After months of buildup, Monday’s Iowa Caucus kicked off the 2020 primary elections—and it didn’t go great. Results reporting was delayed by what Iowa democratic officials first called “quality control” efforts. In fact, a new, unvetted mobile app designed to help collect and relay voting tallies had failed due to technical and usability issues. The telephone hotline intended as a failsafe was overwhelmed by calls from caucus leaders trying report results and troubleshoot the app. It was, and as of publication continues to be, a mess. It’s also a warning.
The good news first: There’s every indication that Iowa’s results will turn out just fine. The votes were all properly recorded, and a paper backup means that they can be verified. It was the reporting process that epically collapsed, necessitating extra time for collecting and tallying final results. It’s an annoyance, not a catastrophe.
“As part of our investigation, we determined with certainty that the underlying data collected via the app was sound,” Iowa Democratic Party chairman Troy Price said in a statement. “While the app was recording data accurately, it was reporting out only partial data. We have determined that this was due to a coding issue in the reporting system. This issue was identified and fixed.”
But the things that did go wrong in Iowa provide an important lesson that election officials have precious little time left to learn. Adding technology to the electoral process does not necessarily improve it; in fact, it often just makes things more confusing. Worse still, the fallibility of tech makes it easy fodder for conspiracy theories, and a lack of faith in the democratic process. All of which has been on display in Iowa.
Start with the app, developed by a group called Shadow through ACRONYM, a Democratic nonprofit founded in 2017 by former Clinton campaign staff. An ACRONYM spokesperson did not return a request for comment from WIRED, though the firm said in a statement that it is simply an investor in Shadow.
All software has bugs, but a flaw in the core functionality—reporting data—is a major failure. This year, after confusion marred reporting in 2016 and 2008, caucus precinct leaders needed to relay more data than ever to Iowa Democratic officials, who tabulate the results. In addition to the final votes and delegates won, participants also collected data about how caucus-goers originally aligned themselves, and how they realigned once it was clear which candidates had less than 15 percent of the vote. The app was intended to be simple way to collect all of this information and centralize it as quickly as possible. It had one job.
In an way, the app had failed before Monday night’s caucus began. Rather than download it from an app store, precinct leaders had to side-load it onto their devices, a confusing process that many seem to have understandably not bothered with. Those who did install the app appear to have received little training on how to use it, or even to log in; it required a combination of security codes rather than a simple user name and password. On top of that, the PINs that precinct leaders used to practice logging into the app expired before the caucus began.
Details about the app were also largely kept secret, an apparent attempt to create “security through obscurity.” Not even the Department of Homeland security had a chance to review it. But the idea that it’s more difficult for hackers to attack a system they don’t know much about is deeply misguided. Attackers can get up to speed quickly, while leaving security researchers in the dark means there’s limited opportunity to catch bugs and vulnerabilities before the platform goes live..
“I had heard concerns about the app, in particular that people didn’t know much about it and that there was a lot of secrecy around it,” says Lawrence Norden, deputy director of the Brennan Center’s Democracy Program at New York University School of Law. “Even for the people who were supposed to be using it there was very little training and there was certainly no public testing of the app.”
