In this episode, the Arizona Senate reviews the results of an audit of the Maricopa County Election Board's audit of election results. Senator Peterson, Sen. Fann, and Sen. Kelly Ayotte discuss the audit results, a presentation from Dr. Shiva, and a report from the audit.
00:00:13.000I thought it was so important that you hear it, you listen to the details, and listen to our sister episode where we give our commentary on it, charliekirk.com/slash support.
00:00:25.000Thank you to Maria, and thank you to Brian for your very generous support that allows us to do what we do at charliekirk.com/slash support.
00:00:35.000This is the unedited Senate hearing of the Maricopa County Audit.
00:01:05.000We will not embrace the ideas that have destroyed countries, destroyed lives, and we are going to fight for freedom on campuses across the country.
00:01:20.000Now, I find it ironic that our Secretary of State and a few others have called this a sham audit, that you can't trust it, you can't believe it.
00:01:28.000Well, the interesting fact is: truth is truth, numbers are numbers, and we've said that from day one.
00:01:35.000What you're going to see is exactly what it is: the truth.
00:01:40.000And those numbers were close within a few hundred.
00:01:45.000But what you have not seen and not heard yet, which is what you are going to hear right now, what you have not seen and you have not heard is about the statutes that were broken, how the chain of custody was not followed, how we had a number of issues, which is why people question the ballots and the elections.
00:02:06.000So, I ask that you please keep an open mind.
00:02:09.000I please ask that you listen to this because the reality of this is what this is all about: making sure your vote counts.
00:03:07.000The importance of our society having faith in the election process cannot be overstated.
00:03:15.000The number she gave of people who had concerns was significant, but even if it was much less, it would still merit this type of an audit to bring reassurance to our citizens.
00:03:31.000This report should help the Senate understand what has been working, what needs improvement, and whether further investigation by law enforcement should occur.
00:03:44.000So, I look forward to receiving this report with all of you at this time.
00:04:39.000I just want to make one prefaratory remark, and that is, as a follow-up to Senator Peterson, we live in the age of what we call engineering systems, complex systems, taking an airplane, using an iPhone, self-driving cars.
00:04:53.000These are highly complex systems, but what are known in the modern world as engineering systems?
00:04:59.000Our election voting systems are also engineering systems.
00:05:03.000And I want to thank the leadership of the Senate, the stakeholders, because they've taken a historic step here to bring the same level of engineering systems capabilities to election voting systems.
00:05:17.000And one of those important attributes is that whether an anomaly is small or large or insignificant or monumental, it all must be welcomed because from an engineering standpoint, it can only do one thing.
00:05:30.000So today, as Senator Fan President Fan said, I'm going to be sharing with you a particular area that we looked at, which was looking at the early voting ballot return envelope images.
00:05:46.000And that's what I'm going to share with you.
00:06:36.000And so the title, as I said, is a pattern recognition classification early voting ballots return envelope images for signature presence detection.
00:06:45.000We're not doing signature detail verification, but we're doing signature presence detection.
00:06:50.000And we're taking an engineering systems approach.
00:06:56.000We're going to give a little bit of background.
00:06:58.000We're going to review the Maricopa results.
00:07:00.000We're going to go through what our analysis resulted in and then compare them and then report on some of the key findings and anomalies and then also raise questions for Maricopa officials and then propose some recommendations.
00:07:12.000So the executive summary of this to sort of summarize the whole talk here today or the findings is that the early voting ballot, the return envelope, you really want to think about that's really the protective vehicle by which the EVV, which is the early voting ballot, is transported and processed.
00:07:30.000And the authentication, the verification of the signature on the EVB return envelope is critical to reliability of the entire process.
00:07:40.000And our audit reveals anomalies raising questions on the verifiability of the signature verification process.
00:07:51.000You can read more about it, but I was selected.
00:07:54.000I was honored to be selected because my background for more than 40 years has been in the field of pattern recognition and classification, particularly system science.
00:08:02.000And it goes back a long period of time.
00:08:05.000But just very briefly, you know, in this field, you look at reality.
00:08:09.000In this case, we're looking at the electronic, the election voting, the early voting ballot system, and then you try to model it.
00:08:17.000That's typically what science and engineers do.
00:08:19.000For example, for many years, I looked at how babies were processing sleep and trying to understand their system by looking at sleep patterns.
00:08:27.000Same in the area of deathblind communications.
00:08:29.000Again, you have the reality, you have signals, same in the area of looking at a bridge, and you get signals from it.
00:08:34.000Based on the signals, you're trying to predict what's going on in that bridge.
00:08:37.000And same if you look at an aircraft wing without having to open it up, you look at these signals and you're trying to predict what's going on.
00:08:43.000And for many years, we did a project on looking at handwritten bank check numerals.
00:08:48.000And these different areas, including email, looking at what's inside of an email as a system, these are all pattern recognition problems.
00:08:55.000And in fact, if you look at food, trying to figure out will this food cause different kinds of diseases.
00:09:00.000But the reality in this area is you're looking at the particular real world and you have a model.
00:09:05.000You can look at the heart, you can look at the cardiovascular system of that.
00:09:08.000And you can say, hey, I have some states of this system which are normal signals and some states which are abnormal signals.
00:09:15.000So in this case, what we're looking at is we have the early voting ballot system and we have the early voting ballot return envelope images.
00:09:23.000These are the signals that we received to try to figure out what's going on inside that system.
00:09:28.000So you have the reality of what took place and you have the expression of that which is embodied in those images.
00:09:34.000And this is what one of those images looks like.
00:09:37.000You have an image, you have upper left the name of the voter, and here you have the signature.
00:09:43.000And we were asked as a part of the scope of this audit not to look anywhere else, but to look in this signature region and to look to see if there was a normal state, a signature there, or the abnormal states, blanks, split into two, and I'll talk about more in detail: a complete blank or likely blank, or what we call a scribble.
00:10:03.000A scribble is something trying to get into the direction of, hey, was this signature even valid?
00:10:17.000So, early voting ballot system, and you have these images.
00:10:21.000So, before we head into the actual process we did, let's look at the reality of what took place.
00:10:27.000So, this is on the left side, the actual reality of what was reported by the Maricopa County in their voter education report.
00:10:34.000In fact, what was called their Canvas report.
00:10:37.000And what we see here, if you look carefully, here are the numbers that they reported from 2016, but more importantly, we're concerned about 2020.
00:10:45.000And in 2020, one of the lines in their report is called the early ballots verified and counted, which has 1,915,487.
00:10:57.000And the rejected early ballots, which are these numbers, are the ones that were not included in the final count.
00:11:03.000Bad signatures, which means they went through a signature verification process.
00:11:07.000And out of that, 587 out of the 1,918,463, which is all of them were deemed to be bad signatures.
00:11:17.000And the way we get this number is you take all of the ones that were verified and counted.
00:11:21.000The ones that were bad signatures, there were some which were no signatures, which were blanks, and then late returns.
00:11:27.000So to be clear, according to the report, this was a total number of early voting ballot return envelopes received by Maricopa County.
00:11:37.000To make it a little more clear, we have 1,918,463 total unique EVV return envelopes, of which 1,455 were found to have no signatures.
00:11:51.000And at the end, there was the, and an amount of 1,917,008 was ready for signature verification.
00:12:01.000And as a result of that, 587 were found to have bad signatures.
00:12:05.000Now, in signature verification, it's a detailed process.
00:12:08.000You can read the report, but counties vary.
00:12:12.000And Maricopa is considered along with Florida, apparently have one of the better signature verification processes.
00:12:19.000But according to that, out of the entire lot of 1,918,463, 587, after this verification process, where someone looks at the signature and they look at the voter registration signatures and they're doing typically what's called a 27-point analysis.
00:12:37.000So 587 were found to have bad signatures, 934 with late returns for a total amount, which matches with what was reported, of 1,915,487.
00:12:49.000Okay, so this is Maricopa's reported results to the public.
00:12:54.000The scope of our audit, just to, I'm going to go through the scope of this audit by also going through the process.
00:13:03.000When early voting ballots, which some people, which is a subset of those, are called mail-in ballots, are submitted, those ballots are imaged, which means scanned, converted to digital images.
00:13:13.000So the EVB return envelopes, we're talking about the outside, the covering, that important covering within which is contained the ballot, is scanned before they're even tabulated.
00:13:23.000So the EVB return envelopes are opened and scanned.
00:15:16.000So for the audit, we were provided by the Arizona State Senate 1,929,240.
00:15:25.000And these were apparently all the EVB return envelopes that Maricopa County got.
00:15:33.000What we noticed when we looked at this, which was fascinating, our first interesting, I guess wasn't an anomaly, but something we were a little bit surprised because we thought the duplicates would have been removed, but there were duplicates in here.
00:16:25.000And then finally, we found also four individuals who submitted 12 duplicates, total images being 16.
00:16:34.000So the total duplicates was 34,448 total images, of which 17,332 or 322 were duplicates from 17,126 voters.
00:16:49.000This was, by the way, we'll get to it, was not reported in the report.
00:16:53.000So when you look at the first level of analysis on our the data that we got, 1,929,240 EVB return envelopes received, we subtract out the duplicates, and then we have 1,911,918,000.
00:17:10.000So then the process that we were really commissioned for was to do a very, you know, basic analysis to see is there a signature there or not?
00:17:24.000So in that process, again, the goal is, is there a signature there in the signature region?
00:17:30.000Interestingly enough, some people don't follow instructions.
00:17:32.000They write all over, but it wasn't our job to go scan everywhere.
00:17:36.000Our job was to look in that signature region.
00:17:39.000So again, specifically, we looked in that signature region.
00:17:42.000One category of the signature region has a signature, another category is blank, likely blank, and scribble.
00:17:47.000And just to keep it real simple, it was a very simple classification.
00:17:51.000If it's 0% non-white pixel density, which means nothing in that area, it's a blank.
00:17:57.000If it has a little bit, 0% or greater, but no more than 0.1%, like this example here, we put it into another category just for early classification purposes.
00:18:39.000Then what we did was we did a distribution curve.
00:18:43.000We looked at all of the ballots and we did a distribution of pixel densities, just to give you an idea of how liberal we were in accepting something as a signature.
00:18:53.000So if you look at this, it was only this little area here, which is between 0.1 to 1%.
00:19:00.000That's the definite non-white pixel density.
00:19:43.000Once we knew which one it was, we identified what kind of region we extracted the region if possible, though this was not part of the scope.
00:19:52.000We also tried to extract the name, and we were able to do that for close to, I think, 99% of them.
00:19:57.000So we also used different types of classifiers, which is in pattern recognition lingo, for each one of these different kinds of ballots to ultimately put them into one of these four buckets.
00:20:10.000So we're first going to look at the non-duplicates, which means all those early voting ballot EVB to be simple return envelopes, which were non-duplicates.
00:20:22.000And here we see predominantly 99.77% we denoted a signature.
00:20:27.000Again, anything greater than 1% pixel density.
00:20:30.000These scribbles we found were 0.13%, okay?
00:20:45.000Okay, then we also looked at the counts.
00:20:51.000So of these, you had, just to be clear, we had 2,420 scribbles and we have 1,872 blanks.
00:20:57.000We put both of these together in our sum total.
00:21:00.000Similarly, we now went and looked, this was a little more complicated, at the two-copy duplicates because we had to deal with those.
00:21:06.000There was a substantial amount, 34,000 of them, 34,000 and more.
00:21:12.000So the duplicate recognition split it into three, in fact, three groups, but we had subgroups.
00:21:18.000So there could be, you know, you have the, if you think about it, the mother and the son, or the mother and the daughter, okay, or the parent and the child relationship.
00:21:26.000So one of the two, one could have been a signature, and one could have had a signature.
00:21:31.000One could have had a signature, the other could have had a blank, one could have had a signature, that could have been a likely blank, one could have had a signature, and C denotes scribble.
00:21:39.000If any one of them had a signature, we said, okay, we call it a signature.
00:21:43.000Alternatively, in the scribble area, one could have had a scribble, the other could have been a blank, one could have been a scribble, other could have been likely, one could have been a scribble in a scribble.
00:21:52.000These were denoted as scribbles in the duplicate case.
00:21:55.000And then finally, you had ones that are blank, blank, blank, and likely blank, and likely and likely blank.
00:23:40.000So that gives you an understanding of the flavor of these analysis we had to do of the two copy duplicates.
00:23:48.000And so on those two copies, we categorize these ones in green as signatures, the ones in red as scribbles, and the ones in blank as sorry, black as blank, ones in red as scribbles.
00:24:00.000So again, you have for two copies, 16,934.
00:25:48.000So when you compare the unique EVB return envelopes, what you find is that Maricopa has 6,545 more than we have in the possession of those image files after you remove duplicates.
00:26:02.000Now we go to the signature presence detection.
00:26:11.000So in this case, we have 464 more blanks.
00:26:14.000In the scribbles, they don't have a scribbles category, and we'll discuss that.
00:26:17.000If we start thinking about these scribbles as potential bad signatures, we'll get some insight.
00:26:22.000But at the end of the day, what went to signature verification at Maricopa was 1,917,008, which is 9,589,589 more than we would have sent pursuant to this analysis.
00:26:36.000They also had bad signatures and late returns that we talked about.
00:26:40.000Now, I want to go to the key findings and anomalies.
00:27:34.000If you consider our scribbles, again, a very, very low tolerance in pattern recognition, having done this for over 40 years, you know, we could have used like 36 features.
00:27:43.000We used one single feature, pixel density.
00:27:45.000We would love to use more features, but just using that one feature at a very low threshold, threshold is key here, we've identified 2,580 scribbles, which would have assumed they're all bad signatures.
00:27:57.000Maricopa identified 0.031%, which is what that 587 represents.
00:28:03.000This actually represents four times that.
00:28:06.000Finally, Maricopa has 9,589 more net EVB envelopes that was submitted to signature verification versus what we have.
00:28:16.000And what we're also going to see shortly is that we're going to see that we also saw through further analysis of 25% surge of duplicates in the last six days between November 4th to the 9th.
00:28:30.000We also saw some very interesting other anomalies where blanks of duplicates were being stamped, verified, and approved.
00:28:38.000We also saw stamps of verified and approved in blank signature regions, and I'll share with you those.
00:28:44.000What's more interesting, I would consider this potentially a critical anomaly, is that we saw the verified and approved stamps appearing behind the envelopes.
00:29:01.000I'm sure there's some explanation for this.
00:29:04.000And then finally, we have cases where we have two different voter IDs having the same address, same phone, same name with matching signatures.
00:29:12.000So let's go look at some of these anomalies a little more graphically.
00:29:16.000Anomaly one, Maricopa reported only 587 bad signatures.
00:29:23.000And for people who didn't really like math, I thought I'd make it a little more pictorial.
00:29:28.000So this would be one bad signature for every 3,268 early voting ballot envelopes.
00:29:35.000So if you think about 1,918,463 early voting ballots, the unique ones that Maricopa said they got, and for each paper, by the way, the size of the paper is 0.1 millimeter, and you were to put them up, you would get 630 feet.
00:29:49.000That's the size, believe it or not, of the St. Louis Arch.
00:29:54.000That height, when compared to the bad signatures, would be only about 2.31 inches.
00:30:00.000So just to give you a pictorial understanding, a very, very low percentage was considered that.
00:30:05.000So again, that would be, to be specific, 0.0306% of all EVV return envelopes were deemed as bad signature.
00:30:14.000In our case, the anomalies, we discovered 2,580 bad signatures, scribbles.
00:30:20.000Again, very low tolerance, which is 0.135%.
00:30:24.000And to give you an idea, just to state it again, we were not commissioned to identify, we were commissioned to identify the present blank scribbles and signatures, not to perform signature verification.
00:30:34.000So scribbles alone were considered bad signatures.
00:30:37.000And EchoMail itself identified 335% more bad signatures than Maricopa did from its entire signature verification process.
00:30:48.000And by the way, if we go look back at the state of Arizona 2016 general election, out of the 2 million ballots that came in, they had a signature mismatch rate of 0.13%, close to what we would have had if we just included those scribbles.
00:31:06.000Again, just to restate, the scribbles are a very, very low threshold.
00:31:10.000We were not asked to do signature verification.
00:31:13.000Again, anything between 0.1 to 1% pixel density.
00:31:17.000The third anomaly is, this is again, focusing on signatures.
00:31:21.000We did a randomized analysis of just a supervised review, which is human review, just randomly looking at signatures, their legibility.
00:31:30.000Again, this is a wonderful analysis that can be done in handwriting.
00:31:33.000Four weeks before the election and four days after.
00:31:36.000We can't share with you this, obviously, but we found out four weeks before 95% were legible signatures and only 5% were illegible.
00:31:45.000But four days after, 5% were legible, 95% were illegible.
00:31:50.000If I were to do a heat map, again, this is a representation, it would look like this: where the red represents illegitimate and the green represents legibility.
00:31:59.000It would look like this if you wanted to visually do this.
00:32:01.000And if we had more, if we were commissioned to do this, we could do this.
00:32:04.000But you can see a market difference between legibility.
00:32:07.000There could again be an explanation for this.
00:32:11.000Fourth anomaly: as the EVBs, which means the electronic voting ballot, I couldn't put the word envelopes, but I think you get the idea, increased by 53% in the general election from 2016 to 2020 in Maricopa, bad signatures decreased.
00:34:07.000So you get this interesting heartbeat signal.
00:34:10.000Then what we did was we said, why don't we, on top of this, layer in the blanks, scribbles, and duplicates.
00:34:17.000Again, since the axis for the EVBs is higher, that's on the right axis.
00:34:22.000On the left axis, I've done the totals for the scribbles, blanks, and duplicates.
00:34:26.000What's fascinating is you notice in the early part, things are following the heartbeat, okay?
00:34:31.000But somewhere along here, particularly on October 26th, this heartbeat starts sort of separating, particularly the saffron line is the duplicates.
00:34:40.000So you have the duplicates stop matching in many ways this heartbeat.
00:35:40.000I'm sorry, I've already gone through that.
00:35:42.000The next anomaly is: we also noted that the EV33 system, which is the system that is the one that contains all the early voting ballots, had 932 voters who submitted duplicates versus the 17,126 that we identified.
00:36:03.000But what's fascinating is when we matched those 932 voters against R17, 126, only 2,138 voters matched.
00:36:13.000The EV33, as we understand, we're not experts, that this is a system where all the early voting ballots are stored.
00:36:21.000When that was gone through and found that 9,382 of those were voters who'd submitted duplicates, clearly this should be a subset of ours because we're supposed to have all the early voting ballots.
00:37:44.000The verified and approved is right there.
00:37:47.000And then finally, this is an interesting anomaly where we have two EVBs from two EVBs where people have the same voter ID, same name, address, and phone number with matching signatures with two different voter IDs.
00:38:01.000So we had to redact this, but imagine if you could see this, there's a person's name here and address, which is the same as the name and address here.
00:38:10.000Very similar matching signatures, same phone numbers, but they have two different voter IDs.
00:38:15.000So let me repeat again: two different voter IDs, same name, matching signatures, as if you looked at them visually, same phone numbers.
00:38:57.000Then finally, the last anomaly I want to show is where we saw something fascinating is where the verified and approved stamp, and you have to look at this carefully, it's occurring behind the envelope triangle.
00:39:10.000So if you look at this carefully, this is an image of an envelope.
00:39:15.000Here is a triangle, which is pointing people to print here.
00:39:19.000Now, you would think if it was stamped, this stamp should be over this image, but it is actually behind the triangle.
00:39:29.000All right, and you see it here again, close up here.
00:39:32.000These are all different ballots which were approved post-November 4th, predominantly, where the image of the verified and approved is behind this.
00:39:41.000Now, maybe this is done for a good reason, maybe it's an imaging technology, but typically you could, you know, if you use Photoshop, you'd have layers, but I don't want to even accuse that, but I just want to say that it is interesting that the verified and approved is behind the envelope here, the envelope triangle.
00:40:04.000These are the questions we have for Maricopa officials.
00:40:07.000One is: did Maricopa receive any duplicates?
00:40:10.000Again, I've gone through, he received, we have in our possession 34,448 images representing 17 duplicates from 17,126 unique voters, two copy, three copy, four copy.
00:40:23.000The word duplicate does not show up as a keyword in their report, but it would be interesting to know if duplicates exist.
00:40:28.000The second one: is there a reason that Echo Mail has no more or no signatures than reported by Maricopa?
00:40:36.000Is it because we solely analyze only the signature region?
00:40:41.000The next question is: why did EchoMail detect more scribbles in Maricopa's reporting of bad signatures?
00:40:47.000Again, this comes to the point which I probably emphasized enough here.
00:40:51.000But if our scribbles at that less than 1%, 0.1 to 1% pixel density were considered bad signatures, that is significantly more, three to four times more than the Maricopa's 587 bad signatures.
00:41:04.000And the other question is the date stamps and the directories that we have, the date on which the EVB return envelopes were received by Maricopa officials.
00:41:12.000We've assumed that when we did our time temporal charts, and then finally, why does the approval stamp verified and approved appear to exist only on a small subset of the EVB return envelopes?
00:41:22.000Out of all the 1.9 million, that verified and approved, we find most of them exist after 11.0, after election day, but very few sprinkled.
00:41:33.000So, out of all those envelopes, our initial supervised review reveals maybe 10% have this stamp on them.
00:41:41.000The other thing is: did Maricopa stamp some EVB return envelopes as EVB approved, even though signature, even though signature is blank, since they found a signature elsewhere?
00:42:26.000And the last set of questions is: why was there a sudden surge of duplicates during 1104 to 1109, which is incongruent with the trend we were seeing with the early voting ballot return envelope counts?
00:42:40.000Finally, why is a verified and approved stamp envelope appearing behind the printed envelope triangle?
00:42:50.000I mean, it's a very, I just have a question from an imaging standpoint.
00:42:54.000And the other question is: can two voter IDs, can two different voter IDs, be associated with the same person at the same address of matching signatures?
00:44:14.000But even on the ballots, we have far more duplicates than what are even in the system.
00:44:20.000And currently, to us, because we haven't been able to get access to the standard operating procedures, that is opaque and non-transparent.
00:44:28.000So the future research we believe that is absolutely necessary is we need to do full signature verification audit, which means do the full 27-point analysis.
00:44:38.000We have the capability right now, we have everything imaged.
00:44:41.000If we have the, if we acquire Maricopa's SOP for signature verification, if we can get their 27-point analysis algorithm, we can replicate all of this and using the algorithm that they have, define an actual false positive, false negative error rate.
00:44:59.000What I mean by this is this would be a profound opportunity for improving U.S. election processes because this has not been done.
00:45:06.000You read literature on the left or the right, everyone complains that the signature verification process has significant issues.
00:45:13.000We have an opportunity right now with this data and the opportunity here to do a 27-point analysis and really come up with an actual rate, which would give us a scientific metric of the confidence value of the entire EVP system.
00:45:29.000And finally, we need to review the chain of custody.
00:45:32.000Today, what happens is when a signature is, there's questionable signature, people call the person, they contact them, and then they have some conversation, which is then verified.
00:46:19.000So let me just give you a little bit of my background.
00:46:21.000I have four degrees from MIT, a PhD in biological engineering, and what's called computational systems biology, which is all about doing computation recognizing patterns.
00:46:31.000My master's is also from the MIT Department of Mechanical Engineering, where I did computational weight propagation to look at a very important area of pattern recognition called non-destructive testing, where you're looking, you don't want to actually open up a bridge or you don't want to open up an aircraft wing.
00:46:45.000You're sending signals in and you're classifying them.
00:46:48.000My other degrees from the MIT Media Lab in scientific visualization, my master's, where I also use these same techniques to do some of the earliest complex visualizations for classification.
00:46:58.000And my bachelor's is in electrical engineering computer science, also from MIT, where I built for that one of the first cardio cardiology systems for doing pattern analysis, cardiology signals.
00:47:11.000But beyond that, my focus for 40 plus years has been in this field of pattern recognition and classification in biology, medicine, engineering, aeronautics, civil, electrical, banking, and finance, military, across a range of areas, handwriting recognition on bank checks, email analysis.
00:47:29.000In fact, as a graduate student, I won, I was the only graduate student asked to participate.
00:47:35.000I won the White House competition for automatically categorizing the White House's email.
00:47:40.000This is 1993 when email was becoming a consumer application prior to when it was a business application of the email that I created back in 1978.
00:47:48.0001993 is when email actually became a consumer application.
00:47:51.000The Clinton White House was getting tons of email.
00:47:53.000They wanted to automatically analyze it.
00:47:55.000I ended up winning that, left MIT, took a 10-year hiatus and built EchoMail pattern analysis recognition emails.
00:48:03.000Did a lot of work for many years as an undergraduate helping deafblind analysis of signature pattern analysis there.
00:48:10.000Currently, I work in a company called Cytosol, where we're looking at analysis of signals, biomarker signals, to figure out the right combinations of medicines.
00:48:18.000That company actually got a multi-combination therapy allowed by the FDA for pancreatic cancer.
00:48:24.000I've written a number of patents, books.
00:48:27.000Anyone wants to go to go to vashiva.com and you can look at my biography over there.
00:48:32.000I've published in the leading journals in the world.
00:48:34.000Nature, neuroscience is one of the eminent journals in the world, Cell Biophysical Journal, IEEE.
00:48:41.000These are high-impact peer-reviewed journals.
00:48:45.000The U.S. Copyright Office delivered me the first copyright for the invention of email.
00:48:49.000I'm a Fulbright scholar, a Lemelson MIT finalist.
00:48:52.000I won one of the earliest Westinghouse Science Honors Award.
00:48:55.000I was a nominee for the National Medal of Technology and Innovation.
00:48:58.000And I've been invited to give distinguished lectures at the National Science Foundation, NIH, FDA.
00:49:03.000In fact, in November 19, I delivered the prestige lecture on the immune system, an invited lecture at the NSF where we discussed the immune system.
00:49:13.000And several years ago, MIT had me deliver their presidential fellows lecture.
00:49:33.000And considering the fact that we only got the envelopes just a few short weeks ago, we appreciate you dropping everything, all of your other responsibilities, and jumped on this right away so that this could be accomplished by today's hearing date.
00:49:47.000So we appreciate that very, very much.
00:49:52.000I also want to thank Doug Applegate and Phil Evans, too, and my colleagues at EchoMail and the Echomail team, and particularly all the stakeholders.
00:49:59.000And again, I want to thank the courage of the leadership of the Arizona State Senate.
00:50:04.000This will go down in history as one of the most important engineering events, not just an election event.
00:50:08.000It will go down as a very important engineering event for engineering systems of election voting systems.
00:50:13.000So I really appreciate the opportunity, and I'm very honored to support this effort.
00:50:20.000And for everyone in TV land or whatever, these reports all will be made available in their entirety.
00:50:28.000They'll be uploaded on the website as soon as we can get them uploaded so you can see all of these.
00:50:33.000Personal information will be redacted.
00:50:34.000And the personal, yeah, just make sure that the redaction that you saw was any personal information.
00:50:40.000We tried very hard to make sure we complied with the court order and make sure anybody's names, addresses that were on there was not available to the public.
00:50:49.000However, the unredacted version will go to the Attorney General's office so he can seek further investigation on these anomalies.
00:51:04.000And just also a note, it was interesting.
00:51:06.000We had received a lot of Emails, affidavits, you name it, from people that actually worked at MTech and at the polls, and that they had told us that when it all started, what is it, 27 or 29 points of signature variegation, 27, thank you, that that's what you're supposed to do: 27 points of signature verification.
00:51:29.000And at some point, it went to 20, it went to 10.
00:51:32.000And towards the last few weeks, we were told that they were told, just stop checking signatures.
00:52:02.000I have done cybersecurity work for a lot of major organizations, including Bank of America and JP Mark and Chase.
00:52:09.000I've done a decent amount of work in the federal government as well.
00:52:12.000I hold Certified Information Systems Security Professionals, or CISSP.
00:52:17.000I also have GX Web Application Penetration Tester and GX Certified Incident Handler.
00:52:24.000I am listed as I am actually an expert on the Antrim election case associate and have a report that's actually published associated with that.
00:52:33.000It's publicly available from Matt DiPerno's website.
00:52:36.000And I have, of course, been running this audit for the last roughly five months.
00:52:40.000Mr. Loon, could you pull the mic or could you get a little bit closer to the mic, please?
00:53:08.000So I just want to start with an overview of what we actually accomplished here because this is an audit like we've never had before.
00:53:15.000And involved, as you mentioned earlier, Madam President, involved over 1,500 people.
00:53:21.000And based on our calculations, it was actually more than 100,000 hours put in place.
00:53:26.000As you can see up on the photo right now, this is an example.
00:53:28.000This actually happened in the evening, one of the days.
00:53:31.000So this isn't even a full group of everybody.
00:53:34.000We're going to go through each role that was out there, what functions they were performing.
00:53:39.000But you'll notice that everyone is located based on colors.
00:53:42.000That helped us keep track of where people were and make sure no one was out of place and helped us make sure that we both secured and maintained custody of all the ballots at all times.
00:53:53.000Custody of all the ballots at all times.
00:54:02.000Over 1,500 people and like 100,000 hours.
00:54:08.000Now, security was something that was extremely important with everything that we did here.
00:54:15.000We actually had an external perimeter that was maintained by the Arizona Rangers.
00:54:20.000So as you came in, they would validate that you're on a list of individuals in order to be able to get in.
00:54:26.000We also had an interior checks so that as you walked through the door, you came up to a desk where you were both checked for COVID and validated to be on the list, made sure you had a badge and all those things to make sure that you were someone that was supposed to be there to even be in the building.
00:54:44.000All the ballots and election equipment were stored beside within these cages.
00:54:49.000And anytime they ever left the cage, they were actually signed out by an individual.
00:54:53.000So we have a complete signed record of every individual that came and picked up every box.
00:54:58.000So someone took over custody of that box.
00:55:02.000We actually had individuals called runners and they would run it from the ballot corral and they'd take it over to whatever table they need to go to.
00:55:10.000And that individual would then sign the box over to the table manager at the table that would then utilize it to process it.
00:55:16.000So at no time was a box of ballots or individual ballots outside of the care of someone's specific authorized care who has to sign off of it.
00:55:25.000In fact, we actually had 24-7 video surveillance on everything at all times.
00:55:31.000In addition, you'll see this lovely police officer.
00:55:35.000They were actually there 24-7 as well, and they were always within sight of the ballot corrals or where we had the election equipment stored.
00:55:43.000We had police officers at both locations, always maintaining and always making sure that the ballots and the equipment was 100% secure and that nothing could happen to them.
00:55:57.000So this is one of our tallying tables.
00:55:59.000What you can see in the middle is actually a lazy Susan.
00:56:02.000You'll notice that there's three counters around the table.
00:56:05.000There's someone who's actually at this table they're loading and someone who's unloading.
00:56:10.000So all counters were Maricopa residents who specifically voted in the last election.
00:56:15.000We wanted to make sure that if anyone was involved in this very important action, that they had skin in the game and they were local.
00:56:23.000We didn't use anyone out of state for any functions having to do with the actual tallying of the ballots.
00:56:28.000I should say actually tallying the ballots.
00:56:31.000Some of the table managers were from out of state, but the people actually counting the ballots were all Maricopa residents.
00:56:36.000There were other functions where we had volunteers from other states.
00:56:39.000As much as possible, we tried to keep everybody local in Maricopa County.
00:56:44.000We think it's very important for a local community to take ownership for their election process, and we wanted to facilitate that as much as possible.
00:56:52.000All these individuals were background checked and validated.
00:56:57.000We had one individual that had slipped through the process because he'd been on the ballot versus specifically that doesn't have something that shows up in standard background checks.
00:57:07.000So we started doing additional checks, comparing everything on things to make sure that never happened again.
00:57:11.000It was very important to us to make sure that we always had things that were going to make sure that were beyond reproach.
00:57:17.000Transparency in everything we did was very, very important.
00:57:24.000That means they were not allowed to talk to each other.
00:57:27.000As that ballot went around and was in front of them, they would tally on a sheet of paper and they put a little mark based on whether for both the presidential and the senate race.
00:57:35.000They'd put a mark to see whatever it was.
00:57:38.000Roughly every 50 ballots, they would compare the numbers with each other.
00:57:43.000Actually, the table manager took him to compare them.
00:57:44.000And if two out of three of them agreed and the third person was no more than one count off for the race, they would proceed and they would move on.
00:57:54.000If there was any more discrepancies beyond that, they actually had to stop.
00:57:58.000They had to find the ballots in question.
00:58:00.000That they're in question, they had to recount them.
00:58:03.000So there was absolutely no way to have speed here without having accuracy.
00:58:08.000And we found that when we had a brand new table, it was relatively slow.
00:58:13.000But as soon as they'd been doing it for about two shifts or so, their speed greatly increased.
00:58:17.000And it was amazing at how quickly they could count ballots.
00:58:20.000In the very beginning of the process, in our first three weeks, our fastest, I think our most ballots we ever counted was roughly 30,000.
00:58:29.000When we came back and had more of a full shop, I think at our peak we did over 150,000 ballots in a day and were routinely doing over 100,000.
00:58:37.000So the speed, like I said, greatly increased, especially as we worked through this.
00:58:48.000So the way the ballots would actually work is we had a ballot corral where the ballots were originally in.
00:58:56.000They would be signed out of that ballot corral and they'd be taken to a tally table.
00:59:00.000After they were tallied, they'd go back to a ballot corral, which was specific to being in progress.
00:59:05.000And then when we had our paper examination tables, they were ready for a box of ballots.
00:59:12.000So at the paper examination tables, we had DSLR cameras.
00:59:16.000Those DSLR cameras took pictures on the front and the back of these ballots, and they gave us very high-definition images that allowed us to see all sorts of intricacies of the paper and what's going on.
00:59:29.000After it was done with DSLR, actually excuse me, sir.
00:59:48.000So once it went into the microscope stands, we had four microscopes that were taking images of the magnified image, and that was over a number of different places.
00:59:59.000That included the presidential oval to take a look at how that was filled out.
01:00:03.000And with the way we had the lights, we could actually see when it was filled out with a ballpoint pen, you could actually see the ridges of the person pressing down on it.
01:00:11.000So you could tell the difference between something that was filled out with a Sharpie, you could tell something that was printed out by a pen, or you could tell actually if something was computer printed.
01:00:20.000You could tell the difference between all of them.
01:00:21.000We also had a microscope over certain parts of the ballot that would allow us to look at the paper fibers to help determine what type of paper was utilized.
01:00:30.000Now, when we were done with this, we actually had over 140 terabytes of data just from the paper examination alone.
01:00:38.000In fact, with our camera footage and everything that ran the operation, we ended up with close to two petabytes of data.
01:00:47.000To give you a comparison, that is vastly more data that your average large thousand-person company has.
01:00:53.000So we are running a very impressive network here that was completely air gapped, wasn't connected to anything outside of the floor in order to support this, in order to have all the data requirements associated with it.
01:01:09.000So just I want to give a high-level status of where we are right now.
01:01:13.000So first of all, we've completed the hand counted of all federal races.
01:01:15.000We've done all the image and microscope capture of all the ballots.
01:01:19.000We've reviewed and did a comparison of the official results.
01:01:21.000We've done analysis of the voter rolls.
01:01:23.000We've done the vast majority of the analysis of the actual voting machines and voting equipment in progress right now.
01:01:31.000We are hopeful to soon with the settlement that the Senate put together to be reviewing the splint logs and routers based on the settlement terms.
01:01:40.000We're also hoping that the completion of the paper analysis that's being done will be done very shortly.
01:01:46.000Now from a scope standpoint, stopped again.
01:01:54.000So no longer in scope was the canvassing that was decided that was removed.
01:02:00.000We have the tabula configuration to check internet configuration was something that was not provided.
01:02:05.000We believe with the other information we have we'll be able to get similar data, but it will not be the same exact data.
01:02:12.000We had requested to review the voter roll system, but a lot of the systems are used for checking in for the site book system were not provided as part of the equipment that was given us.
01:02:21.000We had hoped to look at the review of the ICX devices, but again, those had not been provided.
01:02:26.000We had wanted to look at the provisional ballots, the ones that had not been counted, to count the sealed envelopes to make sure they matched up with everything and made sense.
01:02:37.000And we'd also hoped to take a look at the undeliverable ballots to see how many of them were bounced back or what happened to them.
01:02:43.000And again, those were not things that were provided.
01:02:46.000And so there were things that are no longer in scope and we're not able to take a look at.
01:02:52.000Okay, so now we'll get into the fun part and get more into the actual talliates and results.
01:02:57.000In order to understand some of these findings, I want to make sure that everyone has a clear picture as to how this process works.
01:03:04.000So, if we have ballots that are actually damaged or otherwise can't be run through the tabulators, for example, the Braille ballots won't fit through the tabulators, some of the Yukava ones are in formats that can't.
01:03:16.000They need to go through what's called a duplication process.
01:03:19.000Now, this is a different thing than what Dr. Shiva was talking about when he talked about duplicates.
01:03:24.000When he talked about duplicates, he was talking about more than one envelope going to the same person.
01:03:29.000So, we're going to talk about the word duplicates here, but we're actually talking about when there was an original ballot that couldn't be run through the scanner and they created a copy of it, which was run through the scanner and counted.
01:03:39.000So, when you have duplicates, when you have the originals and you have the duplicates, only one of those counted, and it should only be the duplicates.
01:03:45.000Now, specifically, the originals are often referred to as damage sent to duplication or DSD.
01:03:51.000And we're going to use that notation throughout things: that DSD means the original ballots, whereas the actual duplicates are referred to as dupes.
01:04:00.000So, there should be one DSD per dupe, and there should be a unique serial number on every single DSD in every single dupe to match them up.
01:04:09.000So, that you will know for sure that this ballot right here was duplicated to this other ballot.
01:04:15.000And if you want to compare and make sure the duplication process was done correctly and that it actually represented the voter intent, you'd be able to easily match them up, and it'd be easier to handle from an audit standpoint.
01:04:27.000Duplicate ballots also should be stored separately from the original ballots so there's not confusion, they don't get mixed up.
01:04:33.000So, let's talk a little bit about those findings.
01:04:36.000So, our duplicate ballots were commingled with the original ballots, not all of them.
01:04:40.000They were in at least one box case, which is something that they are not supposed to do according to the EPM.
01:04:46.000Duplicate ballots had incorrect and missing serial numbers.
01:04:49.000If you take a look at this table that's showing up, you'll notice that the serial number on the left is what was actually on the ballot, for the duplicate ballot, and the serial number, the board one, hand dupe on the right is what was actually on the original damage.
01:05:09.000You'll notice the numbers are actually different.
01:05:11.000On the left-hand side, this is dupe board three, hand zero, two, one, fourteen.
01:05:16.000On the right, it has board one, hand dupe 214.
01:05:19.000We were able to match these up because of the ballot characteristics and the precinct that it came from, but it's a very painful process, and it has to be done manually in order to figure out what matches to what else when they're not actually stamped with the same exact serial number on them.
01:05:36.000We also had a number of serial numbers that were printed like this one that you see on the screen, where you can't really read it, it's not legible, so it theoretically has a serial number on it, but there's no way to match it up because you cannot read what the value is on it.
01:05:51.000In addition to having ballots that flat out did not have a serial number anywhere on there whatsoever, so there was no way to match them up with originals.
01:06:02.000Now, we also had duplicate ballots that reuse serial numbers.
01:06:06.000You would expect that a serial number in order to match it up would not be unique, but you'll notice there's two examples up here of two different pairs that are not associated with each other, but had the same exact serial number utilized.
01:06:18.000In this case, I believe we've got a large print and a damaged standard damage ballot.
01:06:23.000We also have a few others in here again.
01:06:25.000Same exact serial number, but these were not the same ballots.
01:06:29.000And specifically, if you ever take a look at a large print ballot, they're huge.
01:06:34.000So, it's not just that something was photocopied or anything like that.
01:06:38.000They literally use the same serial number on otherwise unrelated ballots.
01:06:44.000And this is probably one of the more interesting parts: is that we had more duplicates than original ballots.
01:06:49.000So according to our counts from our audit, we had 26,965 original ballots, and then we had 29,557 that were duplicate ballots, and those numbers should be the same.
01:07:03.000Based on the numbers received from Maricopa County, we should have had 27,869 of both originals and duplicates, and they should have matched up perfectly.
01:07:17.000Now, these extra duplicates did appear to favor Trump and Jorgensen.
01:07:23.000If you take a look at the original ballots, we've got Trump has 995, 404.
01:07:31.000And if you take a look at the duplicates, there's some number of more of them.
01:07:36.000So if you take a look at the percentage all the way over to the right, the expected percentage per candidate, and that's based on if we take the originals and assume the duplicates should be at the same exact percentage.
01:07:46.000So we had 48% of the originals were Trump, 50% of the originals were Biden, and 2% of the originals were Jorgensen.
01:07:58.000You can see what they actually have at the difference.
01:08:00.000In reality, Trump had 58% of the duplicates, 33% and 3.
01:08:03.000So both Trump and Jorgensen gained slightly with the duplicate process.
01:08:10.000Same thing, when we take a look at the Senate race, it favors slightly to McSally, not necessarily as much as it does in the other case.
01:08:20.000Both of these percentages are within the realm of error, of just human error making mistakes.
01:08:26.000So if we take a look at our final tally of results and we look at the Senate race, it does look like Kelly still shows up as a head.
01:08:39.000And we actually run into that we have 541 less for McSally and 60 less for Kelly in the ballot totals.
01:08:48.000If we take a look at the presidential race, Trump actually loses 261 votes from the official votes.
01:08:54.000Biden gains 99 and Jorgensen loses 204 votes.
01:09:00.000And again, these are all very small numbers when we're talking about 2.1 million ballots.
01:09:08.000So we can say that the ballots that were provided to us to count in the Coliseum very accurately correlate with the official Canvas numbers that came through.
01:09:24.000So we did have at least a batch of 50 ballots that was run through the tabulators twice.
01:09:29.000This is specifically when they took the Dominion tabulators.
01:09:32.000They had the same batch and it was run through more than one time.
01:09:35.000We found this because through our various counts, we had very clear confirmations of how many ballots were supposed to be in a box.
01:09:43.000And when we compared our results against the cast vote records, we were roughly 50 off and that made us go take a look at the Dominion images.
01:09:51.000And when we compared it to nearby ballots, we actually found that there was a set of 50 ballots that had been run through, again, twice.
01:10:00.000As far as we could tell, with it only happened in once, there's no indication as to whether that, you know, we have no clear indication whether it was human error or whether it was intentional.
01:10:09.000We assume that's human error because it happened in very small frequency.
01:10:12.000This is an example of a ballot from two different batches.
01:10:15.000It's probably relatively small text for people to read, but if you read all the way down in the bottom, it'll tell you that it's tabulator on the left-hand picture tabulator 6,004, BTC, which is the batch 288, and that's the image 154.
01:10:29.000And then the right-hand side, we have, again, same tabulator, but batch number 287, which is one different, and it's image number five.
01:10:37.000And we had roughly 50 of them that were in between the two of these.
01:10:42.000We found something similar from the Yukava where the Yukava, for those of you who don't know Yu Akava ballots are for military and overseas personnel, it's the way that they can actually cast votes even though they're not physically here.
01:10:54.000Those ballots get turned in either via an online portal, they can be submitted via email, they can be mailed in.
01:11:16.000On the right-hand side, it's HandDupe 574.
01:11:20.000And it's probably too small for you to read.
01:11:22.000But if you read the serial number circled on the top left, you'll notice that the time stamp and the serial numbers are exactly the same, which means that someone likely printed out the Yuakava ballot twice and both of them made it into the Saints.
01:11:36.000We did not find this in a lot of quantities, but the only way we had to look at it was by hand.
01:11:44.000And there's over 10,000 Yuakava ballots.
01:11:47.000Because every single one of these Yukava ballots is slightly different form, it's actually even difficult to do it in an automated fashion.
01:11:53.000The only good way would be to go through by hand without some sophisticated processing.
01:12:02.000Okay, so we're going to talk a little bit about the official results that are actually turned out by the county.
01:12:08.000And this actually connects quite a bit with some of the stuff that Dr. Shaba was talking about.
01:12:13.000So from a definition standpoint, we have the official canvas.
01:12:16.000The official canvas is the official certified results that are put out by the county.
01:12:20.000It has the tallies of votes per candidate, per precinct, and provisional.
01:12:24.000It tells what the turnout was for a given precinct and all of that information.
01:12:31.000We also have what's called here in Maricopa County, they call it the VM55 file or the final voted file.
01:12:36.000It is a list of every single person that showed up to vote.
01:12:40.000And that's counted both for in-person, whether it's early voting in person or whether it's mail-in, and all of those are kept track of separately.
01:12:47.000So we have a number of all those different categories of who showed up to vote on any given day.
01:12:55.000We then have the VM34 full voter file.
01:12:59.000This is also referred to as your voter rolls.
01:13:02.000This is a list of everybody who should be eligible to vote.
01:13:05.000And the county in Maricopa seems to make these available roughly on a monthly basis so that the full voter rolls.
01:13:12.000So that is your theoretical full list of everyone that may be able to, you know, may show up to vote at a given election.
01:13:20.000Then we have our EV32 files or EV32 early voting sense.
01:13:24.000Every single time a mail-in ballot is sent, it's supposed to have an entry in an EV32 file that corresponds with that mail-in ballot that's sent out.
01:13:33.000Likewise, we have an EV33 file, which is when any type of early vote is returned.
01:13:39.000Now, this both includes when a mail-in ballot is received and an in-person when someone comes and votes in person.
01:13:49.000You may remember at the hearing that we had a while ago, we had mentioned that the EV32s do not match the EV33s.
01:13:57.000We were doing a quick analysis in order to justify canvassing, and there were 74,000 that were off.
01:14:04.000The vast majority of those 74,000 were from early voting in person, and that is why there was not an EV32 associated with it.
01:14:12.000We have this clarified in a report as well.
01:14:14.000That was not a purposeful discrepancy.
01:14:17.000It was just something that was not immediately clear at that point.
01:14:24.000So just to give an example and how these systems work in order to match everything up.
01:14:28.000So if we have 10 people who mailed in a ballot, and we had 10 people who voted early in person, and we had 10 people voted on election day in person, we have 30 votes that are out there.
01:14:39.000So what this means is we should have the official canvas with 30 votes and it should be allocated per precinct accordingly.
01:14:49.000It should be allocated based on the candidates and you should have your official tallies associated with it.
01:14:54.000You would also expect that if you went to your VM55 file, you should see 10 people who voted via mail-in because it has different codes based on that.
01:15:02.000You should have 10 people who vote in early in person and 10 people who vote in election day.
01:15:07.000And every single one of those entries should have the name and address associated with the person that matches up with their voter rolls.
01:15:13.000Likewise, you would expect that your EV32 would only have 10 ballots mailed in it because that was what was sent out.
01:15:20.000And your EV33 should have 10 people in it from the mail-in ballots and 10 people from the actual EV in person for a total of 20.
01:15:29.000This is what you would expect in a balanced system.
01:15:33.000This is not actually what we found when we started comparing all these numbers.
01:15:36.000All these numbers were different in very different ways and it's something that creates quite a few discrepancies.
01:15:43.000So none of these systems actually balanced.
01:15:47.000So our official canvas has 3,432 more ballots cast than the list of people who show as having cast a vote in the VM55 file.
01:15:55.000Now I do want to specifically interject in here that we finally heard back from Maricopa County because we asked them about this discrepancy.
01:16:04.000I think it was at least a week ago, but it was a couple weeks ago.
01:16:06.000So the day before we were presented our results, they decided to tell us that those were actually for the protected voters who don't actually, you know, who are either judges or battered women or other individuals who are concerned about publishing their addresses, that that is the reason why that discrepancy is in there.
01:16:26.000I can't validate whether that's accurate or not accurate.
01:16:30.000This is information that we just received.
01:16:34.000What I can say is that this sort of stuff is exactly why with audits, usually the organization you're in the process of auditing cooperates and works with you.
01:16:44.000And that would have been, you know, these would have been extremely helpful in order to get feedback and work through them through this entire process.
01:16:55.000Now we do have 9,041 mail-in voters shown return ballots, more return ballots in EV33 than they were sent in EV32.
01:17:03.000Sounds like Dr. Shiva found something very similar to this as well.
01:17:06.000So specifically we found they were mailed one ballot, but somehow two ballots were received, which I do not know how you would have one ballot sent and two received.
01:17:17.000The assumption would have to be that it's a clerical error or there's something else going on.
01:17:21.000It's not clear how you can have that happen.
01:17:25.000277 printings show an official canvas as having more ballots cast than people showed up to vote for a total of 1,551 excess votes.
01:17:35.000Again, the county has explained to us that the same reason for the VM55 difference they're saying is a reason there.
01:17:41.000We have not had a chance to validate that.
01:17:44.000There are 2,472 ballots shown in EV33 that don't have a correspondent entries in the VM55 and only 2,042 ballots show as rejected in the official canvas for a discrepancy of 430.
01:17:56.000So let's walk through this really quickly.
01:17:59.000So if something is in the EV33, that means that an early vote was received.
01:18:06.000And we have the individual's name and the voter ID associated with it.
01:18:09.000So if an EV33 was received, you would expect that if it's not in the VM55 file of who voted, then it had to be a rejected ballot.
01:18:34.000Again, just another place where these show that they don't seem to match up.
01:18:39.000We also have 397 mail-in ballots show as received that were never shown as sent.
01:18:46.000So we know that they are in the VM55, they're mail-in ballots, and they were received without somehow ever being sent a ballot.
01:18:56.000Now we also have 255,326 early votes shown in the VM55 that do not have a corresponding entry in the EV33.
01:19:06.000And just to be clear, this is not You know, when you were looking at EV33 entries, EV33 entries are supposed to happen when a ballot is received, but it's not, you know, the actual tracking of the ballots are under the actual official canvas or the VM55.
01:19:23.000So we had in the VM55 individuals who voted, we had entries for early voting that were in there, where in 255,000 cases of those, they were not actually included in the EV33 file.
01:19:39.000In reality, all of these, you know, all these systems, to be audible and to be verifiable, all these systems should be able to be in agreement with each other.
01:19:49.000And even if we have protected voters, there should be some way to know the number of protected voters who voted in order to match it all up so that you have a system that balances.
01:20:27.000And it'll also track date of birth and date of deaths.
01:20:31.000So we went and took the voter rolls and we compared them against this to see how many people might have moved and based on statute should not have necessarily cast a vote.
01:20:43.000So the first thing we found is that 23,344 voters who voted via mail-in ballots, even though they showed in Melissa as having moved from that address.
01:20:54.000And we wanted to make sure we accounted for the circumstances where a college student might have moved away from home or a family member might have moved somewhere else.
01:21:01.000So we actually eliminated all the chances, all the cases where someone was still at that residence that had the same last name.
01:21:08.000And that's how we came up with 23,344.
01:21:11.000So if your mail-in ballot is sent to an address that you no longer live at, there should be no way for you to receive that mail-in ballot.
01:21:19.000At least it's generally not accepted a way for you to receive that mail ballot because mail-in ballots are legally not allowed to be forwarded.
01:21:25.000So it can't be forwarded to your new address.
01:21:27.000So the only way this situation could happen legally is if you know the prior, if you know the current resident and you're able to meet with them and pick up your mail-in ballot or somehow have some other arrangement to pick up your ballots were there.
01:21:38.000But still, 23,344 people voted when they should no longer have access, would not normally have access at that given address.
01:21:49.000We had 2,382 voters who voted in person, even though they showed Melissa as having moved out of Maricopa County prior to that date.
01:21:59.000We have 2,081 voters who moved out of state in the 29 days before the election and appeared to be given a full ballot, which should have been, if anything, if they voted at all, it should have been a president-only ballot, where literally the only option on the ballot would have been president.
01:22:16.000That is something that is by Arizona statute.
01:22:21.000Let's talk a little bit about the voter rolls.
01:22:25.000So registration dates do not generally change in your voter rolls.
01:22:30.000So this is your day of registration unless it's to correct a mistake.
01:22:34.000And this is something that we received out of the actual recorder's office.
01:22:39.000They told us that those dates should not generally be changing.
01:22:41.000Your date of registration should be your data registration.
01:22:46.000And it says there at the end, the only time a voter may have two dates of registration is if the registration has previously been canceled and the voter registers again.
01:22:53.000The original record would be canceled for vital reasons, and then they'll have a new record with a new date of registration.
01:22:59.000So the old record should not exist and it should not have a data registration change.
01:23:05.000Likewise, we have this thing called AFSEQ.
01:23:07.000And AFSEQ is actually a unique identifier that is a reference to a transaction.
01:23:14.000So for example, if you went and you needed to change your address, you would fill out a form.
01:23:21.000And when you filled out that form, you would turn it into the recorder's office and they would image that and they would process it.
01:23:27.000And when they processed it, they would assign it a unique identifier.
01:23:31.000That unique identifier actually gets stored in your voter rolls as the latest one, and it is specific to that change that change request.
01:23:41.000You should not even have it twice in your voter rolls.
01:23:43.000It should only happen once, and it should not be shared among multiple individuals.
01:23:52.000And this is something again we confirmed with the recorder's office.
01:23:59.000Now, we also have a statute that says complete names should be used, and that'll get into our findings that we have here in a second.
01:24:07.000So we had as many as 5,047 individuals who voted in more than one county for up to 5,295 additional votes if these are duplicates.
01:24:18.000Now, I will tell you that these individuals had the same name, first, middle, and last name, and the same exact birth year, because that's what's in the voter rolls.
01:24:30.000But if you have an extremely common last name, which can happen, there's some of these may, in fact, just be individuals with the same exact name, same exact birth year.
01:24:51.000There's no last name, or first name is just an initial.
01:24:54.000And again, there are some individuals who, in some cases, this could happen, but this is not a frequent thing that you typically see.
01:25:01.000We also had 198 individuals who registered after the October 15th cutoff and yet still voted in the election.
01:25:10.000And we had 2,861 voters who have shared an AFSIQ number with another voter at some point in time.
01:25:16.000And that does not, we don't know exactly what that means, but based on the descriptions of everything that's happened in the system, it suggests there may be some integrity issues with the data.
01:25:28.000When an impossible situation is happening in a system, and if you've got integrity systems in something as important as the voter rolls, there would be a concern.
01:25:38.000We have 282 potentially deceased voters in this election.
01:25:43.000I know that there's been some much wider numbers that have been circulated on the internet.
01:25:47.000We tried to validate this stuff very, very precisely.
01:25:51.000It can be a difficult thing to match up voter rolls to individuals.
01:25:55.000From our testing, we believe that all the ones we have in here are accurate, but there are potentially additional ones as well.
01:26:02.000We have 186 people who potentially have duplicate voter IDs that both voted.
01:26:07.000I think that Dr. Shiva was mentioning that we haven't had individuals with the same first name, last name, and the same address and seem to have the same signature.
01:26:16.000That is something that we have also seen in the voter rolls with people who seem to have literally the same exact name.
01:26:25.000That's the case where they actually, the first name and last name, and the address, you know, all match up and year of birth.
01:26:31.000Because the assumption would be you might have a junior in a different place, and so they'd have a different day of birth associated with it, but not the same address.
01:26:39.000And that is the end of the presentation for right now.
01:26:42.000With that, I'm going to hand it off to Ben Cotton, who's going to go over our digital findings.
01:26:49.000When you start, could you just give us a little bit of your background?
01:26:53.000I have 25 plus years of doing digital forensics, incident response, and examinations in support of both government, government, and as part of my service.
01:27:12.000Prior to my digital forensics background for the last 25 years, I also served 21 years as a tab-qualified special forces soldier serving this country and defending our freedoms.
01:27:31.000I recognize how critically important the voter integrity is to this nation.
01:27:39.000And this, again, Madam President, I agree with you.
01:27:47.000And as I talk about this, you know, I would hope that the findings of this audit will be turned into actionable, legislative, meaningful product that we can move forward and secure these elections moving forward.
01:28:09.000So, as I talk today, people may have heard some of my previous testimony.
01:28:17.000We had a few of these will be redundant, but it's important to reiterate these findings in the course of this.
01:28:28.000We had a few of these will be redundant, but it's important to reiterate these findings in the course of this final hearing.
01:28:40.000So, we'll talk about the withheld devices and data and how that impacted our ability to provide a complete report to the Senate here today.
01:28:50.000We'll talk about the cybersecurity issues that we have found, the hardware configuration control issues, atypical anonymous logins that are present on the systems, the listening ports and attempted connections on boot up, and internet connections and internet history that was found on these devices as part of the part of the course.
01:29:20.000So, let's talk about the withheld devices for a moment here.
01:29:26.000As with any audit, access to information and the right information in a timely manner is absolutely critical to finding a complete result for an investigation.
01:29:39.000In the case of this audit, we were never provided access to the routers and network-related data, and that becomes very impactful when we start talking about validating and confirming unauthorized accesses to the election management system itself and to the other devices.
01:29:59.000I would like to sit here today and tell you that I had fully ruled out any unauthorized access, but given the lack of access to this information, I cannot do that at this time.
01:30:11.000It is our understanding that there has been an agreement reached with Maricopa County, and I look forward to getting access to this data so that we can complete these findings.
01:30:22.000We were not provided the poll worker laptops.
01:30:24.000Now these are the laptops that poll workers use at each precinct to validate the voters and to interact with election related functions at that particular precinct.
01:30:38.000We were not provided any of the ICX devices.
01:30:42.000So the ICX devices are used for handicapped and other graphically required interfaces with the voting systems.
01:30:53.000We know that the county had a number of these based on the historical video from the MTech, but we were not provided any of those.
01:31:03.000We were not provided with the ICP credentials to validate the configuration settings or the administrative settings on the actual scanners, the ICPs.
01:31:17.000This was critical and a significant shortfinding in that I cannot sit here today and tell you whether or not the wireless modems were enabled and connected to the internet at the time of the vote.
01:31:31.000And I cannot sit here and tell you today what the status was of the LAN connections that we know were inherent to those devices as part of the purchase from or the lease from Dominion.
01:31:47.000Okay, let's go a little deeper into the cybersecurity issues as we found them.
01:32:01.000So let's talk about the go back one slide, please.
01:32:07.000Let's talk about the cybersecurity issues.
01:32:09.000Now, the Department of Homeland Security has a division called CESA.
01:32:14.000And CESA has a recommendation that's published on the internet for how to configure and manage election systems that is freely available and it's recognized as kind of the gold standard for securing an election system.
01:32:34.000I will tell you that every item up here is part of that recommendation from CESA.
01:32:44.000I will tell you that in Maricopa County, they failed to perform basic operating system patch management functions.
01:32:55.000So if you have a home computer, you realize that every Thursday or Wednesday, depending on your cycle, Microsoft will release a security patch to correct vulnerabilities that have been discovered since they released the operating system and it was installed on your computer.
01:33:14.000The last time that the operating system was patched on the Maricopa County election systems was the date that they installed the Dominion software, which was the 6th of August of 2019.
01:33:30.000So at the time of election, it had been over a year since that system had been patched.
01:33:36.000We found that that was also the same case with the antivirus definitions.
01:33:42.000So we know as part of this world that we live in, that people are coming up with new ways to hack a system, to exploit vulnerabilities and get unauthorized access to the systems.
01:33:58.000All major security vendors update their antivirus at least on a weekly basis to make sure that we can protect our systems from these newly originated vulnerabilities and exploits.
01:34:14.000The last time that the antivirus had been updated on the Maricopa County systems was the 6th of August 2019.
01:34:26.000Now, Maricopa County did release a statement saying that if they had patched the operating system or if they had updated the antivirus, that would have invalidated the EAC certification for the voting system itself.
01:34:46.000Obviously, there are a couple of issues with this position.
01:34:53.000And the first one is that we are relying on a certification system that would impose obsolescence instead of security in the very act of trying to secure a voting system.
01:35:09.000That is nonsensical and it should never occur.
01:35:13.000So, if that is in fact the case, we need to take a very close look at what we're relying on to validate and certify these election systems and software to ensure that we're not certifying guaranteed obsolescence of the system.
01:35:33.000Now, let's assume for a moment that what Maricopa County said was true, that they could not update those systems because of this certification issue.
01:35:45.000There are a couple of problems with that, as borne out by the artifacts on the actual EMS server itself.
01:35:54.000So, if that is true, then that would mean that no new executable files, no new dynamic link libraries could be created or modified on that system after the date of the software installation, which once again was 6 August 2019.
01:36:14.000What we found is that there are four executable files that were created after this date of Dominion install.
01:36:23.000There were 45 executable files that were modified after this date of install.
01:36:30.000There were 377 dynamic link library files which were created after the Dominion software install.
01:36:39.000And there were 1,053 DLL files that were modified after this date.
01:36:47.000So, if we assume that what the county represented is true, then in fact, that voting system would not have been certified at the time of the election.
01:37:01.000Let's talk a little bit about log management here.
01:37:04.000So, there is a federal statute that requires the preservation of election-related materials for 22 months after the date of the election.
01:37:16.000That applies not only to paper, but that also applies to digital artifacts.
01:37:24.000Maricopa County failed to preserve the operating system security logs to cover the dates of the election.
01:37:35.000They provided security logs early in the audit process, but they did not provide the Windows security lock itself.
01:37:45.000When we examined the EMS server, we found that the dates covered by the security log only went back as far as the 5th of February 2021.
01:38:02.000Now there's a couple reasons for that and we'll go into those later, but the bottom line is that they failed to preserve those logs, or at least those logs were not turned over to the auditors.
01:38:16.000And so I'm assuming, since they were part of the subpoena, that those should have been provided had they been present.
01:38:27.000Next item there is credential management.
01:38:30.000This is probably the most offensive item on this list to me because it carries such a huge impact on the securability of a system.
01:38:45.000What we found is that for the election management system, the adjudication systems, the ICCs, and all of the voting-related systems, they all shared a common password for both user accounts and for administrative accounts.
01:39:04.000And just to be crystal clear, it was the same password for all those accounts.
01:39:10.000So to complicate matters as well, those accounts had not been changed since the installation of the software.
01:39:21.000So they were established on the 6th of August 2019 and never changed.
01:39:29.000There furthermore was not an individual accountability of the users who access specific accounts so that you could tie a username, an action, and an individual when you discovered something that was an anomaly.
01:39:50.000We did not see any software or any effort to establish and monitor a host baseline of programs and processes.
01:40:01.000Furthermore, we did not see any log aggregation or methodology by which to establish and monitor the network communications for this system.
01:40:13.000There simply was none of that software present on any of these devices.
01:40:23.000We also saw and detected that there was a failure in hardware configuration within the voting system.
01:40:32.000Now what you're seeing right here is the system, the acquisition photos for the system that was identified as the adjudication 2 workstation.
01:40:44.000Now you will see in that picture that there are two hard drives that came out of that system.
01:40:50.000It's not uncommon to have two hard drives in a system for data storage, et cetera, et cetera.
01:40:55.000However, both of those hard drives are bootable.
01:41:03.000So what that means is that you can boot from a hard drive that is not part of the election configuration and have access to the election network.
01:41:19.000It's clearly not an approved configuration.
01:41:22.000It was the only system that we found a dual boot situation.
01:41:29.000Now to further complicate matters a little bit, and I'm not going to make judgment as to the legality of this or whether or not this deserves further action, is that on that second bootable hard drive, there appeared to be non-Maricopa County data.
01:41:51.000With on that hard drive, there were Dominion databases that appeared to be one demonstration data, but also data that may have originated from Washington state and South Carolina.
01:42:06.000And I derived that not from an in-depth investigation of the data that was outside my scope, but from the naming conventions of the databases themselves.
01:42:17.000Okay, so once again, validating and approving the configuration of these systems is critically important to preserving the integrity of that election system.
01:42:32.000I would also note that neither of the two audit Next slide.
01:43:01.000One of the challenges that we had was actually the accountability of deleted items.
01:43:06.000We'd talked about deleted items before, but let's be crystal clear about this.
01:43:14.000From the EMS, which is the election management system server, on the C drive, there were 865 directories and 85,673 election-related files deleted between 1028 and 1105.
01:43:36.000And they also included some log files.
01:44:03.000So So what is difficult to determine is that I know they were deleted.
01:44:09.000What I don't have is any accountability or any ability to track from an evidence management perspective how those deleted files were treated and what happened to them if they were archived or not.
01:44:41.000There are a.dvd file, and those are actually the results of the election totals off of each tabulating device.
01:44:52.000And those were part of the deleted files that were removed from the EMS.
01:44:59.000So the EMS actually had two hard drives.
01:45:04.000Well, they had six hard drives configured into two logical drives.
01:45:08.000So the second logical drive was called.
01:45:15.000So the second logical drive was called the D drive, and that contained all of the election database both historically and should have contained the information for this 2020 general election as well.
01:45:35.000You'll note that there were 9,571 directories and 1,064,746 election-related files deleted between the 1st of November 2019.
01:45:48.000On the HyPro 1, there were 304 directories containing 59,387 files of election data that were deleted from the HyPro scanner 1 on 3 March 2021.
01:46:02.000Now, this becomes kind of important because part of our analysis was to look at the interaction of these scanners, these systems, and how data flowed.
01:46:13.000You'll notice that that's about a month and a half before they turned that over to us.
01:46:43.000And on HyPro 4, you see the same high volume of deletions on the 3rd of March.
01:46:51.000Now, once again, this may be part of a normal process with how they handle votes, but the timing of this becomes a bit suspect, as well as the fact that we didn't see these deletions on HyPro number two.
01:47:12.000And once again, I don't have a chain of custody for what happened to these votes after they were deleted.
01:48:01.000You'll see there were three discussions.
01:48:13.000There's a user-defined setting that you can define how much quantity of logs are retained before they get overwritten.
01:48:25.000In this particular case, the EMS security log setting was set to 20 megabytes of data.
01:48:33.000So the Windows operating system will preserve all the security logged entries up until the point at which it reaches 20 megabytes of data.
01:48:46.000At that point, it starts following a first-in, last out approach to log retention.
01:48:53.000So as you create a new entry, an older entry is deleted and overwritten inside of that log file.
01:49:03.000Now, first and foremost, we need to remember that we do have that 22-minute month federal mandate.
01:49:12.000So it's clear that at least what existed on the EMS when we received it as part of this audit, we did not have the time period covered by that federal mandate as it was supposed to be covered.
01:49:26.000That security log was not turned over as part of any other documents that we have by Maricopa County.
01:49:34.000So I'm going to assume at this point that it's not available for us to look at or else they would have turned that over to us.
01:49:44.000Now, if you look at that last bullet, that first in, first out approach all of a sudden becomes readily apparent as to what happened on these distinct dates.
01:49:56.000So, on each of these dates, an individual executed a script, and that script repeatedly looked for a blank password for all of the accounts on the system.
01:50:11.000Depending on the system, there were only about 16 accounts that were present on a given system.
01:50:19.000Okay, so this script was run multiple times on 211.
01:50:27.000462 log entries were overwritten by this script.
01:50:32.000On the 3rd of March, 37,686 log entries were overwritten by this same script.
01:50:42.000On the 12th, which is the day before we received the system, there were 330 log entries overwritten by that script.
01:50:55.000Now, the challenge here is that I know that this occurred.
01:51:07.000If you reflect back to what I just said about the lack of accountability of assigning that username to an individual, it now becomes extremely difficult to prove who did it.
01:51:24.000Now, luckily, we happen to have some historical data from the MTAC video feeds.
01:51:32.000And so, we leverage that data to backtrack and align these times.
01:51:36.000And we have captured screenshots of Maricopa County people at the keyboards during those time periods.
01:51:53.000Now, we've identified those individuals, but we will not release their names because we understand what the scrutiny is and what the impacts would be to those individuals.
01:52:07.000But I just want to tell you that the very point that they did not have EMS.
01:52:18.000Now, remember the lack of log retention at this point.
01:52:23.000We could not find any logged entry that corresponded to this activity from the security logs.
01:52:37.000Those Windows security logs only went back to the fifth, but everything was purged on the context of the election to be audited.
01:52:51.000But that clearly was not the case in this instance.
01:52:55.000So, just to clarify, so this is a log file specifically from report tally and sorry, results tallying and reporting, which is the Dominion software.
01:53:06.000That entry says that someone went into the program and clicked on something that said, I want to purge all the results for this election.
01:53:14.000That goes through and that deletes all of the rest.
01:53:22.000We have redacted specific elements to include the host name and the IP address and some of those types of things.
01:53:34.000But the fact of the matter is that those items are recorded as part of that normal anonymous log activity.
01:53:43.000You will have the host name that logged into it.
01:53:46.000You will have the IP address that originated the request.
01:53:50.000In most cases, you'll have the username as anonymous.
01:53:55.000But that username is then validated against the access control lists and the user authentication mechanisms and validated.
01:54:06.000So the very next log entry in a normal anonymous activity is a validation of that user's credentials to access that particular device or process or whatever they were accessing.
01:54:24.000What you see on the left is something that we discovered in the logs, which is what I call a typical anonymous login.
01:54:33.000You will notice that none of those items that are captured by normal activity are present in this log.
01:54:43.000You don't have an IP address of the originating device.
01:54:47.000You don't have a host name of the originating device.
01:54:51.000And furthermore, when I look at these in context of the actual security log itself, there is no validation of a user's credentials immediately following this.
01:55:05.000There are hundreds of these types of anonymous logins in the security logs that we do have.
01:55:13.000I cannot tell you at this point if the same type or pattern of activity occurred during the election cycle because these logs don't exist that cover the election.
01:55:29.000But I can tell you that without access to that router data and the network data, I cannot validate whether or not these were legitimate accesses.
01:55:41.000You'll notice that it is a login type 3, so it was a remote access.
01:55:47.000I cannot tell if this is a legitimate access or an unauthorized access at this time.
01:55:59.000So we also took a look at what happened when the EMS was booted up.
01:56:06.000And let me walk through the methodology here to kind of assuage everybody's concerns.
01:56:13.000So when we actually imaged all these processes and these systems, by the way, we imaged 770 devices and we gathered over 114 terabytes of original forensics data.
01:56:31.000And we preserved that in a forensics image file that I could then leverage without fear of modifying or changing anything on the original device.
01:56:46.000So we took that image file and we turned that into a virtual machine.
01:56:51.000I created a enclave that I could boot that virtual machine up into and that I could then monitor the boot processes without connecting to the internet, without exposing any voter data to unauthorized users.
01:57:07.000And I actually booted up the EMS to see what happened, what it was listening for, and to identify if there was in fact any zero-day malware in the memory.
01:57:22.000What we did discover is that as you would expect, there were a number of ports.
01:57:27.000This is a normal part of an operating system.
01:57:30.000Ports are used to establish connections and provide functionality to the operating system.
01:57:37.000We've discovered 59 of those that were open.
01:57:42.000And while most of these things were what I would have expected, there were some unexpected high port activity specific to the Win EXE, which controls your accesses and your logons, and your DNS, which controls your domain name service.
01:57:58.000So if you go and you type in yahoo.com, the computer will use the DNS service to actually determine which IP that is so that you can connect.
01:59:22.000As part of that memory analysis, we did a complete check of the call outs and the attempts to connect from the EMS out to the internet.
01:59:37.000Now, once again, the county has repeatedly said that these were isolated systems, et cetera, et cetera, et cetera.
01:59:46.000The EMS attempted to connect to those IPs, most of which are normal.
01:59:56.000I would take a look at the level 3 parent, the EdgeCast connections there, and I would probably request from the Maricopa County the documentation for those functions that rely on those connections and to determine whether or not those are certified or not.
02:00:22.000We were not provided any of that certification document, but those are the two items up there that I would ask Maricopa County for some further clarification on.
02:00:36.000As part of this analysis, I was able to determine that there was no zero-day malware in the memory at boot up of the EMS server.
02:00:52.000Let's talk about internet history and connections.
02:00:56.000As you will recall, Maricopa County commissioned two independent auditors to come in.
02:01:04.000Both of those auditors had a finding that there was no internet connection at the time that they conducted the audit.
02:01:13.000When I initially did the analysis, and I was only searching what is called the allocated space, so the allocated space is what you as a user see when you open up Internet Explorer or when you open up File Explorer.
02:01:30.000When you see that directory structure, that's allocated space.
02:01:34.000When I looked at the internet history of the allocated space, I had the same conclusion as the auditors did.
02:01:42.000However, I took this one step further.
02:01:45.000I actually carved the unallocated space in the entire file system for internet artifacts.
02:01:53.000And when I did that, the history was significantly different than both the representation by the auditors and the representation by Maricopa County that these systems had never connected or were exposed to the internet.
02:02:10.000And we found internet activity and multiple visits on the EMS server, three of the EMS client workstations, one adjudication workstation, and then the reweb 1610 and the Regis 1202.
02:02:31.000Now, before I get into this, I want to kind of walk through my methodology a little bit.
02:02:37.000So it's very common for operating systems to have default URLs, compatibility caches, things of that nature that may have an internet URL as part of that part of that artifact.
02:02:56.000So in order to ensure that we didn't get any of that default data, I only reported on internet artifacts that one, the date occurred after the installation of the Dominion software, so after the 6th of August 2019, and that had multiple visits to the same site, okay, with dates after that timeframe.
02:03:23.000So that would eliminate any of the default URL artifacts that may have been on the system.
02:03:37.000So from the EMS server, you'll see that there's actually three visits to the same site on the same day.
02:03:45.000That clearly is not a private URL or a private IP address.
02:03:53.000And so what I can tell you is that the EMS server, at least on that date, was connected to the internet.
02:04:02.000Now, I'd also like to point out that relying on the unallocated space for these artifacts, I don't have a complete history of all the internet connections because things get overwritten, things get changed, things of that nature.
02:04:22.000But the importance of this is that at some point in time, specifically those last visited dates, this device was connected to the internet.
02:04:35.000Now, if you look at that date, there's also a correlation to the purging of the database.
02:05:05.000When we talk about the EMS client, here are the connections.
02:05:10.000Now, the nine connections at the top there, you'll see that as far back as February of 2020, there were four connections made to that URL, to the Microsoft URL.
02:05:26.000And then on the 22nd, which coincidentally enough is during the time of the audits, there were five connections to the Microsoft URL.
02:05:39.000I included that lower set of findings to illustrate that the importance of some of the items that were not produced to us.
02:05:52.000So, not all of the election-connected devices were produced to us for analysis.
02:06:02.000And that IP of a 192.168.100.11 is one of the private, it's a private network that was the election network.
02:06:14.000And you will see that it accessed a bunch of web pages off of that device indicating that it was a configurator or it was a file server or something of that nature.
02:06:27.000I want to draw your attention to that very last line: the M underscore network underscore wirelessland.html.
02:06:38.000That was accessed on the 19th, or excuse me, on the 30th of October 2019.
02:06:50.000Now, we have not received any information about any wireless LAN configurations, but yet here you have someone accessing it from the EMS client to access what I can only surmise was a wireless LAN configurator on that date.
02:07:11.000And you can see that the EMS admin 01 account was used for that.
02:07:15.000Once again, who the actual human was behind that account, I cannot tell you because of the shared passwords and the shared user accounts.
02:07:25.000But I can tell you that not all the devices were produced to us that would have shed significant light on our findings.
02:07:41.000Okay, once again, this is EMS client 3, and you can see that the last date last, there are six visits to Microsoft.com, and the last visit was on the 3rd of February 2021.
02:07:57.000Now, keep in mind that those previous five visits were obviously before that timeframe.
02:08:03.000And we don't have a record by nature of this artifact when each of those visits occurred.
02:08:15.000Now, ReWeb 1601 is kind of an interesting case.
02:08:18.000Now, once again, we did not receive any network configuration diagram.
02:08:23.000We did not receive any functional information as to the network.
02:08:29.000It was one of those things that, as an auditor, in most cases, I can go back to the person being audited or the entity being audited and say, what is this?
02:08:42.000In this particular case, in this particular situation, there was extreme resistance and quite frankly, in my opinion, obstructionistic actions taken by the county to prevent this type of exchange.
02:08:59.000Now, this system clearly was connected to the internet.
02:09:04.000Now, whether or not that was by design or whether this is one of those isolated and protected systems that the county has indicated never touched the internet, I cannot tell you, but I can tell you that it had significant internet access.
02:09:19.000And this is only something that would fit on the screen, right?
02:09:23.000There's literally thousands of connections to the internet by this system.
02:09:29.000Based on the naming convention, I would assume that this is some form of a web-based server that was used in the election system because it was produced under the subpoena, which that was one of the requirements for.
02:09:45.000Now, the other thing that I will tell you is that this device was produced to us on an external four-terabyte hard drive.
02:09:55.000And originally, it was represented to us as this was a forensics image of this device.
02:10:01.000When we actually looked at it, we found that all of those devices that were produced on the external four-terabyte hard drives, they were simply an operational system clone of that device, and it was not preserved in a forensics manner.
02:10:17.000What I can also not tell you is what steps were taken on the part of the county to ensure that the unused portion of that hard drive not occupied by this device, I cannot tell you what steps were taken by them to ensure that those were wiped or zeroed out so that we would not commingle data.
02:10:38.000So, I do want to caveat these findings and the Regis findings with those statements.
02:10:43.000But clearly, these devices had continual and repeated access to the internet.
02:11:22.000So, I appreciate your diligence and your patience on this.
02:11:26.000And as we think about what I've talked about today, it really boils down to accountability, right?
02:11:36.000And making sure that our election systems are secured.
02:11:41.000I will tell you that they were not based on any measure that I, as an IT professional performing countless vulnerability assessments and incident responses that I have occurred,
02:12:01.000had a client that engaged me had this state of a network, it would have resulted in a failure on our audit.
02:12:14.000So, at this point, I would like to remind people that from a totality of what these findings are, there simply is no accountability by anyone accessing these devices.
02:12:30.000You had shared passwords, you had shared user accounts, you had remote access.
02:12:41.000If someone could get access to this system, they wouldn't need a zero-day exploit.
02:12:50.000The systems were so far out of date from a security compliance standpoint that it would have taken the average kitty hacker less than 10 minutes using Metasploit to hack this system.
02:13:04.000And I would like to remind everyone that's listening to this that when you have a network of computers like you have in these voting systems, it only takes one person bringing in a little hockey punk with admin access to provide external remote access to that voting system.
02:13:31.000And in the situations where you don't have accountability, you have shared usernames and you have shared passwords, you simply cannot guarantee the security and the accountability on those systems.
02:13:45.000And I thank you very much for your time, and I'm available for questions if you have any.
02:14:04.000Okay, we are going to go back to Mr. Logan.
02:14:07.000For those that are looking at your watch, the bulk of this is done, but there's still some more important things to do.
02:14:15.000Mr. Logan is going to quickly, because we are running over time, go through his recommendations of what improvements the Senate might be able to help do through legislation.
02:14:28.000And then Mr. Pullen is going to quickly give his report about the independent ballot count the Senate did.
02:14:35.000And then we have Ken Bennett standing by, who was our Senate liaison, who will be giving you the observations that he noted when he was there working every day.
02:14:46.000So Doug, could you do me a favor and go through those recommendations quickly, please?
02:15:58.000So legislation should be considered that links voter roll registration to changes in driver's license.
02:16:04.000We saw a lot of indications that there was old, potentially old information in the voter rolls, and it's very important that our voter rolls remain clean.
02:16:15.000If they don't remain clean, it would facilitate, it makes it easier for almost any type of way that someone might want to take advantage of the system.
02:16:24.000If only the people who are registered to vote and could show up to vote are in the voter rolls, that makes it more difficult.
02:16:31.000And already when you go into the DMV, you can register the vote.
02:16:35.000But specifically, if you change your license to another state, if you change your address, which are things that people are usually pretty diligent about taking care of, that should also update your voter registration details so that when you're out of state and you're in another state, it's not possible for your old voter rolls to be used by you or anybody else.
02:16:57.000Specifically, we recommend that the NCOA is a natural change of address.
02:17:02.000It's something put up at the U.S. Postal Service.
02:17:09.000And we should not be, you know, just mailing money to people who are not necessarily still at that address or have moved.
02:17:15.000So checking the NCOA before you mail out ballots will help make sure that the currency of the ballots are only ever received by individuals who are legitimate voters or still living at that location.
02:17:27.000So 90 days before the election, in addition, it should check it right before mail-in ballots.
02:17:32.000We are not ever effectively mailing currency out to an address where someone has moved to another state.
02:17:39.000I understand that the EPM and guidance from the Secretary of State suggests that the ERIC and Social Security's master's death list and others should be checked regularly against voter rolls, but I believe it needs a little bit more oomph to it and that there should be a legally required frequency for counties to do so to make sure that the regulator being maintained rather than just a guidance that it should be done at some stage.
02:18:07.000Talk a little bit about election software, both from the report I have out of Antrim and specifically with what some of the inconsistencies and oddities that we're finding about the voter role system both here and quite frankly across the country.
02:18:24.000I highly recommend that we pass legislation that requires that these applications that are extremely important are built up to a higher standard and specifically are making sure that they're ensuring the confidentiality and integrity of the systems.
02:18:39.000The Open Web Application Security Project is known as a leader in the application security space and they specifically have something called the Application Security Verification Standard or the ASVS.
02:18:51.000It has levels one through levels three.
02:18:53.000Level three is for a sensitive system and I would highly recommend that would be a requirement for anything associated with voter rolls or voter systems that they would build up to that standard.
02:19:03.000Doing so make sure that the application itself has the necessary standards built into it in order to make sure things aren't altered and that there are appropriate logs if so in order to take care of that.
02:19:20.000Specifically with that it's always a good idea to run the ASVS assessments on a regular basis, usually every three or four years and specifically that the vendors should be required to attest that the ASVS standard was fully applied.
02:19:35.000I further recommend that the vendors you shouldn't be able to use the same vendor over and over again for any type of certification activity.
02:19:43.000It's too it creates too much opportunity for if there was some impropriety by a vendor that it could continue to pass.
02:19:53.000So rotating vendors at least every three years and putting that in the law would help ensure that not only are these being assessed but they're set up to a higher standard.
02:20:02.000And this goes beyond specifically what the EAC is requiring because quite frankly based on everything that's being said the EAC is not requiring anything close to what is necessary in order to protect our election system and hopefully that will get better over time but in the meantime Arizona can be a leader in this area.
02:20:23.000Specifically legislation should be considered that requires falling of all the CESA guidelines for election systems and equipment and that any variances against those should be documented and there has to be risk manos that are signed off and should be public for the appropriate for any derivations from those guidelines.
02:20:39.000Now those guidelines cover pretty much everything that Mr. Coton was covering today.
02:20:44.000Everything from setting up baselines on the systems, everything from baselines and network processes, making sure that user accounts are handled properly.
02:20:54.000All those details are all covered by that.
02:20:55.000Was a very simple legislation that basically says that guidance needs to be followed.
02:21:01.000Legislation should be considered, which requires assignment of individual usernames and passwords.
02:21:07.000Mr. Cotton's talked about that a lot today.
02:21:10.000Legislation should be considered that requires real-time network monitoring of all election equipment, even on the air gap networks.
02:21:17.000So there is some indication of what occurred there.
02:21:19.000It may seem odd to have that on an air-gapped network, but as Mr. Cotton was mentioning, there's very small devices that you can take in.
02:21:28.000And if you can plug them into a network port, you can effectively give the entire network internet access.
02:21:34.000I mean, they're physically very small, they can be hidden easily.
02:21:37.000And if you've got real-time network monitoring on those systems, especially where the EMS is, you can identify that and at least have a log of it and potentially prevent it before anything happens.
02:21:49.000And legislation should be considered that would prohibit it, internet-capable election management system servers or equipment from being utilized.
02:21:58.000There's a number of devices that, when you look at the serial numbers from the Pro V and V and S LA audits, they show that they had Wi-Fi cards and stuff put into them.
02:22:07.000Anytime the capability is within a device, there's the potential for it to turn on, or for someone to turn it on and activate it, or use it to connect to some other device.
02:22:19.000If the equipment's not even there, then you can't have a failure to configure, create any issues.
02:22:24.000So legislation that far, not just preventing internet access, but preventing any type of capability in the device, would help ensure the integrity, especially as we keep being told that things are not connected to the internet.
02:22:37.000From the voting machine standpoint, county employees should have all the administrative access on all election equipment sufficient to independently validate all configuration.
02:22:47.000The fact that Mayor Cupa County said they did not have the hardware tokens necessary in order to see if their election equipment was connected to the internet or not is extremely, extremely alarming.
02:22:59.000The accountability, the county needs to be able to hold vendors accountable.
02:23:03.000We may use subcontractors for various different actions, but the responsibility always falls on the county, and therefore they need to always have all access.
02:23:11.000That should not be something they can relegate to somebody else.
02:23:14.000In addition, election voting machines should have a paper backup of all ballots, which can be used to confirm the votes where CAST is intended.
02:23:20.000And these machines must be regularly maintained to vendors' maintenance schedule.
02:23:25.000One of the things that was found in some of our examination of the paper ballots is a lot of things were miscalibrated or otherwise not following general manufacturer guidance.
02:23:35.000If we want to make sure that we get the intended results out of things always, we should make sure that whatever goes through logic and accuracy testing, whatever it is that's a standard equipment being used, is the same thing we're using on election day.
02:23:49.000And if you're testing a system with something different than what has happened in the real world, it's not a very good test.
02:23:56.000And legislation should be considered that requires that paper stocks utilized on election day conform to, again, to manufacture specifications and that it's been tested properly.
02:24:07.000Now, we think that you should have legislation that should consider creating an audit department that should regularly conduct audits on a rotating basis across all the counties in Arizona.
02:24:17.000To the best of my knowledge, nobody is currently doing this, but based on the audit we performed, there was a lot of processes and procedures that were not conducive to effective audits.
02:24:28.000The way that stuff gets better is by regularly checking it and regularly validating it.
02:24:33.000And now that the whole world is looking at our elections, I think it's very important that we take advantage of that and make sure that what is done in our election departments is brought up to the same standards that financial industry uses and other critical systems.
02:24:45.000It should not be an area that's lagging.
02:24:48.000When our voting equipment helps choose the most powerful individual in the world, there's a lot of adversaries that would like to take advantage of that, and we need to treat it accordingly and make sure that it is being audited so that those standards are maintained.
02:25:03.000Legislation should be considered that requires batches of ballots to be clearly labeled, separated from each other in a manner that they cannot easily mix together and easily connected to the batches run through the tabulation equipment.
02:25:13.000There was a lot of hoops we had to get through.
02:25:15.000jump through to even connect a box of ballots to what was run through the software in order to match those two up.
02:25:24.000And that is something that should be simple to do, again, because it facilitates audits and that those audits facilitate accountability.
02:25:33.000While a full audit like what we did this time, it cannot always be done.
02:25:37.000The better the record keeping is, the easier it is to do partial audits to confirm things.
02:25:41.000And that's something the audit department can do on a regular basis, in addition to sometimes to info audits.
02:25:49.000But it's not cost effective to do that every single year.
02:25:53.000Legislation should be considered to penalize, purposely inhibit a legislative investigation or an officially sanctioned audit of an election.
02:26:00.000I think why that's in there is a little bit obvious.
02:26:04.000Audits are really effective when you have the cooperation of the management who controls things, and it's very, very difficult to manage them.
02:26:12.000That's why financial services, if you're your typical financial audit, if you don't comply with the audit, you can literally be put in jail at times.
02:26:26.000Legislation should be considered that will make ballot images and cast vote records artifacts from an election that is published within a few days of the results being certified for increased transparency and accountability of the election process.
02:26:36.000These are things that we think is important for the Arizona and the American public to be able to see and validate and see with their own eyes.
02:26:44.000Currently in Arizona, we had a judge that stated that we could not make the ballot images publicly available.
02:26:51.000There should be nothing that links, once a ballot comes out of its envelope, there should be nothing that links it back to a person, and there should be absolutely no reason why it shouldn't be able to be public.
02:27:01.000Legislation should further be considered which require all ballots to be cast on paper with security features such as watermarks or similar technology with a detailed account of what papers were used.
02:27:13.000With our paper analysis, we wanted to be able to say that this is legitimate paper and valid and real, and we wanted to be able to say this is not legitimate paper.
02:27:23.000But with as many wide number of papers that were used, I think we were estimated over 10 different copies, different types of paper, it's very difficult to make that.
02:27:32.000But if there's official paper that's kept track of, it'd be much easier for an audit when it's conducted to be able to say without a shadow of a doubt whether it is in fact printed on legitimate paper.
02:27:43.000Mail-in voting should incorporate an objective standard of verification for early for voter identification similar to the ID requirements for in-person voting.
02:27:51.000It seems likely that mail-in voting will continue to increase.
02:27:56.000From a security standpoint, I advocate no more mail-in ballots, but that's not probably realistic.
02:28:02.000So that being the case, if it's going to continue, we need to have good identification requirements.
02:29:11.000Okay, just real quickly about me personally.
02:29:14.000Graduated from Arizona State University, undergraduate in math and chemistry and an MBA in 1981.
02:29:22.000I sat for and passed the CPA exam in 1980, became a CPA, and I've been a CPA since then.
02:29:29.000Employment-wise, I started out working on my MBA as a, I was working at a engineering company, writing software for them.
02:29:39.000And then I joined Deloitte Haskins and Cells and began working in their audit department and helped them develop and test the first statistical sampling software and system for doing audits.
02:29:57.000I became a partner at Panel Kerr Forrester.
02:30:00.000And then again, I went back, became a partner at Deloitte and Touche, where I focused on financial auditing, specifically for bank savings and loans in the hospitality industry.
02:30:11.000I actually did get involved in forensic audits, so I understood how they function and what you had to do in order to complete them.
02:30:19.000I started my own company back in the 90s, and I still do consulting and accounting services.
02:30:25.000And I also started an IT company in 2001, WageWatch, which still exists to this day.
02:30:33.000And we developed software that's still considered some of the best in the industry that we're in.
02:30:41.000Background-wise, the Senate decided they wanted to do an independent count of the ballots in order to confirm the count by the county as well as the count by cyber ninjas on the forensic audit.
02:30:55.000And so that was kicked off on June 28th.
02:31:00.000They selected me to run that machine count.
02:31:06.000Again, it goes back to my experience and knowledge.
02:31:09.000I immediately got Brian Blim, who was the attorney who had worked on the floor of the Coliseum and was the legal counsel that had dealt with any forensic issues that came up on the floor during the hand count.
02:31:24.000And by the end of June, he was no longer a contractor with the cyber ninjas.
02:31:31.000He was independent and he agreed to assist in the machine count.
02:31:36.000We also enlisted a lot of former volunteers who had worked on the floor doing tally counts as well as working in the corrals taking care of the ballot boxes.
02:31:52.000And so we put together a pretty good team.
02:31:55.000We went out and found the equipment for doing a machine count and looked at several different varieties and finally decided on, I need to stop pushing this and found the equipment.
02:32:14.000The equipment we found, interestingly enough, was highly considered around the country as very good equipment.
02:32:27.000And we selected two Bantam 1 counting machines that were made by U.S. paper counters.
02:32:34.000And we also got two paper joggers, they're called.
02:32:42.000what they do is they help align all the paper before you run it through and do the count on the paper.
02:32:48.000And again, these ballots are very heavy paper.
02:32:51.000So when the technician came in and set up the machines and we were testing the paper, he had to make adjustments to the machines that could handle the quality of the paper that we were running through the system.
02:33:03.000And so once we had that figured out, then we had the technician train our volunteers who this worked for us.
02:33:12.000And then the ballot counting started on 7-14 and we completed it in 12 days.
02:33:19.000I will tell you that the volunteers worked incredibly hard on this as well as observers we had overseeing what they were doing.
02:33:28.000And we started working at 8 o'clock in the morning and we went until midnight on those days.
02:33:34.000We had two teams that were working that very, very solid work.
02:33:42.000The Maricopa County official canvas, you can see it's as it's been reported earlier, and we did the machine count and it was very close.
02:33:52.000We were 121 less ballots than they had counted, which again, you can see the forensic election audit that count on the ballots was a little bit less, but all of it's within a thousand of what Maricopa County did.
02:34:15.000One of the things we did learn on the machines when we were testing them and setting them up to operate is when they did was a miscount and we did do recounts based on that.
02:34:24.000But when there was a miscount, essentially it was an undercount.
02:34:28.000Okay, so being a little bit less than the official canvas count was not surprising.
02:34:34.000Now here are some of the things we found, and this kind of confirms some of the things that were talked about earlier in these reports.
02:34:42.000We did find missing batches and boxes where you would open a box and it was supposed to have seven batches in it.
02:34:49.000There would only be six batches in the box.
02:35:22.000And then when you open some of the boxes, the batch counts that went with every batch, which was typically supposed to be about 200 in the batch, they weren't with the batch.
02:35:32.000They were on top of the batch or they were on the side.
02:35:35.000And so we'd have to go through and figure out manually which batch sheet went with which batch, which again goes back to if things were done more properly, this would be much easier.
02:35:50.000It could have even been done faster as that.
02:35:53.000So that's pretty much what we came up with with this.
02:35:57.000And so again, it independently confirmed the numbers that the county and cyber ninjas found in the ballot count.
02:36:46.000Mr. Bennett, would you give us just a tad background about yourself and tell us what your observations were as the Senate liaison?
02:36:54.000Well, there's a I've provided a I have provided a PowerPoint to your staff, and so I would ask that they prepare to bring that up.
02:37:05.000But in the meantime, I served as the 21st Secretary of State from 2009 to 2015.
02:37:15.000That's the chief elections official of the state of Arizona.
02:37:18.000I also served as the president of the Senate for four years, like yourself, and another four years as a state senator.
02:37:26.000So I kind of bridge that those two domains, maybe.
02:37:31.000I've also an accounting degree from Arizona State University and have worked in numerous businesses, usually as the CEO or CFO, chief financial officer of those companies.
02:37:45.000And I see the screen, so I'll jump in here.
02:37:49.000I know our time has gone long today, but you asked me to observe throughout my days there at the audit areas where compliance with our election laws and procedures was accomplished and maybe where they weren't complied with.
02:38:12.000As you know, elections in Arizona are governed by the election laws, which are adopted by the legislature and the governor, and then a Secretary of State's procedures manual, which is promulgated every other year by the Secretary of State's office, but has to have the consent of the Attorney General and the governor as well.
02:38:32.000And between those two documents, there's over 1,300 pages of laws and procedures.
02:38:40.000I'd like to just briefly say that no election can be conducted perfectly because it is administered by imperfect human beings, but that doesn't mean we don't try because it is through our elections that we the people give our consent of the governed, as is identified in the Declaration of Independence.
02:39:02.000And every citizen deserves to know that they are being treated equally under the law as required by the Constitution.
02:39:11.000So every legal vote has to be accounted accurately and not canceled out by unlawful votes.
02:39:19.000This report is intended to identify where Maricopa County failed or may have failed to comply with some of these statutes.
02:39:27.000But having said that, I believe that the majority of our election officials in Arizona are honorable, well-intentioned people.
02:39:36.000So I intend this report in the spirit of constructive improvement, but also maintaining appropriate accountability.
02:39:49.000As we've heard in previous testimony, and the slides aren't changing on my screen, but I hope they are at your end.
02:39:59.000First slide or observation is related to the missing signatures on ballot envelope affidavits.
02:40:07.000And there's some statutes there that I'm not seeing a change on your slides, but I'll assume that the slides are changing at your end.
02:40:18.000You'll see the statutes 547, 16, 547, and 48 that early ballots have to be accompanied by an affidavit.
02:40:28.000And by 7 o'clock on Election Day, there is a cure period in Section 550, which is not noted there.
02:40:38.000ARS 16552 is very clear that the election board is to check the voter's affidavit and quote: if it's found to be sufficient, the vote shall be allowed.
02:40:49.000If the affidavit is insufficient, the vote shall not be allowed.
02:40:53.000And equally prescriptive in the election procedures manual: if the early ballot affidavit is not signed, the county recorder shall not count the ballot.
02:41:03.000As you heard in previous testimony, the scope of this audit did not involve comparing signatures with the voter registration files, but you had people, Dr. Shiva,
02:41:18.000look for and identify a number of missing signatures on ballot envelope affidavits, which to the extent that ballots from those envelopes were tallied would violate the above statutes and procedures.
02:41:35.000Next slide, I hope you're seeing is because I'm not seeing it, original and duplicate ballots without matching serial numbers.
02:41:45.000ARS 1621A is very specific that all duplicate ballots created pursuant to the subsection shall be clearly labeled duplicate.
02:41:55.000There is a serial number that's recorded on the damaged or defective ballot, and the EPM says something very similar and gives one of the reasons, which is to tie the ballots together.
02:42:07.000The other reason would be to make sure that the votes recorded on the duplicate correctly reflect the votes on the original or damaged ballot.
02:42:16.000There were approximately 2,500 duplicated ballots where there were no discernible serial numbers recorded on either the original or the duplicate ballot.
02:42:25.000Obviously, this does not comply with those statutes and procedures.
02:42:30.000The next slide, I hope, is missing chain of custody.
02:42:38.000ARS 16621 says that the county will maintain a chain of custody for all election equipment and ballots during early voting, which is kind of the beginning of an election through the completion of provisional voting tabulation or kind of the end of processing ballots.
02:42:56.000The Senate requested this chain of custody.
02:42:59.000The county provided a very detailed chain of custody of the ballots that we did receive, but we never received a chain of custody all the way back to the election period as this statute requires.
02:43:14.000Next item is insufficient ballot paper thickness.
02:43:17.000This is not a major item, but ARS 16502A says that ballots shall be printed on a paper of sufficient thickness to prevent the printing thereon from being discernible from the back.
02:43:31.000And there can be debate as to whether this is just for the printing on the ballots or when the ballots are marked with their votes, but there were, as Mr. Logan noted, multiple the audit found multiple thicknesses of paper stock used in the printing of ballots, some of which would allow kind of that bleed-through effect, which would not be in compliance with the above statute.
02:44:02.000Next one is common usernames and passwords, as Mr. Cotton noted.
02:44:08.000The election procedures manual specifically says that applications within the EMS system should use separate usernames and secure passwords for each user or station.
02:44:21.000And as he noted, he found common usernames and passwords being used, which is inconsistent with this guidance from the election procedures manual.
02:44:36.000Another, the next one would be missing serial numbers on electronically adjudicated ballots.
02:44:42.000An addendum to the 2019 election procedures manual specifies that tabulation machines may be programmed to outstack or to print identification numbers on the ballots with write-in votes that are electronically tallied.
02:45:01.000This process is often known as adjudication.
02:45:06.000There was, well, Maricopa's system, Dominion, does not use an outstack method, but it does not appear that these identification numbers were printed on the electronically adjudicated ballots as required by this part of the procedures manual.
02:45:25.000And the last slide would be, well, I guess there's a one after this, but the last item is possible ineligible voters.
02:45:36.000Several articles, which include multiple statutes within IRS 16, as well as many aspects of the election procedures manual, identify Arizona's requirements for an individual to be considered an eligible voter and therefore allowed to cast a legal vote.
02:45:54.000The audit identified numerous questions regarding possible ineligible voters.
02:46:00.000However, these determinations were, as you heard from Mr. Logan, made from comparisons between the county's final voted data and private data sources, not the official voter registration data.
02:46:11.000So further investigation with the cooperation of the county, hopefully, is necessary to determine whether ineligible voters were allowed to vote in the 2020 election.
02:46:22.000And Mr. Logan went into some of the possible categories of people who had moved or deceased or other categories that I think you saw in earlier testimony.
02:46:34.000And the last slide is simply a thank you from me for allowing me to work on this project.
02:46:40.000And I will conclude, I guess, by saying this, that I have already started to hear from people saying that, well, if the audit failed because it didn't prove that the election was overturned or that there was a different result.
02:46:59.000Well, as you noted, when you began this process, Madam President, and when you began this hearing today, there was no predetermined, at least in my mind, and I know in yours and Warren's and everyone who worked on this audit, there was no predetermined outcome that if we didn't find this or didn't find that, we have failed because it's exactly the opposite.
02:47:25.000If we identify strengths and weaknesses in our election procedures and statutes, and if we confirm that in this case, an election was conducted where the hand count of the ballots matches the electronic tally of the election proceed, the election system used by the county, I don't consider that a failure at all.
02:47:46.000In fact, maybe Mr. Logan and his company have identified the most accurate hand counting process that has maybe ever been used in the country.
02:47:56.000And that's directly in opposition to many within our state and across the country who said that their procedures were terrible or this was that, and nothing could be further from the truth.
02:48:11.000I, you know, there were a lot of good, honest people that gave a lot of time, as you noted, to accomplish this audit.
02:48:41.000And we're sorry you went last and you had to hold on the logist, but thank you so much for doing this.
02:48:47.000For some of you may not know, Mr. Bennett did this on his own time on his own nickel.
02:48:53.000And he lives in Prescott, but literally drove down almost every single day to be at the audit with the rest of the team to make sure that everything was done accordingly and chain of custody was followed and everything was always documented.
02:49:52.000And I think there's legislation and I think there's law enforcement that needs to be involved.
02:49:58.000So I'm going to name off eight bullet points here that I think need to be handled by my colleagues and by our attorney general.
02:50:08.000First of all, and what I have found perhaps the most unsettling through this whole process is the obstruction that we have seen from the county.
02:50:19.000The failure to comply with the auditor, a brazen willingness to violate a legal subpoena.
02:50:27.000Our attorney general said that was against the law.
02:50:33.000And furthermore, to their willingness to expend significant resources, human capital, you name it, to block and to stop this audit.
02:50:48.000As I recall, it was like $18,000 or something like that for one of their audits that they spent money on.
02:50:57.000How much money have they spent trying to stop our audit?
02:51:01.000It has to be in the hundreds of thousands of dollars.
02:51:05.000But that would be an interesting number to see.
02:51:10.000Number two, the numbers don't reconcile.
02:51:12.000As you've seen through this, it is a theme throughout all the reports.
02:51:17.000All of us as citizens, we should be able to pull up these election results and we should be able to, every direction, reconcile the numbers.
02:51:27.000If I subtract, you know, early ballots or if I subtract, if I add the rejected, if I, you know, no matter which way, you should be able to come up with a reconciliation so that everything balances.
02:51:51.000We need to get to the bottom of whether that law was broken, how to prevent it in the future, hold people accountable that did it this time.
02:52:01.000Churning of logs, the churning of logs.
02:52:06.000We need to find out why that happened.
02:52:22.000Number six, a failure to preserve data files.
02:52:26.000And number seven, cybersecurity weaknesses that were so that were shown by Mr. Cotton, so evident here.
02:52:35.000Those are not going to get any better.
02:52:38.000We're seeing people being held hostage via cybersecurity every day, and it's constantly becoming more sophisticated.
02:52:45.000We have to definitely need to up our game there.
02:52:49.000And number eight, the envelopes with blank signatures.
02:52:54.000We have a lot of questions there that need to be answered.
02:52:57.000So with that, Madam President, I look forward to working with my colleagues and with the Attorney General in any way to resolve these issues and to improve our elections and to increase election integrity in the state of Arizona.
02:53:15.000Senator Peterson is our Jude chairman.
02:53:19.000This started in the Jude committee back in December and only appropriate to end up there.
02:53:25.000And my closing remarks, first and foremost, let me tell everybody that all of these reports are up and posted on our website for you to access all of them.
02:53:35.000That website is AZSenateRepublicans.com, AZSenateRepublicans.com.
02:53:42.000You can all go there and see all of these reports.
02:53:46.000Second of all, I have already transmitted a letter to our Attorney General's office with all of those reports.
02:53:54.000That not only includes everything that we have noted here, but also everything that Senator Peterson has concerns about.
02:54:04.000We are asking him to open up a formal investigation so that he can pursue and seek additional information, additional facts, perhaps get some of these missing things that we were never able to get, verify all this information and take the appropriate actions of anything that is necessary to do.
02:54:26.000I have every confidence that he will be doing that.
02:54:31.000I also want to say thank you to my Senate Republican colleagues.
02:54:36.000When we started this, it was we had a claucus and every single one of our Republican members said this is important.
02:54:46.000Our constituents have questions they want answered.
02:54:50.000We didn't think it was going to be this long.
02:54:52.000We didn't think it was going to be this expensive or this difficult, but we did it.
02:54:58.000And as you can see, we do have some work to do here.
02:55:03.000We have a lot of work to do because quite honestly, if we don't follow our rules, don't follow our elections, this is how problems can happen.
02:55:11.000We also know that 18 different states sent representatives here because they have constituents asking the same questions.
02:55:19.000And the very least, what I think that we can all come out of this is that we need to do audits to some extent.
02:55:27.000We need to do bigger audits on every election just to make sure that everybody's following the rules.
02:55:35.000So with that, I want to say thank you to Mr. Logan, Mr. Poland, Mr. Cotton, Mr. Bennett, all of you present, Mr. Shiva, Dr. Shiva.
02:55:46.000I know this was very difficult on you and your family, Mr. Logan.
02:55:50.000You've been here for many months and you've left your wife and 11 children back at home and he has another one due in next month in a couple of weeks.
02:55:59.000So we gave up a lot for this and we appreciate it.
02:56:03.000So to everyone, thank you all very much.
02:56:05.000Thank you for being so polite up there.