Most would find it hard to believe that Maricopa election officials and their “IT Teams” don’t have access to their election system above the user credentials of a “Poll Worker”. But this is exactly what Maricopa has said in several hearings and letters. Hard to believe, right? Senate auditor CyFIR said, “This is the highest level the County has provided us”. It would be similar to having only “Guest” access to all the PC’s, Tablets, or phones used by your entire family.
If it was discovered that a Maricopa employee had Admin User or Technician (Super User) level access, the Senate subpoena requires they hand it over. These highest user credentials were critical to many discoveries in Antrim County. So Maricopa continues to say this type of access is in the sole possession of other people, two full-time contractors. Coincidentally, they are not part of the subpoena and are both employees of Dominion.
Then how exactly did the EAC auditors that Maricopa hired gain system configuration access last February? Maricopa has now explained that access was provided directly by Dominion staff. They log into the machine for the auditors, then step away. This means Dominion was onsite working side by side with Pro V&V and SLI Compliance. This raises ethical questions for sure. In February, GP reported that IT activists monitored live feeds of the EAC audits, and also archived that footage.
Using carefully worded language, Maricopa has 3 varying explanations how EAC vendors gained access.
- “Dominion Voting Systems provides Pro V&V and SLI Compliance with the necessary passwords to audit their machines”. Maricopa’s May 17th response letter to AZ Senate. (Vendors say this is NOT TRUE).
- “EAC certified firms made the necessary arrangements with Dominion to obtain the necessary security protocols to perform their audits. Maricopa Election Department letter on May 17th.
- “VSTL’s worked directly with Dominion to access the necessary administrative security permissions to conduct their Maricopa audits”. Election Spokesperson Megan Gilbertson, in a tweet (below image).
In a recent interview for GP, the President of Pro V&V was specifically asked: Did Dominion provided user credentials or passwords to Pro V&V, Maricopa County employees, or both. Jack Cobb said “They logged in for us. We didn’t want any responsibility for the security of the 2020 election”. Contradicting the Board of Supervisors May 17th letter, Cobb said neither EAC vendor had passwords. His Field Audit Report says county employees provided access, not Dominion staff: “provided access by qualified Board of Elections Employees”.
If Maricopa is correct, then Jack Cobb’s Audit Report is wrong. It was Dominion who provided him access, not Maricopa Election employees. Their staff all seem to know each other – EAC, Dominion, SLI, Pro V&V. So is it possible to not know who’s accessing the equipment you’re auditing? However, if Jack Cobb is correct, then Maricopa has county employees who provided him Super User access. The County is not sharing that with Senate auditors.
According to Ben Cotton of CyFIR: “Without the ability (user credentials) to validate the configurations of their own systems, they can’t validate their own policies or procedures are being carried out. There is a difference between what Maricopa says in public statements and with what they can actually validate or verify on their own tabulating (election) systems. Maricopa employees can’t even validate there were NOT Verizon wireless cards inserted and touching the internet.”
