News

Iowa caucus app chaos shows why American elections should stay analog for now

Like everything created by humans, code has flaws. One major way to defend against potential problems brought on by the flaws is testing an app before you use it. Unfortunately, it seems like the Iowa Democratic Party did little in the way of testing the app it used to track results from the Iowa caucuses, wreaking havoc on the tenuous Democratic presidential-nominating process.

“The situation in Iowa makes the average voter’s confidence in the election process worse than before,” said Ron Gula, a former National Security Agency (NSA) white hat hacker who now invests in startup cybersecurity firms. “Whether or not they might believe the Russians hacked the election before, this is another thing that will make them go ‘wow, we really don’t trust this.’ It’s not a great situation for voter confidence in general.”

Bernie Sanders speaks after the 2020 Iowa caucuses
Democratic presidential candidate Sen. Bernie Sanders (I-Vermont) speaks to the media as he awaits the release of the results from the Iowa caucus. Joe Raedle / Getty Images
Although electronic voting seems like an inevitability, the chaos in Iowa shows that any election tech could have major kinks that need to be ironed out before voters can feel truly confident in using it. This starts with basic cyber hygiene like testing apps beforehand and making sure they are properly secure.

A low-tech solution

This was a screw up on a state level, a state that happens to hold a lot of significance for U.S. democracy. “The situation with Iowa’s caucus reveals the risks associated with technology, in this case with a mobile app, but more importantly that there needs to be a low-tech solution in order to recover from technological failures — no matter the cause,” said Marian K. Schneider, president of Verified Voting, in a statement to Digital Trends.

Verified Voting is a voting accuracy nonprofit that works to eliminate or reduce the use of systems that “cannot be audited or secured, such as internet voting.” Schneider noted it was lucky that Iowa kept paper records of the vote. “It’s clear that mobile apps are not ready for prime time,” she said.

Wikipedia founder Jimmy Wales expressed as much online.

“Moving from analog to online voting practices has ushered in a digital age of delayed democracy that’s all but secure,” said Damien Mason, digital privacy advocate and tech expert at the U.K.-based ProPrivacy, in a statement to Digital Trends. “Instead of questioning whether we are ready for internet-based voting technology right now, we should begin asking whether we ever will be. Will voters ever have confidence in a process that exposes itself to the same security issues and malicious intervention as the rest of the internet?”

Even software engineers warn against the idea that using software is good for, well, anything, much less something as delicate and important as recording people’s votes.

Hacking isn’t the big problem

Iowa officials were quick to assert that the app had not been hacked, something Gula said he found surprising. “You have to have good security to rule out that it wasn’t a hacker,” he told Digital Trends. “I’m surprised they said it so quickly.”

It seems that the problems with the app had more to do with functional bugs than with latent problems waiting to be exploited. The Iowa Democratic Party reportedly paid $60,000 to a company called Shadow, Inc. to develop the app last November.

“The fact that the app was done quite fast and there weren’t many tests done, it could be that we were lucky it was a functional bug,” said Asaf Ashkenazi, chief operating officer at the cybersecurity company Verimatrix. “What would be more scary would be if there was a bug that’s being exploited to change the application. Then you could change the results and the vote count without doing much. We’d like to think that this is a unique case where apps are released without testing and with no protection, unfortunately, from what we see, this is more of the norm.”

Any process can be hacked, said Gula, even paper ballots. So the move toward more electronic voting didn’t bother him too much. Indeed, as the Iowa caucus debacle was unfolding, Washington state announced it would be expanding online voting options for military and overseas voters, according to PRI’s The World. West Virginia is also pushing to allow disabled voters to use their smartphones to cast their ballots, according to Ars Technica.

What Gula said he’s concerned about is whether state and county legislators will have the budget to create properly secured apps for voting, and whether some kind of national mandate would standardize voting across the country, thus actually making it easier for hackers to get into the systems.

“We don’t have discipline as a society to have good enough cyber hygiene to cast electronic votes securely,” said Gula. “Your average state and local reps just don’t have the resources to invest. In general, as a country, we’re not ready.”

The good news is that people at least realize that these problems exists. Moving forward, perhaps lawmakers can help raise better awareness of voting security. “Voting is a state’s rights issue, they each have their own way of doing things securely,” Gula said. “It looks like they messed up this time.”

Editors' Recommendations