Disputed Fact
[Disputed Fact – As to Board knowledge at time of certification] The forensic analysis conducted by Ben Cotton of CyFIR documented that the Maricopa County EMS contained an unauthorized compiler capable of creating and executing files during the active voting period – a capability not present in the EAC-certified Dominion Democracy Suite 5.5B configuration. The Cotton analysis, presented to the Arizona Senate, further documented that neither the operating system nor antivirus software had been patched since August 2019, and that a single, shared password was used for all user accounts across all EMS systems – in direct violation of the Arizona Election Procedures Manual. Certification of results produced by an EMS operating outside its certified configuration without disclosure of that deviation to the canvassing board constitutes a certification of results whose provenance cannot be verified. Whether the Board members or their legal counsel possessed information about the software configuration deviation at the time of certification is a disputed but critical factual question.
Citations
Second Declaration of Benjamin R. Cotton: https://state-of-denial.org/supreme-court/documents/20240319-Ben_Cotton_Affidavit-1202.pdf | Court Filing; see also Affidavits-Reports Spreadsheet (Election Integrity Sandbox)
Cyber Ninjas Response to Maricopa County Analysis of Senate Report, § 1.9.4.2., https://www.scribd.com/document/534037094/Cyber-Ninjas-Response-Maricopa-County-Analysis-of-Senate-Report-2
Fann Letter, Sept. 24, 2021 (‘The audit found that Maricopa County overwrote the entire activity log in its Election Management System’)
HCR 2033 — Arizona Legislature, 55th Leg., 2d Reg. Sess. (2022), https://www.azleg.gov/legtext/55leg/2R/bills/HCR2033P.pdf