Donald Trump’s presidential campaign demanded that Colorado Secretary of State Jena Griswold take immediate action to halt ballot processing in order to secure the state’s election equipment after voting machine passwords were posted online by her office.

A Griswold deputy insisted on Thursday that election officials have determined that “layers of security and redundancies” mean the leak hasn’t endangered the state’s voting system.

Meanwhile, Gov. Jared Polis announced that he is deploying state resources and personnel to help Griswold’s staff change compromised passwords and review security logs maintained by county clerks to make sure no one has tampered with their voting equipment.

At the same time, a Republican lawmaker called for the state’s bipartisan Legislative Audit Committee to convene an emergency meeting to investigate the password leak, saying the response by Griswold, a Democrat, “so far raises more concerns than it resolves.”

Also on Thursday, the state’s county clerks sought to reassure Colorado voters that the election system remains secure, noting that the leaked passwords are just one element of a layered security system that protects voting equipment and ballot processing.

“The county clerks urge all voters to cast their ballots with confidence in our system,” said Matt Crane, executive director of the Colorado County Clerks Association and a former Republican clerk from Arapahoe County. “Every clerk is taking this issue seriously and is staying laser-focused on delivering the safe and accurate elections that Coloradans have come to expect from us.”

Griswold acknowledged on Tuesday that a spreadsheet that had been posted online for months to the Colorado Secretary of State’s Office website “improperly included” passwords to some components of the state’s election system. Her announcement came on the heels of a release issued earlier in the day by the Colorado Republican Party that said that, until last week, the spreadsheet included a hidden tab that could be toggled to display the passwords.

“This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” said Jack Todd, communications director for the Department of State, which oversees state elections. He noted that every piece of election equipment in use by Colorado counties requires two passwords and is stored in secure rooms under constant video surveillance.

Former Republicans Secretary of State Scott Gessler, an attorney for the Trump campaign, however, contended in a letter sent to Griswold on Wednesday that the password leak “undermines the integrity of our elections” and could violate state law.

Gessler demanded that Griswold identify which counties were affected by the password leak and then direct them to halt ballot processing in order to re-secure and test the machines before re-scanning the ballots that have already been processed.

Griswold’s office on Wednesday said clerks have received ballots from nearly 1.6 million of the state’s 4 million active registered voters. Ballots started going in the mail to most Colorado voters on Oct. 11, just over three weeks before the Nov. 5 general election.

“We recognize these steps may be an inconvenience for your office and for the affected counties,” Gessler wrote. “But this inconvenience is necessary because it is the only way to guarantee that the elections equipment in those counties whose current BIOS passwords were disclosed by your office are secure and that the chain of custody for that equipment required by Colorado law and regulations is unbroken.”

In a letter sent late Thursday to Gessler and Colorado Republican Party Chairman Dave Williams, Deputy Secretary of State Christopher Beall said that after learning that the passwords had been posted online, the department had consulted with federal cybersecurity experts and “quickly determined that the spreadsheet presented no immediate threat to the security of Colorado’s voting systems or the 2024 General Election.”

Out of “an abundance of caution,” Beall added, the Secretary of State’s Office was working with county clerks to update passwords and “(perform) additional security checks to confirm that no machines have been altered.”

Said Beall: “The Department determined that because Colorado’s voting systems are protected by layers of security and redundancies, no single error can compromise the integrity of the system. These measures are enshrined in statute and the Department’s election rules, including multiple layers of password protection, tightly controlled physical access to voting equipment, 24-hour daily video surveillance, among other measures. To reiterate, the security of our voting systems is not endangered.”

Polis announced on Thursday afternoon that he had ordered the deployment of “human capital, air and ground assets, and other logistical support” to help Griswold’s staff and county election officials change all the affected passwords and verify the security of the voting equipment. The governor’s office said the goal was to complete the password updates by Thursday evening.

In conjunction with that effort, Griswold’s office announced the adoption of a temporary emergency rule allowing the secretary to deputize qualified state employees with cybersecurity and technology expertise to perform the updates and security checks.

“We are deploying additional state resources to address this unfortunate leak,” Polis said in a statement. “We want to resolve the current situation quickly by lending resources to help get the necessary passwords changed as quickly as possible with minimal impact on county clerk operations. We are dedicated to process improvements to instill confidence in our elections. We want to be able to provide assurances that all votes are counted fairly and accurately for this election and all elections, and are grateful for the work of the county clerks for overseeing this process with the state’s support.”

Polis’ office said state agencies involved include the Division of Homeland Security and Emergency Management, the Colorado State Patrol and the Governor’s Office of Information Technology.

Republican lawmaker calls for inquiry 

The move came hours after the state GOP released a letter sent on Wednesday from state Sen. Kevin Van Winkle, R-Highlands Ranch, a member of the Legislative Audit Committee, to the committee’s chair, state Rep. Lisa Frizell, R-Castle Rock.

In the letter, Van Winkle asked Frizell to convene an emergency meeting of the bipartisan committee to investigate the password leak, which he characterized as “the serious election related scandal unfolding with our Secretary of State Jena Griswold.”

“With the election in less than a week, the LAC may be the only available venue to independently and quickly determine if our election systems were ever compromised, to drive corrective action, or simply serve as a platform to inform and ensure the public that our state’s voting systems are safe,” said Van Winkle.

Frizell told Colorado Politics that she believes the panel should hold a meeting but has to work out whether the committee’s rules permit doing so, since rules adopted several years ago require a majority of the eight-member panel to vote to call a special meeting, but the committee may not be able to vote on that until its next meeting, scheduled in early December.

“I’m working with Legislative Legal Services to try to figure out a way around it,” Frizell said in an interview. “I think that the citizens of the state of Colorado deserve to hear from the secretary of state, if she chose to attend such a meeting and answer questions. This whole thing has been a model of opaque government, because she sat on this information and did not disclose it until she was forced to.”

Griswold told 9News that she became aware of the password leak late last week but hadn’t informed county clerks about it until after the Colorado GOP publicized the breach on Tuesday.

Todd, the Department of State’s communications director, told Colorado Politics in an email that the office “took immediate action when we were made aware of this issue late last week” — including replacing the spreadsheet online and reaching out to federal election security officials — but decided against notifying county clerks right away.

“The Department’s top priority was to investigate, fix anything that needed fixing, and then inform the public,” Todd said in an emailed statement. “After consulting with (the Cybersecurity and Infrastructure Security Agency), we made the determination not to inform County Clerks of this situation for the time being.”

The clerks, for their part, said in a news release that they welcome Polis’ support “to ensure that the important issue of updating election equipment passwords is accomplished safely and quickly.”

Additionally, they noted that it’s the local elected officials and their staff who run the state’s elections — and stressed that the password leak by itself doesn’t compromise voting security.

“Passwords are one of the many security mechanisms in place to protect critical election equipment,” the clerks’ association said in a statement. “Because of the multiple safeguards, redundancies, and with this remediation plan in motion, county clerks can say with confidence that Colorado elections are secure.”

Boulder County Clerk Molly Fitzpatrick, the group’s president, said she and her fellow clerks are ready to handle this week’s events after “preparing for this election, including incident response and remediation, for years.”

“We are confident that our security protocols will protect all ballots and ensure that each ballot is counted according to each voter’s intent,” Fitzpatrick added.

It’s a point Frizell also made.

“This is not a reason for people to sit out the election and not vote,” she told Colorado Politics. “It is more important than ever to make your voice heard.”

Added Frizell: “I trust the integrity of the clerk and recorderss in the state of Colorado. They are the boots on the ground, they are the ones that are keeping our elections safe and secure.”