Far-right presentation using misappropriated election software alarms experts

A worker in a storage room full of voting machines.
A worker returns voting machines to storage at the Fulton County, Ga., election preparation center on Nov. 4, 2020, in Atlanta. Testing before and after elections shows the voting machines accurately tally the ballots, contradicting unfounded conspiracy theories.
(John Bazemore / Associated Press)

On the third day of the Conservative Political Action Conference this month, two men demonstrated experts’ biggest concerns about attempts to access election machines after the 2020 election.

Using copies of election software that was improperly taken from multiple counties and that has been circulating among election deniers, they presented unfounded claims that they had discovered evidence of fraud and foreign interference. They also discussed their goals of securing jobs as election officials and building a team of computer experts to access elections systems in more than 60 counties in order to prove their theories.

“This is exactly the situation that I have warned about,” Kevin Skoglund, chief technologist for Citizens for Better Elections, said of the presentation during CPAC. “Having the software out there allows people to make wild claims about it. It creates disinformation that we have to watch out for and tamp down.”


Skoglund is among the election security experts concerned that bad actors are using the time between the 2020 and 2024 elections to study election systems and software in order to produce disinformation during the next presidential election, such as fake evidence of fraud or questionable results.

Described as an election integrity presentation, the event wasn’t on the official conference agenda or sanctioned by CPAC, but took place in a guest room at a nearby hotel. Some CPAC sponsors plan and produce their own sessions on the conference’s sidelines.

Only a small number of people attended the presentation in person, but at least 2,800 people watched it live online through a far-right broadcast, according to that show’s host. That broadcast included commentary from election deniers before and after the presentation.

In the weeks after the 2020 election, and for at least the first six months of 2021, supporters of former President Trump arranged to gain access to federally protected election machines and copied sensitive information and software. What they intend to do with the information is not entirely clear.

In two instances, courts or state lawmakers granted access to the election systems. Trump supporters also persuaded election officials or law enforcement to give them access to election machines in Mesa County, Colo.; Coffee County, Ga.; Fulton County, Pa.; and several Michigan counties. It is unknown how many other election systems across the country were accessed, copied and shared.

Skoglund and other experts in cybersecurity and elections say a full investigation into who accessed election machines in 2020 and 2021, who paid for the efforts and how those involved intend to use the information is necessary to prevent misuse.


While the FBI has assisted in some local-level
inquiries, it does not appear to be conducting a national investigation, feeding election experts’ concerns that federal law enforcement is not connecting the dots
between the breaches.

Federal law enforcement doesn’t appear to be investigating the former president’s allies’ attempts, some successful, to access election machines. Experts are alarmed.

March 9, 2023

The quality of the so-called evidence put forward in the CPAC-adjacent presentation was comparable to what was submitted in dozens of lawsuits that lawyer Sidney Powell filed on behalf of Trump after the 2020 election, Skoglund said. Of the 62 lawsuits from Powell and her allies, all but one failed. Many judges dismissed the lawsuits, citing the plaintiffs’ lackluster evidence.

“They find something that looks strange and assume the worst,” Skoglund said of election deniers.

“That’s not how you do credible research,” he continued. “If you find something that looks strange, you have to follow it all the way through to make sure there’s not some other explanation for it.”

The presentation during CPAC was immediately dismissed even by the far-right commentators who broadcast it. Nonetheless, Skoglund was alarmed that it took place.

“The next one may be more potent than this was,” he said.

The presentation was emblematic of the broader effort to perpetuate a narrative about the potential for election fraud across the country, said Harri Hursti, a cybersecurity expert who works with state-level election officials to test vulnerabilities in voting machines.

Several people who aided the efforts to access election machines after the 2020 election are still meeting with states’ lawmakers, local officials and the public, trying to persuade them to abandon electronic voting. In California, the Shasta County Board of Supervisors canceled its contract with Dominion Voting Systems in February, and on Wednesday it decided to count votes by hand in the future.


Hursti said the presenters from the event during CPAC had contacted him beforehand and asked him to look at what they had found. He told them there was a simple explanation for the purported vulnerabilities they believed they had uncovered: It was code from an antivirus program used to identify common bugs that attack computers, he said.

“I was saying to them, ‘You know, you should have taken a look to your own computer and see if you find the same malicious code in your own computer, because guess what? It’s there,’” Hursti said.

One of the presenters, Joshua Merritt, acknowledged the criticism that followed the presentation. He told The Times he intended to pose questions through the presentation in hopes someone would watch the event and help answer them.

“We’re just trying to do the right thing to make sure people have secure elections,” said Merritt, whose affidavit alleging possible foreign interference in the 2020 election was cited in suits Powell filed in Arizona, Georgia, Michigan and Wisconsin. “And that’s been my only motivation behind it.”

The other presenter, former Florida congressional candidate Jeff Buongiorno, did not respond to The Times’ requests for comment. He said during the presentation that the information referenced came from copies, called forensic images, of production servers from three counties. He would name only one: Coffee County in Georgia.

“We have multiple counties’ forensic images,” he said during the presentation. “We’re not going to name the counties.”


Some of the images came from evidence in court cases, and he and Merritt obtained others on their own, Buongiorno said.

“Sometimes you have good Samaritans on the inside who care,” he said.

Merritt told The Times his portion of the presentation was based only on images taken of the Mesa County election system, which were disseminated at an August 2021 cybersymposium held by Trump ally and MyPillow Chief Executive Mike Lindell, and can still be found online. At the event during CPAC, Merritt did not dispute Buongiorno’s assertions that their presentation used information from multiple counties, including Coffee County.

Little is known about who has the information taken in Coffee County, which included copies of every component of the Georgia county’s voting system.

Skoglund, who is an expert witness in an ongoing case involving Georgia’s voting machines that uncovered the improper access to the county’s system, said he was previously unaware that Merritt and Buongiorno had access to information from that system.

“They were not on the list of people that I knew had had that software until then,” Skoglund said. “Which just shows that it has spread further than the dozen people or so that had it.”