Maricopa County Auditors Recommend Investigation by the Attorney General

1 DOCUMENT OVERVIEW
This document includes the Executive Summary of the Maricopa County Forensic Election Audit, a listing of findings

within the Findings Summary, as well as Recommendations based on our work in the audit.

For more details about the Methodology & Operations of the audit, please see “Maricopa County Forensic Election Audit – Volume II – Methodology and Operations.”

For more details about the Findings of the report, or to review the results from the hand-tallying of the 2.1 Million ballots, please see “Maricopa County Forensic Election Audit – Volume III – Result Details.”

2 EXECUTIVE SUMMARY

The preamble to our Constitution reminds us that our nation is always pursuing greater perfection, seeking to establish “… a more perfect Union” so that we can “…secure the Blessings of Liberty to ourselves and our Posterity.” Nothing is more essential in preserving liberty than free and fair elections. To that end, Cyber Ninjas was engaged by the Arizona Senate to audit the 2020 General Election and determine in what areas legislative reform may enhance our current process so that our elections may continue to get better, becoming “more perfect.” In doing so, it was our goal to improve confidence in American elections by identifying areas where legislation could resolve any identified issues.

This audit has been the most comprehensive and complex election audit ever conducted. It involved the hand counting of 2.1 million ballots, a forensic paper inspection of all ballots, a forensic review of the voting machines, and an in-depth analysis of the voter rolls and the 2020 General Election final files.

What has been found is both encouraging and revealing. On the positive side there were no substantial differences between the hand count of the ballots provided and the official election canvass results for Maricopa County. This is an important finding because the paper ballots are the best evidence of voter intent and there is no reliable evidence that the paper ballots were altered to any material degree.

Based on our other findings, however, we recommend that the Legislature tighten up the election process to provide additional certainty going forward, and that several specific findings of our audit be further reviewed by the Arizona Attorney General for a possible investigation. Such other findings include the following:

• None of the various systems related to elections had numbers that would balance and agree with each other. In some cases, these differences were significant.
• There appears to be many 27, 807 ballots cast from individuals who had moved prior to the election.
• Files were missing from the Election Management System (EMS) Server.
• Ballot images 284,412 on the EMS were corrupt or missing.
• Logs appeared to be intentionally rolled over, and all the data in the database related to the 2020 General

  Election had been fully cleared.

• On the ballot side, batches were not always clearly delineated, duplicated ballots were missing the required

  serial numbers, originals were duplicated more than once, and the Auditors were never provided Chain-of- Custody documentation for the ballots for the time-period prior to the ballot’s movement into the Auditors’ care. This all increased the complexity and difficulty in properly auditing the results; and added ambiguity into the final conclusions.

• Maricopa County failed to follow basic cyber security best practices and guidelines from CISA
  © 2021 Cyber Ninjas Page 1 of 4

• Software and patch protocols were not followed
• Credential management was flawed: unique usernames and passwords were not allocated
• Lack of baseline for host and network activity for approved programs, communications protocols and

  communications devices for voting systems

  Had Maricopa County chosen to cooperate with the audit, the majority of these obstacles would have easily been overcome. This did not stop the primary goal of offering recommendations for legislative reform to the Arizona Senate, but it did leave several questions open.

  Details on the findings discovered can be found in the document “Maricopa County Forensic Election Audit – Volume III – Results Details.”

  3 RECOMMENDATIONS
  The following sections outline the key recommendations that were determined over the course of this audit.

3.1 Result Reconciliation

Legislation should be considered that does not allow an election to be certified until the Official Canvas and the Final Voted File is fully reconciled. Furthermore, full records for every ballot sent, ballot received, ballot rejected, and ballot voided should have to be fully reconciled within a defined period after the election.

3.2 Voter Registration

Legislation should be considered that requires voter rolls to be entered in an individual’s full legal name and adds accountability for Counties that enter rolls in any other format.

3.3 Voter Rolls

Legislation should be considered that links voter roll registration to changes in driver’s licenses or other state identification, as well as requiring the current voter rolls be validated against the United States Postal Service (USPS) National Change of Address (NCOA) at a predefined period prior to every election. Any voter roll software should validate that there is only one entry in the state database per identification number, such as a driver’s license number.

Laws already exist for interstate reporting of changes in residence, addresses, and driver’s licenses. Tying voter roll registration to these forms of identification would greatly increase the likelihood that voter registration details would be kept up to date. Individuals are more likely to remember their license needs to be updated immediately than voter registration, and since most states now offer the ability to register to vote when getting a license, license updates could also update voter rolls.

It is recommended that the voter rolls be validated against the NCOA both 90 days or more prior to the election, in addition to a week before mail-in ballots are sent out. This check would not be utilized to purge the rolls, but to validate that a mail-in ballot should be sent prior to that ballot going out. The legislature may also want to consider whether a change of address should suspend Permanent Early Voting List (PEVL) enrollment.

© 2021 Cyber Ninjas Page 2 of 4

In addition, legislation should be considered to require the voter rolls to periodically be compared against ERIC, the Social Security’s Master Death List, or other commercially available tools that give access to this information. Failure to do this at least once a year should result in penalties for a county.

3.4 Election Software

Legislation should be considered that would require applications developed and utilized for voter rolls or voting to be developed to rigorous standards that ensure the confidentiality and integrity of the systems. Specifically, its recommended that the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) Level 3 be applied to all applications associated with voter rolls or voting and that it be required that this be fully validated no less than once every two years. Part of this testing should be explicitly testing an programming interface access to validate that no external party has the capability to manipulate the voter rolls.

Furthermore, it should be required that whoever builds the software be required to rotate vendors doing the OWASP ASVS Level 3 assessment a minimum of once every four years, with a rotation of no less than three vendors before returning back to a vendor utilized in the past.

The vendor who performs this work must be willing to attest that their assessment fully covered the ASVS Level 3 requirements that there are no critical or high vulnerabilities detected, and that there is a remediation plan for any moderate risk vulnerabilities.

3.5 Voting Machines

Legislation should be considered that would prohibit connecting tabulators, or the Election Management System Servers or similar equipment from being connected to the internet or any other mechanism that could allow remote access to these systems.

Furthermore, County employees should have access to all administrative functions of all election equipment and have sufficient access to independently validate any configuration items on the device without requiring the involvement of any 3rd party vendor.

In addition, electronic voting machines must always have a paper backup of all ballots which can be used to confirm that votes were cast as intended; and these machines must be regularly maintained according to the vendors recommended maintenance schedule.

Legislation should be considered that would require that paper stocks utilized on election day conform to manufacturer recommendations to ensure that the paper that has been tested in the device is what is actually utilized to cast votes.

Legislation should be considered that requires following all CISA Guidelines for Election Systems and Equipment, the documentation of any variations among these guidelines, and the signing off on a risk memo by the appropriate party for any derivations from those guidelines.

Legislation should be considered which requires the assignment of individual usernames and passwords for all election related equipment and matters.

© 2021 Cyber Ninjas Page 3 of 4

3.6 Election Audits

Legislation should be considered that creates an election audit department in charge of regularly conducting audits on a rotating basis across all counties in Arizona after elections. This department should validate that the County follows all processes and procedures outlined in the Elections Procedure Manual (EPM), and have the ability to penalize the County for repetitive EPM failures, or other failures that make auditing more difficult.

Legislation should be considered that requires batches of ballots to be clearly labeled, separated from each other in a manner where they cannot easily mix together, and easily connected to the batches run through the tabulation equipment for easy auditing of the system.

Legislation should be considered to penalize purposely inhibiting a legislative investigation, or an officially sanctioned audit of an election.

3.7 Ballots

Legislation should be considered that will make ballot images and the Cast Vote Record artifacts from an election that is published within a few days of the results being certified for increased transparency and accountability in the election process.

Legislation should further be considered that would require all ballots to be cast on paper by hand utilizing paper with security features such as watermarks or similar technology; with a detailed accounting of what paper(s) and the quantities utilized for any given election cycle.

Mail-in voting should incorporate an objective standard of verification for early voter identification, similar to the ID requirements required for in person voting.

© 2021 Cyber Ninjas Page 4 of 4