Denver DA Won't File Charges Against Griswold for Voting System Passwords Leak

There will likely be no criminal consequences for anyone involved in the leak of Colorado's voting system passwords, including Secretary of State Jena Griswold.

Denver District Attorney Beth McCann will not file any charges in connection with the incident, her office announced on Friday, December 20. This decision comes after a seven-week-long investigation into whether the leak violated state laws regarding election security and misconduct by public servants.

“We have concluded that there were no criminal violations of the law regarding the publication of the voting machine passwords,” McCann says. “Based on everything we have learned, the passwords were published in error and not ‘knowingly.’ ... There is no indication that the passwords were published in an effort to influence the outcome of an election."

The 4th Judicial District Attorney's Office in El Paso County assisted in the investigation and previously said it would review the results "to determine if further investigation should be conducted." That office did not respond to an inquiry about whether it will take action now that the Denver DA's Office decided not to pursue charges.

For four months, hundreds of passwords for voting equipment were exposed on the Secretary of State's website, on easily accessible hidden tabs of a public spreadsheet. The Colorado Republican Party broke the news of the blunder on October 24, to the outrage of county clerks, who did not learn of the leak from Griswold's office (according to a deputy, the office wanted to attempt to avoid a "media storm").

State statutes specify that publishing voting system passwords is a felony offense if done "knowingly." They also define official misconduct by public servants as "knowingly, arbitrarily and capriciously" failing their professional duty.

One election employee described the circumstances leading to the leak as "sloppy” but "not criminal," according to the investigation — and McCann's office seemingly agrees.

The DA's findings align with a third-party report into the incident conducted by the Baird Quinn law firm commissioned by Griswold's office. Earlier this month, that report concluded that the leak was a result of failures by Griswold and her office, but agreed that the passwords were posted online "mistakenly, unknowingly and unintentionally."

Both investigations found that a former employee with Griswold's office had added hidden tabs on a voting systems inventory spreadsheet to use as "scratch paper" to help clean up information on the visible tabs. One current employee alleged that the use of hidden tabs was "due to laziness" by the former employee, the Denver DA's report says.

The content on the hidden tabs included voting system passwords; however, at the time, the inventory was only posted on the office's website as a PDF file, not an Excel file. When an Excel file is converted to a PDF file, hidden tabs do not show up in the PDF, so the passwords were not exposed when the inventory was posted online.

The former employee didn't tell any of her co-workers about the hidden tabs, both reports note. She resigned from her position in May 2023. One year later, a different employee changed the inventory posted online from a PDF file to an Excel file to make the information more easily searchable and sortable for the public.

The Excel spreadsheet posted online beginning in June 2024 contained the passwords in the hidden tabs created by the former employee, which hadn't been updated since the employee resigned. Although many of the passwords were outdated, the exposed information included current passwords for voting equipment in 34 Colorado counties.

Both investigations conclude that the employees who posted the Excel file online were unaware that they contained hidden passwords and that the former employee who added the hidden passwords could not have reasonably expected they would ever be made public.

The passwords were discovered in October by Shawn Smith, one of the state's most famous election deniers, who says he was tipped off by state Representative Stephanie Luck and failed House District 38 candidate Jeff Patty. The revelation led to leaders of the state Republican Party demanding that Griswold resign, the Libertarian Party suing to require a hand count of ballots, and even Governor Jared Polis calling for an independent investigation into the security breach.

A Denver judge denied the Libertarian Party's hand-count lawsuit on Election Day, November 5, finding no evidence that voting system components were compromised.

The leak did not impact the security of Colorado's election, state officials say. Two passwords are required to make changes to a voting system, according to Griswold's office; the leaked passwords accounted for only half of that pair. In addition, the passwords can only be used in person, with physical access to the voting equipment — which is mandated to be stored in secure rooms that require ID badges to access and have 24/7 video surveillance.

State lawmakers rejected calls to audit the Secretary of State's Office over the leak earlier this month in a vote split along party lines, with Democrats voting against the request and Republicans voting in favor of it.