The Washington PostDemocracy Dies in Darkness
Exclusive

Trump-allied lawyers pursued voting machine data in multiple states, records reveal

Updated August 15, 2022 at 3:13 p.m. EDT|Published August 15, 2022 at 12:13 p.m. EDT
Trump attorney Sidney Powell in 2020. (Al Drago/Bloomberg News)
17 min

A team of computer experts directed by lawyers allied with President Donald Trump copied sensitive data from election systems in Georgia as part of a secretive, multistate effort to access voting equipment that was broader, more organized and more successful than previously reported, according to emails and other records obtained by The Washington Post.

As they worked to overturn Trump’s 2020 election defeat, the lawyers asked a forensic data firm to access county election systems in at least three battleground states, according to the documents and interviews. The firm charged an upfront retainer fee for each job, which in one case was $26,000.

Attorney Sidney Powell sent the team to Michigan to copy a rural county’s election data and later helped arrange for it to do the same in the Detroit area, according to the records. A Trump campaign attorney engaged the team to travel to Nevada. And the day after the Jan. 6, 2021, attack on the Capitol the team was in southern Georgia, copying data from a Dominion voting system in rural Coffee County.

Since Donald Trump first suggested the 2020 election might be stolen, Republicans have latched onto the claim. Here’s how it became a litmus test for the party. (Video: JM Rieger/The Washington Post)

The emails and other records were collected through a subpoena issued to the forensics firm, Atlanta-based SullivanStrickler, by plaintiffs in a long-running lawsuit in federal court over the security of Georgia’s voting systems. The documents provide the first confirmation that data from Georgia’s election system was copied. Indications of a breach there were first raised by plaintiffs in the case in February, and state officials have said they are investigating.

“The breach is way beyond what we thought,” said David D. Cross, a lawyer for the plaintiffs, who include voting-security activists and Georgia voters. “The scope of it is mind-blowing.”

A drumbeat of revelations about alleged security breaches in local elections offices has grown louder during the nearly two years since the 2020 election. There is growing concern among experts that officials sympathetic to Trump’s claims of vote-rigging could undermine election security in the name of protecting it.

The federal government classifies voting systems as “critical infrastructure,” important to national security, and access to their software and other components is tightly regulated. In several instances since 2020, officials have taken machines out of service after their chains of custody were disrupted.

State authorities have opened criminal investigations into alleged improper breaches of equipment in Michigan, a case that involves several people who appear in the new records. In Mesa County, Colo., a local elections official, Republican Tina Peters, was indicted on felony charges including conspiracy to commit criminal impersonation and attempting to influence a public servant.

In two counties, SullivanStrickler’s examinations were permitted by courts, though many details surrounding those efforts have not been public. The records show how Powell’s group discussed, exchanged and paid for elections-system data. The plaintiffs intend to bring them to the attention of the judge in the case and provide them to the FBI as well as state and local elections authorities in Georgia, Cross told The Post.

Emails reviewed by The Post show that Powell told SullivanStrickler to share data obtained by the firm with other pro-Trump operatives, some of whom continue to openly push conspiracy theories about the 2020 election.

Powell did not respond to messages seeking comment. SullivanStrickler also did not respond.

The documents shed new light on one front in the wide-ranging battle by Trump and his allies to overturn the 2020 election. The small team of lawyers and security contractors worked quietly to get their hands on the county-level equipment while others around Trump filed legal challenges, deployed protesters to Washington and lobbied Congress and Vice President Mike Pence to reject Joe Biden’s victory.

Trump and his advisers had quickly seized on voting machines as the sites of supposed fraud, making wild allegations of plots involving the makers of the machines and shadowy foreign forces. Numerous recounts and reviews have confirmed the accuracy of the machines used in 2020. Two manufacturers say their systems are secure and have filed billion-dollar defamation lawsuits that are pending against prominent sources of the disinformation.

Powell spearheaded the claims with lawsuits filed in swing states, some with fellow pro-Trump attorney L. Lin Wood Jr. Soon after the election, Powell huddled with other Trump associates for strategy talks around Thanksgiving at Wood’s South Carolina estate.

The following Monday, the documents show, Jim Penrose, a former intelligence official who had been at Wood’s estate, emailed two senior SullivanStrickler executives and others. Penrose helped arrange for people from the firm to travel by private jet to Nevada for what Penrose called an urgent “forensics engagement” and an “opportunity in NV.” The documents do not specify what the work entailed.

Earlier that day Jesse Binnall, an outside counsel to Trump’s campaign who was suing to overturn the result in Nevada, won a court order granting limited access to “testing equipment and programs” in Clark County, which includes Las Vegas.

Binnall replied to the email group asking for a formal agreement that he could sign to authorize the work in Nevada. Among those copied on Binnall’s email were Powell, retired Army Col. Phil Waldron, who later circulated a PowerPoint presentation proposing the seizure of ballots, and Doug Logan, whose company Cyber Ninjas led a Republican review of the election in Arizona.

Binnall promptly signed the engagement agreement, the new records show, and investigators began work in Las Vegas the following day. But the day after that, Binnall complained in a court filing that his team had not been allowed to access certain equipment. He attached a supporting statement from SullivanStrickler’s director of forensics, Gregory Freemyer, though the statement did not identify Freemyer’s employer.

On Dec. 3, SullivanStrickler’s chief operations officer, Paul Maggio, sent Binnall an invoice for “the 2 days we spent in Las Vegas, NV in support of this matter.”

Binnall’s efforts to compel access to additional equipment were rejected by the judge in the case. The case was later dismissed. Binnall declined to comment for this story.

Also copied on some of the emails about Las Vegas was Brian T. Kennedy, a fellow at the Claremont Institute, a conservative think tank. The day after Maggio invoiced Binnall, Kennedy replied: “I spoke to Jesse and he said the payment is in process.”

Later, after Maggio also copied Binnall on another email about data examinations elsewhere, Penrose emailed him to say: “Please do not communicate about any additional forensics work in AZ to the other legal teams. Keep that in confidential channels with me, Sidney, and Doug only.” It is unclear what work in Arizona he was referring to.

Trump’s campaign and political action committee have paid Binnall’s law firm more than $1.5 million for legal consulting since the election, federal campaign filings show. Binnall is now representing Trump in litigation relating to the Jan. 6 attack.

Wood told The Post on Monday that he had no involvement in contracting SullivanStrickler. Penrose, Kennedy, Maggio and Logan did not respond to messages seeking comment.

Network data purportedly obtained from Clark County, which includes Las Vegas, were presented at an August 2021 election-fraud symposium held by MyPillow chief executive Mike Lindell in Sioux Falls, S.D., as The Post previously reported. That data was captured through a county guest wireless network, according to officials, and contained no sensitive information.

A Lindell ally who spoke at the symposium, Peters, the clerk in Mesa County, was later indicted on charges relating to an alleged breach of the voting system. Sensitive data from the system was leaked online. Peters denies wrongdoing. Authorities have not accused Powell’s group of involvement in the case.

‘I am authorizing payment’

While Maggio was awaiting payment for Nevada, SullivanStrickler’s forensics team was called on again, this time for work in Michigan.

On Dec. 4, 2020, a judge in rural Antrim County surprised local officials by ordering them to allow the plaintiff in an election lawsuit to take images of county vote tabulators. The lawsuit was filed by Matthew DePerno, a lawyer who is now the Trump-backed Republican nominee for Michigan attorney general.

State officials made moves to oppose the inspection, but the Trump allies saw their opening and moved swiftly. The county was already under intense scrutiny after initially reporting inaccurate vote tallies that showed Biden beating Trump in a Republican stronghold. The Post and others previously reported that investigators from SullivanStrickler flew to Antrim on a private jet for the inspection.

The new records show Maggio wrote to Binnall the following evening that his team had made it to Antrim and would begin work the next morning. “It is our assumption that we will be working under our existing agreement and maintain the same daily rate / conditions” as in Nevada, Maggio wrote.

A report based on purported findings from the Antrim examination was promoted publicly by Trump and circulated to Attorney General William P. Barr as evidence of fraud. Independent analysts said the report was badly flawed.

Barr told the congressional committee investigating the Jan 6. attack that Trump had said the report was “absolute proof that the Dominion machines were rigged” and that it meant he was “going to have a second term.” Barr said that the report was “amateurish,” and that Trump would have to be “detached from reality” to believe it.

The new records reveal it was Powell who authorized SullivanStrickler’s investigators to work on Antrim — and arranged to pay for their first day’s work. “I am authorizing payment today for Michigan,” Powell wrote to Maggio on Dec. 8, 2020. Maggio replied two days later to say the firm had received a check, adding, “thanks for executing.”

The Michigan judge’s order granting access to the machines had barred the “use, distribution or manipulation of the forensic images and/or other information gleaned from the forensic investigation without further order of this court.”

The new records show that after SullivanStrickler investigators copied the hard drive of an elections server in Antrim on Dec. 6, 2020, Maggio emailed Powell and Penrose, who were not involved in the local lawsuit. Maggio told them the Antrim files would be made available to download from a secure online folder once the firm was paid.

The Antrim data was later publicized during the same Lindell symposium where the Nevada data was shared.

“There’s no real control of this data once it gets copied,” said Kevin Skoglund, an expert retained by plaintiffs in the case. “It’s just loose and out in the world.”

Both Dominion and independent experts have said that, even with the release of data copied from election equipment, there are many safeguards in place to prevent attempts to alter results. Accuracy testing ahead of an election and post-election audits that include the hand-counting of ballots are among the measures intended to detect any such activity.

Two weeks after SullivanStrickler’s team went to Antrim, it began working for Powell in Wayne County. An expected wide margin of victory for Democrats in the county, home to majority-Black Detroit, had propelled Biden to victory in the state.

Trump’s campaign unsuccessfully sought to challenge Wayne County precinct tallies, and then tried to stop certification of the state’s results. The campaign cited alleged irregularities in absentee-vote counting, largely in Detroit.

On Dec. 21, Maggio sent an invoice described as “the retainer for the Wayne County, Michigan work, starting tomorrow. The expectation is that this will be paid prior to any work commencing,” Maggio wrote.

Powell responded a few minutes later, saying her employee would “transfer money promptly, with the understanding that I and Phil Waldron and Todd and Conan will receive a copy of all data immediately.” Powell’s employee was to send a check via FedEx, according to emails.

The emails are the first public indication that Trump allies sought to obtain Wayne County election data.

Wayne County elections officials did not respond to messages seeking comment Monday.

Dispatched to Coffee County

Allegations that machine data had been accessed in Coffee County, Ga., first surfaced in February this year as part of the long-running lawsuit. In a recording of a March 2021 telephone call filed in court, pro-Trump businessman Scott Hall said he had arranged for a plane to take people to Coffee County and joined them as they “went in there and imaged every hard drive of every piece of equipment” and scanned ballots. “We basically had the entire elections committee there,” Hall added. “And they said: ‘We give you permission. Go for it.’ ”

Former local elections official Misty Hampton told The Post earlier this year that she had allowed Hall and other outsiders into her office in the hope that they could identify machine vulnerabilities and show the “election was not done true and correct.” Hampton resigned under pressure last year because she falsified time sheets, according to county officials.

Until now, it was unclear whether those involved in the Coffee County effort successfully obtained data from voting machines. Georgia Secretary of State Brad Raffensperger’s office said in April that it was investigating the possibility of a breach but had found no evidence it had occurred.

The new records show that on the morning of Jan. 7, 2021, as Washington reeled from the attack on the Capitol, Maggio emailed Powell to say his team was “on our way to Coffee County Georgia to collect what we can from the Election/ Voting machines and systems,” adding later that the job was “going well.”

The data obtained by the investigators included copies of virtually every component of the county voting system, including the central tabulation server and a precinct tabulator, according to a directory of file names that Maggio’s lawyer sent the plaintiffs in the Georgia case.

Gabriel Sterling, Georgia’s interim deputy secretary of state, told The Post: “Rogue election officials will not be tolerated in Georgia. Prior to this latest disclosure, the Georgia Secretary of State’s office and the State Election Board had already looped in appropriate authorities, including criminal law enforcement agencies, to assist in the investigation into the alleged unlawful access in Coffee County. That investigation continues and any wrongdoers should be prosecuted.”

A Jan. 7 retainer agreement sent by SullivanStrickler, covering the first day of work in Coffee County by four employees, said the firm was to be paid $26,000 upfront. Maggio noted to Powell in an email that this was in line with “our existing agreement.”

Maggio told Powell the following day that his team would again share the data it had collected. But more than three months then apparently passed, with no explanation given in the emails. In late April 2021, Penrose asked Maggio to send the data and to bill Stefanie Lambert, a lawyer who has represented Powell. Once this was agreed, Lambert replied, “Thank you!”

Maggio later emailed again with a password for accessing the data online and said that a physical copy was to be sent overnight by FedEx.

Lambert was identified this month by Michigan’s attorney general as one of nine people under investigation for an alleged scheme to improperly access voting machines in the state’s Roscommon, Barry and Missaukee counties. The alleged breaches involved machines made by Dominion and Election Systems & Software. Also named in the investigation were Logan of Cyber Ninjas; Penrose, the former intelligence official; and DePerno, the lawyer whose Antrim lawsuit secured access to the machines there.

In an email to The Post, Lambert denied wrongdoing and said the Michigan investigation was politically motivated.

The plaintiffs in Georgia have accused Raffensperger of failing to adequately examine the allegations, alleging in a court filing that his office tried to “avoid revealing that this extraordinary breach occurred and that a real investigation has not.”

Raffensperger’s lawyers responded in court this month by criticizing the plaintiffs for not revealing the Scott Hall telephone recording sooner. They said his office had conducted a “fruitful” forensic review of the county’s election management system and sought assistance from the Georgia Bureau of Investigation.

In June 2021, state officials replaced Coffee County’s election management system server, the central computer used to tally election results.

Attorneys for Raffensperger have told the court that the secretary of state’s office took possession of the old server because a former elections official, whom they did not name, changed a password, making it impossible for others to get into the machine. Hampton told The Post she did not change any passwords.

Hampton’s successor said during a deposition for the lawsuit that his understanding was the server and another piece of equipment were replaced out of concern that they may have been compromised. He also said he was troubled to find a business card for Logan of Cyber Ninjas on Hampton’s desk after he arrived in April 2021, and that he reported this to state authorities but did not hear back about it.

Alex Halderman, a University of Michigan computer scientist who has studied security vulnerabilities in voting machines used in Georgia, is working as an expert for the plaintiffs. He said he feared political actors granted unfettered access to the machines could exploit such vulnerabilities, especially when their access went undetected for more than a year after the election, as it did in Coffee County.

“Where else that we don’t yet know about has this same kind of access been given?” Halderman said. “That’s the real danger.”

In May, the Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory detailing security flaws it found in Dominion voting systems but emphasizing that there was no evidence those flaws had been exploited. CISA was responding in part to a report by Halderman and another researcher.

CISA, an arm of the Department of Homeland Security, flagged the vulnerabilities to election officials in more than a dozen states that use the machines, and notified them of measures that would aid in detection or prevention of attempts to exploit the vulnerabilities.

Bruce P. Brown, a lawyer who represents the nonprofit Coalition for Good Governance, one of the plaintiffs in the Georgia lawsuit, said the state should institute hand-marked paper ballots immediately to protect the 2022 midterm elections.

“These Georgia counties are not equipped to protect their software from attacks from people bent on disrupting the democratic process,” Brown told The Post.

Ellen Nakashima contributed to this report.