Editorial: Colorado’s leaked password scandal needs outside investigation

Between Oct. 23 when Secretary of State Jena Griswold became aware that hundreds of voting machine passwords had been released publicly on a spreadsheet and Nov. 1 when Gov. Jared Polis intervened to demand the passwords be changed, what exactly was Griswold doing to address the security breach?

Inquiring minds want to know.

Because this feels a lot like déjà vu with Jena Griswold.

In 2022 when we endorsed Griswold’s Republican opponent we wrote: “Griswold has left us unimpressed with her unwillingness to address problems and issues as they arise and even a reluctance to admit when mistakes have been made, or things could be improved.”

Here we are two years later in the midst of one of the most closely scrutinized elections of all time and Griswold’s team makes a crucial error and the secretary of state sits on it for at least a week before taking action.

We’re perplexed by the entire ordeal.

Colorado’s elections are very secure – every voter casts a paper ballot that is retained for recounts and risk-limiting audits. Those ballots are public record and can be cross-checked with the public list of participating voters to ensure the numbers add up and to ensure the voters are real, eligible, alive Coloradans.

The passwords leaked were one of two needed to access the voting machines and the machines are stored in secure areas kept under constant surveillance.

All of this means it is unlikely that any harm came from the passwords being publicly released beginning as early as Aug. 8 and ending Oct. 23.

However, it doesn’t take a conspiracy theorist to believe it’s possible the passwords weren’t leaked on accident. Did a rogue secretary of state employee – someone with delusions of grandeur on the scale of former Mesa County Clerk and Recorder Tina Peters – intentionally release the passwords? Was the intent to cast a pall on the election or was he or she conspiring with someone else – Democrat or Republican — to breach election machines?

These unanswered questions are why an external investigation is needed. Griswold has said she will hire an external company to review the incident, but we think the investigation needs to be beyond her control entirely. Gov. Jared Polis has done an excellent job stepping up in Griswold’s absence on this issue and he should do so again by having the investigator spur from his office.

Peters used her role as clerk to give someone access to the voting machines in Mesa County and steal data related to the election. No real harm came from her antics and the data proved what most Coloradans already knew – the elections were secure and valid.

But that didn’t stop Peters from jetting off around the country claiming she had proof that the 2020 election was stolen.

In a similar vein, it was someone involved with discrediting the 2020 election on behalf of former President Donald Trump who first discovered the passwords in a hidden sheet on a database of election equipment that could be downloaded from the secretary of state’s website. Shawn Smith signed an affidavit that was sent to Griswold’s office on Oct. 29 stating he had downloaded the spreadsheets on Aug. 8, Oct. 16 and Oct. 23. The link to the spreadsheets was taken down on Oct. 24 when Griswold’s office noticed the passwords, but no information was released officially about the link until after Smith and the Colorado Republican Party sent out public notices about the passwords they had obtained.