The Iowa Caucuses Debacle
It's more embarrassing than we thought.
I was somewhat amused to wake up yesterday morning to find out that the Iowa Caucuses results were delayed indefinitely because they were having trouble tallying a meager number of votes, which they had typically handled with little difficulty, because they relied on a faulty phone app. Even more so since I had, just the day before, posted about the foolish choice of West Virginia officials to conduct the 2020 general election partly in that fashion.
The next morning, we still have only partial results. They should have been able to get it done via carrier pigeon by now.
The NYT is rubbing salt in the wound with a story headlined “Faulty Iowa App Was Part of Push to Restore Democrats’ Digital Edge.”
The faulty smartphone app behind the chaotic aftermath of Iowa’s Democratic caucuses was the work of a little-known company called Shadow Inc. that was founded by veterans of Hillary Clinton’s unsuccessful presidential campaign, and whose previous work was marked by a string of failures, including a near bankruptcy.
The app grew out of a broader push by Democrats, backed by tens of millions of dollars in donor money, to match the Republicans’ prowess in digital advertising and organizing after the 2016 election. Much of the energy and investment have gone into enterprises that are intended to both boost the Democrats’ digital game and turn a profit, like Shadow.
Yet instead of showcasing how far the Democrats had come since the 2016 defeat, the disarray surrounding the Iowa caucuses raised new questions about how the party hopes to compete in 2020 with the Trump campaign, a digital juggernaut that is churning out ads and raising record sums of money.
“It’s the exact opposite of the Trump team approach — bring the engineers in house, figure out exactly what we need, we build it, we test it, we own it,” said David Goldstein, chief executive of Tovo Labs, a progressive digital consulting firm.
That is, to say the least, embarrassing.
As noted in the West Virginia post, and especially the excellent discussion in comments, computer scientists and election experts are almost unanimous that we’re not ready to risk elections of this technology. Error rates that are acceptable in consumer financial transactions are unacceptable in deciding who governs. And a whole load of safeguards that exist in banking and commerce don’t and can’t exist in voting systems.
Having decided to do it anyway, the system should have been tested. And tested. And then tested some more. But no. Nick Statt reports for The Verge that “The app that broke the Iowa Caucuses was sent out through beta testing platforms.”
The app was not deployed through traditional app stores or even sideloaded using an enterprise certificate. Instead, it was deployed through mobile testing platforms, including Apple’s TestFlight and a similar service that services both iOS and Android called TestFairy. Both platforms are for apps that are not yet finalized.
Testing platforms are common for mobile apps, and are one of many ways in which independent app developers and large software makers can deploy beta software without going through the sometimes rigorous App Store and Play Store review processes. This is primarily to let developers squash bugs and ensure the app can run on a variety of different devices, some of which may be using outdated operating systems and powered by older, less powerful components that may render the app sluggish or just plain inoperable.
In this case, however, it looks like Shadow used test platforms for the app’s public distribution. Motherboard obtained screenshots showing a TestFairy download link for Android, while The Wall Street Journal reported Tuesday that Shadow used TestFlight for iOS devices.
Installing software through a test platform or sideloading onto your device manually both come with security risks, as app store review processes are designed to discover whether a piece of software is hiding malware or does something behind the scenes it’s not supposed to. In the event you do sideload an app or try installing an unofficial version, your smartphone typically warns you of the risks and asks if you want to proceed. It’s also a less stable model for deploying software at scale, which might explain the difficulty precinct chiefs had in downloading the program.
That’s beyond embarrassing. It’s damned near criminal.