Washington Parents Network Complaint against Washington State for violating Federal Election Laws prohibiting online voting
January 8, 2025
To: Maureen Riordan, Voting Section Acting Chief
US Department of Justice - Voting Rights Division
950 Pennsylvania Avenue NW Washington DC 20530
RE: Complaint against Washington State election officials for violating Federal Election Laws prohibiting online voting
Sent PDF via email to:
Dear Ms Riordan,
The Washington Parents Network is a group of several thousand registered active voters in Washington state. While our primary goal is protecting the right of parents to raise their children, we recognize that this right can not be protected unless our right to fair elections is also protected.
Sadly, elections in Washington state are not currently fair due to a “quadruple whammy” of insecure election practices. First, as we described in our September 2025 complaint, in contrast to most states, that do not register non-citizens and make efforts to remove voters from the voter rolls when they move, Washington leads the nation in illegally registering non-citizens to vote. Washington also leads the nation in failure to remove voters who have moved from the voter rolls – leading to Washington state having the least accurate voter rolls in the nation.
While the national average for removing voters due to moving is about 30%, the rate in Washington state was only 6.5% in 2024.
This is over 100,000 less than expected. The failure to remove moved voters was most blatant in King County - Washington’s most populous county. King County should have removed about 30,000 moved voters in 2024. Instead, only 6001 moved voters were removed. The actual rate in King County was only one fifth what it should have been.
Second, in contrast to “in-person voting” which allows for In person verification of a voters identity, Washington is one of only 8 states that is a “Mail In Only” state. This means that ballots are mailed out “at least 18 days” before the election and are accepted up to 3 weeks after Election Day. Mail in “Ballot curing” (see below) is also allowed weeks after the election - making Washington Elections “Day” up to 6 weeks long. This problem is currently being reviewed by the US Supreme Court.
Mail In Only also means that there is no way to truly verify who actually filled out any particular ballot. Instead, the only measure used to verify the ID of the voter is their signature on the outside of the envelope in which they mail back their ballot.
The combination of Washington’s all-mail voting and extremely inaccurate voter rolls, leads to hundreds of thousands of “ballots” being mailed to “ghost” voters – or voters who are not actually eligible to vote. This massive number of bad ballots has lead to a contest on social media in Washington state to see who gets the most “ghost” ballots sent to them. The current record is a woman from Bellevue Washington (in King County) who received 16 ballots addressed to her apartment number with different names on them of either moved voters or non-citizen voters.
This massive number of ghost ballots leads to the third whammy which is the unreliable Mail in ballot signature verification process. Ballot signatures are reviewed by county election workers when ballots are received. Most often, the “official” signature is from the Department of Licensing (DOL) and is captured when a person applies for a Washington Drivers License – a process that currently does not require that the person be a US citizen (as we described in our September 2025 complaint).
If the voter’s signature does not match their signature on file with the state, or if their ballot envelope signature is missing, the ballot might be “challenged” by county election workers. The rate of rejected ballots varies significantly from county to county. For example, according to a 2025 report from the Washington Secretary of State, in the 2024 General Election, Adams county had a ballot rejection rate of 2.64% while Thurston County had a rejection rate of only 0.57%. In short, some counties have a signature rejection rate that is 5 times greater than other counties. See appendix B, page 51 at this link:
https://www.sos.wa.gov/sites/default/files/2025-02/2024%20Annual%20Elections%20Report.pdf
Because the rate of challenged signatures varies significantly from county to county, it is apparent that the signature verification process is not held to the same standard in different counties. Instead, while there are official state standards, the actual rejection of ballots appears to depend almost entirely on the opinion of individual election workers in each county.
Irrefutable Evidence of Voter Fraud on a Massive Scale
Despite the inaccuracy of Washington’s voter rolls and the massive number of ghost ballots mailed and the lack of consistency of rejected signatures, defenders of Washington’s voting system have repeatedly claimed that there is no evidence of voter fraud in our past elections. This claim is utterly false. In our previous complaint, we provided a mountain of evidence that Washington elections have suffered huge, statistically impossible shifts in voting results in recent years.
As just one example, in Washington, between 2016 to 2020, our voting age population increased by 5%. But the number of registered voters increased by 15% - three times the rate of population increase. This is clear evidence that hundreds of thousands of “ghost voters” were added to the voting rolls in Washington state from 2016 to 2020. Even more remarkable, an additional one million total ballots were counted in the 2020 Presidential Election (4 million ballots versus 3 million ballots) – an increase in Mail In ballots counted of 33% - despite a population increase of only 5% since 2016 – over six times the rate of population growth.
Our original complaint can be read at the following link: https://washingtonparentsnetwork.com/news/complaint-against-bob-ferguson-for-violating-federal-election-laws
This leads to an obvious question: How could the actual increase in the number of Presidential ballots in 2020 be more than six times the increase in state population?
The answer is that hundreds of thousands of “ghost ballots” (or ballots from non-citizens and people who had moved but were still on the voter rolls) were magically turned in by someone in the 2020 election. Clearly, just requiring signatures is not enough to stop voter fraud on a massive scale.
Illegal Online Mail In Ballot Curing
As bad as all of the above has been, the complete lack of security in Washington Elections has been made even worse by a recent change in the Washington vote verification process. The fourth and final whammy is that Washington state has recently allowed and continues to allow insecure online vote curing in violation of federal election laws. This insecure election process is being used in the most populous county in Washington state, King County, to automatically “cure” some - but not all - of the ballots whose signatures were challenged by election workers.
Historically, voters with a challenged ballot signature were sent a written notice through first-class mail from the county election office that their ballot signature could not be matched to the voter’s signature on file or was missing, and a formal written declaration was included with the notice allowing the the voter to sign with a valid signature in order to “cure” the ballot and have it counted. Ironically, the curing declaration is considered “valid” not if it matches the “official” signature – but rather if it matches the rejected signature on the ballot outer envelope!
Voters were allowed weeks to mail back or physically return these vote curing forms – meaning that the results of close elections might not be known for weeks. Thus, Election Day has turned into Election Month here in Washington state.
A September 2025 42 page study by the University of Washington of Mail In signature vote curing here in Washington during five primary and general elections between 2020 to 2024 concluded that “1.6 percent of ballots cast were challenged for a missing signature or a signature that did not match the signature on file.” Since the UW study analyzed a total of 24 million votes cast between the 2020 and 2024 Primary and General Elections, the total number of challenged ballots was about 384,000 ballots. Of these challenged ballots, about 70% suffered from signature mismatches and 30% did not have any signature at all.
In addition, the study found that “60 percent of ballots with signature challenges (missing signature or mismatched signature) have been cured.” This fact also means that 40% of ballots with signature challenges were ultimately rejected and not counted in the official results.
The study also found that non-white voters had substantially higher ballot rejection rates. “Black (1.3 percent), Hispanic (1.5 percent), and Asian (1.5 percent) voters experienced ballot rejection rates much higher than White voters (0.9 percent).” Also “The ballot curing rate for White voters is about 10 percentage points higher (60.1 percent) than for Black voters (51.5 percent), Hispanic voters (50.7 percent), or Asian voters (48.6 percent).
The study also found that younger voters were four times more likely to have ballots rejected due to signature mismatch than older voters. “Roughly 4 percent of ballots cast by voters 18 to 25 years old from 2020 to 2024 were rejected, compared to less than 1 percent of ballots cast by voters 66 or over”. (This could be due in part to the fact that younger voters are more likely to move than older voters).
Finally, the percent of cured ballots has risen significantly from 55% cured in the 2020 election to 67% cured in the 2024 election – a fact almost certainly due to online vote curing:
This new online voting system app currently being used in Washington state - called Omniballot - does not meet federal election system testing standards because it is inherently not secure and therefore violates federal election laws. The new process allows for the online curing of ballots. Online has never been secure. In the 2024 Primary, Omniballot was used by King County Elections to “cure thousands of mail in ballot signature challenges – tipping a statewide election to a candidate who would have lost were federal election laws followed. King County Elections operates the “Signature challenges” website at https://kingcounty.gov/en/dept/elections/how-to-vote/ballots/signature-challenges
“The fastest way to fix your signature challenge is to complete and return the Signature Resolution Form online. Login with your name and date of birth and follow the instructions. You can sign using your mouse, or with your finger on your device.”
Clicking on the above link from the King County Elections page takes the voter to this Omniballot page:
https://wa.omniballot.us/sites/53033/site/app/home
Omniballot is an online voting tool created and run by a corporate third party called Democracy Live, a for profit third-party company, that operates the OmniBallot website. Click on Submit your Signature Resolution form to see this screen at this URL:
https://wa.omniballot.us/sites/53033/site/app/signature-resolution/vr
All that is needed to complete the process is the voters first name, last name and birth date. If you lack this information, Omniballot also allows you to access a voters record merely by entering their address. Here is a link to a video showing this process:
https://x.com/i/status/1848229541002744149
You can reach this screen by clicking on this link:
https://wa.omniballot.us/sites/53033/site/app/ob/vr/wa/vr
Here you will see the following instructions:
Not registered to vote? If you are overseas or a uniformed service citizen, click here to register to vote and look up your ballot using your address.
Click on the above link to reach this page where you can look up ballots by their address:
https://wa.omniballot.us/sites/53033/site/app/ob/address
Here, as is shown in the video, you can enter the address of a fake voter and click Continue. You will then be asked to enter a first name and last name to go with the address:
Then click Continue. You will then see the following screen:
Click No. You will then see this screen:
Scroll down to see the entire official ballot. Pick out a few races. Then scroll to the bottom and click Continue. You will then be asked to review your selections. Scroll to the bottom and click Continue. Then click Download Ballot Packet.
You will then see a PDF file of the official ballot.
Not only online – but no signature even required!
In addition, the new online voting process does not require a valid signature. Instead, a person can provide the last four digits of their Social Security number. As of November 2023, a King County voter may complete and return a signature resolution form on the KCE website at https://kingcounty.gov/en/dept/elections/how-to-vote/ballots/signature-challenges using the Omniballot signature curing form submission tool.
If the ballot has been challenged for a signature mismatch, the voter may select an option for verifying their identity: signature, driver’s license or identicard number or the last 4 digits of their Social Security Number.
(The last 4 digits of a SSN is not secure verification of ID since that data is readily available on the Internet).
However, according to the National Public Data, a massive data breach including the Social Security numbers of nearly every American was hacked in April 2024 and the hack was disclosed in August 2024. The data leaked also includes full names, phone numbers, and current and past addresses. The total number of records breached is estimated to be 2.9 billion records, totaling 277GB of data. According to the nonprofit National Cybersecurity Alliance, it is likely “everyone with a Social Security number was impacted.” Already, Social Security numbers and other sensitive personal data are appearing on the dark web, ready for potential identity theft and other exploitation. See these articles:
https://www.foley.com/insights/publications/2024/08/national-public-data-hack-safeguard-identity-combat-fraud/
https://www.cnbc.com/2024/08/23/was-my-social-security-number-stolen-national-public-data-breach-questions.html
Even prior to this latest security breach, millions of social security numbers were available on the dark web. Massive data breaches are not new. A 2017 Equifax data breach was estimated to have affected half the U.S. population. In 2013, a Yahoo data breach may have hit all the company’s accounts, or a total of 3 billion people.
Omniballot Online vote curing – additional evidence of insecurity
Washington is one of 38 States that requires all election hardware and software comply with US Election Assistance Commission (EAC) standards, which were most recently revised in 2021.
WA Rev Code § 29A. 12.080 (2018) states:“No voting device shall be approved by the secretary of state unless it: (5) Except for functions or capabilities unique to this state, has been tested and certified by an independent testing authority designated by the United States election assistance commission.”
WAC 434-335-040 (2020) states: “No voting device or its component software may be certified by the secretary of state unless it…. (f) has been tested and approved by the appropriate independent testing authority approved by the United States election assistance commission…”
EAC standards prohibit use of wireless technologies and require direct physical security and control of all election equipment.
Omniballot has not been tested by a federally accredited laboratory and would not comply with the federal EAC standard even if it was tested. Therefore, Omniballot violates Washington state election law and should not be allowed to be used by King County Elections.
King County Elections use of Omniballot is done by renting server space on an Amazon server – a server system that has been hacked many times - does not qualify as direct physical security and control of the election hardware or software or voter data. King County Elections is also in violation of RCW 29A.60.165(4) which states: (4) An auditor who provides electronic means for submission of a ballot declaration signature shall establish appropriate privacy and security protocols that ensure that the information transmitted is received directly and securely by the auditor and is only used for the stated purposes of verifying the signature on the voter's ballot.
RCW 29A.60.165(4) uses the word “shall”. This means that the actions are required and not optional. This RCW requires two conditions to be meet. The first condition is that the information transmitted must be transmitted directly to the auditor. The second condition is that the information must be transmitted securely.
Regarding the first condition, the information is not transmitted directly to the auditor. King County Elections is NOT in “sole control” of the Amazon Virtual Private Server (also called an Instance). Amazon is also in control of the Instance and the third party provider of Omniballot called Democracy Live is also in control of the Instance. Thus, the Omniballot Online Vote Curing process is not secure. In fact, it is blatantly insecure.
King County Elections has claimed that Omniballot is “secure” because it uses a single tenant infrastructure so that KCE has a separate AWS environment. No other Democracy Live customers have access to KCE’s environment.
However, the “single tenant infrastructure is nothing more than a Virtual Private Server (also known as a VPS). A virtual private server is not an actual independent private server. The word “Virtual” means that it is not a real private server. It is just disc space on one of Amazon’s servers. Therefore, Amazon has access to the virtual private server and Democracy Live has access to the virtual private server. In addition, while no other Democracy Live customers might have access to the KCE’s disc space on the Amazon VPS, this statement dodges the real point that either Amazon or Democracy Live has access to this VPS. It also dodges the point that hackers can access the VPS. Here is a link to an Amazon web page that documents recent security problems with their servers:
https://aws.amazon.com/security/security-bulletins/?card-body.sort-by=item.additionalFields.bulletinId&card-body.sort-order=desc&awsf.bulletins-flag=flag%23important&awsf.bulletins-site-type=*all&awsf.bulletins-year=*all
Here are quotes from an article explaining in detail some of the recent large security breaches that have happened on AWS:
“The (AWS) breach impacted data related to over 100 million individuals in the Capital One breach alone, while the Pegasus Airlines breach exposed 6.5 terabytes of sensitive data, and the Uber breach affected 50 million passengers and 600,000 US driver records. The data exposed in the breaches included personal information such as names, dates of birth, social security numbers, credit card information, email addresses, phone numbers, drivers' licenses. “
How was AWS hacked?
“Hackers breached sensitive data by exploiting misconfigured Amazon S3 buckets, firewall misconfigurations, and vulnerabilities in AWS server configurations. In some cases, they installed malware or altered code to further compromise the affected systems. The breaches were often discovered by security firms or ethical hackers, prompting the affected companies to take action and secure their data.”
For more information on the AWS data breach, check out the following news articles:
Amazon Web Services (AWS) Data Breaches: Full Timeline Through 2023
High Profile AWS Breaches: Lessons To Be Learned
This security problem does not just affect Amazon Web Services – it affects all servers connected to the Internet – all of these millions of servers are under constant attack from hackers – which is why election data should never be connected to the Internet.
Proof that Omniballot is not certified by the US Election Assistance Commission
Here is a link to all voting systems that have been certified for security by the U.S. Election Assistance Commission:
https://www.eac.gov/voting-equipment/certified-voting-systems
Omniballot is not on the list and has never even applied to be on the list.
Here is a link to the EAC page on Election Security:
https://www.eac.gov/voters/election-security
Here is a link to their 6 page summary:
Here are some quotes from this summary:
“The purpose of the EAC’s national voluntary voting system certification program is to independently verify that voting systems comply with the functional capabilities, accessibility, and security requirements necessary to ensure the integrity and reliability of the systems. Industry experts, election officials, and federal agencies collaborate to develop certification standards in a transparent process. “
This guide outlines some of the many best practices election officials employ to secure voting systems through an election cycle.
Best practices election officials use to secure the computer include:
Never connecting it to the internet or other external network.
Here is a link to the EAC Guidelines page:
https://www.eac.gov/voting-equipment/voluntary-voting-system-guidelines
Voluntary Voting System Guidelines (VVSG) are a set of specifications and requirements against which voting systems can be tested to determine if they meet required standards. Some factors examined under these tests include basic functionality, accessibility, and security capabilities. While the Help America Vote Act (HAVA) mandates the EAC to develop and maintain these requirements, adhering to the VVSG is voluntary except in select states where it is required by their own state law.
On February 10, 2021, the EAC's Commissioners unanimously adopted the newest VVSG standard, version 2.0. In November and December of 2022, the VVSG 2.0 was fully ready to be used for testing with the accreditation of both Voting System Test Labs (VSTL) by the EAC to test to this new standard.
Here is a link to the 2021 standard:
https://www.eac.gov/news/2021/02/10/us-election-assistance-commission-adopts-new-voluntary-voting-system-guidelines-20
Here are quotes:
“As elections are decentralized throughout the country, the VVSG are the only set of uniform specifications and requirements against which voting systems can be tested to determine if the voting systems meet required standards. Some factors examined under these tests include basic functionality, accessibility, accuracy, reliability, and security capabilities. “
“The major updates included in the VVSG 2.0 are the following:”
“Improved cybersecurity requirements to secure voting and election management systems associated with the administration of elections.”
“Software independence”
“Requires systems to be air-gapped from other networks and disallows the use of wireless technologies”
“Physical security”
Note that the Omniballot process fails to comply with at least two conditions required for election security. The first condition is that wireless technologies, such as remote Amazon servers, are not allowed.
The second condition is physical security of the server. Obviously, King County Elections does not control the physical security of a remote Amazon server.
Here is a link to an 84 page PDF of which requirements are used by each of the 38 states that use the Election Assistance Commission standards. According to this 2023 document, Washington state requires that election equipment be tested by a “federally accredited laboratory.” All federally accredited laboratories require compliance with the new Election Assistance Standard. See page 81 of 84 which states:
“Requires testing by a federally accredited laboratory. WA requires that its voting systems are tested and certified by an EAC accredited independent testing authority, so long as its functions are in keeping with the unique requirements of the state.”
Since Omniballot has not been tested by a federally accredited laboratory and clearly would not comply with the federal EAC standard even if it was tested, Omniballot violated Washington state law and should not be allowed to be used by King County Elections.
Independent Experts also conclude that Omniballot Online Voting is not secure
Here is what independent security experts have stated about the Omniballot security problem: “OmniBallot’s design is overly simple, and ignores 30 years of research about building E2E-verifiable online voting. The voter’s identity and ballot choice are just sent to a server in Amazon’s cloud, which generates a ballot that officials can download. As a result, there’s no way for voters, officials, or Democracy Live to be sure votes aren’t modified,” J. Alex Halderman, professor of computer science and engineering at U-M and an author of the report, said”.
“The Omniballot online process causes your vote to be transmitted over the internet, or via networks attached to the internet, exposing the election to a critical risk that votes will be changed, at wide scale, without detection. “
“Discontinue online voting. No readily available defense can adequately mitigate the risks of OmniBallot’s electronic return mechanism.”
Halderman, J. Alex; Specter, M. A., Security Analysis of the Democracy Live Online Voting System, 2020
Recommendations from the Department of Homeland Security, the bipartisan findings of the Senate Intelligence Committee, and the consensus of the National Academies of Science, Engineering, and Medicine accord with the researchers’ assessment that returning ballots online constitutes a severe security risk.
On April 9, 2020, more than 60 scientists and election experts signed a letter to governors, secretaries of state and state election directors urging them to refrain from allowing the use of any internet voting system.
An Example of Online Signature Harvesting Harm to Washington Parents Networks Members
In the 2024 Washington State Primary, members of the Washington Parents Network, including myself, publicly supported Sue Pederson for Public Lands Commissioner as Sue supported Parents Rights. One of Sue’s opponents, Dave Upthegrove opposed Parents Rights. On August 6, 2024, the Election Night results showed that Sue Pederson was ahead of Dave Upthegrove by nearly 4000 votes in this “Top Two” primary election:
However, thanks in part to more than 2,000 Omniballot Online Ballot Signature cured in King County, Upthegrove was able to close the gap and win second place in this Top Two Primary by 51 votes:
On August 20, 2024, results certified by county canvassing boards showed Dave Upthegrove in second place, with a margin of only 51 votes (0.0027% of the total votes) over Sue Pederson.
On September 5, 2024, the Washington State Republican Party filed a lawsuit in Snohomish County Court. Here are quotes from this lawsuit:
“During the 2024 primary election, 2092 ballot signature affidavits were cured using the OmniBallot system in King County… But for King County’s illegal use of the OmniBallot system, Pederson would have advanced to the November 2024 general election… RCW 29A.60.165(4) requires that “an auditor who provides electronic means for submission of a ballot declaration signature shall establish appropriate privacy and security protocols that ensure that the information transmitted is received directly and securely by the auditor and is only used for the stated purposes of verifying the signature on the voter’s ballot.”
“Plaintiffs seek a declaration that the ballots cured using the OmniBallot system are invalid because the information transmitted by the voter is received and validated by a private for profit third party third-party prior to transmittal to the King County Auditor… Plaintiffs also seek declaratory judgment that the use of a private for profit company to receive and validate signatures is inconsistent with RCW 29A.60.165(4) and unlawful.”
Sadly, the lawsuit was dropped by the Republican Party after the 2024 General Election. Omniballot is still being used by King County Elections.
Federal Authority to Prohibit Online Voting
Under the Equal Protection Clause of the 14th Amendment, every voter has the right to have their vote counted equally and accurately. Every voter has the right to vote privately and anonymously, and know that their votes were counted as cast. Thus, a voter’s identity must be confirmed to ensure no one else votes in their name. This combination of privacy and identification is impossible with online internet voting technology. Remote electronic voting – including voting online via a web portal or a mobile phone app – has been analyzed and found insecure by virtually all cyber security experts for the past 20 years.
In-person, voter-verified paper ballots are the most secure way of voting. These paper ballots can be audited and recounted to confirm election results. In contrast, ballots cast via the internet cannot be meaningfully audited. Even if an election official prints an electronically received ballot, the voter never interacted with the printed copy and cannot verify it is correct, meaning the printout cannot reliably document voter intent.
No internet-connected system of any kind, let alone a voting system, is invulnerable to attack, whether the votes are transmitted by email, a web portal, or via a mobile app. Vulnerabilities include voter authentication attacks (forged voter credentials), malware on voters’ devices (malicious code hidden in apps or software updates) that can modify votes undetectably, denial of service attacks (slowing or crashing the system by overwhelming it with traffic or taking advantage of a bug), server penetration attacks (remote break-in and control of the election server) and spoofing attacks (directing voters to a fake voting website instead of the real one).
Federal authority over elections derives primarily from Article I, Section 4, Clause 1, of the U.S. Constitution, known as the Elections Clause, states, "The Times, Places and Manner of holding Elections for Senators and Representatives, shall be prescribed in each State by the Legislature thereof; but the Congress may at any time by Law make or alter such Regulations, except as to the Places of [choosing] Senators."
Thus, while states have primary responsibility for administering elections, the federal government maintains ultimate authority over elections, including guarding the safety and integrity of congressional elections. In particular, Congress has the authority to prevent unconstitutional voting discrimination or voter dilution in a state or local election. Congress's authority to legislate - and the US Department of Justice enforcement - regarding unfair election practices, derives not only from its Article I powers, but also from the Fourteenth and Fifteenth Amendments.
An April 2024 report by the U.S. Department of Justice states that they are “committed to ensuring full compliance with all federal laws regarding elections. This includes provisions of federal law that apply to methods of casting a ballot.” https://www.justice.gov/crt/media/1348591/dl?inline
Request that the US Department of Justice Investigate use of Online Voting in Washington state
Washington state allowance of online voting combined with inaccurate voter rolls and all mail in ballots renders our elections to be among the most insecure and illegal of any state in the nation. We ask the Department of Justice to investigate the concerns we raise in this complaint about online voting in Washington state and enforce federal election laws and the 14th Amendment to the US Constitution by requiring Washington state election officials, including Washington State Secretary of State, Steve Hobbs and King County Department of Elections Director, Julie Wise, not only to end the registration of non-citizens - but also to end online voting.
Thank you for your assistance in this important matter. For more information, please contact me via email.
Regards, David Spring M. Ed.
Director, Washington Parents Network
425-876-9149
6183 Evergreen Way, Ferndale, WA 98248