WASHINGTON — On the third day of the Conservative Political Action Conference in March, two men delivered on experts' biggest concerns about attempts to access election machines after the 2020 election.
Using copies of election software — improperly removed from multiple counties — that has been circulating among election deniers, they presented an unfounded narrative that they had discovered evidence of fraud and foreign interference. They also discussed their goal to secure jobs as election officers and build a team of computer experts to access elections systems in more than 60 counties in order to prove their theories.
"This is exactly the situation that I have warned about," said election technology expert Kevin Skoglund, a senior technical adviser at the National Election Defense Coalition. "Having the software out there allows people to make wild claims about it. It creates disinformation that we have to watch out for and tamp down."
Skoglund is among the election security experts concerned that bad actors are using the time between the 2020 and 2024 elections to study election systems and software in order to produce disinformation during the next presidential election, such as fake evidence of fraud or questionable results.
Described as an election integrity presentation, the event wasn't on the official CPAC agenda or sanctioned by the organization, but took place in a guest's room at a nearby hotel. Some CPAC sponsors hold their own sessions, which are planned and produced by them and not CPAC.
Only a small number people attended the event in person. At least 2,800 people watched live online through a far-right broadcast, according to that show's host. That broadcast included commentary from election deniers before and after the presentation.
In the weeks after the 2020 election, and for at least the first six months of 2021, former President Donald Trump's supporters arranged to access federally protected election machines and copied sensitive information and software. What they intend to do with the information is not entirely clear.
In two instances, courts or state lawmakers granted access to the election systems. Trump supporters also convinced election officials or law enforcement to give them access to election machines in Mesa County, Colorado; Coffee County, Georgia; Fulton County, Pennsylvania; and several Michigan counties. It is unknown how many other election systems across the country were accessed, copied and shared.
Cybersecurity and election experts like Skoglund say a full investigation into who accessed election machines in 2020 and 2021, who paid for the efforts and how those involved intend to use the information is necessary to prevent misuse.
While the FBI has assisted in some local inquiries, it does not appear to be conducting a national investigation, feeding election experts' concerns that federal law enforcement isn't connecting the dots between issues in other states.
The quality of the so-called evidence put forward during the CPAC presentation was comparable to what was submitted with dozens of lawsuits that attorney Sidney Powell filed on behalf of Trump after the 2020 election, Skoglund said. Of the 62 suits from Powell and her allies, all but one failed. Many judges pointed to the lackluster evidence provided to justify the suits as reason to dismiss the cases.
"They find something that looks strange and assume the worst," Skoglund said of election deniers. "That's not how you do credible research. If you find something that looks strange, you have to follow it all the way through to make sure there's not some other explanation for it."
The event conducted during CPAC was immediately dismissed by the far right commentators broadcasting it. Nonetheless, Skoglund was alarmed that it took place.
"The next one may be more potent than this was," he said.
The presentation was emblematic of the broader effort to perpetuate a narrative about the potential for election fraud across the country, said Harri Hursti, a cybersecurity expert who works with state-level election officials to test vulnerabilities in voting machines.
Several people who aided the efforts to access election machines after the 2020 election are still meeting with state lawmakers, local officials and the public, trying to persuade them to abandon electronic voting. In February, the Shasta County Board of Supervisors canceled its contract with Dominion Voting Systems and is weighing counting votes by hand in the future.
Hursti said the presenters from the event during CPAC contacted him ahead of time and asked him to look at what they thought they had found. He told them there was a simple explanation for the so-called vulnerabilities they had uncovered: It was code from an anti-virus program used to identify common malicious bugs that attack computers, he said.
"I was saying to them, 'You know, you should have taken a look to your own computer and see if you find the same malicious code in your own computer, because guess what, it's there,'" Hursti said.
One of the presenters, Joshua Merritt, acknowledged the criticism that followed the presentation. He told The Times he intended to pose questions through the presentation in hopes someone would watch the event and help answer them.
"We're just trying to do the right thing to make sure people have secure elections," said Merritt, whose affidavit alleging possible foreign interference in the 2020 election was cited in lawsuits Powell filed in Arizona, Georgia, Michigan and Wisconsin. "And that's been my only motivation behind it."
The other presenter, former Florida congressional candidate Jeff Buongiorno, did not respond to requests for comment from The Times. He said during the presentation that the information referenced came from copies, called forensic images, of production servers from three counties. He would only name one of them: Coffee County in Georgia.
"We have multiple counties' forensic images," he said during the presentation. "We're not going to name the counties."
Some came from evidence in court cases, and other images he and Merritt obtained on their own, Buongiorno said.
"Sometimes you have good Samaritans on the inside who care," Buongiorno said.
Merritt told The Times his portion of the presentation was based only on images taken of the Mesa County election system, which were disseminated at an August 2021 cybersymposium held by Trump ally and MyPillow Chief Executive Mike Lindell, and can still be accessed online. At the event during CPAC, Merritt did not dispute Buongiorno's assertions that their presentation used information from multiple counties, including Coffee County.
Little is known about who has the information taken in Coffee County, which included copies of every component of the county's voting system. Skoglund, who is an expert witness in an ongoing case involving Georgia's voting machines that uncovered the improper access in the county, said he was unaware that Merritt and Buongiorno had access to that system.
"They were not on the list of people that I knew had had that software until then, which just shows that it has spread further than the dozen people or so that had it that I know about," Skoglund said.