Auditor: Information Deleted From Maricopa County Election Machine Has Been Recovered

Zachary Stieber
5/19/2021
Updated:
5/19/2021

The information that was allegedly deleted from a Maricopa County election machine has been recovered, an auditor told state lawmakers on May 18.

Ben Cotton, founder of CyFIR, one of four firms working on the 2020 election audit, said at the Arizona state Capitol in Phoenix that he discovered a master file table “that clearly indicated that the database directory was deleted from that server.”

“Subsequently, I’ve been able to recover all of those deleted files, and I have access to that data,” he said. “I have the information I need from the recovery efforts of the data.”

Maricopa County responded in a May 18 tweet, “Just want to underscore that AZ Senate’s @ArizonaAudit account accused Maricopa County of deleting files—which would be a crime—then a day after our technical letter explained they were just looking in the wrong place—all of a sudden ‘auditors’ have recovered the files.”

Auditors told Maricopa County officials through the Arizona Senate earlier this month that they discovered an entire database directory from an election machine had been deleted.

In addition, the main database for election management software wasn’t found anywhere on the machine, despite it being referenced as the location for the database.

“This suggests that the main database for all election related data for the November 2020 General Election has been removed,” Arizona Senate President Karen Fann, a Republican, wrote to Maricopa County’s Board of Supervisors.
The board later said the allegation was false, accusing auditors of making a mistake while performing their analysis. The Maricopa County Elections Department, in a technical analysis, said officials and subject matter experts reviewed the allegation and found the database folder in question wasn’t deleted.

Cotton told the state Senate meeting on May 18 that the firm follows a strict forensics acquisitions process by removing hard drives from a machine and performing forensics imaging with “write blocks” that prevent any changes to the hard drives before making a copy of the drive. He said the drives for the operating system were in a “mirror configuration,” which means that changes anywhere on the operating system drive would be automatically reflected on both drives.

Fann recently threatened to issue fresh subpoenas to Maricopa County officials over their refusal to provide routers or router images and passwords giving auditors administrative control to Dominion Voting Systems election machines. She later backed down and asked that they attend the meeting to answer questions. The board on May 17 refused to send anybody.

Asked if subpoenas were back on the table, Fann told The Epoch Times in an email that the board’s refusal would be discussed at the meeting. During the meeting, she didn’t indicate whether she was considering anew issuing more subpoenas.

Arizona Senate President Karen Fann talks to reporters in Phoenix, Ariz., on May 26, 2020. (Ross D. Franklin/AP Photo)
Arizona Senate President Karen Fann talks to reporters in Phoenix, Ariz., on May 26, 2020. (Ross D. Franklin/AP Photo)
The state Senate in late 2020 issued several subpoenas for ballots, election machines, and other materials to conduct a forensic audit. The county took the matter to court, arguing the subpoenas were too broad, but a county judge ruled in favor of the Senate.

Router or router images and election machine access were included in the original subpoenas.

Cotton expressed confusion about the county’s assertion that providing even router images could compromise sensitive resident data, telling senators that the data “should not exist on that router, period.”

He also questioned public reports by Pro V&V, a machine auditor that reviewed some of the machines in February, that the county’s election systems don’t touch the internet.

“The extension of that would be that they do not touch the county network because that’s exposed to the Internet and to say that the data corresponding to these networks would somehow compromised law enforcement activity or PII data seems incongruous to the previous statements,” he said, referring to personally identifiable information data.

Dominion declined to provide passwords to auditors, and the county has stated that it doesn’t have them itself.

Giving over the passwords would amount to releasing “intellectual property,” Dominion said in a recent statement. The firm stated it would release the passwords only to firms accredited by the U.S. Election Assistance Commission.

Doug Logan, CEO of Cyber Ninjas, the firm leading the audit for the Arizona Senate, told senators that the passwords don’t give access to source code. He said there was some miscommunication or misunderstanding involved.

For now, auditors only have “poll worker access” to the systems with the passwords they were given, Cotton said. To fully carry out the audit, they would need access at an administrator or technician level.

“In the course of communications with the county officials, it was disclosed to us that the Maricopa County officials apparently do not have access at the administrative or technician level for their own tabulating systems. That level of access and those credentials are maintained in the sole possession of two Dominion employees that are apparently full time contractors within the Maricopa County infrastructure,” he said.

“The biggest challenge there is one, it doesn’t appear that they have control of their own equipment when it comes to configuring and preparing for an election and two, they can’t validate that their own policies and procedures are being carried out without the ability to validate the configurations of the systems.”

If the passwords are conveyed, auditors estimate it would take less than two days to gather the data they need.