All Episodes
Previous Next
Plain Text
Sept. 26, 2021 - The Charlie Kirk Show
02:56:35
FULL Unedited Arizona Senate Hearing of the Maricopa County Audit
Transcriber: nvidia/parakeet-tdt-0.6b-v2, sat-12l-sm, and large-v3-turbo
|

Time Text
Welcome To The Unedited Hearing 00:04:53
Hey everybody, the unedited Senate hearing for the audit results.
Hear it yourself.
Only thing I'll ask you to do is please consider supporting the Charlie Kirk Show podcast, charliekirk.com/slash support.
We just take the audit hearing.
I thought it was so important that you hear it, you listen to the details, and listen to our sister episode where we give our commentary on it, charliekirk.com/slash support.
That's charliekirk.com/slash support.
Thank you to Alan.
Thank you to Maria, and thank you to Brian for your very generous support that allows us to do what we do at charliekirk.com/slash support.
This is the unedited Senate hearing of the Maricopa County Audit.
I think you will all enjoy it.
Buckle up.
Here we go.
Charlie, what you've done is incredible here.
Maybe Charlie Kirk is on the college campuses.
I want you to know we are lucky to have Charlie Kirk.
Charlie Kirk's running the White House, folks.
I want to thank Charlie.
He's an incredible guy.
His spirit, his love of this country.
He's done an amazing job building one of the most powerful youth organizations ever created.
Turning point USA.
We will not embrace the ideas that have destroyed countries, destroyed lives, and we are going to fight for freedom on campuses across the country.
That's why we are here.
That is a true statement.
They were close.
Now, I find it ironic that our Secretary of State and a few others have called this a sham audit, that you can't trust it, you can't believe it.
Well, the interesting fact is: truth is truth, numbers are numbers, and we've said that from day one.
What you're going to see is exactly what it is: the truth.
And those numbers were close within a few hundred.
But what you have not seen and not heard yet, which is what you are going to hear right now, what you have not seen and you have not heard is about the statutes that were broken, how the chain of custody was not followed, how we had a number of issues, which is why people question the ballots and the elections.
So, I ask that you please keep an open mind.
I please ask that you listen to this because the reality of this is what this is all about: making sure your vote counts.
Senator Peterson.
Thank you, Madam President.
I would join you and welcome everybody here who's here in person, listening, or watching this historic event.
This is the first time in the history of our country that an audit of this scale and magnitude has ever been conducted.
It's unfortunate that it is an incomplete audit due to the lack of cooperation and the obstruction from the county.
However, in spite of that, this is still the most complete audit that has ever been done.
The goal here, as the president has said, is election integrity.
Our citizens have demanded it.
The importance of our society having faith in the election process cannot be overstated.
The number she gave of people who had concerns was significant, but even if it was much less, it would still merit this type of an audit to bring reassurance to our citizens.
This report should help the Senate understand what has been working, what needs improvement, and whether further investigation by law enforcement should occur.
So, I look forward to receiving this report with all of you at this time.
Thank you, Senator Peterson.
With that, we will start with our first presenter.
Our first presenter is joining us via Zoom because he lives on the East Coast.
His name is Dr. Shiva.
He was the one commissioned by the Senate.
And that was because we finally got the envelope ballots, or the ballot envelopes, so we could check signatures or lack thereof.
And this was his part of the audit.
Dr. Shiva, welcome to the Arizona Senate.
How are you today?
Thank you very much for having me, Honorable President Fann.
Thank you very much.
And also, Senator Peterson.
Thank you.
The floor is yours.
Please proceed.
Thank you.
Before I start, I have a presentation.
This is also accompanied by a report.
I just want to make one prefaratory remark, and that is, as a follow-up to Senator Peterson, we live in the age of what we call engineering systems, complex systems, taking an airplane, using an iPhone, self-driving cars.
Examining Early Voting Systems 00:05:34
These are highly complex systems, but what are known in the modern world as engineering systems?
Our election voting systems are also engineering systems.
And I want to thank the leadership of the Senate, the stakeholders, because they've taken a historic step here to bring the same level of engineering systems capabilities to election voting systems.
And one of those important attributes is that whether an anomaly is small or large or insignificant or monumental, it all must be welcomed because from an engineering standpoint, it can only do one thing.
We just enhance the system.
So today, as Senator Fan President Fan said, I'm going to be sharing with you a particular area that we looked at, which was looking at the early voting ballot return envelope images.
And that's what I'm going to share with you.
So let me begin.
I'm going to start at the PowerPoint.
And I think I need to share the screen here.
Let me see if I can share first.
There.
All right.
Let me start here.
So the title of this talk is Pattern Recognition Classification of Early Voting Ballot Return.
The screen is blank.
Oh, it's blank?
I'm sharing.
Always a technical problem.
Okay, let me stop this here and restart it again.
Let's try that again.
There we go.
Thank you.
That worked.
Okay.
And so the title, as I said, is a pattern recognition classification early voting ballots return envelope images for signature presence detection.
We're not doing signature detail verification, but we're doing signature presence detection.
And we're taking an engineering systems approach.
So let me begin.
I will go through this agenda.
We're going to give a little bit of background.
We're going to review the Maricopa results.
We're going to go through what our analysis resulted in and then compare them and then report on some of the key findings and anomalies and then also raise questions for Maricopa officials and then propose some recommendations.
So the executive summary of this to sort of summarize the whole talk here today or the findings is that the early voting ballot, the return envelope, you really want to think about that's really the protective vehicle by which the EVV, which is the early voting ballot, is transported and processed.
And the authentication, the verification of the signature on the EVB return envelope is critical to reliability of the entire process.
And our audit reveals anomalies raising questions on the verifiability of the signature verification process.
So let's begin.
So a little bit of background.
You can read more about it, but I was selected.
I was honored to be selected because my background for more than 40 years has been in the field of pattern recognition and classification, particularly system science.
And it goes back a long period of time.
But just very briefly, you know, in this field, you look at reality.
In this case, we're looking at the electronic, the election voting, the early voting ballot system, and then you try to model it.
That's typically what science and engineers do.
For example, for many years, I looked at how babies were processing sleep and trying to understand their system by looking at sleep patterns.
Same in the area of deathblind communications.
Again, you have the reality, you have signals, same in the area of looking at a bridge, and you get signals from it.
Based on the signals, you're trying to predict what's going on in that bridge.
And same if you look at an aircraft wing without having to open it up, you look at these signals and you're trying to predict what's going on.
And for many years, we did a project on looking at handwritten bank check numerals.
And these different areas, including email, looking at what's inside of an email as a system, these are all pattern recognition problems.
And in fact, if you look at food, trying to figure out will this food cause different kinds of diseases.
But the reality in this area is you're looking at the particular real world and you have a model.
You can look at the heart, you can look at the cardiovascular system of that.
And you can say, hey, I have some states of this system which are normal signals and some states which are abnormal signals.
So in this case, what we're looking at is we have the early voting ballot system and we have the early voting ballot return envelope images.
These are the signals that we received to try to figure out what's going on inside that system.
So you have the reality of what took place and you have the expression of that which is embodied in those images.
And this is what one of those images looks like.
You have an image, you have upper left the name of the voter, and here you have the signature.
And we were asked as a part of the scope of this audit not to look anywhere else, but to look in this signature region and to look to see if there was a normal state, a signature there, or the abnormal states, blanks, split into two, and I'll talk about more in detail: a complete blank or likely blank, or what we call a scribble.
A scribble is something trying to get into the direction of, hey, was this signature even valid?
Okay.
And it's a very, very rudimentary step we took, not full signature verification.
All right.
So, early voting ballot system, and you have these images.
So, before we head into the actual process we did, let's look at the reality of what took place.
Verifying Signature Images 00:05:52
So, this is on the left side, the actual reality of what was reported by the Maricopa County in their voter education report.
In fact, what was called their Canvas report.
And what we see here, if you look carefully, here are the numbers that they reported from 2016, but more importantly, we're concerned about 2020.
And in 2020, one of the lines in their report is called the early ballots verified and counted, which has 1,915,487.
And the rejected early ballots, which are these numbers, are the ones that were not included in the final count.
Bad signatures, which means they went through a signature verification process.
And out of that, 587 out of the 1,918,463, which is all of them were deemed to be bad signatures.
And the way we get this number is you take all of the ones that were verified and counted.
The ones that were bad signatures, there were some which were no signatures, which were blanks, and then late returns.
So to be clear, according to the report, this was a total number of early voting ballot return envelopes received by Maricopa County.
To make it a little more clear, we have 1,918,463 total unique EVV return envelopes, of which 1,455 were found to have no signatures.
And at the end, there was the, and an amount of 1,917,008 was ready for signature verification.
And as a result of that, 587 were found to have bad signatures.
Now, in signature verification, it's a detailed process.
You can read the report, but counties vary.
And Maricopa is considered along with Florida, apparently have one of the better signature verification processes.
But according to that, out of the entire lot of 1,918,463, 587, after this verification process, where someone looks at the signature and they look at the voter registration signatures and they're doing typically what's called a 27-point analysis.
So 587 were found to have bad signatures, 934 with late returns for a total amount, which matches with what was reported, of 1,915,487.
Okay, so this is Maricopa's reported results to the public.
The scope of our audit, just to, I'm going to go through the scope of this audit by also going through the process.
So it'll be somewhat educational.
When early voting ballots, which some people, which is a subset of those, are called mail-in ballots, are submitted, those ballots are imaged, which means scanned, converted to digital images.
So the EVB return envelopes, we're talking about the outside, the covering, that important covering within which is contained the ballot, is scanned before they're even tabulated.
So the EVB return envelopes are opened and scanned.
Okay?
And those create images.
In fact, there are six different kinds of EVB return envelope formats.
Let me walk you through some of them.
And here's sort of a little bit closer, but let me walk you through some of them.
So this is a majority of them.
We've called them the standard image files.
This is for our lingua franca.
This may not be the standard language, but for the purpose of this presentation.
So this is one way that they look.
There are also another set called Yukava image files, and there's three different kinds.
Here you have the signature here, the date here, the name of the voter here.
Another version of that is a little more complicated.
It's more of an affidavit.
The signature's here, the name of the voters here.
And obviously, we redacted stuff for privacy.
And a third type of the UCAVA is type C.
So you have UIFA, B, and C. All right.
Then finally, we have large print image files, LIFs, and these are for people who have trouble seeing.
So the instructions, everything are larger.
And then finally, you have the Braille format.
So again, six different image formats that we had to process.
Let me walk you through the counts that we got.
We got a drive with all of these images on them.
The SIFs, which was the first one I showed you, there's 1,919,598, which is about 99.5%.
The UIFAs, 8,849, 0.459%.
The UIFBs, 277, 0.014%.
And if we go to the UIFCs, which are the affidavits, which a small set, which are 0.001%.
And then finally, we have the large formats, which are 475, 0.024%, and the Braille, about 29 of them, 0.002%.
And that added up to all of them.
So for the audit, we were provided by the Arizona State Senate 1,929,240.
And these were apparently all the EVB return envelopes that Maricopa County got.
Okay.
What we noticed when we looked at this, which was fascinating, our first interesting, I guess wasn't an anomaly, but something we were a little bit surprised because we thought the duplicates would have been removed, but there were duplicates in here.
So we had to remove duplicates.
So out of those set, there were duplicates.
So these were the duplicates.
We found about 16,934 voters who had submitted 16,934 two copy duplicates, which means each of those voters submitted two ballots.
Okay, two return early voting ballot return envelopes.
Interesting enough, we also found another 188 voters, unique voters, who had submitted 376 duplicates.
Analyzing Duplicate Ballots 00:15:13
So the total image count was 564 once you removed the duplicates, right?
Because you want to take one of them.
And then finally, we found also four individuals who submitted 12 duplicates, total images being 16.
So the total duplicates was 34,448 total images, of which 17,332 or 322 were duplicates from 17,126 voters.
This was, by the way, we'll get to it, was not reported in the report.
So when you look at the first level of analysis on our the data that we got, 1,929,240 EVB return envelopes received, we subtract out the duplicates, and then we have 1,911,918,000.
Okay.
So then the process that we were really commissioned for was to do a very, you know, basic analysis to see is there a signature there or not?
Signature presence detection.
So in that process, again, the goal is, is there a signature there in the signature region?
Interestingly enough, some people don't follow instructions.
They write all over, but it wasn't our job to go scan everywhere.
Our job was to look in that signature region.
So again, specifically, we looked in that signature region.
One category of the signature region has a signature, another category is blank, likely blank, and scribble.
And just to keep it real simple, it was a very simple classification.
If it's 0% non-white pixel density, which means nothing in that area, it's a blank.
If it has a little bit, 0% or greater, but no more than 0.1%, like this example here, we put it into another category just for early classification purposes.
We called it a likely blank.
And then if it was greater than 1% density, greater than 1%, or that was denoted a scribble.
And what's interesting in anything over greater than 1%, by the way, this is actually, this should be 0.1% to 1%.
Slight mistake here.
So this is greater than 1%.
So let me repeat, this should be greater than 0.1%, less than 1%.
Please correct that.
And this is greater than 1%.
All right.
Then what we did was we did a distribution curve.
We looked at all of the ballots and we did a distribution of pixel densities, just to give you an idea of how liberal we were in accepting something as a signature.
So if you look at this, it was only this little area here, which is between 0.1 to 1%.
That's the definite non-white pixel density.
That's a scribble.
Everything else, we were quite liberal and accepted those as signatures, even in our analysis.
So again, we were not hired to do signature verification.
All right.
Now, after this, typically signature verification would take place, which is what the county did.
And then they would also open up then the ballots and then open up the envelopes and tabulate them.
So let's go to our signature presence detection.
So we took a ballot, or it could be any ballot.
First of all, we classified it into one of these six categories.
That's what the system did.
And then for each one of the, four of those, we removed the duplicates, as I've shared.
And then we looked at the ballots.
Once we knew which one it was, we identified what kind of region we extracted the region if possible, though this was not part of the scope.
We also tried to extract the name, and we were able to do that for close to, I think, 99% of them.
So we also used different types of classifiers, which is in pattern recognition lingo, for each one of these different kinds of ballots to ultimately put them into one of these four buckets.
So let's look at the results.
So we're first going to look at the non-duplicates, which means all those early voting ballot EVB to be simple return envelopes, which were non-duplicates.
And here we see predominantly 99.77% we denoted a signature.
Again, anything greater than 1% pixel density.
These scribbles we found were 0.13%, okay?
2,420.
And the blanks fell into two groups: the definitive blanks of 1,771 and the likely blanks at 101.
This adds up to 0.1%.
Okay, then we also looked at the counts.
So of these, you had, just to be clear, we had 2,420 scribbles and we have 1,872 blanks.
We put both of these together in our sum total.
Similarly, we now went and looked, this was a little more complicated, at the two-copy duplicates because we had to deal with those.
There was a substantial amount, 34,000 of them, 34,000 and more.
So the duplicate recognition split it into three, in fact, three groups, but we had subgroups.
So there could be, you know, you have the, if you think about it, the mother and the son, or the mother and the daughter, okay, or the parent and the child relationship.
So one of the two, one could have been a signature, and one could have had a signature.
One could have had a signature, the other could have had a blank, one could have had a signature, that could have been a likely blank, one could have had a signature, and C denotes scribble.
If any one of them had a signature, we said, okay, we call it a signature.
Alternatively, in the scribble area, one could have had a scribble, the other could have been a blank, one could have been a scribble, other could have been likely, one could have been a scribble in a scribble.
These were denoted as scribbles in the duplicate case.
And then finally, you had ones that are blank, blank, blank, and likely blank, and likely and likely blank.
Those were denoted as blanks.
All right.
So let me, just to give you some feeling of what these look like.
So here is one from the same person.
Again, for the purpose, we're not allowed to share the names of voters, et cetera.
But you can see here that here's one.
There is a signature here and there's a signature here.
Okay, that but they are both the same.
So these are both signed.
So two ballots, both signed.
Another example is one is signed and the other is a blank, a complete blank here.
In fact, in the signature regions, we're concerned with.
Another is signed and the other one is a likely blank.
It's got some stuff here.
So Echo Mel categorized it as a likely blank.
Here's an example where you have a signed one, but you have a scribble over here.
Okay.
And then here we have the here you have a scribble, but here you have a blank, but it has been verified and approved.
And we'll talk about this later.
We'll come back to this.
Here you have one that's a scribble, a little bit, some stuff here, and a likely blank, and the one with the scribble was approved.
Here you have two scribbles, and one of them was approved the exact same ones.
And here you have one with a blank and a blank, and this blank has been approved.
And here we have one which is a blank and a likely blank, and a likely blank with a little dot over here has been approved.
And similarly over here, we have a signature and a likely blank, and again, a likely blank is being approved.
And here's an example of a three-copy one.
We have three copy duplicates, all are blank.
And we'll come back to showing how they were approved or not.
And here's an example of three-copy scribbles.
All right.
So that gives you an understanding of the flavor of these analysis we had to do of the two copy duplicates.
And so on those two copies, we categorize these ones in green as signatures, the ones in red as scribbles, and the ones in blank as sorry, black as blank, ones in red as scribbles.
So again, you have for two copies, 16,934.
And these are the counts on that.
So you have 155 scribbles from the two copy, 45 blanks from the two copy.
Interesting enough, we also had three copy and four copy analysis we get to do.
I'm not going to go into all the details of this, but there were also three copy and four copy duplicates.
There were two sets of three copy which were blank.
I'm sorry, two sets which were scribble, five which were blank.
So now we do the totals calculations.
So if you add the non-duplicate blanks, 1,872, two-copy duplicate blanks, 45, and then two three-copy duplicate blanks, you get two.
So 1,919.
Similar, if we do the scribbles, 2420 for the non-duplicates, 155 for the two copy, 5 for the three copy, we get 2,580.
So our net results state that we received 1,929,240.
The 17,322 were removed to get this many unique return envelopes.
And then we subtracted the non-signature and what we call scribbles to come up with a total of 1,907,419.
So this is what we would have sent to, in this analysis, should have gone to signature verification.
Now let's do the comparative analysis, which is looking side by side what Echomail uncovered from the audit and what Maricopa had.
So how many EVB return envelopes were received?
Well, in the disk drive that we received, this is a number, but we don't know.
In fact, it's not reported in the Maricopa report how many actual return envelopes they receive.
The duplicates, we have 17,322, which we subtracted.
This is unreported.
So when you compare the unique EVB return envelopes, what you find is that Maricopa has 6,545 more than we have in the possession of those image files after you remove duplicates.
Now we go to the signature presence detection.
We discovered 1,1919 no signatures.
They reported 1,455.
So in this case, we have 464 more blanks.
In the scribbles, they don't have a scribbles category, and we'll discuss that.
If we start thinking about these scribbles as potential bad signatures, we'll get some insight.
But at the end of the day, what went to signature verification at Maricopa was 1,917,008, which is 9,589,589 more than we would have sent pursuant to this analysis.
They also had bad signatures and late returns that we talked about.
Now, I want to go to the key findings and anomalies.
You've seen the process.
You've understood the methodology.
We've gone through some detail.
Let's go to the highlights here.
So these are the key findings, and I'm going to go through each one of them.
One of the key findings is it's unknown how many EVB return envelopes were originally received by Maricopa.
We had 34,488 duplicates from 17,126 unique voters.
It's actually duplicate images.
Maricopa reported no duplicates in the Canvas report.
We have 464 more no signatures, which means blanks, than that were identified by us versus Maricopa.
Maricopa has 6,545 more unique EVB return envelopes.
This is what's interesting.
If you consider our scribbles, again, a very, very low tolerance in pattern recognition, having done this for over 40 years, you know, we could have used like 36 features.
We used one single feature, pixel density.
We would love to use more features, but just using that one feature at a very low threshold, threshold is key here, we've identified 2,580 scribbles, which would have assumed they're all bad signatures.
Maricopa identified 0.031%, which is what that 587 represents.
This actually represents four times that.
We'll come back to that.
Finally, Maricopa has 9,589 more net EVB envelopes that was submitted to signature verification versus what we have.
And what we're also going to see shortly is that we're going to see that we also saw through further analysis of 25% surge of duplicates in the last six days between November 4th to the 9th.
We also saw some very interesting other anomalies where blanks of duplicates were being stamped, verified, and approved.
We also saw stamps of verified and approved in blank signature regions, and I'll share with you those.
What's more interesting, I would consider this potentially a critical anomaly, is that we saw the verified and approved stamps appearing behind the envelopes.
And I'll show you this.
It's almost as though it was imaged on there, or I don't want to say, you know, Photoshop, but put on there.
But it's quite fascinating.
I'm sure there's some explanation for this.
And then finally, we have cases where we have two different voter IDs having the same address, same phone, same name with matching signatures.
So let's go look at some of these anomalies a little more graphically.
Anomaly one, Maricopa reported only 587 bad signatures.
To give you some idea, that's 0.031%.
And for people who didn't really like math, I thought I'd make it a little more pictorial.
So this would be one bad signature for every 3,268 early voting ballot envelopes.
So if you think about 1,918,463 early voting ballots, the unique ones that Maricopa said they got, and for each paper, by the way, the size of the paper is 0.1 millimeter, and you were to put them up, you would get 630 feet.
That's the size, believe it or not, of the St. Louis Arch.
That height, when compared to the bad signatures, would be only about 2.31 inches.
So just to give you a pictorial understanding, a very, very low percentage was considered that.
So again, that would be, to be specific, 0.0306% of all EVV return envelopes were deemed as bad signature.
Okay.
In our case, the anomalies, we discovered 2,580 bad signatures, scribbles.
Again, very low tolerance, which is 0.135%.
And to give you an idea, just to state it again, we were not commissioned to identify, we were commissioned to identify the present blank scribbles and signatures, not to perform signature verification.
So scribbles alone were considered bad signatures.
And EchoMail itself identified 335% more bad signatures than Maricopa did from its entire signature verification process.
Okay, very important point here.
And by the way, if we go look back at the state of Arizona 2016 general election, out of the 2 million ballots that came in, they had a signature mismatch rate of 0.13%, close to what we would have had if we just included those scribbles.
All right.
Again, just to restate, the scribbles are a very, very low threshold.
We were not asked to do signature verification.
Again, anything between 0.1 to 1% pixel density.
The third anomaly is, this is again, focusing on signatures.
We did a randomized analysis of just a supervised review, which is human review, just randomly looking at signatures, their legibility.
Again, this is a wonderful analysis that can be done in handwriting.
Investigating Signature Anomalies 00:14:25
Four weeks before the election and four days after.
We can't share with you this, obviously, but we found out four weeks before 95% were legible signatures and only 5% were illegible.
But four days after, 5% were legible, 95% were illegible.
If I were to do a heat map, again, this is a representation, it would look like this: where the red represents illegitimate and the green represents legibility.
It would look like this if you wanted to visually do this.
And if we had more, if we were commissioned to do this, we could do this.
But you can see a market difference between legibility.
There could again be an explanation for this.
Fourth anomaly: as the EVBs, which means the electronic voting ballot, I couldn't put the word envelopes, but I think you get the idea, increased by 53% in the general election from 2016 to 2020 in Maricopa, bad signatures decreased.
Let me explain what I mean by that.
So in 2016, which is, you know, in the previous election to 2020, 1,257,179 return envelopes were submitted.
1,456 were considered to have a mismatch with a rejection rate of 0.116.
In 2020, we have nearly 56%, sorry, 52% more return envelopes, but the signature mismatch rate goes down by nearly 56%.
So it's gone down by a significant number here, okay, nearly four times.
So this went up, the other two came down.
A very interesting inverse relationship, which would be, again, one of the questions we have for Maricopa officials.
Anomaly number five is: there's no mention of duplicates in Maricopa Canvas report.
Again, if you look here, here's a Canvas report, there's no mention of duplicates here.
We, in our case, we found 17,126 voters sent in two or more ballots as duplicates, as you've seen before.
Anomaly six is 25% plus or more of the duplicates came in during November 4th to the 9th, essentially on election day and after.
So how did we find this?
Well, here's a plot.
Again, let me walk you through this on the y-axis is a number of early voting ballot return envelopes, and we're plotting it by date.
And again, this is based on the drive we got, which were time stamped by particular days.
So it almost looks like an interesting heartbeat here.
So on this day, 10, 14, nearly, you know, 200,000 envelopes came in.
On this day, nothing came in.
So you get this interesting heartbeat signal.
Then what we did was we said, why don't we, on top of this, layer in the blanks, scribbles, and duplicates.
Again, since the axis for the EVBs is higher, that's on the right axis.
On the left axis, I've done the totals for the scribbles, blanks, and duplicates.
What's fascinating is you notice in the early part, things are following the heartbeat, okay?
But somewhere along here, particularly on October 26th, this heartbeat starts sort of separating, particularly the saffron line is the duplicates.
So you have the duplicates stop matching in many ways this heartbeat.
So here everything stops.
So what we did was we did further analysis on the blanks, I'm sorry, the duplicates and the EVBRE.
And this is what's interesting.
So what we're plotting here is the duplicates as a function of the daily percentage of EVBs.
So here's a signal, but what you see is you see suddenly this, what you may call a significant growth in percentage.
In fact, in several of these days, there's 96% of the ballots that came in on two of these days are duplicates.
So there was a serious number of duplicates.
In fact, the area under this curve is close to 30%, 25%, 30% of the duplicates came in between November 4th to November 9th.
And that motivated us to also on the same plot drop the blanks and the scribbles.
And you see the same phenomenon there.
Anomaly seven.
I'm sorry, I've already gone through that.
The next anomaly is: we also noted that the EV33 system, which is the system that is the one that contains all the early voting ballots, had 932 voters who submitted duplicates versus the 17,126 that we identified.
But what's fascinating is when we matched those 932 voters against R17, 126, only 2,138 voters matched.
Let me repeat that again.
The EV33, as we understand, we're not experts, that this is a system where all the early voting ballots are stored.
When that was gone through and found that 9,382 of those were voters who'd submitted duplicates, clearly this should be a subset of ours because we're supposed to have all the early voting ballots.
We found out only 2,113 matched.
And let me just walk you through some of these duplicates where the duplicates are stamped and also approved.
So you see the duplicate, and here it's being stamped.
Nothing on here, it's being approved.
Duplicate one, duplicate two, this one is being approved.
And again, all of these came in after November 4th.
Same here, another duplicate being approved and a blank.
Here's another one: example three, two duplicates, the blank being approved.
Same here, fourth example, and there are many others, but these are pure blanks and they're being approved.
In fact, this is a three-copy duplicate where two are approved.
So one voter sent in three copies and two got approved.
Another one is three-copy duplicates where one is approved.
All right.
The next anomaly is verified and approved in the blank signature region.
So what do I mean by that?
So this is blank, but they're verified and approved as appearing right in the blank.
Again, this is process issues which we'd love to get answers to.
So same thing here.
Same thing here.
The verified and approved is right there.
And then finally, this is an interesting anomaly where we have two EVBs from two EVBs where people have the same voter ID, same name, address, and phone number with matching signatures with two different voter IDs.
Okay.
So we had to redact this, but imagine if you could see this, there's a person's name here and address, which is the same as the name and address here.
Very similar matching signatures, same phone numbers, but they have two different voter IDs.
So let me repeat again: two different voter IDs, same name, matching signatures, as if you looked at them visually, same phone numbers.
And another example here.
Actually, there's three examples here.
Another person here, we call, by the way, there's not a person called John Doe.
This is a, just to protect the innocent.
And this is Jane Doe.
Again, matching signatures, same address, same phone number, but two different voter IDs.
Same here, two different voter IDs, same address, same name.
We don't have a phone number here, et cetera.
So we have three examples of that.
Then finally, the last anomaly I want to show is where we saw something fascinating is where the verified and approved stamp, and you have to look at this carefully, it's occurring behind the envelope triangle.
Let me explain.
So if you look at this carefully, this is an image of an envelope.
Here is a triangle, which is pointing people to print here.
Now, you would think if it was stamped, this stamp should be over this image, but it is actually behind the triangle.
All right, and you see it here again, close up here.
These are all different ballots which were approved post-November 4th, predominantly, where the image of the verified and approved is behind this.
Now, maybe this is done for a good reason, maybe it's an imaging technology, but typically you could, you know, if you use Photoshop, you'd have layers, but I don't want to even accuse that, but I just want to say that it is interesting that the verified and approved is behind the envelope here, the envelope triangle.
All right.
So, again, there's some examples here.
So, questions.
These are the questions we have for Maricopa officials.
One is: did Maricopa receive any duplicates?
Again, I've gone through, he received, we have in our possession 34,448 images representing 17 duplicates from 17,126 unique voters, two copy, three copy, four copy.
The word duplicate does not show up as a keyword in their report, but it would be interesting to know if duplicates exist.
The second one: is there a reason that Echo Mail has no more or no signatures than reported by Maricopa?
Is it because we solely analyze only the signature region?
And if not, why?
The next question is: why did EchoMail detect more scribbles in Maricopa's reporting of bad signatures?
Again, this comes to the point which I probably emphasized enough here.
But if our scribbles at that less than 1%, 0.1 to 1% pixel density were considered bad signatures, that is significantly more, three to four times more than the Maricopa's 587 bad signatures.
And the other question is the date stamps and the directories that we have, the date on which the EVB return envelopes were received by Maricopa officials.
We've assumed that when we did our time temporal charts, and then finally, why does the approval stamp verified and approved appear to exist only on a small subset of the EVB return envelopes?
Out of all the 1.9 million, that verified and approved, we find most of them exist after 11.0, after election day, but very few sprinkled.
So, out of all those envelopes, our initial supervised review reveals maybe 10% have this stamp on them.
The other thing is: did Maricopa stamp some EVB return envelopes as EVB approved, even though signature, even though signature is blank, since they found a signature elsewhere?
And that would be good to know.
How did they do that?
What is the adjudication process?
Finally, all of this leads to a very important set of things from an engineering standpoint.
What is the standard operating procedure?
We call it an SOP for the EVB processing.
If in any engineering system, you have the SOPs.
Because again, we're relying on this very, very important process of the signature and its verification.
What is the SOP for the signature verification?
And what is the SOP procuring of questionable signatures?
And finally, what is the chain of custody?
Talk a little bit more about that.
And the last set of questions is: why was there a sudden surge of duplicates during 1104 to 1109, which is incongruent with the trend we were seeing with the early voting ballot return envelope counts?
Finally, why is a verified and approved stamp envelope appearing behind the printed envelope triangle?
How does that happen?
Is there some imaging that's done?
Are the envelopes printed?
I mean, it's a very, I just have a question from an imaging standpoint.
And the other question is: can two voter IDs, can two different voter IDs, be associated with the same person at the same address of matching signatures?
Is that allowed?
And then finally, why are blanks being stamped as verified and approved?
And then, more importantly, why is a stamp verified and approved appearing in a blank signature region?
So, those are our questions.
In conclusion, as I started this conversation, the EVB return envelope is a container of the ballot.
It's a very important thing.
I mean, if you think about the human body as a system, your skin is what contains you.
That envelope is what contains these values.
A very, very important part.
So there's significant opportunities to enhance precision, verifiability, reliability, auditability, and reproducibility.
In the world of engineering systems, we call these properties.
And these anomalies give us a wonderful opportunity to enhance at least these five attributes.
So we believe what needs to happen is that our conclusions, a signature verification process, no pun intended, is unverifiable.
Okay, we can't really verify this process.
And there's a lack of systems integration and reporting.
Example, the EV33s, which should have all the early voting ballots, just on the duplicates issue.
We haven't had time to do a full systems integration.
That wasn't the scope.
But even on the ballots, we have far more duplicates than what are even in the system.
And currently, to us, because we haven't been able to get access to the standard operating procedures, that is opaque and non-transparent.
So the future research we believe that is absolutely necessary is we need to do full signature verification audit, which means do the full 27-point analysis.
We have the capability right now, we have everything imaged.
If we have the, if we acquire Maricopa's SOP for signature verification, if we can get their 27-point analysis algorithm, we can replicate all of this and using the algorithm that they have, define an actual false positive, false negative error rate.
What I mean by this is this would be a profound opportunity for improving U.S. election processes because this has not been done.
You read literature on the left or the right, everyone complains that the signature verification process has significant issues.
We have an opportunity right now with this data and the opportunity here to do a 27-point analysis and really come up with an actual rate, which would give us a scientific metric of the confidence value of the entire EVP system.
And finally, we need to review the chain of custody.
Today, what happens is when a signature is, there's questionable signature, people call the person, they contact them, and then they have some conversation, which is then verified.
Where are those conversation records?
Are those tickets stored anywhere?
And do we have access to that?
That's it.
Thank you, everyone.
Thank you very much.
I'll take questions if there are any.
Dr. Shiva, just before you get off here, I think it's really important that we know your credentials.
Dr. Shiva's Academic Credentials 00:03:14
You kind of just breezed through that slide.
Can you go back to that real quick and just go over your credentials for everybody?
So that's important for us as we're reading your report.
Sure.
I appreciate the opportunity to share that.
Let me bring it up.
So let me just give you a little bit of my background.
I have four degrees from MIT, a PhD in biological engineering, and what's called computational systems biology, which is all about doing computation recognizing patterns.
My master's is also from the MIT Department of Mechanical Engineering, where I did computational weight propagation to look at a very important area of pattern recognition called non-destructive testing, where you're looking, you don't want to actually open up a bridge or you don't want to open up an aircraft wing.
You're sending signals in and you're classifying them.
My other degrees from the MIT Media Lab in scientific visualization, my master's, where I also use these same techniques to do some of the earliest complex visualizations for classification.
And my bachelor's is in electrical engineering computer science, also from MIT, where I built for that one of the first cardio cardiology systems for doing pattern analysis, cardiology signals.
But beyond that, my focus for 40 plus years has been in this field of pattern recognition and classification in biology, medicine, engineering, aeronautics, civil, electrical, banking, and finance, military, across a range of areas, handwriting recognition on bank checks, email analysis.
In fact, as a graduate student, I won, I was the only graduate student asked to participate.
I won the White House competition for automatically categorizing the White House's email.
This is 1993 when email was becoming a consumer application prior to when it was a business application of the email that I created back in 1978.
1993 is when email actually became a consumer application.
The Clinton White House was getting tons of email.
They wanted to automatically analyze it.
I ended up winning that, left MIT, took a 10-year hiatus and built EchoMail pattern analysis recognition emails.
Did a lot of work for many years as an undergraduate helping deafblind analysis of signature pattern analysis there.
Currently, I work in a company called Cytosol, where we're looking at analysis of signals, biomarker signals, to figure out the right combinations of medicines.
That company actually got a multi-combination therapy allowed by the FDA for pancreatic cancer.
I've written a number of patents, books.
Anyone wants to go to go to vashiva.com and you can look at my biography over there.
I've published in the leading journals in the world.
Nature, neuroscience is one of the eminent journals in the world, Cell Biophysical Journal, IEEE.
These are high-impact peer-reviewed journals.
The U.S. Copyright Office delivered me the first copyright for the invention of email.
I'm a Fulbright scholar, a Lemelson MIT finalist.
I won one of the earliest Westinghouse Science Honors Award.
I was a nominee for the National Medal of Technology and Innovation.
And I've been invited to give distinguished lectures at the National Science Foundation, NIH, FDA.
In fact, in November 19, I delivered the prestige lecture on the immune system, an invited lecture at the NSF where we discussed the immune system.
Published In Leading Journals 00:02:26
And several years ago, MIT had me deliver their presidential fellows lecture.
Thank you for sharing that.
You've raised a lot of very important questions for us to get answers to.
Thank you, Dr. Shiva.
Your report was extremely insightful.
And considering the fact that we only got the envelopes just a few short weeks ago, we appreciate you dropping everything, all of your other responsibilities, and jumped on this right away so that this could be accomplished by today's hearing date.
So we appreciate that very, very much.
I also want to thank Doug Applegate and Phil Evans, too, and my colleagues at EchoMail and the Echomail team, and particularly all the stakeholders.
And again, I want to thank the courage of the leadership of the Arizona State Senate.
This will go down in history as one of the most important engineering events, not just an election event.
It will go down as a very important engineering event for engineering systems of election voting systems.
So I really appreciate the opportunity, and I'm very honored to support this effort.
Thank you.
Thank you, Dr. Shiva.
And for everyone in TV land or whatever, these reports all will be made available in their entirety.
They'll be uploaded on the website as soon as we can get them uploaded so you can see all of these.
Personal information will be redacted.
And the personal, yeah, just make sure that the redaction that you saw was any personal information.
We tried very hard to make sure we complied with the court order and make sure anybody's names, addresses that were on there was not available to the public.
However, the unredacted version will go to the Attorney General's office so he can seek further investigation on these anomalies.
Thank you, Dr. Shiva.
Thank you very much.
All right.
Thank you so much.
And just also a note, it was interesting.
We had received a lot of Emails, affidavits, you name it, from people that actually worked at MTech and at the polls, and that they had told us that when it all started, what is it, 27 or 29 points of signature variegation, 27, thank you, that that's what you're supposed to do: 27 points of signature verification.
And at some point, it went to 20, it went to 10.
And towards the last few weeks, we were told that they were told, just stop checking signatures.
Security Layers And Tallying 00:10:14
We've got to get this done.
So what he's showing us here does, in some sense, correlate with the things that people had told us.
So, for what it's worth.
Okay, let's go to Doug Logan, Cyber Ninjas.
You were going to give us your report.
And would you please give us just a tad of your background?
Sure.
So I'm Doug Logan.
I'm the CEO of Cyber Ninjas.
I have done cybersecurity work for a lot of major organizations, including Bank of America and JP Mark and Chase.
I've done a decent amount of work in the federal government as well.
I hold Certified Information Systems Security Professionals, or CISSP.
I also have GX Web Application Penetration Tester and GX Certified Incident Handler.
I am listed as I am actually an expert on the Antrim election case associate and have a report that's actually published associated with that.
It's publicly available from Matt DiPerno's website.
And I have, of course, been running this audit for the last roughly five months.
Mr. Loon, could you pull the mic or could you get a little bit closer to the mic, please?
Is that better?
Okay, awesome.
It's not clicking.
There we go.
So I just want to start with an overview of what we actually accomplished here because this is an audit like we've never had before.
And involved, as you mentioned earlier, Madam President, involved over 1,500 people.
And based on our calculations, it was actually more than 100,000 hours put in place.
As you can see up on the photo right now, this is an example.
This actually happened in the evening, one of the days.
So this isn't even a full group of everybody.
We're going to go through each role that was out there, what functions they were performing.
But you'll notice that everyone is located based on colors.
That helped us keep track of where people were and make sure no one was out of place and helped us make sure that we both secured and maintained custody of all the ballots at all times.
Custody of all the ballots at all times.
Over 1,500 people and like 100,000 hours.
Now, security was something that was extremely important with everything that we did here.
We had multiple layers of security.
We actually had an external perimeter that was maintained by the Arizona Rangers.
So as you came in, they would validate that you're on a list of individuals in order to be able to get in.
We also had an interior checks so that as you walked through the door, you came up to a desk where you were both checked for COVID and validated to be on the list, made sure you had a badge and all those things to make sure that you were someone that was supposed to be there to even be in the building.
All the ballots and election equipment were stored beside within these cages.
And anytime they ever left the cage, they were actually signed out by an individual.
So we have a complete signed record of every individual that came and picked up every box.
So someone took over custody of that box.
We actually had individuals called runners and they would run it from the ballot corral and they'd take it over to whatever table they need to go to.
And that individual would then sign the box over to the table manager at the table that would then utilize it to process it.
So at no time was a box of ballots or individual ballots outside of the care of someone's specific authorized care who has to sign off of it.
In fact, we actually had 24-7 video surveillance on everything at all times.
In addition, you'll see this lovely police officer.
They were actually there 24-7 as well, and they were always within sight of the ballot corrals or where we had the election equipment stored.
We had police officers at both locations, always maintaining and always making sure that the ballots and the equipment was 100% secure and that nothing could happen to them.
So this is one of our tallying tables.
What you can see in the middle is actually a lazy Susan.
You'll notice that there's three counters around the table.
There's someone who's actually at this table they're loading and someone who's unloading.
So all counters were Maricopa residents who specifically voted in the last election.
We wanted to make sure that if anyone was involved in this very important action, that they had skin in the game and they were local.
We didn't use anyone out of state for any functions having to do with the actual tallying of the ballots.
I should say actually tallying the ballots.
Some of the table managers were from out of state, but the people actually counting the ballots were all Maricopa residents.
There were other functions where we had volunteers from other states.
As much as possible, we tried to keep everybody local in Maricopa County.
We think it's very important for a local community to take ownership for their election process, and we wanted to facilitate that as much as possible.
All these individuals were background checked and validated.
We had one individual that had slipped through the process because he'd been on the ballot versus specifically that doesn't have something that shows up in standard background checks.
So we started doing additional checks, comparing everything on things to make sure that never happened again.
It was very important to us to make sure that we always had things that were going to make sure that were beyond reproach.
Transparency in everything we did was very, very important.
Now, all three counters were blind.
That means they were not allowed to talk to each other.
As that ballot went around and was in front of them, they would tally on a sheet of paper and they put a little mark based on whether for both the presidential and the senate race.
They'd put a mark to see whatever it was.
Roughly every 50 ballots, they would compare the numbers with each other.
Actually, the table manager took him to compare them.
And if two out of three of them agreed and the third person was no more than one count off for the race, they would proceed and they would move on.
If there was any more discrepancies beyond that, they actually had to stop.
They had to find the ballots in question.
That they're in question, they had to recount them.
So there was absolutely no way to have speed here without having accuracy.
And we found that when we had a brand new table, it was relatively slow.
But as soon as they'd been doing it for about two shifts or so, their speed greatly increased.
And it was amazing at how quickly they could count ballots.
In the very beginning of the process, in our first three weeks, our fastest, I think our most ballots we ever counted was roughly 30,000.
When we came back and had more of a full shop, I think at our peak we did over 150,000 ballots in a day and were routinely doing over 100,000.
So the speed, like I said, greatly increased, especially as we worked through this.
So the way the ballots would actually work is we had a ballot corral where the ballots were originally in.
They would be signed out of that ballot corral and they'd be taken to a tally table.
After they were tallied, they'd go back to a ballot corral, which was specific to being in progress.
And then when we had our paper examination tables, they were ready for a box of ballots.
That's where it came.
It came out of the in-progress.
So at the paper examination tables, we had DSLR cameras.
Those DSLR cameras took pictures on the front and the back of these ballots, and they gave us very high-definition images that allowed us to see all sorts of intricacies of the paper and what's going on.
After it was done with DSLR, actually excuse me, sir.
I'm sorry, the clicker's not working.
There we go.
Let's go back there really quick.
So once it went into the microscope stands, we had four microscopes that were taking images of the magnified image, and that was over a number of different places.
That included the presidential oval to take a look at how that was filled out.
And with the way we had the lights, we could actually see when it was filled out with a ballpoint pen, you could actually see the ridges of the person pressing down on it.
So you could tell the difference between something that was filled out with a Sharpie, you could tell something that was printed out by a pen, or you could tell actually if something was computer printed.
You could tell the difference between all of them.
We also had a microscope over certain parts of the ballot that would allow us to look at the paper fibers to help determine what type of paper was utilized.
Now, when we were done with this, we actually had over 140 terabytes of data just from the paper examination alone.
So we had massive amounts of data.
In fact, with our camera footage and everything that ran the operation, we ended up with close to two petabytes of data.
To give you a comparison, that is vastly more data that your average large thousand-person company has.
So we are running a very impressive network here that was completely air gapped, wasn't connected to anything outside of the floor in order to support this, in order to have all the data requirements associated with it.
It was a very complicated operation.
So just I want to give a high-level status of where we are right now.
So first of all, we've completed the hand counted of all federal races.
We've done all the image and microscope capture of all the ballots.
We've reviewed and did a comparison of the official results.
We've done analysis of the voter rolls.
We've done the vast majority of the analysis of the actual voting machines and voting equipment in progress right now.
We are hopeful to soon with the settlement that the Senate put together to be reviewing the splint logs and routers based on the settlement terms.
We're also hoping that the completion of the paper analysis that's being done will be done very shortly.
Now from a scope standpoint, stopped again.
Commingled Original And Duplicate Ballots 00:15:49
So no longer in scope was the canvassing that was decided that was removed.
We have the tabula configuration to check internet configuration was something that was not provided.
We believe with the other information we have we'll be able to get similar data, but it will not be the same exact data.
We had requested to review the voter roll system, but a lot of the systems are used for checking in for the site book system were not provided as part of the equipment that was given us.
We had hoped to look at the review of the ICX devices, but again, those had not been provided.
We had wanted to look at the provisional ballots, the ones that had not been counted, to count the sealed envelopes to make sure they matched up with everything and made sense.
And those, again, were not provided.
And we'd also hoped to take a look at the undeliverable ballots to see how many of them were bounced back or what happened to them.
And again, those were not things that were provided.
And so there were things that are no longer in scope and we're not able to take a look at.
Okay, so now we'll get into the fun part and get more into the actual talliates and results.
In order to understand some of these findings, I want to make sure that everyone has a clear picture as to how this process works.
So, if we have ballots that are actually damaged or otherwise can't be run through the tabulators, for example, the Braille ballots won't fit through the tabulators, some of the Yukava ones are in formats that can't.
They need to go through what's called a duplication process.
Now, this is a different thing than what Dr. Shiva was talking about when he talked about duplicates.
When he talked about duplicates, he was talking about more than one envelope going to the same person.
So, we're going to talk about the word duplicates here, but we're actually talking about when there was an original ballot that couldn't be run through the scanner and they created a copy of it, which was run through the scanner and counted.
So, when you have duplicates, when you have the originals and you have the duplicates, only one of those counted, and it should only be the duplicates.
Now, specifically, the originals are often referred to as damage sent to duplication or DSD.
And we're going to use that notation throughout things: that DSD means the original ballots, whereas the actual duplicates are referred to as dupes.
So, there should be one DSD per dupe, and there should be a unique serial number on every single DSD in every single dupe to match them up.
So, that you will know for sure that this ballot right here was duplicated to this other ballot.
And if you want to compare and make sure the duplication process was done correctly and that it actually represented the voter intent, you'd be able to easily match them up, and it'd be easier to handle from an audit standpoint.
Duplicate ballots also should be stored separately from the original ballots so there's not confusion, they don't get mixed up.
So, let's talk a little bit about those findings.
So, our duplicate ballots were commingled with the original ballots, not all of them.
They were in at least one box case, which is something that they are not supposed to do according to the EPM.
Duplicate ballots had incorrect and missing serial numbers.
If you take a look at this table that's showing up, you'll notice that the serial number on the left is what was actually on the ballot, for the duplicate ballot, and the serial number, the board one, hand dupe on the right is what was actually on the original damage.
You'll notice the numbers are actually different.
On the left-hand side, this is dupe board three, hand zero, two, one, fourteen.
On the right, it has board one, hand dupe 214.
We were able to match these up because of the ballot characteristics and the precinct that it came from, but it's a very painful process, and it has to be done manually in order to figure out what matches to what else when they're not actually stamped with the same exact serial number on them.
We also had a number of serial numbers that were printed like this one that you see on the screen, where you can't really read it, it's not legible, so it theoretically has a serial number on it, but there's no way to match it up because you cannot read what the value is on it.
In addition to having ballots that flat out did not have a serial number anywhere on there whatsoever, so there was no way to match them up with originals.
Now, we also had duplicate ballots that reuse serial numbers.
You would expect that a serial number in order to match it up would not be unique, but you'll notice there's two examples up here of two different pairs that are not associated with each other, but had the same exact serial number utilized.
In this case, I believe we've got a large print and a damaged standard damage ballot.
We also have a few others in here again.
Same exact serial number, but these were not the same ballots.
And specifically, if you ever take a look at a large print ballot, they're huge.
They're very, very large.
So, it's not just that something was photocopied or anything like that.
They literally use the same serial number on otherwise unrelated ballots.
And this is probably one of the more interesting parts: is that we had more duplicates than original ballots.
So according to our counts from our audit, we had 26,965 original ballots, and then we had 29,557 that were duplicate ballots, and those numbers should be the same.
Based on the numbers received from Maricopa County, we should have had 27,869 of both originals and duplicates, and they should have matched up perfectly.
Now, these extra duplicates did appear to favor Trump and Jorgensen.
If you take a look at the original ballots, we've got Trump has 995, 404.
And if you take a look at the duplicates, there's some number of more of them.
So if you take a look at the percentage all the way over to the right, the expected percentage per candidate, and that's based on if we take the originals and assume the duplicates should be at the same exact percentage.
So we had 48% of the originals were Trump, 50% of the originals were Biden, and 2% of the originals were Jorgensen.
You can see what they actually have at the difference.
In reality, Trump had 58% of the duplicates, 33% and 3.
So both Trump and Jorgensen gained slightly with the duplicate process.
Same thing, when we take a look at the Senate race, it favors slightly to McSally, not necessarily as much as it does in the other case.
Both of these percentages are within the realm of error, of just human error making mistakes.
So if we take a look at our final tally of results and we look at the Senate race, it does look like Kelly still shows up as a head.
And we actually run into that we have 541 less for McSally and 60 less for Kelly in the ballot totals.
If we take a look at the presidential race, Trump actually loses 261 votes from the official votes.
Biden gains 99 and Jorgensen loses 204 votes.
And again, these are all very small numbers when we're talking about 2.1 million ballots.
These are very small discrepancies.
So we can say that the ballots that were provided to us to count in the Coliseum very accurately correlate with the official Canvas numbers that came through.
So we did have at least a batch of 50 ballots that was run through the tabulators twice.
This is specifically when they took the Dominion tabulators.
They had the same batch and it was run through more than one time.
We found this because through our various counts, we had very clear confirmations of how many ballots were supposed to be in a box.
And when we compared our results against the cast vote records, we were roughly 50 off and that made us go take a look at the Dominion images.
And when we compared it to nearby ballots, we actually found that there was a set of 50 ballots that had been run through, again, twice.
As far as we could tell, with it only happened in once, there's no indication as to whether that, you know, we have no clear indication whether it was human error or whether it was intentional.
We assume that's human error because it happened in very small frequency.
This is an example of a ballot from two different batches.
It's probably relatively small text for people to read, but if you read all the way down in the bottom, it'll tell you that it's tabulator on the left-hand picture tabulator 6,004, BTC, which is the batch 288, and that's the image 154.
And then the right-hand side, we have, again, same tabulator, but batch number 287, which is one different, and it's image number five.
And we had roughly 50 of them that were in between the two of these.
We found something similar from the Yukava where the Yukava, for those of you who don't know Yu Akava ballots are for military and overseas personnel, it's the way that they can actually cast votes even though they're not physically here.
Those ballots get turned in either via an online portal, they can be submitted via email, they can be mailed in.
I think they can fax them in.
There's a whole bunch of different ways these can come in.
As a result, they're in a lot of different formats and there's a lot of variance among them.
But on the left-hand picture, you can actually see that it's board number two.
HandDupe 573 is what approved it.
On the right-hand side, it's HandDupe 574.
And it's probably too small for you to read.
But if you read the serial number circled on the top left, you'll notice that the time stamp and the serial numbers are exactly the same, which means that someone likely printed out the Yuakava ballot twice and both of them made it into the Saints.
We did not find this in a lot of quantities, but the only way we had to look at it was by hand.
And there's over 10,000 Yuakava ballots.
Because every single one of these Yukava ballots is slightly different form, it's actually even difficult to do it in an automated fashion.
The only good way would be to go through by hand without some sophisticated processing.
Okay, so we're going to talk a little bit about the official results that are actually turned out by the county.
And this actually connects quite a bit with some of the stuff that Dr. Shaba was talking about.
So from a definition standpoint, we have the official canvas.
The official canvas is the official certified results that are put out by the county.
It has the tallies of votes per candidate, per precinct, and provisional.
It tells what the turnout was for a given precinct and all of that information.
We also have what's called here in Maricopa County, they call it the VM55 file or the final voted file.
It is a list of every single person that showed up to vote.
And that's counted both for in-person, whether it's early voting in person or whether it's mail-in, and all of those are kept track of separately.
So we have a number of all those different categories of who showed up to vote on any given day.
We then have the VM34 full voter file.
This is also referred to as your voter rolls.
This is a list of everybody who should be eligible to vote.
And the county in Maricopa seems to make these available roughly on a monthly basis so that the full voter rolls.
So that is your theoretical full list of everyone that may be able to, you know, may show up to vote at a given election.
Then we have our EV32 files or EV32 early voting sense.
Every single time a mail-in ballot is sent, it's supposed to have an entry in an EV32 file that corresponds with that mail-in ballot that's sent out.
Likewise, we have an EV33 file, which is when any type of early vote is returned.
Now, this both includes when a mail-in ballot is received and an in-person when someone comes and votes in person.
EV33 includes both of those.
You may remember at the hearing that we had a while ago, we had mentioned that the EV32s do not match the EV33s.
We were doing a quick analysis in order to justify canvassing, and there were 74,000 that were off.
The vast majority of those 74,000 were from early voting in person, and that is why there was not an EV32 associated with it.
We have this clarified in a report as well.
That was not a purposeful discrepancy.
It was just something that was not immediately clear at that point.
So just to give an example and how these systems work in order to match everything up.
So if we have 10 people who mailed in a ballot, and we had 10 people who voted early in person, and we had 10 people voted on election day in person, we have 30 votes that are out there.
So what this means is we should have the official canvas with 30 votes and it should be allocated per precinct accordingly.
It should be allocated.
It should be allocated based on the candidates and you should have your official tallies associated with it.
You would also expect that if you went to your VM55 file, you should see 10 people who voted via mail-in because it has different codes based on that.
You should have 10 people who vote in early in person and 10 people who vote in election day.
And every single one of those entries should have the name and address associated with the person that matches up with their voter rolls.
Likewise, you would expect that your EV32 would only have 10 ballots mailed in it because that was what was sent out.
And your EV33 should have 10 people in it from the mail-in ballots and 10 people from the actual EV in person for a total of 20.
This is what you would expect in a balanced system.
This is not actually what we found when we started comparing all these numbers.
All these numbers were different in very different ways and it's something that creates quite a few discrepancies.
So none of these systems actually balanced.
We're going to go through these.
So our official canvas has 3,432 more ballots cast than the list of people who show as having cast a vote in the VM55 file.
Now I do want to specifically interject in here that we finally heard back from Maricopa County because we asked them about this discrepancy.
I think it was at least a week ago, but it was a couple weeks ago.
So the day before we were presented our results, they decided to tell us that those were actually for the protected voters who don't actually, you know, who are either judges or battered women or other individuals who are concerned about publishing their addresses, that that is the reason why that discrepancy is in there.
I can't validate whether that's accurate or not accurate.
This is information that we just received.
What I can say is that this sort of stuff is exactly why with audits, usually the organization you're in the process of auditing cooperates and works with you.
And that would have been, you know, these would have been extremely helpful in order to get feedback and work through them through this entire process.
Now we do have 9,041 mail-in voters shown return ballots, more return ballots in EV33 than they were sent in EV32.
Sounds like Dr. Shiva found something very similar to this as well.
So specifically we found they were mailed one ballot, but somehow two ballots were received, which I do not know how you would have one ballot sent and two received.
The assumption would have to be that it's a clerical error or there's something else going on.
It's not clear how you can have that happen.
277 printings show an official canvas as having more ballots cast than people showed up to vote for a total of 1,551 excess votes.
Again, the county has explained to us that the same reason for the VM55 difference they're saying is a reason there.
We have not had a chance to validate that.
Matching Voter Rolls To Individuals 00:08:54
There are 2,472 ballots shown in EV33 that don't have a correspondent entries in the VM55 and only 2,042 ballots show as rejected in the official canvas for a discrepancy of 430.
So let's walk through this really quickly.
So if something is in the EV33, that means that an early vote was received.
And we have the individual's name and the voter ID associated with it.
So if an EV33 was received, you would expect that if it's not in the VM55 file of who voted, then it had to be a rejected ballot.
Just makes logical sense.
It has to be a rejected ballot.
But there's 2,472 that show in the EV33, but there's only 2,000, sorry, there's only 2,042 ballots that show as rejected.
So there's a discrepancy of 430.
Again, just another place where these show that they don't seem to match up.
We also have 397 mail-in ballots show as received that were never shown as sent.
So we know that they are in the VM55, they're mail-in ballots, and they were received without somehow ever being sent a ballot.
Now we also have 255,326 early votes shown in the VM55 that do not have a corresponding entry in the EV33.
And just to be clear, this is not You know, when you were looking at EV33 entries, EV33 entries are supposed to happen when a ballot is received, but it's not, you know, the actual tracking of the ballots are under the actual official canvas or the VM55.
So we had in the VM55 individuals who voted, we had entries for early voting that were in there, where in 255,000 cases of those, they were not actually included in the EV33 file.
In reality, all of these, you know, all these systems, to be audible and to be verifiable, all these systems should be able to be in agreement with each other.
And even if we have protected voters, there should be some way to know the number of protected voters who voted in order to match it all up so that you have a system that balances.
Voters who removed.
So we took a look at the entire list of individuals who voted, and specifically that was from the VM55 final voted file.
And we ran it through a commercial database called put out by Melissa called Personator.
And Personator is a best-in-class identity system that helps check addresses and make sure they're associated with the user.
It'll show prior and current addresses.
It'll track move dates.
And it'll also track date of birth and date of deaths.
So we went and took the voter rolls and we compared them against this to see how many people might have moved and based on statute should not have necessarily cast a vote.
So the first thing we found is that 23,344 voters who voted via mail-in ballots, even though they showed in Melissa as having moved from that address.
And we wanted to make sure we accounted for the circumstances where a college student might have moved away from home or a family member might have moved somewhere else.
So we actually eliminated all the chances, all the cases where someone was still at that residence that had the same last name.
And that's how we came up with 23,344.
So if your mail-in ballot is sent to an address that you no longer live at, there should be no way for you to receive that mail-in ballot.
At least it's generally not accepted a way for you to receive that mail ballot because mail-in ballots are legally not allowed to be forwarded.
So it can't be forwarded to your new address.
So the only way this situation could happen legally is if you know the prior, if you know the current resident and you're able to meet with them and pick up your mail-in ballot or somehow have some other arrangement to pick up your ballots were there.
But still, 23,344 people voted when they should no longer have access, would not normally have access at that given address.
We had 2,382 voters who voted in person, even though they showed Melissa as having moved out of Maricopa County prior to that date.
We have 2,081 voters who moved out of state in the 29 days before the election and appeared to be given a full ballot, which should have been, if anything, if they voted at all, it should have been a president-only ballot, where literally the only option on the ballot would have been president.
That is something that is by Arizona statute.
Let's talk a little bit about the voter rolls.
So registration dates do not generally change in your voter rolls.
So this is your day of registration unless it's to correct a mistake.
And this is something that we received out of the actual recorder's office.
They told us that those dates should not generally be changing.
Your date of registration should be your data registration.
And it says there at the end, the only time a voter may have two dates of registration is if the registration has previously been canceled and the voter registers again.
The original record would be canceled for vital reasons, and then they'll have a new record with a new date of registration.
So the old record should not exist and it should not have a data registration change.
Likewise, we have this thing called AFSEQ.
And AFSEQ is actually a unique identifier that is a reference to a transaction.
So for example, if you went and you needed to change your address, you would fill out a form.
And when you filled out that form, you would turn it into the recorder's office and they would image that and they would process it.
And when they processed it, they would assign it a unique identifier.
That unique identifier actually gets stored in your voter rolls as the latest one, and it is specific to that change that change request.
So those should be unique.
You should not even have it twice in your voter rolls.
It should only happen once, and it should not be shared among multiple individuals.
And this is something again we confirmed with the recorder's office.
Now, we also have a statute that says complete names should be used, and that'll get into our findings that we have here in a second.
So we had as many as 5,047 individuals who voted in more than one county for up to 5,295 additional votes if these are duplicates.
Now, I will tell you that these individuals had the same name, first, middle, and last name, and the same exact birth year, because that's what's in the voter rolls.
But if you have an extremely common last name, which can happen, there's some of these may, in fact, just be individuals with the same exact name, same exact birth year.
We have no way to validate that 100%.
We had 393 voters with incomplete names that voted in the election.
This included individuals with last name only.
Last name is just an initial.
There's no last name, or first name is just an initial.
And again, there are some individuals who, in some cases, this could happen, but this is not a frequent thing that you typically see.
We also had 198 individuals who registered after the October 15th cutoff and yet still voted in the election.
And we had 2,861 voters who have shared an AFSIQ number with another voter at some point in time.
And that does not, we don't know exactly what that means, but based on the descriptions of everything that's happened in the system, it suggests there may be some integrity issues with the data.
When an impossible situation is happening in a system, and if you've got integrity systems in something as important as the voter rolls, there would be a concern.
We have 282 potentially deceased voters in this election.
I know that there's been some much wider numbers that have been circulated on the internet.
We tried to validate this stuff very, very precisely.
It can be a difficult thing to match up voter rolls to individuals.
From our testing, we believe that all the ones we have in here are accurate, but there are potentially additional ones as well.
We have 186 people who potentially have duplicate voter IDs that both voted.
I think that Dr. Shiva was mentioning that we haven't had individuals with the same first name, last name, and the same address and seem to have the same signature.
That is something that we have also seen in the voter rolls with people who seem to have literally the same exact name.
We have 186 people.
That's the case where they actually, the first name and last name, and the address, you know, all match up and year of birth.
Because the assumption would be you might have a junior in a different place, and so they'd have a different day of birth associated with it, but not the same address.
Withheld Devices And Executable Files 00:12:25
And that is the end of the presentation for right now.
With that, I'm going to hand it off to Ben Cotton, who's going to go over our digital findings.
Thank you, Mr. Cotton.
When you start, could you just give us a little bit of your background?
I have 25 plus years of doing digital forensics, incident response, and examinations in support of both government, government, and as part of my service.
Prior to my digital forensics background for the last 25 years, I also served 21 years as a tab-qualified special forces soldier serving this country and defending our freedoms.
I recognize how critically important the voter integrity is to this nation.
And this, again, Madam President, I agree with you.
This is not a left issue.
This is not a right issue.
This is an American issue.
And as I talk about this, you know, I would hope that the findings of this audit will be turned into actionable, legislative, meaningful product that we can move forward and secure these elections moving forward.
So, as I talk today, people may have heard some of my previous testimony.
We had a few of these will be redundant, but it's important to reiterate these findings in the course of this.
We had a few of these will be redundant, but it's important to reiterate these findings in the course of this final hearing.
So, we'll talk about the withheld devices and data and how that impacted our ability to provide a complete report to the Senate here today.
We'll talk about the cybersecurity issues that we have found, the hardware configuration control issues, atypical anonymous logins that are present on the systems, the listening ports and attempted connections on boot up, and internet connections and internet history that was found on these devices as part of the part of the course.
Next slide, please.
So, let's talk about the withheld devices for a moment here.
As with any audit, access to information and the right information in a timely manner is absolutely critical to finding a complete result for an investigation.
In the case of this audit, we were never provided access to the routers and network-related data, and that becomes very impactful when we start talking about validating and confirming unauthorized accesses to the election management system itself and to the other devices.
I would like to sit here today and tell you that I had fully ruled out any unauthorized access, but given the lack of access to this information, I cannot do that at this time.
It is our understanding that there has been an agreement reached with Maricopa County, and I look forward to getting access to this data so that we can complete these findings.
We were not provided the poll worker laptops.
Now these are the laptops that poll workers use at each precinct to validate the voters and to interact with election related functions at that particular precinct.
We were not provided any of the ICX devices.
So the ICX devices are used for handicapped and other graphically required interfaces with the voting systems.
We know that the county had a number of these based on the historical video from the MTech, but we were not provided any of those.
We were not provided with the ICP credentials to validate the configuration settings or the administrative settings on the actual scanners, the ICPs.
This was critical and a significant shortfinding in that I cannot sit here today and tell you whether or not the wireless modems were enabled and connected to the internet at the time of the vote.
And I cannot sit here and tell you today what the status was of the LAN connections that we know were inherent to those devices as part of the purchase from or the lease from Dominion.
Okay, let's go a little deeper into the cybersecurity issues as we found them.
Actually, you've skipped a slide.
Or no, I'm sorry.
So let's talk about the go back one slide, please.
Let's talk about the cybersecurity issues.
Now, the Department of Homeland Security has a division called CESA.
And CESA has a recommendation that's published on the internet for how to configure and manage election systems that is freely available and it's recognized as kind of the gold standard for securing an election system.
I will tell you that every item up here is part of that recommendation from CESA.
I will tell you that in Maricopa County, they failed to perform basic operating system patch management functions.
Now let me explain that for a bit.
So if you have a home computer, you realize that every Thursday or Wednesday, depending on your cycle, Microsoft will release a security patch to correct vulnerabilities that have been discovered since they released the operating system and it was installed on your computer.
The last time that the operating system was patched on the Maricopa County election systems was the date that they installed the Dominion software, which was the 6th of August of 2019.
So at the time of election, it had been over a year since that system had been patched.
We found that that was also the same case with the antivirus definitions.
So we know as part of this world that we live in, that people are coming up with new ways to hack a system, to exploit vulnerabilities and get unauthorized access to the systems.
And they're doing this continually.
All major security vendors update their antivirus at least on a weekly basis to make sure that we can protect our systems from these newly originated vulnerabilities and exploits.
The last time that the antivirus had been updated on the Maricopa County systems was the 6th of August 2019.
Now, Maricopa County did release a statement saying that if they had patched the operating system or if they had updated the antivirus, that would have invalidated the EAC certification for the voting system itself.
Obviously, there are a couple of issues with this position.
And the first one is that we are relying on a certification system that would impose obsolescence instead of security in the very act of trying to secure a voting system.
That is nonsensical and it should never occur.
So, if that is in fact the case, we need to take a very close look at what we're relying on to validate and certify these election systems and software to ensure that we're not certifying guaranteed obsolescence of the system.
Now, let's assume for a moment that what Maricopa County said was true, that they could not update those systems because of this certification issue.
There are a couple of problems with that, as borne out by the artifacts on the actual EMS server itself.
So, if that is true, then that would mean that no new executable files, no new dynamic link libraries could be created or modified on that system after the date of the software installation, which once again was 6 August 2019.
What we found is that there are four executable files that were created after this date of Dominion install.
There were 45 executable files that were modified after this date of install.
There were 377 dynamic link library files which were created after the Dominion software install.
And there were 1,053 DLL files that were modified after this date.
So, if we assume that what the county represented is true, then in fact, that voting system would not have been certified at the time of the election.
Let's talk a little bit about log management here.
So, there is a federal statute that requires the preservation of election-related materials for 22 months after the date of the election.
That applies not only to paper, but that also applies to digital artifacts.
Maricopa County failed to preserve the operating system security logs to cover the dates of the election.
They provided security logs early in the audit process, but they did not provide the Windows security lock itself.
When we examined the EMS server, we found that the dates covered by the security log only went back as far as the 5th of February 2021.
Now there's a couple reasons for that and we'll go into those later, but the bottom line is that they failed to preserve those logs, or at least those logs were not turned over to the auditors.
And so I'm assuming, since they were part of the subpoena, that those should have been provided had they been present.
Next item there is credential management.
This is probably the most offensive item on this list to me because it carries such a huge impact on the securability of a system.
What we found is that for the election management system, the adjudication systems, the ICCs, and all of the voting-related systems, they all shared a common password for both user accounts and for administrative accounts.
Deleted Items On Hard Drives 00:13:18
And just to be crystal clear, it was the same password for all those accounts.
So to complicate matters as well, those accounts had not been changed since the installation of the software.
So they were established on the 6th of August 2019 and never changed.
There furthermore was not an individual accountability of the users who access specific accounts so that you could tie a username, an action, and an individual when you discovered something that was an anomaly.
We did not see any software or any effort to establish and monitor a host baseline of programs and processes.
Furthermore, we did not see any log aggregation or methodology by which to establish and monitor the network communications for this system.
There simply was none of that software present on any of these devices.
Next slide, please.
We also saw and detected that there was a failure in hardware configuration within the voting system.
Now what you're seeing right here is the system, the acquisition photos for the system that was identified as the adjudication 2 workstation.
Now you will see in that picture that there are two hard drives that came out of that system.
It's not uncommon to have two hard drives in a system for data storage, et cetera, et cetera.
However, both of those hard drives are bootable.
So what that means is that you can boot from a hard drive that is not part of the election configuration and have access to the election network.
Very important.
It's clearly not an approved configuration.
It was the only system that we found a dual boot situation.
Now to further complicate matters a little bit, and I'm not going to make judgment as to the legality of this or whether or not this deserves further action, is that on that second bootable hard drive, there appeared to be non-Maricopa County data.
So let me define that a little bit.
With on that hard drive, there were Dominion databases that appeared to be one demonstration data, but also data that may have originated from Washington state and South Carolina.
And I derived that not from an in-depth investigation of the data that was outside my scope, but from the naming conventions of the databases themselves.
Okay, so once again, validating and approving the configuration of these systems is critically important to preserving the integrity of that election system.
I would also note that neither of the two audit Next slide.
One of the challenges that we had was actually the accountability of deleted items.
We'd talked about deleted items before, but let's be crystal clear about this.
From the EMS, which is the election management system server, on the C drive, there were 865 directories and 85,673 election-related files deleted between 1028 and 1105.
And they also included some log files.
So So what is difficult to determine is that I know they were deleted.
What I don't have is any accountability or any ability to track from an evidence management perspective how those deleted files were treated and what happened to them if they were archived or not.
There are a.dvd file, and those are actually the results of the election totals off of each tabulating device.
And those were part of the deleted files that were removed from the EMS.
So the EMS actually had two hard drives.
Well, they had six hard drives configured into two logical drives.
So the second logical drive was called.
So the second logical drive was called the D drive, and that contained all of the election database both historically and should have contained the information for this 2020 general election as well.
You'll note that there were 9,571 directories and 1,064,746 election-related files deleted between the 1st of November 2019.
On the HyPro 1, there were 304 directories containing 59,387 files of election data that were deleted from the HyPro scanner 1 on 3 March 2021.
Now, this becomes kind of important because part of our analysis was to look at the interaction of these scanners, these systems, and how data flowed.
You'll notice that that's about a month and a half before they turned that over to us.
Next slide.
You see a significant amount of deletion on HyPro 3 on that same date.
1,061 directories, 196,463 files containing election data deleted on that particular date on 3 March as well.
Next slide.
And on HyPro 4, you see the same high volume of deletions on the 3rd of March.
Now, once again, this may be part of a normal process with how they handle votes, but the timing of this becomes a bit suspect, as well as the fact that we didn't see these deletions on HyPro number two.
And once again, I don't have a chain of custody for what happened to these votes after they were deleted.
It may be a plausible explanation.
I simply don't know at this point.
Okay, next slide.
Let's talk about the failure to preserve the operating system logs.
As I explained earlier, the earliest timeframe that was covered by the EMS logs, security logs, was 5 February 2021.
That clearly does not cover the election time period.
Now, there's a very good reason why it didn't.
And if you go down to that last bullet there, you'll see there were three discussions.
Last bullet there.
You'll see there were three discussions.
There's a user-defined setting that you can define how much quantity of logs are retained before they get overwritten.
In this particular case, the EMS security log setting was set to 20 megabytes of data.
So the Windows operating system will preserve all the security logged entries up until the point at which it reaches 20 megabytes of data.
At that point, it starts following a first-in, last out approach to log retention.
So as you create a new entry, an older entry is deleted and overwritten inside of that log file.
Now, first and foremost, we need to remember that we do have that 22-minute month federal mandate.
So it's clear that at least what existed on the EMS when we received it as part of this audit, we did not have the time period covered by that federal mandate as it was supposed to be covered.
That security log was not turned over as part of any other documents that we have by Maricopa County.
So I'm going to assume at this point that it's not available for us to look at or else they would have turned that over to us.
Now, if you look at that last bullet, that first in, first out approach all of a sudden becomes readily apparent as to what happened on these distinct dates.
So, on each of these dates, an individual executed a script, and that script repeatedly looked for a blank password for all of the accounts on the system.
Depending on the system, there were only about 16 accounts that were present on a given system.
Okay, so this script was run multiple times on 211.
462 log entries were overwritten by this script.
On the 3rd of March, 37,686 log entries were overwritten by this same script.
On the 12th, which is the day before we received the system, there were 330 log entries overwritten by that script.
Now, the challenge here is that I know that this occurred.
I know which account did it.
It was the EMS admin account.
If you reflect back to what I just said about the lack of accountability of assigning that username to an individual, it now becomes extremely difficult to prove who did it.
Now, luckily, we happen to have some historical data from the MTAC video feeds.
And so, we leverage that data to backtrack and align these times.
And we have captured screenshots of Maricopa County people at the keyboards during those time periods.
Now, we've identified those individuals, but we will not release their names because we understand what the scrutiny is and what the impacts would be to those individuals.
But I just want to tell you that the very point that they did not have EMS.
Now, remember the lack of log retention at this point.
Anonymous Login Activity Logs 00:03:49
We could not find any logged entry that corresponded to this activity from the security logs.
Those Windows security logs only went back to the fifth, but everything was purged on the context of the election to be audited.
But that clearly was not the case in this instance.
So, just to clarify, so this is a log file specifically from report tally and sorry, results tallying and reporting, which is the Dominion software.
That entry says that someone went into the program and clicked on something that said, I want to purge all the results for this election.
That goes through and that deletes all of the rest.
We have redacted specific elements to include the host name and the IP address and some of those types of things.
But the fact of the matter is that those items are recorded as part of that normal anonymous log activity.
You will have the host name that logged into it.
You will have the IP address that originated the request.
In most cases, you'll have the username as anonymous.
But that username is then validated against the access control lists and the user authentication mechanisms and validated.
So the very next log entry in a normal anonymous activity is a validation of that user's credentials to access that particular device or process or whatever they were accessing.
What you see on the left is something that we discovered in the logs, which is what I call a typical anonymous login.
You will notice that none of those items that are captured by normal activity are present in this log.
You don't have an IP address of the originating device.
You don't have a host name of the originating device.
And furthermore, when I look at these in context of the actual security log itself, there is no validation of a user's credentials immediately following this.
There are hundreds of these types of anonymous logins in the security logs that we do have.
I cannot tell you at this point if the same type or pattern of activity occurred during the election cycle because these logs don't exist that cover the election.
But I can tell you that without access to that router data and the network data, I cannot validate whether or not these were legitimate accesses.
You'll notice that it is a login type 3, so it was a remote access.
I cannot tell if this is a legitimate access or an unauthorized access at this time.
Next slide, please.
So we also took a look at what happened when the EMS was booted up.
And let me walk through the methodology here to kind of assuage everybody's concerns.
Remote Access And Internet Visits 00:15:48
So when we actually imaged all these processes and these systems, by the way, we imaged 770 devices and we gathered over 114 terabytes of original forensics data.
And we preserved that in a forensics image file that I could then leverage without fear of modifying or changing anything on the original device.
So we took that image file and we turned that into a virtual machine.
I created a enclave that I could boot that virtual machine up into and that I could then monitor the boot processes without connecting to the internet, without exposing any voter data to unauthorized users.
And I actually booted up the EMS to see what happened, what it was listening for, and to identify if there was in fact any zero-day malware in the memory.
What we did discover is that as you would expect, there were a number of ports.
This is a normal part of an operating system.
Ports are used to establish connections and provide functionality to the operating system.
We've discovered 59 of those that were open.
And while most of these things were what I would have expected, there were some unexpected high port activity specific to the Win EXE, which controls your accesses and your logons, and your DNS, which controls your domain name service.
So if you go and you type in yahoo.com, the computer will use the DNS service to actually determine which IP that is so that you can connect.
And then the DHCP server.
All of those are normal, valid Windows processes.
But for example, DNS, the default port on that is port 53.
In the case of the EMS, we not only had the port 53, but we also had DNS monitoring on a high port.
And I won't list that port number here in this open forum.
But that was a little bit unexpected.
I will tell you that on the EMS, you were utilizing both IPv4 and the newer version, IPv6, enabled.
So these services had dual functions with dual listening ports and things of that nature.
There were ports and there were services that were enabled that allowed remote access.
So the RDP protocol, for example, as well as the terminal services were enabled on the EMS.
Next slide.
As part of that memory analysis, we did a complete check of the call outs and the attempts to connect from the EMS out to the internet.
Now, once again, the county has repeatedly said that these were isolated systems, et cetera, et cetera, et cetera.
The EMS attempted to connect to those IPs, most of which are normal.
I would take a look at the level 3 parent, the EdgeCast connections there, and I would probably request from the Maricopa County the documentation for those functions that rely on those connections and to determine whether or not those are certified or not.
We were not provided any of that certification document, but those are the two items up there that I would ask Maricopa County for some further clarification on.
As part of this analysis, I was able to determine that there was no zero-day malware in the memory at boot up of the EMS server.
Next slide.
Let's talk about internet history and connections.
As you will recall, Maricopa County commissioned two independent auditors to come in.
Both of those auditors had a finding that there was no internet connection at the time that they conducted the audit.
When I initially did the analysis, and I was only searching what is called the allocated space, so the allocated space is what you as a user see when you open up Internet Explorer or when you open up File Explorer.
When you see that directory structure, that's allocated space.
When I looked at the internet history of the allocated space, I had the same conclusion as the auditors did.
However, I took this one step further.
I actually carved the unallocated space in the entire file system for internet artifacts.
And when I did that, the history was significantly different than both the representation by the auditors and the representation by Maricopa County that these systems had never connected or were exposed to the internet.
And we found internet activity and multiple visits on the EMS server, three of the EMS client workstations, one adjudication workstation, and then the reweb 1610 and the Regis 1202.
Now, before I get into this, I want to kind of walk through my methodology a little bit.
So it's very common for operating systems to have default URLs, compatibility caches, things of that nature that may have an internet URL as part of that part of that artifact.
So in order to ensure that we didn't get any of that default data, I only reported on internet artifacts that one, the date occurred after the installation of the Dominion software, so after the 6th of August 2019, and that had multiple visits to the same site, okay, with dates after that timeframe.
So that would eliminate any of the default URL artifacts that may have been on the system.
Next slide, please.
Okay.
So from the EMS server, you'll see that there's actually three visits to the same site on the same day.
That clearly is not a private URL or a private IP address.
And so what I can tell you is that the EMS server, at least on that date, was connected to the internet.
Now, I'd also like to point out that relying on the unallocated space for these artifacts, I don't have a complete history of all the internet connections because things get overwritten, things get changed, things of that nature.
But the importance of this is that at some point in time, specifically those last visited dates, this device was connected to the internet.
Now, if you look at that date, there's also a correlation to the purging of the database.
It's the day before the audit.
On the same time, exactly.
Almost the same time, exactly.
Obviously, this requires an explanation.
Next slide, please.
When we talk about the EMS client, here are the connections.
Now, the nine connections at the top there, you'll see that as far back as February of 2020, there were four connections made to that URL, to the Microsoft URL.
And then on the 22nd, which coincidentally enough is during the time of the audits, there were five connections to the Microsoft URL.
I included that lower set of findings to illustrate that the importance of some of the items that were not produced to us.
So, not all of the election-connected devices were produced to us for analysis.
And that IP of a 192.168.100.11 is one of the private, it's a private network that was the election network.
And you will see that it accessed a bunch of web pages off of that device indicating that it was a configurator or it was a file server or something of that nature.
I want to draw your attention to that very last line: the M underscore network underscore wirelessland.html.
That was accessed on the 19th, or excuse me, on the 30th of October 2019.
Now, we have not received any information about any wireless LAN configurations, but yet here you have someone accessing it from the EMS client to access what I can only surmise was a wireless LAN configurator on that date.
And you can see that the EMS admin 01 account was used for that.
Once again, who the actual human was behind that account, I cannot tell you because of the shared passwords and the shared user accounts.
But I can tell you that not all the devices were produced to us that would have shed significant light on our findings.
Next slide.
Okay, once again, this is EMS client 3, and you can see that the last date last, there are six visits to Microsoft.com, and the last visit was on the 3rd of February 2021.
Now, keep in mind that those previous five visits were obviously before that timeframe.
And we don't have a record by nature of this artifact when each of those visits occurred.
Next slide.
Okay.
Now, ReWeb 1601 is kind of an interesting case.
Now, once again, we did not receive any network configuration diagram.
We did not receive any functional information as to the network.
It was one of those things that, as an auditor, in most cases, I can go back to the person being audited or the entity being audited and say, what is this?
Okay, how did this function?
How did this interact?
In this particular case, in this particular situation, there was extreme resistance and quite frankly, in my opinion, obstructionistic actions taken by the county to prevent this type of exchange.
Now, this system clearly was connected to the internet.
Now, whether or not that was by design or whether this is one of those isolated and protected systems that the county has indicated never touched the internet, I cannot tell you, but I can tell you that it had significant internet access.
And this is only something that would fit on the screen, right?
There's literally thousands of connections to the internet by this system.
Based on the naming convention, I would assume that this is some form of a web-based server that was used in the election system because it was produced under the subpoena, which that was one of the requirements for.
Now, the other thing that I will tell you is that this device was produced to us on an external four-terabyte hard drive.
And originally, it was represented to us as this was a forensics image of this device.
When we actually looked at it, we found that all of those devices that were produced on the external four-terabyte hard drives, they were simply an operational system clone of that device, and it was not preserved in a forensics manner.
What I can also not tell you is what steps were taken on the part of the county to ensure that the unused portion of that hard drive not occupied by this device, I cannot tell you what steps were taken by them to ensure that those were wiped or zeroed out so that we would not commingle data.
So, I do want to caveat these findings and the Regis findings with those statements.
But clearly, these devices had continual and repeated access to the internet.
Next slide.
This is the Regis 1201, and that, by the way, is the host name, not the function of this device.
And once again, you see repeated access.
That IP address is actually the public IP address for the maricopa.gov public URL.
Next slide.
So, I appreciate your diligence and your patience on this.
And as we think about what I've talked about today, it really boils down to accountability, right?
And making sure that our election systems are secured.
I will tell you that they were not based on any measure that I, as an IT professional performing countless vulnerability assessments and incident responses that I have occurred,
Lack Of Device Accountability 00:03:57
had a client that engaged me had this state of a network, it would have resulted in a failure on our audit.
So, at this point, I would like to remind people that from a totality of what these findings are, there simply is no accountability by anyone accessing these devices.
You had shared passwords, you had shared user accounts, you had remote access.
If someone could get access to this system, they wouldn't need a zero-day exploit.
The systems were so far out of date from a security compliance standpoint that it would have taken the average kitty hacker less than 10 minutes using Metasploit to hack this system.
And I would like to remind everyone that's listening to this that when you have a network of computers like you have in these voting systems, it only takes one person bringing in a little hockey punk with admin access to provide external remote access to that voting system.
And in the situations where you don't have accountability, you have shared usernames and you have shared passwords, you simply cannot guarantee the security and the accountability on those systems.
And I thank you very much for your time, and I'm available for questions if you have any.
Thank you, sir.
We appreciate that.
We're not doing questions at this time since it's just a presentation.
We will have committee hearings that will give everybody the opportunity to ask questions in the future.
So thank you.
Okay, we are going to go back to Mr. Logan.
For those that are looking at your watch, the bulk of this is done, but there's still some more important things to do.
Mr. Logan is going to quickly, because we are running over time, go through his recommendations of what improvements the Senate might be able to help do through legislation.
And then Mr. Pullen is going to quickly give his report about the independent ballot count the Senate did.
And then we have Ken Bennett standing by, who was our Senate liaison, who will be giving you the observations that he noted when he was there working every day.
So Doug, could you do me a favor and go through those recommendations quickly, please?
Is it working?
Are you clicking?
Okay, just click a bunch of times till I'll tell on the screen.
We'll talk through it.
Because if I can't control it, it's going to take too long.
Okay.
And pull your mic up closer, please.
Everybody's texting me saying they're having a hard time hearing you guys.
I have a lot of transitions on it, so if you just click and show it all up at once.
Maybe.
Ah, look at that.
Okay, I'm just going to mount.
Whoops.
Linking Driver Licenses To Voter Rolls 00:12:03
So legislation should be considered that links voter roll registration to changes in driver's license.
We saw a lot of indications that there was old, potentially old information in the voter rolls, and it's very important that our voter rolls remain clean.
If they don't remain clean, it would facilitate, it makes it easier for almost any type of way that someone might want to take advantage of the system.
If only the people who are registered to vote and could show up to vote are in the voter rolls, that makes it more difficult.
And already when you go into the DMV, you can register the vote.
But specifically, if you change your license to another state, if you change your address, which are things that people are usually pretty diligent about taking care of, that should also update your voter registration details so that when you're out of state and you're in another state, it's not possible for your old voter rolls to be used by you or anybody else.
Specifically, we recommend that the NCOA is a natural change of address.
It's something put up at the U.S. Postal Service.
I view a ballot basically like money.
And we should not be, you know, just mailing money to people who are not necessarily still at that address or have moved.
So checking the NCOA before you mail out ballots will help make sure that the currency of the ballots are only ever received by individuals who are legitimate voters or still living at that location.
So 90 days before the election, in addition, it should check it right before mail-in ballots.
We are not ever effectively mailing currency out to an address where someone has moved to another state.
I understand that the EPM and guidance from the Secretary of State suggests that the ERIC and Social Security's master's death list and others should be checked regularly against voter rolls, but I believe it needs a little bit more oomph to it and that there should be a legally required frequency for counties to do so to make sure that the regulator being maintained rather than just a guidance that it should be done at some stage.
Talk a little bit about election software, both from the report I have out of Antrim and specifically with what some of the inconsistencies and oddities that we're finding about the voter role system both here and quite frankly across the country.
I highly recommend that we pass legislation that requires that these applications that are extremely important are built up to a higher standard and specifically are making sure that they're ensuring the confidentiality and integrity of the systems.
The Open Web Application Security Project is known as a leader in the application security space and they specifically have something called the Application Security Verification Standard or the ASVS.
It has levels one through levels three.
Level three is for a sensitive system and I would highly recommend that would be a requirement for anything associated with voter rolls or voter systems that they would build up to that standard.
Doing so make sure that the application itself has the necessary standards built into it in order to make sure things aren't altered and that there are appropriate logs if so in order to take care of that.
Specifically with that it's always a good idea to run the ASVS assessments on a regular basis, usually every three or four years and specifically that the vendors should be required to attest that the ASVS standard was fully applied.
I further recommend that the vendors you shouldn't be able to use the same vendor over and over again for any type of certification activity.
It's too it creates too much opportunity for if there was some impropriety by a vendor that it could continue to pass.
So rotating vendors at least every three years and putting that in the law would help ensure that not only are these being assessed but they're set up to a higher standard.
And this goes beyond specifically what the EAC is requiring because quite frankly based on everything that's being said the EAC is not requiring anything close to what is necessary in order to protect our election system and hopefully that will get better over time but in the meantime Arizona can be a leader in this area.
Okay voting machines.
Specifically legislation should be considered that requires falling of all the CESA guidelines for election systems and equipment and that any variances against those should be documented and there has to be risk manos that are signed off and should be public for the appropriate for any derivations from those guidelines.
Now those guidelines cover pretty much everything that Mr. Coton was covering today.
Everything from setting up baselines on the systems, everything from baselines and network processes, making sure that user accounts are handled properly.
All those details are all covered by that.
Was a very simple legislation that basically says that guidance needs to be followed.
Legislation should be considered, which requires assignment of individual usernames and passwords.
Mr. Cotton's talked about that a lot today.
Legislation should be considered that requires real-time network monitoring of all election equipment, even on the air gap networks.
So there is some indication of what occurred there.
It may seem odd to have that on an air-gapped network, but as Mr. Cotton was mentioning, there's very small devices that you can take in.
And if you can plug them into a network port, you can effectively give the entire network internet access.
I mean, they're physically very small, they can be hidden easily.
And if you've got real-time network monitoring on those systems, especially where the EMS is, you can identify that and at least have a log of it and potentially prevent it before anything happens.
And legislation should be considered that would prohibit it, internet-capable election management system servers or equipment from being utilized.
There's a number of devices that, when you look at the serial numbers from the Pro V and V and S LA audits, they show that they had Wi-Fi cards and stuff put into them.
Anytime the capability is within a device, there's the potential for it to turn on, or for someone to turn it on and activate it, or use it to connect to some other device.
So it's highly recommended.
If the equipment's not even there, then you can't have a failure to configure, create any issues.
So legislation that far, not just preventing internet access, but preventing any type of capability in the device, would help ensure the integrity, especially as we keep being told that things are not connected to the internet.
From the voting machine standpoint, county employees should have all the administrative access on all election equipment sufficient to independently validate all configuration.
The fact that Mayor Cupa County said they did not have the hardware tokens necessary in order to see if their election equipment was connected to the internet or not is extremely, extremely alarming.
The accountability, the county needs to be able to hold vendors accountable.
We may use subcontractors for various different actions, but the responsibility always falls on the county, and therefore they need to always have all access.
That should not be something they can relegate to somebody else.
In addition, election voting machines should have a paper backup of all ballots, which can be used to confirm the votes where CAST is intended.
And these machines must be regularly maintained to vendors' maintenance schedule.
One of the things that was found in some of our examination of the paper ballots is a lot of things were miscalibrated or otherwise not following general manufacturer guidance.
If we want to make sure that we get the intended results out of things always, we should make sure that whatever goes through logic and accuracy testing, whatever it is that's a standard equipment being used, is the same thing we're using on election day.
And if you're testing a system with something different than what has happened in the real world, it's not a very good test.
And legislation should be considered that requires that paper stocks utilized on election day conform to, again, to manufacture specifications and that it's been tested properly.
Now, we think that you should have legislation that should consider creating an audit department that should regularly conduct audits on a rotating basis across all the counties in Arizona.
To the best of my knowledge, nobody is currently doing this, but based on the audit we performed, there was a lot of processes and procedures that were not conducive to effective audits.
The way that stuff gets better is by regularly checking it and regularly validating it.
And now that the whole world is looking at our elections, I think it's very important that we take advantage of that and make sure that what is done in our election departments is brought up to the same standards that financial industry uses and other critical systems.
It should not be an area that's lagging.
When our voting equipment helps choose the most powerful individual in the world, there's a lot of adversaries that would like to take advantage of that, and we need to treat it accordingly and make sure that it is being audited so that those standards are maintained.
Legislation should be considered that requires batches of ballots to be clearly labeled, separated from each other in a manner that they cannot easily mix together and easily connected to the batches run through the tabulation equipment.
There was a lot of hoops we had to get through.
jump through to even connect a box of ballots to what was run through the software in order to match those two up.
And that is something that should be simple to do, again, because it facilitates audits and that those audits facilitate accountability.
While a full audit like what we did this time, it cannot always be done.
The better the record keeping is, the easier it is to do partial audits to confirm things.
And that's something the audit department can do on a regular basis, in addition to sometimes to info audits.
But it's not cost effective to do that every single year.
Legislation should be considered to penalize, purposely inhibit a legislative investigation or an officially sanctioned audit of an election.
I think why that's in there is a little bit obvious.
Audits are really effective when you have the cooperation of the management who controls things, and it's very, very difficult to manage them.
That's why financial services, if you're your typical financial audit, if you don't comply with the audit, you can literally be put in jail at times.
Okay, ballots.
Legislation should be considered that will make ballot images and cast vote records artifacts from an election that is published within a few days of the results being certified for increased transparency and accountability of the election process.
These are things that we think is important for the Arizona and the American public to be able to see and validate and see with their own eyes.
Currently in Arizona, we had a judge that stated that we could not make the ballot images publicly available.
There should be nothing that links, once a ballot comes out of its envelope, there should be nothing that links it back to a person, and there should be absolutely no reason why it shouldn't be able to be public.
Legislation should further be considered which require all ballots to be cast on paper with security features such as watermarks or similar technology with a detailed account of what papers were used.
With our paper analysis, we wanted to be able to say that this is legitimate paper and valid and real, and we wanted to be able to say this is not legitimate paper.
But with as many wide number of papers that were used, I think we were estimated over 10 different copies, different types of paper, it's very difficult to make that.
But if there's official paper that's kept track of, it'd be much easier for an audit when it's conducted to be able to say without a shadow of a doubt whether it is in fact printed on legitimate paper.
Mail-in voting should incorporate an objective standard of verification for early for voter identification similar to the ID requirements for in-person voting.
It seems likely that mail-in voting will continue to increase.
From a security standpoint, I advocate no more mail-in ballots, but that's not probably realistic.
Forensic Audit Experience 00:02:53
So that being the case, if it's going to continue, we need to have good identification requirements.
And that is end.
Thank you for your time, Madam President.
Thank you, Mr. Logan.
I appreciate that very much.
We'll take all those into consideration.
I'm sure we'll have more.
Let's go now to Senator, Senator, sorry, Randy.
Mr. Pullen, Randy Pullen was our co-legislative liaison there as they saw the work building up quite so much.
Mr. Pullen, could you give us just a tad of your background and as to why I selected you to please do this independent count?
Thank you, President Phan, as well as Chairman Peterson.
Thank you for your commitment to this forensic audit and your resilience over the last six months as we went through it.
Thank you.
Okay, just real quickly about me personally.
Graduated from Arizona State University, undergraduate in math and chemistry and an MBA in 1981.
I sat for and passed the CPA exam in 1980, became a CPA, and I've been a CPA since then.
Employment-wise, I started out working on my MBA as a, I was working at a engineering company, writing software for them.
And then I joined Deloitte Haskins and Cells and began working in their audit department and helped them develop and test the first statistical sampling software and system for doing audits.
I became a partner at Panel Kerr Forrester.
And then again, I went back, became a partner at Deloitte and Touche, where I focused on financial auditing, specifically for bank savings and loans in the hospitality industry.
I actually did get involved in forensic audits, so I understood how they function and what you had to do in order to complete them.
I started my own company back in the 90s, and I still do consulting and accounting services.
And I also started an IT company in 2001, WageWatch, which still exists to this day.
And we developed software that's still considered some of the best in the industry that we're in.
Background-wise, the Senate decided they wanted to do an independent count of the ballots in order to confirm the count by the county as well as the count by cyber ninjas on the forensic audit.
Machine Count And Missing Batches 00:04:57
And so that was kicked off on June 28th.
They selected me to run that machine count.
Again, it goes back to my experience and knowledge.
I immediately got Brian Blim, who was the attorney who had worked on the floor of the Coliseum and was the legal counsel that had dealt with any forensic issues that came up on the floor during the hand count.
And by the end of June, he was no longer a contractor with the cyber ninjas.
He was independent and he agreed to assist in the machine count.
We also enlisted a lot of former volunteers who had worked on the floor doing tally counts as well as working in the corrals taking care of the ballot boxes.
And so we put together a pretty good team.
We went out and found the equipment for doing a machine count and looked at several different varieties and finally decided on, I need to stop pushing this and found the equipment.
The equipment we found, interestingly enough, was highly considered around the country as very good equipment.
And it's all this is in the report.
And we selected two Bantam 1 counting machines that were made by U.S. paper counters.
And we also got two paper joggers, they're called.
what they do is they help align all the paper before you run it through and do the count on the paper.
And again, these ballots are very heavy paper.
So when the technician came in and set up the machines and we were testing the paper, he had to make adjustments to the machines that could handle the quality of the paper that we were running through the system.
And so once we had that figured out, then we had the technician train our volunteers who this worked for us.
And then the ballot counting started on 7-14 and we completed it in 12 days.
I will tell you that the volunteers worked incredibly hard on this as well as observers we had overseeing what they were doing.
And we started working at 8 o'clock in the morning and we went until midnight on those days.
We had two teams that were working that very, very solid work.
So here's what we found.
The Maricopa County official canvas, you can see it's as it's been reported earlier, and we did the machine count and it was very close.
We were 121 less ballots than they had counted, which again, you can see the forensic election audit that count on the ballots was a little bit less, but all of it's within a thousand of what Maricopa County did.
Not surprising.
One of the things we did learn on the machines when we were testing them and setting them up to operate is when they did was a miscount and we did do recounts based on that.
But when there was a miscount, essentially it was an undercount.
Okay, so being a little bit less than the official canvas count was not surprising.
Now here are some of the things we found, and this kind of confirms some of the things that were talked about earlier in these reports.
We did find missing batches and boxes where you would open a box and it was supposed to have seven batches in it.
There would only be six batches in the box.
Okay.
And then sometimes we found there were eight batches in the box, but only supposed to be seven.
So we found these kinds of problems.
Am I causing this?
Okay.
So we were finding missing batches and boxes.
We were finding batches and boxes not listed on the boxes.
So we're kind of like a ghost batch.
And then when you open some of the boxes, the batch counts that went with every batch, which was typically supposed to be about 200 in the batch, they weren't with the batch.
They were on top of the batch or they were on the side.
And so we'd have to go through and figure out manually which batch sheet went with which batch, which again goes back to if things were done more properly, this would be much easier.
It could have even been done faster as that.
Ballot Paper Stock Discrepancies 00:09:32
So that's pretty much what we came up with with this.
And so again, it independently confirmed the numbers that the county and cyber ninjas found in the ballot count.
Thank you.
Thank you.
Well, thank you, Mr. Pollen.
We appreciate that very much.
We had, those who didn't know, we had the ballots.
And before we gave them back, we said, well, what do we do if Maricope County and Cyber Ninjas counts don't match?
How do we know which side to go with?
And so we decided, let's get a couple of machines of our own and do an independent just in case there was a difference.
We could have an idea of which side to go with.
Thank you.
All right, Mr. Bennett, are you still on Zoom with us?
I am, Madam President.
Thank you.
Thank you for waiting so long, sir.
I apologize for the delay.
Mr. Bennett, would you give us just a tad background about yourself and tell us what your observations were as the Senate liaison?
Well, there's a I've provided a I have provided a PowerPoint to your staff, and so I would ask that they prepare to bring that up.
But in the meantime, I served as the 21st Secretary of State from 2009 to 2015.
That's the chief elections official of the state of Arizona.
I also served as the president of the Senate for four years, like yourself, and another four years as a state senator.
So I kind of bridge that those two domains, maybe.
I've also an accounting degree from Arizona State University and have worked in numerous businesses, usually as the CEO or CFO, chief financial officer of those companies.
And I see the screen, so I'll jump in here.
I know our time has gone long today, but you asked me to observe throughout my days there at the audit areas where compliance with our election laws and procedures was accomplished and maybe where they weren't complied with.
As you know, elections in Arizona are governed by the election laws, which are adopted by the legislature and the governor, and then a Secretary of State's procedures manual, which is promulgated every other year by the Secretary of State's office, but has to have the consent of the Attorney General and the governor as well.
And between those two documents, there's over 1,300 pages of laws and procedures.
I'd like to just briefly say that no election can be conducted perfectly because it is administered by imperfect human beings, but that doesn't mean we don't try because it is through our elections that we the people give our consent of the governed, as is identified in the Declaration of Independence.
And every citizen deserves to know that they are being treated equally under the law as required by the Constitution.
So every legal vote has to be accounted accurately and not canceled out by unlawful votes.
This report is intended to identify where Maricopa County failed or may have failed to comply with some of these statutes.
But having said that, I believe that the majority of our election officials in Arizona are honorable, well-intentioned people.
So I intend this report in the spirit of constructive improvement, but also maintaining appropriate accountability.
Let's go to the first slide.
As we've heard in previous testimony, and the slides aren't changing on my screen, but I hope they are at your end.
First slide or observation is related to the missing signatures on ballot envelope affidavits.
And there's some statutes there that I'm not seeing a change on your slides, but I'll assume that the slides are changing at your end.
You'll see the statutes 547, 16, 547, and 48 that early ballots have to be accompanied by an affidavit.
And by 7 o'clock on Election Day, there is a cure period in Section 550, which is not noted there.
ARS 16552 is very clear that the election board is to check the voter's affidavit and quote: if it's found to be sufficient, the vote shall be allowed.
If the affidavit is insufficient, the vote shall not be allowed.
And equally prescriptive in the election procedures manual: if the early ballot affidavit is not signed, the county recorder shall not count the ballot.
As you heard in previous testimony, the scope of this audit did not involve comparing signatures with the voter registration files, but you had people, Dr. Shiva,
look for and identify a number of missing signatures on ballot envelope affidavits, which to the extent that ballots from those envelopes were tallied would violate the above statutes and procedures.
Next slide, I hope you're seeing is because I'm not seeing it, original and duplicate ballots without matching serial numbers.
ARS 1621A is very specific that all duplicate ballots created pursuant to the subsection shall be clearly labeled duplicate.
There is a serial number that's recorded on the damaged or defective ballot, and the EPM says something very similar and gives one of the reasons, which is to tie the ballots together.
The other reason would be to make sure that the votes recorded on the duplicate correctly reflect the votes on the original or damaged ballot.
There were approximately 2,500 duplicated ballots where there were no discernible serial numbers recorded on either the original or the duplicate ballot.
Obviously, this does not comply with those statutes and procedures.
The next slide, I hope, is missing chain of custody.
ARS 16621 says that the county will maintain a chain of custody for all election equipment and ballots during early voting, which is kind of the beginning of an election through the completion of provisional voting tabulation or kind of the end of processing ballots.
The Senate requested this chain of custody.
The county provided a very detailed chain of custody of the ballots that we did receive, but we never received a chain of custody all the way back to the election period as this statute requires.
Next item is insufficient ballot paper thickness.
This is not a major item, but ARS 16502A says that ballots shall be printed on a paper of sufficient thickness to prevent the printing thereon from being discernible from the back.
And there can be debate as to whether this is just for the printing on the ballots or when the ballots are marked with their votes, but there were, as Mr. Logan noted, multiple the audit found multiple thicknesses of paper stock used in the printing of ballots, some of which would allow kind of that bleed-through effect, which would not be in compliance with the above statute.
Next one is common usernames and passwords, as Mr. Cotton noted.
The election procedures manual specifically says that applications within the EMS system should use separate usernames and secure passwords for each user or station.
And as he noted, he found common usernames and passwords being used, which is inconsistent with this guidance from the election procedures manual.
Another, the next one would be missing serial numbers on electronically adjudicated ballots.
An addendum to the 2019 election procedures manual specifies that tabulation machines may be programmed to outstack or to print identification numbers on the ballots with write-in votes that are electronically tallied.
This process is often known as adjudication.
There was, well, Maricopa's system, Dominion, does not use an outstack method, but it does not appear that these identification numbers were printed on the electronically adjudicated ballots as required by this part of the procedures manual.
Reconciling Ineligible Voters 00:08:09
And the last slide would be, well, I guess there's a one after this, but the last item is possible ineligible voters.
Several articles, which include multiple statutes within IRS 16, as well as many aspects of the election procedures manual, identify Arizona's requirements for an individual to be considered an eligible voter and therefore allowed to cast a legal vote.
The audit identified numerous questions regarding possible ineligible voters.
However, these determinations were, as you heard from Mr. Logan, made from comparisons between the county's final voted data and private data sources, not the official voter registration data.
So further investigation with the cooperation of the county, hopefully, is necessary to determine whether ineligible voters were allowed to vote in the 2020 election.
And Mr. Logan went into some of the possible categories of people who had moved or deceased or other categories that I think you saw in earlier testimony.
And the last slide is simply a thank you from me for allowing me to work on this project.
And I will conclude, I guess, by saying this, that I have already started to hear from people saying that, well, if the audit failed because it didn't prove that the election was overturned or that there was a different result.
Well, as you noted, when you began this process, Madam President, and when you began this hearing today, there was no predetermined, at least in my mind, and I know in yours and Warren's and everyone who worked on this audit, there was no predetermined outcome that if we didn't find this or didn't find that, we have failed because it's exactly the opposite.
If we identify strengths and weaknesses in our election procedures and statutes, and if we confirm that in this case, an election was conducted where the hand count of the ballots matches the electronic tally of the election proceed, the election system used by the county, I don't consider that a failure at all.
In fact, maybe Mr. Logan and his company have identified the most accurate hand counting process that has maybe ever been used in the country.
And that's directly in opposition to many within our state and across the country who said that their procedures were terrible or this was that, and nothing could be further from the truth.
I, you know, there were a lot of good, honest people that gave a lot of time, as you noted, to accomplish this audit.
That wasn't intentional, was it?
Was confirmed.
There we go.
I offer these, as you requested, as areas where we could make constructive improvement.
And I'll leave it at that.
Thank you.
Thank you, Mr. Bennett.
And we're sorry you went last and you had to hold on the logist, but thank you so much for doing this.
For some of you may not know, Mr. Bennett did this on his own time on his own nickel.
And he lives in Prescott, but literally drove down almost every single day to be at the audit with the rest of the team to make sure that everything was done accordingly and chain of custody was followed and everything was always documented.
So thank you, Mr. Bennett.
That was quite a yeoman's job on your part.
All right, closing comments.
Senator Peterson, I'll let you start.
Thank you, Madam President.
And I'll be fairly brief here.
I just, first of all, want to thank you for what you've done with this.
You have faced incredible opposition and hostility, and you have handled that with grace and dignity.
So I want to thank you and recognize you for that.
Again, the goal here is election integrity and making sure our citizens have faith in the process.
So as we wrap this up, what are our next steps?
Where do we go from here?
And I think there's legislation and I think there's law enforcement that needs to be involved.
So I'm going to name off eight bullet points here that I think need to be handled by my colleagues and by our attorney general.
First of all, and what I have found perhaps the most unsettling through this whole process is the obstruction that we have seen from the county.
The failure to comply with the auditor, a brazen willingness to violate a legal subpoena.
Our attorney general said that was against the law.
It's truly alarming.
And furthermore, to their willingness to expend significant resources, human capital, you name it, to block and to stop this audit.
As I recall, it was like $18,000 or something like that for one of their audits that they spent money on.
How much money have they spent trying to stop our audit?
It has to be in the hundreds of thousands of dollars.
But that would be an interesting number to see.
Number two, the numbers don't reconcile.
As you've seen through this, it is a theme throughout all the reports.
All of us as citizens, we should be able to pull up these election results and we should be able to, every direction, reconcile the numbers.
If I subtract, you know, early ballots or if I subtract, if I add the rejected, if I, you know, no matter which way, you should be able to come up with a reconciliation so that everything balances.
That needs to happen.
It appears that they broke the law with duplicate ballots.
And that's a huge deal.
That needs to be resolved.
We need to get to the bottom of whether that law was broken, how to prevent it in the future, hold people accountable that did it this time.
Churning of logs, the churning of logs.
We need to find out why that happened.
Who did it?
What was the motive?
And what was there?
We need to get to the bottom of the logs that were there.
Chain of custody issue.
Number five, chain of custody issues.
Number six, a failure to preserve data files.
And number seven, cybersecurity weaknesses that were so that were shown by Mr. Cotton, so evident here.
Those are not going to get any better.
We're seeing people being held hostage via cybersecurity every day, and it's constantly becoming more sophisticated.
We have to definitely need to up our game there.
And number eight, the envelopes with blank signatures.
We have a lot of questions there that need to be answered.
So with that, Madam President, I look forward to working with my colleagues and with the Attorney General in any way to resolve these issues and to improve our elections and to increase election integrity in the state of Arizona.
Thank you, Senator Peterson.
Senator Peterson is our Jude chairman.
This started in the Jude committee back in December and only appropriate to end up there.
And my closing remarks, first and foremost, let me tell everybody that all of these reports are up and posted on our website for you to access all of them.
Resolving Election Integrity Issues 00:03:00
That website is AZSenateRepublicans.com, AZSenateRepublicans.com.
You can all go there and see all of these reports.
Second of all, I have already transmitted a letter to our Attorney General's office with all of those reports.
That not only includes everything that we have noted here, but also everything that Senator Peterson has concerns about.
The Attorney General has that.
We are asking him to open up a formal investigation so that he can pursue and seek additional information, additional facts, perhaps get some of these missing things that we were never able to get, verify all this information and take the appropriate actions of anything that is necessary to do.
I have every confidence that he will be doing that.
I also want to say thank you to my Senate Republican colleagues.
When we started this, it was we had a claucus and every single one of our Republican members said this is important.
Our constituents have questions they want answered.
We didn't think it was going to be this long.
We didn't think it was going to be this expensive or this difficult, but we did it.
We hung in there.
We did it.
And as you can see, we do have some work to do here.
We have a lot of work to do because quite honestly, if we don't follow our rules, don't follow our elections, this is how problems can happen.
We also know that 18 different states sent representatives here because they have constituents asking the same questions.
And the very least, what I think that we can all come out of this is that we need to do audits to some extent.
We need to do bigger audits on every election just to make sure that everybody's following the rules.
So with that, I want to say thank you to Mr. Logan, Mr. Poland, Mr. Cotton, Mr. Bennett, all of you present, Mr. Shiva, Dr. Shiva.
Thank you for all your hard work.
I know this was very difficult on you and your family, Mr. Logan.
You've been here for many months and you've left your wife and 11 children back at home and he has another one due in next month in a couple of weeks.
So we gave up a lot for this and we appreciate it.
So to everyone, thank you all very much.
Thank you for being so polite up there.
We appreciate that.
And prayers and blessings to everybody and let's move our elections forward.
Thank you.
We are adjourned.
Thank you so much for listening, everybody.
Email us your thoughts.
Freedom at CharlieKirk.com.
God bless you guys.
Speak to you soon.
For more on many of these stories and news you can trust, go to CharlieKirk. com.
Export Selection