No criminal charges will be filed in connection with the inadvertent leak of voting systems passwords by a Colorado secretary of state’s office employee, Denver District Attorney Beth McCann announced Friday.

Colorado Secretary of State Jena Griswold disclosed in late October that a document posted to her office’s website included a hidden but accessible worksheet containing Basic Input Output System — or BIOS — passwords to election equipment in counties throughout the state.

Days later, McCann’s office formally launched an investigation into “whether the BIOS passwords were knowingly published on the website and if there was any official misconduct on the part of any (Colorado Department of State) employee,” according to a 26-page report released Friday afternoon.

Image

“After an extensive investigation by prosecutors and investigators in my office, we have concluded that there were no criminal violations of the law regarding the publication of the voting machine passwords,” McCann said in a statement. “Based on everything we have learned, the passwords were published in error and not ‘knowingly,’ as required to prove a violation of C.R.S. 1-13-708(2), or ‘knowingly, arbitrarily or capriciously,’ as required to prove a violation of CRS 18-8-405(1).

“There is no indication that the passwords were published in an effort to influence the outcome of an election,” McCann added.

State officials, independent cybersecurity experts and county clerks from both parties have expressed confidence that Colorado’s 2024 election remained secure. Anyone in possession of the BIOS passwords who wished to tamper with elections systems, the Colorado County Clerks Association said, would still “require physical access to the voting equipment, something strictly controlled by each county clerk and monitored 24 hours a day, seven days a week by video surveillance.” All affected equipment underwent password updates, and state employees verified that no settings on any of the equipment had been altered.

The spreadsheet containing the BIOS passwords was published in June by an employee in Griswold’s office, and the employee subsequently left their position “amicably” before state officials discovered the passwords were exposed in October. A third-party law firm hired by Griswold’s office to investigate the leak concluded that it was the result of “a series of inadvertent and unforeseen events,” though state policies related to information security were violated.

The investigative report released by McCann’s office reached similar conclusions about the unnamed staffer, who is referred to as “Employee 5.” No other department employees interviewed by investigators “had any reason to think Employee 5 knew the hidden tabs were in the worksheet or had any ideological motivation to attempt to subvert the integrity of the election process,” the report says.

The Colorado Legislature’s Legislative Audit Committee declined earlier this month to launch its own investigation into the breach.

Colorado Newsline is part of States Newsroom, a nonprofit news network supported by grants and a coalition of donors as a 501c(3) public charity. Colorado Newsline maintains editorial independence. Contact Editor Quentin Young for questions: info@coloradonewsline.com.