
Illustration: Aïda Amer/Axios
The big lesson from Iowa: Security is only a starting point in protecting elections. Usability, reliability and redundancy are just as important.
Why it matters: As long as election officials neglect software fundamentals and view security only as a matter of locking hackers out, we will keep facing trust-eroding system meltdowns like this week's Iowa caucus fiasco.
The big picture: The U.S. is already struggling to bolster the perceived stability and reliability of its elections, which are under stress from extreme partisanship, the spread of conspiracy theories on social media, and the still-fresh memories of Russian meddling in the 2016 contest.
Iowa presented the nation with a vexing scenario in which a primary contest was so compromised by tech snafus that its results weren't available for days.
- The caucuses weren't hacked, as far as we know — although a ProPublica report found that Iowa Democrats' new vote-tallying app was vulnerable.
- But the confusion and delays they suffered were as damaging as meddling from bad actors might have been. As Zeynep Tufekci asked in the Atlantic, "Who needs the Russians?"
- The Iowa system failures created an information void that opened fertile ground for conspiracy theories and influence operations.
Two days after Iowa turned into the "Waiting for Godot" caucus, it's clear that Iowa's new caucus app had all the hallmarks of a software disaster:
- Changing requirements, driven by a need to tally winners in three new ways.
- Failure to field test.
- Inadequate fallback plans.
- A hard-stop deployment deadline that left no wiggle room.
Here's what we now know about the mistakes made by Shadow, the app-developer contractor, and the Iowa Democrats:
- The app went out to users in a not-ready-for-prime-time test mode, which made it harder to install.
- The app recorded results correctly but then transmitted different numbers to the party HQ, thanks to what officials now admit was a "coding error."
- Use of the app was optional, but when local officials fell back on phone calls, there weren't enough people to take the data.
Of note: This kind of disaster isn't exclusive to the digital world. After low-tech failures of Florida's punch-card voting machines, the 2000 presidential election hung in the balance for weeks and the dispute had to be resolved by the U.S. Supreme Court.
The good news:
- Most states don't hold caucuses, and the more common primary elections are less complex and easier to run.
- The same patchwork of differing state election systems that makes security so hard to guarantee also means that any one state's vulnerabilities are likely to be local.
Experts recommend that all election systems should be:
- Simple: Don't try to score an election three different ways if you can avoid it. This may be a bad moment to experiment with ranked choice and other complex voting schemes.
- Transparent: People will trust systems more when all parties to the election have had an opportunity to examine them. Even in a party-only primary like Iowa, all the competing campaigns should have had a chance to try out and stress-test the app.
- Auditable: Assume that failures of all kinds are inevitable and recounts are likely. Make sure that there are ways to deliver accurate election results no matter what — by candlelight if necessary.
Auditable paper trails remain the gold standard, according to the National Academy of Sciences and an overwhelming consensus of security experts.
Yes, but: Iowa had them and still messed up.