IE 11 Not Supported

For optimal browsing, we recommend Chrome, Firefox or Safari browsers.

Gov Tech Lessons Learned from Iowa's Caucus App Debacle

Results of the Iowa Caucus were delayed a day because of a coding error in a new app used by the Iowa Democratic Party. Several technology experts see it as a cautionary tale that could have gone worse.

A presidential preference card from the 2020 Democratic caucus in Des Moines, Iowa.
Flickr CC/Phil Roeder
The 2020 election season kicked off Monday in Iowa, and many are hoping it’s not a harbinger of things to come.

Despite the widely held opinion of election security experts that Internet-connected devices should be avoided where possible — to say nothing of repeated warnings from federal officials about cybersecurity threats — the Iowa Democratic Party used a brand-new mobile app to tally and transmit primary election results. It didn’t go well.

Results were still coming in as of this writing, almost 20 hours after polls closed, because an apparent coding error in the app led to discrepancies, forcing officials to record totals by hand. According to a public statement Monday night from Iowa Democratic Party Chair Tony Price, there was no indication of a security breach, and the app was recording data accurately, but it was reporting only partial data. He said the coding error was eventually fixed, but the party’s contingency plan to enter data manually took longer than expected. For some, the damage was already done.

The Nevada Democratic Party had contracted the same company that produced the app — Shadow Inc. — for the same service, and the party’s verified Twitter account revealed on Tuesday that they no longer plan to use the app for the state’s primary on Feb. 22.

On the company's website, CEO Gerard Niemira said in a statement that he regrets the delay.

"As the Iowa Democratic Party has confirmed, the underlying data and collection process via Shadow's mobile caucus app was sound and accurate, but our process to transmit that caucus results data generated via the app to the IDP was not," the statement reads.

Candidates who had spent millions campaigning in Iowa went to bed without results, various conspiracy theories started making the rounds, and several experts viewed the debacle as a cautionary tale about the need for a paper trail, among other things.

Susan Greenhalgh, vice president of programs for the nonpartisan National Election Defense Coalition, said the technical snafu could have been worse. Months earlier, she said, Iowa election officials had been flirting with the idea of deploying a smartphone app for caucus voters to actually cast their votes, not just to tally and transmit them afterward. If they had gone through with that, she said, the lack of a paper trail might have forced them to toss out the results and redo the election altogether.

“The problem with this is that they wanted to adopt software to transmit results over the Internet, which they had been warned includes all sorts of dangers and risks, and could be vulnerable to malfunction and hacking. They’re very fortunate in Iowa that they didn’t deploy a full Internet-voting app,” she said. “They basically dodged a bullet, because they can still reconstruct the results … in a transparent and reliable fashion by using the paper records at each of the caucus precincts that night.”

Greenhalgh said people are casting online votes in primary elections now, because 32 states currently allow voting via the Internet for military members, overseas citizens, and in some cases voters with disabilities. She cited opinions by the National Institute of Standards and Technology and the Department of Defense that it’s impossible to ensure the legitimacy of a ballot cast using the Internet.

The use of Internet-connected technologies in general is high on her list of concerns about election security, but Greenhalgh said they can mean contracts for vendors, who sometimes sell to election officials with misleading claims and little to no outside vetting and testing.

On top of their inherent hackability, Greenhalgh said, the use of online technologies for voting minimizes the ability to recount or verify results.

“I really hope this becomes the canary in the coal mine, that states that are promoting online voting take action immediately and stop it,” she said. “After the 2016 election, after we knew Russians were trying to hack into elections of liberal western democracies, the countries in Western Europe that have Internet voting — France and Norway — stopped immediately.”

Marian Schneider, president of the nonpartisan nonprofit advocacy group Verified Voting, agreed in a public statement that Iowa would have been up a creek if not for a paper trail.

“The situation with Iowa’s caucus reveals the risks associated with technology, in this case with a mobile app, but more importantly that there needs to be a low-tech solution in order to recover from technological failures — no matter the cause,” the statement read. “There needs to be a way to monitor, detect, respond and recover. It’s clear that mobile apps are not ready for prime time, but thankfully Iowa has paper records of their vote totals and will be able to release results from those records.”

Leigh Tami, the director of data analytics for New York City Department of Parks and Recreation and former director the Cincinnati Office of Performance and Data Analytics, made the point that election security is not merely a matter of dismissing new technology out of hand. Before adding a new layer of technology to any process, she said, two questions deserve an answer: Is this solving a real problem, and are we confident this will not create another weak point in what is potentially already a vulnerable process?

According to several media outlets, the Iowa Democratic Party paid close to $63,000 for an app to report final vote tallies. From outside the situation, Tami was unconvinced it was necessary.

“Maybe we try to find problems before we solve them,” she said. “I don’t think government officials are idiots. I think that there’s a lot more deference to perceived technical knowledge that makes it difficult to do things like manage vendors effectively, or negotiate appropriate price points, or understand the implications of some of the code in the software you’re purchasing. … It’s really a matter of making sure that the people who are managing these contracts, or overseeing their implementation, are armed with knowledge.”

Greenhalgh said she hopes entities such as the U.S. Election Assistance Commission and Department of Homeland Security start offering more specific oversight and best practices, instead of dodging potential controversy.

“An official at the EAC once described [election security] to me as the ‘third rail,’ and that’s why they avoid it. I’m hoping that this [glitch in Iowa] will prompt leadership out of the EAC to warn states that they need to stop doing this insecure process and see this as a wake-up call,” she said. “If this happens during the real 2020 general election, it would be an absolute disaster for our country. We can’t afford that. People need to take this seriously and stop ignoring the problem.”

Andrew Westrope is managing editor of the Center for Digital Education. Before that, he was a staff writer for Government Technology, and previously was a reporter and editor at community newspapers. He has a bachelor’s degree in physiology from Michigan State University and lives in Northern California.