“It just seemed so stunning that we thought, well of course there’s going to be a big reaction and the government is going to investigate,” said Greenhalgh, senior advisor on election security for the nonprofit Free Speech For People.
When months passed with no such announcement, Greenhalgh and over a dozen other election experts wrote a 14-page letter to Justice Department leaders in December outlining what they called a “multi-state conspiracy to copy voting software” and asking the agency to open an investigation.
Greenhalgh was baffled when she received a terse, noncommittal response from the FBI a month later that seemed to indicate no action had been or would be taken at the federal level.
Now, just months before the 2024 presidential primaries, it remains unclear whether any federal agency has plans for a comprehensive investigation of the effort to gain access to election systems. Election and law enforcement experts are concerned that the stolen information might be used to interfere with future elections and that the FBI and Justice Department may be sending the wrong signal to those responsible if agencies don’t investigate.
Without a national investigation, “we’re never going to know what the overall plan here was,” Greenhalgh said.
“Don’t we need to know that?” she continued. “We don’t know what this was all about, and it’s dangerous to guess or assume that, ‘Oh well, because President Biden was inaugurated on [Jan. 20], this no longer poses a threat.’”
The bulk of what is known about the effort has come from investigative reporting, a handful of state inquiries and a years-long federal civil suit against Georgia authorities over the security of the state’s elections. Those sources found that an organized network of people scrambled to access county election systems in the weeks after the 2020 election and in at least the first six months of 2021.
In two instances, courts or state lawmakers granted access to the systems. In a handful of states, Trump supporters convinced election officials or law enforcement to give them access to election machines, including in Mesa County, Colo.; Coffee County, Ga.; Fulton County, Pa.; and several Michigan counties.
After obtaining access, third parties copied sensitive information, including software used in election equipment in a majority of U.S. counties, and shared the information with an unknown number of people. It is not clear that every county where election systems were accessed has been identified. Those involved have indicated in news reports that similar efforts to access election machines were made in several other states.
Despite evidence that the same people were involved in multiple states and that the effort was funded in part by prominent Trump supporters including his former lawyer Sidney Powell, there is little indication a federal inquiry is underway.
“Because there is a nationwide pattern here involving the same people, and because of the risk that those individuals will organize this yet again, I think it is … important that federal authorities look at the larger pattern,” said Norm Eisen, a longtime election lawyer who was involved in Trump’s first impeachment. “It needs to be analyzed as a recurring pattern so that that pattern does not continue to occur in the future.”
Election machines are considered part of the United States’ critical infrastructure, on par with the electrical grid, dams and nuclear power plants, and are supposed to be kept under lock and key, with county officials keeping tight records of who accesses voting system hardware and software to prevent manipulation or tampering. Several jurisdictions where third parties have improperly accessed election machines have had to replace compromised hardware at taxpayer expense.
Greenhalgh, who is a consulting expert for the plaintiffs in the Georgia civil suit, said she was aghast when people allegedly involved in accessing the Coffee County election system, and believed to have accessed machines in other states, said in depositions that they hadn’t been contacted by federal agents.
“The attorneys were asking people who were directly involved in what was potentially unlawful activity in Coffee County, ‘Have you been contacted by law enforcement? Have you been contacted by the FBI office? Have you been contacted by the [Justice Department] or special counsel?’ And they were saying, ‘No, no, no,’” Greenhalgh said.
The four-paragraph letter she received from FBI Public Corruption and Civil Rights Section Chief R. Joseph Rothrock did not address whether a national investigation was underway. Nor did the letter contain boilerplate language typically used by the FBI and Justice Department stating that the agencies will not confirm or deny the presence of an investigation.
“Though the FBI may provide investigative support to state and local authorities, a formal request for assistance must be made by the investigating authority. Should the local authorities make such a request, the FBI will assist as deemed appropriate,” the letter states.
The Georgia State Elections Board made such a request. It publicly announced at a September 2022 meeting that it had asked for the FBI’s assistance “because the conduct in Coffee County paralleled conduct in other states.”
FBI spokespeople declined to answer questions from The Times about the letter or whether a national investigation was underway.
“It’s absurd. It’s absolutely absurd. There’s no question that the [Justice Department] has the authority to investigate a potential federal crime within a state without getting an invitation,” Greenhalgh said.
The FBI has assisted with investigations in at least two states. A spokesperson for the Georgia Bureau of Investigation said the state agency had worked with the FBI in its investigation of the Coffee County incident, but had not made a formal request for assistance.
In September, the FBI obtained a warrant to seize the cellphone of MyPillow executive and Trump ally Mike Lindell. Lindell said on his online TV show that agents had questioned him about Tina Peters, the Mesa County, Colo., clerk who was indicted in March 2022 on accusations that she helped an outsider gain access to election systems in May 2021, allowing sensitive data to be copied. Peters’ trial was recently paused so both sides could review a trove of new evidence provided by the FBI.
Greenhalgh said election experts are concerned that federal law enforcement agencies are not connecting the dots between different state investigations.
“If [investigations are] limited only to the states, we’re not going to know … if there is a bigger intention, what it is, and what threat it might pose to our nation’s security and election security going forward,” she said. “If this was the electrical grid or nuclear energy plants, or the water supply, and if people who had engaged in efforts to undermine and overthrow our elected government officials then were going to access the software that controls other critical national security assets, wouldn’t the federal government be interested in investigating that? I would hope so.”
The FBI might be waiting to see how state investigations turn out before launching its own inquiry, said David Becker, executive director and founder of the Center for Election Innovation & Research.
Becker, who spent seven years as a senior trial attorney in the Justice Department’s Civil Rights Division, said it isn’t clear that accessing the machines and copying the information is actually a violation of federal law.
“You don’t want to bring a criminal case where your case is that ‘arguably’ the law applies,” Becker said. “You want to get a conviction, especially in a case like this. If I were a prosecutor in a case involving this kind of election denial, I want to be damn sure I’m gonna get a conviction, because an acquittal might be used to further the disinformation machine.”
But Mark Bowling, who spent 20 years at the FBI working on cybersecurity, said that given the available information, he believes the Justice Department could investigate under several election fraud and computer fraud statutes.
He pointed to states where local law enforcement hasn’t investigated allegations of attempts to access election machines, and said it was “disappointing” that the FBI hasn’t conducted an independent, nationwide probe.
“We haven’t been told on a national level that there was a commitment to ensure that all of the elections and all of those locations [and] any allegations have been effectively investigated,” Bowling said. “I think it’s important that that message be communicated that the premier law enforcement agency in the world has looked into this, and has looked into this with all of its capabilities.”
Meanwhile, special counsel Jack Smith, whom Atty. Gen. Merrick Garland appointed in November to oversee the Justice Department’s sprawling criminal investigation into efforts to overturn the 2020 election, doesn’t appear to be focused on election machines.
In November, Smith issued subpoenas to county officials in at least seven states, demanding communications with Trump and his employees, agents and attorneys for his campaign, including Powell. But those subpoenas don’t reference any of the people believed to have been present when election machines were accessed.
Smith’s investigation instead appears to center on potential charges of conspiracy to defraud the United States based on the Trump campaign’s scheme to use fake state electors to usurp the official congressional tally of legitimate votes.
Cybersecurity and election experts say that a full investigation into who accessed election machines in 2020 and 2021, who paid for the efforts and how those involved intend to use the information is necessary to prevent problems in the future.
One concern is that no one has been able to determine how many people have the information taken from Coffee and Mesa counties, and who those people are, election technology expert Kevin Skoglund said.
“It’s certainly better for four people to have it than 40, and better for 40 to have it than 400, and better … 400 than 4,000,” he said. “It does make a difference how pervasive it is out there.”
Matt Crane, head of the Colorado County Clerks Assn., said the images Peters allegedly allowed to be taken of Mesa County’s election management system, the central computer used to tally votes, are “out in the wild” — they were disseminated at an August 2021 cybersymposium held by Lindell and posted online, according to officials.
“I don’t think they have any idea how many people have [an image of the election system], or what they’ve done with it,” Crane said.
Even less is known about who has the information taken in Coffee County, which included copies of every component of the county voting system. According to the letter sent by Greenhalgh and other experts, the Georgia plaintiffs have discovered that the information was uploaded to an online file-sharing site and downloaded multiple times, including by a person allegedly involved in accessing the Mesa County system.
Becker said that even with a road map, it would be nearly impossible to affect the outcome of a national election given the security measures already in place.
“Even if someone mapped one of these things out and could figure out a way to inject some code into these machines, it would be very hard to do to scale, because they’re not all linked on the internet and it would be almost guaranteed to be discovered,” he said.
Skoglund said he’s concerned that in-depth knowledge of election systems and software gleaned through years of studying stolen information will allow bad actors to produce more believable disinformation during the next presidential election.
He pointed to how Trump seized upon a court-approved forensic report of the 2020 Antrim County, Mich., results that was produced by several people involved in accessing election machines in 2021. The report alleged there had been a broad conspiracy to rig the election and claimed that Dominion Voting Systems machines were “intentionally and purposefully designed” to mark ballots as faulty so election administrators could change the results.
Election experts quickly pointed out glaring errors and omissions in the report, but it was too late.
The Trump allies’ report on Antrim County “went all the way to the White House and landed on the president’s desk,” Skoglund said. “You can’t get more effective disinformation than that. And the report was full of incorrect information, but the public had no way of knowing because the public can’t see it; even experts can’t see the software and validate it.”