Charlie Kirk

Hey, everybody. The unedited Senate hearing for the audit results.

Doug Logan

Hear it yourself. Only thing I'll ask you to do

Charlie Kirk

is please consider supporting the Charlie Kirk show podcast. CharlieKirk.com support we just take the audit hearing.

Doug Logan

I thought it was so important that you hear it. You listen to the details and listen

Charlie Kirk

to our sister episode where we give our commentary on it. CharlieKirk.com support that's CharlieKirk.com support.

Doug Logan

Thank you to Alan, thank you to

Charlie Kirk

Maria, and thank you to Brian for your very generous support that allows us

Ben Cotton

to do what we do@charliekirk.com support.

Charlie Kirk

This is the unedited Senate hearing of the Maricopa county audit.

Doug Logan

I think you will all enjoy it. Buckle up.

Charlie Kirk

Here we go.

Ben Cotton

Charlie, what you've done is incredible here.

Senator Warren Petersen

Maybe Charlie Kirk is on the college campus.

Ben Cotton

I want you to know we are lucky to have Charlie Kirk. Charlie Kirk's running the White House, folks.

Doug Logan

I want to thank Charlie. He's an incredible guy.

Ken Bennett

His spirit, his love of this country. Done an amazing job building one of the most powerful youth organizations ever created, Turning Point usa.

Doug Logan

We will not embrace the ideas that have destroyed countries, destroyed lives, and we

Charlie Kirk

are going to fight for freedom on

Doug Logan

campuses across the country. That's why we are here.

Senator Warren Petersen

That is a true statement. They were close. Now, I find it ironic that our Secretary of State and a few others have called this a sham audit, that you can't trust it. You can't believe it. Well, the interesting fact is truth is truth. Numbers are numbers. And we've said that from day one. What you're going to see is exactly what it is, the truth. And those numbers were close within a few hundred. But what you have not seen and not heard yet, which is what you are going to hear right now, what you have not seen and you have not heard is about the statutes that were broken, how chain of custody was not followed, how we had a number of issues, which is why people question the ballots and the elections. So I ask that you please keep an open mind. I please ask that you listen to this, because the reality of this is what this is all about is making sure your vote counts. Senator Peterson.

Senator Sonny Borrelli

Thank you, Madam President. I would join you and welcome everybody here who's here in person listening or watching this historic event. This is the first time in the history of our country that an audit of this scale and magnitude has ever been conducted. It's unfortunate that it is an incomplete audit due to the lack of cooperation and the obstruction from the county. However, in spite of that, this is still the most complete audit that has ever been done. The goal here, as the President has said, is election integrity. Our citizens have demanded it. The importance of our society having faith in the election process cannot be overstated. The number she gave of people who had concerns was significant. But even if it was much less, it would still merit this type of an audit to bring reassurance to our citizens. This report should help the Senate understand what has been working, what needs improvement, and whether further investigation by law enforcement should occur. So I look forward to receiving this report with all of you at this time.

Senator Warren Petersen

Thank you, Senator Peterson. With that, we will start with our first presenter. Our first presenter is joining us via Zoom because he lives on the East Coast. His name is Dr. Shiva. He was the one commissioned by the Senate and that was because we finally got the envelope ballots or the ballot envelopes so we could check signatures or lack thereof. And this was his part of the audit. Dr. Shiva, welcome to the Arizona Senate. How are you today?

Charlie Kirk

Thank you very much for having me. Honorable President Fan, thank you very much.

Senator Warren Petersen

Absolutely.

Charlie Kirk

Also Senator Peterson, thank you.

Senator Warren Petersen

The floor is yours. Please proceed.

Charlie Kirk

Thank you. Before I start, I have a presentation. This is also accompanied by a report. I just want to make one preparatory remark and that is as a follow up to Senator Peterson. We live in the age of what we call engineering systems, complex systems. Taking an airplane, using an iPhone, self driving cars. These are highly complex systems, but what are known in the modern world as engineering systems. Our election voting systems are also engineering systems. And I want to thank the leadership of the Senate, the stakeholders, because they've taken a historic step here to bring the same level of engineering systems capabilities to election voting systems. And one of those important attributes is that whether an anomaly, small or large, or insignificant or monumental, it all must be welcomed because from an engineering standpoint, it can only do one thing which is to enhance the system. So today, as Senator Fan, President Fan said, I'm going to be sharing with you a particular area that we looked at which was looking at the election early voting ballot return envelope images. And that's what I'm going to share with you. So let me begin. I'm going to start up the PowerPoint and I think I need to share the screen here. Let me see if I can share first there. All right, let me start here. So the title of this talk is Pattern recognition Classification of Early Voting Ballot Return on rule.

Senator Sonny Borrelli

The screen is blank.

Charlie Kirk

It's blank. I'm sharing.

Senator Warren Petersen

Always a technical problem.

Charlie Kirk

Okay, let me stop the share and restart again.

Senator Warren Petersen

Let's try that again. There we go. Thank you. That worked.

Charlie Kirk

Okay. And so the title, as I said, is A Pattern Recognition Classification. Early Voting Ballots Return Envelope Images for Signature Presence Detection. We're not doing signature detail verification, but we're doing signature presence detection and we're taking an engineering systems approach. So let me begin. I will go through this agenda. We're going to give a little bit of background. We're going to review the Maricopa results. We're going to go through what our analysis resulted in and then compare them and then report on some of the key findings and anomalies and then also raise questions for Maricopa officials and then propose some recommendations. So the executive summary of this to sort of summarize the whole talk here today, or the findings, is that the early voting ballot, the return envelope, you really want to think about, that's really the protective vehicle by which the evv, which is the early voting ballot, is transported and processed. And the authentic, the authentication, the verification of the signature on the EVB return envelope is critical to reliability of the entire process. And our audit reveals anomalies, raising questions on the verifiability of the signature verification process. So let's begin. So a little bit of background. You can read more about it. But I was selected and I was honored to be selected because my background for more than 40 years has been in the field of pattern recognition and classification, particularly system science. And it goes back to a long period of time. But just very briefly, you know, in this field you look at reality. In this case, we're looking at the electronic, the election voting, the early voting ballot system, and then you try to model it. That's typically what science and engineers do. For example, for many years I looked at how babies were processing sleep and trying to understand their system, looking at sleep patterns. Same in the area of deafblind communications. Again, you have the reality, you have signals. Same in the area, looking at a bridge and you get signals from it. Based on the signals, you're trying to predict what's going on in that bridge. And same if you look at an aircraft wing without having to open it up, you look at these signals and you're trying to predict what's going on. And for many years we did a project on looking at handwritten bank check numerals and these different areas, including email, looking at what's inside of an email as a system. These are all pattern recognition problems. And in fact, if you look at food, trying to figure out will this food cause different kinds of diseases, but the reality in this area is you're looking at the particular real world, and you have a model. You can look at the heart, you can look at the cardiovascular system of that, and you can say, hey, I have some states of this system which are normal signals and some states which are abnormal signals. So in this case, what we're looking at is we have the early voting ballot system, and we have the early voting ballot return envelope images. These are the signals that we received to try to figure out what's going on inside that system. So you have the reality of what took place, and you have the expression of that which is embodied in those images. And this is what one of those images looks like. You have a image, you have upper left, the name of the voter, and here you have the signature. And we were asked, as a part of the scope of this audit, not to look anywhere else, but to look in this signature region and to look to see if there was a normal status signature there or the abnormal states, blanks split into two. And I'll talk about more in detail, a complete blank or likely blank, or what we call a scribble. A scribble is something trying to get into the direction of, hey, was this signature even valid? Okay. And it's a very, very rudimentary step we took, not full signature verification. All right, so early vote, voting ballot system, and you have these images. So before we head into the actual process, we did, let's look at the reality of what took place. So this is on the left side, the actual reality. What was reported by the Maricopa county in their voter education report, in fact, what was called their canvas report. And what we see here, if you look carefully here, are the numbers that they reported from 2016. But more importantly, we're concerned about 2020. And in 2020, one of the lines in their report is called the early ballots verified and counted, which has 1,915,487. And the rejected early ballots, which are these numbers, are the ones that were not included in the final count, bad signatures, which means they went through a signature verification process. And out of that 587, out of the 1,918,462, all of them were deemed to be bad signatures. And the way we get this number is you take all of the ones that were verified and counted, the ones that were bad signatures, there were some which were no signatures, which were blanks, and then late returns. So to be clear, according to the report, this was a total number of early voting ballot return Envelopes received by Maricopa County. To make it a little more clear, we have 1,918,463 total unique EVV return envelopes, of which 1,455 were found to have no signatures. And at the end there was an amount of 1,917,008 was ready for signature verification. And as a result of that, 587 were found to have bad signatures. Now, in signature verification, it's a detailed process, you can read the report, but counties vary and Maricopa is considered, along with Florida, apparently have one of the better signature verification processes. But according to that, out of the Entire lot of 1,918,463,587After this verification process, where someone looks at the signature and they look at the voter registration signatures and they're. And they're doing typically what's called a 27 point analysis. So 587 were found to have bad signatures, 934 with late returns for total amount, which matches with what was reported of 1,915,487. Okay, so this is Maricopa's reported results to the public. The scope of our audit, Just to. I'm going to go through the scope of this audit by also going through the process. So they'll be somewhat educational. When early voting ballots with some people, which is a subset of those are called mail in ballots, are submitted, those ballots are imaged, which means scanned, converted to digital images. So the EVV return envelopes, we're talking about the outside, the covering, that important covering within which is contained the ballot is scanned before they're even tabulated. So the EVB return envelopes are opened and scanned. Okay. And those create images. In fact, there are six different kinds of EVB return envelope formats. Let me walk you through some of them and here's sort of a little bit closer, but let me walk you through some of them. So this is a majority of them. We call them the standard image files. This is for our lingua franca. This may not be the standard language, but for the purpose of this presentation. So this is one way that they look. There are also another set called UCAVA image files. And there's three different kinds of here you have the signature here, the date here, the name of the voter here. Another version of that is a little more complicated. It's more of an affidavit. The signatures here, the name of the voters here. And obviously we redacted stuff for privacy. And the third type of The UCAVA is type C. So you have UIF, A, D and C. All right. Then finally we have large print image files, LIFs, and these are for people who have trouble seeing, so the instructions, everything are larger. And then finally you have the Braille format. So again, six different image formats that we had to process. Let me walk you through the counts that we got. We got a drive with all of these images on them. The SIFs, which was the first one I showed you, there's 1,919,598 which is about 99.5%. The UIFAs 8,849.459%. The UIFB's 277.014%. And we go to the UIFCs which are the affidavits, which a small step, which are 0.001%. And then finally we have the large formats which are 475.024% and the braille about 29 of them.02%. That added up to all of them. So for the audit we were provided by the Arizona State Senate 1,929,240. And these were apparently all the EVV return envelopes that Maricopa county got. Okay. What we noticed when we looked at this, which was fascinating, our first interesting, I guess wasn't an anomaly, but something we were a little bit surprised because we thought the duplicates would be remote removed. But there were duplicates in here, so we had to remove duplicates. So out of those said there were duplicates. So these were the duplicates we found about, not about 16,934 voters who had submitted 16,934 two copy duplicates, which means each of those voters submitted two ballots. Okay, two return early voting ballot return envelopes. Interesting enough, we also found another 188 voters, unique voters who had submitted 376 duplicates. So the total image count was 564 when she removed the duplicates. Right, because you want to take one of them. And then finally we found also four individuals who submitted 12 duplicates, total images being 16. So the total duplicates was 34,448 total images, of which 17,332 were 322 were duplicates from 17,126 voters. This was, by the way, we'll get to. It was not reported in the report. So when you look at the first level of analysis on our. The data that we got, 1,929,240 EBV return envelopes received. We subtract out the duplicates, and then we have 1,911,918,000. Okay, so the process that we were really commissioned for was to do a very, you know, basic analysis to see is there a signature there or not? Signature presence detection. So in that process, again, the goal is, is there a signature there in the signature region? Interesting enough, some people don't follow instructions. They write all over. But it wasn't our job to go scan everywhere. Our job was to look in that signature region. So again, specifically, we looked in that signature region. One category of the signature region has a signature. Another category is blank, likely blank, and scribble. And just to keep it real simple, there's a very simple classification. If it's 0% non white pixel density, which means nothing in that area, it's a blank. If it has a little bit 0% or greater, but no more than 0.1%, like this example here, we put it into another category just for early classification purposes. We called it a likely blanket. And then if it was greater than 1%, density greater than 1%, or that was denoted as scribble. And what's interesting, in anything over greater than 1%, by the way, this is actually. This should be 0.1% to 1%. Slight mistake here. So this is greater than 1%. Okay, so let me repeat. This should be greater than 0.1%, less than 1%. Please correct that. And this is greater than 1%. All right, then what we did was we did a distribution curve. We looked at all of the ballots and we did a distribution of pixel densities, just to give you an idea of how liberal we were in accepting something as a signature. So if you look at this, it was only this little area here, which is between 0.1 to 1%. That's the definite non white pixel density. That's a scribble. Everything else, we were quite liberal and accepted those as signatures, even in our analysis. So again, we were not hired to do signature verification. All right, now after this, typically signature verification would take place, which is what the county did. And then they would also open up then the ballots and then open up the envelopes and tabulate them. So let's go to our signature presence detection. So we took it. We took a ballot, or it could be any ballot. First of all, we classified it into one of these six categories. That's what the system did. And then for each one of the four of those, we removed the duplicates. As I'VE shared. And then we looked at the ballots. Once we knew which one it was, we identified what kind of region. We extracted the region, if possible, though this was not part of the scope. We also tried to extract the name. We were able to do that for close to, I think, 99% of them. So we also use different types of classifiers, which is in pattern recognition lingo, for each one of these different kinds of ballots, to ultimately put them into one of these four buckets. So let's look at the results. So we're first going to look at the non duplicates, which means all those early voting ballot evb, to be simple, return envelopes, which were non duplicates. And here we see predominantly 99.77%. We denoted a signature. Again, anything greater than 1% pixel density. These scribbles we found were 0.13%, 2,420. And the blanks fell into two groups. The definitive blanks of 1,771 and the likely blanks of 101. This adds up to 0.1%.

Ben Cotton

Okay.

Charlie Kirk

Then we also looked at the counts. So of these you had, just to be clear, we had 2,420 scribbles, and we have 1872 blanks. We put both of these together in our sum total. Similarly, we now went and looked, this is a little more complicated, at the two copy duplicates, because we had to deal with those. There was substantial amount, 34,000 of them, 34,000 and more. So the duplicate recognition split it into three, in fact, three groups. But we have subgroups. So there could be, you know, you have the, if you think about it, the mother and the son or the mother and the daughter. Okay. Or the parent and the child relationship. So one of the two, one could have been a signature and one could have had a signature. One could have had a signature, the other could have had a blank. One could have had a signature that could have been a likely blank. One could have had a signature, and C denotes scribble. If any one of them had a signature, we said, okay, we call it a signature. Alternatively, in the scribble area, one could have had a scribble, other could have been a blank. One could have been a scribble, other could have been likely. One could have been a scribble and a scribble. These were denoted as scribbles in the duplicate case. And then finally, you had ones that are blank, blank, blank and likely blank, and likely and likely blank. Those were denoted as blanks. All right, so let Me just to give you some feeling of what these look like. So here is one from the same person. Again for the purpose we're not allowed to share the names of voters, et cetera. But you can see here that here's one. There is a signature here and there's a signature here. Okay, that. But they are both the same. So these are both signs. So two ballots, both signed. Another example is one is signed and the other is a blank, a complete blank here, in fact, in the signature region is what we're concerned with. Another is signed and the other one is a likely blank. It's got some stuff here. So echo mail, categorize it as a likely blank. Here's an example where you have assigned one, but you have a scribble over here. Okay, and then here we have the. Here we have a scribble, but here you have a blank. But it has been verified and approved. And we'll talk about this later. We'll come back to this. Here you have one that's a scribble a little bit, some stuff here. And a likely blank. And the one with the scribble was approved. Here you have two scribbles and one of them was approved, the exact same ones. And here you have one with a blank and a blank. And this blank has been approved. And here we have one which is a blank and a likely blank. And a likely blank with a little dot over here has been approved. And similarly over here we have a signature and a likely blank. And again the likely blank is being approved. And here's an example of a three copy. One, we have three copy duplicates, all are blank. And we'll come back to showing how if they were approved or not. And here's an example of three copy scribbles. All right, so that gives you an understanding of the flavor of these, the analysis we had to do of these two copy duplicates. And so on those two copies we categorize these ones in green as signatures, the ones in red as scribbles, and the ones in blank as, sorry, black as blank, ones in red as scribbles. So again, you have for two copies, 16,934. And these are the counts on that. So you have 155 scribbles from the two copy, 45 blanks from the two copy. Interesting enough, we also had three copy and four copy analysis we get to do. I'm not going to go into all the details of this, but there were also three copy and four copy duplicates. There were two sets of three copy which were blank. I'm sorry, two sets which were scribble five which were blank. So now we do the totals calculations. So if you add the non duplicate blanks, 1872, 2 copy duplicate blanks 45 and then two 3 copy duplicate blanks, you get 2. So 19, 19. Similar. If we do the scribbles, 24, 20 for the non duplicates, 155 for the 2 copy, 5 for the 3 copy, we get 2,580. So our net results state that we received 1,929,240. The 17,322 were removed to get this many unique return envelopes. And then we subtracted the non signature and what we call scribbles to come up with a total of 1,907,419. So this is what we would have sent to in this analysis should have gone to signature verification. Now let's do the comparative analysis which is looking side by side what Echomail uncovered from the audit and what Maricopa had. So how many EVB return envelopes received? Well, in the disk drive that we received, this is a number, but we don't know. In fact, it's not reported in the Maricopa report how many actual return envelopes they received. The duplicates we have 17,322 which will be subtracted. This is unreported. So when you Compare the unique EVV return envelopes, what you find is that Maricopa has 6545 more than we had in the possession of those image files. After you real duplicates. Now we go to the signature presence detection. We discovered 1 1919, no signatures. They reported 1455. So in this case we have 464 more blanks in the scribbles. They don't have a scribbles category. And we'll discuss that. If we start thinking about these scribbles as potential bad signatures, we'll get some insight. But at the end of the day, what went to signature verification at Maricopa was 1,917,008, which is 9,589 more than we would have sent pursuant to this analysis. They also had bad signatures and late returns that we talked about. Okay, now I want to go to the key findings and anomalies. You've seen the process, you've understood the methodology, we've gone through some detail. Let's go to the highlights here. So these are the key findings and I'm going to Go through each one of them. One of the key findings is it's unknown how many EBV return envelopes were originally received by Maricopa. We had 34,488 duplicates from 17,126 unique voters. It's actually duplicate images. Maricopa reported no duplicates. In the canvas report, we have 464 more no signatures between blanks than that were identified by US vs Maricopa. Maricopa has 6,545 more unique EVV return envelopes. This is what's interesting if you consider our scribbles, again, a very, very low tolerance and pattern recognition. Having done this for over 40 years, we could have used like 36 features. We used one single feature, pixel density. We would love to use more features by just using that one feature at a very low threshold. Threshold is key here. We've identified 2,580 scribbles which would have assumed they're all bad signatures. Maricopa identified 0.031% which is what that 587 represents. This actually represents four times that. We'll come back to that. Finally, Maricopa has 9,489 more net ebb envelopes that was submitted to signature verification versus what we have, and we're also going to see shortly is that we're going to see that we also saw through further analysis a 25% surge of duplicates in the last six days between November 4th to the 9th. We also saw some very interesting other anomalies where blanks of duplicates were being stamped, verified and approved. We also saw stamps of verified and approved in blank signature regions. And I'll share with you those. What's more interesting, I would consider it's potentially a critical anomaly, is that we saw the verified and approved stamps appearing behind the envelopes. And I'll show you this. It's almost as though it was imaged on there, or I don't want to say, you know, photoshopped, but put on there. But it's quite fascinating. I'm sure there's some explanation for this. And then finally we have cases where we have two different voter IDs having the same address, same phone, same name with matching signatures. So let's go look at some of these anomalies a little more graphically. Anomaly 1. Maricopa reported only 587 bad signatures. To give you some idea, that's 0.031%. And for people who didn't really like math, I thought I'D make it a little more pictorial. So this would be one bad signature for every 3,268 early voting ballot envelopes. So if you think about 1,918,463 early voting ballots, the unique ones that Maricopa said they got, and for each paper, by the way, the size of the paper is 0.1 millimeter and you were to put them up, you would get 630ft. That's the size, believe it or not, it's of the St. Louis Arch. That height when compared to the bad signatures would be only about 2.31 inches. So just to give you a pictorial understanding, a very, very low percentage was considered that. So again, that would be, to be specific, 0.0306% of all EVV return envelopes were deemed as bad signature. Okay, in our case, the anomalies we discovered 2480 bad signatures, scribbles, again, very low tolerance, which is 0.135%. And to give you an idea, just to state it again, we were not commissioned to identify, we were commissioned to identify the present blank scribbles and signatures, not to perform signature verification. So scribbles alone were considered bad signatures. And echo mail itself identified 335% more bad signatures than Maricopa did from its entire signature verification process. Okay, very important point here. And by the way, if we go look back at the state of Arizona 2016 general election, out of the 2 million ballots that came in, they had a signature mismatch rate of 0.13%, close to what we would have had if we just included those scribbles. All right, again, just to restate, the scribbles are a very, very low threshold. We were not asked to do signature verification. Again, anything between 0.1 to 1% pixel density. The third anomaly is this is again focusing on signatures. We did a randomized analysis of just supervised reviews, human review, just randomly looking at signatures, their legibility. Again, this is a wonderful analysis that can be done in handwriting. Four weeks before the election and four days after. We can't share with you this, obviously, but we found out four weeks before, 95% were legible signatures and only 5% were illegible. But four days after, 5% were legible, 95% were illegible. If I were to do a heat map, again, this is a representation. It would look like this where the red represents illegitability and the green represents legibility. It would look like this if you wanted to visually do this and if we had more, if we were commissioned to do this, we could do this. But you can see a marked difference between legibility. There could again be a explanation for this fourth anomaly as the EV visa trains the electronic voting ballot. I couldn't put the word envelopes, but I think you get the idea. Increased by 53% in the general election from 2016 to 2020. In Maricopa, bad signatures decreased. Let me explain what I mean by that. So in 2016, which is, you know, in the previous election of 2020, 1,257,179 return envelopes were submitted. 1456 were considered to have a mismatch with a rejection rate of 0.116. In 2020, we had nearly 56%, sorry, 52% more return envelopes. But the signature mismatch rate goes down by nearly 56%. So it's gone down by a significant number here. Okay, nearly four times. So this went up, the other two came down. A very interesting inverse relationship, which would be. Again, one of the questions we have from Maricopa officials. Anomaly number five is there's no mention of duplicates in Maricopa canvas report. Again, if you look here, here's a canvas report, there's no mention of duplicates. We, in our case, we found 17,126 voters sent in two or more ballots as duplicates. As you've seen before, anomaly 6 is 25% plus or more of the duplicates came in during November 4th to the 9th, essentially on election day and after. So how do we find this? Well, here's a plot again. Let me walk you through this. On the Y axis is a number of early voting ballot return envelopes and we're plotting it by day. And again, this is based on the drive we got, which were timestamped by particular days. So it almost looks like an interesting heartbeat here. So on this day, 10, 14, nearly 200,000 envelopes came in. On this day, nothing came in. So you get this interesting heartbeat signal. Then what we did was we said, why don't we. On top of this layer in the blanks, scribbles and duplicates again. Since the axis for the EV these is higher, that's on the right axis. On the left axis, I've done the totals for the scribbles, blanks and duplicates. What's fascinating is you notice in the early part, things are following the heartbeat, but somewhere along here, particularly on October 26th, this heartbeat starts separating. Particularly the Saffron line is the duplicates you have the duplicates stop matching in many ways, this heartbeat. So here everything stops. So what we did was we did further analysis on the blanks. I'm sorry, the duplicates and the evbre. And this is what's interesting. So what we're plotting here is the duplicates as a function of the daily percentage of EVBs. So here's a signal. But what you see is, you see suddenly this, what you may call a significant growth in percentage. In fact, in several of these days, there's 96% of the ballots that came in on two of these days are duplicates. So there was a serious number of duplicates. In fact, the area under this curve is close to 30%. 25 to 30% of the duplicates came in between November 4th to November 9th. And that motivated us to also, on the same plot, drop the blanks and the scribbles and you see the same phenomenon there, anomaly seven. I'm sorry, I've already gone through that. The next anomaly is we also noted that the EV33 system, which is the system that is the one that contains all the early voting ballots, had 932 voters who submitted duplicates versus a 17126 that we identified. But what's fascinating is when we match those 932 voters against our 17 126, only 2138 voters match. Let me repeat that again. The EV33, as we understand, we're not experts, that this is a system where all the early voting ballots are stored. When that was gone through and found that 9,382 of those were voters who submitted duplicates. Clearly this should be a subset of ours because we're supposed to have all the early voting ballots. We found out only 2113 matched. And let me just walk you through some of these duplicates where the duplicates are stamped and also approved. So you see the duplicate, and here it's being stamped. Nothing on here it's being approved. Duplicate one, duplicate two. This one is being approved. And again, all of these came in after November 4th. Same here. Another duplicate being approved. And a blank. Here's another one example, three, two duplicates, the blank being approved. Same here, fourth example. And there are many others. But these are pure blanks and they're being approved. In fact, this is a three copy duplicates where two are approved. So one voter sent in three copies and two got approved. Another one is three copy duplicates where one is approved. All right, the next anomaly is verified and approved in the blank signature region. So what do I mean by that? So this is blank, but they're verified and approved is appearing right in the blank. Again, this is process issues which we'd love to get answers to. So same thing here, same thing here. The verified and approved is right there. And then finally, this is an interesting anomaly where we have two EVBs from two EVBs where people have the same voter ID, same name, address and phone number with matching signatures with two different voter IDs. Okay, so it's. We, we had to redact this. But imagine if you could see this. There's a person's name here and address which is the same as the name and address here. Very similar matching signatures, same phone numbers, but they have two different voter IDs. So they're in paid. Again, two different voter IDs, same name, matching signatures. As if you look, if you looked at them visually, same phone numbers. Another example here, actually, there's three examples here. Another person here we call, by the way, this is. There's not a person called John Doe. It's. This is a just for to protect the innocent. And this is Jane Doe. Again, matching signatures, same address, same phone number, but two different voter IDs. Same here. Two different voter IDs, same address, same name. We don't have a phone number here, et cetera. So we have three examples of that. Then finally, the last anomaly I want to show is where we saw something fascinating is where the verified and approved stamp. And you have to look at this carefully, it's occurring behind the envelope triangle. Let me explain. So if you look at this carefully, this is an image of an envelope. Here is a triangle which is pointing people to print here. Now, you would think if it was stamped, this stamp should be over this image, but it is actually behind the triangle. All right, and you see it here again close up here. These are all different ballots which were approved post November 4th. Predominantly where the image of the verified and approved is behind this. Now, maybe this is done for a good reason, maybe it's an imaging technology. But typically you could, you know, if you use Photoshop, you'd have layers. But I don't want to even accuse that, but I just want to say that it is interesting that the verified and approved is behind the envelope here, the envelope triangle. All right, so again, there's some examples here. So questions. These are the questions we have for Maricopa officials. One is, did Maricopa receive any duplicates? Again, I've gone through. We received, we have in our possession 34,448 images representing 17 duplicates from 17,126 unique voters. 2 Copy 3 Copy 4 Copy the word duplicate does not show up as a keyword in their report, but it would be interesting to know if duplicates exist. The second one Is there a reason that Echo Mail has more no signatures than reported by Maricopa? Is it because we solely analyze only the signature region? And if not, why? The next question is why did echomail detect more scribbles and Maricopa's reporting a bad signature? Again, this comes to the point which I probably emphasized enough here, but if our scribbles at that less than 1% 0.1 to 1% pixel density were considered bad signatures, I.e. significantly more three to four times more in the Maricopa's 587 bad signatures. And the other question of the date stamps and the directories that we had the date on which the EVV return envelopes were received by Maricopa officials. We've assumed that when we did our time temporal charts and then finally, why does the approval stamp verified and approved appear to exist only on a small subset of the EVV return envelopes? Out of all the 1.9 million the that verified and approved, we find most of them exist after 114 after election day, but very few sprinkled. So out of all those envelopes, our initial supervised review reveals maybe 10% have the stamp on them. The other thing is did Maricopa stamp some EVB return envelopes as EVB approved even though signature even though signature is blank since they found a signature elsewhere and that would be good to know how did they do that? What is the adjudication process? Finally, all of this leads to a very important set of things from an engineering standpoint. What is a standard operating procedure? We call it an SOP for the EVB processing. If in any engineering system you have the SOPs? Because again we're relying on this very very important process of the signature and its verification. What is the SOP for the signature verification? And what is the SOP procuring of questionable signatures? And finally, what is a chain of custody? Talk a little bit more about that. And the last set of question is why was there sudden surge of duplicates during 1104-1109 which is incongruent with the trend we were seeing the early voting ballot return envelope counts. Finally, why is a verified and approved stamp envelope appearing behind the printed envelope triangle? How does that happen? Is there some imaging that's done? Are the envelopes printed? I Mean, it's a very. I just have a question from an imaging standpoint and the other question is, can two voter IDs can two different voter IDs be associated with the same person, the same address with matching signatures? Is that allowed? And then finally, why are blanks being stamped as verified and approved? And then more importantly, why is a stamp verified and approved appearing in a blank signature region? So those are our questions. In conclusion, as I started this conversation, the EVB return envelope is a container of the ballot. It's a very important thing if you think about the human body as a system. Your skin is what contains you, that envelope is what contains these validates a very, very important part. So there's significant opportunities to enhance precision, verifiability, reliability, auditability and reproducibility. In the world of engineering systems, we call these properties and these anomalies give us a wonderful opportunity to enhance these at least these five attributes. So we believe what needs to happen is that the signal our conclusion is a signature verification process, no pun intended, is unverifiable. Okay, we can't really verify this process and there's a lack of systems integration and reporting. Example the EV33s which should have all the early voting ballots. Just on the duplicates issue, we haven't had time to do a full systems integration that was in the scope. But even on the ballots we have far more duplicates than what are even in the system and currently for to us because we haven't been able to get access to the standard operating procedures that is opaque and non transparent. So the future research we believe that is absolutely necessary is we need to do full signature verification audit, which means do the full 27 point analysis. We have the capability right now, we have everything imaged. If we have the, if we acquire Maricopa's SOP for signature verification, if we can get their 27 point analysis algorithm, we can replicate all of this and using the algorithm that they have, define an actual false positive, false negative, error rate. What I mean by this is this would be a profound opportunity for improving US election processes. Because this has not been done. You read literature on the left or the right, everyone complains that the signature verification process has significant issues. We have an opportunity right now with this data and the opportunity here to do a 27 point analysis and really come up with an actual rate which would give us a scientific metric of the confidence value of the entire EVP system. And finally, we need to review the chain of custody today. What happens is when a signature is. There's questionable signature. People call the person, they contact them and then they have some conversation which is then verified. Where are those conversation records? Are those tickets stored anywhere and do we have access to that? That's it. Thank you everyone. Thank you very much. I'll take questions if there are any.

Senator Sonny Borrelli

Dr. Shiva, just before you get off here, I think it's really important that we know your credentials. You kind of just breezed through that slide. Can you go back to that real quick and just go, go over your credentials for everybody? So we, that's important for us as we're reading your report.

Charlie Kirk

Sure. I appreciate the opportunity to share that. Let me bring it up. So let me just give you a little bit of my background. I have four degrees from MIT, a PhD in biological engineering and what's called computational systems biology which is all about doing computation, recognizing patterns. My master's is also from the MIT Department of Mechanical Engineering where I did computational wave propagation to look at a very important area of pattern recognition called non destructive testing. Where you're looking, you don't want to actually open up a bridge or you don't want to open up a aircraft wing. You're sending signals in and you're classifying them. My other degrees from the MIT Media Lab in scientific visualization, my master's where I'll also use the same techniques to do some of the earliest complex visualizations for classification. And my bachelor's is in electrical engineering computer science also from MIT where I built for that one of the first cardiology systems for doing pattern analysis cardiology signals. But beyond that, my focus for 40 plus years has been in this field of pattern recognition and classification in biology, medicine, engineering, aeronautics, civil, electrical, banking and finance, military across a range of areas. Handwriting recognition on bank checks, email analysis. In fact I as a graduate student, I won. I was only graduate student asked to participate. I won the White House competition for automatically categorizing the White House's email. This is 1993 when email was becoming a consumer application. Prior to when it was a business application of the email that I created back in 1978. In 1993 is when email actually became a consumer application. The Clinton White House was getting tons of email, they wanted to automatically analyze it. I ended up winning. That left MIT took a 10 year hiatus and built Echo mail for pattern analysis recognition recognition of emails. Did a lot of work for many years as an undergraduate helping deafblind analysis of signature pattern analysis there. Currently I work in a company called Cytosol where we're looking at analysis of Signals, biomarker signals to figure out the right combinations of medicines. That company actually got a multi combination therapy allowed by the FDA for pancreatic cancer. I've written a number of patents, books anyone wants to go to go to vashiva.com and you can look at my biography over there. I published in the leading journals in the world. Nature Neuroscience is one of the eminent journals in the world. Cell Biophysical Journal, ieee. These are high impact peer reviewed journals. The US Copyright Office delivered me the first copyright for the invention of email. I'm a Fulbright scholar, a Lemelson MIT finalist, I won one of the earliest Westinghouse Science Honors award, was a nominee for the National Medal of Technology and Innovation, and I've been invited to give distinguished lectures at the National Science Foundation, NIH, FDA. In fact, in November 19th I delivered the prestige lecture on the immune system, an invited lecture at the NSF where we discussed the immune system. And several years ago MIT had me deliver their Presidential Fellows lecture.

Senator Sonny Borrelli

Thank you for sharing that. You've raised a lot of very important questions for us to get answers to.

Charlie Kirk

Thank you.

Senator Warren Petersen

Dr. Shiva, your report was extremely insightful and considering the fact that we only got the envelopes just a few short weeks ago, we appreciate you dropping everything, all of your other responsibilities and jumped on this right away so that this could be accomplished by today's hearing date. So we appreciate that very, very much.

Charlie Kirk

I also want to thank Doug Applegate and Phil Evans, two of my colleagues at Echo Mail and the Echo Mail team in particular, all the stakeholders. And again, I want to thank the courage of the leadership of the Arizona State Senate. The this will go down in history as one of the most important engineering events, not just an election event. It will go down as a very important engineering event for engineering systems of election voting systems. I really appreciate the opportunity and I'm very honored to support this effort. Thank you.

Senator Warren Petersen

Thank you Dr. Shiva. And for everyone in TV land or whatever, these reports all will be made available in their entirety. They'll be uploaded on the website as soon as we can get them uploaded. So you can see all of these personal information and the personal. Yeah, just make sure the redaction that you saw was any personal information. We tried very hard to make sure we complied with the court order and make sure anybody's names, addresses that were on there was not available to the public. However, the unredacted version will go to the Attorney General's office so he can seek further investigation on these anomalies. Thank you, Dr. Shiva.

Charlie Kirk

Thank you very much.

Senator Warren Petersen

All right, thank you so much. And just also a note. It was interesting. We had received a lot of emails, affidavits, you name it, from people that actually worked at M Tech and at the polls, and that they had told us that when it all started. What is it, 27 or 29 points of signature verification? 27. Thank you. That. That's what you're supposed to do, is 27 points of signature verification. And at some point, it went to 20, it went to 10. And towards the last few weeks, we were told that they were told, just stop checking signatures. We've got to get this done. So what he's showing us here does, in some sense, correlate with the things that people had told us. So, for what it's worth. Okay, let's go to Doug Logan, Cyber Ninjas. You are going to give us your report. And would you please give us just a tad of your background?

Doug Logan

Sure. So, I'm Doug Logan. I'm the CEO of Cyber Ninjas. I have done cybersecurity work for a lot of major organizations, including bank of America and JP Morgan Chase. I've done a decent amount of work in the federal government as well. I hold Certified Information Systems Security Professionals, or cissp. I also have GAC Web Application Penetration Tester and GAC Certified Incident Handler. I am listed as. I am actually an expert on the Antrim election case Associate. And I have a report that's actually published, associated with that. It's publicly available from Matt DiPerno's website. And I have, of course, been running this audit for the last roughly five months.

Senator Sonny Borrelli

Mr. Loom, could you pull the mic, or could you get a little bit closer to mic, please?

Doug Logan

Is that better?

Randy Pullen

Okay.

Ben Cotton

Awesome.

Doug Logan

It's not clicking. There we go. So I just want to start with an overview of what we actually accomplished here, because this is an audit like we've never had before and involved, as you mentioned earlier, Madam president, involved over 1,500 people. And based on our calculations, it was actually more than 100,000 hours put in place. As you can see up on the photo right now, this is an example. This actually happened in the evening, one of the days. So this isn't even a full group of everybody. And we're going to go through each role that was out there, what. What functions they were performing. But you'll notice that everyone is located based on colors. That helped us keep track of where people were and make sure no one was out of place, and help us make sure that we both secured and maintained custody of all the ballots. At all times. Custody of all the ballots at all times. Custody of all the ballots at all times. Custody of all the ballots at all times. Over 1500 people and like 100,000 hours. Now. Security was something that was extremely important. With everything that we did here, we had multiple layers of security. We actually had an external perimeter that was maintained by the Arizona rangers. So as you came in, that would validate that you're on a list of individuals in order to be able to get in. We also had an interior checks so that as you walked through the door, you came up to a desk where you were both checked for Covid and validated to be on a list, made sure you had a badge and all those things to make sure that you're someone that was supposed to be there to even be in the building. All the ballots and election equipment were stored within these cages. And anytime they ever left the cage, they were actually signed out by an individual. So we have a complete signed record of every individual that came and picked up every box. So someone took over custody of that box. We actually had individuals called runners and they would run it from the ballot corral and they take it over to whatever table they need to go to. And that individual would then sign the box over to the table manager at the table that would then utilize it to process it. So at no time was a box of ballots or individual ballots outside of the care of someone's specific authorized care who has to sign off of it. In fact, we actually had 247 video surveillance on everything at all times. In addition, you'll see this lovely police officer. They were actually there 247 as well. And they were always within sight of the ballot corrals or where we had the election equipment stored. We had police officers at both locations always maintaining and always making sure that. That the ballots and the equipment was 100% secure and that nothing could happen to them. So this is one of our tallying tables. What you can see in the middle is actually a lazy Susan. You'll notice that there's three counters around the table. There's someone who's actually at this table they're loading and someone who's unloading. So all counters were Maricopa residents who specifically voted in the last election. We wanted to make sure that if anyone was involved in this very important action, that they had skin in the game and they were local. We didn't use anyone out of state for any functions having to do with the actual tallying of the ballots, or I should say, actually tallying the Ballots. Some of the table manager were from out of state, but the people actually counting the ballots were all Maricopa residents. There were other functions where we had volunteers from other states though. As much as possible, we tried to keep everybody local in Maricopa County. We think it's very important for our local community to take ownership for their election process and we wanted to facilitate that as much as possible. All these individuals were background checked and validated. We had one individual that had slipped through the process because he'd been on the ballot versus specifically that doesn't have something shows up in standard background check. So we started doing additional checks, comparing everything on things to make sure that never happened again. It was very important to us to make sure that we always had things that were going to make sure that were beyond reproach. Transparency in everything we did was very, very important. Now all three counters were blind. That means they were not allowed to talk to each other. As that ballot went around and was in front of them, they would tally on a sheet of paper and they put a little mark based on whether for both the presidential and the senate race, they put a mark to see whatever it was. Roughly every 50 ballots. They would compare the numbers with each other. Actually the table manager take them, compare them, and if two out of three of them agreed and the third person was no more than one count off for the race, they would proceed and they would move on. If there was any more discrepancies beyond that, they actually had to stop. They had to find the ballots in question that they're in question, they had to recount them. So there is absolutely no way to have speed here without having accuracy. And we found that when we had a brand new table, it was relatively slow, but as soon as they've been doing it for about two shifts or so, their speed greatly increased. And it was amazing at how quickly they could count ballots in the very beginning of the process. In our first three weeks, our fastest, I think our most ballots we ever counted was roughly 30,000 when we came back and had more of a full shop. I think at our peak, we did over 150,000 ballots in a day, and we're routinely doing over 100,000. So the speed, like I said, greatly increased, especially as we worked through this. So the way the ballots would actually work is we had a ballot corral where the ballots were originally in. They would be signed out of that ballot corral and they'd be taken to a tally table. After they were tallied, they'd go back to a Ballot corral whether, which was specific to being in progress. And then when we had our paper examination tables, they were ready for a box of ballots. That's where it came, it came out of the in progress. So at the paper examination tables we had DSLR cameras. Those DSLR cameras took pictures on the front and the back of these ballots and they gave us very high definition images that allowed us to see all sorts of intricacies of the paper and what's going on after it was done with dslr. Actually, excuse me sir, I'm sorry, the clicker's not working. There we go. Let's go back there really quick. So once it went into the microscope stands, we had four microscopes that were taken images of the magnified image. And that was over a number of different places that included the presidential oval to take a look at how that was filled out. And with the way we had the lights, we could actually see when it was filled out with a ballpoint pen, you could actually see the ridges of the person pressing down on it. So you could tell the difference between something that was filled out with a Sharpie, you could tell something was printed out by a pen or you could tell actually if something was computer printed, you could tell the difference between all of them. We also had a microscope over certain parts of the ballot that would allow us to look at the paper fibers to help determine what type of paper was utilized. Now when we were done with this, we actually had over 140 terabytes of data just from the paper examination alone. So we had massive amounts of data. In fact, with our camera footage and everything that ran the operation, we ended up with close to 2 petabytes of data to give you a comparison that is vastly more data that your average large thousand person company has. So we are running a very impressive network here that was completely air gapped, wasn't connected to anything outside of the floor. In order to support this, in order to have all the data requirements associated with it, it was a very complicated operation. So just I want to give a high level status of where we are right now. So first of all, we've completed the hand counted of all federal races, we've done all the image and Microsoft capture of all the ballots, we've reviewed and did a comparison of the official results. We've done analysis of the voter rolls, we've done the vast majority of the analysis of the actual voting machines and voting equipment in progress right now. We are hopeful to soon with the settlement that the Senate put together to be reviewing the Spunt logs and routers. Based on the settlement terms, we're also hoping that the completion of the paper analysis that's being done will be done very shortly. Now from a scope standpoint, Stopped again. So no longer in scope was the canvas in that was decided that was removed. We have the tabula configuration to check. Internet configuration was something that was not provided. We believe with the other information we have, we'll be able to get similar data, but it will not be the same exact data. We had requested to review the voter roll system, but a lot of the systems are used for checking in for the SIPUX system were not provided as part of the equipment that was given us. We had hoped to look at the review of the ICX devices, but again, those had not been provided. We had wanted to look at the provisional ballots, the ones that had not been counted, to count the sealed envelopes, to make sure they matched up with everything and made sense. And those again were not provided. And we'd also hope to take a look at the undeliverable ballots to see how many of them were bounced back or what happened to them. And again, those were not things that were provided. And so there were things that are no longer in scope and we're not able to take a look at. Okay, so now we'll get into the fun part and get more into the actual tall results. In order to understand some of these findings, I want to make sure that everyone has a clear picture as to how this process works. So if we have ballots that are actually damaged or otherwise can't be run through the tabulators, for example, the braille ballots won't fit through the tabulators. Some of the UCAVA ones are in formats that can't. They need to go through what's called a duplication process. Now, this is a different thing than what Dr. Shiva was talking about when he talked about duplicates. When he talked about duplicates, he was talking about more than one envelope going to the same person. So we're going to talk about the word duplicates here, but we're actually talking about when there was an original ballot that couldn't be run through the scanner and they created a copy of it, which was run through the scanner and counted. So when you have duplicates, when you have the rituals and you have the duplicates, only one of those counted and it should only be the duplicate. Now, specifically, the originals are often referred to as damage sent to duplication, or dsd. And we're going to use that notation throughout things that DSD Means the original ballots, whereas the actual duplicates are referred to as dupes. So there should be one DSD per dupe and there should be a unique serial number on every single DSD and every single dupe to match them up. So that you will know for sure that this ballot right here was duplicated to this other ballot. And if you want to compare and make sure the duplication process was done correctly and that it actually represented the voter intent, you'd be able to easily match them up and it'd be easier to handle from an audit standpoint. Duplicate ballots also should be stored separately from the original ballots, so there's not confusion, they don't get mixed up. So let's talk a little bit about those findings. So our duplicate ballots were coming commingled with the original ballots, not all of them. There were in at least one box case, which is something that they're not supposed to do. According to the epm, duplicate ballots had incorrect and missing serial numbers. If you take a look at this table that's showing up, you'll notice that the serial number on the left is what was actually on the ballot for the duplicate ballot. And the serial number the board one hand duped to 118 on 2114 on the right is what was actually on the original damage. You'll notice the numbers are actually different on the left hand side. This is dupe. Board 3 hand 02114 on the right has board 1 hand dupe 214. We were able to match these up because of the ballot characteristics and the precinct that it came from. But it's a very painful process and it has to be done manually in order to figure out what matches to what else when they're not actually stamped with the same exact serial number on them. We also had a number of serial numbers that were printed like this one that you see on the screen where you can't really read it. It's not legible. So it theoretically has a serial number on it, but there's no way to match it up because you cannot read what the value is on it. In addition to having ballots that flat out did not have a serial number anywhere on there whatsoever, so there was no way to match them up with originals. Now we also had duplicate ballots that reuse serial numbers. You would expect that a serial number in order to match it up went out being unique. But you'll notice there's two examples up here of two different pairs that are not associated with each other, but had the same exact serial number utilized in this case. I believe we've got a large print and a damage standard damage palette. We also have a few others in here. Again, same exact serial number, but these were not the same ballots. And specifically, if you ever take a look at a large print ballot, they're huge. They're very, very large. So it's not just that something was photocopied or anything like that. They literally use the same serial number on otherwise unrelated ballots. And this is probably one of the more interesting parts, is that we had more duplicates than original ballots. So according to our counts from our audit, we had 26,965 original ballots. And then we had 29,557 that were duplicate ballots. And those numbers should be the same. Based on the numbers received from Maricopa county, we should have had 27,869 of both originals and duplicates, and they should have matched up perfectly. Now, these extra duplicates did appear to favor Trump and Jorgensen. If you take a look at the regional ballots, we've got Trump has 995,404. And if you take a look at the duplicates, there's some number of more of them. So if you take a look at percentage all the way over to the right, the expected percentage per candidate, and that's based on if we take the originals and assume the duplicates should be at the same exact percentage. So we had 48% of the originals were Trump, 50% of the originals were Biden, and 2% of the originals were Jorgensen. You can see what they actually have at the difference. In reality, Trump had 58% of the duplicates, 33 and 3. So both Trump and Jorgensen gained slightly with the duplicate process. Same thing whenever we take a look at the Senate race, it's favors slightly to McSally, not necessarily as much as it does in the other case. Both of these percentages are within the realm of error, of just human error making mistakes. So if we take a look at our final tally results and we look at the Senate race, it does look like Kelly still shows up as a head. And we actually run into that. We have 541 less for McSally and 60 less for Kelly in the ballot totals. If we take a look at the presidential race, Trump actually loses 261 votes from the official votes. Biden gains 99, and Jorgensen loses 204 votes. And again, these are all, you know, very small numbers when we're talking about 2.1 million ballots. These are very small discrepancies so we can say that the ballots that were provided to us to count in the Coliseum very accurately correlate with the official canvas numbers that came through. So we did have at least of a batch of 50 ballots that was run through the tabulators twice. This is specifically when they took the Dominion tabulators. They had the same batch and it was run through more than one time. We found this because through our various counts we had very clear confirmations of how many ballots were supposed to be in a box. And when we compared our results against the cast vote records, we were roughly 50 off. And that made us go take a look at the Dominion images. And we, when we compared it to nearby ballot, we actually found that there was a set of 50 ballots that had been run through again twice. As far as we could tell, with it only happening once. There's no indication as to whether that, you know, we don't have no clear indication whether it was human error or whether it was intentional. We assume that's human error because it was happened in very small frequency. This is an example of a ballot from two different batches. It's probably relatively small text for people to read, but if you read all the way down on the bottom, it will tell you that it's tabulator. On the left hand picture, tabulator 6004 BTC, which is the batch 288. And that's the image 154. And then the right hand side we have again same tabular but batch number 287 which is one different and it's image number five. And we had roughly 50 of them that were in between the two of these. We found something similar from the uacava where the yukava. For those of you don't know, uacava ballots are for military and overseas personnel. It's a way that they can actually cast votes even though they're not physically here. Those ballots get turned in either via an online portal, they can be submitted via email, they can be mailed in. I think they can fax them in. There's a whole bunch of different ways these can come in. As a result, they're in a lot of different formats and there's a lot of variance among them. But on the left hand picture you can actually see that it's board number two. Hand duped 573 is what approved it. On the right hand side it's hand dupe 574. And it's probably too small for you to read, but if you read the serial number circled on the, on the top left, you'll notice that the timestamp and the serial numbers are exactly the same, which means that someone likely printed out the UACAVA ballot twice and both of them made it into the sans. We did not find this in, in a lot of quantities, but the only way we had to look at it was by hand. And there's over 10,000 UACAVA ballots. Because every single one of these UCAVA ballots is slightly different form, it's actually even difficult to do it in automated fashion. The only good way would be to go through by hand without some sophisticated processing. Okay, so we're going to talk a little bit about the official results that are actually turned out by the county. And this actually connects quite a bit with some of the stuff that, that Dr. Sha was talking about. So from a definition standpoint, we have the official canvas. The official canvas is the official certified results that are put out by the county. It has the tallies of votes per candidate per precinct and provisional. It tells what the turnout was for a given precinct and all of that information. We also have what's called here in Maricopa county, they call it the VM55 file or the final voted file. It is a list of every single person that showed up to vote and that's counted both for, you know, for in person, whether it's early voting in person or whether it's mail in. And all of those are kept track of separately. So we have a number of all those different categories of who showed up to vote on any given day. We then have the VM34 full voter file. This is also referred to as say, your voter rolls. This is a list of everybody who should be eligible to vote. And the county in Maricopa seems to make these available roughly on a monthly basis so that the full voter rolls. So that is your theoretical full list of everyone that may be able to, you know, may show up to vote at a given election. Then we have our EV32 files or EV32 early voting sense. Every single time a mail in ballot is sent, it's supposed to have an entry in an ev32 file that corresponds with that mail in ballot that's sent out. Likewise, we have an EV33 file, which is when any type of early vote is returned. Now, this both includes when a mail in ballot is received and an in person when someone comes and votes in person. Ev33 includes both of those. You may remember at the hearing that we had a while ago, we had mentioned that the EV32s do not match the EV33s. We were doing a quick analysis in order to justify canvassing, and there were 74,000 that were off. The vast majority of the 74,000 were from early voting in person. And that is why there was not an EV32 associated with it. We have this clarified in a report as well. That was not a purposeful discrepancy. It's just something that was not immediately clear at that point. So just to give an example on how these systems work in order to match everything up, so if we have 10 people who mailed in a ballot and we had 10 people who voted early in person, and we had 10 people voted on election day in person, we have 30 votes that are out there. So what this means is we should have the official canvas with 30 votes and it should be allocated per precinct accordingly. It should be allocated. It should be allocated based on the candidates, and you should have your official tallies associated with it. You would also expect that if you went to your VM55 file, you should see 10 people who voted via mail in because it has different codes. Based on that, you should have 10 people who voted early in person and 10 people who voted on election day. And every single one of those entries, should it have the name and address associated with the person that matches up with their voter rolls. Likewise, you would expect that your EV32 would only have 10 ballots mailed in it because that was what was sent out. And your EV33 should have 10 people in it from the mail in ballots and 10 people from the actual EV in person, for a total of 20. This is what you would expect in a balanced system. This is not actually what we found when we started comparing all these numbers. All these numbers were different in very different ways. And it's something that creates quite a few discrepancies. So none of these systems actually balanced. We're going to go through these. So our official canvas has 3,432 more ballots cast than the list of people who show as having cast a vote in the VM55 file. Now, I do want to specifically interject in here that we. We finally heard back from Maricopa county because we asked them about this discrepancy. I think it was at least a week ago, but it was a couple weeks ago. So the day before we were presented our results, they decided to tell us that those were actually for the protected voters who don't actually, you know, either judges or battered women or other individuals who are concerned about publishing their addresses. That that is the reason why that discrepancy is in there. I can't validate whether that's, that's accurate or not accurate. This is information that we just received. What I can say is that this sort of stuff is exactly why with audits, usually the organization you're in the process of auditing cooperates and works with you. And it would have been these would have been extremely helpful in order to get feedback and work through them through this entire process. Now we do have 9,041 mail in voters shown return ballots, more return ballots in EV33 than they were sent. EV32. Sounds like Dr. Shiva found something very similar to this as well. So specifically we found they were mailed one ballot, but somehow two ballots were received, which I do not know how you would have one ballot sent and two received. The assumption would have to be that it's a clerical error or there's something else going on. It's not clear how you can have that happen. 277 printings show in the official canvas as having more ballots cast than people showed up to vote, for a total of 1,551 excess votes. Again, the county has explained to us that the same reason for the VM55 difference they're saying is the reason there. We have not had a chance to validate that there are 2,472 ballots shown in EV33 that don't have a correspondent entries in the VM55. And only 2042 ballots show as rejected in the official canvas for a discrepancy of 430. So let's walk through this really quickly. So if something is in the EV33, that means that an early vote was received and we have the individual's name and the voter ID associated with it. So if an EV33 was received, you would expect that if it's not in the VM55 file of WHO voted, then it had to be a rejected ballot. Just makes logical sense. It has to be a rejected ballot. But there's 2,472 that show in the EV33. But there's only 2,000. Sorry, there's only 2042 ballots that show is rejected. So there's a discrepancy of 430. Again, just another place where they show that they don't seem to match up. We also have 397 mail in ballots show as received that were never shown as sent. So they were. We know that they are in the VM55, they're mail in ballots and they were received without somehow ever being sent a ballot. Now we also have 2,500, 255,326 early votes shown in the VM55 that do not have a corresponding entry in the EB33. And just to be clear, this is not, you know, when you were looking at EV33 entries, EV33 entries are supposed to happen when a ballot is received, but it's not, you know, the actual tracking of the ballots are under, you know, the, the actual official canvas of the VM55. So we had in the VM55 individuals who voted. We had entries for early voting. They were in there where in 255,000 cases of those, they were not actually included in the EV33 file. In reality, all of these, you know, all these systems to be audible and to be verifiable, all these systems should be able to be in agreement with each other. And even if we have protected voters, there should be some way to know the number of protected voters who voted in order to match it all up so that you have a system that balances. Voters who moved. So we took a look at the entire list of individuals who voted specifically that was from the VM55 final voted file. And we ran it through a commercial database called put out by Melissa, called Personator. And Personator is a best in class identity system that helps check addresses and make sure they're associated with the user. It'll show prior and current addresses, it'll track move dates, and it'll actually also track date of birth and date of deaths. So we went and took the voter rolls and we compared them against this to see how many people might have moved and based on statute, should not have necessarily cast a vote. So the first thing we found is that 23,344 voters who voted via mail in ballots, even though they showed in Melissa as having moved from that address. And we wanted to make sure we accounted for the circumstances where a college student might have moved away from home or family member might have moved somewhere else. So we actually eliminated all the chances, all the cases where someone was still at that residence that had the same last name. That's how we came up with 23,344. So if your mail in ballot is sent to an address that you no longer live at, there should be no way for you to receive that mail in ballot. At least it's generally not a way for you to reset mail ballot because mail in ballots are legally not allowed to be forwarded. So it can't be forwarded to your new address. So the only way this situation could happen legally is if you know the prior, if you know the current resident and you're able to meet with them and pick up your mail in ballot or somehow have some other arrangement to pick up your ballots were there, but still 23,344 people voted when they should no longer, you know, have access, you know, would not normally have access at that given address. We had 2,382 voters who voted in person. Even they showed Melissa as having moved out of Maricopa county prior to that date. We have 2081 voters who moved out of state in the 29 days before the election and appeared to be given a full ballot, which should have been, you know, if anything, if they voted at all, it should have been a president only ballot where literally the only option on the ballot would have been president. That is something it's by Arizona statute. Let's talk a little bit about the voter rolls. So registration dates do not generally change in your voter rolls. So this is your day of registration, unless there's it's to correct a mistake. And this is something that we received out of the actual recorder's office. They told us that those dates should not generally be changing. Your date of registration should be your date of registration. And it says there at the end, the only time a voter may have two dates of registration is if the registration has previously been canceled and the voter registers again, the original record would be canceled for varied reasons. And then, you know, they'll have a new record with a new date of registration. So the old record should not exist and it should not have a date of registration change. Likewise, we have this thing called appseek and fsextant is actually a unique identifier that is a reference to a transaction. So, for example, if you went and you needed to change your address, you would fill out a form, and when you filled out that form, you would turn it into the recorder's office and they would image that and they would process it. And when they processed it, they would assign it a unique identifier. That unique identifier actually gets stored in your voter rolls as the latest one and it is specific to that change request. So those should be unique. You should not even have it twice in your voter rolls. It should only happen once and it should not be shared among multiple individuals. And this is something again we confirmed with the Recorder's office. Now we also have A statute that says complete names should be used and that will get into our finances that we have here in a second. So we had as many as 5,047 individuals who voted in more than one county for up to 5,295 additional votes. If these are duplicates now, I will tell you that these individuals had the same name, first, middle and last name and the same exact birth year, because that's what's in the voter rolls. But if you have an extremely common last name which can happen, there's some of these may in fact just be individuals with the same exact name, same exact birth year. We have no way to validate that 100%. We had 393 voters with incomplete names that voted in the election. This included individuals with last name only. Last name is just an initial. There's no last name or first name is just an initial. And again, there are some individuals who in some cases this could happen, but this is not a frequent thing that you typically see. We also had 198 individuals who registered after the October 15th cutoff and yet still voted in the election. And we had 2,861 voters who have shared an AFSEQ number with another voter at some point in time. And that does not. We don't know exactly what that means, but based on the descriptions of everything that's happened in the system, it suggests there may be some integrity issues with the data. When an impossible situation is happening in a system, and if you've got integrity systems in something as important as the voter rolls, there would be a concern. We have 282 potentially deceased voters in this election. I know that there's been some much wider numbers that have been circulated on the Internet. We tried to validate this stuff very, very precisely. It can be a difficult thing to match up voter rolls to individuals. From our testing, we believe that all the ones we have in here are accurate, but there are potentially additional ones as well. We have 186 people who potentially have duplicate voter IDs that both voted. I think that Dr. Shiva was mentioning that we haven't had individuals with the same first name, last name and the same address and seem to have the same signature. That is something that we have also seen in the voter rolls with people who seem to have literally the same exact name. We have 186 people. That's the case where they actually the first name and last name and the address all match up and year of birth. Because assumption would be you might have a junior in a Different place and so they'd have a different day of birth associated with it, but not the same address. And that is the end of the presentation for right now. With that I'm going to hand it off to Ben Cotton who's going to go over our digital finance.

Senator Warren Petersen

Thank you. Mr. Cotton, when you start, could you just give us a little bit of your background?

Ben Cotton

I have 25 plus years of doing digital forensics, incident response and examinations in support of both government government as part of my service Prior to my digital forensics background for the last 25 years, I also served 21 years as a TAB qualified Special Forces soldier serving this country and defending our freedoms. I recognize how critically important the voter integrity is to this nation. And this again Madam President, I agree with you. This is not a left issue, this is not a right issue. This is an American issue. And as I, as I talk about this, you know, I would hope that the findings of this audit will be turned into actionable legislative, meaningful product that we can move forward and secure these elections moving forward. So as I talk today, people may have heard some of my previous testimony. We had a few of these will be redundant, but it's important to reiterate these findings in the course of this we had a few of these will be redundant but it's important to reiterate these findings in the course of this final hearing. So we'll talk about the withheld devices and data and how that impacted our ability to provide a complete report to the Senate here today. We'll talk about the cybersecurity issues that we have found, the hardware configuration control issues, atypical anonymous logins that are present on the systems, the listening ports and attempted connections on boot up and Internet connections and Internet history that was found on these devices as part of the part of the course. Next slide please. So let's talk about the withheld devices for a moment here. As with any audit, access to information and the right information in a timely manner is absolutely critical to finding a complete result for an investigation. In the case of this audit, we were never provided access to to the routers and network related data and that becomes very impactful when we start talking about validating and confirming unauthorized accesses to the election management system itself and to the other devices. I would like to sit here today and tell you that I had fully ruled out any unauthorized access, but given the lack of access to this information, I cannot do that at this time. It is our understanding that there has been an agreement reached with the Maricopa county and I Look forward to getting access to this data so that we can complete these findings. We were not provided the poll worker laptops. Now these are the laptops that poll workers use at each precinct to validate the voters to and to interact with election related functions at that particular particular precinct. We were not provided any of the ICX devices. So the ICX devices are used for handicapped and other graphically required interfaces with the voting systems. We know that the county had a number of these based on the historical video from the M Tech, but we were not provided any of those. We were not provided with the ICP credentials to validate the configuration settings or the administrative settings on the actual scanners, the icps. This was critical and a significant short finding in that. I cannot sit here today and tell you whether or not the wireless modems were enabled and connected to the Internet at the time of the vote. And I cannot sit here and tell you today what the status was of the land connections that we know were inherent to those devices as part of the purchase from, or the lease from Dominion. Okay, let's, let's go a little deeper into the cyber security issues as, as we found them. Actually, you've, you've skipped a slide or. No, I'm sorry. So let's talk about the. Go back one slide, please. Let's talk about the cyber security issues. Now, the Department of Homeland Security has a division called cisa and CISA has a recommendation that's published on the Internet for how to configure and manage election systems that is freely available and it's recognized as kind of the gold standard for securing an election system. I will, I will tell you that every item up here is part of that recommendation from, from cesa. I will tell you that in Maricopa county they failed to perform basic operating system patch management functions. Now let me explain that for a bit. So if you have a home computer, you realize that every Thursday or Wednesday, depending on your cycle, Microsoft will release a security patch to correct vulnerabilities that have been discovered since they released the operating system and it was installed on your computer. Okay. The last time that the operating system was patched on the Maricopa county election systems was the date that they installed the Dominion Software, which was the 6th of August of 2019. Okay. So at the time of election, it had been over a year since that system had been patched. We found that that was also the same case with the antivirus definitions. So we know, as part of this world that we live in, that people are coming up with New ways to hack a system to exploit vulnerabilities and get unauthorized access to the systems. And they're doing this continually. All major security vendors update their antivirus at least on a weekly basis to make sure that we can protect our systems from these newly originated vulnerabilities and exploits. The last time that the antivirus had been updated on the Maricopa county systems was the 6th of August 2019. Now, Maricopa county did release a statement saying that if they had patched the operating system or if they had updated the antivirus, that that would have invalidated the EAC certification for the voting system itself. Obviously, there are a couple of issues with this position. And the first one is that we are relying on a certification system that would impose obsolescence instead of security in the very act of trying to secure a voting system. That is nonsensical and it should never occur. So if that is in fact the case, we need to take a very close look at what we're relying on to validate and certify these election systems and software to ensure that we're not certifying guaranteed obsolescence of the system. Now, let's assume for a moment that what Maricopa county said was true, that they could not update those systems because of this certification issue. There are a couple of problems with that as borne out by the artifacts on the actual EAS EMS server itself. So if that is true, then that would mean that no new executable files, no new dynamic link libraries could be created or modified on that system after the date of the software installation, which Once again was the 6th of August 2019. What we found is that there are four executable files that were created after this date of Dominion install. There were 45 executable files that were modified after this date of install. There were 377 Dynamic Link Library files which were created after the Dominion software install. And there were 150 or 1053 DLL files that were modified after this date. So if we assume that what the county represented is true, then in fact that voting system would not have been certified at the time of the election. Let's talk a little bit about log management here. So there is a federal statute that requires the preservation of of election related materials for 22 months after the date of the election. That applies not only to paper, but that also applies to digital artifacts. Maricopa county failed to preserve the operating system security logs to cover the dates of the election. They provided security logs early in the audit process, but they did not provide the Windows security log itself. When we examined the EMS server, we found that the dates covered by the security log only went back as far as 5th February 2021. Now there's a couple reasons for that and we'll go into those later, but the bottom line is, is that they, they failed to preserve those, those logs, or at least those logs were not turned over to the auditors. And so I'm assuming since they were part of the subpoena, that those should have been provided had they been present. Okay, next item there is credential management. This is probably the most offensive item on this list to me because it carries such a huge impact on the securability of a system. What we found is that for the election management system, the adjudication systems, the ICC's and all of the voting related systems, they all shared a common password for both user accounts and for administrative accounts. And just to be crystal clear, it was the same password for all those accounts. So to complicate matters as well, those accounts had not been changed since the installation of the software. So they were established on 6 August 2019 and never changed. There furthermore was not an individual accountability of the users who access specific accounts so that you could tie a username in action and an individual when you discovered something that was an anomaly. Okay, we did not see any software or any effort to establish and monitor a host baseline of programs and processes. Furthermore, we did not see any log aggregation or methodology by which to establish and monitor the network communications for this system. There simply was none of that software present on any of these devices. Next slide please. We also didn't saw and detected that there was a failure in hardware configuration within the voting system. Now what you're seeing right here is the system, the acquisition photos for the system that was identified as the Adjudication 2 workstation. Now you will see in that picture that there are two hard drives that came out of that system. It's not uncommon to have two hard drives in a system for data storage, et cetera, et cetera. However, both of those hard drives are bootable. Okay, so what that means is that you can boot from a hard drive that is not part of the election configuration and have access to the election network. Very important. It's clearly not an approved configuration. It was the only system that we found a dual boot situation. Now to further complicate matters a little bit, and I'm not going to make judgment as to the legality of this or whether or not this deserves further action, is that on that second bootable hard drive there appeared to be non Maricopa county data. So let me, let me define that a little bit. With on that hard drive there were Dominion databases that appeared to be one demonstration data, but also data that may have originated from Washington State and South Carolina. And I derive that not from an in depth investigation of the data that was outside my scope, but from the naming conventions of the databases themselves. Okay, so once again validating and approving the configuration of the of these systems is critically important to preserving the integrity of that election system. I would also note that neither of the two audit. Next slide. One of the challenges that we had was actually the accountability of deleted items. We talked about deleted items before. Let's be crystal clear about this. From the ems, which is the Election Management System server on the C drive there were 865 directories and 8 85,673 election related files deleted between 1028 in 1105. They also included some log files. So what is difficult to determine is that I know they were deleted. What I don't have is any accountability or any ability to track from a evidence management perspective how those deleted files were treated and what happened to them, if they were archived or not.

Doug Logan

Okay,

Ben Cotton

There are a DVD file and those are actually the results of the, of the election totals off of each tabulating device. And those were part of the deleted files that were removed from the ems. From the. So the EMS actually had two hard drives. Well, they had six hard drives configured into two logical drives. So the second logical drive was called. So the second logical drive was called the D drive and, and that contained all of the election database, both historically and should have contained the information for this 2020 general election as well. You'll note that there were 9571 directories and 1,064,746 election related files deleted between 1-11-20. On the HiPro one. There were 304 directories containing 59,387 files of election data that were deleted from the Hi Pro scanner one on 3 March 2021. Now this becomes kind of important because part of our analysis was to look at the interaction of these scanners, these systems and how data flowed. You'll notice that that's about a month and a half before they turned that over to us. Next slide. You see a significant amount of deletion on HiPro3 on that same date. 1061 directories, 196,463 files containing election data delay deleted on on that particular date on the 3rd of March as well. Next slide and on High Pro 4, you see the same high volume of deletions on the 3rd of March. Now once again, this may be part of a normal process with how they handle votes, but the timing of this becomes a bit suspect as well as the fact that we didn't see these deletions on hi pro number two. And once again, I don't have a chain of custody for what happened to these votes after they were deleted. It may be a plausible explanation. I simply don't know at this point. Okay, next file. Let's talk about the failure to preserve the operating system logs. As I explained earlier, the earliest time frame that was covered by the EMS logs, security logs, was five February 2021. That clearly does not cover the election time period. Now there's a very good reason why it didn't. And if you go down to that last last bullet there, you'll see there were three. Last bullet there, you'll see there were three. There's a user defined setting that you can define how much quantity of logs are retained before they get overwritten. In this particular case, the EMS security log setting was set to 20 megabytes of data.

Senator Sonny Borrelli

So

Ben Cotton

the Windows operating system will preserve all the security logged entries up until the point at which it reaches 20 megabytes of data. At that point it starts following a first in, last out approach to log retention. So as you create a new entry, an older entry is deleted and overwritten inside of that that log file. Now, first and foremost, we need to remember that we do have that 22 month federal mandate. So it's clear that at least what existed on the EMS when we received it as part of this audit, we did not have the time period covered by that federal mandate as it was supposed to be covered. That security log was not turned over as part of any other documents that we have by Maricopa County. So I'm going to assume at this point that it's not available for us to look at or else they would have taken turn that over to us. Now if you look at that last bullet, that first in, first out approach all of a sudden becomes readily apparent as to what happened on these distinct dates. So on each of these dates, an individual executed a script and that script repeatedly looked for a blank password for all of the accounts on the system. Depending on the system, there were only about 16 accounts that were present on a given system. Okay, so this script was run Multiple times on 2.11, 462 log entries were overwritten by this script. On 3 March, 37,686 log entries were overwritten by this same script. On the 12th, which is the day before we received the system, there were 330 log entries overwritten by that script. Now, the challenge here is that I know that this occurred. I know which account did it. It was the EMS admin account. If you reflect back to what I just said about the lack of accountability of assigning that username to an individual, it now becomes extremely difficult to prove who did it. Okay? Now, luckily we happen to have some historical data from the M Tech video feeds. And so we leverage that data to backtrack and align these times. And we have captured screenshots of Maricopa county people at the keyboards during those time periods. Okay? Now we've identified that those individuals, but we will not release their names because we understand what the scrutiny is and what the impacts would be to those individuals. But I just want to tell you that the very point that they did not have ems. Now remember the lack of log retention at this point, we could not find any logged entry that corresponded to the to this activity. Okay? From security logs. Those Windows security logs only went back to the fifth, but everything was purged on the context of the election to be audited. But that clearly was not the case in this instance.

Doug Logan

Just to clarify. So this is a log file specifically from report report tallying. I'm sorry, results tallying and reporting, which is the Dominion software. That entry says that someone went into the program and clicked on something that said I want to purge all the results for this election that goes through and deletes all of the.

Ben Cotton

We have redacted specific elements to include the host name and the IP address and some of those types of things. But the fact of the matter is, is that those items are record as part of that normal anonymous log activity, you will have the host name that logged into it. You will have the IP address that originated the request. In most cases you'll have the username as anonymous, but that username is then validated against the access control lists and the user authentication mechanisms and validate it. So the very next log entry in a normal anonymous activity is a validation of that user's credentials to access that particular device or process or whatever they were accessing. What you see on the left is something that we discovered in the logs, which is what I call atypical anonymous login. Okay, you will notice that none of those items that are captured by normal activity are present in this log. You don't have an IP address of the originating device. You don't have a host name of the originating device. And furthermore, when I look at these in context of the actual security log itself, there is no validation of a user's credentials. Immediately following this, there are hundreds of these types of anonymous logins in the security logs that we do have. I cannot tell you at this point if the same type or pattern of activity occurred during the election cycle, because these logs don't exist that cover the election. Okay? But I can tell you that without access to that router data and the network data, I cannot validate whether or not these were legitimate accesses. You'll notice that it is a login type 3. So it was a remote access. I cannot tell if this is a legitimate access or an unauthorized access at this time. Next slide, please. So we also took a look at what happened when the EMS was booted up. And let me walk through the methodology here to kind of assuage everybody's concerns. So within the. When we actually imaged all these processes and these systems, by the way, we imaged 770 devices and we gathered over 114 terabytes of original forensics data, okay? And we preserved that in a forensics image file that I could then leverage without fear of modifying or changing anything on the original default device. So we took that that image file and we turned that into a virtual machine. I created a enclave that I could boot that virtual machine up into and that I could then monitor the boot processes without connecting to the Internet, without exposing any voted data to unauthorized users. And I actually booted up the EMS to see what happened, what it was listening for, and to identify if there was in fact any zero day malware in the memory. What we did discover is that, as you would expect, there were a number of ports. This is a normal part of an operating system. Ports are used to establish connections and provide functionality to the operating system. We've discovered 59 of those that were open. And while most of these things were what I would have expected, there were some unexpected high port activity specific to the Win exe, which controls your accesses and your logons and your DNS, which controls your domain name service. So if you go and you type in yahoo.com the computer will use the DNS service to actually determine which IP that is so that you can connect. And then the DHCP server, all of those are normal valid Windows processes. But for example, DNS, the default port on that is port 53. Okay. In the case of the EMS, we not only had the port 53, but we also had DNS monitoring on an, on a high port. And I won't, I won't list that port number here in this open forum, but that was a little bit unexpected. I will tell you that on the EMS that you were utilizing both IP IPv4 and the newer version IPv6 enabled. So the services had dual functions with dual, dual listening ports and things of that nature. There were ports and there were services that were enabled that allowed remote access. Okay, so the RDP protocol, for example, as well as the terminal services were enabled on the ems. Next slide. As part of that memory analysis, we did a complete check of the call outs and the attempts to connect from the EMS out to the Internet. Now once again, the county has repeatedly said that these were isolated systems, et cetera, et cetera, et cetera. The EMS attempted to connect to those IPs, most of which are, are normal. I would take a look at the level three parent, the edge cast connections there and I would probably request from the Maricopa county the documentation for those functions that, that rely on those connections and to determine whether or not those are certified or not. We were not provided any of those, that certification document. But those are the, those are the two items up there that I would ask Maricopa county for some further clarification on. As part of this analysis, I was able to determine that there was no zero day malware in the memory at boot up of the EMS server. Next slide. Let's talk about Internet history and connections. Okay. As you will recall, Maricopa county commissioned two independent auditors to come in. Both of those auditors had a finding that there was no Internet connection at the time that they conducted the audit.

Randy Pullen

Okay.

Ben Cotton

When I initially did the analysis and I was only searching the, what is called the allocated space. So the allocated space is what you as a user see when you open up Internet Explorer or when you open up File Explorer when you see that directory structure, that's allocated space. When I looked at the Internet history of the allocated space, I had the same conclusion as the auditors did. However, I took this one step further. I actually carved the unallocated space in the entire file system for Internet artifacts. And when I did that, the history was significantly different than both the representation by the auditors and the representation by Maricopa county that these systems had never connected or were exposed to the Internet. And we found Internet activity and multiple visits on the EMS server. Three of the EMS client workstations, one adjudication workstation, and then the ReWeb 1610 and the Regis 1202. Now, before I get into this, I want to kind of walk through my methodology a little bit. So it's very common for operating systems to have default URLs, compatibility caches, things of that nature that may have an Internet URL as part of that, part of that artifact. So in order to ensure that we didn't get any of that default data, I only reported on Internet artifacts that one, the date occurred after the installation of the Dominion software. So after the 6th of July of August 2019. And that had multiple visits to the same site, okay. With dates after that time frame. So that would eliminate any of the default URL artifacts that may have been on the system. Next slide please. Okay, so from the EMS server, you'll see that there's actually three visits to the same site on the same day. Okay. That clearly is not a private URL or a private IP address. And so what I can tell you is that the EMS server, at least on that date, was connected to the Internet. Okay, Now I'd also like to point out, point out that relying on the, on the unallocated space for these artifacts, I don't have a complete history of all the Internet connections because things get overwritten, things get changed, things of that nature. But the importance of this is, is that at some point in time, specifically those last visited dates, this device was connected to the Internet. Now if you look at that date, there's also a correlation to the purging of the database. It's the day before the audit.

Doug Logan

Okay, Almost same time. Exactly.

Ben Cotton

Almost the same time, exactly. Okay, obviously this requires an explanation. Okay, next slide please. When we talk about the EMS client, here are the, Here are the connections. Now the nine connections at the, at the top there, you'll see that as far back as February 2020, there were four connections made to the, to that URL, to the Microsoft URL. And then on the 22nd, which coincidentally enough is during the time of the audits, there were five connections to the Microsoft URL. I included that lower set of findings to illustrate that the importance of some of the items that were not produced to us. So not all of the election connected devices were produced to us for analysis. And that IP of a 192-16-810 0.11 is one of the private, It's a private network. That was the election network. And you will see that it accessed a bunch of web pages off of that device, indicating that it was a configurator or it was a file server or something of that nature. I want to draw your attention to that very last line, the mnetworkwirelesslan HTML that was accessed on the 19th, or, excuse me, on the 30th of October 2019. Now, we have not received any information about any wireless LAN configurations, but yet here you have someone accessing it from the EMS client to access what I can only surmise was a wireless LAN configurator on that date. And you can see that the EMS Admin 01 account was used for that. Once again, who the actual human was behind that account, I cannot tell you because of the shared passwords and the shared user accounts, but I can tell you that not all the devices were produced to us that would have shed significant light on our findings. Next slide. Okay, once Again, this is EMS Client 3 and you can see that the last date, last there are six visits to Microsoft.com and the last visit was on the 3rd of February 2021. Now keep in mind that those previous five visits were obviously before that time frame. And we don't have a record by nature of this artifact when each of those visits occurred. Next slide. Okay, now ReWeb 1601 is kind of an interesting case. Now once again, we did not receive any network configuration diagram. We did did not receive any functional information as to the network. It was one of those things that as an auditor, in most cases I can go back to the person being audited or the entity being audited and say, what is this? Okay, how did this function? How did this interact in this particular case? In this particular situation, there was extreme resistance and quite frankly, in my opinion, obstructionistic actions taken by the county to prevent this type of exchange. Now this system clearly was connected to the Internet. Now whether or not that was by design or whether this is one of those isolated and protected systems that the county has indicated never touched the Internet, I cannot tell you. But I can tell you that it had significant Internet access. And this is only something that would fit on the screen, right? There's literally thousands of connections to the Internet by this system. Based on the naming convention, I would assume that this is some form of web based server that was used in the election system because it was produced under the subpoena, which that was one of the requirements for. Now the other thing that I will tell you is that this device was produced to us on an external 4 terabyte hard drive. And originally it was represented to us as this was a Forensics image of this device. When we actually looked at it, we found that all of those devices that were produced on the external four terabyte hard drives, they were simply an operational system clone of that device and it was not preserved in a forensics manner. What I can also not tell you is what steps were taken on the part of the county to ensure that the unused portion of that hard drive not occupied by this device. I cannot tell you what steps were taken by them to ensure that those were wiped or zeroed out so that we would not commingle data. Okay, so I do want to caveat these findings and the Regis findings with those statements, but clearly these devices had continual and repeated access to the, to the Internet. Next slide. Okay, this is the Regis 1201 and that, by the way, is the host name, not the function of this device. And once again, you see repeated access, that IP address is actually the public IP address for the maricopa.gov public, public URL. Next slide. So I appreciate your diligence and your patience on this. As we think about what I've talked about today, it really boils down to accountability, right? And making sure that our election systems are secured. I will tell you that they were not based on any measure that I, as a IT professional, performing countless vulnerability assessments and incident responses that I have occurred, had a, had a client that engaged me, had this state of a. Of a network, it would have resulted in a failure on our audit. So at this point I would like to remind people that from a totality of what these findings are, there simply is no accountability by anyone accessing these devices. You had shared passwords, you had shared user accounts, you had remote access. If someone could get access to this system, they wouldn't need a zero day exploit. The systems were so far out of date from a security compliance standpoint that it would have taken the average kitty hacker less than 10 minutes using Metasploit to hack this system. And I would like to remind everyone that's listening to this that when you have a network of computers like you have in these voting systems, it only takes one person bringing in a little hockey puck with admin access to provide external remote access to that voting system. And in the situations where you don't have accountability, you have shared username names and you have shared passwords, you simply cannot guarantee the security and the accountability on those systems. And I thank you very much for your time and I'm available for questions if you have any.

Senator Warren Petersen

Thank you, sir. We appreciate that. We're not gonna. We're not doing questions at this time since it's just a presentation. We will have committee hearings that will give everybody the opportunity to ask questions at the the future. So thank you. Okay, we are going to go back to Mr. Logan for those that are looking at your watch. We're we the bulk of this is is done, but there's still some more important things to do. Mr. Logan is going to quickly, because we are running over time, go through his recommendations of what improvements the Senate might be able to help do through legislation. And then Mr. Pullen is going to quickly give his report about the independent ballot count the Senate did. And then we have Ken Bennett standing by, who was our Senate liaison, who will be giving you the observations that he noted when he was there working every day. So can Doug, could you do me a favor and go through those recommendations quickly, please?

Doug Logan

Is it working? Are you clicking? Okay, just click a bunch of times till tell on the screen. We'll talk through it because if I can't control it, it's going to take too long.

Ben Cotton

Okay.

Senator Warren Petersen

And pull your mic up closer, please. So everybody's texting me saying they're having a hard time hearing you guys.

Doug Logan

I have a lot of transitions on it. So if you just click and show it all up at once,

Randy Pullen

You should be working

Doug Logan

maybe. Ah, look at that.

Ben Cotton

Okay, I'm just going to.

Senator Warren Petersen

Whoops.

Doug Logan

So legislation should be considered that links voter roll registration to changes in driver's license. We saw a lot of indications that there was old, potentially old information in the voter rolls. And it's very important that our voter rolls remain clean. If they don't remain clean, it would facilitate. It makes it easier for almost any type of way that someone might want to take advantage of the system. If only the people who are registered to vote and could show up to vote are in the voter rolls, that makes it more difficult. And already when you go into the dmv, you can register the vote, but specifically if you change your license to another state, if you change your address, which are things that people are usually pretty diligent about taking care of, that should also update your voter registration details so that when you're out of state and you're in another state, it's not possible for your old voter rolls to be used by you or anybody else specifically. We recommend. So the NCOA is natural change of address, but something put up at the US Postal Service. I view a ballot basically like money and we should not be, you know, just mailing money to people who are not necessarily still at the address or have moved. So checking the NCOA before you mail out ballots will help make sure that the currency of the ballots are only ever received by individuals who are legitimate voters or still living at that location. So 90 days before the election. In addition, it should check it right before mail in ballots. We are not ever effectively mailing currency out to an address where someone has moved to another state. I understand that the EPM and guidance from the Secretary of State suggests that the ERIC and Social Security Master's death list and others should be checked regularly against voter rolls, but I believe it needs a little bit more oomph to it and that there should be a legally required frequency for counties to do so to make sure that the regular being maintained rather than just a guidance that it should be done at some stage. Let's talk a little bit about election software, both from the report I have out of Antrim and specifically with what some of the inconsistencies and oddities that we're finding about the voter roll system both here and quite frankly across the country. I highly recommend that we pass legislation where that requires that these applications that are extremely important are built up to a higher standard and specifically are making sure that they're ensuring the confidentiality and integrity of the systems. The Open Web Application Security Project is known as a leader in the application security space and they specifically have something called the Application Security Verification standard or the ASVs. It has levels one through levels three. Level three is for a sensitive system and I would highly recommend that would be a requirement for anything associated with voter roles or voter systems that they would build up to that standard. Doing so, make sure that the application itself has the necessary standards built into it in order to make sure things aren't altered and that there are appropriate logs. If so, in order to take care of that. Specifically with that, it's always a good idea to run the ASVS assessments on a regular basis, usually every three or four years, and specifically that the vendors should be required to attest that the ASVS standard was fully applied. I further recommend that the vendors you shouldn't be able to use the same vendor over and over again for any type of certification activity. It creates too much opportunity for if there was some impropriety by a vendor that it could continue to pass. So rotating vendors at least every three years and putting that in the law would help ensure that not only are these being assessed, but they're set up to a higher standard. And this goes beyond specifically what the EAC is requiring, because quite frankly, based on everything that's being said. The EAC is not requiring anything close to what is necessary in order to protect our election system. And hopefully that will get better over time. But in the meantime, Arizona can be a leader in this area. Okay. Voting machines specifically legislation should be considered that requires fall in of all the SUSE guidelines for election systems and equipment and that any variances against those should be documented. And there has to be risk minos that are signed off and should be public for by the pro for any derivations from those guidelines. Now those guidelines cover pretty much everything that Mr. Cotton was covering today. Everything from setting up baselines on the systems, everything from baselines and network processes, making sure that user accounts are handled properly. All those details are all covered by that. So it's a very simple legislation that basically says that guidance needs to be followed. Legislation should be considered which requires assignment of individual usernames and passwords. Mr. Cotton's talked about that a lot today. Legislation should be considered that it requires real time network monitoring of all election equipment, even on the air gapped networks. So there is some indication of what occurred there. It may seem odd to have that on an air gapped network, but as Mr. Cotton was mentioning, there's very small devices that you can take in and if you can plug them into a network port, you can effectively give the entire network Internet access. I mean they're physically very small, they can be hidden easily. And if you've got real time network monitoring on the systems, especially where the EMS is, you can identify that and at least have a log of it and potentially prevent it before anything happens. And legislation should be considered that would prohibit it Internet capable election management system servers or equipment from being utilized. There's a number of devices that when you look at the serial numbers from the program and SLI audits, they show that they had WI FI cards and stuff put into them. Anytime the capability is within a device, there's the potential for it to turn on, for someone to turn it on and activate it or use it to connect to some other device. So it's highly recommended. If the equipment's not even there, then you can't have a failure to configure create any issues. So legislation that far not just preventing Internet access but but preventing any type of capability in the device would help ensure the integrity, especially as we keep being told that things are not connected to the Internet. From the voting machine standpoint, county employees should have all the administrative access on all election equipment sufficient to independently validate all configuration. The fact that Maricopa county said they did not have the hardware tokens necessary in order to see if they're election equipment was connected to the Internet or not is extremely, extremely alarming. The accountability the county needs to be able to hold vendors accountable. We may use subcontractors, various different actions, but the responsibility always falls on the county and therefore they need to always have all access. That should not be something they can relegate to somebody else. In addition, election voting machines should have a paper backup of all ballots which can be used to confirm the votes were cast as intended. And these machines must be regularly maintained to vendors maintenance schedule. One of the things that was found in some of our examination of the paper ballots is a lot of things were miscalibrated or otherwise not following general manufacturer guidance. If we want to make sure that we get the intended results out of things always, we should make sure that whatever goes through logic and accuracy testing, whatever it is that's a standard equipment being used, is the same thing we're using on election day. And if you're testing a system with something different than what has happened in the real world, it's not a very good test. And legislation should be considered that requires that paper stocks use an election day conform to again to manufacture specifications. And it's been tested properly. Now we think that you should have legislation that should consider creating an audit department that should regularly conduct audits on a rotating basis across all the counties in Arizona. To the best of my knowledge, nobody is currently doing this, but based on the audit we performed, there was a lot of processes and procedures that were not conducive to effective audits. The way that stuff gets better is by regularly checking it and regularly validating it. And now that the whole world is looking at our elections, I think it's very important that we take advantage of that and make sure that what is done in our election departments is brought up to the same standards that financial industry uses and other critical systems. It should not be an area that's lagging when our election. Our voting equipment helps choose the most powerful individual in the world. There's a lot of adversaries that would like to take advantage of that and we need to treat it accordingly and make sure that it is being audited so that those standards are maintained. Legislation should be considered that requires batches of ballots be clearly labeled, separated from each other in a manner that cannot easily mix together and easily connected to the batches run through the tabulation equipment. There was a lot of hoops we had to jump through to even Connect a box of ballots to what was run through the software in order to match those two up. And that is something that should be simple to do again because it facilitates audits and those audits facilitate accountability. Well, a full audit like what we did this time, it cannot always be done. The better the record keeping is, the easier it is to do partial audits to confirm things. And that's something the audit department can do on a regular basis in addition to honest, you know, sometimes doing full audits. But it's just, it's not cost effective to do that every single year. Legislation should be considered to penalize, purposely inhibit a legislative investigation or an officially sanctioned audit of an election. I think why that's in there is a little bit obvious. Audits are really effective when you have the cooperation of the management who controls things and it's very, very difficult to manage them. That's why financial services, if you're your typical financial audit, if you don't comply with the audit, you can literally be put in jail at times. Okay, ballots. Legislation should be considered that will make ballot images and cast vote records artifacts from an election that is published within a few days of the results being certified. For increased transparency and accountability of the election process. These are things that we think is important for the Arizonans American public to be able to see and validate and see with their own eyes. Currently in Arizona we had a judge that stated that we could not make the ballot images publicly available. There should be nothing that links once a ballot comes out of its envelope, there should be nothing that links it back to a person. And there should be absolutely no reason why it shouldn't be public. Legislations further be considered which require all ballots to be cast on paper with security features such as watermarks or similar technology with a detailed account of what papers were used. With our paper analysis, we wanted to be able to say that this is legitimate paper, invalid and real. And we wanted to be able to say this is not legitimate paper. But with, with as many wide number of papers that were used, I think we're estimated over over 10 different copies, different types of paper. It's very difficult to make that. But if there's official paper that's, that's kept track of, it'd be much easier for an audit when it's conducted be able to say without a shadow of a doubt whether it is in fact printed on legitimate paper. Mail and voting should incorporate an objective standard of verification for early for voter identification similar to the ID requirements for in person voting. It seems likely that Mail in voting will continue to increase from a security standpoint. I advocate no more mail in ballots but that's not probably realistic. So that being the case, if it's going to continue, we need to have good identification requirements and that is and thank you for your time, Madam President.

Senator Warren Petersen

Thank you Mr. Logan. I appreciate that very much. Take all those into consideration. I'm sure we'll have more. Let's go now to Senator.

Charlie Kirk

Senator.

Senator Warren Petersen

Sorry, Randy. Mr. Pullen. Randy Pullen was our co legislative liaison there as they saw the work building up quite so much. Mr. Pullen, could you give us just a tad of your background and as to why I selected you to please do this independent count.

Randy Pullen

Thank you President Fan as well as Chairman Peterson. Thank you for your commitment to this forensic audit and your resilience over the last six months as we went through it. Thank you. Okay, just real quickly about me personally graduated from Arizona State University, undergraduate in math and chemistry and an MBA in 1981. I sat for and passed the CPA exam in 1980, became a CPA and I've been a CPA since then employment wise. I started out working on my MBA as a I was working at a engineering company writing software for them and then I joined Deloitte Haskins themselves and began working in their audit department and helped them develop and test the first statistical sampling software system for doing audits. I became a partner at Panel Curve Forester and then again I went back because became a partner at Deloitte and Touche where I focused on financial auditing specifically for bank savings and loans in the hospitality industry. I actually did get involved in forensic audits so I understood how they were function and what you had to do in order to complete them. I started my own company back in the 90s and I still do consulting and accounting services and I also started an IT company in 2001, Wage Watch which still exists this day and we developed software that's still considered some of the best in the industry that we're in. Background wise we the Senate decided they wanted to do an independent count of the ballots in order to confirm the count by the county as well as to count by cyber Ninjas on the first forensic audit. And so that was kicked off on June 28th. They selected me to run that machine count again. It goes back to my experience and knowledge. I immediately got Brian Blim who was the attorney who had worked on the floor of the Coliseum and was the legal counsel that dealt with any forensic issues that came up on the floor during the hand count and by that, by the end of June, he was no longer a contractor with the Cyber Ninjas. He was independent and he agreed to assist in the machine count. We also enlisted a lot of former volunteers who had worked on the floor doing tally counts as well as working in the corrals taking care of the ballot boxes. And so we put together a pretty good team. We went out and found the equipment for doing a machine count and looked at several different varieties and finally decided on I need to stop pushing this. And found the equipment. The quality equipment we found, interestingly enough, was highly considered around the country, is very good equipment. And it's all this is in the report. And we selected two Bantam 1 counting machines that were made by US paper counters. And we also got two paper joggers they're called. And what they do is they help align all the paper before you run it through and do the count on the paper. And again, these ballots are very heavy paper. So when the technician came in and set up the machines and we were testing the paper, he had to make adjustments to the machines that could handle the quality of the paper that we were running through the system. So once we had that figured out, then we had the technician train our volunteers who just worked for us. And then the outcounting started on 714 and we completed it in 12 days. I will tell you that the volunteers worked incredibly hard on this as well as observers we had overseeing what they were doing and we started working at 8 o' clock in the morning and we went until midnight on those days and we had two teams that were working that very, very solid work. So what, here's what we found. The Maricopa county official canvas, you can see it's has been reported earlier. And we did the machine count and it was very close. We were 121 less ballots. Than they had counted. And which again you can see the forensic election audit, that count on the ballots was a little bit less, but all of it's with within a thousand of what Maricopa county did. Not surprising. One of the things we did learn on the machines when we were testing them and setting them up to operate is when they did was a miscount. And we did do recounts based on that. But when there was a miscount, essentially it was an undercount. Okay, so being a little bit less than the official canvas count was not surprising. Now here are some of the things we found and this kind of confirms some of the things that were talked about earlier in these reports. We did find Missing batches and boxes, where you would open a box and it was supposed to have seven batches in it, there would only be six batches in the box. Okay. And then sometimes we found there was eight batches in the box, but only supposed to be seven. So we found these kinds of problems. Am I causing this? Oh, okay. So we were finding. Ms. Missing batches and boxes. We were finding batches and boxes not listed on the boxes. So we kind of like a ghost batch. And then when you open some of the boxes, the batch counts that went with every batch, which was typically supposed to be about 200 in the batch. They weren't with the batch. They were on top of the batch or they're on the side. And so we'd have to go through and figure out manually which. Which batch sheet would. With which. Which batch. Which again, goes back to. If things were done more properly, this would be much easier. It could even been done faster as that. So that's pretty much what we came up with with this. And so again, independently confirmed the numbers that the county and Cyber Ninjas found in the ballot count.

Ken Bennett

Thank you.

Senator Warren Petersen

Thank you. Thank you, Mr. Poll. And we appreciate that very much. We had those who did know we had the ballots, and before we gave them back, we said, well, what do we do if Maricopa county and Cyber Ninjas counts don't match? How do we know which side to go with? And so we decided, let's get a couple of machines of our own and do an independent. Just in case there was a difference, we could have an idea of which side to go with. Thank you. All right. Mr. Bennett, are you still on Zoom with us?

Ken Bennett

I am, Madam President. Thank you.

Senator Warren Petersen

Thank you for waiting so long, sir. I apologize for the delay. Mr. Bennett, would you give us just a tad background about yourself and tell us what your observations were as the Senate liaison?

Ken Bennett

And there's a. I provided it. I have provided a PowerPoint to your staff, and so I would ask that they prepare to bring that up. But in the meantime, I served as the 21st secretary of state from 2009 to 2015. That's the chief elections official of the state of Arizona. I also served as the president of the Senate for four years, like yourself, and another four years as a state senator. So I kind of bridge that. Those two domains, maybe. I've also. I also have an accounting degree from Arizona State University and have worked in numerous businesses, usually as the CEO or cfo, chief financial officer of those companies. And I see the screen, so I'll jump in here. I know our time has gone long. David, you asked me to observed throughout my days there at the audit areas where compliance with our election laws and procedures was accomplished and maybe where they weren't complied with. The as you know, elections in Arizona are governed by the election laws which are adopted by the legislature and the Governor and then a Secretary of State's procedures manual which is promulgated every other year by the Secretary of State's office but has to have the consent of the Attorney General and the Governor as well. And between those two documents there's over 1300 pages of laws and procedures. I'd like to just briefly say that no election can be conducted perfectly because it is administered by imperfect human beings. But that doesn't mean we don't try because it is through our elections that we the people give our consent of the governed as is identified in the Declaration of Independence. And every citizen deserves to know that they are being treated equally under the law as required by the Constitution. So every legal vote has to be accounted accurately and not canceled out by unlawful votes. This report is intended to identify where Maricopa county failed or may have failed to comply with some of these statutes. But having said that, I believe that the majority of our election officials in Arizona are honorable, well intentioned people. So I intend this report in the spirit of constructive improvement but also maintaining appropriate accountability. Let's go to the first slide as we've heard in previous testimony and the slides aren't changing on my screen, but I hope they are at your end. First slide or observation is related to the missing signatures on ballot envelope affidavits and there's some statutes there that now I'm not seeing a change on your slides, but I'll assume that the slides are changing at your end. You'll see the statutes 547, 16, 547 and 48 that early ballots have to be accompanied by an affidavit and by seven o' clock on election day there is a cure period in section 550 which is not noted there. But Ars 16552 is very clear that the election board is to check the voter's affidavit and quote, if it's found to be sufficient, the vote shall be allowed. If the affidavit is insufficient, the vote shall not be allowed and equally prescriptive in the election procedures manual if the early ballot affidavit is not signed, the county recorder shall not count the ballot. As you heard in previous testimony, the scope of this audit did not involve comparing signatures with the voter registration files.

Charlie Kirk

But

Ken Bennett

you had people Dr. Shiva look for and identify a number of missing signatures on ballot envelope affidavits which to the extent that ballots from those envelopes were tallied would violate the above statutes and procedures. Next slide I hope you're seeing is because I'm not seeing it Original and Duplicate ballots without matching serial numbers ARS 1621 A is very specific that all duplicate ballots created pursuant to this subsection shall be clearly labeled duplicate bear a serial number that's recorded on the damaged or defective ballot. And the EPM says something very similar and gives one of the reasons which is to tie the ballots together. The other reason would be to make sure that the votes recorded on the duplicate correctly reflect the votes on the original or damaged ballot. There were approximately 2,500 duplicated ballots where there were no discernible serial numbers recorded on either the original or the duplicate ballot. Obviously this does not comply with those statutes and procedures. The next slide I hope is Missing chain of custody ars 16:621 says that the county will maintain a chain of custody for all election equipment and ballots during early voting, which is kind of the beginning of an election through the completion of provision, provisional voting tabulation or kind of the end of processing ballots. The Senate requested this chain of custody. The county provided a very detailed chain of custody of the ballots that we did receive, but we never received a chain of custody all the way back to the election period as the statute requires. Next item is Insufficient Ballot Paper Thickness this is this is not a major item, but Ars 16.502 says that ballots shall be printed on a paper of sufficient thickness to prevent the printing thereon from being discernible from the back. And there can be debate as to whether this is just for the printing on the ballots or when the ballots are marked with their votes. But there were, as Mr. Logan noted, multiple the audit found multiple thicknesses of paper stock used in the printing of ballots, some of which would allow kind of that bleed through effect which would not be in compliance with the above statute. Next one is common usernames and passwords. As Mr. Cotton noted, the Election Procedures Manual specifically says that applications within the EMS system should use separate usernames and secure passwords for each user or station. And as he noted, he found common use for names and passwords being used which is inconsistent with this guidance from the Election Procedures Manual. Another the next one would be missing serial numbers on electronically adjudicated ballots. An addendum to the 2019 Election Procedures Manual specifies that tabulation machines may be programmed to out stack or to print identification numbers on the ballots with write in votes that are electronically tallied. This process is often known as adjudication. There was, well, Maricopa's system, Dominion, does not use an outstack method,

Ben Cotton

but it

Ken Bennett

does not appear that these identification numbers were printed on the electronically adjudicated ballots as required by this part of the procedure's manual. And the last slide would be. Well, I guess there's a one after this, but the last item is possible ineligible voters. Several articles, which include multiple statutes within IRS 16, as well as many aspects of the Election Procedures Manual, identify Arizona's requirements for an individual to be considered an eligible voter and therefore allowed to cast a legal vote. The audit identified numerous questions regarding possible ineligible voters. However, these determinations were, as you heard from Mr. Logan, made from comparisons between the county's final voted data and private data sources, not the official voter registration data. So further investigation, with the cooperation of the county hopefully is necessary to determine whether ineligible voters were allowed to vote in the 2020 election. And Mr. Logan went into some of the possible categories of, you know, people had moved or deceased or, or other categories that I think you saw in earlier testimony. And the last slide is simply a thank you from me for allowing me to work on this project. And I will conclude, I guess, by saying this, that I have already started to hear from people saying that, well, if the audit failed because it didn't prove that the election was overturned or that there was a different result. Well, as you noted when you began this process, Madam President, and when you began this, this hearing today, there was no predetermined, at least in my mind and I know in yours and Warren's

Doug Logan

and

Ken Bennett

everyone who worked on this audit, there was no predetermined outcome. That if we didn't find this or didn't find that, we have failed. Because it's exactly the opposite. If we identify strengths and weaknesses in our election procedures and statutes and if we confirm that in this case an election was conducted where the hand count of the ballots matches the electronic tally of the election proceed the election system used by the county, I don't consider that a failure at all. That maybe Mr. Logan and his company have identified the most accurate hand counting process that has maybe ever been used in the country. And that's directly in opposition to many within our state and across the country who said that their procedures were terrible or this was that. And nothing could be further from the truth. I, you know, there were a lot of good Honest people that gave a lot of time, as you noted, to accomplish in this audit. Was confirmed.

Senator Warren Petersen

There we go.

Ken Bennett

I offer these, as you requested, as areas where we could make constructive improvement. And I'll leave it at that. That.

Charlie Kirk

Thank you.

Senator Warren Petersen

Thank you, Mr. Bennett. And we're sorry you went last and you had to hold on the longest. But thank you so much for doing this. For some of you may not know, Mr. Bennett did this on his own time, on his own nickel, and he lives in Prescott, but literally drove down almost every single day to be at the audit with the rest of the team to make sure that everything was done accordingly and chain of custody was followed and everything was always documented. So thank you, Mr. Bennett. That was quite a yeoman's job on your part. All right, closing comments. Senator Peterson. I'll let you start.

Senator Sonny Borrelli

Thank you, Madam President. And I'll be fairly brief here. I just, first of all, want to thank you for what you've done with this. You have faced incredible opposition and hostility, and you have handled that with grace and dignity. So I want to thank you and recognize you for that. Again, the goal here is election integrity and making sure our citizens have faith in the process. So as we wrap this up, what are our next steps? What's. Where do we go from here? And I think there's legislation and I think there's law enforcement that needs to be involved. So I'm going to name off, you know, eight bullet points here that I think need to be handled by my colleagues and by our attorney general. First of all, and what I have found perhaps the most unsettling through this whole process is the obstruction that we have seen from the county, the failure to comply with the auditor, a brazen willingness to violate a legal subpoena. Our attorney General said that was against the law. It's truly alarming. And furthermore, to their willingness to expend significant resources, human capital, you name it, to block and to stop this audit, as I recall, it was like $18,000 or something like that for one of their audits that they spent money on. How much money have they spent trying to stop our audit? Has to be in the hundreds of thousands of dollars. But that would be an interesting number to see. Number two, the numbers don't reconcile. As you've seen through. This is a theme throughout all the reports. All of us as citizens, we should be able to pull up these election results, and we should be able to every direction, reconcile the numbers. If I subtract, you know, early ballots or if I subtract, if I Add the rejected. If I, you know, no matter which way, you should be able to come up with a reconciliation so that everything balances. That needs to happen. It appears that they broke the law with duplicate ballots and that's, that's a huge deal that needs to be resolved. We need to get to the bottom of whether that law was broken, how to prevent it in the future, hold people accountable. That did it this time. Churning of locks. The churning of locks. We need to find out why that happened, who did it, what was the motive, what, what and what was there. We need to, we need to get to the bottom of the logs that were there. Chain of custody issue number five. Chain of custody issues number six, a failure to preserve data files. And number seven, cybersecurity weaknesses that were so, that were shown by Mr. Cotton so evident here. Those are not going to get any better. We're seeing people being held hostage via cybersecurity every day and it's constantly becoming more sophisticated. We have to definitely need to up our game there. And number eight, the envelopes with blank signatures. We have a lot of questions there that need to be answered. So with that, Madam President, I look forward to working with my colleagues and with the Attorney General in any way to resolve these issues and to improve our elections and to increase election integrity in the state of Arizona.

Senator Warren Petersen

Thank you, Senator Peterson. Senator P. Peterson is our JUDE Chairman. This started in the JUDE Committee back in December and only appropriate to end up there. And my closing remarks, first and foremost, let me tell everybody that all of these reports are up and posted on our website for you to access all of them. That website is az senate republicans.com az senate republicans.com you can all go there and see all those reports. Second of all, I have already transmitted a letter to our Attorney General's office with all of those reports. That not only includes the everything that we have noted here, but also everything that Senator Peterson has concerns about the Attorney General has that we are asking him to open up a formal investigation so that he can pursue and get seek additional information, additional facts, perhaps get some of these missing things that we were never able to get, verify this, all this information and take the appropriate actions of anything that is necessary to do. I have very every confidence that he will be doing that. I also want to say thank you to my Senate Republican colleagues. When we started this, it was, we had a caucus and every single one of our Republican members said this is important. Our constituents have questions they want answered. We didn't think it was going to be this long. We didn't think it was going to be this expensive or this difficult, but we did it. We hung in there. We did it. And as you can see, we do have some work to do here. We have a lot of work to do because quite honestly, if we don't follow our rules, don't follow our elections, this is how problems can happen. We also know that 18 different states since sent representatives here because, because they have constituents asking the same questions. And the very least, what I think that we can all come out of this is that we need to do audits to some extent. We need to do bigger audits on every election just to make sure that everybody's following the rules. So with that, I want to say thank you to Mr. Logan, Mr. Poland, Mr. Cotton, Mr. Bennett, all, all of you present. Mr. Shiva. Dr. Shiva, thank you for all your hard work. I know this was very difficult on you and your family. Mr. Logan, you've been here for many months and you've left your wife and 11 children back at home. And he has another one due in next month, in a couple, couple of weeks. So you gave up a lot for this. We appreciate it. So to everyone, thank you all very much. Thank you for being so polite, light up there. We appreciate that. And prayers and blessings to everybody and let's, let's move our elections forward. Thank you. We are adjourned.

Doug Logan

Thank you so much for listening.

Charlie Kirk

Everybody, email us your thoughts.

Doug Logan

Freedom charliekirk.com God bless you guys.

Ben Cotton

Speak to you soon.

Doug Logan

For more on many of these stories and news you can Trust, go to charliekirk.com.