You are on page 1of 24

Improper Governmental Operations of the

Maricopa County Elections Department and Board


of Supervisors

PRELIMINARY REPORT

August 15, 2021

PREPARED BY
WE THE PEOPLE AZ ALLIANCE
INTRODUCTION
Maricopa County Board of Supervisors and Elections Department is tasked
with the total operations of Maricopa County local, state and federal
elections. This includes, but is not limited to, maintaining consistency and
adherence to Arizona State Statutes, which include adopted AZSOS Policy
and Procedures and HAVA Regulations and National Institute of Standard
Technology (NIST) Special Publication 800-124 Revision 1 for oversight of
early voting, day of elections, equipment, safety, security, transparency,
and chain of custody.

Our investigation includes findings regarding the daily operations and


behaviors of leadership and staff at Maricopa County Elections Department
prior to elections, during elections and following elections. In this report we
will analyze the statutes, policies and regulations and see how they
compare to the current operations and procedures that have taken place
and are currently taking place at Maricopa County Tabulation and Election
Center (MCTEC).

Our team used multiple means by which to formulate this report,


including interviewing witnesses, reviewing information in the public
domain and reviewing hours of video footage from MCTEC nest cameras.

After nearly a year of scrutiny, distrust and expressed concerns from the
citizens, the Maricopa County Board of Supervisors, Maricopa County
Recorder and the AZSOS has refused to acknowledge concerns or make
tangible changes to process, policy or enforcement to reassure the voters.
Instead, they have chose to arrogantly take to social media and treat our
legislators and citizens with disdain and disrespect. This makes it abundantly
clear that the only relief for the people must come from our Attorney
General and our Legislators.

EARLY AND DAY OF VOTING


In early voting, we will cover the following areas, permanent early
voting (PEVL)/ mail in ballots, ballot drop boxes and early voting
centers.

Permanent early voting/Mail in ballots:

Mail in ballots is a matter of convenience and acceptability to Maricopa


County voters. However, this does not come without significant
concerns. During our investigation we discovered serious flaws in the
process.

In order to ensure that the millions of mail in ballots that were issued in
Maricopa County are limited to the receipt and usage of ONLY authorized
voters, it is highly dependent on signature verification and firm adherence
to statute and policy.

Although ballot harvesting was banned in the State of Arizona in 2016 by


HB2023, it is clear by multiple observer and Maricopa election workers that
the practice continues in significant numbers. There has been no attempt
by the State of Arizona Attorney General, Secretary of State or the
Maricopa County Elections department to enforce this ban and prevent this
practice from occurring.

Drop Boxes:
We interviewed a Maricopa County election worker who was tasked with
manning the ballot drop boxes. Her job was to collect ballots from voters at
the drive-thru drop boxes, verify they contained signatures and place
ballots in the drop boxes. We will refer to this worker as Witness 1. A formal
affidavit can be provided to the Senate.

- I worked at multiple drop box locations in the valley. I witnessed cars


with one or two people dropping off as many as 20 or 30 ballots at a
time. Also, on multiple occasions, ballots were returned to them because
they were missing signatures and I witnessed them pull out of line, sign
all of the ballots and return through the line. I was instructed that we
are not allowed to refuse to accept a ballot.

- Ballot drop boxes at Turf Paradise location were left open and
unlocked and when I reported it, I was reassigned to a different
location.

To limit the chance of fraud, it would be imperative to ensure a current and


clean voter role to lower the chances of illegal ballots from being inserted
into the election. Multiple people have stated that they received ballots for
voters who no longer live at their address, have never lived at their address
or are now deceased. We also have evidence of people registered to fake
addresses, local businesses and registered multiple times. This makes it
clear to the majority of voters that the voter roles are not current and
clean. This is the direct responsibility of the County Recorder’s office.

Signature Verification:

The second fail safe to assisting in reducing illegal ballots from being
counted is ensuring strict compliance with signature verification.
In an affidavit from an election worker in signature verification (known
as, Witness 2), the following claims were made:

– Signature verification standards were constantly being lowered by


Supervisors in order to more quickly process that higher amount of
early and mail-in ballots (from approx. 15 points of similarities, to a
minimum of 3, lowered to 1, and ultimately to none – “Just pass
each signature verification through”) “There are too many rejections
of ballots each day, so push them through.”.

– Even in the 3-person teams assigned to review REJECTED signature


verification, there was pressure to approve a ballot signature with
just 1 point of similarity.

– Challenged signatures on envelopes where the signature was a


completely different person than the name of the listed voter, was
let through and approved by supervisors.

– Challenged runs or batches of envelopes for signature verification


observed by me to be the exact same handwriting on the affidavit
envelopes on numerous envelopes. When I asked if the County
Attorney would be alerted for possible ballot fraud, I was told no,
but supervisors would take care of it (batches with book numbers
can be provided by witness 2, if needed).

We have additional statements and have interviewed other observers and


election workers that expressed concerns that the signature verification
process was “treated like an afterthought” and “signatures that
appeared questionable or should be rejected were passed”.

It is our recommendation that, in addition to an audit of the ballot


envelope images, the Senate request a copy of all challenge logs and
review those challenges and the process that was used to validate or
reject the challenged signature.

Staffing Concerns

Witness 1 also indicated that they had made an announcement that they
had too many Democrats working in signature verification and that they
needed more Republicans.

In an interview with MCRC Chairman Linda Brickman, she approached


______ and asked if more Republican election workers were needed. She
was told, by _______, that they had plenty of Republican election workers
and they did not need any more.

We interviewed an additional witness (Witness 3) who was an

election worker at site #8600.

Witness 5 indicated that:

- I worked at #8600 (Anderson Polling Center) for a total of 6 days. During


that time, the staff consisted of 8-10 poll workers and I was the only registered
Republican at the center. I was made aware of this fact on Thursday, October
29th, when the poll Marshall asked voter affiliation of each worker to assist
curbside voters.

Additional interviews revealed that many election workers shared a similar


concern of unequal party representation at polling centers and in the MCTEC
center and inadequate observation in the tabulation center. It would be
our recommendation that the Senate verify this information, an audit
would need to be conducted of the number of workers daily and
their perspective voter affiliation to determine if the county is
following policy.

Early Voting Centers:

Policy and Procedure adopted for early voting centers required those voting
in person to provide ID to obtain a ballot on demand. Once their ballot was
filled out, they were then required to place their ballot into an envelope
and
sign the ballot. Ballot signature is considered a form of ID. This subjected
voters to having to prove their identity twice and could have resulted in
ballots/votes being rejected AFTER valid identity was previously
established. This is a concern as it violates equal protection under the law
(US 14th Amendment). Further analysis would need to be done to
determine if any ballots from this process were rejected or if any voters
were required to “cure” their ballot from early polling centers.

VRAS, SiteBooks:

We have additional affidavits from Witness 4,Witness 5 and Witness 6


expressing similar concerns regarding possible problems with
Sitebooks. Witness 4 stated:

- I was working at a South Phoenix polling center and the Sitebooks software was
undergoing an update. This update resulted in multiple ballots being issued to
a single voter without an alert or need for override. When I questioned this
with the supervisor, I was told that “there are issues with the Sitebooks
currently being resolved, don’t worry as this may occur again and they will
catch the problem during tabulation.”
- I sent a “yellow rod”, incident report to the IT department and when I called
to follow up, I was told they had no record.

Witness 5 indicated:

- I was in charge of checking in voters at the polling location and the


following incident occurred.
- “An update was made on I believe either Monday or Tuesday morning, Inspector,
Judges, Marshall were out of the room. Another poll worker said we open in 5
minutes, and we do not have our site books on…we need to get ready. I turned
3 of them on before the others returned. Judges returned very upset, stated
“you should not have turned them on…we are in the middle of an update.
Updating the voter information.” I apologized and spoke to the Inspector and he
indicated that I was not aware of an update.”

Witness 6 stated:
- There were constant problems with the Sitebooks requiring rebooting of the
system and the ballot on demand printers had many issues printing
properly. “They had to replace the printers 3 times in just a few days.”
Maricopa County’s self-developed VRAS system

On 1-30-2017 Maricopa County entered into a settlement agreement with


Project Vote (See Exhibit 1, Project Vote and Exhibit 1a, Project Vote). From
their website they appear to be an activist group making clear swipes at the
Trump administration. In this agreement facilitated by Adrian Fontes, Project
Vote received Maricopa’s voter data along with policies and procedures
documents for VRAS related databases. It included an explanation for each
database, its functions, any fields, codes, tables, manuals, guides, and any
other materials used by IT staff for voter rolls. Where transparency in software
would be great to evaluate it for security issues, this was giving key
information to a partisan group that put the whole system at risk.

VRAS (Sitebooks), is developed, monitored and coded by employees of the


Maricopa County Elections IT department. This removes checks and
balances that are in place with commercial or proprietary software. Having
those that wrote the software manage those operating it may create a
conflict of interest and an increased risk of insider threat. In addition, we
have looked
and found no evidence that this software has undergone an
independent Cyber Security evaluation.

The VRAS system may have been a great system in theory and development.
However, when you consider the failures in policy within Maricopa County that
developed it and the activist groups having key information on how it
functions, the integrity is compromised. It is worth noting that the IT Director
behind all the innovation, and the person responsible for keeping VRAS secure,
was fired by Fontes well before the 2020 election. Currently, we are unaware of
any 3rd party security measures or publicly transparent security measures.
Therefore,

VRAS may be a serious security risk for our election

systems. Duplicate Ballots:

We have interviewed two completely independent witnesses that state that


ballots that are duplicated are loaded into a thumb drive and driven
to Runbeck for printing.
Those printed ballots are then returned to MCTEC for tabulation. Our
witnesses both indicated that this was done by one, unaccompanied election
worker. We have identified that election worker as ______.
This is a serious chain of custody issue as electronic ballots are to be
treated with the same protocols and security as paper ballots. The observers
at the tabulation
center were denied the right to observe this process, accompany Ms.
_______, or follow her to Runbeck. One witness indicated that she made
several trips to Runbeck
daily and that she worked very close with the Dominion representatives in the
tabulation room. Violation of A.R.S. § 16-625 and AZSOS Policy and
Procedure Manual Chapter 8, Section III (C), Observation Transport of Ballots.

EQUIPMENT

AZSOS Policy and Procedure Manual Chapter 4, Section III (1-7) outlines
the procedures for proper transport and chain of custody for electronic
voting equipment. A.R.S. § 16-445(C) states; The seal number must be
logged as corresponding with particular voting equipment and the election
media that has been sealed in the voting equipment. The log should be
preserved with the returns of the election. In the event of a recount or re-
tally of votes, the officer in charge of elections should be prepared to submit
an affidavit confirming that the election program and any election media
used in the election have not been altered.

In an email dated May 20, 2021 sent to the board of supervisors Katie
Hobbs recommended voting systems not be used (Exhibit 2, Hobbs to BOS
re Equipment)

“Indeed, such loss of custody constitutes a cyber incident to critical


infrastructure—an event that could jeopardize the confidentiality, integrity,
or availability of digital information or information systems. Therefore, my
Office consulted with election technology and security experts, including at
the Department of Homeland Security’s Cybersecurity and Infrastructure
Security Agency, regarding the appropriate next steps, and each
unanimously advised that once election officials lose custody and control
over voting systems and components, those devices should not be reused in
future elections. Rather, decommissioning and replacing those devices is the
safest option as no methods exist to adequately ensure those machines are
safe to use in future elections. As such, my office is urging the County not
to re-deploy any of the subpoenaed machines that it turned over to the
Senate in any future elections. Instead, the County should acquire new
machines to ensure secure and accurate elections in Maricopa County going
forward.”

Her assertions that this may have occurred during the Senate audit is
based on hypothetical, news reports, and unproven “observations.”
However, Secretary Hobbs may have overlooked the operations of MCTEC
in preparation for the audit. We have video evidence to show ________, an
MCTEC IT employee who tore apart the equipment and left it out
unsupervised for others to gain access for multiple days. There were no
tamper evident seals placed on the equipment prior to transport and no
affidavit was provided to the Senate to attest that the equipment was NOT
altered or tampered with. Based on the criteria Secretary Hobbs has used,
the equipment was already made unfit by employee ____________ and
MCTEC and they should be held accountable financially and otherwise to
the voters of Maricopa County for the replacement of voting systems.
(Exhibit 3, Equipment tampering video)

This video also shows lack of tamper evident seal:


https://youtu.be/cIvhCjWv7Q8?t=79

Video observation of the MCTEC building as employees were packaging and


prepping equipment for transport to the Senate shows that equipment was
handled boxed and loaded for delivery without appropriate safety or security
measures adhered to. There were no observers present at the time
equipment was being prepared for transport, the equipment was not sealed
with tamper-resistant or tamper-evident seals and there was no affidavit
provided to attest that the equipment had not been tampered with or
altered following the election. (Exhibit 4, Tamper Seals)

Video observation also showed electronic systems being transported in an


open bed truck. It appeared this equipment was transported in a personal
vehicle and there was not a second person visible by video observation in
the truck used for transport. (Exhibit 5, Open Bed Truck)

Here is an image of someone from the Commit Agency inches away from
a ballot scanner that is wide open and unlocked with no county employee
in frame. (Exhibit 6, Commit Photo and another Exhibit 6a, left unlocked)

This youtube description says 11-2020, but the upload date is October prior
to election day. Should the machines have been decertified then? If you
went by Katie Hobbs recommendations then these systems should not
have been used in the 2020 election.

https://youtu.be/Qu_cQqfhitE?t=52

Here is another view of the ballot commercial https://youtu.be/p1er9_3DT


g?t=9

SAFETY AND SECURITY


During the Senate audit, there was a question regarding files being deleted
or altered. Logs showed this occurs on 4/12/2021. Video review of MTEC
server room shows Subject 1 (_________) using her key card to allow
Subject 2 __________) and Subject 3 (________) to enter the server
room and leaving them unattended at the approximate time the log shows
files being deleted/altered. (Exhibit 7, Server Room)

This is a violation of A.R.S. § 16-625. Electronic data and digital images;


ballots; security, A.R.S. §16-624. Disposition of official returns and ballots,
52 USC 20701: Retention and preservation of records and USC 42-1974
Retention and preservation of records and papers by officers of elections.
Maricopa County Recorder Stephen Richer and Board of Supervisor Jack
Sellers both made a public statement that they did not have the
passwords necessary to provide to the auditors hired by the Senate.

They admitted that those passwords were supplied by Dominion (the


vendor). Testimony by Ben Cotton, cyber auditor for Cyber Ninja testified
in the Senate hearing that the passwords they did have access to had not
been changed in over 2 years.

Observation of MCTEC activities shows multiple systems that did not


require users to enter a password and many examples of systems being
logged in overnight. (Exhibit 8, No Passwords) (Exhibit 9, Logged in
Overnight)

This shows numerous violation of AZSOS Manual Pg 96 Chapter 4 (B)

Components of the electronic voting system:

1. Must be password-protected (for voting system software);

o In addition to complying with any system requirements, passwords


must: (1) contain mixed-cased and non-alphabetic characters, if
possible; (2) be changed on a regular basis and may not
be a vendor-supplied password; and (3) may be known only
by authorized users."

In a letter written by Stephen Richer, August 19th, (Exhibit 10, Richer


Letter), Page 36 item 9, Stephen Richer writes: “To access the
tabulation equipment, operators are required to be trained and need two
sets of passwords and a physical security token. The physical security
token and election program password are changed for each election.”

Video during the counties own “audit” conducted by Pro V&V shows
scanners being used during the logic and accuracy test where blank
passwords were used and no security tokens. No true audit would want to
change the process unless items are not available. In this case the county
did not provide this security token to the Senate audit. The election
procedure manual on page 235 also states that systems should be
conducted in the same manner. (Exhibit 11, l&A) Video observations and
witness testimony prove that no encryption was used on the storage
media/USB sticks entered into the systems and no password or key was
needed for access. (Exhibit 8, NO Passwords Same video also shows no
encryption as USB devices are used from package into system. Exhibit 13,
LEFT USB)

Video observations also show external media and USB memory sticks left
unattended on multiple occasions. In one instance, (2/5/2021; 2:01pm) a
USB stick was left in the port of a system unattended for almost 24
hours. (Exhibit 13, LEFT USB)

On Page 37 item 6 Mr. Richer writes: “After inserting the memory cards,
the precinct-based tabulators are secured with port blockers and affixed
with tamper evident seals. To verify the tabulators have not been tampered
with, the seal numbers are logged and verified by bi-partisan poll workers
prior to use.”

On page 17 of the public SLI Report bottom of the page: “While the
systems examined showed no malicious or networking related USB devices
being connected, the systems examined didn’t provide a physical or a
digital method of preventing unauthorized USB devices to the systems. In
this particular case, County policy drives control of USB connectivity.”

SLI Report: (Exhibit 14, SLI Report) (AZSOS Manual Pg 97-98 Chapter 4)

Much of SLI audit observed appeared to be conducted away from equipment


using a table within the tabulation room. Video observation shows that internet
and wireless access was utilized during the audit, leaving the system
vulnerable. (Exhibit 15, SLI Internet and image Exhibit 15a, SLI Internet)
AZSOS Manual Pg 97-98 Chapter 4 states;
In addition, the following security protocols apply to any memory stick or
removable electronic storage device used with the electronic voting
system:

1. A stick or device must be purchased or received from a reliable source.

2. A stick or device shall be permanently identified with a unique serial


number or identifier when in use, and an inventory of all electronic
media shall be created and maintained.

3. Electronic storage media shall be physically secured at all times. No


physical access should be given to any person unless the election
officer in charge of the electronic storage media specifically grants that
person access. Secured locations must be provided for storing
electronic media when not in use, coding an election, creating the
election media, and transferring and installing the election media into
the voting device.

4. No electronic storage media shall be left unattended or in an


unsecured location once it has been coded for an election. Where
applicable, coded election media shall be immediately loaded into the
relevant voting device, sealed, logged, and made secure or must be
placed in a secured and controlled environment and inventoried.

5. A stick or device should generally not be used to transfer data between an


internet connected system and a non-connected electronic voting system.
Only when necessary to import ballot language to the electronic voting
system should such transfer occur, and in those circumstances, the
internet-connected system and stick or device shall be scanned with
updated antivirus software prior to transfer. In addition, the officer in
charge of elections shall consider and implement other appropriate
security protocols for such data transfers.

6. A stick or device used to transfer data to or from the electronic voting


system should only be used one time – to transfer data from one system to
a second system and then securely disposed of. When feasible, write once
memory cards or write-once disks should be used instead of USB
devices to transfer data to or from an electronic voting system to
ensure a “one-way, one-use policy” is self-enforced by the technology.

7. If the individual file to be transferred between systems was electronically


received (whether through download, by email, or any other electronic
means), the individual file must be scanned with antivirus software prior
to being placed on the stick or device. If any files were downloaded from
an internet portal, the portal must be a secure portal for data
transmission purposes. Regardless of the method of receipt, however,
individual files should only be downloaded, transferred, or otherwise
utilized if they were received by a trusted third-party source.

As a government agency operating on behalf of the people, a minimum


standard is a reasonable expectation. Minimum standards for use of USB
devices are not being met and are strongly discouraged in both NIST and in
CISA recommendations. Unencrypted USB flash drives and cards were used
and continue to be used at MCTEC. The user does not need a password to
move around USB flash drives or CF cards.

Multiple items, including non-encrypted USB sticks, were seized November 5,


2020 at the residence of Elliott Kerwin, who was in possession of Maricopa
County voter information. This is a violation of A.R.S. § 16-625, AZSOS Manual
Pg 96 Chapter 4, Section III (3-7), (https://youtu.be/YLIS68YfMYU?t=2529 )

Video observation shows that systems are not protected from command line
access. Systems were rebooted and commands were given to the system
without an administrative password or control being required. This leaves
the system vulnerable to administrative tasks and code scripting. (Exhibit
16, Command Line) This is a violation of A.R.S. § 16-625

Here is another video that shows systems stay logged in with no password
required and tabulators with no tamper seals on one side (camera doesn’t
show other side) https://youtu.be/cIvhCjWv7Q8?t=79 .

Individuals are granted access to the server room and left unattended by
the use of an authorized users key card. This is known as “tailgating”.
AZSOS Manual Pg 96 Chapter 4, Section III (3-7) (Exibit 7 ServerRoom)
Video evidence does not show that visitor cards were issued or handed out to
document visitor movements in these secure areas. (NIST 800-124 Revision
1, 2.2,1 Lack of Physical Security Controls)

Users were observed using mobile devices in the tabulation area. (NIST 800-
124 Revision 1, 2.2.2, Use of Untrusted Mobile Devices)

No use of 2 factor authorization at entry points was observed. This includes


entry to tabulation center and server room. (NIST 800-124 Revision 1,
4.1.1, Restrictions on Mobile Devices and Access Levels)

Media representatives and other individuals were allowed entry into the
tabulation area between audits. It did not appear that they were required to
wear identification or visitor badges. (NIST 800-124 Revision 1, 2.2,1 Lack of
Physical Security Controls)

Laptops were brought in and removed from the tabulation area. (NIST 800-
124 Revision 1, 2.2.2, Use of Untrusted Mobile Devices)

Again, in Mr. Richer’s August 19th Letter, Page 35 item 2 and 3


under Ballots/tabulation Mr Richer writes:

2) “Access to the Tabulation Center is restricted to those with a job


responsibility or direct oversight over tabulation. Access to the
tabulation center server room and vault is further restricted. This
access is controlled through employee key card badges and badge
readers. All badge reader attempts are logged.

3) All permanent staff are issued a security identification badge, which


must be worn at all times while on county property. This badge allows
employees access to specific areas of the building in which they are
required to work.”

This appears to not be consistent in practice: (Exhibit 19, Workers


Without Badges)

Also notice no second factor key required.

There is no badge displayed in this image (Exhibit 20, No Badge Image,


also observers? Exhibit 20a, No Badge Image)

This does not appear to happen on a regular basis and violates the election
procedure manual. Everyone should have a badge and everyone who enters
a secure area that has a key card should be required to use the badge to
log who and when these areas are accessed. This is in better alignment with
the election procedure manual.

CHAIN OF CUSTODY

On item 12 in his letter, Mr Richer states: “As ballots are tabulated, the
political party appointees select batches of ballots to be included in the post
election hand count. A summary results report is prepared for each batch
under the observation of the appointees. The summary reports and ballots
are sealed with tamper evident tape and not opened until they are opened
by the political parties during the hand count.”
That does not appear to be the case as seen from a photo provided by
Senator Townsend: (Exhibit 21, Ballots Clear Tape and Exhibit 21a,
Ballots Clear Tape)

It also does not appear to be the case in 2016: (Exhibit 22, Signal Image)

SLI Compliance

On page 7 of the SLI report (Exhibit 15, SLI Internet) under day 1
of Examination they state the following:

“Out of a pool of 315 available ICP2 precinct scanners (35 had been
examined in a

previous audit), SLI Compliance examined each and selected 35


ICP2s, based, in
part, on any anomalies noticed on devices. This included missing labels
or seals.

Note: Due to defective batteries that would not attain the 10% minimal
charge needed to operate the device, five of the ICP2s originally
selected would not power up, so they were replaced by five other
ICP2s.”

It is interesting there are no conclusions by SLI regarding tamper evident


seals other than to say no physical or digital method of unauthorized USB
devices, it is certainly worth noting that the Senate audits found very few
systems having tamper evident seals. It is our recommendation that
the
Senate determine if seals were put in place following the Pro
V&V and SLI Audits, as required by statute.

AUDITS
In several videos we have discovered the auditors themselves do not appear
to follow the election procedure manual. They often ignored clear
procedures for convenience. The audits had a limited scope of machines yet
drew broad
conclusions. On Page 4 of the SLI Report (Exhibit 14, SLI Report) the
scope is defined the following way:

“The Maricopa County forensic audit was conducted on the Dominion


Democracy Suite (DS) 5.5B system and included examination of the
following items per direction given by Maricopa County Elections
Department:

• 100% (9) of the County’s central count tabulators (ICC) (4 Hi-Pro high
speed scanners and 5 Cannon high-speed scanners), which are used for
processing large quantities of ballots.

• 100% (4) workstations and (2) servers used to operate the


election management

system (EMS), which includes pre-election functions for creating the


election definition for the specified election, as well as post-election
activities including accumulating, tallying and reporting election results.

• 10% sample (35) of the County’s 350 precinct-based tabulators


(ICP2s) that were utilized in the election, at the polling centers.

• 20% sample (4) of 20 adjudication stations, which allow ballots with


exceptions or outstack conditions such as over-votes, blank ballots, write-
ins and marginal marks, to be resolved.”

This audit is not comprehensive to a forensic audit, had a limited test


sample and has unclear criteria for selection. It is not a proper examination
for malware nor an exhaustive audit of all equipment. Yet with such a
limited scope, many conclusions were drawn, and it raises concerns as to
why the choice would be so limited and restrictive. Pro V&V was careless
during the audit following the same pattern of disregard for security and
policy. They were observed leaving a USB stick in election workstation,
unattended, for almost 24 hours. People were observed walking past the
workstation, with USB access. Pro V&V was also observed using USB sticks
from packaging straight into systems. (Exhibit 13, LEFT USB)

Violations of AZSOS Policy and Procedure Manual:

AZSOS Manuel, page 97 item 3: Electronic storage media shall be


physically secured at all times. No physical access should be given to any
person unless the election officer in charge of the electronic storage media
specifically grants that person access. Secured locations must be provided
for storing electronic media when not in use, coding an election, creating the
election media, and transferring and installing the election media into the
voting device.

Page 98 item 8: If a stick or device was received by mail:

• The stick or device should only be accepted from a trusted, third-


party source.

• The stick or device must be encrypted by the third-party source, and the
password to decrypt the stick or device may not be included with the
mailing itself; and

• Upon receipt, the stick or device must be scanned with antivirus


software prior to opening or otherwise executing any file
contained on the stick or device.

The board of supervisors, Katie Hobbs, and Stephen Richer make a point
to discuss Pro V&V and SLI as certified auditors, yet they are not certified
as forensic auditors or cyber security experts. They are certified to audit
the software and certify machines by the EAC. Recorder Fontes hired Rey
Valenzuela to be Director of Elections. Mr. Valenzuela is also the Chair of
the Standards Board for the EAC (Election Assistance Commission). This
would appear to be a direct conflict of interest.

CONCLUSION
Secretary Hobbs issued a Ballot Report on August 19th, 2021, (Exhibit 25,
Ballot Report). In this report, she made some interesting observations in
her review of the Senate audit.

Katie Hobbs own report would seem to substantiate our concerns that
there are systemic violations and carelessness within MCTEC regarding
cyber security. Although we do not find the same to be true of the Senate
audit, we would definitely echo these concerns towards the conduct of
Maricopa county employees and of Pro V&V and their county audit.

On page 18 under Security, she writes:

“Cybersecurity concerns both physical and cybersecurity concerns plagued


the entire exercise. Basic tenets of cybersecurity dictate that users do not
use shared accounts, do not share passwords, and do not write down
passwords. These basic standards are implemented for several reasons,
including for the protection of data integrity, which is of critical
importance. 19 Violations of these cybersecurity foundational principles
provide opportunities for computers to be accessed by unauthorized
personnel, including bad actors, who may intentionally, or unintentionally,
alter data, such as vote tallies.”
Though this statement is correct, alone, regarding, risk and cyber security,
the 19 “violations” are based on if those conditions existed and not
evidence of risk or violations. However, when applied to MCTEC and Pro
V&V those concerns are brought forward with video evidence. We are glad
to see that Katie Hobbs can acknowledge security and would hope her
integrity as an honest person would compel her to share our concerns. It is
regrettable that the same vigor and attention does not appear to be applied
to the conditions inside the counties that are under her organizational
structure, especially one as large as the very county for which she resides.

Considering the proximity between her office, the coliseum, and MCTEC it
does not seem much further than a trip for lunch. After reviewing the many
hours and the volume of video evidence compiled by an unpaid volunteer
team, one would think these issues could have been addressed with ease
by skilled and paid staff who claim to be election experts.

It is also curious that Katie Hobbs would bring up passwords. Numerous


videos show no password necessary with election equipment in the
“closed” network.

The US 2020 General Election was unique in many ways, with so many
pushing for unsolicited mail-in ballots and adjustments called for due to
the COVID19 pandemic. It had us looking closer at systems that have been
problematic for years. Other challenges related to how elections were and
are conducted were exposed in the process.

There are 5 categories of malfeasance observed in the Maricopa County


2020 General Election with supporting evidence (attached or available upon
request):

1. Non-Compliance with Election Security Protocols

a. Poor adherence to National Institute of Standards and


Technology (NIST) protocols which serve as a baseline for
election security standards.
b. No risk assessment was conducted, especially around the
supply chain risks of Dominion Voting Systems

2. Network Insecurity

a. Mobile communications are permitted in the tabulation center


and around equipment.

b. Closed network attacks are increasingly common.

c. Closed networks, once compromised, often have fewer


protections to stop the spread of attack or lateral
movement.

d. Closed networks rarely stay ‘closed.’

e. Potential state sponsored attackers have the means and


methods to attack election systems with precision.

f. Uncovered numerous vulnerabilities of ‘Closed’ network of


Maricopa County.

3. Conflicts of Interest

a. Audits, certification of hardware, and certification of software


are all handled by the same two companies.

b. Dominion commented on a process that is specifically outlined


in the contract between Dominion and Maricopa County.

c. Public officials have been compensated by various election


companies through various means, including lobbyists
and elected officials have created laws to use Dominion
Voting Systems’ products

4. Deceptive Practices

a. Intentional deception

b. Activities that compromise election transparency

c. Intentional voter manipulation

5. Dominion Voting Systems’ Company and Machine Issues a.

Voting machines in general pose voting integrity challenges

b. Supply chain risks are numerous and well-documented.


i. There are Dominion developers in Serbia.

ii. Dominion has systems likely exposed to the CCP.

iii. Dominion has and likely did provide remote support from Serbia
in the 2020 Maricopa County General Election.

iv. It is well established that many hardware components used for


remote access and internally are sourced directly from China.

c. History of vulnerabilities

d. Flaws that resulted in voting errors that question the accuracy


and integrity of election results.

e. Direct quotes from Dominion injecting themselves into the


tabulation process raising questions of impartiality.

f. Political organizations tied to foreign actors that have


influence on the finances and infrastructure and possibly
the source code of Dominion’s system(s).

It is important to note that the observations made in this document are


not an exhaustive list of the possibilities and/or vulnerabilities discovered.
Without proper authorization no thorough examination could take place.
Many of these violations have taken place following the controversial 2020
election and continue to take place on a daily bases at MCTEC.

This report clearly shows that the Maricopa County Board of Supervisors,
the previous County Recorder Adrian Fontes, current County Recorder
Stephen Richer and AZ Secretary of State Katie Hobbs have failed to
provide the needed oversight and leadership for our elections department.

When those charged with our sacred right to vote fail to safeguard our
elections through strict adherence to governing laws, policies and
security protocols, they can not, and must not be allowed to operate
recklessly and with impunity. We the people must rely on our legislators
and the state attorney to take decisive action on our behalf. Laws and
procedures are only as good as those enforcing them. We the people
need to see that the rule of law still stands and that lady justice is still
blind, playing no favors to a protected class of negligent civil servants.

Additional legislation, changes in policy and/or equipment, and any


additional changes that the legislation may choose to implement for our
elections will be futile if we do not first address the leadership and
operations within our county elections.

In his letter, Stephen Richer states that many of the workers at the MCTEC
have worked there for 20+ years. This makes it clear that training and
ignorance is not the primary issue. There is a deep rooted systemic
problem and lackadaisical approach to our elections and further shows a
willful disregard for the rules and security of our most precious civic duties.

The number of proven violations outlined in this report further prove this
systemic negligence and willful disregard for policy, lack of oversight and
proper care by management at all levels. We would like to thank
Senator Fann and the Arizona Senators who have taken the time to
review this
report. We will be issuing additional supplemental reports in the near future
and have also included additional videos for your review. According to
A.R.S. 16-452 (C ) and A.R.S. 16-1004 (B), these violations are punishable
by a class 2 misdemeanor up to a class 5 felony. We respectfully request
that the Arizona Senate compel the Arizona Attorney General, Pursuant to
A.R.S. 452, to open an investigation and pursue charges against those in
clear violation. An example must be set for future and current election
workers that this form of negligence will not be tolerated in the State of
Arizona in order to protect our future elections.
Respectfully Submitted,

Aaron Wagner, CISSP - Cyber Security Consultant

Steven Robinson - Investigator/Project Manager

Shelby Busch - Investigator/Project Manager

Matt Van Bibber - System Admin


© 2021 We The People AZ Alliance. All rights reserved.

You might also like