Updates to our Terms of Use

We are updating our Terms of Use. Please carefully review the updated Terms before proceeding to our website.

Wednesday, April 23, 2025

View Back issues

Maricopa County defends election data audit in court

County Recorder Justin Heap says he was shut out of the decision to share sensitive data with a third-party staffing company, which could lead to leaks of voter personal information.

PHOENIX (CN) — Maricopa County supervisors on Monday rejected suggestions that a third-party audit of election data could leak personal voter information in a growing legal feud over who in the county controls elections.

Five months after suing to determine whether he or the supervisors have control of the IT department and, through it, the administration of early voting, County Supervisor Justin Heap now asks a state judge to block an audit of the department that is designed to answer that very question.

“The recorder asked for this, and now he’s being shut out,” attorney James Rodgers said on Heap’s behalf in a Phoenix courtroom Monday afternoon. “The recorder’s being deprived of his duties.”

While Heap agrees that an audit is necessary, he says the board went behind his back and hired a third-party, The Intersect Group, to conduct the audit rather than do it in-house. Giving sensitive voter data to a third-party could enable hackers to access and alter voter information and potentially impact election outcomes, Heap argues.

“The recorder was not involved in any of the vetting, and we just heard testimony that TIG vetted itself, which is even more concerning,” Rodgers, of the America First Legal Foundation, told Maricopa County Judge Scott Blaney.

Defending the supervisors, Statecraft attorney Kory Langhofer said there’s no evidence that voter data is being affected.

Bryan Colby, chief information officer for the recorder’s office and a witness called in Monday’s evidentiary hearing, suggested that bad actors could hack into The Intersect Group’s systems and, through that access, the data that’s been shared with it. But when asked by Langhofer whether he has any reason to believe that it has happened or will happen soon, Colby said no.

“There’s no reason other than fantasy to assume these people aren’t gonna do their jobs right,” Langhofer reiterated in his closing argument.

Rodgers argued that, unlike most issues in civil court, his side doesn’t have to show harm or likelihood of harm when the defendant has committed a felony, which he says the supervisors did by sharing voter data with The Intersect Group. Rodgers argued that only government employees can legally access the data, and only the recorder or the secretary of state can share it with them.

Langhofer countered that any contractor hired by the government qualifies as a government employee for the purposes of that election law.

Employees of the recorder’s office say that third parties can disrupt voter data by means of “code bombing,” in which someone could hide malware and incorrect data within lines of correct code so that it’s difficult or impossible to discover. Colby testified that neither he nor the recorder could stop The Intersect Group employees from accessing voter data if they detected any mistakes or foul play. He said the supervisors never notified the recorder’s office before giving The Intersect Group access to the databases.

He added that he opposed a third-party audit, arguing that the elections department could conduct it in-house without delaying any other election processes. On cross-examination, Langhofer produced statements from other employees in the same office who said that a third-party audit was necessary because of how much data is involved.

“My team has enough of their own duties, and adding even more to their plate seemed problematic from a staffing position,” Nate Young, deputy chief information officer at the recorder’s office, said from the stand.

The databases in question have been under the control of the recorder historically, but a new shared services agreement signed by former Recorder Stephen Richer in 2024 shifted some responsibilities away from his office and to the board of supervisors. Though Heap pulled out of that agreement, he says the IT department is still under the board’s control, preventing him from carrying out certain duties, including administering early voting.

Young told the court that Heap still has access to the necessary data to perform his job and that The Intersect Group cannot alter any voter data on the backend. But Rodgers forced him to clarify that some data could be altered in some instances.

While the release of any voter’s personal information is worrisome, Heap says, he is notably concerned about voters in the state’s address confidentiality program, designed to protect victims of abuse as well as politicians and first responders who don’t want their addresses made public. But Young said personal information regarding those voters was already scrubbed before the databases were shared with The Intersect Group.

Blaney said he would rule as soon as possible on Heap’s emergency motion to block the audit, though he said he hopes the parties can come to an agreement on their own.

Categories / Courts, Elections, Government, Politics

Subscribe to our free newsletters

Our weekly newsletter Closing Arguments offers the latest about ongoing trials, major litigation and rulings in courthouses around the U.S. and the world, while the monthly Under the Lights dishes the legal dirt from Hollywood, sports, Big Tech and the arts.

Loading...