Cyber-issues expose flaws in Iowa caucus and election security at large
Last Monday’s Iowa caucuses were a disturbing parable for the risks to our democracy. Moreover, it exposed how Iowa’s niche status is hazardously clunky in the 21st century.
A week later, it is still unclear what exactly went wrong. What is known is that the Democratic party intended to have the captains at each voting precinct report the results of each caucus using an app developed by Shadow, Inc. There were reports suggesting that the app was untested and the captains were untrained, and now, there is news that pro-Trump trolls may have intentionally jammed the phone lines to prevent Democrats from using their hotline as a fail-safe. Even now, the results are in doubt. The infinitesimal gap between Pete Buttigieg and Bernie Sanders has led to both candidates declaring victory and numerous accusations of election rigging.
“There has been a lot of work in the security community and the crypto-community to design more secure voting systems, but those are still in the preliminary testing stage. Voting systems are complex; you need to worry about physical attacks on the system itself, and as soon as you connect them to the internet, that information might be tampered with or lost or scooped on,” said Bryan Parno, associate professor of Computer Science and Electrical Computer Engineering at Carnegie Mellon University, “On top of that, even if we security experts give our blessing, it’s not necessarily the best way to rest the foundation of a democratic system on. The system has to be not only secure, but also known to be secure. If people don’t think that it is secure or believe that it might have been tampered with, that is just as bad.”
Iowa’s caucus system is incredibly complex due to the multiple tiers of delegate allocation mechanisms. In short, rather than simply casting a ballot, the voters in each precinct gather and stand in clumps and convince others of their community to join them, with candidates under 15 percent having their votes redistributed. At the end of it all, the captains were meant to report the delegate outcome, along with the raw votes before and after redistribution.
So at first glance, a tech injection would appear to be just what Iowa needed. Instead, it only caused more mayhem. “After the 2000 election, there was this big rush to do computerized voter machines, and I think that was overly hasty … Part of the push for digitizing everything is that people want the results right away, which is nice to have but not necessary,” Parno explained.
Aside from technological issues, the Iowa caucuses were marred by issues of representation. According to the U.S. Census Bureau, Iowa is 91 percent white compared to the national statistic of 77 percent, and according to Pew research, the Democratic party is only 59 percent white nationally. This means that Iowa is not representative of the entire country, and especially not of the current Democratic party.
The caucus system is also unrepresentative due to the effort required to attend. It is an hours-long ordeal whose rules are difficult to summarize succinctly, as opposed to a primary where all one has to do is fill out a ballot. As a result, there are many who simply cannot attend a caucus for logistical reasons (jobs, childcare, etc.), and many who would vote but don’t want to go through the whole ordeal. For this reason and others, the number of Democratic caucuses decreased from 14 in 2016 to just four in 2020. In the end, only about 170,000 attended the democratic caucuses in a state of roughly 3.1 million.
Iowa Democrats had hoped to address the accessibility issues by also holding a “virtual” caucus by phone, in order to comply with new DNC regulations mandating ease of voting. However, the plan was tossed out last fall due to hacking concerns and replaced with “satellite” caucuses, which allowed Iowans out of state or abroad to vote in person without being at their assigned precinct back in Iowa. This did close to nothing to address the systemic reasons why the Iowa caucus is logistically inconvenient.
“A system that tries to get people talking to each other is not necessarily a bad thing, but it leads to some logistical challenges,” Parno said. As for the app attempting to streamline this archaic system, “Like any other technological product, if you are rolling something out that’s crucial to get right the first time, then there’s all kinds of standard software engineering disciplines you should be following: good specifications, good development process, testing, beta testing, trying it out with real users. If you skip any of those tests it is more likely that something is going to go wrong. And when something involves security, all of that has to be with security in mind. You can’t typically take your software that was designed without security in mind and slap on some security,” Parno said.