What We Learned From the Maricopa Audit Hearing
After the November 2020 general election, the Arizona State Senate voted to conduct a forensic audit of the election in the state’s largest county, Maricopa. Initially, the Maricopa County Board of Supervisors agreed to cooperate with the Senate but a few weeks later, they refused to provide ballots, tabulation machines, electronic data, and other election-related materials. The Senate issued a subpoena containing a list of items to be turned over for the audit. The County challenged the subpoena, but it was upheld by the Arizona Supreme Court (twice). In April, 2021, the County finally shipped some of the subpoenaed material to Veteran’s Coliseum in Phoenix, and the audit commenced.
Yesterday, in a public hearing, the private companies contracted to perform the audit gave a status update to the Senate. No one knew what to expect. As far as we knew, there would not be a preliminary report of findings, and yet the hearing was scheduled to last two hours. (A video of the hearing can be found here.)
During the hearing, information was provided about obstacles that are preventing the contractors from finishing their work. Much of that has to do with materials that are being withheld by the County. In the process of informing the Senate about these issues, many unofficial findings were made public. What follows is a summary of that information as it was disclosed by individuals involved in the audit.
Ken Bennett serves as the liaison between the Arizona Senate and the audit contractors. According to him, Maricopa County provided a digital file, saying it contained ballot envelope signature images. The audit team says the file contained no images. The parties involved have communicated on this matter but it remains unresolved.
Why it Matters
Ballot envelope signatures are matched electronically with known signatures of voters to verify that a ballot was cast legally. Having envelope images showing signatures is necessary to verify that this task was done correctly.
Bennett also noted that Maricopa County has not provided accounting information or chain of custody documents for unused ballots and ballot stock (paper from which ballots are printed). This is important because unused ballots could be illegally filled out and included in the vote tabulation. Ballot stock paper could be used to print phony ballots.
If a ballot has been damaged, if it is sent electronically (as is the case with military ballots), or if it is a braille ballot, it must be duplicated so it can be electronically tabulated. All ballots that are duplicated are required by state law to have a unique serial number for tracking and verification. Bennett said, “We found thousands of duplicate ballots where serial numbers were not provided.”
Senate President Karen Fann asked, “If there was no serial number on a duplicate ballot, how would we know if it was duplicated one time or ten times?”
Bennett replied, “We wouldn’t know.”
Doug Logan is the CEO of Cyber Ninjas, a firm with expertise in auditing and fraud prevention. In Maricopa County, approximately 2 million ballots were cast. Every ballot was examined using a number of forensic techniques. Logan provided examples of irregularities found when paper ballots were visually inspected.
The image below shows a ballot with printing callibration problems. The plus symbol should line up with crosshair as shown in the top part of the image. On this ballot (in the lower part of the image) the plus symbol is located to the left and above the crosshair. Logan said this ballot had a 1,900 percent offset. In some batches, the average offset was 1,000 percent. The worst case was 3,000 percent.
Why it Matters
Ballots with significant printing offset tend to be rejected by electronic tabulation machines. When a ballot is rejected by a machine, it is usually sent to adjudication where a poll worker determines the intent of the voter. An alarming rise in ballot adjudication occurred during the 2020 election. For that reason, adjudication is now suspected of being used as a tool to nullify voter intent. Some believe that ballots are intentionally being manipulated to cause rejection and adjudication.
Logan said roughly 25,000 original ballots in Maricopa County required duplicates to be made. A spreadsheet is used to track their serial numbers. The image below is taken from one of those spreadsheets. It shows original ballots and their corresponding duplicates grouped together. We would expect to see ballots grouped in pairs of two; one original and one duplicate. But here, we see where two original ballots with the same serial number (indicated in the middle column by DSD) had a single duplicate ballot made from them (indicated in the middle column by DUP). Logan had no plausible explanation as to why a single duplicate would be made from two different ballots or why two different ballots would have the same serial number.
Logan said many ballots had issues with ink bleeding through the paper (as shown in the image below). Bleed-through can cause a ballot to be rejected. The County says its printers use thick “VoteSecure” paper, which limits bleed-through. Cyber Ninjas found many ballots printed on very thin paper stock. Ballots printed the day of the election at voting centers had the worst problems. More than 168,000 ballots were affected.
Logan reported on suspicious numbers found while examining the County’s voter rolls.
- 3,981 people voted in November despite the fact that they registered after the October 15th registration deadline.
- 11,326 people voted who were not found on voters rolls on November 7th, 2020, but were found on voter rolls a month later on Dec 4th.
- 18,000 people voted and were removed from the voter rolls immediately following the election.
- 74,243 mail-in ballots were cast that had no documentation of being mailed out.
According to Logan, voter roll anomalies affected more than 107,000 ballots. The standard approach to addressing voter roll problems is canvassing to verify voter information. The Senate had planned to canvas precincts in Maricopa County, but the Department of Justice said they would interpret such activity as voter intimidation. As a result, canvassing has been put on hold.
Ben Cotton is the CEO of CyFIR, a cybersecurity firm assisting in the audit. Maricopa County claims that auditors may have sabotaged voting machines during the audit. Not wanting to risk using compromised machines, they will not take possession of the ones turned over to auditors. On Wednesday, the Maricopa Board of Supervisors authorized an additional $2.9 million to lease new equipment from Dominion Voting Systems for future elections. Ben Cotton explained that none of this was necessary. Write-block software was used to prevent auditors from changing data or machine configurations. “Not a single bit of data was changed on any machine that was given to us.” The Board of Supervisors was made aware of this at the start of the audit.
A major bone of contention has been the items not provided by the County as required by subpoena. Cotton listed the most important items not yet received.
- Router configuration files
- Router data
- Splunk netflow data
Cotton said the Maricopa Election Management System Windows security event log is restricted by a data limit. It deletes older entries as new ones are made. At present, his team can only view activities dating back to February 5, 2021. Older data was purged on March 11, 2021, when in a single day, 37,646 queries (using blank passwords) were made. Arizona Rep Mark Finchem suspects it may have been done intentionally to hide incriminating data since a large number of new queries would cause older data to be over-written. Cotton said if the splunk logs were made available, he could identify which user(s) made these queries. At present, his team is unable to access data from the November election timeframe.
Cotton noted that the most recent software update to the Maricopa Election Management System was in August of 2019 when the system first went into operation. There have been no security patches, operating system, or antivirus updates since then. By ignoring security updates, the county has made the system vulnerable to hacking. Cotton said it would take a hacker less than ten minutes to gain system-level access.
The county has refused to provide routers used during the election claiming that law enforcement agencies use the same routers and sensitive data would be exposed. Cotton debunked that claim pointing out that routers do not store such data. They retain data related to sending and receiving internet traffic—specifically, IP and MAC addresses. This information is not law-enforcement sensitive, but it could prove embarrassing if it was unauthorized.
Another source of frustration is the County’s refusal to turn over passwords that allow administrative level access to the system. The County claims it does not have administrative access and that Dominion performs all administrative duties. Dominion claims the County does have administrative access. Cotton wondered how Maricopa County could independently verify its system configurations if only Dominion employees had administrative access. His team found that all administrative accounts shared the same password, and that lone password was created on the initial system startup and has not been changed since.
The hearing concluded with a review of seventeen missing items that are needed to complete the audit, many of which have been subpoenaed. The list includes router data, splunk logs, hardware tokens, ballot envelope images, chain of custody documents, and portable media.
Understandably, people are frustrated at the County’s refusal to fully cooperate. Some are calling for immediate arrests. The Senate has a plan, and it takes into consideration public perception—both perception of the Senate itself and perception of the auditors.
The mainstream media has portrayed the audit as a clown show and the auditors as tinfoil hat conspiracy theorists. Anyone watching the hearing would see this characterization as absurd. The auditors displayed professionalism, congeniality, and no hint of partisanship. It’s impossible to overstate the importance of the lack of partisanship by the auditors. The media are trying to convince the public the results of the audit can’t be trusted because the auditors are hacks working for Donald Trump. Ken Bennett, Ben Cotton, and Doug Logan destroyed that narrative by showing objective indifference toward the outcome. Their focus was on obtaining the materials they need to finish the job.
Arizona State Senators have had little to say publicly about the audit, until yesterday. Wendy Rogers came out with her guns blazing, calling for Joe Biden electors to be recalled and a new election to be held.
to turn over, & tens of thousands of unauthorized queries demonstrating how insecure the election was, I call for the Biden electors to be recalled to Arizona & a new election must be conducted. Arizona’s electors must not be awarded fraudulently & we need to get this right.
— Wendy Rogers (@WendyRogersAZ) July 15, 2021
Senator Kelly Townsend was at first willing to give the Board of Supervisors more time to cooperate, but after reading their statement following the hearing, she called for the state Attorney General to launch an investigation.
Upon seeing this, it is very clear they have no intention in cooperating with the Senate. Therefore, I am asking @GeneralBrnovich to open an investigation immediately to look at the adjudicated ballots and missing serial numbers, among many other things. pic.twitter.com/qMIbVq7fc3
— Senator Kelly Townsend (@AZKellyT) July 15, 2021
Arizona Senator Sonny Borrelli made these comments after the hearing.
It appears as though we’re watching a good-cop, bad-cop movie. Members of the Senate are pushing for aggressive action, including a new election, and prosecution of those involved. Meet the bad cops.
Karen Fann is playing the good cop. She’s exceedingly gracious, always dismissing calls for more aggressive action. The media have tried to paint her as a boot-licking Trump sycophant, but her deference makes these accusations melt like provolone cheese in the Arizona sun. Fann must make sure the audit is conducted in a manner that is above reproach and without partisanship. She’s doing that, and it’s why many Trump supporters find her insufferable. It’s also why, at some point, many Democrats may find her believable. Fann’s goal is to make the audit creditable to as many people as possible. That won’t happen if she’s creaming for people to be locked up.
I think we can now guess how the movie will end. Senator Borrelli tipped his hand in this interview.
This afternoon, Senator Kelly Townsend made her views a little more clear.
Important note, it doesn’t matter whether you agreed or not. You need to comply or be indicted. A.R.S. 41-1503 has no caveat to accommodate your approval or opinions. https://t.co/vGg2pMEWRp
— Senator Kelly Townsend (@AZKellyT) July 16, 2021
Karen Fann was interviewed after the hearing. When asked what would happen if evidence of criminal activity was found, she said criminal referrals would be made not only to the state’s Attorney General but to Congress.