On Thursday, five months after Arizona Republicans initiated a partisan “audit” of Maricopa County’s 2.1 million ballots from the 2020 presidential election, the firm hired to carry out the recount released its report. The report failed to provide any evidence of a stolen election and actually found 360 more votes for President Biden. Meanwhile, election experts warn that the faux “audit” that led to the error-riddled report was “dangerous” and a “disinformation campaign.”
The audit began on April 23 and was conducted by Florida cybersecurity firm Cyber Ninjas, a company that does not specialize in election security and whose CEO has a history of promoting baseless claims of voter fraud. The report was supposed to be released in August, but was delayed after Cyber Ninjas President Doug Logan and two members of his team contracted COVID-19.
Even though the partisan report makes clear that Biden won Arizona, David Becker, the executive director and founder of the nonpartisan Center for Election Innovation & Research is careful not to describe the report as “confirming” anything at all. “It confirmed nothing,” he said. “It was not designed to confirm anything and it was not conducted by people who understood what they were doing. It was completely untransparent; it was completely unnecessary.” The election, he said, was confirmed a long time ago by Democratic and Republican election officials, and certified by a Republican governor.
Maricopa County officials reviewed the draft report in advance of its official release on September 23, tweeting that the “draft report from Cyber Ninjas confirms the county’s canvass of the 2020 General Election was accurate and the candidates certified as the winners did, in fact, win.” Maricopa County officials added that “Unfortunately, the report is also littered with errors & faulty conclusions about how Maricopa County conducted the 2020 General Election.”
In response to the audit report presentation on Friday, Jack Sellers, chair of the Maricopa Board of Supervisors, released a statement, describing the hearing as “irresponsible and dangerous.” Sellers also emphasized that the Cyber Ninjas conclusions “come from a misuse and misunderstanding of the data provided by the county and are twisted to fit the narrative that something went wrong.” He added that “these ‘auditors’ threw out wild, damaging, false claims in the middle of their audit and Senate leadership provided them the platform to present their opinions, suspicions, and faulty conclusions unquestioned and unchallenged.”
As election officials and experts had warned, the official report and accompanying “audit” presentation were indeed riddled with errors, questionable methodologies, and previously debunked claims of voter fraud.
The report claims that “mail-in ballots were cast under voter registration IDs for people that may not have received their ballots by mail, and no one with the same last name remained at that address.” The claim, according to the report, is that 23,344 ballots were “impacted under this condition.” But “comparing voter lists with commercial personator data is a very questionable methodology,” as Douglas Jones, an associate professor of computer science at the University of Iowa, explained to The Dispatch. Jones notes that a change of address with the postal service does not mean a change of voting address. A person, for example, might take a months-long vacation and change an address with the post office, but never change a voting address, Jones explained. “In light of this, finding 23,344 discrepancies out of over 2 million voters is no shock,” Jones said. “That’s 1.1 percent.”
The report recommends that voter rolls be verified against the U.S. Postal Service National Change of Address database. According to Jones, though, this recommendation by the auditors is actually a dangerous one because “it’s more likely to disenfranchise than to protect election integrity unless the National Change of Address database is altered to allow change of address to be flagged as temporary.”
The report also makes an accusation about double voting, alleging that there were potentially more than 10,000 voters who voted in multiple counties. However, as Justin Grimmer, political science professor at Stanford and senior fellow at the Hoover Institution, noted in an interview with The Dispatch, the accusation was “sloppily made.” The auditors looked only at the voter name and the birth year (not birth date), so, of course, it’s no surprise that there are multiple people with the same name and the same birth year.
The report also falsely claims that there were 9,041 more ballots returned by voters than received. This conclusion, however, as noted by Maricopa County officials on Twitter, is flawed because, as they explained, “it’s not unusual for more ballots to be returned by voters than received.” To come to this conclusion, auditors consulted EV 33 files, which as defined by Maricopa County, are listings of all voters who returned a ballot on that day. County officials explained that the two most common reasons for “a single voter having multiple entries in the EV 33 file” are when a voter sends back an unsigned envelope, or when there is a signature discrepancy.
“A record for the original ballot is entered into the EV 33 file (where we track returned ballots). A second entry is recorded when a ballot envelope is signed or the signature discrepancy is resolved,” explained county officials.
At another point during Friday’s “audit” presentation, Ben Cotton, founder of digital security firm CyFIR and a member of the audit team, falsely accused Maricopa County of intentionally deleting general election results in the Election Management System. Maricopa County officials debunked this accusation on Twitter, saying that “nothing was purged. Cyber Ninjas don’t understand the business of elections. We can’t keep everything on the EMS server because it has storage limits.” The county further elaborated that they had “archived everything related to the November election on backup drives. So everything still exists.”
Similarly, the report claims that the “audit” discovered “263,139 ballot images on the election system that are corrupt and unreadable TIFF format images.” This is a false claim. County officials explained: “The server isn’t the place to find all ballot images. We provided the hard drives that contain all ballot images and confirmed these images were not corrupted and could be opened.”
The claims of “deleting” and “purging”, as county officials noted, are similar to a debunked claim from May that wrongly alleged a voter database was deleted in Maricopa County.
As The Dispatch explained in a previous fact check, no database was deleted. The Maricopa County Elections Department refuted the claim months ago: “On April 12, 2021, the Recorder Office’s IT Team shut down the server to be packed up and made ready for delivery to the Senate. At no point was any data deleted when shutting down the server and packing up the equipment.” As we noted, the Senate liaison for the Maricopa County audit walked back claims of “deleted databases” on May 19, saying: “I was able to recover the deleted databases through forensic data recovery processes. We are performing data continuity checks to ensure that the recovered databases are usable.”
Despite the fact that both experts and voting officials view this blatantly partisan review as a threat to democracy, Fann maintains that the Cyber Ninja effort was only intended to maintain election integrity, as she explained at the audit presentation on Friday.
Fann claimed that the report would reveal “the statutes that were broken,” and that “chain of custody was not followed.” Her claims don’t hold up, as virtually every election expert and official made clear.
Benny White, a Republican elections expert in Tucson, referred to the report as a “disinformation campaign,” saying that “we simply cannot tolerate, as a society, going through these kinds of circuses just because somebody didn’t like the result.”
“It demonstrates how debilitating it is to democracy,” Becker said. Despite the Cyber Ninjas’ failure to do anything that they said they could do or would do, these efforts are still spreading, Becker explained. “There are legislators and elected leaders in other states looking at the absolute abject failure of what occurred in Arizona, and they’re saying ‘let’s import that here.’”
More generally, Harri Hursti, a computer programmer, hacker, election security expert, and the subject of the 2020 HBO documentary Kill Chain: The Cyber War on America’s Elections, said in an interview with The Dispatch that the auditors seemingly characterized everything they didn’t understand as being “potentially malicious.”
The Maricopa “audit” may be over, but Becker believes the damage will be felt for decades. “It’s very depressing to see so many Americans engage in this grift on their fellow citizens.”