美國總統川普9月24日表示，亞利桑那州對其人口第一大郡——

•馬里科帕郡的2020大選審計“發現了重磅且不可否認的欺詐證據”。

•呼籲司法部長應對這起重大犯罪事件進行調查。

【2021年09月25日訊】

川普總統在24日的一份聲明中說：

•亞利桑那州的重磅發現！然而，假新聞媒體已經試圖在實際查看事實之前再次為拜登‘喊勝利’——就像他們在（2020年）11月所做的一樣！審計發現了重要且不可否認的欺詐證據！在我們知道如何以及為什麼會發生這種情況以前，我們的選舉永遠不會安全。

•這是一起重大犯罪事件，司法部長應立即進行調查。（亞利桑那州）參議院的最終報告將於今天美國東部時間下午4:00發布。我聽說這與假新聞媒體報導的大不相同。

•地方媒體《亞利桑那共和國》（Arizona Republic）報導稱，馬里科帕郡2020年的大選選票經過長達數月的重新計票後確認拜登獲勝。該媒體還稱，它證實2020大選不是從川普那裡“偷竊來的”。

•川普總統沒有指出任何一個特定媒體，他在另一份聲明中說：“假新聞對亞利桑那州的審計報告撒謊！泄露出的報告最終表明，有足夠多的欺詐投票、神秘投票和虛假投票來改變選舉結果4到5倍以上。”

•川普在這份聲明中給出了一些具體數字，他繼續說道：

“這個數字包括23,344份郵寄選票，儘管這個人不再住在那個地址。

“幽靈選民！官方選民冊甚至和誰投票了都不匹配，多出11,592張票——超過了（亞利桑那州）整個總統選舉的差額。

“在多個郡投票的選民總數為10,342，有2,382張選票來自不再居住在馬里科帕縣的人。還有2,592張‘超出原始投票的重複投票’。

“僅這些欺詐性選票一共就有50,252張，比所謂的（拜登）‘勝利’盈餘10,457票是許多倍的欺詐。

“此外，選舉數據似乎已被故意刪除，選票圖像‘損壞或丟失’。這好在不是整個亞利桑那州，而只是馬里科帕郡。那只會變得更糟！

“亞利桑那州存在欺詐和作弊行為，必須進行刑事調查！今天的聽證會上還有更多結果出來。”

～～～～～～～～～～

Maricopa County Forensic Election Audit Volume I: Executive Summary & Recommendations

Work Performed For:

Arizona State Senate 1700 W Washington St

1 DOCUMENT OVERVIEW

This document includes the Executive Summary of the Maricopa County Forensic Election Audit, a listing of findings

within the Findings Summary, as well as Recommendations based on our work in the audit.

For more details about the Methodology & Operations of the audit, please see “Maricopa County Forensic Election Audit – Volume II – Methodology and Operations.”

For more details about the Findings of the report, or to review the results from the hand-tallying of the 2.1 Million ballots, please see “Maricopa County Forensic Election Audit – Volume III – Result Details.”

2 EXECUTIVE SUMMARY

The preamble to our Constitution reminds us that our nation is always pursuing greater perfection, seeking to establish “... a more perfect Union” so that we can “...secure the Blessings of Liberty to ourselves and our Posterity.” Nothing is more essential in preserving liberty than free and fair elections. To that end, Cyber Ninjas was engaged by the Arizona Senate to audit the 2020 General Election and determine in what areas legislative reform may enhance our current process so that our elections may continue to get better, becoming “more perfect.” In doing so, it was our goal to improve confidence in American elections by identifying areas where legislation could resolve any identified issues.

This audit has been the most comprehensive and complex election audit ever conducted. It involved the hand counting of 2.1 million ballots, a forensic paper inspection of all ballots, a forensic review of the voting machines, and an in-depth analysis of the voter rolls and the 2020 General Election final files.

What has been found is both encouraging and revealing. On the positive side there were no substantial differences between the hand count of the ballots provided and the official election canvass results for Maricopa County. This is an important finding because the paper ballots are the best evidence of voter intent and there is no reliable evidence that the paper ballots were altered to any material degree.

Based on our other findings, however, we recommend that the Legislature tighten up the election process to provide additional certainty going forward, and that several specific findings of our audit be further reviewed by the Arizona Attorney General for a possible investigation. Such other findings include the following:

• None of the various systems related to elections had numbers that would balance and agree with each other. In some cases, these differences were significant.

• There appears to be many 27, 807 ballots cast from individuals who had moved prior to the election.

• Files were missing from the Election Management System (EMS) Server.

• Ballot images 284,412 on the EMS were corrupt or missing.

• Logs appeared to be intentionally rolled over, and all the data in the database related to the 2020 General

Election had been fully cleared.

• On the ballot side, batches were not always clearly delineated, duplicated ballots were missing the required

serial numbers, originals were duplicated more than once, and the Auditors were never provided Chain-of- Custody documentation for the ballots for the time-period prior to the ballot’s movement into the Auditors’ care. This all increased the complexity and difficulty in properly auditing the results; and added ambiguity into the final conclusions.

• Maricopa County failed to follow basic cyber security best practices and guidelines from CISA

*****

• Software and patch protocols were not followed

• Credential management was flawed: unique usernames and passwords were not allocated

• Lack of baseline for host and network activity for approved programs, communications protocols and

communications devices for voting systems

Had Maricopa County chosen to cooperate with the audit, the majority of these obstacles would have easily been overcome. This did not stop the primary goal of offering recommendations for legislative reform to the Arizona Senate, but it did leave several questions open.

Details on the findings discovered can be found in the document “Maricopa County Forensic Election Audit – Volume III – Results Details.”

3 RECOMMENDATIONS

The following sections outline the key recommendations that were determined over the course of this audit.

3.1 Result Reconciliation

Legislation should be considered that does not allow an election to be certified until the Official Canvas and the Final Voted File is fully reconciled. Furthermore, full records for every ballot sent, ballot received, ballot rejected, and ballot voided should have to be fully reconciled within a defined period after the election.

3.2 Voter Registration

Legislation should be considered that requires voter rolls to be entered in an individual’s full legal name and adds accountability for Counties that enter rolls in any other format.

3.3 Voter Rolls

Legislation should be considered that links voter roll registration to changes in driver’s licenses or other state identification, as well as requiring the current voter rolls be validated against the United States Postal Service (USPS) National Change of Address (NCOA) at a predefined period prior to every election. Any voter roll software should validate that there is only one entry in the state database per identification number, such as a driver’s license number.

Laws already exist for interstate reporting of changes in residence, addresses, and driver’s licenses. Tying voter roll registration to these forms of identification would greatly increase the likelihood that voter registration details would be kept up to date. Individuals are more likely to remember their license needs to be updated immediately than voter registration, and since most states now offer the ability to register to vote when getting a license, license updates could also update voter rolls.

It is recommended that the voter rolls be validated against the NCOA both 90 days or more prior to the election, in addition to a week before mail-in ballots are sent out. This check would not be utilized to purge the rolls, but to validate that a mail-in ballot should be sent prior to that ballot going out. The legislature may also want to consider whether a change of address should suspend Permanent Early Voting List (PEVL) enrollment.

*****

In addition, legislation should be considered to require the voter rolls to periodically be compared against ERIC, the Social Security’s Master Death List, or other commercially available tools that give access to this information. Failure to do this at least once a year should result in penalties for a county.

3.4 Election Software

Legislation should be considered that would require applications developed and utilized for voter rolls or voting to be developed to rigorous standards that ensure the confidentiality and integrity of the systems. Specifically, its recommended that the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) Level 3 be applied to all applications associated with voter rolls or voting and that it be required that this be fully validated no less than once every two years. Part of this testing should be explicitly testing an programming interface access to validate that no external party has the capability to manipulate the voter rolls.

Furthermore, it should be required that whoever builds the software be required to rotate vendors doing the OWASP ASVS Level 3 assessment a minimum of once every four years, with a rotation of no less than three vendors before returning back to a vendor utilized in the past.

The vendor who performs this work must be willing to attest that their assessment fully covered the ASVS Level 3 requirements that there are no critical or high vulnerabilities detected, and that there is a remediation plan for any moderate risk vulnerabilities.

3.5 Voting Machines

Legislation should be considered that would prohibit connecting tabulators, or the Election Management System Servers or similar equipment from being connected to the internet or any other mechanism that could allow remote access to these systems.

Furthermore, County employees should have access to all administrative functions of all election equipment and have sufficient access to independently validate any configuration items on the device without requiring the involvement of any 3rd party vendor.

In addition, electronic voting machines must always have a paper backup of all ballots which can be used to confirm that votes were cast as intended; and these machines must be regularly maintained according to the vendors recommended maintenance schedule.

Legislation should be considered that would require that paper stocks utilized on election day conform to manufacturer recommendations to ensure that the paper that has been tested in the device is what is actually utilized to cast votes.

Legislation should be considered that requires following all CISA Guidelines for Election Systems and Equipment, the documentation of any variations among these guidelines, and the signing off on a risk memo by the appropriate party for any derivations from those guidelines.

Legislation should be considered which requires the assignment of individual usernames and passwords for all election related equipment and matters.

*****

3.6 Election Audits

Legislation should be considered that creates an election audit department in charge of regularly conducting audits on a rotating basis across all counties in Arizona after elections. This department should validate that the County follows all processes and procedures outlined in the Elections Procedure Manual (EPM), and have the ability to penalize the County for repetitive EPM failures, or other failures that make auditing more difficult.

Legislation should be considered that requires batches of ballots to be clearly labeled, separated from each other in a manner where they cannot easily mix together, and easily connected to the batches run through the tabulation equipment for easy auditing of the system.

Legislation should be considered to penalize purposely inhibiting a legislative investigation, or an officially sanctioned audit of an election.

3.7 Ballots

Legislation should be considered that will make ballot images and the Cast Vote Record artifacts from an election that is published within a few days of the results being certified for increased transparency and accountability in the election process.

Legislation should further be considered that would require all ballots to be cast on paper by hand utilizing paper with security features such as watermarks or similar technology; with a detailed accounting of what paper(s) and the quantities utilized for any given election cycle.

Mail-in voting should incorporate an objective standard of verification for early voter identification, similar to the ID requirements required for in person voting.