Officials and lawmakers are taking steps to prevent security failures during the midterms by studying several successful pro-Trump election breaches that have occurred across the country since 2020.
Why it matters: For all of the right's conspiracy theories and unsubstantiated claims of election fraud benefitting President Biden, four experts tell Axios the only significant, known breaches related to the 2020 election came from actors supporting former President Trump.
The big picture: In Colorado, Georgia and Michigan, Arizona and Pennsylvania, officials have spent millions on new equipment, investigations and training and in some cases have sought legislative reforms to increase penalties for tampering.
Between the lines: While states are also responding to external threats to election officials' physical safety in 2022, these were breaches of confidential election information that have implicated election officials themselves, who were apparently influenced by Trump-allied voter fraud claims.
State of play: Election officials across these states insist the breaches (known about in at least a half a dozen municipalities) were the results of rogue actors and do not compromise election systems in a meaningful way.
- Federal and state investigations are ongoing into the known breaches--and one top Colorado election official has been indicted.
- But the risk of election hard drives and other software distributed on the internet furthers disinformation and possibly aids in future hacks, election security experts tell Axios.
The intrigue: These post-2020 breaches are likely the first time election officials were "leveraged to gain illicit access to the systems," says Matt Masterson, a former senior cybersecurity advisor at the Department of Homeland Security focused on elections.
- Much of the focus after 2016 had been on foreign threats to election systems, he told Axios. However, “Insider threat is a known risk with IT systems.” That’s why most systems already track access, he said.
- Jennifer Morrell, a former elections official and parter at the Elections Group—which consults with election offices—told Axios she's seeing officials focus much more on personnel access to sensitive election data. They're adding security cameras and undergirding two-person access protocols in reaction to these unauthorized breaches, she said.
- "We spent all of this focus on cybersecurity," she said. "Now in the last year and a half there's been a huge shift to focus even more on physical security."
Of note: Other Trump-allied pushes resulted in another type of problematic access to elections systems, ones that were done under color of law by judges’ rulings, including the “audit” in Arizona's Maricopa County, as well as a similar one in Fulton County, Pa.
Details: Colorado — where federal and state investigations into 2020 are ongoing — passed a law earlier this year that increases criminal penalties for tampering, made it harder to access sensitive voting equipment and required training for staff.
- Michigan’s attorney general’s office advised additional training for clerks on the penalties for breaches after election officials in at least three counties allegedly gave Trump allies unauthorized access to vote tabulators in 2021. A ballot measure this year also would make it harder for local election boards to decertify the vote.
- Georgia Secretary of State Brad Raffensperger told Axios he’d support increasing penalties and jail time for those who violate election law. In Coffee County, officials illegally allowed at least two groups access to the county’s election server, voting machines and other equipment.
- A breach was attempted but not successful in Spalding County, Ga. as well, the same county where in mid-October a fraudulent ballot was scanned during early voting. Officials are investigating but believe the ballot was illegally inserted to cast doubt on the election’s integrity.
Zoom out: At least four of the successful breaches have so far implicated consultants and lawyers with ties to election denier Mike Lindell and Trump campaign lawyer Sidney Powell, according to public documents.
- The Georgia State Election Board chairman asked the FBI to look into the apparent pattern between them. The FBI told Axios it "cannot confirm or deny the existence of any investigation."
Flashback: David Becker, director of the Center for Election Innovation and Research told Axios he’s heard firsthand about even more unreported breach attempts after 2020 “in many, many more states. But elected officials stood strong against these efforts.” He declined to provide further details.
What they're saying: Tonnie Adams, election supervisor in Heard County, Ga., told Axios Atlanta based on Georgia’s current rules, he doesn’t know of a policy that could have prevented the "ridiculously stupid" Coffee County breach. "If you have a human being go rogue, there’s nothing you can do."
By the numbers: The breaches have cost taxpayers millions of dollars in equipment replacements alone, Becker told Axios.
- In Arizona, Maricopa County's new tabulation machines cost $2.8 million.
- The Georgia secretary of state used its backstock to replace $400,000 worth of Coffee County’s equipment in September.
- Machines implicated in Colorado and Michigan — as well as those used in the Fulton County, Pa., “audit” — also have been decertified.
Axios Phoenix's Jeremy Duda contributed reporting to this article.