By Kristine Christlieb, MFEI News & Commentary Editor

January 20, 2026

In a useful debate over the integrity of America's electronic voting infrastructure, former Michigan state Sen. Patrick Colbeck unleashed a scathing 56-page report last week, systematically dismantling claims made by Election Assistance Commission (EAC) Chairman Donald Palmer just weeks earlier.

The document, titled "The Security of Electronic Voting Systems in the U.S.: An Assessment of Election Assistance Commission Assertions," accuses the EAC of fostering a "circle of trust" riddled with conflicts, transparency gaps, and vulnerabilities that leave elections exposed to exploitation — despite Palmer's assurances to the contrary.

The exchange began on December 7, 2025, when Palmer emailed a group of election integrity advocates, including Colbeck, outlining what he described as key "facts" about the EAC's safeguards. In the message, Palmer emphasized the agency's rigorous oversight, stating: "EAC has reviewed the source code of every registered manufacturer and maintains the source code of every registered manufacturer and each system." He dismissed claims about a "universal key" or identical software across vendors, noting independent reviews by the Idaho National Lab (INL) and penetration testing that found no such flaws.

Palmer concluded: "The accredited labs and EAC have certified the trusted build of each of these systems. . . . The EAC would like to do even more and conduct regular independent vulnerability testing of all voting systems."

Colbeck, a cybersecurity expert and vocal critic of electronic voting machines since his time in the Michigan Senate, saw the email as an opportunity to go on the offensive. Funded by the Lindell Offense Fund — a nonprofit backed by MyPillow CEO Mike Lindell, a prominent election skeptic — Colbeck's comprehensive report is "the nuclear option" response to Palmer's email bullet points.

In his opening statement of purpose, Colbeck writes, "This assessment seeks to evaluate whether or not the current efforts of the EAC are sufficient to effectively mitigate the risks to the security of our election systems."

Colbeck goes on to argue that while Palmer touts source code reviews and "trusted builds," these measures fall short of critical infrastructure standards set by the Cybersecurity and Infrastructure Security Agency (CISA), which designated election systems as vital in 2017.

The report's core—Section 5, "Security Gaps" — spans 24 pages and dissects Palmer's claims across six subsections, from "Requirements Rigor" to "Lack of Transparency." Colbeck highlights "network, access control, and identity gaps" in the Voluntary Voting System Guidelines (VVSG 2.0), the EAC's technical blueprint, which he says ignores real-world threats like remote hacking or insider sabotage.

Colbeck cites CISA's own 2020 "Critical Infrastructure Security and Resilience Note," which mapped vulnerabilities across the election ecosystem and warned of potential exploitation consequences, including altered vote tallies.

In a particularly damning section on "Credential Management Rigor," Colbeck exposes "plain-text passwords, decryption keys, and generic EMS accounts" in certified systems, drawing parallels to the 2020 SolarWinds supply-chain hack.

Colbeck also levels broader accusations of "conflicted governance and revolving doors" in Section 5.5, "Circle of Trust." He points to vendors with foreign ties, questionable independence of Voting System Test Labs (VSTLs), and "corrupt or captured state and local officials" as compounding risks. "Opacity magnifies security risk under EAC watch," he writes, detailing FOIA obstructions and denied access to machines that hinder independent audits.

The report's climax comes in Section 6, the "EAC Assurance Assessment," where Colbeck methodically grades each of Palmer's assertions on a scale of effectiveness. Source code oversight?

Colbeck's recommendations are blunt: Decertify non-compliant systems, mandate paper ballots as backups, and overhaul EAC governance to eliminate vendor influence. "The compound risk to systems under EAC watch demands immediate action," he concludes, urging Congress to reject half-measures like the proposed NDAA expansions without full funding.

Keep in mind, Palmer has years of election experience. He was nominated by President Trump and unanimously confirmed to serve on the EAC. According to his official EAC bio, Palmer "instituted a standards development and testing process to establish security, functionality, and accessibility standards for electronic poll books, part of a larger EAC testing program."

Patrice Johnson, founder and chair of Michigan Fair Elections is calling the exchange healthy and important. "We are modeling, in real time, how to assess systems and how to present findings comprehensively and with professionalism," she told MFEI News & Commentary. "I'm delighted to see this debate."

Colbeck's report is technical but accessible for readers motivated to learn more about election security. Because of how it is organized, one can dip in and out at various points of interest.

As the 2026 midterms loom, Colbeck's tome — already circulating on X and conservative outlets — could fuel renewed battles over voting tech. With billions in public funds at stake and public trust hanging by a thread, the question remains: Will Palmer's "facts" hold up, or does Colbeck's deep dive expose fractures too wide to ignore?

Palmer and the EAC have not yet responded to the report.