On June 16 2021, news appeared that an ongoing, disinformation-riddled “audit” of 2020 ballots from Arizona had been moved to a remote cabin in Montana for purported further “analysis”:
The "secured" Arizona ballots are now in a cabin in Montana.
WTF is going on?
— Don Winslow (@donwinslow) June 17, 2021
Early on June 17 2021, the same account — that of author Don Winslow — shared footage from a CNN segment reporting Arizona ballots, questioning “HOW Arizona ballots from the 2020 Presidential election have been transported to a cabin in rural Montana” and positing that the post-election process in Arizona posed a security threat to future elections:
Take four minutes and watch this and try to explain to me HOW Arizona ballots from the 2020 Presidential election have been transported to a cabin in rural Montana for "examination"
This shit is a preview of 2022 and 2024.
— Don Winslow (@donwinslow) June 17, 2021
In the clip, Ken Bennett, who was identified as a “spokesman” for the “audit,” told reportres that reported that Virginia-based company CyFIR LLC had taken custody of the voting data in an undisclosed location.
In the clip, Arizona Secretary of State Katie Hobbs addressed the “Montana” development as part of the Arizona “audit” efforts:
You can’t make this stuff up. If it wasn’t happening right in front of our eyes, we wouldn’t believe it was happening.
Later in the segment, Bennett was quoted as saying that there was “no deadline” for the completion of the purported analysis. At the end of the segment, CNN correspondent Gary Tuchman said that outside observers are “normally” invited to witness election recounts and audits, and that the Montana cabin “audit,” which does not appear to meet the standards of recounts or audits by any metric, was “stealthy” by comparison.
On June 3 2021, KECI-TV reported plans to transport Arizona voting data to Montana. That article mentioned Cyber Ninjas and its chief executive officer, who was the subject of a March 2021 Associated Press item reporting that he “appear[ed] to have posted sympathetically about election conspiracies in a now-deleted Twitter account.”
KPNX-TV also covered the Montana development on June 3 2021, with the headline “Arizona Audit: ‘Voting system data’ was sent to a ‘lab’ in Montana and we don’t know why.” That article began:
Another strange twist in the 2020 Maricopa County Election audit has brought us to a remote location in Montana, for reasons that aren’t abundantly clear at this point.
Meanwhile, KECI-TV explained:
Earlier this year , a judge ordered Maricopa County to hand over 2.1 million ballots from the 2020 general election to the Arizona state Senate, which is trying to prove unfounded claims of voter fraud there after President Joe Biden won the county by about 45,000 votes.
The Senate hired a cybersecurity firm called Cyber Ninjas to conduct its own audit after multiple others found no fraud. It also hired former Arizona Secretary of State Ken Bennett as its liaison.
Sophia Solis, deputy communications director for the Arizona secretary of state, said in an email that Cyber Ninjas doesn’t have any experience with election auditing.
Their reporting cited Arizona Republic reporter Jen Fifield, who began looking into the Montana audit site after visiting the Arizona Secretary of State’s website, and KECI-TV looked into the “Montana lab”:
“At this point in the audit, nothing really is surprising to me, because there’s been so many connections that have come up. The Senate has never told us the full list of contractors involved and the names of the people,” Fifield said. “And so it’s been like a puzzle trying to put everything together.”
Montana property records show the cabin is owned by CyTech’s CEO and CyFIR founder Ben Cotton.
So is the data being reviewed there?
We called Bennett, the Senate liaison, who confirmed the Montana lab mentioned on the SOS site is run by Cotton, but he didn’t know where in Montana it was located.
We searched the Arizona Secretary of State’s site for mentions of Montana, and located a page titled “Coliseum Observer Notes 2021.” It was prefaced:
The effort to hand-count the 2.1 million ballots cast in Maricopa County during the 2020 Presidential Election resumed on May 24 , after a weeklong pause. Observers on behalf of the Arizona Secretary of State’s Office continued to note problematic practices, changing policies, and security threats that have plagued this exercise from the start.
Please find a summary of both new and ongoing incidents noted by observers during the “audit” at the Coliseum beginning on May 24, 2021.
A section titled “Security Concerns” contained eleven observations about the manner in which Arizona’s audit was conducted, largely incidents during which the security of ballots could have been compromised:
Observation: On May 27, 2021, observers noted State Senator Wendy Rogers was on the counting floor and was provided a black pen to take notes by Cyber Ninjas. Pens with black and blue ink, which can be read by tabulators, are prohibited from being near ballots to ensure they cannot be used to alter the ballots. She also was writing on the white note paper that was provided to her and carried her cell phone in her back pocket, both violations of their own security measures.
Observation: On June 7, 2021, Senate Liaison Ken Bennett allowed Cyber Ninjas to remove multiple ballot boxes from the “Senate Cage,” a ballot storage area that only he and Audit Co-Chair Randy Pullen can access. Cyber Ninjas attorney Bryan Blehm told the observers that Ken Bennett was leaving for the night, and the ballots were removed from the more secure “Senate Cage” so inspections could continue without him.
Observation: Each day since June 7, 2021, Senate Liaison Ken Bennett has opened the “Senate Cage” to allow Cyber Ninjas to remove ballots from the “Senate Cage” and move the ballots to the other cages that people in any color t-shirt can access.
A section titled “Policy and/or Process Changes” described loose security throughout the process:
Observation: On May 24, 2021, Senate Liaison Ken Bennett was unable to identify the new person or entity leading the process, contributing to general confusion.
Observation: On June 4, 2021, observers noticed that employees are not following the published policies on suspicious ballot handling. This is a recurring issue. The policy states that they will be separated from their batch and put in a specific folder for separate review. Instead, employees kept them in their original boxes. Ballots that have been flagged for additional review are being mixed in with other ballots.
Observation: On June 9, 2021, observers saw the “draft” procedures being used to input data into a spreadsheet. Observers noted that the procedures being followed were not standard quality control procedures. Employees were re-entering the data from the tally sheets employees used during the initial review. The new spreadsheet was set up to flag any numbers that did not match. Instead of validating the original data, mismatched numbers were altered to match. This alarmed observers because tally sheets are marked using red or green pens. Access to both red and green pens and to tally sheets is readily available, creating opportunities for tally sheets to be altered after the initial review. This makes the “Retrospective Phase 1 Quality Control” unreliable.
“Montana” was mentioned twice on the page’s “Equipment Concerns” section, which began with the apparent sum of public knowledge regarding the forwarding of voting system data copies to “a lab in Montana”:
Observation: On May 24, 2021, Senate Liaison Ken Bennett confirmed that copies of voting system data was sent to a lab in Montana. He did not specify what security measures were in place, or what the lab in Montana will do with the data or how long it will be in possession of the copies.
A June 7 2021 Vice.com piece addressed the broader implications of the disorganized Arizona audit effort, specifically how it is already being used to undermine the democratic process and could weaken future elections and addressing the Montana development:
With each passing week, the GOP-backed audit of the 2.1 million ballots cast in Arizona’s Maricopa County sounds ever more farcical, as the Cyber Ninjas’ army searches, and searches, and searches, for irregularities. They’ve managed to ruin hundreds of voting machines in the process, and now they’ve apparently sent copies of voting data to a lab in remote Montana.
The bizarre, partisan undertaking can’t actually undo Donald Trump’s loss of the 2020 election, no matter what it finds. (He lost Arizona by a wafer-thin margin of 10,000 votes.) But it’s still a big cause for concern, because it’s fueling election conspiracy theories on the right and inspiring Republican officials in other states to plan their own copycat audits.
Vice addressed related conspiracy theories, reporting that former United States president Donald Trump was “fixated” on the Arizona audit effort. Specifically, Vice reported that the long-debunked “watermarked ballots” rumor influenced Cyber Ninjas’ analysis:
Meanwhile Trump is reportedly fixated on the Arizona audit and has been telling confidantes that he expects he’ll be reinstalled into the White House this August  —even though that’s absolutely not a thing that could happen.
The Cyber Ninjas auditors in Arizona have been checking out supposed leads that appear to be associated with the QAnon conspiracy theory.
For example, the widely-circulated QAnon-fueled rumor that Trump’s Department of Homeland Security secretly stamped real ballots with a watermark to lay a trap for Democrats, whose phony ballots would later be exposed. (None of this is true.) According to QAnon lore, this lines up with cryptic advice from Q, the cult’s anonymous online oracle, to “watch the water.”
The auditors started scanning the ballots with UV light, looking for watermarks. Until they didn’t find any… because the state didn’t put watermarks on the ballots.
On May 24 2021, “spokesman” for the Arizona 2020 election “audit” Ken Bennett confirmed that “copies of voting system data” had been sent to “a lab in Montana,” but Bennett could or would not specify what security measures were in place, or what the lab in Montana planned to do with the data, or how long it would be holding on to the copies.
On June 16 2021, CNN aired a segment on the transporting of Arizona voting data to Montana, bringing the issue to widespread notice. CNN’s attempts to locate a “lab” of any description using property records and aerial surveillance were not fruitful, and the scope of whatever people in Montana were doing to Arizona’s voting records was unclear.