The smartphone app that the Iowa Democratic Party released to party officials for Monday’s caucuses was designed to quickly tally results from around the state, speeding the vote-counting process for the first presidential contest in the nation.
But a coding error in the hastily programmed and secretive app led to an unprecedented breakdown in reporting results — and left Democratic voters waking up Tuesday morning with no idea who had won the pivotal caucuses.
There’s no indication that the snafu was caused by a cyberattack. But the problems with the app, which was created by a little-known company called Shadow, Inc., exemplify the danger of incorporating new and untested technologies into the voting process, experts say.
“What this shows is that internet-based systems can be extremely fragile,” said David Jefferson, a computer scientist at Lawrence Livermore National Laboratory who has advised the national Democratic Party about voting technology issues. “You should not deploy a system that hasn’t gone through rigorous and scaled testing, and you should not deploy a system whose architecture and technical details are secret.”
The fiasco also raises questions about ACRONYM, a prominent liberal nonprofit with ties to Silicon Valley that funded Shadow, Inc. and has pitched itself as a counterweight to the Trump campaign’s digital prowess.
The problems started Monday evening as precinct chairs around Iowa tried to use the app to report the results from their caucuses to the state party. Some had trouble downloading the app on their smartphones or uploading their data, according to reports from around the state, and the party’s backup phone line to report data was overwhelmed with calls.
Iowa Democratic Party officials said Tuesday morning that the problems stemmed with a “coding issue” in the app, while stressing that there was no hack or cybersecurity issue.
“While the app was recording data accurately, it was reporting out only partial data,” party chair Troy Price said in a statement. “We have determined that this was due to a coding issue in the reporting system.”
“We have every indication that our systems were secure and there was not a cyber security intrusion,” he added, saying the systems had been tested by “independent cyber-security consultants.”
Jefferson, a board member of the nonpartisan election integrity group Verified Voting, said national Democratic officials told him that the Iowa party had only decided to use the app within the last few months, and that state officials had been “very secretive” about the process.
“They only changed to this app about two, two-and-a-half months ago,” he said in an interview. “That surprised me, that they would switch to another tech system that had not been used before so late in the process.”
The app had not been tested on a statewide scale before its first real-world use during the caucuses, the New York Times reported.
In the weeks leading up to the caucus, the state party had refused to publicly share many details about the app — even its name — in order to avoid it being targeted by hackers. The party paid Shadow, Inc. over $63,000 in two payments in November and December, according to state campaign finance records.
Officials told the Wall Street Journal that the Department of Homeland Security’s cyber-security wing had offered to do security testing of the app in advance of the caucuses, but the state Democratic Party turned the offer down.
In a statement released Tuesday, Shadow said that the “underlying data and collection process via Shadow’s mobile caucus app was sound and accurate,” but apologized for the delays and uncertainty created by flaws in the process to transmit caucus result data to the party.
Gregory Miller, the co-founder of the Palo Alto-based Open Source Election Technology Institute called the app “an inexcusable act of amateurism” and said it should prompt election officials elsewhere around the country to think twice about unnecessarily upgrading tried-and-true paper ballots.
“You have to ask why pen, paper and a phone line weren’t good enough,” Miller said. “This rush to the digital age is fraught with potholes.”
Jefferson said that the Nevada Democratic Party has also planned to use a similar technology to tabulate its caucus results later this month. Campaign finance records show that the Nevada Democratic Party also paid Shadow $58,000 for “technology services.”
But the Nevada party said in a statement Tuesday that they “will not be employing the same app or vendor” that Iowa did, and vowed that “what happened in the Iowa caucus last night will not happen in Nevada.”
Several presidential contenders, including the Pete Buttigieg and Joe Biden campaigns, have also paid the company for software and text messaging services, according to campaign finance records.
The app’s meltdown seems extremely unlikely to impact the final results. Iowans who caucused around the state were required to fill out preference cards listing the candidate they stood for, which means there’s a physical paper trail for every delegate calculation.
But the chaos created by the technical problems — and the hours that went by Monday night without any substantive explanation from Democratic officials — opened an opportunity for false conspiracy theories to flourish.
“Mark my words, they are rigging this thing,” tweeted Eric Trump, the president’s son. “This is why people don’t want the #Dems running our county. #meltdown”
Those rumors could be a preview of more widespread disinformation campaigns surrounding any voting issues in the general election, Miller warned.
“What you saw last night, as far as I’m concerned, was spring ball for November 3,” he said. “This is what you can expect, multiplied by 10.”
The Washington, D.C.-based company behind the app, Shadow, Inc., describes itself on its website as working to “build political power for the progressive movement by developing affordable and easy-to-use tools.” Many of Shadow’s employees are former Hillary Clinton campaign staffers, according to LinkedIn profiles. The company’s CEO is Gerard Niemira, who worked as director of product for the Clinton campaign.
The Iowa disaster is also an embarrassment for ACRONYM, a prominent left-leaning nonprofit that funded Shadow. The group was created in the wake of the 2016 election in order to help Democrats build up tech expertise to counter Trump’s team. A political action committee associated with it, PACRONYM, raised $7.7 million in 2019, and some of its top donors included Silicon Valley leaders like venture capital investor Michael Moritz.
The nonprofit’s advisory board includes Chris Cox, the former chief product officer at Facebook, and it has also hired multiple former Facebook employees for senior-level positions.
ACRONYM tried to distance itself from Shadow in a statement released Monday night, saying it was one of multiple investors in the company and was “eagerly awaiting more information from the Iowa Democratic Party.”
But corporate records and the organization’s past statements call into question how independent the two entities are. In early 2019, Tara McGowan, the political operative who leads ACRONYM, tweeted that the group was “launching” Shadow. Other marketing materials described the nonprofit as acquiring the company.
In addition, the address that Shadow lists on its website and in campaign finance filings is the same D.C. co-working space that ACRONYM listed as its address on its most recent IRS form. And a Colorado corporate filing for Shadow lists the same Alexandria, Virginia, mailing address as PACRONYM.
Jefferson, the Livermore computer scientist, said that the secrecy surrounding the app and the company behind it was misguided.
“I’m quite sure that if this system had been made available for testing and public trials ahead of time, whatever the problem is likely would have been identified early,” he said. “But the whole process was kept totally closed.”
