Update on the "whistleblower"
https://arstechnica.com/information...jor-own-goal-with-leaked-bios-passwords/The thrust of Watkins' accusations is that Dominion's Election Management Systems (EMS) voting machines are connected to the Internet and remotely controllable by Dominion itself. His grainy video, blurry screenshots, and hastily photocopied manual pages attempt to paint a picture of voting machines that are always connected to the Internet and remotely managed by Dominion.
Unfortunately for this narrative, all this leaked media really exposes is a generic set of server hardware, with explicit instructions to keep it off the Internet and lock down its remote management functions. Watkins' video cuts together footage of Dominion CEO John Poulos telling US senators that the machines aren't designed for Internet connectivity with footage of the EMS servers' BIOS setup interface. The BIOS shots include configuration options for iDRAC, a Dell-specific technology for remote control of server hardware.
Curiously, Watkins also includes—although he does not address—Poulos' statement that Dominion does not have access to the passwords necessary to access these technologies. He also leaves in the part of his "whistleblower" video in which the Dominion employee states, "[We don't have access to] the BIOS passwords... the state is keeping them." And he ignores the installation manual's explicit instructions to disable iDRAC entirely.
Watkins appears intent to convince less technically savvy viewers that Dominion specifically designed these machines to be remotely managed at all times—a narrative contradicted by Dominion's own installation procedures and the fact that the state manages BIOS passwords (which someone with physical access to the machine could use to enable iDRAC) as its own secure assets.
There's a case to be made that voting machines shouldn't be built from generic server hardware that includes functionality like iDRAC in the first place—but that more-reasonable case does not appear to be the one that Watkins wants to promote.
.
In response to the leaked BIOS passwords, Colorado Secretary of State Jena Griswold issued an executive order—as reported by the Grand Junction Daily Sentinel—requiring the Mesa County Clerk and Recorder's office to supply surveillance videos and documents showing how and to whom the BIOS passwords were leaked.
This is an order with real teeth—the BIOS passwords are protected by policy and should only be available to a few state and county election workers who have passed background checks. If Mesa County Clerk Tina Peters can't demonstrate a proper chain of custody for how the leaked information was maintained, the county's election systems could be decertified, resulting in an expensive, mandatory refit of the machines involved—all on the county's dime.
Pat Poblete of the Colorado Springs Gazette reports that Peters isn't responding to Secretary of State Griswold's order to turn over equipment, surveillance footage, and documents. Instead, Peters flew to South Dakota, where she addressed a so-called "Cyber Symposium" hosted by election conspiracy theory enthusiast and MyPillow CEO Mike Lindell.
In Peters' absence, Griswold obtained a search warrant and sent a team to the Mesa County Clerk's Office. On stage at Lindell's symposium, Peters said Griswold "invade[d] my elections department today," complaining that "we don't know what they were doing in there" because her chief deputy clerk was not allowed to observe the search. Griswold's own press release states that her office's inspection team was "accompanied at all times by officials from Mesa County."
Peters denied any personal involvement in the security breach during her remarks Tuesday night, and she hinted that she plans to release more information on Mesa County voting systems at Lindell's symposium on Thursday.