Tech

The Democrats Screwed America With an App No One Asked For

GettyImages-1198464698

Normally, by now, we’d have a clear winner in the Iowa caucus. A Democratic candidate for president would have won their first delegates and talking heads on cable news would have started constructing narratives with the first actual votes in a heated and unpredictable primary.

But as you found out if you stayed up all night or rolled over this morning to look at your phone and audibly ask yourself what the fuck is going on, this is not the case today. A combination of Iowa’s byzantine caucus system, a failed app, and the catastrophically inept Democratic establishment has delayed Iowa from declaring a winner, though it says the result could come in later today.

Videos by VICE

Theoretically, a democracy is a system where people vote for the representatives, officials, and policies they want. Embarrassingly, that is not exactly the system we have in America, but even with the electoral college, superdelegates, coin flips, and other quirks that convolute this process, how many votes each candidate gets is what’s supposed to determine a winner, and it’s not technically critical if the final tally of these votes is reported Monday evening, Tuesday morning, or even next week.

However, all involved parties—the campaigns, the party and its establishment, the press, and the public—want the results as quickly as possible. This is especially true in Iowa, because the main importance of the contest is in the fact that everyone has agreed to take the narratives it generates seriously. Candidates especially count on being able to get lots of publicity out of good showings and ride the momentum into the New Hampshire primary, while everyone from backers to voters count on being able to identify who’s dead in the water.

This year, the Iowa Democratic Party planned to use a new app to report and share the results on which the whole system is based. David Jefferson, a board member of Verified Voting, a nonpartisan election integrity organization, told the Times that the Democratic National Committee advised the Iowa Democratic Party to use the app instead of having caucus participants call in the votes. According to the Wall Street Journal, party leaders said the app would make it easier and faster to report results from the roughly 1,700 caucus sites in Iowa. (What the utility of this would be when paper and phones have long provided quick and reliable results isn’t exactly clear.) At the time, the Iowa Democratic Party declined to say who made the app because, it claimed, doing so could make it more vulnerable to attackers.

Even Tuesday, after the problems with the app became clear, the party has still declined to explain what the app is and what it does.

In a statement, the party said that there were “inconsistencies” with the data the app was reporting and what precinct chairs were seeing on the ground: “We determined with certainty that the underlying data collected via app was sound. While the app was recording data accurately, it was reporting out only partial data. We have determined that this was due to a coding issue in the reporting system.”

Do you know anything about the app used to tabulate votes in Iowa? If you were a precinct leader or know anything else about the app, please reach out to Jason Koebler securely on Signal: 202-505-1702. He also has open Twitter DMs @jason_koebler.

In a sane world, we would not rely on smartphone apps to report critical election data. But even in the broken world we have, it is beyond irresponsible to attempt to hide the developer and name of a vote-reporting app. One of the best-known axioms in the cybersecurity industry is that “security by obscurity” doesn’t work. Cybersecurity experts should have been allowed to publicly probe and test the app, which is ultimately critical infrastructure we rely on to protect our democracy. As Motherboard previously reported, the fact that election systems are not entirely transparent to the public is a security risk, especially rapid result reporting systems that don’t have the same certification requirements as, say, voting machines.

This decision by the DNC to double down on insecure technological solutions to problems that don’t exist just four years after it got spectacularly hacked by Russia indicates two things: The Democratic establishment learned absolutely nothing from that hack, and it is dangerously incompetent and cannot be trusted to protect, well, our democracy.

At the very least, the Iowa Democratic Party needs to be forthright about who developed the app so that the public can determine, to the best of its ability, whether that company is trustworthy.

Today, we know that the app was developed by a small company called Shadow, which, according to Federal Election Commission records, has previously provided services to the Texas Democratic Party, Kirsten Gillibrand’s failed primary bid, and Pete Buttigieg’s campaign. Abhi Rahman with the Texas Democratic Party told Motherboard that the Texas Democratic Party only used Shadow as one of the many texting contracts it has with vendors. Shadow also sells software to “recruit volunteers and mobilize voters,” which suggests that its clients may not be just supposedly candidate-agnostic state Democratic committees, but individual campaigns themselves.

Acronym, “a nonprofit organization committed to building power and digital infrastructure for the progressive movement,” released a statement last night explaining that it’s an investor in Shadow, but that it doesn’t know how or why the app failed.

There’s enough going on with these two operations to launch a thousand conspiracy theories, and that’s probably what will happen. (A few examples: Gerard Niemira, CEO of Shadow and formerly COO and CTO of Acronym, once contributed to a project to generate “fake data such as names, addresses, and phone numbers”; Pete Buttigieg’s national organizing director, Greta Carnes, came directly from Acronym; and, as Sludge has reported, Acronym’s PAC is funded by, among others, the National Democratic Redistricting Committee, which is chaired by former Obama attorney general Eric Holder.)

It doesn’t take a conspiracy, though, to surmise what happened: Connected insiders using buzzwords to sell an unnecessary and overcomplicated solution to a nonexistent problem is the political system working as it always does. The difference here is just how public and spectacular the failure was.

Some caucus chairs, like Iowa state senator Zach Wahls, said they had no problem reporting results via the app. However, Wahls also tweeted that iPhone users had to download the app via TestFlight, an iOS environment that allows developers to share and test their apps with other users before they’re officially released. Developers often share their games and apps with Motherboard with TestFlight for pre-release review purposes. This, again, is a nonstandard way of installing apps. Even though we have installed many apps this way, there are often problems installing them. Given our experiences with TestFlight, it is not at all surprising that asking hundreds of people to install an app using TestFlight could result in some problems.

The DNC and Iowa’s Democratic establishment has failed at their most basic duties: Instilling a sense of competence, trust, and normalcy in the electoral process. The decision to use an app that it didn’t need, to hide the creator of this app, and to delay the reporting process has led to unmitigated chaos. It’s critical that Iowa used paper counts for its official tallies, but with so much of these campaigns relying on a media and momentum narrative, the failed app has caused enough of a mess to do real damage.

“It’s important to keep in mind that these are caucuses, where each local count can be verified by every voter and candidate representative and then recorded on paper. We’ll be able to confidently get a result, so we should all take a deep breath,” Ben Adida, an election security expert and executive director of VotingWorks, a non-partisan, non-profit building secure, affordable, and open-source election technology, told Motherboard.

“However, there is a lesson here that we should be mindful of the cost/benefit of introducing technology in elections—what was the benefit of this app supposed to be? And we should insist that the technology upon which we build our Democracy be open and broadly vetted.”

With the media and voters around the country demanding election results immediately, we ended up with election officials in Iowa tweeting chicken-scratch screenshots of math worksheets and whiteboards that tallied caucus results from disparate precincts. Every major candidate has declared victory in some way or another, and it seems possible—even likely—that candidates themselves have better results right now than the public. A Bernie Sanders precinct captain told Motherboard that the Sanders campaign had its own app that it used to tabulate delegates.

“The app I used was specific to the Bernie campaign. Every precinct captain was trained to use it, and we reported detailed first count, second count, and delegate allocation numbers through it,” the precinct captain said. “That’s where the Bernie campaign got its numbers it sent out in that press release, presumably. I take it they wanted their own info straight from as many caucus sites as possible given how much bullshit there was in 2016.”

The New York Times reported that many precinct leaders who were supposed to use the app to report results ignored the request from the Iowa Democratic Party and instead attempted to report results like did in previous by calling results in. When they called, many found that it took hours for Democratic party headquarters in Des Moines to pick up. A caucus secretary for a Story County precinct said he was on hold for over an hour and simply tweeted the results after being hung up on while talking to Wolf Blitzer live on CNN:

Last night, IDP communications director Mandy McClure said that the problems with the app were “simply a reporting issue,” and that “the app did not go down and this is not a hack or an intrusion.” Voters have no way of really knowing because the app was never vetted by the Cybersecurity and Infrastructure Security Agency, other election security organizations, and the broader cybersecurity community. We don’t know if the app is secure precisely because IDP kept it a secret.

The DNC, IDP, Shadow, and Acronym did not immediately respond to requests for comment for this piece.

Even if the app is secure, we don’t know if it worked as designed or if people knew how to use it. (“The app wasn’t included in the chair training that everyone was required to take,” Zach Simonson, the Democratic Party chair in Wapello County, told the Times.) There’s a lot we don’t know; we do know that right now it looks like the institutional Democratic Party is far more interested in appearing to do things effectively than in doing so.