Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Democrats United States Politics

How a Bad App Plunged Iowa Into Chaos (theatlantic.com) 269

Zeynep Tufekci, writing for The Atlantic yesterday: The morning after caucus-goers filed into high-school gyms across Iowa, the state's Democratic Party is still unable to produce results. The app it developed for precisely this purpose seems to have crashed. The party was questioned before by experts about the wisdom of using a secretive app that would be deployed at a crucial juncture, but the concerns were brushed away. Troy Price, the state party's chairman, claimed that if anything went wrong with the app, staffers would be ready "with a backup and a backup to that backup and a backup to the backup to the backup." And yet, more than 12 hours after the end of the caucus, they are unable to produce results. Last night, some precinct officials even waited on hold for an hour to report the results -- and got hung up on. It appears that the Iowa Democrats nixed the plan to have precincts call in their results, and instead hired a for-profit tech firm, aptly named Shadow, to tally the caucus results. The party paid Shadow $60,000 to develop an app that would tally the results, but gave the company only two months to do it. Worried about Russian hacking, the party addressed security in all the wrong ways: It did not open up the app to outside testing or challenge by independent security experts.

This method is sometimes dubbed "security through obscurity," and while there are instances for which it might be appropriate, it is a fragile method, especially unsuited to anything public on the internet that might invite an attack. For example, putting a spare key in a secret place in your backyard isn't a terrible practice, because the odds are low that someone will be highly motivated to break into any given house and manage to look exactly in the right place (well, unless you put it under the mat). But when there are more significant incentives and the system is open to challenge by anyone in the world, as with anything on the internet, someone will likely find a way to get the keys, as the Motion Picture Association of America found out when its supposedly obscure digital keys, meant to prevent copyright infringement, quickly leaked. Shadow's app was going to be used widely on caucus day, and independent security experts warned that this method wasn't going to work. The company didn't listen. If Shadow had opened up the app to experts, they likely would have found many bugs, and the app would have been much stronger as a result. But even that process would not have made the app secure.

This discussion has been archived. No new comments can be posted.

How a Bad App Plunged Iowa Into Chaos

Comments Filter:
  • by Anonymous Coward on Wednesday February 05, 2020 @08:48AM (#59692754)
    I think we should give them control of healthcare. What could go wrong?
    • Re: (Score:3, Interesting)

      by guruevi ( 827432 )

      The ObamaCare website still doesn't work properly, it's only been 10+ years.

  • Open Source It (Score:5, Insightful)

    by alvinrod ( 889928 ) on Wednesday February 05, 2020 @08:53AM (#59692766)
    Even outside of the usual arguments that software used by the government ought to be open source for separate reasons, if you're worried about security, the best solution is to get as many eyes on it as possible. For something as serious this, there's likely to be plenty of individuals looking over the code out of a interest. Sure there will be bad actors, but they are always going to be there, and there are going to be far more good actors involved that do want to ensure the security and integrity of the software.
    • Re:Open Source It (Score:5, Insightful)

      by AmiMoJo ( 196126 ) on Wednesday February 05, 2020 @08:59AM (#59692790) Homepage Journal

      Also maybe spend longer than 2 months on it and then do a proper test before you put it into production.

      You know, basic software development. These Shadow guys are probably losing a lot more than $60k now, they should have not taken the contract in the first place. Again, basic rule of contracting, say no when the deadline is unrealistic because if you don't you get the blame.

      • Re:Open Source It (Score:5, Insightful)

        by alvinrod ( 889928 ) on Wednesday February 05, 2020 @09:08AM (#59692822)
        The contract was probably given to them due to political connections, not because they're a legitimate bidder. The company that developed the app isn't the interesting part because with those constraints almost anyone would have done poorly. I'm more interested in who authorized purchasing an app like that at all or why they thought it was a good idea. Shadow will get some much deserved blame and maybe the company will go under as a result, but I have a feeling the people who made the stupid decision to start the project will remain where they are making further poor decisions.
        • The contract was probably given to them due to political connections, not because they're a legitimate bidder.

          Exactly. The company was started by the same people that failed with Hillary Clinton's campaign.

        • by eth1 ( 94901 )

          Shadow will get some much deserved blame and maybe the company will go under as a result, but I have a feeling the people who made the stupid decision to start the project will remain where they are making further poor decisions.

          ... and who want's to bet that this company was started for this express purpose?

        • Anyone remember the Niagara Falls of tears during the Bush presidency, that Halliburton got a government contract without an open bidding process?

          That was of course several orders of magnitude more significant than this penny-ante stuff, but I'm curious if the DNC which was so committed to an open and fair process did so themselves for this relatively simple app?

        • The app needs to allow the user to type in six numbers, then submit those numbers to the server. It's a homework assignment for Web Development 101. Here is the code needed for the actual app, the client side:

          [Form method=post action=https://dnc.org/wearedumb.cgi]
          Precinct # [input name=precinct] [br]

          Biden [input name=can1][br]
          Buttigieg [input name=can2][br]
          Sanders [input name=can3][br]
          Warren [input name=can4][br]
          [input type=submit]
          [/form]

          I just pretty much made the app in 93 seconds.
          The server side is onl

          • by CaptainDork ( 3678879 ) on Wednesday February 05, 2020 @12:53PM (#59693662)

            The app needs to allow the user to type in six numbers, then submit those numbers to the server. It's a homework assignment for Web Development 101. Here is the code needed for the actual app, the client side:

            [Form method=post action=https://dnc.org/wearedumb.cgi]
            Precinct # [input name=precinct] [br]

            Biden [input name=can1][br]
            Buttigieg [input name=can2][br]
            Sanders [input name=can3][br]
            Warren [input name=can4][br]
            [input type=submit]
            [/form]

            I just pretty much made the app in 93 seconds.
            The server side is only slightly more complicated.

            Building this app could literally be a question on the final exam for a first-year student, and it shouldn't take them more than 15 minutes or so. Then add a couple days for testing. That is, spend 100X as long testing it than you did building it and you STILL have it done in under a week.

            raymorris ( 2726007 ) you ignorant slut ...

            You ruined a very good point by pushing this skill out to the final .

            It's mid-term.

      • While Shadow and ACRONYM have a lot to be sorry for, one has to ask why they only got 2 months to work on this? Was this an IDC requirement? If so, they have only themselves to blame.

      • maybe spend longer than 2 months on it

        Exactly. This right here was 100% of the problem. Not secretiveness or anything else. Speed is the enemy of reliability. The sworn vicious enemy that kills reliability dead and uses the bones for toothpicks.

      • That's ok, their stipend from the Cheka will more than make up for it.

    • by EvilSS ( 557649 )
      Yea, but you also need a way to ensure that the open source software matches what actually in use. If the bad actors might also be the ones in charge, trust is almost impossible.
    • This is ironic because the Shadow's CEO was the one who called the DNC's data handling and collection "$hit".
      Security is all fine and well, but securing a dumpster fire doesn't really help anyone either. Open sourcing this, and many other aspects of data collection directly involved in selecting candidates, should be a requirement. This should be open and above board---not secret.

    • Re:Open Source It (Score:5, Insightful)

      by rally2xs ( 1093023 ) on Wednesday February 05, 2020 @09:15AM (#59692844)

      Don't open source it, shitcan it! Keep computers out of voting. Paper. #2 pencil. People that know how to count. That's all you need. Works in power outages. Works in the presence of hackers. Works when the internet goes down. Works if your satellite access goes down. Works inside or out on the lawn. Just works. Use pencil, paper, and shoot the first SOB that suggests getting a computer involved.

      • by radl33t ( 900691 )
        meh, I don't see why the entire apparatus couldn't be replaced by a few cheap computers and audited software and then made accessible to any electronic device anywhere on the planet.
      • Don't open source it, shitcan it! Keep computers out of voting. Paper. #2 pencil. People that know how to count. That's all you need. Works in power outages. Works in the presence of hackers. Works when the internet goes down. Works if your satellite access goes down. Works inside or out on the lawn. Just works. Use pencil, paper, and shoot the first SOB that suggests getting a computer involved.

        ^^^This.... except for the shooting people part. Fire them and blacklist them, but don't shoot them.

        • Well, I was just kidding about the shooting thing, it was hyperbole for effect!!! But they might earn a really dirty look...

        • by hawk ( 1151 )

          can we at least work them over with a rubber hose?

          Or better yet, force them to watch every federal, state, and municipal debate for the next two years . . .
          hawk

      • Absolutely. Just because you can a computer-based application doesn't mean that you should. The two obligatory xkcd cartoons that I keep in mind are https://xkcd.com/1205/ [xkcd.com] and https://xkcd.com/1319/ [xkcd.com]
      • Comment removed based on user account deletion
    • Re: Open Source It (Score:4, Informative)

      by Way Smarter Than You ( 6157664 ) on Wednesday February 05, 2020 @11:00AM (#59693228)
      Primaries are not government events. The political parties are private organizations. There are lots of thing you can justifiably blame on the government. This isn't one of them.
    • by rsilvergun ( 571051 ) on Wednesday February 05, 2020 @11:44AM (#59693426)
      spotty wifi + really old android phones means that using an app installed on people's personal phones is a no-go.

      A website might work, especially if it stuck to really simple pages. But what they really should do is stop doing caucuses and do a real primary with vote by mail. The State will even run it for them.

      But, well, if they did that they couldn't do stuff like have super delegates hand the state to their preferred candidate or use peer pressure (caucuses aren't anonymous) or suppress the youth vote by having the caucus in the middle of nowhere (you'll note that a lot of places didn't have cell reception).
  • by mschaffer ( 97223 ) on Wednesday February 05, 2020 @08:53AM (#59692770)

    Why did the Iowa DNC only give them two months to deliver the app? Surely, they knew when the caucus was scheduled and could allocate enough time to get something in place in a reasonable amount of time. Of course, considering who runs Shadow Inc, (a former Clinton staffer) they may have been fed a line of crap.

    • by jythie ( 914043 )
      They were probably responding to the impeachment timeline. Keep in mind that previous caucus tallies took weeks, so when they saw that the senate trial might going to overlap the caucus they panicked and wanted something that could handle the anticipated high turnout on a much faster turn around so they could have a quick result and not get, well, the media circus that they did.

      Keep in mind that if they had done nothing, we would still have this 'they messed up!' shitshow because it is always a slow proc
    • Why did the Iowa DNC only give them two months to deliver the app? Surely, they knew when the caucus was scheduled and could allocate enough time to get something in place in a reasonable amount of time. Of course, considering who runs Shadow Inc, (a former Clinton staffer) they may have been fed a line of crap.

      Not to get political (OK, I know that's a bullshit line), the Democrats (disclaimer: I'm one) are all over the fucking place.

      They're talking social justice, which is important, but voters want that shit taken care of at the state level. I do not like Trump one bit because he's a disgusting human being, but I can't argue with success.

      Looking at the 2016 playbook, "It's the economy, stupid!" The economy is doing well. Democrats can't attack on that front so it's down to single issues like the several social o

    • by gweihir ( 88907 )

      Why did the Iowa DNC only give them two months to deliver the app?

      Stupidity on both customer and vendor side. Anybody smart would have given this at least half a year before to order it. Anybody smart will have refused the order with a time frame this short, because of the extreme negative press when it fails and the high probability of failure.

  • by dr_blurb ( 676176 ) on Wednesday February 05, 2020 @08:54AM (#59692774)

    Ok it's an important story, so maybe it does deserve to be posted once a day..:

    https://politics.slashdot.org/... [slashdot.org]

  • by Train0987 ( 1059246 ) on Wednesday February 05, 2020 @08:55AM (#59692778)

    Bernie had more voters at the caucuses than he needed so a few were simply taken away and redistributed to other candidates who needed them more. I'm not sure why he is upset about that. This is basically Sanders' entire platform in a nutshell. No one should have that much.

  • by jbmartin6 ( 1232050 ) on Wednesday February 05, 2020 @09:02AM (#59692800)
    Causality is a multi factored problem to be sure. I would saw the biggest mistake here was not supporting the backup system. That was the "cause" of all the problems, not the app itself. These election events at the polling place are run by volunteers, mainly retirees, and I understand a majority of them had no intention of using the app in the first place. They either have no smartphone or wisely did not want to put some dubious unknown single use app on their personal device. At best (or worst?) you could say there was a whole host of bad decisions which led to all the problems, but this is the age of online hysteria so everyone is talking about the app
  • Results (Score:5, Insightful)

    by alvinrod ( 889928 ) on Wednesday February 05, 2020 @09:04AM (#59692810)
    Although the final results aren't in, 538 has been posting some updates [fivethirtyeight.com] and it looks like Buttigieg could end up with the most delegates, with Sanders right behind him or essentially tied with him. It's pretty clear that Biden underwhelmed.

    Although there's a lot of conspiratorial nonsense out there about this all being intentional to take away from Buttigieg having a victory or to obfuscate the process in order to steal it from Sanders, I still think it's just pure incompetence that was responsible for this shit show. Even if it weren't that way, I think all of this would still have been drown out because of the State of the Union address and the impeachment vote, so I'm not so sure that it would generate a lot of traction either way. Sanders will win New Hampshire since he has such a big lead and the rest of the main candidates are all running close to equal, and he has a strong chance of winning Nevada as well.
    • Incompetence, sure. But that's baked into the system that establishment Democrats use. Like the former Soviet Union and China, having political connections is more important than a proven track record, so incompetent people are given lucrative government contracts, grants, and other perks because they know somebody in charge of the law-making or the bureaucracy.

      So, instead of finding a competent tech firm with a proven record, the selected a firm run by former Hillary Clinton campaign managers [courant.com], a group with

    • Comment removed based on user account deletion
      • by DRJlaw ( 946416 )

        Uhhh.."conspiratorial nonsense"...yeah about that...surely you have to admit whether nonsense or not letting Mayor Pete give nearly $50K to the app company in question and then he suddenly wins when most Americans have probably never even heard of the dude makes the DNC and the whole process look corrupt as fuck, right?

        Pretending that "most Americans have probably never even heard of the dude" when Buttigieg was swapping first and second place with Sanders [wsj.com] in Iowa well before caucus days makes you look igno

      • by nomadic ( 141991 )

        The caucus was run, as it always has been, by the Iowa democratic party, not the DNC. Buttigieg, like other candidates, licensed software rights from Shadow but did not have anything to do with this app. (https://www.politifact.com/article/2020/feb/04/what-we-know-about-shadow-acronym-and-iowa-caucuse/)

  • by Dusanyu ( 675778 ) on Wednesday February 05, 2020 @09:04AM (#59692814)
    It is strongly tested we have been useing it for thousnads of years, Leaves a record, only way it can be "hacked" is by phisical presance I know "apps" are cooll and trendy but when somthing is impotant as election security is on the line you use the most relyable methods possable.
  • The Shadow Says You Will Vote Trump

  • As in, there are apparently no app frameworks or best practices that can let devs build an app with effective front-end security, accurate data collection, and secure data transfer. It looks, from the outside, that this all needs to be re-invented at some granular level, every time, unless you're in the business and are replicating this framework for multiple sequential projects. And even then...

    If course the DNC doesn't want to solicit for and buy a failed app. But the perceptions include the DNC being unt

  • by msauve ( 701917 ) on Wednesday February 05, 2020 @09:09AM (#59692828)
    Uh, what's all this bullshit about security? While that _may_ be an issue, it wasn't the issue with the app under discussion. From all reports, it was just a poorly written piece of crap, both the app and the backend which it was supposed to connect to. Security had absolutely nothing to do with the problems encountered.
    • > Security had absolutely nothing to do with the problems encountered.

      You know that how? The claim out there is that the backend was attacked making synchronization impossible. That theory fits the available data.

      Some others are claiming that the Deep State did it to prevent am embarrassing Biden slaughter. Still others are claiming "Russia, Russia, Russia". Both of those claims are currently unsupportable with neither being impossible.

      I'd say the DNC should finally accept the DHS offer to help at thi

  • There is no such thing as a good "app." A "program" you can trust because you (or someone you hire) can read its source code. A proprietary "app" that commandeers your untrustworthy proprietary handheld telescreen, is totally out of your control. There is no such thing as a good "app."
  • by lbalan79 ( 1059084 ) on Wednesday February 05, 2020 @09:19AM (#59692850)
    I do not know the validity of the 60k claim for the app but it seems outrageously low. If this was done with profit in mind probably 15-20k would be an average margin. That leaves 40-45k on the table for the actual development of the app. Taking out operational and administrative costs that leaves around 25-30k on the table for the actual team for two months. With 10-15k / month you can either have only one good developer working hard on this project or 3 junior to intermediate resources committing their work, not to mention management and oversight cost Without knowing the insights of the project both options seem extremely poor choices when security comes in play. Good internal security practices require extensive code audits and testing that would probably require at least 2-3 more people involved. Good quality assurance practices, including security, require a lot of financial effort. The point is that, unless this was a pre-built app with only customization left to do, there was an extremely high probability to have the result we have today.
    • by Passman ( 6129 )

      I do not know the validity of the 60k claim for the app but it seems outrageously low. If this was done with profit in mind probably 15-20k would be an average margin. That leaves 40-45k on the table for the actual development of the app. Taking out operational and administrative costs that leaves around 25-30k on the table for the actual team for two months.

      It doesn't sound like that's what happened. So far Iowa has admitted to spending $60,000 on this app and Nevada paid $58,000 to Shadow, Inc. last year, for apparently the same or a similar app. We don't know, yet, how many other states with caucuses also paid this company for their "work". Also, this company has been in business for about a year and appears to have some pretty impressive outside funding. So your $60k budget may be off by an order of magnitude or more.

      Link between Nevada and Shadow [crn.com].

      Inve [thedailybeast.com]

  • $60,000?! (Score:5, Insightful)

    by NicknameUnavailable ( 4134147 ) on Wednesday February 05, 2020 @09:23AM (#59692862)
    For an app, any app, should not expect to produce a working product. For an election app, they should be charged for obstructing democracy - the people who haggled it that low, the people who took the contract, the people who signed off on it along the way, they're all fucking guilty of incompetence so profound it threatens democracy (not even a joke.)
  • ...to "user acceptance testing"?

  • Iowa is arguably the most televised and anticipate caucus of the presidential race. Candidates have been campaigning there for over a year. The date is set by law and is therefore quite predictable. In seven of the last 9 presidential elections the winner of the Iowa caucus won the Democratic nomination for president.

    https://www.cbsnews.com/news/i... [cbsnews.com]

    The Iowa caucus is considered to have a tremendous impact with candidate having a great deal at stake on the results.

    https://www.nytimes.com/intera... [nytimes.com]

    To say tha

  • by rsilvergun ( 571051 ) on Wednesday February 05, 2020 @10:08AM (#59693028)
    that one of the DNC's favorites is in the lead with 71% of districts reporting in, and that the remaining districts are the larger cities like Des Moines that are likely to swing Bernie. And I'm sure that it's just one of those things that Bernie lost his victory lap [politico.com]

    I mean, it's not as though the whole show was being run by the same people who rigged the primary last time [latimes.com] or that the Establishment was in danger of losing faith in Joe Biden [nbcnews.com]. Heavens to Betsy no.
  • So what? (Score:5, Insightful)

    by bobbied ( 2522392 ) on Wednesday February 05, 2020 @10:20AM (#59693070)

    Apart from being embarrassing and drawing unwanted national attention, what really was the problem here? Apparently they had a backup plan (which failed) and a second backup plan which involved actual paper records (which was/is really slow), so what if the app was a bad idea that was poorly executed, under tested and horribly non-functional?

    Seriously, where I'm having fun laughing at the Iowa Democrat party's loss of face and I'm enjoying the pithy "and you want these guys running your healthcare" one liners, let's face it, they still got their results (albeit 48 hours later than expected). If they had lost the records or reported bad data, that would have been a serious problem. As it was, this is only embarrassing, no real harm was done and we will get the expected results... Eventually....

    IMHO - the *real* news out of Iowa is that Biden is a distant 4th (by about 10 percent), after polling head and shoulders above his challengers. THAT says something interesting about the polling, makes me wonder about the accuracy of the polling for the rest of the primaries, brings into question the heir apparent status of Biden and is way more important than problems the Democrat Party of Iowa had with reporting the results.

  • This is what happens in the DNC when someone like Buttigieg starts gaining momentum going into Super Tuesday. The DNC ain't having it. They want Biden/Warren on the ticket, and that's what they're going to fight to make happen.

    Even if it means using voter irregularities to get their way.

  • Wow. I had heard about the the caucus being screwed up, but I had no idea there were roving bands of marauders, famine, and semi-hourly executions.

    Would it not have been sufficient to say, "How a Bad App Complicated an Otherwise Simple Caucus" ?

  • If you want to get information from one point to another, just use email.
  • by codemachine ( 245871 ) on Wednesday February 05, 2020 @12:37PM (#59693616)

    Canadian federal elections use a paper ballot and a pencil. Humans count them. The counting process is open to scrutineers. Here is what a typical ballot would look like:

    https://i.cbc.ca/1.5353867.157... [i.cbc.ca]

    Throwing more tech at a problem that was caused by tech isn't the solution. The prevalence of voting machines in America undermines democracy. Well that and many other things.

    It is somewhat ironic that a nation that is so bad at democracy has billed itself as the world's defenders of it. American officials are often critical of election results elsewhere, all while their own system is sketchy as all heck. If the USA had foreign watchdogs monitoring its own elections, I'd hate to see what sort of conclusions would be draw about their legitimacy.

Children begin by loving their parents. After a time they judge them. Rarely, if ever, do they forgive them. - Oscar Wilde

Working...