"Someone was not paying attention or on a deadline," said one analyst who was able to examine the app.
The smartphone app that caused a significant delay in reporting Iowa caucuses results suffered from technical and design flaws, and appeared to have been rushed into use, according to cybersecurity experts who examined a version of the app that was made public.The app became the subject of widespread scrutiny after the Iowa Democratic Party said problems with reporting caucus results were partially due to "coding issues" with the app, which was being used for the first time.Results were expected Monday evening, but the party released only partial results on Tuesday. As of Wednesday evening, the complete results had still not been released. PartyChairman Troy Price said Tuesday the underlying vote count, backed up by paper records, had not been affected by the problem, but that the party was proceeding with caution to make sure it released accurate results. The party said it was counting the caucus math worksheets by hand.The app was supposed to be the "preferred" method for caucus chairs to submit results, but only about a quarter did so, according to Gerard Niemira, the CEO of Shadow Inc, which developed the app for the Iowa Democratic Party. The majority of chairs opted to call in, jamming up understaffed hotlines.Developers who were able to look at a version of the app that was made public said it suffered from two problems. First, a flaw in how it reported data meant accurately recorded results were not properly communicated back to the party. Second, the user experience of the app made it difficult to use, particularly because it required users to first download a separate app often used by developers to test new apps. That proved a high barrier for many caucus chairs.Officials from the Iowa Democratic Party said they had provided training before the caucus to precinct chairs, including hiring a dedicated training staffer. They also provided live troubleshooting on the day of the caucus.Thomas Moore, security architect at Signal Hill Technologies, a cybersecurity company in Virginia, analyzed the app and found it was simple and appeared to function as designed.
"The app was built relatively lean to strictly perform the functions that it set out to do, take pictures, gather data, send that data, and apply an identity verification wrapper over top of the application," Moore said.The failure to catch the critical coding error beforehand showed that the system wasn't fully tested before launch, Moore said.Other experts who looked at the code found evidence of hurried work."The app appears rushed," said Irfan Asrar, a threat analyst at Blue Hexagon, a San Francisco-based cybersecurity firm. "Someone was not paying attention or on a deadline."Niemira said Tuesday the app itself was "sound," but he apologized for the reporting problem."The coding failure created inconsistencies in how the vote totals were transferred from Shadow's app to the IDP's database and was the culprit for the delay," Niemira said in a statement. "Once we discovered the issue, it was remediated and additional checks were performed on the underlying data to ensure its integrity."The coding issue was only part of the problem. The Iowa caucus relied on more than 1,600 volunteers to run its nearly 1,700 caucus sites. At least half a dozen managers who spoke with NBC News said training on the app was inadequate.Downloading the app was not a simple process. Because it was not released through an official app store, caucus managers on Apple devices needed to first download another app that allows developers to ship test versions of apps. Users on Samsung and other Android devices had to change device settings to be allowed to download the app.One campaign official told NBC News their team only received a version of the app about 10 days prior to the caucuses. Even then, it was two days before the campaign's team was able to download and access the app properly.Caucus managers said they received at least six emails from the party or Shadow with instructions on downloading the app and requests to test out different bug fixes.Even before the app's rollout, there was evidence that it would face a difficult situation. The party used an app in 2016 made by Microsoft to report caucus results, with only about half of all precinct chairs opting to use it. A former party official told NBC News the party left guidance for incoming officials that training for caucus chairs would be paramount for the new app's success.Eddie Perez, global director of technology development for the Open Source Election Technology Institute, a nonprofit that conducts election technology research, said the email chain showed the app's "amateurish" deployment. NBC News has collaborated with the institute since 2016 to monitor U.S. election technology and voting issues."A barrage of emails right before the caucus, a confusing app interface, and no training all betray an ignorance of basic project management, technology testing and simple human usability," Perez said.