When the Iowa Democratic Caucus results were delayed by an application foul-up Bernie Sanders supporters were outraged at a stolen victory. Now, as the results trickle in, and Sanders' results turned out OK, they've quieted down. But the fact remains that the application not only fouled up caucus results reporting, but it also made people even less trusting of the election process.
Most of the Iowa caucus post-mortem has focused on Shadow, the company behind the app, and its parent organization, Acronym. The root problem wasn't with the groups behind the misfiring application, IowaReporterApp; it was with a fundamentally flawed software development process.
What happened with the Iowa caucus app?
The app was insufficiently tested, didn't install properly on many phones, and frequently failed to perform as expected. In short, the app was ripe for failure. Even before the caucus, many experts were concerned about the app's security.
This time around Shadow was paid about $63,000 by the Iowa Democratic Party and $58,000 by the Nevada Democratic Party to develop IowaReporterApp. That may sound like a lot of money, but for a mission-critical, mobile application it was on the cheap side.
IowaReporterApp had a simple job: Count support for candidates and report back via the app. But the app didn't scale, the phone lines were understaffed, and caucus connectivity was spotty. In short, a programming failure was exacerbated by deployment and execution problems.
Shadow admitted as much:
"We sincerely regret the delay in the reporting of the results of last night's Iowa caucuses and the uncertainty it has caused to the candidates, their campaigns, and Democratic caucus-goers. As the Iowa Democratic Party has confirmed, the underlying data and collection process via Shadow's mobile caucus app was sound and accurate, but our process to transmit that caucus results data generated via the app to the IDP was not."
Was the Iowa caucus app tested at all?
Some people have called the Iowa caucus a beta test. I wish! This was an alpha test. The program was only made available to users on Jan. 18, just over two weeks before the caucus.
To install the application, instead of using a mainstream app store, users had to download and install it into their phones from TestFairy, an Android app testing platform, and Apple's beta app TestFlight test site.
According to Vice, Jonathan Green, chair of the Democratic presidential primary caucuses in Iowa's Fremont Township and Lone Tree precincts and an IT systems administrator, the program didn't work properly. Indeed, Green said, he didn't receive final app instructions until Feb. 3 at 1pm, the day of the caucus. The final instruction e-mail also added that precinct leaders should call the results if the app "stalls/freezes/locks up."
As Herbert Lin, senior research scholar for Cyber Policy and Security, Center for International Security and Cooperation at Stanford University, observed, "The idea of releasing a poorly tested app to users without app-specific training hours before it was to be used for real is the height of hubris -- or naivete."
There was reason to believe the app would blow up
As Evan (Rabble) Henshaw-Plath, CEO of Planetary, a new decentralized social network, tweeted [sic]:
"The caucus app is firebase / react app built by one senior engineer who's not done mobile apps and a bunch of folks who were very recent code academy graduates who as of a couple months ago worked as a prep cook for Starbucks and receptionist at Regus."
In short, the app and its underlying infrastructure were badly done. Then, the fail-safe after that -- calling in the results -- failed because not enough people were available to deal with the load. So, the Iowa caucus failed because of simple incompetence.
Another reason the app failed badly is due to how electoral software is funded and a misguided belief in proprietary software development. Henshaw-Plath tweeted that the "fundamental problem is we've got a very broken way we fund campaign tech." Political software is, by its very nature, focused on the short term: Gaining contributions and winning the election.
Therefore, he continued, while "in normal tech circles we'd have a bunch of free software libraries and tools we build on together, but the campaign tech space doesn't have this because decision makers fear our tools will be taken and used by the other side."
This is fundamentally flawed thinking by leaders without a grasp of how modern software development works.
As Alex Stamos, a cybersecurity expert at Stanford University, tweeted:
You are building a tabulation system on the critical path of human history. Do you:
a) Have your decent public university CS dept build an open-source solution and ask for public review?
b) Pay the lowest bidder and keep it secret from election security experts?
The result is, well, we just saw it: A proprietary program thrown together without enough time by developers who were outmatched by their job. This simply doesn't work.
Open source is the way forward
It took years, but everyone outside of Apple now uses open-source methods to create the software that's changing the world. Political party leaders need to wake up and realize it's the 21st century and embrace it as well. It's not as if open-source election software projects don't exist. Here are some that could help us have safe, trustworthy political campaigns and elections:
The Progressive Coders Network's mission is to build open-source tools to empower the grassroots and reduce the influence of big money in politics. Some of their projects include National Voter File, a modern database of voter files; Carpool action, a program to link voters to drivers; and the Princeton Gerrymandering Project, which seeks to bring mathematical fairness to electoral district mapping.
Ragtag has a similar mission to Progressive Coders. Some of their projects include Helpdesk to connect campaign workers and political activists with tech-savvy helpers and Web Squads for campaigns needing website development help. In both these groups, we're seeing basic civics, a class sorely missing for generations from schools, coming together with open-source software.
It's not just small groups working on open-sourcing the election process. Microsoft is getting into the open-source election act. ElectionGuard is an open-source software development kit (SDK) for cryptographically securing voting machines. ElectionGuard should be released soon and, hopefully, will be implemented in some voting machines before the 2020 general election.
The US Cybersecurity and Infrastructure Security Agency (CISA) and VotingWorks (a non-partisan, organization) recently open-sourced a tool for auditing election results: Arlo. Its code is available on GitHub.
The Open Source Election Technology (OSET) Institute, as part of its Trust the Vote project, is working on ElectOS, a long-idle open-source elections technology platform. When completed, this work in progress will support elections administration and voting. That will include creating, marking, casting, and counting ballots and managing all back-office functions.
ElectOS, in theory, could replace today's flawed and obsolete electronic voting systems. But real work needs to be done on it before it can be deployed in elections.
The top three voting machine manufacturers -- ES&S. Hart InterCivic, and Dominion -- all use proprietary software. Indeed, most of these run on Windows 7 or even older operating systems. Oh, and in case you've been living under a rock, Windows 7 fell out of support in January 2020.
Software failures like Iowa's are unacceptable
It's well past time that political parties and governments move to open source.
Although, as Lin pointed out, Iowa got one thing right: "It required that votes be counted on paper, and then tallied electronically. ... With that paper trail, the Democrats -- and the nation as a whole -- will be able to regard this event as a case study in how to recover from a poorly run election. … Without the paper trail, there would never be any clarity -- just a whole lot of doubt."
The last thing we need is more doubt in our elections. Open source or proprietary, we need a paper ballot audit trail. Unfortunately, Lin observed, "voters in at least nine states including Texas, New Jersey, and Indiana will cast their ballots electronically on systems that do not leave a paper trail." This is a mistake that may be even worse than continuing to rely on out-of-date proprietary software for our elections.