In response to election security rules being violated during the 2020 election, the Colorado Secretary of State’s Office has adopted temporary elections rules that include measures to ensure the security and custody of Colorado’s voting systems.
The new rules include measures restricting physical and electronic access to the voting system, and outline the enforcement mechanisms necessary to ensure election security compliance.
“Every Colorado voter, Republican, Democrat, and Unaffiliated alike, deserves accessible and secure elections. As Secretary of State, I will always protect the integrity of our election system,” said Secretary Griswold. “These rules address emerging security risks and will reinforce Colorado’s national leadership in election security.”
In a press release, the Secretary of State’s office said that following security protocol breaches and violations of Election Rules in Mesa County and Elbert County, it is imperative that temporary rules be adopted and become effective immediately to reinforce the continued security of Colorado’s voting equipment and voting systems.
Ahead of the 2020 election, Mesa County’s voting election equipment was banned when a local county clerk allowed an unauthorized person into a secure facility during an annual upgrade to the county’s election equipment software which, according to Sec. Griswold, compromised the equipment. Following the Mesa County breach, the Elbert County clerk made a copy of the county’s election server, which Sec. Griswold said is “a potential breach of election security.”
Key provisions of temporary rules, which have been implemented immediately, include:
- Password and User Account Security: Creates various additional requirements for passwords and user accounts for voting system equipment.
- Acceptable Use Policy: Requires signing of the Department of State’s “acceptable use” policy for voting system equipment for individuals who will have access to that equipment.
- Hard Drive Imaging: Prohibits the creation of images of the hard drives of the voting system equipment and disclosure of such images without prior approval by the Department of State.
- Trusted Build Procedures: Addresses procedures that county clerks must follow during a trusted build, including that evidence of a successful background check must be disclosed to the Department of State for all individuals who will be present during the trusted build. In addition, the county clerk must ensure that the trusted build is conducted under video surveillance.
- Seal Requirements: Counties must continuously comply with seal requirements and may not allow any unattended voting system component to remain unsealed at any point after trusted build has been installed on the component.
- Access to Secures Areas and Voting Systems: Any individual who is prohibited from having physical contact with any voting equipment under section 1-5-607(1), C.R.S. may not access a room with voting equipment unless accompanied by one or more individuals with authorized access. This means that in counties with a population over 100,000, elected officials may not enter a room with voting equipment alone. Prior to the temporary rules, only physically accessing equipment was restricted.
- Access to Election Management Systems: Counties may grant administrative privileges to no more than four individual users, which is a decrease from 10 previously authorized. Further access permission must be approved by the Department of State. Counties must identify the employees with administrative privileges in the security plan filed with the Department of State.