Established Fact
Tina Peters is the former Mesa County, CO clerk who was sentenced to nine years in prison for making forensic copies of her Dominion Election Management System (EMS) server in the wake of the 2020 election cycle. In so doing, Tina prevented the destruction of election records for both the 2020 and 2021 election cycles in Mesa County, CO. Why did CO authorities go after Tina with such a vengeance for her actions to preserve these election records?
Here’s a summary of the findings made by technical experts who have examined forensic images of the election system that CO sought to wipe clean.
Systematic Data Destruction: The “Trusted Build” Update
Between May 25 and May 26, 2021, the Colorado Secretary of State’s office and Dominion Voting Systems performed a software modification known as a “Trusted Build” on the Mesa County Election Management System (EMS) server. Forensic images taken before and after this event document extensive data loss.
Forensic Findings on File Deletion
The analysis utilized industry-standard tools (AccessData FTK Imager and Autopsy) to compare the server states. The transition from DVS D-Suite version 5.11-CO to version 5.13 resulted in:
- Total Files Deleted: 28,989 files were removed.
- Critical Log Deletions: 695 log and event log files necessary for determining election integrity were destroyed.
- Web Server Logs: Prior to the update, 240 log files existed in the web server directory. Following the update, only three remained, with minor remnants found in “file slack space.”
- SQL Server Logs: Installation and operational log files for the Microsoft SQL Server—which manages actual election data—were missing or overwritten in the “after” image.
Hard Drive Re-partitioning
Forensic examination determined that the server’s hard drive was re-partitioned and reformatted during the update. This process destroyed the previous “data map,” rendering prior information largely unrecoverable through standard operating system means. The update effectively wiped the record of elections dating back to 2019.
Legal and Regulatory Non-Compliance
The destruction of data documented in the forensic reports stands in direct conflict with several federal and state mandates.
Statutory Violations
Statute | Requirement | Context of Violation |
|---|---|---|
52 USC §20701 | Retention of all election records for 22 months. | Records were destroyed approximately 6 months after the 2020 General Election. |
CRS § 1-7-802 | Preservation of election records for 25 months. | The “Trusted Build” destroyed archival records required by state law. |
CRS § 1-13-716 | Prohibits the willful destruction or alteration of election records. | Documented deletion of log files by the vendor and state officials. |
Failure to Meet Certification Standards
Colorado law (CRS § 1-5-601.5) requires voting systems to meet the 2002 Voting System Standards (VSS). The VSS mandates that election audit trails must be “indestructible archival records of all system activity.”
- Audit Trail Compromise: The deletion of logfiles—which record connectivity, file access, and automated processes—precludes a comprehensive forensic audit.
- Conclusion on Certification: The reports conclude that because the system and accompanying procedures cannot maintain these records, they do not meet state certification requirements and “should not have been certified for use in the state.”
Security Vulnerabilities and Infrastructure Risks
The reports highlight inherent risks in the hardware and software architecture of the DVS Democracy Suite.
Unauthorized Remote Access Capabilities
Evidence suggests that the hardware provided to Mesa County included components that facilitate remote manipulation:
- Integrated Dell Remote Access Controllers (IDRAC): These allow for “out-of-band” remote management, enabling users to modify the BIOS, operating system, and user accounts without being locally logged in.
- Wireless Networking: The inclusion of multi-band wireless networking cards in systems that are supposed to be “air-gapped” creates unmanaged attack vectors.
Data Integrity Pillars
The forensic experts evaluate the systems against the “CIA triad” of information security:
- Confidentiality: Protecting personal and proprietary info.
- Integrity: Guarding against improper modification or destruction. (Note: This pillar is identified as failed due to documented data destruction).
- Availability: Ensuring timely access to information.
Anomalies in the 2021 Grand Junction Municipal Election
Analysis of the 2021 Municipal Election results and Cast Vote Records (CVR) revealed several “indicators of potential fraud.”
Indicator One: Pre-Election Day Results Generation
Records from the EMS User Log Table show that Cast Vote Records and Election Night Reporting (ENR) files were generated on March 31, 2021—six days before the April 6 election day.
- Statutory Violation: CRS § 1-7.5-107.5 prohibits the release of counting information before 7 p.m. on election day.
- Risk: Early knowledge of interim results (which constituted nearly half of the eventual total) could be used to influence final outcomes.
- Accountability: These files were generated under the “RTRAdmin” account, though multiple users shared common passwords for this and other administrative accounts.
Indicator Two: Inconsistent Voting Behavior (Voter Defection)
A “Voter Defection Analysis” was conducted to measure “ticket-splitting”—voters supporting candidates of different political leanings in the same election.
- Baseline: National and regional averages for ticket-splitting are typically under 10%.
- Anomaly: In the 2021 Grand Junction Municipal election, the four conservative candidates saw defection rates between 31.6% and 34.0%.
- Statistical Improbability: These rates are described as “wildly inconsistent” with historical patterns in Mesa County, where Republican/Conservative candidates typically receive at least 60-65% of the vote.
Indicator Three: Total Vote Discrepancies
Anomalies were noted in the total number of votes cast for different contests on the same ballots:
- Zoning and marijuana ballot measures received significantly more total votes (up to 16,841) than the City Council candidates (as low as 15,202).
- The report finds it “puzzling” that voters showed greater interest in a zoning measure (2C) than in the candidates representing them.
Conclusions of the Analysts
The combined evidence from the forensic reports leads to several critical conclusions regarding the state of election security in Mesa County:
- Vindication of Data Preservation: The reports state that the actions taken by the Mesa County Clerk to commission forensic images prior to the “Trusted Build” were the only reason these records were preserved for analysis.
- Potential Algorithmic Manipulation: The 2021 election anomalies suggest the possibility of a computer algorithm switching and apportioning votes, as the results deviate from established human voting patterns.
- Broad Implications: Because the “Trusted Build” was performed statewide, it is “likely” that similar destruction of election records occurred in numerous other Colorado counties, potentially violating federal and state laws on a larger scale.
- Security Failure: The presence of IDRAC and wireless components, combined with the systematic deletion of audit logs, renders the voting system “vulnerable and untrustworthy for critical functions of government.”
These observations indicate a clear motive behind the lawfare conducted against Tina Peters as a means of ensuring that no other clerks would follow her lead and investigate the integrity of their election systems.
