Weaponized Negligence and the 2020 Iowa Caucus

06 February 2020

Despite popular conception, software is fallible. When it comes to elections, voting software can amount to a series of black boxes where votes go in one end and a winner is announced on the other end. This is why many experts have called for switching back to paper ballots, and some suggest doing away with electronic voting altogether. Whether this move to paper ballots is right or not—and I do believe it is—this is where we are right now, so how are these systems currently being used and what questions are missing from the conversation? Voting software is designed for election results to be counted more quickly and more efficiently. However, as is often an argument in favor of paper voting, the use of software for this purpose sacrifices the accountability and transparency of paper ballots.

The conversation around electronic voting tends to focus on how secure the process is from outside threats; however, this isn’t the only question that needs to be asked when it comes to election security. The recent debacle at the Iowa Democratic caucus—which utilized an app developed by Shadow Inc. to tally votes—should be prompting us to ask another question: what happens when the security threat is a system that works as intended? An increasing number of voter suppression measures have been passed in recent years, and the Iowa caucuses have been criticized for being inaccessible to many would-be voters. These problems are only worsened by the use of inaccessible technologies.

Part of the problem is that the software used for the caucus was designed as a smartphone app, which required voters to download the app onto their own smartphones as they entered the polling area. Caucuses aren’t as simple as primaries, where each voter casts a single ballot, so designing a standard ballot machine isn’t useful for that process. Given that, it makes sense for voters to use their own device in the process, except that not every voter owns a device capable of running this app. A large percentage of people of lower socio-economic status and senior citizens simply do not own smartphones. Even if there were measures in place to accommodate people without smartphones, this would create a higher barrier of entry to cast a vote, in addition to the barriers that already exist.

The core of the problem—and the main reason Shadow’s app has caught so much attention—is its astounding lack of testing before deployment. In short, the app was not tested on a statewide scale, the developers declined an offer from the Department of Homeland Security to test the app, and generally failed to follow best practices for software testing. Due to this lack of testing, there were fatal issues with the software when it was deployed. It had numerous data reporting errors, it was still being hosted on beta testing platforms (which waved multiple red flags to those downloading the app), it raised generic error messages when volunteers attempted to sign in to report data, and it simply failed to run on some devices. All of these factors potentially contributed to some votes not being recorded. Having votes go unrecorded can have a huge effect on the results of a delegate-based system, and in this case may have a ripple effect through the rest of the nomination process due to the importance of victory margins so early in the race.

We can’t say what roles malice and incompetence played in this situation, or where the lines between them might be drawn, but given the gross negligence at play, it’s useful to be asking about systems that fail deliberately. This may not be such a system, but even if not it raises the important question: in what ways might software be designed to fail in the election process? Being prepared for third party attacks is important, but we also need to be ready for designers to take advantage of their software’s fallibility.