Arizona ‘audit’: A multitude of unsubstantiated claims and no proof of fraud

By: - September 24, 2021 8:06 pm

The Senate’s “audit” team presented its report on Sept. 24, 2021. L to R: Ben Cotton of CyFIR, Doug Logan of Cyber Ninjas, Randy Pullen. Photo by Jeremy Duda | Arizona Mirror

The long-awaited and repeatedly delayed report of the Senate’s purported “audit” of the election in Maricopa County featured a plethora of unsubstantiated allegations that files were deleted, equipment was improperly connected to the internet, signatures weren’t properly verified and ineligible voters may have cast ballots. 

The county vehemently denied all of the allegations, and said the election review team’s ignorance of election laws and procedures led them to make false claims.

What effect the “audit” will have remains to be seen. The hand-recount of nearly 2.1 million ballots reached the same result as the official tally: Joe Biden defeated Donald Trump in Maricopa County and in Arizona. (The “audit” concluded that Biden actually won by about 260 more votes than the official election results.)

Nothing was purged. Cyber Ninjas don’t understand the business of elections.

– Maricopa County, via Twitter

Lead auditor Doug Logan, head of the Florida-based firm Cyber Ninjas, presented the audit’s findings along with former Arizona Republican Party Chairman Randy Pullen, CyFir CEO Ben Cotton, former Secretary of State Ken Bennett and Shiva Ayyadurai, an engineer and promoter of conspiracy theories, during a three-hour presentation at the Senate on Friday afternoon. 

Some of the alleged findings were included in draft reports that were widely circulated Thursday evening, while the “audit” team aired other claims publicly for the first time as they made their presentations to Senate President Karen Fann and Senate Judiciary Committee Chairman Warren Petersen.

Inexperience led ‘auditors’ to inflammatory false conclusions, county says

A common refrain was that there may be innocuous explanations for many of the potential problems they found, but the election review leaders don’t know for certain. The “audit” team members lacked experience in election matters, often exhibiting a lack of understanding about common election policies and procedures throughout the past six months. The county wouldn’t cooperate with them in any way, to the point of refusing to even answer questions. 

The most inflammatory allegations came from Cotton, who claimed he discovered that thousands of files had been deleted from election department servers, and that several pieces of election equipment had been connected to the internet. 

In one case, Cotton alleged that someone purged the full results of the general election from the county’s system. Many of the alleged deletions happened before key moments, he said, such as a forensic audit the Maricopa County Board of Supervisors ordered of its tabulation machines in February, or when the county turned over the machines to the audit team in April. 

“So, who did it? Why did they do it?” Cotton asked.

But the county, which fact-checked many of the claims in real-time on its Twitter feed, said many of the files Cotton referred to weren’t deleted at all, but were instead archived and backed up elsewhere, which it described as a standard process. 

“Nothing was purged. Cyber Ninjas don’t understand the business of elections. We can’t keep everything on the EMS (Election Management System) server because it has storage limits,” the county said

And the county said none of its employees have intentionally deleted any data, and that any claims that they “were intentionally overriding logs is disingenuous. This is part of normal Windows configuration.”


Maricopa County said the allegation was reminiscent of another claim Cotton made in May that he’d discovered deleted files. The county said the claim was inaccurate and that Cotton simply didn’t know where to look for the data. 

Cotton also alleged that several pieces of computer equipment were connected to the internet, though he largely focused on things besides tabulation machines, which are air-gapped to prohibit any online connections. 

“I would like to sit here today and tell you I had fully ruled out any unauthorized access, but … I cannot do that at this time,” he said.

The county said its tabulation equipment was never connected to the internet and that Cotton’s claims were misleading. One of the machines Cotton cited was connected to the internet because it’s the server for the Recorder’s Office, the county tweeted, adding, “This is not the election system. We shouldn’t have to explain this.”

One of the alleged cybersecurity lapses that Cotton explained was that the county failed to update tabulation machines with patches to their security systems since 2019, when the county elections department acquired them. 

But he left out some important details that would have explained why it’s rare for such systems to be updated. Because the machines are part of closed networks that aren’t connected to the internet, all patches must be approved by the U.S. Election Assistance Commission, a far more rigorous process than simply downloading an upgrade for periodic, automatic upgrades like conventional consumer software does.

The issue came up in the Michigan Senate’s review of a debunked audit of the election in Antrim County, Mich., which Cotton participated in. John Brakey, a former official with the audit, told the Arizona Mirror he’s explained the issue to Cotton.

Logan’s portion of the presentation covered the hand count and other reviews of the physical ballots and the processes used to cast them. While he acknowledged that the hand-count affirmed Biden’s win in Arizona, he cast doubt on various batches of ballots, alleging that thousands of mail-in votes were cast by people who had moved to different addresses than the ones listed on their registrations, that some potentially dead voters cast ballots, and that others may have voted in multiple counties.

Logan said one of the audit’s findings, that 3,432 more ballots were cast than were shown in a file of voters provided by the county, was resolved when election officials explained on Thursday that those voters didn’t show up in the files because their addresses are protected. The addresses of certain voters, such as law enforcement members, judges and domestic violence victims, are kept confidential under state law. 

“I can’t validate whether that’s accurate or not accurate. That is information we just received,” he said. 

The county argued that Logan’s findings were largely the result of him not understanding election procedures, and said spot checks of some of his claims found no discrepancies.

Earlier in the day, a group of election experts working with the bipartisan States United Democracy Center raised a potential problem with Logan’s findings regarding the ballots, which were part of the draft reports from Thursday. Logan’s team used commercial databases that are sometimes out of date or otherwise inaccurate to conclude thousands of voters didn’t live at their registered address; those databases rely heavily on change-of-address, which are not always indicative of where a person lives for voter registration purposes, and people can direct the companies to remove or stop updating their data.

The first presentation was made by Ayyadurai, a conspiracy theorist known to fans as Dr. Shiva, who outlined his alleged findings regarding voter signatures on ballot envelopes. Ayyadurai claimed he found several thousand early ballots that shouldn’t have been approved and verified by election workers because they either lacked signatures or had signatures that were only “scribbles” and couldn’t be verified.

Ayyadurai and the “audit” team did not have any of the voters’ signatures that election officials used to verify the early ballots. 

And many of the instances of “duplicate ballots” that he focused intently on were because voters who fail to sign ballot envelopes or whose signatures don’t match voter registration records are given an opportunity to fix the error — and can do so up to five days after the election.

Fann: We never looked for fraud

While many “audit” supporters declared that the audit proved the election results were wrong and that Trump was the election’s rightful winner, Fann declined to say there was fraud, instead saying it showed numerous flaws with the election system in Maricopa County that the legislature needs to address.

“I have never said the word ‘fraud’ since Day One because you don’t say ‘fraud’ unless you can prove it. And you can’t prove it just by doing an audit. Fraud is intentional malfeasance, intentional actions. We can’t prove that there were intentional actions that caused these problems. What we do know is that there were problems and that they need to be fixed,” Fann, R-Prescott, told reporters after the presentation. 

Fann referred the findings to Attorney General Mark Brnovich for review. The “audit” team made a number of allegations about possible illegal activity, such as Cotton’s claims that data was deleted and Bennett’s claims that election workers ignored laws on chain-of-custody for election materials and other statutes. 

“Arizona voters deserve an unimpeachable electoral process—and the State Senate is already working hard on new legislation to deliver that,” Fann said in a letter to Brnovich. “As the Senate enters that next phase, there are several items in the reports that merit the attention of your office.” 


In a press statement, Brnovich said, “I will take all necessary actions that are supported by the evidence and where I have legal authority. Arizonans deserve to have their votes accurately counted and protected.”

The audit team also proposed a series of changes to Arizona’s election laws, including tightening up rules on maintaining voter rolls, creating a state audit department, making ballot images publicly available online and making it a crime for anyone to obstruct or interfere with a legislative investigation. 

Fann suggested that Gov. Doug Ducey could call a special session to make at least some changes while they await the results of Brnovich’s investigation, as well as additional review of data from the county’s routers, which Fann subpoenaed but the county refused to turn over for months. The county and Fann reached an agreement last week in which former Congressman John Shadegg will serve as a special master who will answer the Senate’s questions about the routers and associated data logs, which will remain in the county’s possession.

Ducey quickly made it clear, however, that any changes to the law stemming from the audit will have to wait, tweeting that the legislature should take up any such proposed changes in the next regular session that begins in January.

The governor, who has mostly refused to comment on the audit for months, suggested that it’s time to move on.

“When it comes to the audit, like the three audits that preceded it, it’s now over. The outcome stands and the 2020 election in Arizona is over,” he said.

Jack Sellers, chairman of the Maricopa County Board of Supervisors, excoriated the audit team and its report, saying they made wild and baseless claims that falsely accused county officials and workers of crimes.

“The Cyber Ninjas’ opinions come from a misuse and misunderstanding of the data provided by the county and are twisted to fit the narrative that something went wrong,” he said. 

From baseless claims to biased ‘auditors’

The audit, which had its origins in the weeks after the election in the false and baseless claims that the election was rigged against Trump, was plagued by problems and beset by drama from the beginning.

Fann subpoenaed ballots, tabulation machines and other election materials from the county in December, despite a total lack of evidence of any fraud, malfeasance or irregularities. The Senate ultimately prevailed in litigation that the county brought challenging the subpoenas.

When Fann announced her audit team in March, it quickly became apparent that its members had no relevant election experience and were committed supporters of the conspiracy theories that the election was stolen from Trump. 

Fann told Capitol Media Services, “You can’t tell me they’ve been involved in conspiracy theories.” But Logan’s advocacy of conspiracy theories became quickly apparent as the Arizona Mirror uncovered Logan’s deleted Twitter account, which he used to promote false claims about election fraud — including in Arizona. 

But Logan was far more than just a keyboard warrior: He’d taken an active role in the #StopTheSteal movement and was working directly to overturn the election. For example, Logan had authored an “election fraud facts” report for U.S. senators who were planning to object to the Electoral College results on Jan. 6, which included a number of baseless and debunked claims, including the discredited allegation that Dominion Voting Systems, the vendor that provides Maricopa County’s ballot tabulation machines, has ties to the socialist regime in Venezuela. 

And Logan worked with pro-Trump lawyer Lin Wood on his efforts to challenge the election results, The Daily Beast reported. And text messages obtained by the Arizona Republic indicated that Logan had a role in crafting the subpoenas that Fann and Petersen issued to the county in December. 

Other members of the “audit” team had similarly problematic ties to the #StopTheSteal movement. CyFIR and Logan had both been involved in a widely discredited report alleging fraud and irregularities in Antrim County, Mich. The lead contractor on the report was Russell Ramsland of Allied Security Operations Group, Fann’s first choice to lead the “audit.”

Wake Technology Services, Inc., which originally led the hand count portion of Fann’s audit, appeared to be the only member of the team with something resembling experience in elections-related work, having conducted a hand count and audit of election results in Fulton County, Penn. But it turned out that Fulton allowed the audit at the request of a leading #StopTheSteal advocate in the Pennsylvania Senate and that Wake was hired by a nonprofit group led by Sidney Powell, the former Trump campaign lawyer behind the disastrous “kraken” lawsuits against election results in Arizona and other swing states won by Biden. 

When Fann announced her “audit” team, she released a contract showing that the Senate would pay Cyber Ninjas $150,000 for its work. What she didn’t disclose was that the audit would cost far more than that, and that she’d knowingly outsourced most of the funding to outside groups. Cyber Ninjas would not disclose the identities of those funders initially, but one became apparent when Christina Bobb of the right-wing One America News Network announced that a nonprofit she’d started was raising money for the election review.

Our stories may be republished online or in print under Creative Commons license CC BY-NC-ND 4.0. We ask that you edit only for style or to shorten, provide proper attribution and link to our web site. Please see our republishing guidelines for use of photos and graphics.

Jeremy Duda
Jeremy Duda

Jeremy Duda is a Phoenix native and began his career in journalism in 2003 after graduating from the University of Arizona. Jeremy Duda previously served as the Mirror's associate Editor. Prior to joining the Arizona Mirror, he worked at the Arizona Capitol Times, where he spent eight years covering the Governor's Office and two years as editor of the Yellow Sheet Report. Before that, he wrote for the Hobbs News-Sun of Hobbs, NM, and the Daily Herald of Provo, Utah. Jeremy is also the author of the history book “If This Be Treason: the American Rogues and Rebels Who Walked the Line Between Dissent and Betrayal.”