Secure development, user testing, and training could have prevented this from happening.
It’s being called one of the biggest technology failures in political history. Monday night, the Iowa Democratic Party (IDP) said that they would have to delay releasing the results of the caucuses due to technical difficulties. The announcement quickly caused chaos and confusion, as campaign strategists scrambled to respond to this democratic debacle. The episode is already leading to plenty of finger pointing (party officials will surely blow the rest of their budget on blame). Meanwhile, the entire country is asking: How could this happen?!
What Went Wrong?
The Iowa caucus is a notoriously quirky and complicated process. Rather than simply standing in line to cast ballots in a voting booth, Iowans gather in groups at designed public locations —gyms, churches, recreation centers, etc. There, they declare their support for a particular candidate by literally “standing in their corner” of a designated part of the room.
To help create order from this caucus chaos, IDP officials decided to design and deploy a new smartphone app. The application was supposed to help speed up the process of tallying votes and releasing the results to the public. But on caucus night, the app appears to have failed. Early reporting indicated that the calamity was caused by a coding error. Party officials said that the voting data collected was sound, but the app was only able to partially report the information to those responsible for tallying the votes. Numerous precinct captains reported confusion in using the app on site and caucus organizers were forced to rely on paper backups to tally votes.
Another Scuffle Between Security and Convenience
It’s unclear if the creation of an app to track the caucus results was driven by a desire for efficiency, convenience, or security and no one in the Iowa state party has commented on their initial motivations in working with Shadow Inc, the company paid to develop and deploy the app. But the truth is if convenience and efficiency were the primary goals, the IDP could have accomplished that with a solution as simple as a shared document like Google Sheets. But since they elected to leverage a specific app, the only logical conclusion would be that they intended it to also be secure, thus requiring a more closed system. It wouldn’t be unreasonable for officials to fear a repeat of the the 2016 presidential election, where Russian interference—which included cyberattacks—played a part in swaying the results.
The problem is that if you’re going to build a technology solution that addresses security issues, you need to make sure it’s designed to be secure from the start. This includes doing rigorous product testing and validation throughout the development process to ensure everything is captured and data is being directed properly and securely. Reports suggest that the Department of Homeland Security offered to test the app’s security, but the IDP declined their help.
To be fair, Shadow did have a tricky task at hand. It is incredibly difficult and costly to build and deliver technology solutions that ensure security and still are intuitive to an end user. As any seasoned security professional will tell you, there’s always a tradeoff between security and convenience. In the case of an app like the one created for the Iowa caucuses, using automation to record and tally precinct results meant there should have been product testing throughout the development lifecycle of the app itself to ensure data was not only properly captured and stored in each location, but then was also properly directed and transmitted to the correct backend database. And because in this case, the end users were volunteers, not technology experts, so additional user testing and training to identify and mitigate any features or requirements that could trip up the end user should have been a must.
What Will Happen Next?
As Iowa results are still rolling in at the time of this posting, the Nevada Democratic Party (NDP) has already announced that it will not use the application developed by Shadow in its caucuses taking place at the end of this month (There are some indications that the NDP had originally planned on using the app). While it is likely that Nevada will simply “fall back” to previous caucuses’ processes and procedures, there is a possibility that the NDP will be able to learn from this Iowa implosion.
In short, technology failures are often primarily people failures. People are ultimately in charge of deciding when and how technology can be leveraged, designing the solution itself, as well as deploying it. Developers must be cognizant of the usability of their products, especially if and when security is a top concern. And executives and officials must understand the tradeoffs and risks of using new technology and appropriately dedicate the time and resources toward the training requirements for end users. Ultimately, technology is only as good as the individuals who develop and deploy it. Without the right people and processes in place, new tech can make already complicated situations even more chaotic.