Please see the Election Integrity Homepage for complete coverage and the latest news.
There are generally just a few real take-away nuggets of information from an witness' testimony that can be summed up fairly succinctly. In the case of Dr. Ryan, I think the most important nuggets of information are these:
- Dr. Ryan can conceive of no risk to the integrity of elections due to the requested release of the database files sought, so long as they are released after an election is over.
- In Alaska, the GEMS databases sought have been released to the political parties.
- Any information pertinent to the election in the database that could be pertinent to manipulating an election expires with the end of the election and is not pertinent to future elections.
- The reason given by the county's expert, Dr. Moffatt, for refusal to surrender the database sought by the Democratic Party was that it contained the coding of candidates order and identity on the ballots (which could be used to create dummy ballots or manipulate vote totals), but those same codes were demonstrated to be available on the Arizona Secretary of State's website by Mickey Duniho.
- The GEMS software is built on MS Access, which has essentially no security features restricting anyone who is able to access the computer it is running on from modifying the election database and erasing any signs of such manipulation from the log files.
- Microsoft has deprecated the MS Access component of GEMS (won't support it) under the conditions it is used by Pima County for elections because of lack of security and concurrency errors (problems with data corruption or loss for large numbers of inputs)
- There are two main problems with use of MS Access in this context: those with access to the computer (insiders) can easily manipulate data to change the outcome of elections and the design of the program is prone to data failure and corruption.
- The database files sought are not computer programs as generally understood, though they do contain interpreted SQL commands.
- Federal standards for election programs exclude 'interpreted code', so calling SQL commands a program would be problematic under federal rules.
- Programs that are 'modifiable in the field' are banned under federal rules, and the interpreted code in the database files are modifiable in the field, again creating a problem for considering the database files programs under federal rules.
- On cross examination Dr. Ryan admitted that the database sought constituted an election database and files containing info about tabulating voting equipment and ballot formating under the AZ Sec State's election procedures manual.
- On cross examination Dr. Ryan admitted that an altered DB (altered by one of the parties, presumably) presented to the public following an election would cause concern. On re-direct Bill Risner asked how soon a party who did such a thing would be forced to "high-tail outta the state". Dr. Ryan thought it would be very shortly.
- Judge Miller's questioning indicates an interest in the nature and function of SQL interpreted code in the database.
Video Footage of the testimony:
Full summary of testimony by Dr. Tom Ryan:
[Note: Thanks to the diligent work of David Safier for assistance with this summary. Note that this is a summary and not a verbatim transcript, though pains have been taken to relate a full account of the testimony. Some terms are of a technical nature which may be beyond the understanding of the reporters. Rely with care.]
Direct Examination by Bill Risner, attorney for the Pima County Democratic Party:
Tom Ryan has a PhD in computer programming. He was not deeply involved with the Democratic party until around 2002 when the party’s Election Integrity Committee asked him to work with them, since no one in the committee knew much about election programs, computers or software.
Nearly half the ballots cast in 2002 in Pima County were mail-in ballots.
Many elements in the GEMS software were reviewed by the U.S. agency that certifies election software, but others, like SQL, were not reviewed, implying SQL, a Microsoft product, was not considered software.
JET is the program that is needed to make GEMS software create the databases. JET is part of the GEMS package, but it is also in Microsoft Access, meaning MS Access can be used to get access to and alter a GEMS database that contains vote totals.
The database is not treated as part of the GEMS program. It is data that does not contain program information.
Federal standards forbid the use of election materials that can be modified in the field. These databases can be modified in the field.
The architecture of the database used by GEMS is widely known. It is not a secret.
In Alaska, GEM databases have been disclosed to political parties.
A report analyzing the GEMS database stated it violates several principles of database design, specifically violations of normalization.
JET is not designed to deal with being accessed by multiple users at the same time, nor with situations needing high security. This is according to Microsoft, which no longer supports JET.
There is no risk in sharing the databases with the Pima County Democratic Party.
The two risks with the GEMS software are: an “insider risk” that a person using the computer can manipulate data; and a “data corruption risk” that the software itself can generate errors.
The Logic and Accuracy test which is conducted before and after elections to see if the ballots are being read correctly by the computers, is not adequate to test the election counting system. First, it is a small test, which doesn’t indicate how the software acts when it is used with large quantities of data. Second, it is conducted in “test mode,” which means the software could perform differently in “test mode” than in “election mode.”
The only reliable test would be done with the computer in election mode and the computer clock set forward so it is simulating results on election day. That kind of test is not done.
Ryan participated in the creation of Arizona legislation that creates random hand count audits of precincts conducted after the election, which are checked against the computer results. The audit law is an improvement, but it is not an adequate audit of elections.
Early (predominantly mail-in) ballots are audited without dividing the ballots into precincts. When the law was being created, election officials refused to allow a procedure that would separate the early ballots into precincts.
Disclosing databases to political parties after an election is over is not a risk. Items in the database like candidate codes will change for the next elections.
At one point, Ryan, along with Bill Risner (the lawyer for the case), met with Brad Nelson, head of Pima County Elections Division, about improving audit procedures. They asked Nelson if he could do a “batch audit,” where totals for a certain “batch” of votes would be determined by getting the vote totals before and after those votes were counted. Nelson said he was not a computer guy and had to check with someone else in the department. Nelson later said batch totals could not be done.
When John Moffatt, Pima County's manager of strategic technical planning, was asked why databases should not be released, he said it was because they would reveal the codes used to identify candidates and races on the ballot. Mickey Duniho, who was at the meeting, showed Moffatt that the codes could be found on the Arizona Secretary of State’s public website.
Hash codes are [more or less] a mathematically generated fingerprint of a file that can be used to see if a file has been altered later. The GEMS databases do not contain hash codes.
Cross examination by Christopher Straub representing Pima County:
Ryan agreed that Pima County’s current practices ensure than GEMS software has remained unchanged during recent elections.
Ryan’s knowledge of GEMS comes from copies of GEMS found on the web and also from information he has read.
When asked if encryption schemes of passwords can be discovered by looking at the databases, Ryan said he didn’t know the encryption used, so he can’t say.
When asked if the lawsuit was in fact about changing flawed election software, Ryan replied, No, it’s to gain greater transparency in the elections process.
Question-and-answer series, paraphrased:
Q: What is required for election divisions to send to the Secretary of State?
A: Computer programs and documentation.
Q: Isn’t the database sent?
A: Yes, but that isn’t required since it isn’t software. In fact, the elections divisions send just about everything on their servers to the Secretary of State.
Q: Do other counties send their databases?
A: Yes.
Q: Should databases be sent to the Secretary of State?
A: Yes.
Q: Because it could help in the case of a criminal investigation?
A: Yes.
Q: Are databases used to lay out ballots?
A: Yes.
Q: Are the databases also used to generate other items (art work, etc.)?
A: Yes.
A section of the Secretary of State’s handbook was read talking about materials, specifically computer programs, that must be sent to the S. of S. by the elections division.
Straub hypothesized that if others had copies of the database after the elections, these people could manipulate the data and present it to show that the election was rigged, which would cast doubt on the accuracy of the election in the minds of the public.
Ryan agreed that a hand count audit is a better tool to check the accuracy of the votes than an inspection of the database.
Redirect by Bill Risner:
The database sent to the Secretary of State’s office approximately ten days before the election has no vote count information. It shows ballot design, etc, but it has no actual votes.
If the Democratic party got a copy of the database after the election was over, the Republican and Libertarian parties would get copies as well. It would be foolish for the Democratic party to alter the database and use that as evidence of a rigged election, knowing the other parties would be able to show the Democrats were lying. So they would never do such a thing.
Questioning by Judge Michael Miller:
Judge Miller asked Ryan some technical questions about GEMS, JET, Microsoft Access, and SQL.
Miller wanted to know if GEMS would run on operating systems other than Windows (Ryan didn't know), and whether MS Access is required to run GEMS (Ryan didn't think so, and pointed out the GEMS contains a component called JET which is a version of MS Access).
Judge Miller wanted to know where the SQL commands are stored. Ryan said in the database files.
Specifically, Miller sought information about whether the SQL code in the database is generated by the database or generated by the JET (Access) component of GEMS. Ryan said he wasn't sure as he doesn't have access to GEMS source code, but he deduces it is created by GEMS as the database files are created by GEMS.
Recent Comments