Throughout Monday’s caucuses in Iowa, according to press reports, precinct chairs across the state struggled to use a hastily-built and inadequately tested mobile app, developed by a shadowy for-profit tech company, to report results to the Iowa Democratic Party. This seems to have been the main cause of massive delays in the publishing of results from the caucuses.
A system where the vote is taken literally by having people stand around in groups is apparently being disrupted by a software failure.
— matt blaze (@mattblaze) February 4, 2020
When the media learned last month that the Iowa Democratic Party planned to use a mobile app to report caucus results, the party refused to reveal many details about the app. It didn’t publish the app’s source code for independent security researchers to inspect nor give any information about how thoroughly the app had been tested (apparently, not very thoroughly). The party wouldn’t even name the vendor that it hired to develop the app (Shadow, Inc.), claiming that doing so could inadvertently help potential cyber attackers.
Elected officials couldn’t get answers, either. The office of Sen. Ron Wyden asked the Democratic National Committee for details about the app three times in lead-up to the Iowa caucuses, but the requests were ignored, according to the Wall Street Journal. Wyden is himself a Democrat, representing Oregon.
My warnings about this technology were ignored, and the result is chaos and a loss of confidence in our elections. Unless states step back from using unproven technologies in our elections this will keep happening. https://t.co/gAjV2kJJjB
— Ron Wyden (@RonWyden) February 4, 2020
This is the opposite of what the Iowa Democratic Party should have done.
Hiding the details of how a computer system works does nothing to make it more secure. This is known as “security through obscurity,” and it provides a false sense of security, while making it harder for people to have confidence that the system actually works as expected.
Election systems should instead rely on the information security principle of “open design.” The National Institute of Standards, the federal agency responsible for recommending standards that industry and government agencies should follow, lists open design as an important principle for designing secure computer systems. “System security should not depend on secrecy of the implementation or its components,” NIST’s Guide to General Server Security says.
This open design practice is commonplace in the software industry, particularly in systems that handle very sensitive data. The Signal app, for example, is widely known as one of the best designed end-to-end encrypted messaging apps. Unlike the Iowa caucus reporting app:
- Signal’s source code is freely available on the internet for anyone to inspect. You can find the Android source code in this repository on GitHub, the iPhone source code in this one, and the desktop app source code in this one.
- The inner workings of Signal’s encryption algorithm are publicly documented, and the implementation has been peer-reviewed.
While it’s possible that cyberattackers could use this wealth of information about how the app works to find vulnerabilities, the benefits of open design by far outweigh the risks. When flaws are inevitably found, they are more likely to get fixed rather than to be quietly exploited by attackers, and the software ecosystem as a whole improves because of it. And, perhaps most importantly, open design gives users confidence in the security of the app without having to blindly trust the claims of the developers.
The Iowa caucus debacle is about rapid reporting of results, not about voting itself. Please keep those two things separate. The votes are backed on paper. The problem was the delivery system for reporting results quickly.
— Kim Zetter (@KimZetter) February 4, 2020
The Iowa caucus reporting app was not used to actually cast any votes but rather to more quickly deliver the results of these votes to the state party. Still, election systems are large and complex. If we insist on using technology for any parts of them — which we do, and probably will continue to do — it’s important that every part is as transparent as possible.
All election-related software, whether it’s registering voters, casting votes, delivering election results to a central database, or anything else, should use open design principles.
Here’s what the Iowa Democratic Party should have done (and what everyone else in the business of running elections should do) to ensure that election software is as secure and reliable as possible, and that voters could have confidence in its use:
- Commit to total transparency about the entire process, which definitely includes which vendor they choose to develop election-related software, and how they came to that decision.
- Make sure well before the election that the software designs and implementation, including the full source code and documentation, is freely available to the public so that experts can investigate it for issues.
- Hire professionals to conduct third-party security audits, fix any issues found, and publish the results of these audits. (This is common practice for companies that take security seriously; the whistleblower submission system SecureDrop recently published the results of a security audit, and so did the VPN provider TunnelBear).
- Welcome outside security research, work with university research teams, and run a bug bounty program where individuals can get paid for disclosing vulnerabilities they discover.
- Conduct a test run or low-stakes trial of the software using real end users.
- All of the above strongly implies providing much more time than the two months reportedly given to the team behind the Shadow app to get it up and running in Iowa.
Even this won’t ensure election security. “No steps can guarantee security in this day and age,” Douglas Jones, an associate professor of computer science at the University of Iowa, told The Intercept. “Therefore, we need to build our entire framework for the use of technology in such a way that we don’t depend on it to be secure.” This, at least, the Iowa Democratic Party did correctly. When the reporting app failed, it was able to fall back to paper records, albeit with extensive delays.
Jones also believes that new technology should never be deployed for the first time in a high-stakes national election. “New voting technologies should be used first in small local elections where the stakes are low,” he said, adding that “the best time to deploy new voting machines in the U.S. is right after November of an even-numbered year.”
IT’S EVEN WORSE THAN WE THOUGHT.
What we’re seeing right now from Donald Trump is a full-on authoritarian takeover of the U.S. government.
This is not hyperbole.
Court orders are being ignored. MAGA loyalists have been put in charge of the military and federal law enforcement agencies. The Department of Government Efficiency has stripped Congress of its power of the purse. News outlets that challenge Trump have been banished or put under investigation.
Yet far too many are still covering Trump’s assault on democracy like politics as usual, with flattering headlines describing Trump as “unconventional,” “testing the boundaries,” and “aggressively flexing power.”
The Intercept has long covered authoritarian governments, billionaire oligarchs, and backsliding democracies around the world. We understand the challenge we face in Trump and the vital importance of press freedom in defending democracy.
We’re independent of corporate interests. Will you help us?
IT’S BEEN A DEVASTATING year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
I’M BEN MUESSIG, The Intercept’s editor-in-chief. It’s been a devastating year for journalism — the worst in modern U.S. history.
We have a president with utter contempt for truth aggressively using the government’s full powers to dismantle the free press. Corporate news outlets have cowered, becoming accessories in Trump’s project to create a post-truth America. Right-wing billionaires have pounced, buying up media organizations and rebuilding the information environment to their liking.
In this most perilous moment for democracy, The Intercept is fighting back. But to do so effectively, we need to grow.
That’s where you come in. Will you help us expand our reporting capacity in time to hit the ground running in 2026?
We’re independent of corporate interests. Will you help us?
Contact the author:
Related
Latest Stories
License to Kill
Trump Has Already Spent at Least $4.7 Billion Attacking Latin America
It’s not cheap to attack Venezuela and capture its president or conduct dozens of strikes on civilian boats.
ChatGPT Confessed to a Crime It Couldn’t Possibly Have Committed
A renown criminologist’s experiment with ChatGPT demonstrates the destructive power of police to elicit false confessions.
Chilling Dissent
The Short and Ridiculous Trial of a Protester Arrested in an Inflatable Penis Costume
An Alabama cop who confronted the No Kings protester claimed she posed a risk to public safety. The judge was unconvinced.