美国总统川普9月24日表示，亚利桑那州对其人口第一大郡——

•马里科帕郡的2020大选审计“发现了重磅且不可否认的欺诈证据”。

•呼吁司法部长应对这起重大犯罪事件进行调查。

【2021年09月25日讯】

川普总统在24日的一份声明中说：

•亚利桑那州的重磅发现！然而，假新闻媒体已经试图在实际查看事实之前再次为拜登‘喊胜利’——就像他们在（2020年）11月所做的一样！审计发现了重要且不可否认的欺诈证据！在我们知道如何以及为什么会发生这种情况以前，我们的选举永远不会安全。

•这是一起重大犯罪事件，司法部长应立即进行调查。（亚利桑那州）参议院的最终报告将于今天美国东部时间下午4:00发布。我听说这与假新闻媒体报导的大不相同。

•地方媒体《亞利桑那共和國》（Arizona Republic）报导称，马里科帕郡2020年的大选选票经过长达数月的重新计票后确认拜登获胜。该媒体还称，它证实2020大选不是从川普那里“偷窃来的”。

•川普总统没有指出任何一个特定媒体，他在另一份声明中说：“假新闻对亚利桑那州的审计报告撒谎！泄露出的报告最终表明，有足够多的欺诈投票、神秘投票和虚假投票来改变选举结果4到5倍以上。”

•川普在这份声明中给出了一些具体数字，他继续说道：

“这个数字包括23,344份邮寄选票，尽管这个人不再住在那个地址。

“幽灵选民！官方选民册甚至和谁投票了都不匹配，多出11,592张票——超过了（亚利桑那州）整个总统选举的差额。

“在多个郡投票的选民总数为10,342，有2,382张选票来自不再居住在马里科帕县的人。还有2,592张‘超出原始投票的重复投票’。

“仅这些欺诈性选票一共就有50,252张，比所谓的（拜登）‘胜利’盈余10,457票是许多倍的欺诈。

“此外，选举数据似乎已被故意删除，选票图像‘损坏或丢失’。这好在不是整个亚利桑那州，而只是马里科帕郡。那只会变得更糟！

“亚利桑那州存在欺诈和作弊行为，必须进行刑事调查！今天的听证会上还有更多结果出来。”

～～～～～～～～～～

Maricopa County Forensic Election Audit Volume I: Executive Summary & Recommendations

Work Performed For:

Arizona State Senate 1700 W Washington St

1 DOCUMENT OVERVIEW

This document includes the Executive Summary of the Maricopa County Forensic Election Audit, a listing of findings

within the Findings Summary, as well as Recommendations based on our work in the audit.

For more details about the Methodology & Operations of the audit, please see “Maricopa County Forensic Election Audit – Volume II – Methodology and Operations.”

For more details about the Findings of the report, or to review the results from the hand-tallying of the 2.1 Million ballots, please see “Maricopa County Forensic Election Audit – Volume III – Result Details.”

2 EXECUTIVE SUMMARY

The preamble to our Constitution reminds us that our nation is always pursuing greater perfection, seeking to establish “... a more perfect Union” so that we can “...secure the Blessings of Liberty to ourselves and our Posterity.” Nothing is more essential in preserving liberty than free and fair elections. To that end, Cyber Ninjas was engaged by the Arizona Senate to audit the 2020 General Election and determine in what areas legislative reform may enhance our current process so that our elections may continue to get better, becoming “more perfect.” In doing so, it was our goal to improve confidence in American elections by identifying areas where legislation could resolve any identified issues.

This audit has been the most comprehensive and complex election audit ever conducted. It involved the hand counting of 2.1 million ballots, a forensic paper inspection of all ballots, a forensic review of the voting machines, and an in-depth analysis of the voter rolls and the 2020 General Election final files.

What has been found is both encouraging and revealing. On the positive side there were no substantial differences between the hand count of the ballots provided and the official election canvass results for Maricopa County. This is an important finding because the paper ballots are the best evidence of voter intent and there is no reliable evidence that the paper ballots were altered to any material degree.

Based on our other findings, however, we recommend that the Legislature tighten up the election process to provide additional certainty going forward, and that several specific findings of our audit be further reviewed by the Arizona Attorney General for a possible investigation. Such other findings include the following:

• None of the various systems related to elections had numbers that would balance and agree with each other. In some cases, these differences were significant.

• There appears to be many 27, 807 ballots cast from individuals who had moved prior to the election.

• Files were missing from the Election Management System (EMS) Server.

• Ballot images 284,412 on the EMS were corrupt or missing.

• Logs appeared to be intentionally rolled over, and all the data in the database related to the 2020 General

Election had been fully cleared.

• On the ballot side, batches were not always clearly delineated, duplicated ballots were missing the required

serial numbers, originals were duplicated more than once, and the Auditors were never provided Chain-of- Custody documentation for the ballots for the time-period prior to the ballot’s movement into the Auditors’ care. This all increased the complexity and difficulty in properly auditing the results; and added ambiguity into the final conclusions.

• Maricopa County failed to follow basic cyber security best practices and guidelines from CISA

*****

• Software and patch protocols were not followed

• Credential management was flawed: unique usernames and passwords were not allocated

• Lack of baseline for host and network activity for approved programs, communications protocols and

communications devices for voting systems

Had Maricopa County chosen to cooperate with the audit, the majority of these obstacles would have easily been overcome. This did not stop the primary goal of offering recommendations for legislative reform to the Arizona Senate, but it did leave several questions open.

Details on the findings discovered can be found in the document “Maricopa County Forensic Election Audit – Volume III – Results Details.”

3 RECOMMENDATIONS

The following sections outline the key recommendations that were determined over the course of this audit.

3.1 Result Reconciliation

Legislation should be considered that does not allow an election to be certified until the Official Canvas and the Final Voted File is fully reconciled. Furthermore, full records for every ballot sent, ballot received, ballot rejected, and ballot voided should have to be fully reconciled within a defined period after the election.

3.2 Voter Registration

Legislation should be considered that requires voter rolls to be entered in an individual’s full legal name and adds accountability for Counties that enter rolls in any other format.

3.3 Voter Rolls

Legislation should be considered that links voter roll registration to changes in driver’s licenses or other state identification, as well as requiring the current voter rolls be validated against the United States Postal Service (USPS) National Change of Address (NCOA) at a predefined period prior to every election. Any voter roll software should validate that there is only one entry in the state database per identification number, such as a driver’s license number.

Laws already exist for interstate reporting of changes in residence, addresses, and driver’s licenses. Tying voter roll registration to these forms of identification would greatly increase the likelihood that voter registration details would be kept up to date. Individuals are more likely to remember their license needs to be updated immediately than voter registration, and since most states now offer the ability to register to vote when getting a license, license updates could also update voter rolls.

It is recommended that the voter rolls be validated against the NCOA both 90 days or more prior to the election, in addition to a week before mail-in ballots are sent out. This check would not be utilized to purge the rolls, but to validate that a mail-in ballot should be sent prior to that ballot going out. The legislature may also want to consider whether a change of address should suspend Permanent Early Voting List (PEVL) enrollment.

*****

In addition, legislation should be considered to require the voter rolls to periodically be compared against ERIC, the Social Security’s Master Death List, or other commercially available tools that give access to this information. Failure to do this at least once a year should result in penalties for a county.

3.4 Election Software

Legislation should be considered that would require applications developed and utilized for voter rolls or voting to be developed to rigorous standards that ensure the confidentiality and integrity of the systems. Specifically, its recommended that the Open Web Application Security Project (OWASP) Application Security Verification Standard (ASVS) Level 3 be applied to all applications associated with voter rolls or voting and that it be required that this be fully validated no less than once every two years. Part of this testing should be explicitly testing an programming interface access to validate that no external party has the capability to manipulate the voter rolls.

Furthermore, it should be required that whoever builds the software be required to rotate vendors doing the OWASP ASVS Level 3 assessment a minimum of once every four years, with a rotation of no less than three vendors before returning back to a vendor utilized in the past.

The vendor who performs this work must be willing to attest that their assessment fully covered the ASVS Level 3 requirements that there are no critical or high vulnerabilities detected, and that there is a remediation plan for any moderate risk vulnerabilities.

3.5 Voting Machines

Legislation should be considered that would prohibit connecting tabulators, or the Election Management System Servers or similar equipment from being connected to the internet or any other mechanism that could allow remote access to these systems.

Furthermore, County employees should have access to all administrative functions of all election equipment and have sufficient access to independently validate any configuration items on the device without requiring the involvement of any 3rd party vendor.

In addition, electronic voting machines must always have a paper backup of all ballots which can be used to confirm that votes were cast as intended; and these machines must be regularly maintained according to the vendors recommended maintenance schedule.

Legislation should be considered that would require that paper stocks utilized on election day conform to manufacturer recommendations to ensure that the paper that has been tested in the device is what is actually utilized to cast votes.

Legislation should be considered that requires following all CISA Guidelines for Election Systems and Equipment, the documentation of any variations among these guidelines, and the signing off on a risk memo by the appropriate party for any derivations from those guidelines.

Legislation should be considered which requires the assignment of individual usernames and passwords for all election related equipment and matters.

*****

3.6 Election Audits

Legislation should be considered that creates an election audit department in charge of regularly conducting audits on a rotating basis across all counties in Arizona after elections. This department should validate that the County follows all processes and procedures outlined in the Elections Procedure Manual (EPM), and have the ability to penalize the County for repetitive EPM failures, or other failures that make auditing more difficult.

Legislation should be considered that requires batches of ballots to be clearly labeled, separated from each other in a manner where they cannot easily mix together, and easily connected to the batches run through the tabulation equipment for easy auditing of the system.

Legislation should be considered to penalize purposely inhibiting a legislative investigation, or an officially sanctioned audit of an election.

3.7 Ballots

Legislation should be considered that will make ballot images and the Cast Vote Record artifacts from an election that is published within a few days of the results being certified for increased transparency and accountability in the election process.

Legislation should further be considered that would require all ballots to be cast on paper by hand utilizing paper with security features such as watermarks or similar technology; with a detailed accounting of what paper(s) and the quantities utilized for any given election cycle.

Mail-in voting should incorporate an objective standard of verification for early voter identification, similar to the ID requirements required for in person voting.