Sensitive election system files obtained by attorneys working to overturn President Donald Trump’s 2020 defeat were shared with election deniers, conspiracy theorists and right-wing commentators, according to records reviewed by The Washington Post.
A Georgia computer forensics firm, hired by the attorneys, placed the files on a server, where company records show they were downloaded dozens of times. Among the downloaders were accounts associated with a Texas meteorologist who has appeared on Sean Hannity’s radio show; a podcaster who suggested political enemies should be executed; a former pro surfer who pushed disproven theories that the 2020 election was manipulated; and a self-described former “seduction and pickup coach” who claims to also have been a hacker.
Plaintiffs in a long-running federal lawsuit over the security of Georgia’s voting systems obtained the new records from the company, Atlanta-based SullivanStrickler, under a subpoena to one of its executives. The records include contracts between the firm and the Trump-allied attorneys, notably Sidney Powell. The data files are described as copies of components from election systems in Coffee County, Ga., and Antrim County, Mich.
A series of data leaks and alleged breaches of local elections offices since 2020 has prompted criminal investigations and fueled concerns among some security experts that public disclosure of information collected from voting systems could be exploited by hackers and other people seeking to manipulate future elections.
Access to U.S. voting system software and other components is tightly regulated, and the government classifies those systems as “critical infrastructure.” The new batch of records shows for the first time how the files copied from election systems were distributed to people in multiple states.
Marilyn Marks, executive director of the nonprofit Coalition for Good Governance, which is one of the plaintiffs in the Georgia lawsuit, said the records appeared to show the files were handled recklessly. “The implications go far beyond Coffee County or Georgia,” Marks said.
In a statement to The Post, SullivanStrickler said the attorneys who hired the firm directed it “to contact county officials to obtain access to certain data” from Dominion Voting Systems machines in Georgia and Michigan.
“Likewise, the firm was directed by attorneys to distribute that data to certain individuals,” the statement said. The firm said that it “had [and has] no reason to believe that, as officers of the court, these attorneys would ask or direct SullivanStrickler to do anything either improper or illegal.”
Dominion Voting Systems has been the target of baseless claims from Trump, his advisers and allied news organizations that its machines were hacked and were programmed to flip votes from one candidate to another. The Colorado-based company has filed a host of defamation lawsuits over the statements.
Dominion declined to comment on ongoing investigations but in a statement said: “What is important is that nearly two years after the 2020 election, no credible evidence has ever been presented to any court or authority that voting machines did anything other than count votes accurately and reliably in all states.”
The Post reported on Aug. 15 that an earlier set of records released in response to the subpoena showed SullivanStrickler was hired in late November 2020 to conduct a multistate effort to copy software and other data from county election systems. The effort was more successful than previously known, accessing equipment in Georgia, Michigan and Nevada.
That same day, the Georgia Bureau of Investigation (GBI) opened “a computer trespass investigation” regarding an elections server in Coffee County, bureau spokeswoman Nelly Miles said. Under Georgia law, knowingly using a computer or network without authority and with the intention of deleting, altering or interfering with programs or data is computer trespass, a felony.
SullivanStrickler’s statement said the firm would be “fully cooperative” with investigators. “We are confident that it will quickly become apparent that we did nothing wrong and were operating in good faith at all times,” it said.
The new documents were disclosed after plaintiffs asked the forensics firm who had accessed the Georgia elections data that the firm had collected, according to two people familiar with the case, who spoke on the condition of anonymity to discuss the litigation. The plaintiffs also received copies of the raw elections systems data collected by SullivanStrickler in Georgia, but those were not among records reviewed by The Post.
The new records also inadvertently detailed the sharing of data the firm collected during a separate forensic examination in Antrim County, where a judge in December 2020 had granted access to elections systems in response to a lawsuit challenging the 2020 results. The lawsuit was eventually dismissed.
In the records turned over to the Georgia plaintiffs, some pages, and portions of others, were blacked out. However, the text beneath some of the blacked-out blocks became visible when a Post reporter copied and pasted it into a separate file, showing downloads of files labeled “Antrim.”
In Georgia, Gabriel Sterling, the interim chief of staff in the Secretary of State’s office, told The Post in a statement that wrongdoers would be prosecuted. The secretary is a defendant in the litigation that uncovered the new records. Miles, the GBI spokeswoman, said in emails that Georgia Secretary of State Brad Raffensperger’s office on Aug. 2 had asked the agency to join efforts to examine the alleged Coffee County breach.
“Any attempts to illegally access election systems in Georgia will not be tolerated — whether it is rogue election officials, conspiracy-theorist attorneys, or security consultants working for those conspiracy theorists,” Sterling said.
The records show that 10 people downloaded data collected from Georgia or Michigan between December 2020 and February 2021. They also show in more detail the role of Powell, the attorney who pushed false claims about voting machines in a flurry of swing-state lawsuits for Trump, as well as the role of Jesse Binnall, an outside counsel to the Trump campaign. Powell and Binnall signed engagement agreements authorizing SullivanStrickler to carry out “computer forensic collections,” the documents show.
A 16-page agreement signed by Binnall on Nov. 30, 2020, stated it covered data collection in Nevada, where Binnall had won a court order granting limited access to equipment, and in Georgia. The agreement said Binnall would pay SullivanStrickler $19,500 per day for a team of three people to work in Nevada, and listed potential fees for work in Georgia.
Powell did not respond to requests for comment. The newly released records do not show Binnall in discussions about Coffee County.
A legal adviser to the Trump campaign, who spoke on the condition of anonymity to discuss sensitive matters, said the campaign had not intended to contract the firm in Georgia. “To the extent Georgia was ever mentioned in the agreement, it was an error in wording that was missed because of substantial time pressure,” the person said.