DENVER, Colo. — Today, the Colorado Secretary of State’s office issued an Order in response to a potential chain-of-custody and security protocol breach for Mesa County’s voting system components.
Several items were published online that constituted a breach in the security protocols for Mesa County voting system components. The posted images depict the BIOS passwords specific to the individual hardware stations of Mesa County’s voting system. The public disclosure of the BIOS passwords for one or more components of Mesa County’s voting system alone constitutes a serious breach of voting system security protocols, as well as a violation of Election Rule 20.6.1. This breach in security protocol has not created an imminent direct security risk to Colorado’s elections and did not occur during an election.
It is likely from the content of the social media postings that this sensitive information was collected during the limited access trusted build installation in Mesa County on May 25, 2021. The collection and dissemination of this information during the trusted build installation violated security protocols and Department of State rules governing the process. In response to this breach in protocols, the Secretary of State’s office has sent an Order requesting inspection of election equipment and other relevant materials to the Mesa County Clerk and Recorder. Depending on the outcome of the investigation, these violations may result in the decertification of the voting systems in Mesa County.