Thursday, March 31, 2022

software...These systems include both servers and workstations (or "PCs")...Election
software running on these COTS systems is vulnerable to unintended effects from other user
sessions, applications, and utilities, executing on the same platform at the same time as the
election software...To counter these vulnerabilities, three operating system protections are
required on all such systems on which election software is hosted... Second, operating
system audit shall be enabled for all session openings and closings, for all connection
openings and closings, for all process executions and terminations, and for the alteration or
deletion of any memory or file object. This ensures the accuracy and completeness of
election data stored on the system. It also ensures the existence of an audit record of any
person or process altering or deleting system data or election data.”
b.
Mesa Forensic Report #1 major finding 2. “Due to non-compliance with the 2002 VSS
requirements, these voting systems and accompanying vendor-provided, Colorado Secretary
of State-approved procedures for county use cannot have met the certification requirements
of the State of Colorado, and should not have been certified for use in the state.” The
requirement, in the 2002 VSS, that voting systems generate and preserve all these log files,
critical to the ability to audit and reproduce the conditions and details of election conduct, is
mandatory under
CRS 1-5-601.5. Not only did the cyber expert conclude and show evidence
that the DVS D-Suite 5.11-CO system did not satisfy those statutorily-mandated 2002 VSS
requirements, but the Secretary of State falsely and illegally
certified that it did.
c.
Mesa Forensic Report #2 major finding 1. The DVS D-Suite 5.11-CO voting system is not
secure and protections have not been implemented in accordance with the 2002 VSS
requirements. Again, the certification of a voting system which fails to comply with the
requirements of the 2002 VSS is a clear violation of
CRS 1-5-601.5.
d.
Mesa Forensic Report #2 major finding 2. The combination of unauthorized software
(Microsoft SQL Server Management Studio (SSMS)) installed in the DVS D-Suite 5.11-CO
Election Management System (EMS) server, the failure to employ security mechanisms built
into the system and required by 2002 VSS, and the obliteration of mandatory audit logs
(destruction of both election records and evidence of access to the EMS server) that Federal
and State law require be preserved, create a “back-door” to the EMS server that is only
partially protected by a simple password, with no preserved audit records.
Crane admits that SSMS “was not explicitly identified on the certification;” this is tacit
admission of the illegality of the installation and presence of SSMS on DVS D-Suite
5.11-CO. He asserts, factually, that a single document, in DVS’ Technical Data Package
(TDP) mentions “Microsoft Sequel Server Management Studio (SSMS).” Never mind that
Crane presumes to advise you regarding computer-based voting systems, when he is so
ignorant that he mistakes the acronym “SQL” (Structured Query Language) for the English
word “sequel.” He fails to mention that the TDP comprises dozens of manuals, including
eight manuals and user guides specific to the EMS, and not one of those eight mentions
SSMS. More importantly,
CRS § 1-5-618 explicitly requires that any modification to the
certified voting system, defined by DVS’
application for certification, the corresponding Test
Report
(neither of which list SSMS as included or tested software), and the resulting
Secretary of State
certification letter, be subjected to the same requirements for approval
“as those prescribed by this part 6 for the initial certification of the system.”
Furthermore, Crane admits to his knowledge of the Colorado Department of State’s approval
of a second, separate act (presumably with separate counts for each affected Colorado
county) of egregious violation of Colorado election law, involving the installation of the
“LibreOffice” freeware on Colorado voting systems. He cites, as justification, the Secretary
of State’s Colorado Election
Rule 20.2 (8 CCR 1505-1) but, again, fails to mention that the
Secretary of State, herself, is not permitted to approve any modification to Colorado voting
systems except in accordance with state law. LibreOffice software is not part of the
specified or tested configuration of any voting system certified in Colorado.
The introduction of untested, uncertified software obtained from sources that have not
been validated by state or county officials with no cyber expertise , into Colorado voting
systems, violates
CRS § 1-5-601.5, CRS § 1-5-608.5, CRS § 1-5-618, and CRS § 1-5-
620, causes counties to violate
CRS § 1-6-612 and CRS § 1-5-613 by using an improperly
certified voting system. There is no version of the LibreOffice software without at least one
published
Common Vulnerability and Exposure, and some versions have nine published
vulnerabilities, including vulnerabilities of the most severe category.
The cavalier introduction of this software into voting systems reveals such blatant
ignorance of and disregard for cyber hygiene and security that it should immediately
disqualify any individual involved from every having custody or control of any
election-related system. Further, the Secretary of State is in breach of her duty under CRS
§
1-5-621, for her failure to prohibit the use in elections of voting systems which, by the
installation of untested, uncertified software, deviated from the certified system.
These are violations of Colorado election law, committed by the Secretary of State and her
staff and, at her direction, by county election officials in Colorado. Each should be
investigated by sworn law enforcement personnel and, if Crane’s self-incrimination and
indictment of the Secretary of State, and the evidence in the forensic reports, are validated,
each of these election officials must be afforded due process.
e.
Mesa Forensic Report #2 major finding 3. Testing by the cyber expert demonstrated that
calculated vote totals in the DVS D-Suite 5.11-CO EMS tabulated vote database could “be
easily changed,” “flipping the election,” and violating the 2002 VSS’ explicit requirement to
address this specific risk. Once again, the certification of a voting system which fails to
comply with the requirements of the 2002 VSS is a clear violation of
CRS 1-5-601.5.
f.
Mesa Forensic Report #2 major finding 4. The DVS D-Suite 5.11-CO EMS server was
assembled in Mexico, of parts manufactured in China, exposing the EMS server, and thus
the voting system, to compromise through supply-chain attack. Despite this concept
being
well-understood in the Federal government, particularly within national security
community personnel responsible for cyber security, the supply-chain threat is not mentioned
nor in any way mitigated in the acquisition and testing of Colorado’s computer-based voting
systems.
g.
Mesa Forensic Report #2 major finding 5. Due to the demonstration of the EMS server’s
vulnerability and susceptibility to manipulation, the EMS server presents an immediate threat
to election integrity, with potential grave consequence to Colorado and the Nation by
allowing the unauthorized alteration of election results.
Mesa Forensic Report #3 major
finding 1. There was an unauthorized creation of new election databases on the EMS server
during the November 2020 General Election in Mesa County, involving the digital “reloading”
of 20,346 ballot records into the new election databases, making the original voter intent
recorded from the paper ballots unknown. In addition, 5,567 ballots in 58 batches did not
have their digital records copied to the new database, although the votes from the ballots in
those batches were recorded in the EMS server’s main election database.
h. Mesa Forensic Report #3 major finding 2. The same unauthorized creation of new
election databases occurred during the 2021 Grand Junction Municipal Election in March
2021 in Mesa County, followed by the digital reloading of 2,974 ballot records, obscuring
original voter intent for those ballots, and 4,458 ballots in 46 batches did not have their digital
records copied to the new database, despite the votes from the ballots in those ballots being
included in the EMS server’s main election database.
i.
Mesa Forensic Report #3 major finding 3. Secure hash algorithm (.sha) files required for
each digital ballot image were missing, making the authenticity and ballot-level records for
those ballots impossible to verify.
j.
Mesa Forensic Report #3 major finding 4. The true total vote count in Mesa County for
those two elections cannot be accurately calculated from records in the databases of the
county’s voting system.
k.
Mesa Forensic Report #3 major finding 5. There is no function or feature on the EMS
server that could be executed inadvertently or deliberately by a local election official that
would cause this combination of events to occur, especially within the time frame of the
events. Given the complex sequence of data manipulations and deletions necessary to
produce the digital evidence described in this report, this combination of events could not
have been the result of either deliberate or inadvertent actions by those officials using
documented EMS server functions.
l.
Mesa Forensic Report #3 major finding 6. The installation of the Trusted Build update on
the EMS server in May 2021, as directed by the Colorado Secretary of State, destroyed all
data on the EMS hard drive, including the batch and ballot records that evidenced the
creation of new databases and reprocessing of ballot records described in Findings 1 and 2
above.
m.
Mesa Forensic Report #3 major finding 7. The fact that such ballot record
manipulation has been shown demonstrates a critical security failure with the DVS
EMS wherever it is used. The manipulation would not be identifiable to an election official
using the voting systems, nor to an observer or judge overseeing the election conduct, much
less to citizens with no access to the voting systems; without both cyber and database
management system expertise, and unfettered access to database records and computer log
files (many of which were destroyed by the actions of the Secretary of State) from the EMS
server, the manipulation would be undetectable.
4. “Not one of these reports have shown any evidence that the results of the 2020
election or any other election were not accurate.”
These reports show that the certification of our voting systems and their use in Colorado
elections has been in violation of Colorado law, and that the extraordinary vulnerability of the
voting systems to penetration and manipulation, coupled with the wanton destruction of
election records, means that neither the results reported from these systems nor the election
officials who swear to their security and integrity, can be trusted by Colorado citizens. The
safeguards in CRS Title 1, which the General Assembly has presumably intended and
assumed would protect the purity of Colorado elections and safeguard the elective franchise,
have failed through the ignorance and deliberate subversion of sworn election officials, and
with the mute inaction of Colorado’s sworn law enforcement officers, to Mr. Crane’s ardent
applause.
5. “Our systems specifically use redundant checks and rechecks to ensure that they are
safe. Some of these protections include equipment-related security measures including
restricted access and video monitoring, pre-election testing that includes community
members as witnesses and post-election activities such as risk-limiting tabulation
audits. Strict chain of custody, as demanded by Colorado statute/rule, adds significantly to
our security posture.”
These computer-based voting systems are computers. Assessing their security and integrity
requires cyber security expertise, not the rote memorization of narrative talking points Crane
regurgitates for consumption by citizens and public officials who’ve mistakenly trusted
him. Crane’s claim belies the independent forensic assessment of cyber experts with
more than 120 years’ more cyber experience than Crane. What, precisely, does Crane
suppose “video monitoring” will reveal, from the outside of a computer system?
Could “watching” your smartphone even with a “bipartisan” team prevent the delivery of a
text message, or the suspension of your “blocked caller list” through a setting change which
occurs automatically when one dials “9-1-1,” even after performing a “logic and accuracy test
(LAT)” to ensure your phone blocked any calls from numbers on your “blocked caller list?”
The same is true for our computer-based voting systems.
Both the approach to certification testing by the Voting System Testing Labs and the LAT
performed by election officials are artifacts of an era when the proper function of mechanical
or electromechanical voting systems could actually be verified by simple tests and the naked
eye; these approaches are impossibly inadequate and ill-suited to the verification of
computer-based voting system security and proper operation, because the operation,
security, and integrity of a computer-based system can be radically altered with a single bit
change in code or firmware.
6. This flurry of reports is a deliberate strategy by grifters and bad actors to create the
impression that something is wrong with our election systems, spread fear, and create chaos
to achieve their policy goals, which include reducing voting to only one day, potentially
disenfranchising our military voters and voters with a disability, and hand-counting
ballots. Ironically, their “solutions” to achieve greater election integrity will actually have the
opposite effect. Their solutions will decrease voter access to the ballot and make our
elections less secure and less accurate.” Crane veers yet again into baseless, defamatory
claims, from a position of such utter and abject ignorance and hypocrisy, it beggars belief.
Speaking of grifters, Crane himself was inexplicably absolved by an ethics review of conflict
of interest, related to his conduct as a sworn county election official, while his spouse was
employed by the vendor of the very voting system that he was responsible for ensuring was
secure and accurate. Even his
curriculum vitae is “embellished,” claiming that he was an
elected clerk from 2013 through 2018, despite his status from 2013 through January, 2015
being “appointed,” not elected. In addition to his role with the CCCA, Crane is in the employ
of the
Lafayette Group, a contracted crisis communications advisor to the U.S. Department
of Homeland Security (DHS), the Cybersecurity and Infrastructure Security Agency (CISA),
and the Election Assistance Commission (EAC), responsible, in part, for propaganda such as
the ridiculous proclamation by election industry insiders that the November 2020 election
was the “most secure in American history.” Crane invited his fellow Lafayette Group
employee and former EAC director of testing and certification to address Colorado’s county
clerks at the CCCA’s summer conference, sponsored by voting system vendors. Ryan
Macias, who was caught attempting to sneak into the Maricopa County audit as an operative
of Arizona Secretary of State Hobbs and, during the summer conference, informed CCCA
attendees that his organization intended to discredit the Maricopa Audit before its report was
released.
Now, though Crane and the CCCA pretend to represent the interest of Colorado county
clerks, which pay for their CCCA membership with Colorado citizens’ tax dollars, he has
funded a lobbyist, “5280 Strategies,” to lobby in support of SB22-153. This bill would strip
clerks and their citizens of significant statutory authorities to oversee elections. While
claiming to represent the clerks, Crane has exposed himself and his confidants as allies of
Secretary of State Griswold, in her campaign to consolidate absolute power over Colorado
elections depriving citizens of transparency and stripping clerks of their First Amendment
rights to even express doubts regarding voting system security.
7. “The entirely erroneous assertion that the voting system testing lab used by Colorado
lost its federal accreditation and thus the voting systems used in Colorado should be
decertified as a result. Any assertion that the federally accredited voting system testing lab
(VSTL) used by Colorado lost its federal accreditation is absolutely not true.”
This is a lie. Colorado Department of State Elections Director Judd Choate lied to Colorado
election officials in a memorandum
emailed at 6:29PM on July 20, 2021, where Choate, as
Crane has, claimed that “The EAC also has confirmed that Pro V&V’s accreditation did not
expire at any time between February 24, 2015 and today, July 20, 2021.” His email went on
to state “I have gone so far as to personally confirm this fact with the EAC Executive
Director, Mona Harrington, two weeks ago (accreditation was not terminated) and again this
morning (accreditation did not expire).”
In fact, at the time of Choate’s memorandum, he had not yet received ANY documentation in
response to his plea in the 12:01AM, July 20, 2021
email to EAC Executive Director Mona
Harrington and EAC General Counsel Kevin Rayburn, for “any document you could point us
to that would clarify the Revocation v. Expiration issue?” Better yet,” Choate continued,
“could you write a letter or even an email stating what we all know that Pro V&V was a
continuously accredited VSTL since 2015?” At 10:08AM on July 20, 2021,
Choate
wrote “Our real concern at this point is about this idea that the accreditation ‘expired.’
The talking points seemed to have shifted from revocation of Pro V&V’s accreditation to the
expiration of that accreditation. Obviously, we know this isn’t the case, but we lack the
documentation to demonstrate that this talking point is in error.” At 4:12PM, July 21, 2021,
nearly 22 hours after lying to Colorado election officials, Choate
wrote “Hi Mona. Attached is
the memo I sent the counties last night. Any update on the letter you are providing?”
To be clear: at the time that Choate asserted to Colorado election officials that he had
confirmed uninterrupted, unexpired accreditation with the EAC, he had received no
such confirmation from the EAC.
In fact,
Title 52 U.S.C. § 20971 provides that VSTLs are accredited ONLY by vote of the
EAC Commissioners, and the EAC’s
Voting System Testing Laboratory Program Manual,
para 3.8 states that “A VSTL’s accreditation expires on the date annotated on the Certificate
of Accreditation. VSTLs in good standing shall renew their accreditation by submitting an
application package to the Program Director, consistent with the procedures of Section 3.4 of
this Chapter...Laboratories that timely file the renewal application package shall retain their
accreditation while the review and processing of their application is pending...(and) should
circumstances leave the EAC without a quorum to conduct the vote required under Section
3.5.5.” This VSTL Program Manual language explicitly acknowledges that renewal of
accreditation for a VSTL required, in accordance with 52 USC § 20971, a vote by EAC
Commissioners, to be documented in the form of a written Commissioners’ Decision which
“makes a clear determination as to accreditation...”
The EAC issued a
Certificate of Accreditation to Pro V&V on February 24, 2015, which states
that the accreditation is effective through February 24, 2017.
EAC Annual Reports and
Records of EAC Commissioner meetings
between 2014 and 2020 show that the EAC had a
quorum of Commissioners continuously, excepting from March, 2018 through January, 2019,
and that at no time did EAC Commissioners vote to renew the accreditation of Pro V&V
between 2017 and the end of 2020. By U.S. law, and in fact, Pro V&V was not an
accredited VSTL in 2019 and 2020, at the time it conducted testing on the DVS D-Suite 5.11-
CO and CBG CV 2.1 voting systems which testing campaigns were also used as the partial
basis of voting system standards compliance testing Pro V&V accomplished for
DVS D-Suite
5.13
and CBG CV 2.1.5 in 2021, according to the test reports for those systems.
The
unsigned, undated memo finally sent by EAC’s Harrington (which does not, in
contradiction to Choate’s statement, mention, let alone dismiss, the question of whether Pro
V&V’s accreditation had expired, nor whether EAC Commissioners voted to renew Pro
V&V’s accreditation) notwithstanding, this means, undeniably, that Secretary of State
Griswold’s certifications of DVS D-Suite
5.11-CO and 5.13, and CBG CV 2.1 and 2.1.5 voting
systems were in violation of Colorado law.
8. “The false assertion that voting systems are built to connect to the internet. Yes, there is
wireless technology on many of our voting system components. Voting systems are tested
and certified for use by the federal government and the state of Colorado with these wireless
components included. The mere presence of these components does not violate federal or
state law. However, the wireless ability is disabled in Colorado as a part of the Trusted Build
process. Counties do have the ability to validate this. Validating that wireless functionality is
disabled will be a part of the Public Logic and Accuracy Test conducted before every election
in every county moving forward.”
Whether by sheer ignorance or the deception of semantics, Crane pretends that the only
issue with the inclusion of, for example, 36 separate wireless networking devices in a single
county’s voting system is whether that voting system is connected directly to the internet.
In Mesa County Forensics
Report #2, Doug Gould explains the concept of an Island-Hopping
Attack, such that the connection or susceptibility to connection, e.g. through a wireless
networking device, of a voting system to any external device or network exposes the voting
system to attack. “Internet” or “no internet” is irrelevant. There is no amount of wireless
connectivity that could be tolerable, acceptable, or safe in a system as critical as our voting
systems. The inclusion of ANY wireless networking device in a voting system introduces
such an extraordinary vulnerability that the fact of Crane’s dismissal of this concern
reinforces the conclusion that he, and anyone who thinks as he does, cannot be trusted with
our elections. The Federal government
will not allow wireless devices of any kind in its
most sensitive facilities, and states explicitly that “computers with an embedded
wireless system must have the radio removed before the computer is used to transfer,
receive, store, or process classified information, and “simply disabling the transmit
capability is...inadequate...” But Crane insists that the “Trusted Build” and the “Logic and
Accuracy Test” “validate that wireless functionality is disabled.”
In fact, Crane’s ignorance fails him, and us, once again. The presence of integrated Dell
Remote Access Controllers (iDRAC) and the use of Intel chipsets with forms of “
Active
Management Technology(AMT)” in our voting systems means that our voting systems are,
inherently and irrevocably, built for remote access and out-of-band management even
allowing the configuration of the systems remotely with no detectable indicators to personnel
standing in front of or even using those computers. When paired with wireless networking
devices, inexplicably included in the voting systems by the vendor, and
completely
untested by the VSTL, what is clear is that we are, at best, poorly advised and, at
worst, intentionally deceived by Crane and Griswold.
9. “Also issued recently by... “USEIP” is an attempt to report on what they describe as a
‘voter canvass’....In general, it is impossible to respond specifically to any of its assertions
because we know too little about the canvas itself.“
Legislators can read the
Colorado Canvassing Report and decide for themselves the value
of the product of almost 8,000 volunteer hours by hundreds of their constituents, resulting in
affidavits which document, conservatively, an 8% irregularity and inaccuracy rate in the
Secretary of State’s voting history and voter records for the November 2020 election in four
large Colorado counties, indicating that the outcome of 7-12% of all election races and
measures on Colorado’s November 2020 ballots may be in doubt.
As to Crane’s questions, which he has never directed to USEIP despite the public posting of
the report and the availability of USEIP’s contact information, as well as an information video
answering most of these questions:

. “Who are the canvassers?” The canvassers were 100% volunteer, non-
partisan, Colorado citizens canvassing (using the standard dictionary
definition which suddenly mystifies Crane) their neighbors.

i. “How did the canvassers interact with the voters?” The canvassers were only
allowed to canvass following their training that emphasized courtesy,
honesty, and friendliness, and they worked in pairs for their own safety.

ii. “Did the canvassers use a script? Was the script biased?” As explained in the
Report, page 5, the canvassers used a script and asked five questions:

0. Did you vote in the November 2020 elections

1. By what means did you return your ballot (mail-in, ballot drop box, or
in-person)

2. Did you receive any extra ballots at this address

3. Is your voter information (in the Secretary of State’s information)
accurate (name, address, party affiliation, etc.)

4. Are there any other experiences you would like to share.

iii. “What voters were surveyed?” As explained in the Report, page 6, all voters
in precincts with the highest and lowest voter opportunity scores were
canvassed. Additionally, as specified in a supplemental report footnoted on
page 20 (and found here:
https://ln5.sync.com/dl/e817b9880/hwtchqqx-
7tag86gk-r6x8yngc-sg5zimwp
), the distribution of the voter opportunity
scores for voters that responded versus didn’t respond were approximate,
indicating that voters who responded were similar to that of the voters who
did not respond.

iv. “How did they overcome the bias of talking to only one person in a house
with multiple voters?” Crane here assumes, without evidence, that there IS
such a bias. As noted above, the distribution of the voter opportunity scores
for voters that responded versus didn’t respond were very similar, indicating
that voters who responded were similar to the voters who did not
respond. This is important because it confirms that there was no bias in the
sample selection, nor in the response rate of voters.

v. “Are the neighborhoods surveyed representative of the county?” Yes. When
you inspect the distribution of the voter opportunity score for those
neighborhoods canvassed in each county, they approximate the distribution
of the voter opportunity scores for all voters in each of the counties
canvassed. You can find additional information
here:
https://ln5.sync.com/dl/bd2485d10/aru766hi-t322kdbn-cww7jwsj-
5yf8znds

vi. “Are the counties surveyed representative of the state? (Obviously Douglas,
El Paso, Pueblo, and Weld are not representative of the entire state)” Here,
again, Crane reveals his own bias, with no evidence. Regardless, the
distribution of voter opportunity scores among the four large counties
canvassed approximates the distribution for all of Colorado, hence, we can
infer that these counties can be used as a proxy for the state. You can find
additional information here:
https://ln5.sync.com/dl/bd2485d10/aru766hi-
t322kdbn-cww7jwsj-5yf8znds

vii. “Why were results from other counties not included in the report?” The sheer
temerity of Crane who has publicly asserted warrantless falsehoods
regarding Colorado elections, and yet made no effort to canvass; who has
disparaged the citizen canvassers and their results; who has pretended that
the very term “canvass” is somehow deserving of skepticism asking “Why
didn’t the citizens do MORE?” is shocking. Again, while no Colorado election
official conducted any canvassing, of any amount, to satisfy their sworn duty,
these hundreds of citizen volunteers spent nearly 8,000 hours canvassing
samples populations of four counties, representing approximately one-fourth
of the entire Colorado registered voting population. As noted above, given
that the distribution of voter opportunity scores in these four counties
approximates the distribution of the entire state, inferences can be made
about discrepancies found. You can find additional information
here:
https://ln5.sync.com/dl/bd2485d10/aru766hi-t322kdbn-cww7jwsj-
5yf8znds

viii. “Furthermore,” Crane continues, “it’s fair to ask why USEIP has not turned
over the data and/or affidavits that support their claims. If they have
evidence of poor voter rolls and illegal activity, they should have turned that
information over to be investigated when they released their report. If the
information is accurate, having the data would allow counties to update voter
rolls and pursue legal charges if warranted.”
Is it, in fact, fair for Crane to ask, given his baseless claims and utter inaction
to support them? The report literally states, on page 7, that “affidavits and
accompanying data will be provided to officials.” And so they will be. The
report has already been provided to the lead counsel for plaintiff in a suit
against Secretary of State Griswold concerning Colorado voter rolls. The
report and affidavits will be provided directly to the Colorado Attorney
General and District Attorneys, and to County Clerks, with affidavits which
compel their investigation, “forthwith,” under Colorado statute.
10. “One other important thing to note,” Crane’s claim that “USEIP members
collected a list of approximately 750 deceased people who they claim had
cast a ballot in the 2020 General Election. They submitted this list to
authorities in El Paso County last year...” is, par for his consistently

inaccurate course, completely false. USEIP volunteers did no such thing. In
addition to cyber security and Colorado election law and canvassing, it
appears Crane is incapable of validating even the simplest of his counter-
factual claims. This man cannot possibly be a “trusted source” of information
for our elected officials.
11. “We understand a new report regarding the Mesa County election
security breach has just been introduced. We will study that report vigorously
as well. Based on the poor assumptions/conclusions from the first two
reports, it is fair to say we are cynical about any claims in this new report.
Crane’s cynicism must be a badge of honor for any recipient, given that his
“vigorous study” (it’s unclear who he refers to by “we”) has thus far resulted in
an unbroken chain of inaccurate and deceptive assertions in every single
case. Perhaps Crane will “vigorously” study Mesa Forensic Report #3
sufficiently that he will not publicly embarrass himself by asking question
answered in the first five pages of the report.
12. “In closing, these reports detail known vulnerabilities in the voting
system.”
Crane’s acknowledgment of “known vulnerabilities in the voting system” is
noteworthy and significant. The acknowledgement deserves its own hearing
before the General Assembly. At no previous time or place has Crane, much
less the Secretary of State, acknowledged this fact. Secretary Griswold has
also made no mention to members of the General Assembly, or to Colorado
clerks, or to the public, of vulnerabilities discovered in Colorado’s Statewide
Colorado Registration and Election (SCORE) system in
2015 and 2020, nor
of the explicit statement in University of Michigan Professor of Computer
Science and election system security expert witness J. Alex
Halderman’s
Declaration in a Georgia court of “numerous security
vulnerabilities” in the DVS ImageCastX machines used in 16 states, including
Colorado, which can be used to “steal votes cast on ICX devices. Notice of
the Halderman Declaration was provided to the Colorado Secretary of State
prior to the November 2021 election, but she took no action to notify the
General Assembly, Colorado election officials, or the Colorado public, nor did
she take any action to mitigate the identified vulnerabilities.
13. “However, they do not show any exploitation of those
vulnerabilities. They do not detail any fraud or inaccurate vote counts.”

Crane should have waited until after he “vigorously” read Mesa County
Forensic Report #3, rather than simply after an entire career of not actually
looking to see if voting system vulnerabilities have been exploited, before
making this baseless assertion.

 14. “Amateur and inaccurate work like this undermines public trust in our
elections and hurts the integrity of our elections.”
Please look at the credentials of the authors of these Reports, as noted
above.
As it turns out, our elections, and the people who have been keeping these
election vulnerabilities from the public, do not deserve public trust. They
deserve scrutiny, and the People are entitled to demand it, and the members
of the General Assembly are obligated by law and oath to provide it.