• DeGraaf: Security Theater

    November 15, 2024
    No Comments

    Guest Post by Representative Ken deGraaf (R-HD22)


    Please Follow us on Gab, Minds, Telegram, Rumble, Gettr, Truth Social, Twitter

    Welcome to Security Theater!

    “Security Theater” refers to “actions and countermeasures that create a feeling of security among people, without actually improving their safety.”1

    Motion denied! The judge has ruled that the complainant did not present sufficient evidence of an undetectable BIOS attack on machines that were not allowed to be inspected. 

    Recap: The Secretary of State posted BIOS passwords for over 600 machines on an unsecured public website, compromising potentially networked machines statewide. While the AG claimed that “the keys to the kingdom” were two passwords, expert witnesses clarified that it only required one compromised BIOS password for complete system control. Ironically, it was the AG who labeled voting machines as “the keys to the kingdom,” while defending the SOS giving them away. 

    What's peculiar is that despite clear violations of CRS 1-13-708 and federal FISMA laws for handling critical unclassified information, the Attorney General, instead of investigating the breach and prosecuting those responsible for compromising critical information related to one of the nation's highest-value targets, is protecting the incompetence of the Secretary of State with courtroom representation. Since this election involves “one or more federal candidates,” the investigation should engage the FBI3, but where are they? The BIOS compromise is now an active cover-up by the Governor’s office, the Secretary of State (SOS), and the Attorney General (AG).

    Despite public exposure lasting four months, the AG's office defended the SOS's actions and praised her delayed response, forced by public pressure—perhaps SOS should get a trophy for how quickly she pretended to close the barn doors after all the horses were long gone. The AG’s office presented the SOS’s “expert,” who seemed to still be in-processing to his new job. He was part of the Governor's team tasked with addressing the issue by merely checking & resetting BIOS settings without investigating the origins or extent of the BIOS compromise, further contributing to the cover-up. Thus, the Governor's “fix” became just another facet of Security Theater.

    Security Theater is similar to Gaslight Theater, but instead of making people doubt their sanity, it lulls them into believing they are safe while increasing their vulnerability.

    Two passwords needed! Surprise! One BIOS password is enough for full system control. 

    Unauthorized access is prevented by protocol! Surprise! Insider threats, intentional or not, remain one of the most common. The “secured” areas are monitored by 24/7 camera footage that no one has analyzed.

    The Governor’s team fixed it! Surprise! They did not investigate or repair any potential BIOS compromises. The actual expert witnesses testified that BIOS breaches in the DoD generally require destruction of the hardware because it is less expensive to replace than to repair.

    The AG is investigating! Rather than pursuing justice for a criminal breach, the Colorado AG seems complicit in protecting those who compromised the election system. The ongoing cover-up has reached new heights, now joined by the DOJ keeping the compromised system in use.

    The celebrated "Gold Standard" of Colorado’s election security prioritizes perception over actual safety. Under FISMA protocols, the SOS would have identified the individual responsible for storing these passwords in a spreadsheet posted on a public website. Of course, under FISMA protocols the passwords would not be stored unencrypted on an unsecured server. I suspect some low level functionary will soon be trotted out as the scape goat to carry away the sins of the SOS into some quiet promotion somewhere in the machine of government.

    The hidden hazards of security theater: While it may provide temporary comfort, it heightens actual risk by fostering complacency and encouraging risky behavior due to a false sense of security. Misallocated resources towards security theatrics erode public trust when these measures inevitably fail.2

    The expedited passage of SB22-153, dubbed the “Get Tina Act,” criminalized publishing voting system passwords despite constitutional bans on ex post facto laws and whistle-blower protections. This law (now CRS 1-13-708) states that “any person who knowingly publishes or causes to be published passwords or other confidential information relating to a voting system” is subject to felony charges. If the passwords had been on another spreadsheet but similarly unsecured, they would still have violated FISMA regulations.

    Consider this: Who guides County Clerks on password security? The same team that compromised BIOS security in the first place. A determined adversary wouldn’t stop at one password but would likely search vulnerable County-level networks for more.

    Initially, it was reported that 63 of 64 counties were affected; later, inspections were limited to 34 counties with current passwords. However, the remaining counties with older but once-current passwords were ignored. It is highly likely that “the keys to the kingdom” were stored with equally inadequate security at the County level—security comparable to leaving an Xbox under the doormat of an unsecured apartment.

    Contrast this with TinaPeters.US, who revealed a partial BIOS password while attempting to expose vulnerabilities, fulfilling her legal obligations. In contrast, the SOS knowingly compiled passwords in an unsecured spreadsheet on an unsecured server and posted them on an unsecured public website, a clear violation of FISMA.

    While TinaPeters.US was subjected to a severe legal response, the SOS faced AG protection at taxpayer expense and a sympathetic court. This case demonstrated not just the inadequacy of security measures but the prioritization of political cover-ups in protecting the Security Theater of Jena’s “gold standard.”

    Will County Clerks endorse this compromised system by certifying the election with their signature? Only time will tell.

    Stay tuned for the next episode of Security Theater, where we’ll discuss ballot box chain of custody failures and the acceptance of unverifiable utility bills as valid voting identification. All this and more, starring Jared Polis, Jena Griswold, and Phil Weiser.

    References:

    1 Recorded Future on Security Theater

    2 FISMA Law

    3 FBI Election Crimes


    Please Follow us on Gab, Minds, Telegram, Rumble, Gettr, Truth Social, Twitter

    ‘NO AD’ subscription for CDM!  Sign up here and support real investigative journalism and help save the republic!

    SHARE THIS ARTICLE

    Author

    Avatar photo

    CFP Editorial Team

    The Colorado Free Press Editorial Team comprises several writers and CFP contributors. Articles from CFP Editorial Team are collaborations of multiple writers.
    Subscribe
    Notify of
    guest

    0 Comments
    Oldest
    Newest Most Voted
    Inline Feedbacks
    View all comments

    Follow Us

  • Delivering high-interest Colorado news you need to know RIGHT NOW from real people reporting honest, accurate, truthful, and fair facts that are thought-provoking, intriguing and even fun to read!
    © Copyright 2024 - Colorado Free Press
    magnifierchevron-right