Iowa Democrats have struggled to declare a clear winner in this week’s caucuses – the DNC chairman just called for a recanvassing – but a clearer picture is emerging of the largely untested app – reportedly just two months old – that led to the state party’s counting woes and the impact that technology is likely to have on election and election security in the future.
The
quick delivery of the IowaReporterApp – developed by Shadow Inc., a
company created by Democratic operatives who worked on the Clinton campaign –
and its application to a complex caucus process made more complicated by
expanding reporting to include three sets of results – almost certainly ensured
chaos, inaccuracies and questions about cybersecurity.
“There are basic
needs that must be met in a democratic election process,” said John Dickinson,
principal and application security expert at Denim Group, “and those that
are most important, accurate tabulation and timeliness, were not met.”
There was “insufficient
time to test the code functionality, let alone thoroughly evaluate its
structural integrity before it was hit with live field conditions and loads,”
said Bill Curtis, senior vice president and chief
scientist at CAST Research Labs, who pointed out that the Department of
Homeland Security (DHS) Cybersecurity and Infrastructure Security Agency
(CISA) will vet election technology for free. “But they were not contacted and
would not have had time to complete their evaluation before the app went live
(or on life support).”
Transitioning from in-person voting to a technology-based
voting is inherently risky from a security platform. “Mobile apps in particular have a larger threat surface
than, say, a website that simply collects data,” said Ray Kelly, principal solutions
architect and alliances at WhiteHat Security. “When it comes to personal
information, mobile app data and even accounts can be stolen with rogue access
points (‘Free WiFi Connection!’), and extra thought must be given to encrypting
PII on the device itself.”
That
gives malicious actors an in “to lure users to download fake voting apps for
the simple purpose of stealing PII,” he said, pointing to breaches like the one
at British Airways, in which 380,000 users’ credit card numbers, names,
addresses and more were stolen through a skimmer script in the airline’s mobile
app.
Electronic voting is more a less a given in the future – and
will certainly attract hackers around the globe. Just this week, FBI Director
Christopher Wray warned members of the House Judiciary Committee that Russia is
actively mucking with the 2020 presidential election through information
warfare. “They
identify an issue that they know that the American people feel passionately
about on both sides and then they take both sides and spin them up so they pit
us against each other,” Wray said. “And then they combine that with an effort
to weaken our confidence in our elections and our democratic institutions.”
Voter confidence, already tenuous, could take a
hit after the IowaReporterApp debacle – and the ensuing chaos over the vote
tallies that prevented Iowa Democrats from declaring decisive results.
Conspiracy theories materialized quicker than officials were able to craft a
statement in response to the incident.
“Unsurprisingly, the technical problems impacting the Iowa caucus have given widespread attention to an issue that goes to the heart of voter confidence and could directly impact voting turnout across the nation,” said Casey Ellis, Bugcrowd CTO and cofounder, who acknowledged technology’s impact on the modern democratic process.
“It also reminds us that building software is hard,” Ellis said.
App makers can do better. “Sloppy software development practices cannot be tolerated, whether in election technology, flight control systems, financial systems, or any business-critical software systems,” said Curtis.
The Shadow app and its back end clearly didn’t
undergo adequate functional and stressing testing, says Jack Mannino, CEO at
nVisium, explaining that multiple factors cause systems to perform differently
during pre-production than in live settings. “This is why exhaustive and
comprehensive testing must be done across the software development lifecycle
from prototype development through integration to pre-production (or simulated
environment), and especially before live deployment for such mission critical
applications,” he said.
The teams creating solutions often are “not
representative of the population using it, so unless there’s extensive user
testing, groups such as older demographics may have issues navigating it,” says
Bailey. “What makes it distinct in elections are the vast consequences when
these solutions fail. Results get out late (or are incomplete), candidates are
left wondering whether they should be on a victory or defeat march, and more.”
Much of the burden to get it
right rests on voting officials.Steve
Moore, chief security strategist at Exabeam suggests doing the following:
- Agree on a clear goal, and the
tasks needed to achieve it: If a new app is being used, how many have been
trained on it? The best applications are made from a user’s perspective, not
engineers’ perspectives. - Have a go, no-go: When things go
wrong, everyone must march to the same cadence – at the right time. Need
support or a bridge line? Do you have the number, and can the call load be
supported? - Set customer expectations ahead of
time: The customer shouldn’t question the result, nor should they fret over a
delay. - Set internal expectations: Share
before the event that if certain conditions aren’t met, that a substitute or
parallel effort will commence – in this case, a manual review. - Communicate: When things don’t go
as planned, comfort and confidence go a long away. Have named resources to
share the plan of action, status, and timeline.
As messy as the Iowa caucus tally was, there were some bright spots that should be considered going forward. First, the fallback mechanisms meant to ensure vote integrity worked. “While the results were delayed, the failsafe systems were available and activated, and Iowa voters have been reassured that their vote was counted,” said Ellis.
And while Bailey sees ramifications for technology in elections going forward, the Iowa caucus fiasco “arguably is a positive” long term. Better to find out now that U.S. elections are quite ready for online or mobile voting than after a widespread roll out. “While theoretically the technology exists, the technology industry has proven time and time again the inability to always fully understand the user’s experience, consistently test for different scenarios, scale properly, and develop a robust security architecture around the solution,” says Bailey. “All of this (and likely more) is necessary for proper voting over the internet. The Nevada State Democrats [who were set to use the same app but have since ditched that plan] have already stated they are evaluating best strategies for their caucus, but that they will have backups in place.”
That’s likely cold consolation for Iowa, which now may not serve as a bellwether for U.S. presidential elections in the future. “The inconsistencies in the caucus system reported today almost certainly will mean Iowa will lose its first-in the-nation status. This is the end of an era,” said Matthew Schmidt, associate professor of national security and political science at the University of New Haven. “Iowa built its system in response to the chaos of the ’68 election, it’s an artifact of the Boomer era and what happens next marks a sea change in American politics.”
