Based on several unresolved issues from the election and the county’s own internal audit – as explained in our main Arizona article – the state Senate issued several subpoenas (legally binding requests) to the Maricopa Country election board and county recorder, to access its voting machines, copies of all ballots and much more so it can perform its own audit. The election board argued vehemently against those requests, saying they were overly broad, and aimed to negotiate a settlement with the Senate. 1 The Senate eventually received the ballots and some of other requested materials, and began the audit.
In May, mid-way through the major forensic audit, the senate committee identified the following issues that it asked the county election board to clarify: 2
- Ongoing refusal to comply with the Senate’s subpoenas
- Chain of custody and ballot organization anomalies
- Deleted vote-counting databases
The Maricopa County Board of supervisors responded with this letter on May 17, 2021, denying all wrongdoing and heavily denouncing the skills of the auditors and legitimacy of the audit, however they appear themselves to misunderstand the workings of data recovery software.
July Senate Hearing
On July 16, 2021, a 2-hour hearing was given in the Arizona Senate, with auditors raising several questions and issues that are preventing them from completing the audit, including:
11,326 voters were not listed on November 3 voter roll, but were listed on December 4 voter roll and were listed as having voted in the election 3
Thousands of duplicated ballots that lacked serial numbers. Senate President Karen Fann noted that without serial numbers, it would be impossible to know how many times a ballot was duplicated. 3
168,000 ballots are printed on unofficial paper that the county claims they did not use. This could be a simple mistake, or an indication of fraudulent ballots. 3
A one-off digital event erasing the security log for the period covering the November election. The auditors reported 37,646 entries into the digital security log for the election management system – which has only eight accounts – on one day, 11 March 2021. Data being kept on a first-in, first-out principle, the digital deluge shoved enough previous data out to hide election security log events before February 2021. Rep. Finchem claims this shows criminal intent. 3 4
Maricopa County officials have been highly oppositional to the audit at every stage, and deny each of the issues. They have responded to common questions and allegations on their website.
Meanwhile, the Senate issued fresh subpoenas (legally binding requests) to obtain the missing information required to complete the audit: ballot envelopes (or images of them), voter records, routers (or router images), all findings concerning systems breaches, and all usernames and passwords for election machines. 5 After the subpoenas were refused, the Senate has referred the matter to the state’s Attorney General for investigation.
Common Criticisms of the Audit
Based partly on Ryan Wiggins’ article from 97.1 FM Talk.
“This is a partisan audit only done by Republicans, so it can’t be trusted.”
Democrat officials knowingly turned down being involved in the audit, instead preferring to discredit it to their media allies. 6 Volunteers involved in the audit were recruited from all political sides — in fact volunteers were not even asked which party they belonged to or who they voted for.
“It was paid for by far-right-wing groups.”
The Senate chose to avoid criticism by not spending millions of taxpayer dollars on it, instead leaving private donors as the only means of funding. 6 56% of the funding came from The America Project, an organization led by Patrick Byrne, a Libertarian who did not even vote for Trump. Other funders include Former Lt. General Michael Flynn and Christina Bobb from OAN News 7 — hardly “far right”.
“Cyber Ninjas and other groups doing the audit have no forensic audit experience.”
This is, in fact, true. US elections have never been forensically examined at this scale, therefore nobody has any experience in doing such an audit. There has been no precedent. 6
“These people are not even certified auditors.”
Despite the media use of the term “certified auditors”, there is actually no such thing as accredited election auditors in America, only accredited voting system test laboratories (VSTLs). These labs are hired by voting machine companies like Dominion to grant them government EAC (US Election Assistance Commission) certification, and as such would be inherently biased against finding issues in machines that they themselves were paid to certify.
When the Senators then approached big financial auditing companies, they all refused, saying it would put their government contracts at risk. 8
“Even Republicans on the Maricopa Board of Supervisors have resisted this audit.”
Yes, they have resisted heavily! Early on they agreed with the idea, but after visits from out-of-state lawyers, they begin resisting efforts and even ignoring subpoenas. One would expect officials to comply with members of their own party, especially if it could exonerate them. They instead have resisted transparency. 6 What do they have to hide?
“There have already been audits that proved nothing happened in Maricopa County, AZ.”
The previous audit in Maricopa County was organized by themselves and utilized Pro V&V and SLI Compliance — companies that Dominion had previously contracted to certify their machines. They would likely be inherently biased against finding issues in the same machines they, themselves, were paid to certify.
Many other audits of this nature are also small “risk limiting audits” which examine a small percentage of the ballots. The full forensic audit examined around 2,100,000 ballots, including the paper, the counting process, the chain of custody, and other related processes. This was a much deeper examination than had been done before.
“There were blue and black pens on the tables. They were looking for bamboo fibers in the papers. One of the insurrectionists was there counting. Etc…“
Lots of small things were raised to nitpick on the audit, yet it was live-streamed 24 hours a day from more than a dozen camera angles. Security was very tight, and anyone – regardless of party – was held to the high standard.
“Cyber Ninjas CEO Doug Logan pushed election conspiracy theories.”
The main accusation against him (that we could find) is that he is allegedly “Anon”, the anonymous interviewee in the documentary The Deep Rig (something we have not yet been able to confirm) who apparently said that “If we don’t fix our election integrity now, we may no longer have a democracy.” The interviewee also claimed that current and former members of the Central Intelligence Agency (CIA) were involved with a “disinformation” campaign directed at the 2020 presidential election. 10
If true, the first statement can hardly be called “conspiracy”. And while the second does allege a form of conspiracy, it’s not at all baseless, as federal agencies have been clearly implicated by Department of Defense Chief of Staff Kash Patel, and US House Intelligence Committee Chairman Devin Nunes, as they explain in detail in the documentary The Plot Against The President.
If fraud does exist in Maricopa County, it is arguably better to have someone sceptical of the results investigate — as long as they can legitimately prove their conclusions — rather than someone who believes everything is fine already.
Also, if the Democrats had accepted the offer to be involved in the audit from the start, they could have participated in picking the cyber team. Why did they choose not to participate?
Telling the Story
On Aug 12, at the Cyber Symposium, Arizona State Representatives Mark Finchem, Sonny Borrelli, and Wendy Rogers told the story of the entire audit process, including responding to early election fraud reports and moving through with the forensic audit despite many obstructions from Maricopa County, the media and others.
Settlement Regarding Routers and Splunk Logs
After further pressure from the Senate to release the routers and splunk logs for auditing, the Senate and County reached a settlement agreement (read it here) where the County Supervisors will give the Splunk logs and the routers over to a third party, a trusted source which is former Arizona Congressman, John Shadegg, who will act as a caretaker of the data, a trusted 3rd party. Cyber Ninjas will then (reportedly) be able to get everything that they want from him 11, although the terms of the agreement appear to conflict with this. 12
Unfortunately, it has been reported that John Shadegg has lobbied on behalf of company “Hickman’s Eggs” in the past. Hickman’s Eggs is owned by the then Chair of the Maricopa County Supervisors, Clint Hickman. Supervisor Hickman has been a hostile player in regard to the audit, and as such, John Shadegg may not be a neutral player, but instead hold a direct conflict of interest. 13
Senator Kelly Townsend has been posting regular updates on her Telegam channel — despite not being allowed into the audit committee itself, she is keeping a close eye on proceedings. The Arizona Conservatives Channel also has regular updates.
Forensic Audit Results
The final forensic audit results are due to be released Friday, September 24, at 1pm Arizona time.
Voter Canvassing Effort
A part of the Maricopa Forensic Audit involved voter canvassing — directly interviewing voters and visiting registered addresses to confirm that official records match how residents actually voted. The Federal Department of Justice swiftly enacted significant pressure against this canvassing, saying that it equated to “voter intimidation”, and would be potentially illegal. This blockade of the Senate’s efforts forced them to focus on the remaining aspects of the audit.
But hundreds of private citizens such as those led by Liz Harris had already begun their own grass-roots canvassing effort, visiting 11,708 residential properties and gathering data on 4,570 voters. We’ve summarized her team’s findings on the main Arizona page, here.
On Sep 24, 2021, the Arizona Senate heard presentations from the key auditors, presenting their findings.
The audit report identifies more than 57K questionable votes, intentionally deleted election files, and other suspicious voting machine activity. 14
The official written reports can be obtained from The Arizona State Senate Republican Caucus, or we’ve included direct links below.
|Cyber Ninjas Report
(recount and ballot audits)
|Report Volume 1|
|Report Volume 2|
|Report Volume 3|
(voting machines & cyber security)
|Presentation from Ben Cotton, CyFIR Founder|
|Report by Dr. Shiva Ayyadurai|
|Randy Pullen’s Report||Presentation|
|Ken Bennett’s Report (election procedures)||Presentation|
|Senate President Karen Fann||Letter to Attorney General Mark Brnovich|
We recommend checking The Arizona State Senate Republican Caucus website for the latest versions, in case they release further reports or updates that we have not listed here.
Major issues identified:
255,326 early votes are recorded in the VM55 file of counted ballots but are missing from the EV33 file 15
17,322 duplicate votes (where voters sent in 2 or more ballots) that were illegally counted in the final certified tally (a large surge of these were dated the week following the election) 16
27,807 ballots cast from individuals who had moved prior to the election, and are unlikely to have physically received their ballots legally
Envelopes without signatures that were stamped as “approved”
Ballot envelopes showing an apparent “approved” stamp behind the basic graphics of the envelope, suggesting tampering, or at the very least, poor quality scanning and archival of envelope images
The systems related to elections integrity had numbers that could not balance or agree with each other
The voter rolls and the registration management process itself having many data integrity issues. For instance, over 200 individuals were easily identifiable as likely being the same person but having two different Voter IDs and voting twice in the election.
Without access to the County’s detailed records including personally identifiable information and registration systems it is more likely there were many tens of thousands of improper votes in the election from double voters, deceased voters, voters for which there is no trace in the public records nor association to their voting address
Proper voter registration law and procedures were not followed
There were unexplained large purges of registered voters, right after the election, of people who had voted in the election
There was back-dating of registrations, adjustments made to historical voting and voter records, unexplained linking of voter registration affidavits to multiple voters and more
Files were missing from the Election Management System (EMS) Server and other voting machines, either intentionally or negligently removed
Ballot images on the EMS were corrupt or missing
Logs appeared to have been intentionally overwritten
All data in one database related to the 2020 General Election had been fully wiped. This occurred on the day prior to Maricopa’s own internal audit. 17
On the ballot side, batches were not always clearly delineated, duplicated ballots were missing the required serial numbers, some originals were duplicated more than once, and the auditors were never provided chain-of-custody documentation for the ballots for the time-period prior to the ballot’s movement into the auditors’ care. This all increased the complexity and difficulty in properly auditing the results.
There were significant anomalies identified in the ratio of hand-folded ballots, on-demand printed ballots, and a significant increase in provisional ballot rejections for a mail-in ballot already being cast, suggestive of mail-in ballots being cast for voters without their knowledge.
Maricopa County failed to follow basic cyber security best practices and guidelines from CISA 18
Remote Access and “Terminal Services” features of Windows were enabled allowing machines to be remotely controlled 18
Software and patch protocols were not followed 18
Credential management was flawed: unique usernames and passwords were not allocated. Many (if not all) accounts shared the same password, and multiple users appear to have shared the same account. 18
A dual-boot configuration was discovered on adjudication equipment which is not an approved configuration. The second hard drive contained non-Maricopa County data.
Here is a summary table from the Cyber Ninjas report (Volume III). This does not include the 17,322 duplicate ballots found by Dr. Shiva (EchoMail) and the 255,326 early votes that appear in the VM55 but are missing from EV33 file.
A lot of the mainstream media has picked up on a single results table from Doug Logan that showed that the audit team’s count of the ballots closely matched the certified results, using that as supposed proof that Biden still won the state. What is being overlooked is the highly questionable validity of those votes.
Also note that this is not the complete audit report. Analysis of the routers, Splunk logs, and paper ballots is still ongoing.
Below, you can watch the full 3-hour hearing:
Several workers from the forensic audit — Maricopa residents who voted in the election and passed background checks — were interviewed on what they witnessed during the audit. They reported seeing numerous anomalies including ballots that were filled in “too perfectly”, indicating possible duplication by machine; and abnormal repeating patterns such as 7 for Biden, 1 for Trump, 7 for Biden, 1 for Trump, 7 for Biden, 1 for Trump. Despite being reported, these issues may not have made it into the final report. See their testimony in the video below:
Editor’s note: Regarding the machine-printed ballots mentioned in the video above, Doug Logan, the lead auditor from Cyber Ninjas reported that there are some legitimate scenarios where ballots are marked by a machine, such as if they are damaged, or unable to be scanned 19, or from ballot marking devices (BMDs) used by voters who are unable or uncomfortable marking a ballot by hand. While BMDs may be needed for voters with disabilities, they have known issues when used in large populations.
Analysis of the routers, Splunk logs, and paper ballots is still ongoing. We’ll update this page as more findings are uncovered.
Maricopa County officials took to Twitter and sympathetic media channels to deny the allegations and minimize the report’s findings. They claimed the results were mistaken and that they had provided everything in the Senate’s subpoena, despite several key items still being withheld.
Members of the Maricopa County Board of Supervisors, as well as Ken Bennett, Senate liason for the audit, presented testimony to Federal Congress’ Oversight Committee on the findings, during which the county admitted to removed election files from machines prior to the audit. 20
Dr. Shiva, who ran the audit of ballot envelopes, held a follow-up open discussion forum on the Maricopa Audit, open to Republicans, Democrats and state/county officials. See the full video and our summary here.
Cyber Ninjas later provided a great, detailed rebuttal to Maricopa County on their denials and deflections. It addresses specific claims, one-by-one, with screenshot evidence and links to further references.
So what happens now?
Senator Karen Fann has forwarded all reports onto Attorney General Mark Brnovich, who is in the process of identifying criminal activity and other breaches of law that need to be prosecuted.
The state congress will also likely explore further actions such as potentially decertifying the results. We expect to hear more about this in the coming days and weeks. 21
Footnotes & References
“Maricopa County votes to audit machines used in November election”, Fox 10 Phoenix, Jan 27, 2021. ↩
From Arizona Audit Senate Hearing, July 16, 2021. A short summary of the 2 hour hearing is available from OAN via this link. The full hearing was available on YouTube Censored or on Rumble, here. ↩ ↩2 ↩3 ↩4 ↩5 ↩6 ↩7
“Arizona Senate Issues Fresh Subpoenas for 2020 Election Audit”, The Epoch Times, July 27, 2021. ↩
Ryan Wiggins: “OPINION: Cheat Sheet: Easy answers to popular criticisms of the Arizona audit”, Sep 15, 2021 ↩ ↩2 ↩3 ↩4
According to Representative Mark Finchem, from the presentation given at the Cyber Symposium. See Rumble video: “AZ Leaders Expose How Election Was Stolen In Their State”, published Aug 12, 2021. ↩
These accusations appeared in multiple left-leaning media outlets including the Arizona Mirror: “Audit leader Doug Logan appears in conspiracy theorist election film”, Jun 26, 2021 ↩
Correction: We previously quoted the report as saying Cyber Ninjas writes, “based on these factual findings, the election should not be certified, and the reported results are not reliable.” Apparently this conclusion that “the election should not be certified” was included in an early, leaked draft report, but Doug Logan, author of the report states that this was added to the draft by a junior audit staff member and was removed from the final report. 19 22 Doug made every attempt to present the findings factually and neutrally. We have since removed that statement. ↩
UncoverDC explains these files and what they were expected to contain. See “Cyber Ninjas Report: 255,326 Ballots Cast, No Record Of Receipt”, Sep 28, 2021. ↩
According to Dr. Shiva, there was a massive surge of duplicate ballots AFTER the polls closed on election day. Between November 4th and November 9th, 25% of all double votes were received by election officials, eventually getting counted in the final total. Curious timing? Did they wait to see how many extra votes they needed? See the relevant snippet of the presentation via this Tweet.
Dr. Shiva and his research team were able to track the timing of the duplicate ballots by looking at the timestamps of all Early Voting Ballots that were received by election officials.
Maricopa County claims that they “archived” a lot of data prior to the audit, and are still in possession of this data, but since it was not listed in the subpoena, they were not required to provide it to auditors. It has not yet been confirmed whether this data actually exists as they claim. ↩
Maricopa County claim that these security practices are unnecessary because the vote tabulation network is “airgapped” (meaning it’s on its own isolated network, unconnected to the internet), however they appear to be naively unaware (or criminally complicit) as to the numerous ways that attackers can infiltrate an airgapped network. Evidence in the report also demonstrates that there were periods of internet connectivity, contradicting their claims. ↩ ↩2 ↩3 ↩4
C-Span User Clip: “Maricopa County Admits They Deleted Files That Were Archived, Not Given in Subpoena”, Oct 7, 2021. Or see the full 3hr 45min hearing video, on C-Span. ↩
Whether the state legislature can actually “decertify” the previous election is hotly debated. Arizona Governor Doug Ducey has stated it’s not legally possible to do so, and he won’t pursue it (although he has been highly resistant to the entire audit process, and potentially complicit). Attorney Matt DePerno has written to Senator Wendy Rogers and also stated in interviews that the Constitution does give this power to the state. They just need the courage to exert the power given to them. ↩
According to interview with Doug Logan at The Gateway Pundit: “Exclusive Interview with Doug Logan from Cyber Ninjas on the Arizona Senate Forensic Audit – Updated”, Sep 28, 2021 ↩