top of page

Forensic Analysis of the Mesa County Colorado Election Management System

Updated: Apr 2

By

Jeffrey O’Donnell Chief Information Officer Ordros Analytics

and

Walter C. Daugherity, Senior Lecturer Emeritus, Department of Computer Science and Engineering, Texas A&M University


March 19, 2022



EXECUTIVE SUMMARY



This report documents the findings of an examination of tabulated vote databases based on forensic analysis of the drive image of Mesa County, Colorado’s Dominion Voting Systems (DVS) Election Management System (EMS) server. The findings in this report were prepared by the authors as consultants to the legal team representing Tina Peters, the Mesa County Clerk and Recorder, pursuant to her statutory duties as Mesa County’s Chief Election Official. The findings provide evidence of unauthorized and illegal manipulation of tabulated vote data during the 2020 General Election and 2021 Grand Junction Municipal Election. Because of this evidence, which led to the vote totals for those elections being impossible to verify, the results and integrity of Mesa County’s 2020 General Election and the 2021 Grand Junction Municipal Election are in question.


This analysis was performed using the forensic image of the EMS server, which was backed up before Colorado Secretary of State and DVS overwrote the hard drive with D-Suite version 5.13.


Findings and Implications:


1) There was an unauthorized creation of new election databases during early voting in the 2020 General Election on October 21, 2020, followed by the digital reloading of 20,346 ballot records into the new election databases, making the original voter intent recorded from the ballots unknown. In addition, 5,567 ballots in 58 batches did not have their digital records copied to the new database, although the votes from the ballots in those batches were recorded in the Main election database.


2) The same unauthorized creation of new election databases occurred during the 2021 Grand Junction Municipal Election on March 30, 2021, followed by the digital reloading of 2,974 ballot records, making the original voter intent recorded on those ballots unknown. In addition, 4,458 ballots in 46 batches did not have their digital records copied to the new database, although the votes from the ballots in those batches were recorded in the Main election database.


3) The absence of secure hash algorithm (.sha) files for each digital ballot image makes the authenticity of each digital ballot image, and the ballot-level record for those ballots, impossible to verify.


4) The true total vote count in Mesa County, Colorado cannot be accurately calculated for the 2020 General Election or the 2021 Grand Junction Municipal Election from records in the databases of the county’s voting system.


5) There is no function or feature on the EMS server that could be executed inadvertently or deliberately by a local election official that would cause this combination of events to occur, especially within the time frame that these events occurred. Given the complex sequence of data manipulations and deletions necessary to produce the digital evidence described in this report, this combination of events could not have been the result of either deliberate or inadvertent actions by those officials.


6) Dominion’s installation of the Trusted Build update on the EMS in May of 2021, as ordered by the Colorado Secretary of State, destroyed all data on the EMS hard drive, including the batch and ballot records that evidenced the creation of new databases and reprocessing of ballot records described in Findings 1 and 2 above. This destruction of all data by the trusted build is described in the “Mesa County, Colorado Voting Systems Forensic Examination and Analysis Report”.


7) The fact that such ballot record manipulation has been shown demonstrates a critical security failure with the DVS EMS wherever it is used. The manipulation would not be identifiable to an election official using the voting systems, nor to an observer or judge overseeing the election conduct, much less to citizens with no access to the voting systems; without both cyber and database management system expertise, and unfettered access to database records and computer log files (many of which were destroyed by the actions of the Secretary of State) from the EMS server, the manipulation would be undetectable.



 

What Happened?


 
 

The copied ballots were then reprocessed as if they were new, even causing some of the ballots which had just been copied to go through manual adjudication again.


However, the numbers of ballots marked for manual adjudication the first time is significantly greater than the number of ballots marked for manual adjudication the second time.

 

The original database is never used again. Details about the ballots which were not copied, such as the adjudication status and the time they were originally processed, are now hidden from the Mesa County Clerks.

 
 
 

Therefore, all 25,913 ballots processed before 2:18PM on October 21st cannot be considered legitimate without actually comparing the votes in the database with the votes on the original paper ballots.


Digital ballot images exist, but the companion files which would confirm their authenticity do not, leaving those digital images in an unverifiable state.


The 2021 Grand Junction Municipal election, held in March and April, 2021, exhibits nearly identical evidence of ballot manipulation.


In this election, records of 4,082 of the first 8,540 ballots were copied to a new database and reprocessed, leaving 4,458 ballot records existing only in the original, now unused database.


Of the four city council races held in that election, the largest margin of victory was approximately 3,000 votes.


13 views0 comments

Recent Posts

See All

Comments


bottom of page