Skip Navigation
Analysis

Hold Cyber Ninjas Accountable

The shady cybersecurity firm should be barred from federal contracts.

July 19, 2022

You’re read­ing The Brief­ing, Michael Wald­­­­­­­­­­­man’s weekly news­­­­­­­­­­­­­­­­­­­­­let­ter. Click here to receive it every week in your inbox.

As Congress’s invest­ig­a­tion shows, the attempt to subvert Amer­ican demo­cracy did not start on Janu­ary 6. It didn’t end then, either. 

Arizona voted for Joe Biden in 2020. But last year, in an effort to stir doubt about the result and about the elect­oral system as a whole, pro-Trump Repub­lic­ans in the Arizona Senate announced an “audit” of the elec­tion in Mari­copa County, which Biden carried by more than 45,000 votes. The legis­lature hired a Flor­ida-based secur­ity consultancy called Cyber Ninjas — amaz­ingly, not a pseud­onym — to conduct it.

Cyber Ninjas had no exper­i­ence audit­ing elec­tions. But the company’s CEO, Doug Logan, was spread­ing elec­tion misin­form­a­tion on social media and had links to prom­in­ent pro-Trump conspir­acy theor­ists. 

The Cyber Ninjas “audit” — quota­tion marks cannot express how little this thing resembled a legit­im­ate audit — was farcical from the outset. People pored over ballots look­ing for evid­ence of bamboo fibers. Aha! That would mean the ballots had really been sent from China, which must have been secretly rigging the elec­tion, no doubt with Italian intel­li­gence and Hugo Chavez. (Alas, no bamboo was found.) 

The company worked to keep its proced­ures secret. Cyber Ninjas tried to stop elec­tion secur­ity experts from witness­ing the process. Elec­tion docu­ments weren’t prop­erly protec­ted. Doors remained unlocked, and outsiders had easy access. The audit­ors didn’t even have the right color pens — blue and black ink, which are legible by machine tabu­lat­ors and can thus spoil a ballot, are supposed to be kept out of an audit­ing site. This is just a small sample of the many ways in which Cyber Ninjas demon­strated its incom­pet­ence. The audit cost millions of dollars. 

In Septem­ber 2021, after drag­ging the circus-like review on for months, Cyber Ninjas issued its conclu­sions. Guess what: Biden won, by more votes than first tallied. 

But the result of the audit wasn’t the point. The goal was to kick up dust, throw out innu­endo, and discredit elec­tions. The report was laced with nonsense. For example, Cyber Ninjas recom­men­ded that Arizona review more than 10,000 voters simply because each of them shared a name and birth year — not even birthday — with another voter in the system. In a state with 4 million registered voters, there’s noth­ing suspi­cious about that level of over­lap. 

When an Arizona state court ordered Cyber Ninjas to release public records, the company refused. It was assessed a $50,000-per-day fine, which even­tu­ally rose into the millions of dollars. The CEO shut Cyber Ninjas down.

This week, the Bren­nan Center and our part­ners All Voting Is Local Arizona, Arizona Demo­cracy Resource Center, Living United for Change Arizona, and Mi Familia Vota sent a letter to federal offi­cials request­ing that both Cyber Ninjas and Doug Logan be barred from federal govern­ment contracts for up to three years. 

Such bans are a power­ful tool for govern­ment account­ab­il­ity and ethics. Federal law states that a contractor is subject to the meas­ure if it receives a civil judg­ment for viol­at­ing the law. The refusal of Cyber Ninjas to divulge public docu­ments is in clear viol­a­tion of the legal stand­ards. Logan and his company also failed to meet the basic require­ments of compet­ence and respons­ib­il­ity. 

Expect elec­tion deniers to follow the same script in coming years. Spew doubt. Spin conspir­acy theor­ies. Hope the voters shrug about the whole thing. It’s crit­ic­ally import­ant that every­one — the Justice Depart­ment, Congress, and all of us — do what we can. Bad faith actors who under­mined our elec­tions and smeared our elec­tion offi­cials must be held to account. As Amer­ica moves to hold the pres­id­ent and his closest advisers respons­ible, let’s not forget the wider sphere of malefact­ors who suppor­ted him.