Arizona Senate Releases Result of Maricopa County 2020 Election Audit

Arizona Senate Releases Result of Maricopa County 2020 Election Audit

By Corinne Murdock |

Friday afternoon, the Arizona Senate hosted a presentation on the audit of Maricopa County’s 2020 election. The audit presented dual outcomes: while the final hand count matched the county’s official machine count, the audit also discovered several issues that compelled the senate to request further investigation from Attorney General Mark Brnovich.

Arizona Senate Republicans published a complete collection of the audit report and related documents. In response to the claims, Maricopa County tweeted threads with rebuttal information and statements.

The audit presentation began with Dr. Shiva Ayyadurai, who runs the artificial intelligence-focused company EchoMail and was contracted to review ballot envelope images.

He gave a separate review on the Early Voting Ballots (EVBs), which totaled around 1.92 million votes. Some of the key findings Ayyadurai presented were that he allegedly found over 17,000 duplicate ballots. He also claimed that 95 percent of mail-in ballots received by Maricopa County before election day had legible signatures, but then after election day only 5 percent of mail-in ballots had legible signatures.

Ayyadurai emphasized that his data analysis didn’t do signature matching.

Cyber Ninjas CEO Doug Logan and digital security firm CyFIR presented their findings on the county’s voter histories, ballots, certified results, and the voting machines. Some of the key findings from Cyber Ninjas included: none of the numbers from election-related systems matched, just under 28,000 ballots were possibly cast by voters who’d moved prior to the election, files were missing from the Election Management System (EMS) Server, over 284,000 EMS ballot images were corrupt or missing, logs appeared to be intentionally rolled over, election data was wiped from the database, cybersecurity best practices weren’t followed, and software and patch protocols weren’t followed.

The senate’s liaison to the audit, Ken Bennett, issued his own report of the county’s compliance with election laws and procedures. He highlighted the following as issues, some of which overlapped those presented by Ayyadurai, Cyber Ninjas, and CyFIR: missing signatures of ballot envelope affidavits, original and duplicate ballots without matching serial numbers, missing chain of custody records, shared usernames and passwords for election computers, missing serial numbers on electronically adjudicated ballots, and the possibility of ineligible voters.

Maricopa County responded to the audit findings at length in Twitter postings. For clarity’s sake, their remarks are reproduced in one compiled statement below: (also included are the original links to prior posts linked by the county)

CLAIM: 23,344 mail-in ballots voted from a prior address. BOTTOM LINE: Cyber Ninjas still don’t understand this is legal under federal election law. To label it a “critical” concern is either intentionally misleading or staggeringly ignorant. AZ senators should know this too. EXPLANATION: 1) Military and overseas voters can cast a “federal only ballot” despite living outside the U.S. The address tied to their ballot would be their prior address in AZ. 2) People are allowed to move from one house to another (or even one state to another) in October and November of an election year (yes, shocking!). If the driver’s license address matches the voter registration address, they are still allowed to vote. 3) For the November General Election Maricopa County had 20,933 one-time temporary address requests. In addition, snowbirds and college students tend to have forwarding addresses when they are out of the county. 4) Mail-in ballots are not forwarded to another address.

CLAIM: 10,342 potential voters that voted in multiple counties. BOTTOM LINE: There are more than 7 million people in Arizona and, yes, some of them share names & birth years. To identify this as a critical issue is laughable. EXPLANATION: 10,000+ votes in multiple counties is unlikely. More likely: different people, same name. Example: if you search for Maria Garcia born in 1980, you’ll get 7 active voters in Maricopa County and 12 statewide. And that’s just one name. If Cyber Ninjas understood data analysis, they would have performed standard processes to rule out situations that lead to faulty conclusions.

CLAIM: 9,041 more ballots returned by voters than received. BOTTOM LINE: This suggests a lack of understanding about how EV 33 files work. It’s not unusual for more ballots to be returned by voters than received. EXPLANATION: The majority of these involve cases where voters returned a ballot without a signature or with a signature discrepancy. In those cases, election staff contact the voter to ensure their vote counts. The most common reasons for a single voter having multiple entries in the EV 33 file are: a voter sent back an envelope unsigned[, or] there’s a signature discrepancy. A record for the original ballot is entered into the EV 33 file (where we track returned ballots). A second entry is recorded when a ballot envelope is signed or the signature discrepancy is resolved. The appropriate conclusion to draw from this finding is that the early voting team was performing their statutory-required responsibility by reviewing signatures on all returned mail-in ballots. […]

CLAIM: Election management database purged. BOTTOM LINE: This is misleading. Nothing was purged. Cyber Ninjas don’t understand the business of elections. We can’t keep everything on the EMS server because it has storage limits. We have data archival procedures for our elections and @MaricopaVote archived everything related to the November election on backup drives. So everything still exists. EXPLANATION: The Election Management System (EMS) database does not store election information forever. That’s what archives are for. The Feb 2nd activity referenced in the report was simply standard practice in the data archival process. The EMS server needed to be readied so our certified auditors could test the equipment for accuracy. The Senate never subpoenaed our archives.

CLAIM: Election files deleted. BOTTOM LINE: This is misleading. As stated above, servers have space limitations. Files are not deleted; they are archived. The Senate never subpoenaed our EMS archives.

CLAIM: 263,139 corrupt ballot images on the county’s EMS server. BOTTOM LINE: This is inaccurate. The server isn’t the place to find all ballot images. We provided the hard drives that contain all ballot images and confirmed these images were not corrupted and could be opened. BACKGROUND: These claims of “deleting” and “purging” are reminiscent of the false claim Cyber Ninjas made in May, accusing Maricopa County of deleting an election server. The truth was, the Ninjas looked in the wrong place for the info. It was there all along. They just didn’t know how to correctly set up a RAID server. Despite falsely [accusing] us of a crime, Senate contractors have never issued a
retraction or an apology. A note on signature validation[:] we don’t “predict” signatures. We have trained staff looking at every signature. We do a complete signature analysis, the accuracy of which has been proven in court. See Ward v. Jackson. Special bipartisan election boards assist voters who may need assistance w/ signing affidavits. Often, in case of severe medical conditions such as stroke, people may only be able to make a small mark such as an X. Our boards visually affirm the marks are the voter’s correct sig[nature.]

Re: duplicated ballots. Every time a voter has a questioned signature or a blank envelope, we work with that voter to cure the signature. That’s our staff doing their job to contact voters with questioned signatures or blank ballots. Only one ballot is counted.

So why more cured signatures in Nov. 2020? Maricopa County hired additional staff to contact valid voters and allow them the opportunity to cure their signature. That included a night shift of 40 people from Oct. 29- Nov. 10. [By the way], by law, you can cure signatures 5 business days after the election. Maricopa County is committed to following state law and helping people vote. [Fann’s] statement that we just stopped checking signatures is absolutely false. The Senate has determined the County is in full compliance w/ subpoena w/ the hiring of a special master. The County Ballot-on-Demand Printers (Poll Worker Laptop) and Accessible Voting Devices (ICX) were never subpoenaed. If they didn’t ask for it, we didn’t provide it.

[CLAIM:] official results [do] not match who voted: state statute requires that we keep addresses for certain voters protected. Election professionals know that these are not included in the VM 55 voted file. Experienced election auditors would know this too.

CLAIM: 2,382 in person voters who had moved out of Maricopa County. BOTTOM LINE: In the limited time since receiving this report, we have completed spot checks on the voter IDs provided. In the case of in-person voters who had moved out of Maricopa County, we found no discrepancies with the data in the Maricopa County voter reg[istration] system. We could not identify a single voter in this initial review who had cast more than 1 ballot.

CLAIM: 2,081 voters moved out-of-state proceeding election… and this is cause for concern. BOTTOM LINE: We performed a spot check using voter registration numbers that were associated with Cyber Ninjas’ conclusion. No discrepancies were found. Ben Cotton cannot tell you about the internet connection but we can. The tabulation equipment was never connected to a router or the internet. 2 audits confirmed this. We’ve already answered the password question[.] Only staff members who have a direct responsibility are provided access. The tabulation center is monitored by cameras 24 hours a day and seven days a week. We also use a series of passwords that provide different levels of access to tabulation systems and equipment. To access each tabulator, an operator needs a series of two passwords and a security token (key). Prior to each election, we change the password that is used to access the election program and to tabulate ballots.

[CLAIM:] we were intentionally overriding logs is disingenuous. This is part of normal Windows configuration (first in, first out). Maricopa County strongly denies claims that @maricopavote staff intentionally deleted data. As we’ve stated, staff were conducting the March election & compiling info required to comply w/ Senate subpoena. We have backups for all Nov. data & those archives were never subpoenaed. Reminder from Cyber Ninjas themselves: the tabulation equipment did its job and the certified canvass results match closely what #azaudit found on the paper ballots. Per Chairman @jacksellers earlier statement, “everything else is noise.” Despite what Cotton is saying right now, none of this matters on an air gapped network. REWEB1601 (as you might gather from the naming convention) connects to the internet because it is the server for / This is not the election system. We shouldn’t have to explain this.

Re: duplication process. This has already been decided in court in Ward v. Jackson. An excerpt: “These ballots were admitted at trial and the Court heard testimony about them & reviewed them. None of them shows an abuse of discretion on the part of the reviewer. Every one of them listed a phone number that matched a phone number already on file, either through voter registration records or from a prior ballot. The evidence does not show that these affidavits are fraudulent, or that someone other than the voter signed them. There is no evidence that the manner in which signatures were reviewed was designed to benefit one candidate or another, or that there was any misconduct, impropriety, or violation of Arizona law with respect to the review of mail-in ballots.”

In a letter submitted to Brnovich, Fann reiterated that the final audit hand count aligned with the county machine count and called it the “most important and encouraging finding of the audit.”

She noted that Cyber Ninjas spent over 100,000 hours and millions of dollars to complete this audit.

“In the history of democracies – from ancient Athens to today – ours was the most detailed, demanding, and uncompromising election audit that has ever been conducted,” said Fann. “Arizona voters had serious concerns about their election, and they were entitled to the most careful and accurate answers possible. […] The paper ballots in Maricopa County are the best evidence of voter intent because they are under 24-hour video surveillance and physical security, and there is no reliable evidence that they were altered to any material degree. This finding therefore addresses the sharpest concerns about the integrity of the certified results in the 2020 general election.”

Fann also classified several of the findings as concerning. She said that certain issues presented in the audit report needed improvement: the signature verification process for absentee ballots required improvement and additional testing, the voter rolls required better maintenance, the election technology and machinery required more professional management and oversight with better cybersecurity precautions, the counties should be required to have administrator passwords for vote-counting machines rather than a private company, and that evidence is preserved post-election (in reference to the activity log overwrite).

In a subsequent press release, Brnovich revealed that he will have his Election Integrity Unit (EIU) review the Senate’s audit. Until then, the attorney general said that he wouldn’t comment further on specific allegations until the EIU completes its review.

“I will take all necessary actions that are supported by the evidence and where I have legal authority,” stated Brnovich. “Arizonans deserve to have their votes accurately counted and protected.”

Corinne Murdock is a reporter for AZ Free News. Follow her latest on Twitter, or email tips to