Established Fact
[Established Fact – Vulnerability confirmed] Investigators identified a documented security vulnerability in Wisconsin’s MyVote WI public-facing voter registration portal that created the capability for anyone obtaining remote access to the voter rolls to change voter information – including voting history – without the change being detected or logged in any auditable way. MyVote WI is the public interface that connects to the backend WisVote database. A modification of voter history records through this vulnerability would retroactively alter the voter participation record, severing the forensic link between ballots cast and voters credited with casting them, with no discoverable evidence of the alteration. Whether this vulnerability was exploited in 2020 is not established, but its existence – and the WEC’s failure to disclose or remediate it – constitutes a systemic failure of election record stewardship.
Citations
Gableman Report, pp. 15-16 (at least one city provided CTCL partners real-time API access into WisVote and BadgerBooks — access WEC Administrator Wolfe falsely denied to the Assembly Committee) https://drive.google.com/file/d/1VHPg8ac3ou5_YYqh9zYe4DL5wuOGdeQE/view?usp=drive_link
Gableman Report, p. 8 (Wisconsin Legislative Audit Bureau finding that WEC failed to maintain a sufficiently accurate WisVote database) https://drive.google.com/file/d/1VHPg8ac3ou5_YYqh9zYe4DL5wuOGdeQE/view?usp=drive_link