18 hours ago July 11, 2025Vicki Kline

The Konnech Investigation Part 2: Awareness Without Accountability

Closed Investigation – KORA Request Shared

by Victoria Kline

Integrity Intercept: Eyes on the Truth #20:

July 11, 2025

Now that the Election Investigation has concluded and we (hopefully) have access to the requested information, we can evaluate what was received and address key elements of the investigation. These elements were clearly used to dislodge a popular sheriff, and it’s time to bring them into focus. (Use of the name in the company will be stated as BLANK).

For context, here’s a previous article I wrote that reviews many aspects of the investigation. (1) This is part two (long overdue) of a continuation from another article I wrote in which I highlighted China’s latest attempts to infiltrate our information highways through DeepSeek, an AI program touted as revolutionary. (2)

The purpose of that article was to expose the risks of partnering with China in technology and information sharing – an unwise decision on many levels.

Various articles about the BLANK or election investigations have offered differing reasons for why they were launched. (3)

While complaints from poll workers and voters were documented, the actual investigation had little to do with these issues. Instead, it focused on cyber security concerns.

Complaints—ranging from voter roll discrepancies to machine errors—were frequently dismissed as human error by the Election Office. To ensure these concerns were documented, I encouraged individuals to submit notarized affidavits to the Sheriff’s Office. The aim wasn’t to implicate anyone, but rather to identify consistent patterns across polling locations or cities. I’m personally aware of at least three individuals who reported that their votes were altered while using voting machines, yet none of them filed affidavits. Ultimately, the investigation focused on cybersecurity, not these specific complaints.

Kansas Journalists covering the Election Investigation noted that L.A. County dismissed the case against the owner of the BLANK even compensated him with what some may call, “we are sorry money”. This made the BLANK aspect of the investigation appear frivolous. Yet, after the 2020 election, a series of events raised red flags – not partisan concerns, but genuine issues of sloppiness that warranted attention.

This article will outline the evidence revealed through Kansas Open Records Act (KORA) requests and conclude—later in the series—with the red flags that emerged even before the election investigation began. These concerns underscore the importance of transparency and accountability in safeguarding our electoral processes.

Part 2 was delayed, in part, due to a KORA request submitted to the Sheriff’s Office, which is now under new leadership. The office provided notes from the Investigative Detective, but the legibility and formatting raised concerns. While images of these notes were also shared, it’s important to note that the handwritten materials submitted may not directly reflect the original content as documented in the images. Cross-checking was required to ensure accuracy and clarity before including them in our reporting.

1. Case number 22003766.001

A formal request for Information sent to L.A. County for Information Documentation.

Character of the case: Theft by Deception: Value over 100,000 (21-5801. a.2.b.1)

Executive Order 13873

As early as April of 2022, concerned residents of Johnson County, Kansas brought forth complaints to the Johnson County Sheriff’s Office concerning the safety and security of our election software and advised they believed some of the software utilized by the Election Office was compromised by a company called BLANK, allegedly headquartered in China.

Detectives with the Johnson County, KS Sheriff’s Office began conducting a preliminary Investigation into BLANK and its potential ties to the Chinese Communist Party, as well as its contractual obligations to Johnson County, KS and our election management system. Numerous documents pertaining to Johnson County usage of Konnech were obtained by Detectives from Thad Snider who had received them via a KORA request submitted to Johnson County.

On 10/20/2022, I (Detective Kevin Cronister) submitted a formal request for information to the Los Angeles County, CA District Attorney’s Office stating the following. Johnson County, KS Sheriff’s Office is respectfully requesting any information pertaining to the alleged data breach involving (blacked out on KORA request believed to be Konnech) which is specific to Johnson County, KS or that would be beneficial to our investigation into the activities and its contractual obligations related to the use of PollChief software by Johnson County, KS Election Office under case #22003700.

The first document: was a PDF file titled “BOCC Minutes 7-27-2017”. This document contained a Consent Agenda Item #2 which stated the Board of County Commissioners (BOCC weld “consider authorizing an exception to competition, approving an amended contract with BLANK, in an amount not to exceed $174,400 for PollChief, an election management system, and transferring $24,400 from the Election Offices’ equipment reserve fund to the Election Management Systems project (215000016)”. The Consent Agenda was approved with six commissioners in favor and zero opposed. Commissioner Osterhaus moved to approve and Commissioner’s Shaffer, Allen, Klika, Osterhaus, Ashcraft and Eilert voted “aye”.

The second document: was titled “Briefing Sheet 7-27-2017” and is a document from Ronnie Metsker, Former Elections Commissioner to Hannes Zacharias, Former County Manager, and the BOCC. The document is information related to the above-mentioned Consent Agenda Item #2. It provides background on the reason for the Proposed Consent Agenda Items #2 and states Johnson County began utilizing Poll Chief, a solution to manage election workers and polling locations offered by Konnech, Inc., in early 2016. It went on to state the initial contract amount was established at $91,000. Upon implementation of Konnech’s software, Poll Chief, it was discovered the Election Office would need numerous customizations to fit the needs of their department for the August and November 2016 elections. The new contract total amounted to $124,400. The Election Office sought an additional $50,000 for contingencies of the life of the contract, which was to last five years. This brought the total to $174,400. It went on to the list alternatives for the BOCC and a suggested motion to be used by the Commissioner putting forth the agenda item.

The third document: was titled “BLANK Invoice Register Snider KORA 10-10-2022” which shows a list of invoices beginning in May of 2016 and ending in May of 2022 between the amounts of $800 to $45,500 for updates, additions to software, and annual contract renewals. The last contract renewal was on May 20, 2022, for the amount of $36,111.29.

The fourth document: was titled “BLANK JoCo Invoices 2016 to October 2022 shows a PDF, scanned copy of every invoice sent from BLANK to Johnson County. It also lists the following modules or updates included in the version of Poll Chief utilized by the Election Office. It should be noted, if compromised, the data input into these modules would subject to breach by a third-party actor:

  • PWMS – Poll Worker Management
  • PRTL – Poll Worker Portal
  • PAMS – Asset Management
  • PHDS – Help Desk / Call Center
  • Site Survey App
  • Training Attendance
  • Work Attendance
  • Asset Check-In/Check-Out
  • Help Desk App

Additional Customization and Functional Enhancements:

  • Addition of a Special Instructions field to building profiles
  • Creation of dynamic labels in communications (letters/emails) referencing Special Instructions
  • Addition of drop-off locations
  • Receipt generation for polling place deliveries
  • Driver photograph delivery storage point within the Assets App
  • Mapping radius selector on map interface.

Change Order Dated March 31, 2017:

  • Configured to prevent “no-show” workers from entering payroll
  • Enabled instant payroll processing for attended workers, with manual override capability.
  • Included a Compensation section potentially containing sensitive payment data for poll workers.

It should be noted: a “compensation” section which would potentially include private information regarding payment of poll workers. Another set of concerning data if compromised is a “mapping radius selector on map”

Additionally, we (JoCo Sheriff’s Dept) are respectfully requesting the ability to speak with your Investigating Officer and any forensic examiner who observed or discovered data specific to Johnson County, KS on the servers or devices or storage mechanisms seized during the execution of the search warrant, in the State of Michigan. 

It is vital for the integrity of our upcoming November election that we are in possession of all information and data relevant to the security of our election managment systems and the potential vulnerabilities or breaches hich have already occurred.

He continues, (Det. Cronister) “Thank you for your time and attention to this matter. Following receipt of my letter, he advised he would be “overnighting” a thumb drive containing all reports and the raw data.

Note: (The entire raid on the Michigan office also pictures of what was taken and the reports are on X.) (4) Per the article on BLANK and the pictures provided in the article, the machines they picked up were showing the information was going to China. 

A fifth document simply listed invoices paid and the amounts.

A sixth document: titled “Poll Chief InformatalRFP” listed the system functionality and costs of other vendors competing with Konnech for the contract with Johnson County.

A seventh document: was the “License Management and Support Agreement” between JoCo Kansas Election Office and BLANK. This document lists the contractual obligations between the two parties. Specifically, on page 5 under section 9, it lists “Confidentiality and CLIENT data”. It advises BLANK will have access to “certain records, data, or information that includes the names, addresses, telephone numbers, or other confidentail or private informaton pertaining to” JoCo’s telephone numbers, other confidential or private information pertaining to “JoCo election operations. BLANK agrees theiy do not have any claim over the data and it will not be “released, shared, distributed, or exchanged with any other person or entity”. Later a section states, “BLANK agrees and understands that voter registration records are confidentail and BLANK hereby agrees that these recordsd will not be used for any other purpose that those specified in the Agreement. Neither Konnech nor the system shall have access to voter registration records for any reason.” Additionally, on page 21 under secton 40 there is a section on subcontracting. The agreement states that BLANK is required to obtain prior written approval from JoCO before it outsources any work or subcontracts any of the services mentioned in the agreement. BLANK also agrees to having no conflict of interest, actual or perceived. It should be noted, the alleged breach of JoCO data was incurred by BLANK allegedly outsourinc all of their work to a third-party company located in China. The owner had multiple interests in companies that are soley in China.  BLANK will provide the client notification within 24 hours if there was any data breach. As of 10/19/2022. There had not been notification of breach of data. (Which there clearly was). 

2. Between the dates of Tuesday 10/18/2022 to Wednesday 10/26/2022, I (Det. Cronister) received four separate email correspondences from Bill Nixon of DTL. (CIO, Department of Technology and Innovation at Johnson County, KS Government)

His final email is titled “Poll Chief Research” and comprised of four PDF documents and two Google Chrome browser-based links. In the email, Nixon states he attached a sample screen of what poll worker data can be collected, a count of what is populated as of 10/11, a document with the PollChief modules used by Johnson County, KS, the domain history of the two websites that provides to Johnson County, KS, and the results from a “MS-ISAC/EI-ISAC Malicious Code Analysis Platform (MCAP) powered by ‘The Threat Grid.’

Nixon advised, “MCAP allows users to submit suspicious links and files in a controlled and non-public environment. The platform facilitates the collection of a large amount of malware intel from its indicator search, passive DNS, statistics, and indicator feed sections. Both jocoportal.org (Voter Portal) and vote4joco.org (Admin Portal) had no anti-virus indicators (good) and a Threat Score of 63, consistent with other public web sites. The detailed Behavioral Indicators were consistent with websites using similar back-end technology. 

Nixon also ran a simple analysis using “nmap there was nothing unusual noted and both addresses were only open to web-based traffic on standard ports 80 and 443, with the port 80 redirecting to secure port 443 per best practices. Use of either site did not trigger any of the Johnson County end point detection, firewall, or network tool malware or similar alerts.

I also reviewed the client-side JavaScript code and didn’t detect anything malicious and saw some additional encryption implemented to protect passwords. This is the limit of what can be done without access to the internal environment.”

Det. Cronister wrote “It is clear to me that (what I saw) breached the County’s contract, however, I did not see any evidence of malicious or intentional behavior by their software.” Given the lack of integration with Johnson County financial systems, state voter system, and Johnson County election machines, I believe the biggest risk is to our poll workers and exposure of PII, specifically Driver’s License, to a 3rd party not authorized by Johnson County but authorized by this email which was sent on 10/18/2022.

“The second email contains a background search conducted by Nixon on the forensic examiner used by LA County to examine the data and hardware seized from the search warrant conducted on Headquarters in Michigan. Nixon stated he wanted to check on the examiner’s credentials since he is playing such a large role in the investigation. The email included nine attachments comprised of five Microsoft Word Documents and four PDF Documents.”

Nixon stated, “He has some great technical background,and I don’t question his technical credentials.” This email was also sent on 10/18/2022.

“The third email followed a telephone conversation between me (DC) and Nixon. During the call, Nixon advised he had located a large number of social security numbers, in addition to the original driver’s license data, which could have been compromised and stored in China. In the review of the internal database, which was placed under DTT’s control and placed on Johnson County servers, Nixon located 1,319 poll workers with SSN’s or DL’s information. Of the 1,319 poll workers, 828 had only DL information, 763 had only SSN, and 272 had both.”

No one denies the above information that Bill Nixon provided to the Sheriff’s office because the County itself put out this information over the breach and said they addressed it “This afternoon, on Oct. 21, Johnson County transferred the PollChief election worker management system from BLANK Inc., to servers under Johnson County Government’s exclusive control.” (4)

Clearly, there was a problem with data and a breach. Yet, the county wanted to assuage anyone’s fears by noting that PollChief was collecting data of election workers and not election information. This has nothing to do with having access to poll workers’ personal information which has the potential to hold someone hostage by accessing bank accounts, personal information about your job, family, etc. Any nefarious actor can manipulate the information.  

• Det. Cronister on October 24, 2022, said he spoke to Harry Haury, CEO of Cain and Associates (See article on history of HAVA with Harry Haury) (5) 

• On 10/25/2022, Harry Haury informed me (DC) he was no longer working with LA County, and he would happily provide me with his copy of the raw data sets, as well as his forensic reports summarizing their findings. He indicated there were only 200/0 of the way done examining the data and advised I could potentially finish examining the data here in Johnson County or could retain his examiners to conduct the examination on our behalf. He received the formal request necessary from the Sheriff’s Office. This involved information on storage data or transfer data, forensic reports regarding the direct transfer of data from and to third party companies and any evidence pertaining to Johnson County data being stored or transferred. Additionally, requesting they could speak to the forensic examiners who observed or discovered data specific to Johnson County. 

3. Looking back to April 2022 when concerned citizens brought to the Sheriff’s Office information that began a preliminary investigation before opening the Election investigation. The concern was software (blanked out in the investigation KORA request.)

• Yet, documents contain the Board of County Commissioners’ minutes approval of a contract, invoice history and budgetary documentation behind payments. 

 Exhibit A of the documents they had PollChief Software breached especially Poll Worker Recruiting and Training Link (PRTL) which can give one access to a Poll worker’s pay records.

Exhibit C of the document a section titled “Hosting Service”. This lays out where to host all of the Johnson County data and that it will host to a server of the Microsoft Azure Government Cloud and a backup server in Metro Datacenter (1800 N. Grand River Ave, Lansing, MI 48906). It states Datacenter is “highly secure.” 

 Exhibit E lists Diagrams of the rooms in which polling places will be set up, photographs of the polling place, and the ability to track all election workers or potential election workers, ability for workers to log in independently, ability to export payroll into Oracle Business System, ability to store scanned documents. 

• PollChief allows store data regarding the following: Barcode serial number of all voting machines. Voting machines location in the warehouse. What maintenance has been completed on the voting machine and when tracking of machines to and from the polling site and some “reporting functions” of the machine. 

• The contract states unequivocally they “use no 3rd party vendors”. 

• Summary, KORA requested documents were denied “utilizing any 3rd party vendor” who had access to large amounts of personal data such as addresses, photographs, payroll information through the ability to export payroll into the Oracle business system, voting machine serial numbers and barcodes, locations and voting machines, the ability to track the machines via “reporting functions” as well as driver’s license, phone number, and email addresses. 

 

4. Independent forensic investigators utilized open-source intelligence to determine the IP addresses connected to PollChief, as well as the network (CSN 4837) linked to (Blank) resolved back to China Unicom and a server in Wuhan, China. 

• Det. Cronister was advised that the software was poorly written and was open to being accessed by others. On this server, the investigators stated they observed “everything” about Johnson County elections, to include voter data, election worker data, locations of election offices and drop boxes, schematics of buildings, and mapping of the devices in those buildings. 

• The information included bank information, children’s information, social security numbers of Johnson County residents were compromised and located on the server. This information was shared publicly at an event called, “The Pit.” An election integrity watchdog group. 

• 4 to 6 months later after Johnson County received information about this, L.A. County District Attorney’s Office issued an arrest warrant for, the CEO, relating to charges he sent and stored confidential personal data with a third-party company located in China. 

• The original complaint in L.A. County indicates eight “overt acts” committed by and his “co-conspirators” who are unnamed. (Penal Code Section 182 (a)(1) and a single act committed by related to Count 2 (Grand Theft By embezzlement of Public Funds, Penal Code section 503 and 514) (6)

• The original criminal complaint of public funds $2,645,000 by entering into a contract with the knowledge and intent of not following the requirements set forth by L.A. County, CA. 

• Finally, Detective Cronister contacted Los Angeles County Assistant District Attorney, Eric Neff, in charge of prosecuting the case, as well as Harry Haury, CEO of the cyber security firm, who at the time oversaw conducting the forensic examination of Los Angeles, CA. They could only provide Det. Cronister, with basic information regarding the data specific to Johnson County, KS, as their investigation is ongoing, and California law prohibits them from disclosing detailed information. AND YET, both individuals confirmed that EVERY customer of software, Johnson County, KS, included, is a victim of a “Type II Data Breach” as understood by the United States Department of Justice for PollChief were sent to China, actors in China had “super user” access, which is indicative of the ability to manipulate the system in an way they choose, and there had been direct transfers of specific Johnson County confidential data from and to China. 

While the U.S. Department of Justice does not formally classify breaches as “Type I” or “Type II,” this terminology is sometimes used in cybersecurity or legal discussions to distinguish between internal and external threats. For the purposes of this article, “Type II Data Breach” refers to unauthorized access or transmission of sensitive election-related data by an external entity—often involving a third party or foreign actor.This classification aligns with DOJ’s broader breach response definitions, which emphasize unauthorized disclosure, loss of control, or compromise of personally identifiable information (PII) or other sensitive data. The full DOJ breach response guidance is available (9)

5. Harry Haury informed JOCO Sheriff’s Department that “lost all control of the data” to China and there is potential each user who logs onto the browser hosting 011 Chiefs website could have injected malware into the system capable of compromising other Johnson County systems to which the computer was connected. 

6. Eventually Eric Neff said that during an interview with District Attorney’s Office Investigator, admitted to “sending all of the data” to China because it was “cheaper.” He stated he OUTSOURCED all of his work to (BLANK) China, and it was later discovered. The company is not responsible for physical work on the PollChief software. All of Johnson County’s confidential data was sent to China via unsecured Chinese Applications.

• Neff told Det. Cronister that he would give him the investigator to secure all reports and place them into evidence. He also indicated an employee who currently remains unnamed, came forward to provide evidence and corroborate all admissions. 

• It should be noted that the Federal Communications Commission (FCC has designated China Telecom, China Unicom, China Mobile, and Huawei as “national security threats.”  These companies are registered through a company called Jinhua Hongzheng Technology, which started July 31, 2015,and utilized email addresses. They also provided “electronic voting systems” to China’s National People’s Congress. 

• Based on cyber security knowledge, and the applicable laws surrounding data storage and transfer, Harry Haury, the CEO of the cyber security firm examining the seized data on behalf of L.A. County, advised Det. Cronister that any software in the United States is a direct violation of Executive Order 13873 issued by President Trump. (7)

7. A formal request sent to Director Marc Beaart, the Director of Fraud and Corruption for the Los Angeles County, CA District Attorney’s Office, he assured Det. Cronister would arrive in due time. Johnson County would receive the entirety of the data specific to Johnson County, Kansas located on the (blank) servers seized in their search warrant. He stated they were setting up a “clearinghouse” that would reach out to each county and provide them with their data. As of 12/21/2023, multiple emails have been exchanged but no response. (Note one year later). 

This Election investigation series is still unfolding, and the materials presented thus far represent only about half of the documentation received through KORA requests. In Part Three of this series, we will examine additional evidence—much of which has never been publicly shared or widely known.

Back in October 2022, once Los Angeles County reached an agreement with the CEO, the flow of information ceased. What followed was a prolonged waiting period, hoping our District Attorney would request server data directly from the L.A. District Attorney’s Office—rather than relying solely on the Detective.

That said, it has become increasingly apparent that Eric Neff may have violated Executive Order 13873, while the CEO avoided accountability for actions seemingly authorized by Neff. Still, the circumstances surrounding this shift do not pass the “smell test,” as noted by Federalist journalist, Margot Cleveland. (8) 

1. https://freestatenews.net/citizen-journalists/integrity-intercept-eyes-on-the-truth/if-the-truth-be-told-sheriff-calvin-hayden-is-a-great-public-servant-now-about-that-konnech-investigation/

2. https://freestatenews.net/local-issues/is-your-china-chippeddeepseek-on-the-downlow/ 

3. https://johnsoncountypost.com/2025/02/06/johnson-county-election-investigation-volunteer-252650/ 

4. https://www.jocogov.org/newsroom/update-johnson-countys-use-pollchief-oct-21 

5. https://freestatenews.net/local-issues/constitutional-amendment-hava/ 

6. https://x.com/yehuda_miller/status/1807457227952803941

7. https://trumpwhitehouse.archives.gov/presidential-actions/executive-order-securing-information-communications-technology-services-supply-chain/#:~:text=a)%20The%20following%20actions%20are,agencies)%2C%20has%20determined%20that: 

8. https://thefederalist.com/2024/04/17/prosecutor-california-da-dropped-bombshell-election-data-case-because-it-might-help-trump/

9. https://www.justicegov/jmd/642821/dl

Leave a Reply

Your email address will not be published. Required fields are marked *