Illustration: Aïda Amer/Axios

The big lesson from Iowa: Security is only a starting point in protecting elections. Usability, reliability and redundancy are just as important.

Why it matters: As long as election officials neglect software fundamentals and view security only as a matter of locking hackers out, we will keep facing trust-eroding system meltdowns like this week's Iowa caucus fiasco.

The big picture: The U.S. is already struggling to bolster the perceived stability and reliability of its elections, which are under stress from extreme partisanship, the spread of conspiracy theories on social media, and the still-fresh memories of Russian meddling in the 2016 contest.

Iowa presented the nation with a vexing scenario in which a primary contest was so compromised by tech snafus that its results weren't available for days.

  • The caucuses weren't hacked, as far as we know — although a ProPublica report found that Iowa Democrats' new vote-tallying app was vulnerable.
  • But the confusion and delays they suffered were as damaging as meddling from bad actors might have been. As Zeynep Tufekci asked in the Atlantic, "Who needs the Russians?"
  • The Iowa system failures created an information void that opened fertile ground for conspiracy theories and influence operations.

Two days after Iowa turned into the "Waiting for Godot" caucus, it's clear that Iowa's new caucus app had all the hallmarks of a software disaster:

  • Changing requirements, driven by a need to tally winners in three new ways.
  • Failure to field test.
  • Inadequate fallback plans.
  • A hard-stop deployment deadline that left no wiggle room.

Here's what we now know about the mistakes made by Shadow, the app-developer contractor, and the Iowa Democrats:

  • The app went out to users in a not-ready-for-prime-time test mode, which made it harder to install.
  • The app recorded results correctly but then transmitted different numbers to the party HQ, thanks to what officials now admit was a "coding error."
  • Use of the app was optional, but when local officials fell back on phone calls, there weren't enough people to take the data.

Of note: This kind of disaster isn't exclusive to the digital world. After low-tech failures of Florida's punch-card voting machines, the 2000 presidential election hung in the balance for weeks and the dispute had to be resolved by the U.S. Supreme Court.

The good news:

  • Most states don't hold caucuses, and the more common primary elections are less complex and easier to run.
  • The same patchwork of differing state election systems that makes security so hard to guarantee also means that any one state's vulnerabilities are likely to be local.

Experts recommend that all election systems should be:

  • Simple: Don't try to score an election three different ways if you can avoid it. This may be a bad moment to experiment with ranked choice and other complex voting schemes.
  • Transparent: People will trust systems more when all parties to the election have had an opportunity to examine them. Even in a party-only primary like Iowa, all the competing campaigns should have had a chance to try out and stress-test the app.
  • Auditable: Assume that failures of all kinds are inevitable and recounts are likely. Make sure that there are ways to deliver accurate election results no matter what — by candlelight if necessary.

Auditable paper trails remain the gold standard, according to the National Academy of Sciences and an overwhelming consensus of security experts.

Yes, but: Iowa had them and still messed up.

Go deeper

2 mins ago - Technology

Big Tech's Hong Kong bind

Illustration: Sarah Grillo/Axios

Big Tech companies are scrambling to figure out what China's imposition of a new national security law in Hong Kong means for their businesses there.

The big picture: Tech companies, like other multinationals, had long seen bases in Hong Kong as a way to operate close to China without being subject to many of that country's most stringent laws. Now they likely must choose between accepting onerous data-sharing and censorship requirements, or leaving Hong Kong.

2020 could decide fate of Keystone and Dakota Access pipelines

Illustration: Sarah Grillo/Axios

Two new court actions — one by the Supreme Court and another by a federal judge — together highlight and raise the energy stakes of November's election.

Why it matters: The legal actions mean the results of the 2020 election could very well decide the fate of Keystone XL and Dakota Access, two projects at the heart of battles over fossil fuel infrastructure.

Updated 37 mins ago - Politics & Policy

Coronavirus dashboard

Illustration: Eniola Odetunde/Axios

  1. Global: Total confirmed cases as of 9 a.m. ET: 11,648,268 — Total deaths: 538,828 — Total recoveries — 6,328,930Map.
  2. U.S.: Total confirmed cases as of 9 a.m. ET: 2,938,750 — Total deaths: 130,310 — Total recoveries: 924,148 — Total tested: 36,032,329Map.
  3. Axios-Ipsos Coronavirus Index: Our response is becoming more polarized.
  4. Business: Rising cases pause U.S. economic recovery — Hospitals, doctors are major recipients of PPP loans.