Please see the Election Integrity Homepage for complete coverage and the latest news.
The expert testimony of Mr. Merle King set the stage, Dr. Moffatt’s testimony provided the backdrop and chewed the scenery somewhat. The summary provided at the end of this post omits much of what is duplicative of King’s testimony, and is thus fairly short.
I have a very high opinion of Dr. Moffatt, despite his testifying for the side I judge should lose this case. He is, after all, employed by the county; one can’t blame him for presenting their position as best he can. Dr. Moffatt has been very helpful in getting important physical and procedural security measures in place to help protect the highly insecure GEMS system. For that leadership, all of Pima’s voters should be thankful to Dr. Moffatt.
The bottom line on Dr. Moffatt’s testimony is, however, that he was unable to make the threats the county claims are attendant to release of the GEMS databases following an election any more realistic. Again, he confirms the extreme vulnerability of the GEMS system to insider manipulation.
The following is a condensed and paraphrased (and in this instance, redacted) summary, not a transcript. Thanks to David Safier for his hard work producing summaries of testimony for this project…
Summary of testimony of Dr. John Moffatt
Direct examination by Thomas "Tad" Denker, Deputy Pima County Attorney.
John Moffatt has a background in computer science. He formed his own consulting firm that created a software company. He still has both corporations, which have clients around the world. He is Pima County’s manager of strategic technical planning.
Moffatt says Bryan Crane, the election division’s computer technician, did not take home backups of the election count totals.
Moffatt says that the database tapes sent to the Secretary of State contain the current and all the previous databases. So if we are missing the database from the RTA election, the information can be found on the tapes of following elections.
A computer bag with a laptop was entered as evidence. It contains a current copy of the GEMS software and the 2006 general election database file. These are for the judge to look over so he can better understand the databases the County does not want to turn over to the Democratic Party.
[Risner objects to introduction of the laptop, since it contains evidence the plaintiffs don’t have access to. The judge feels he has an obligation to look at the information, so he overrules the objection. (editor’s note: Judge Miller is concerned about cases that have been overturned on appeal because the judge failed to make an in camera examination of the record before deciding whether or not that record was a public record.) However, he says he will not use his examination to form an opinion that is better left to the experts. He does not want to act as a witness in the case.]
In 2006, the Democratic Party gave a large binder of materials to the Board of Supervisors. That is when Moffatt became involved with the elections division. He met with members of the election integrity committee, agreed with most of their security suggestions, and implemented them. He drew the line at releasing the databases. He believes releasing the databases would create a threat. He introduced the concern about reverse engineering, which would allow someone to work backward from the database to learn about the software.
When a system uses modems to send votes from the polling places to the GEMS computer, there is the possibility of a man-in-the-middle attack, where the information is first sent to an intermediary, who changes the vote count, then sends it to the GEMS computer. However, Pima County is no longer using modems.
Other counties in Arizona and elsewhere are not nearly as secure as Pima. Release of the database could increase their vulnerability.
Cross examination by Bill Risner.
Brakey and Jim March went to other counties to help them improve security.
Duniho has created a manual to help improve security elsewhere.
Moffatt only learned of the crop scanner in Crane’s work room in 2007, and he had it removed the next day.
There is no history of outsiders hacking into voting computers.
The specific risks of giving out the database are generating ballots, generating false statements of votes cast, and generating false memory cards.
Moffatt agreed that the man-in-the-middle threats are eliminated by comparing the vote totals at the polling places with the vote totals for those precincts in the GEMS computer.
No one would be foolish enough to change a vote total after an election to create confusion, since the other parties would have the original data.
It is very difficult to get a faked ballot into the polling booth.
Judge Miller’s questions.
All election software is flawed, though the county is looking to make a change away from Diebold’s.