At a LaRose campaign stop in March 2024, CCVO personally spoke with the Secretary about the CISA advisory and asked if he was concerned about the Dominion machines in Ohio having security issues. He responded that the Georgia Dominion machines were a different configuration from what we have in Ohio and provided a point of contact (POC) within the SOS Public Integrity Division Director if we had further questions.

 

​Although the SoS's POC responded to our inquiries, he often evaded answering our direct questions, instead giving  talking points that emphasized how safe the machines are in Ohio and why we can trust them. When pressed about providing CCVO proof that no machine in Ohio contained wireless modems, he was unable to provide a copy of the report from the Voting System Testing Laboratory (VSTL) that supposedly performed the testing and instead told us to contact the VSTL directly. The VSTL however told us that they could not provide a copy of the report because the vendor (Dominion) owned it since they paid for it and then sent us back to the SOS Public Integrity Division for a copy. In his last email to CCVO, the POC said that he would forward our request to the SOS Public Records Request office who would get back with CCVO "shortly." Nearly a year later, CCVO finally received a response that the test report couldn't be released for "security" reasons.

​

From: Enlow, Seth <senlow@OhioSOS.Gov> 
Sent: Wednesday, February 12, 2025 12:02 PM
To: Thomas Connors <tconnors@warnermendenhall.com>
Cc: Obhof, Larry <lobhof@OhioSOS.Gov>; Merriman, Lisa <lmerriman@OhioSOS.Gov>
Subject: Records Request-Follow Up, Public Records Request 24-297 Response

​

Good afternoon, Tom,

​

This email responds to the first part of your clients’, Tim Stechschulte and Tom Howard, public records request dated November 7, 2024, in which they asked for the following:

“the “Ohio Wireless VSTL Report” for every voting machine certified for use in Ohio. At a minimum, we are requesting the reports for the following ES&S and Dominion voting machines:

​

      1. ES&S proprietary Precinct Count Tabulators (DS200) and proprietary Central Count Scanners & Tabulators           (DS450 and DS850).

      1. EVS 6.0.2.0 certified by SLI on 10/23/2023 (originally 01/09/2019)*

       2. EVS 6.0.4.0 certified by SLI on 10/23/2023 (originally on 05/10/2019)*

       3. EVS 6.1.1.0 certified by Pro V&V on 08/07/2020

       4. EVS 6.2.0.0 certified by Pro V&V on 01/05/2022

       5. EVS 6.3.0.0 certified by Pro V&V 0n 12/20/2022 

       2. Dominion proprietary Image Cast Precinct Optical Scanners (ICP 320A*, 320C, 330A,410A).

       1. Democracy Suite 5.5 certified by Pro V&V on 10/23/2023 (originally on 10/05/2018)

       2. Democracy Suite 5.5D certified by Pro V&V on 06/15/2022

       3. Democracy Suite 5.17 certified by Pro V&V on 03/28/2023”

​

The Secretary appreciates your clients’ concerns about election integrity. Indeed, this office is focused on ensuring that our elections are secure. However, as we have previously discussed by phone, we must deny this request because the records sought are security records under the Public Records Act, R.C. 149.433(A)(1). 

The U.S. Department of Homeland Security has designated Elections Infrastructure as Critical Infrastructure. Critical Infrastructure is defined as “[s]ystems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.” 42 U.S.C. §5195c(e). The records requested relate to cybersecurity testing required by the Ohio Board of Voting Machine Examiners (“BVME”) of voting systems ensuring the systems do not connect to the internet. Previous records released by our office demonstrate the BVME’s review of these records and approval of the use of such system in Ohio. However, the detailed records that your clients request contain information about the voting systems configurations and components. 

​

Ohio public records law recognizes the need to protect such critical security records. Specifically, such records “contain information directly used for protecting or maintaining the security of a public office against attack, interference, or sabotage.” R.C. 149.433(A)(1). Disclosing this information about the voting systems configurations and their components could compromise the security of public offices, the election processes, and put election officials at risk. As the Ohio Supreme Court emphasized in Welsh-Huggins v. Jefferson Cty. Prosecutor’s Office, 163 Ohio St. 3d 337, 2020-Ohio-5371, records that clearly relate to maintaining security are exempt from disclosure under the public records law to safeguard public interests and operational integrity. Since these are security records, “they are not public records, and the public office would not be required to release or disclose redacted versions pursuant to R.C. 149.433(B)(1).” State ex rel. Cincinnati Enquirer v. Wilson, Slip Op. No. 2022-0425, 2024-Ohio-182, ¶ 39.

​

In addition, on January 21, 2025, you sent us a revision of a previous request, you requested, “documents regarding the testing methodology used to ensure that election computer equipment is not connected to the internet. This would include documents related to determining whether there are wireless devices in such equipment or in other equipment with which it is networked. It would also include documents relating to determining security settings in relevant software, such as firewalls or databases.”

In response to this request, please see the ohiorequirementsmatrix.pdf and I have attached Ohio Secretary of State VSTL Test Lab Wireless Testing Requirements.

We are interested in continuing to work with you. Please advise if your client would like to revise any of his previous requests.

​

Thank you,

​

​Seth Enlow | Senior Legal Counsel
Office of the Ohio Secretary of State

​

​

​