there systems related to the duplication of ballots? They need a copy of those.
- Reports associated with the breach
- All portable media, external harddrives containing election data
- Network diagram to show how the Sheriff's office and election data are on the same router
- Maricopa County policies and procedures
- Blue sheets - tabulation logs
- Records of all mailed out ballots
- Records of all files duplicated
- Total number of ballots sent out
Petersen: Closing Statements
It is unfortunate that the county has been recalcitrant. It makes it harder, slows things down, would like to get everything they need to finish the audit.
If we don't get the information needed, it could result in an incomplete result.
The appearance is that administration resides with a 3rd party.
At no time have they ever implied or inferred that there was any deliberate mis-doings
Voters deserve to know how the election system works
If it's Maricopa Electoral System, you would think that they would want to get the answers
These are rough notes - do watch the video yourselves!