Elections have consequences. Your Vote Matters! And therefore, so does the manner in which it is counted.—CBJ ed. CNBC—The Iowa caucus debacle represents one of the most stunning failures of information security ever. It was delivered by the very officials who have said for four years they were “ramping up” technology capabilities, convening numerous security task forces and collaborating with federal agencies to make sure everyone was in the loop on voting security.
Iowa officials counting the results coming in Monday from the caucusing app reported irregularities that required them to switch from the app to counting votes manually. Party officials said the “underlying data” put into the app was fine, but it is unclear as of yet how they know this or even what they consider “underlying data.”
“Last night, more than 1,600 precinct caucuses gathered across the state of Iowa and at satellite caucuses around the world,” the Iowa Democratic Party said in a statement Tuesday. “As precinct caucus results started coming in, the IDP ran them through an accuracy and quality check. It became clear that there were inconsistencies with the reports. The underlying cause of these inconsistencies was not immediately clear, and required investigation, which took time.”
The Iowa Democrats were using an application made by a partisan progressive start-up named Shadow Inc., managed by a nonprofit investment company called Acronym. In a statement, Acronym distanced itself from Shadow.
“We are reading confirmed reports of Shadow’s work with the Iowa Democratic Party on Twitter and we, like everyone else, are eagerly awaiting more information … with respect to what happened,” Acronym said in a statement.
Iowa Democrats explained that backup measures for the Shadow app took “longer than expected.”
“We have determined that this was due to a coding issue in the reporting system. This issue was identified and fixed. The application’s reporting issue did not impact the ability of precinct chairs to report data accurately,” the Iowa Democratic Party statement said. Voters will surely be asking the Iowa Democrats to prove how they know the information is accurate with so many reported irregularities.
Why did it happen?
The Iowa Democrats and Democratic National Committee will have to answer several puzzling questions about why they chose to use the application in the first place.
First, in 2016, the Iowa caucuses used an application made by Microsoft, which worked. It’s unclear why they didn’t keep the same application, created by an established company instead of one from an untested start-up.
Microsoft is making sure people know it didn’t make this year’s app. “We had a great partnership with the Iowa political parties in 2016, but we are not part of the caucuses this year and have not been involved in building or supporting their app,” a company spokesperson tweeted.
Second, in August, the Democratic National Committee recommended Iowa stop using an app altogether. The Democratic National Committee’s Rules and Bylaws Committee voted to follow those recommendations. It said a security review had determined the virtual caucus did not meet standards for cybersecurity and reliability.
“We are — over the last week and continuing today and in the days ahead — continuing to look at what options might be available to us given the time frame that’s left,” Iowa Democratic Party Chairman Troy Price said in September, according to NPR. “We know there’s not a lot of time left. There’s 4.5 months between now and when Iowans head to the caucus sites.”
DHS acting Secretary Chad Wolf told Fox News on Tuesday that the app “was not vetted for cybersecurity.”
Now, Iowa is scrambling for answers.
Cybersec vs. Infosec: Why it matters here
Iowans are learning about the important distinction today between cybersecurity and information security.
Loosely speaking: In cybersecurity, organizations work to defend against hackers. In the broader field of information security, organizations work to be able to recover quickly whether they have been hit by a cyberattack, someone tripped over a cord in a data center or a server farm gets knocked out by a hurricane. Cybersecurity falls into the bigger bucket of infosec and resiliency planning.
In this case, it appears as though cybersecurity wasn’t the issue, but the proper back-up planning, testing and vetting procedures were completely deficient or simply absent entirely. They had an app that they knew was problematic. They used it anyway without properly testing their … Read More>>
Offer to test Iowa Caucus election app refused
Western Journal—Iowa Democrats rejected an offer from the federal Department of Homeland Security to test the election app that failed Monday night, acting Homeland Security Secretary Chad Wolf said Tuesday.
“Our cybersecurity and infrastructure security agency has offered to test that app, from a hacking perspective,” Wolf said during an interview on the Fox News morning program “Fox & Friends.“
“They declined, and so we are seeing a couple of issues with it,” he said.
- New York Times – The faulty smartphone app behind the chaotic aftermath of Iowa’s Democratic caucuses was the work of a little-known company called Shadow Inc. that was founded by veterans of Hillary Clinton’s unsuccessful presidential campaign, and whose previous work was marked by a string of failures, including a near bankruptcy….read more>>
- Los Angeles Times -App made by Clinton campaign veterans’ firm is behind Iowa caucuses debacle…read more>>
- National Review -The CEO of Shadow, the tech firm behind the failed Iowa caucuses app, criticized the Democrats’ 2016 election technology in interview last year as a “sh*tshow” and a “tangled morass.” Gerard Niemira, who worked on Hillary Clinton’s 2016 campaign and founded Shadow, Inc., apologized Tuesday for his app’s failure to…read more>>