What legal standards govern access to voting machine 'trusted builds' and how did Mesa County procedures compare?
Executive summary
Federal and state certification regimes require that voting systems be tested, documented, and maintained with verifiable software versions and audit artifacts; routine maintenance procedures such as “trusted builds” are conducted under vendor and secretary-of-state oversight to preserve that chain of custody and records [1] [2]. Mesa County’s 2021 trusted build diverged from those norms in practice — investigators say unauthorized access, undocumented copying and later public releases of system images and passwords prompted decertification, county-level replacement votes and sustained legal controversy [3] [4] [5].
1. What the law and federal guidance actually demand of trusted builds
Federal and state frameworks treat a voting system’s software image and associated logs as part of its certified configuration, requiring submission of software copies, hash codes and documentation to testing authorities and adherence to chain-of-custody and record-retention practices to enable post-election audits and verification (Maricopa/EAC summary; p1_s7), while state certification regimes vary in detail but similarly require that upgrades be tested or recertified unless deemed de minimis (Arizona SOS guidance; [6]3). The National Institute of Standards and Technology and the Election Assistance Commission establish baseline technical testing and hashing practices that presuppose controlled physical access, documented procedures for upgrades, and preservation of event logs and adjudication files so that any later forensic review can validate what was run on election night [1].
2. Standard operational controls around trusted builds in practice
In practice trusted builds are typically performed by vendor technicians with oversight from a state elections official and a small set of authorized county staff so that the upgrade is applied to certified hardware in a way that preserves audit artifacts — counties are explicitly directed to save necessary data to external media before upgrades if they wish to ensure full auditability (Colorado SOS guidance noted in reporting; p1_s8). The guidance reflected in certification and county procedures presumes limited, authenticated access during upgrades, camera and log retention for accountability, and pre- and post‑upgrade testing [1] [2].
3. Where Mesa County’s procedures deviated, according to official findings
Colorado investigators and the Secretary of State’s office concluded the Mesa County trusted build on May 25, 2021, included unauthorized access when non‑employees were admitted and photos and images of system passwords and hard drives were taken and later posted online, breaches the state linked to the trusted build itself and which led to decertification orders and a county decision to replace equipment or hand-count ballots for upcoming elections [3] [5]. Reporting states that Mesa County clerk Tina Peters allowed an unauthorized observer into the build, that images and passwords were leaked, and that the Secretary of State said the event implicated deletion or loss of some system files mandated by Colorado certification requirements [4] [6].
4. Conflicting claims and legal nuance around record destruction
Supporters of Peters point to forensic images she arranged before the build as evidence that data was preserved and argue the vendor or state restored data during the process; the Secretary of State’s office and other officials counter that counties are directed to back up data and that event logs may not meet the statutory definition of election records under federal law, a legal argument noted in contemporaneous county documents and press coverage [7] [8]. Courts have not uniformly adjudicated whether every log file is an “election record” under 52 U.S.C. § 20701, and the reporting shows that legal interpretations and forensic claims remain contested in multiple filings and local hearings [7].
5. Consequences and how practice changed afterward
The practical fallout was immediate: equipment was decertified, Mesa County commissioners voted to replace Dominion equipment or to hand count where necessary, and subsequent clerks implemented more visible security and transparency measures — including public observation provisions and enhanced surveillance and auditing tools — to rebuild voter trust after the breach and legal turmoil [5] [9]. The episode illustrates that the legal standards — certification, hashing, documented upgrades and restricted access — are only as effective as local compliance and oversight, and that deviations in procedure can trigger decertification and costly remedial steps even where technical outcomes (the vote totals) later matched hand counts [9].