Iowa: Caucus app chaos shows why American elections should stay analog for now | Brinkwire

Like everything created by humans, code has flaws. One major way to defend against potential problems brought on by the flaws is testing an app before you use it. Unfortunately, it seems like the Iowa Democratic Party did little in the way of testing the app it used to track results from the Iowa caucuses, wreaking havoc on the tenuous Democratic presidential-nominating process. “The situation in Iowa makes the average voter’s confidence in the election process worse than before,” said Ron Gula, a former National Security Agency (NSA) white hat hacker who now invests in startup cybersecurity firms. “Whether or not they might believe the Russians hacked the election before, this is another thing that will make them go ‘wow, we really don’t trust this.’ It’s not a great situation for voter confidence in general.” This was a screw up on a state level, a state that happens to hold a lot of significance for U.S. democracy. “The situation with Iowa’s caucus reveals the risks associated with technology, in this case with a mobile app, but more importantly that there needs to be a low-tech solution in order to recover from technological failures — no matter the cause,” said Marian K. Schneider, president of Verified Voting, in a statement to Digital Trends. Verified Voting is a voting accuracy nonprofit that works to eliminate or reduce the use of systems that “cannot be audited or secured, such as internet voting.” Schneider noted it was lucky that Iowa kept paper records of the vote. “It’s clear that mobile apps are not ready for prime time,” she said.

National: Is technology consistent with electoral integrity? The hard lessons of Iowa | Sarah E. Hunt/Salon

In the modern era, much of American greatness is derived from the conception that the United States maintains the integrity of its elections, thus ensuring the fair representation of its citizens in the halls of government. Such elections brought about the suffragist and civil rights movements, which marked evolutionary tectonic shifts in American democracy that aligned the nation more closely with the ideals set forth in its Constitution. When revolutionary action is called for, our country has the ability and will to better itself and defend its values. The chaos surrounding the 2020 Iowa caucus two weeks ago was a bellwether, heralding another transformational moment. Our willingness to take action will define America’s trajectory. The events unfolding in the heartland of our country are a wake-up call to the entire nation. They highlight the importance of protecting the security and integrity of our electoral system.

National: Security experts raise concerns about voting app used by military voters | Brian Fung/CNN

Security researchers are reporting flaws in a smartphone-based voting app that’s been used by military voters overseas and is now being tested for use in the US. The vulnerabilities could allow nation-state hackers to view, block or even change smartphone ballots before they’re counted, according to a new paper written by three researchers at the Massachusetts Institute of Technology. The app is designed by the company Voatz, whose technology has been piloted so far in West Virginia, Colorado and Utah. The company called the report “flawed” in a statement posted to its website Thursday. “We want to be clear that all nine of our governmental pilot elections conducted to date, involving less than 600 voters, have been conducted safely and securely with no reported issues,” Voatz said in the statement. “The researchers’ true aim is to deliberately disrupt the election process, to sow doubt in the security of our election infrastructure, and to spread fear and confusion.” The report comes amid rising concern about the use of apps and online voting tools in the 2020 election following the failure of reporting tools in the Iowa caucuses.

National: Smartphone voting stirs interest — and security fears | AFP

West Virginia’s disabled residents and overseas military personnel will be able to vote by smartphone in the US presidential election this year, the latest development in a push to make balloting more accessible despite persistent security fears. Rising interest in electronic voting has heightened concerns among security experts who fear these systems are vulnerable to hacking and manipulation that could undermine confidence in election results. Overseas service members from West Virginia first voted by smartphone in 2018 with the blockchain-powered mobile application Voatz, which is now being tested in some elections in Colorado, Utah, Oregon and Washington state. West Virginia recently expanded the program to people with physical disabilities. A report released Thursday by Massachusetts Institute of Technology researchers uncovered Voatz “vulnerabilities” which could allow votes to be altered and potentially allow an attacker to recover a user’s secret ballot.

Nevada: Democrats Say They’ll Replace Their Caucus App With iPads And A Google Form | Kaleigh Rogers/FiveThirtyEight

In just two days, Nevadans will begin early voting in the state’s Democratic caucuses. For the past few weeks, it’s been unclear how those votes would be integrated into the overall vote tallies after Nevada Democrats were spooked by the chaos in Iowa’s Democratic primary and decided to toss a previous plan to use an app. But today, the state Democratic party revealed how it intends to incorporate those early votes into the live caucuses on Feb. 22: “a simple, user-friendly calculator.” What that means, exactly, is still a bit unclear. In a memo sent to campaigns Thursday and shared with FiveThirtyEight, the party wrote that “the caucus calculator will only be used on party-purchased iPads provided to trained precinct chairs and accessed through a secure Google web form.” The memo didn’t provide any specifics about whether the calculator would be accessed through the Google form, or whether the Google form itself is the calculator. It’s also not clear if early-vote tallies will live on the web, or if they’ll be pre-loaded onto each district’s iPad. The state party did not immediately respond to our request for further comment.

Editorials: Paper ballots still the best election system | Medford Mail Tribune

Sometimes, the old ways are still the best ways. We would argue that especially applies to election systems, despite continuing pressure to offer voters the option of casting ballots using smartphones or other devices. Jackson County is one of two Oregon counties that experimented with a smartphone app that allowed county residents overseas — most of them in the military — to vote in the Nov. 5, 2019, special election. Of 213 Jackson County voters eligible to participate, only 27 did. One reason could have been that the November ballot had only one item on it — a proposed bond levy to upgrade the county’s emergency communications system. Maybe a full ballot would have enticed more county voters stationed overseas to use the smartphone app. Maybe not. But the turnout isn’t the primary concern here. Anything that gives voters more options to participate is a good thing, in theory. In practice, voting systems that use the internet to transmit votes are inherently more vulnerable to hackers seeking to manipulate the outcome. They are also more likely to simply fail to perform as designed.

International: Tech-augmented democracy is about to get harder in this half-baked world | Chris Duckett for Null Pointer/ZDNet

For the wondrous benefits the internet has brought, it is not without its drawbacks. This has manifested itself in two ways when it comes to democracy: A headlong rush into internet voting and a shattering of the polity. As a scientific critique on the act of voting, associate professor Vanessa Teague discussed electronic voting in her recent keynote at Linux.conf.au 2020. Teague has more than enough experience in this area, and has been involved in finding flaws in the iVote system that is increasingly used in New South Wales, as well as the Scytl system used in Swiss elections that iVote is based on. “I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation [via] software bugs,” Teague said last month. The issue Teague sees with remote voting is subtle bugs, such as those involved in shuffling and verifying votes, which can undermine the security of the whole system. “That’s a little bit different from the occasional problems that happen in paper-based systems because you don’t as a result of one little subtle problem hand over a capacity for total manipulation of all of the votes to one entity,” she said. “In summary, I think there are some reasonable ways of doing electronic voting in a polling place … but we just don’t know how to do remote electronic voting properly in a way that really safeguards the election against manipulation on software bugs.”

National: Voatz of no confidence: MIT boffins eviscerate US election app, claim fiends could exploit flaws to derail democracy | Thomas Claburn/The Register

Only a week after the mobile app meltdown in Iowa’s Democratic Caucus, computer scientists at MIT have revealed their analysis of the Voatz app used in West Virginia’s 2018 midterm election. They claim the Android app is vulnerable to attacks that could undermine election integrity in the US state. Based on their findings, published today in a paper [PDF] titled, “The Ballot is Busted Before the Blockchain: A Security Analysis of Voatz, the First Internet Voting Application Used in U.S. Federal Elections,” researchers Michael Specter, James Koppel, and Daniel Weitzner conclude that internet voting has yet to meet the security requirements of safe election systems. “We find that Voatz has vulnerabilities that allow different kinds of adversaries to alter, stop, or expose a user’s vote, including a side-channel attack in which a completely passive network adversary can potentially recover a user’s secret ballot,” their paper states. “We additionally find that Voatz has a number of privacy issues stemming from their use of third-party services for crucial app functionality.” Specifically, the researchers discovered that malware or some miscreant with root access to a voter’s mobile device can bypass the host protection provided by mobile security software known as the Zimperium SDK.

National: MIT researchers find vulnerabilities in Voatz voting app used in multiple states | Maggie Miller/The Hill

A voting app used in multiple states during the 2018 midterms elections to allow for more accessible voting has cyber vulnerabilities that could allow for votes to be changed or exposed, researchers at the Massachusetts Institute of Technology (MIT) found. In a paper published Thursday, three MIT researchers found that Voatz had vulnerabilities that “allow different kinds of adversaries to alter, stop, or expose a user’s vote” and that the app also had several privacy issues due to the use of third-party services to ensure the app functioned. The researchers found that if an individual were able to gain remote access to the device used to vote on the Voatz app, vulnerabilities could have allowed that person to discover and change the votes cast. The researchers described their findings as being part of the first “public security analysis of Voatz” and noted that they used reverse engineering of the Android Voatz app to come to their conclusions. The Voatz app was used during the 2018 midterms in some municipal, state or federal elections in West Virginia, Colorado, Oregon and Utah. The company allows voters to cast their votes via an app and was rolled out in West Virginia as a way for overseas military personnel and other voters unable to physically go to the polls to cast their votes.

Colorado: MIT study: voting app that Denver used could be hacked | Matt Mauro/KDVR

An app that some Denver voters used in 2019 has significant security issues, according to a new study from the Massachusetts Institute of Technology. The study that was released Thursday said hackers could potentially block or change a vote and steal a voter’s personal information from the app Voatz. The Denver Elections Division used Voatz in the May and June municipal elections for about 300 military and overseas voters. The Division did not report any security issues. “We were very happy with it,” said Director of Elections Jocelyn Bucaro. Burcaro said voter turnout increased significantly with Voatz. Traditionally, military members and others who are overseas and vote electronically would have to print a ballot, sign an affidavit, scan the documents and email them. Voatz allowed the voters to submit their ballots by just using a smartphone. Also, the division used a three-step process to ensure the app and votes were secure. “We are really grateful for the MIT researchers and releasing that report because we’ve been wanting more security review of the Voatz application and other vendors in this space,” Bucaro said.

Iowa: Caucus Meltdown Proved Transparency Is Essential, Election-Watchers Say | Miles Parks/NPR

As the Democratic primary season rolls on, one big lesson already is sinking in from the party’s caucus-night meltdown in Iowa: Secrecy isn’t a strategy. State Democratic chair Troy Price declined to answer questions a month ago about what sorts of tests were conducted on the smartphone app the party was planning to use on caucus night or detail backup plans should it fail. But he did promise some sort of transparency. “We’ll be able to give a preview to the press of what the app will look like in the days leading up to the caucuses,” Price said in mid-January, in his first interview about the app, with NPR and Iowa Public Radio. That preview never happened. And the reporting system then failed in a major way. The state party announced over the weekend that it was still adjusting results for 3 percent of the state’s total precincts, and updating its projected national delegate allocations.

Iowa: What the Iowa Caucus Tells Us About Cavalier Approaches to Technology | Cillian Kieran/CPO Magazine

As details emerge about the tech issues that have delayed the results of the Iowa caucus and thrown the public into states of confusion and frustration, I marvel at the familiarity of the story to anyone who has spent long enough working on the front lines of enterprise technology. It should be noted that the dust is still settling on events in the Hawkeye State, and so it may be a few more days until we know with absolute certainty what transpired and how exactly, in 2020, the results of the caucus are taking longer to arrive than in pre-internet days. But reports so far focus on the haphazard roll-out of a new voting app designed to facilitate (ostensibly) the transmission of results from caucus locations to centralized election monitors. A number of problems appear to have occurred with this process – ranging from caucus-site volunteers being unable to log-in to report results to rumored compromising by outside parties to scramble the results-logging process. Whatever the final assessment, it’s certainly not too early to call this a disaster, with a bungled roll-out as catalyst.

Nevada: Volunteers and campaigns worry about results reporting ahead of Nevada caucuses | Holmes Lybrand, Dianne Gallagher, Pamela Kirkland and Dan Merica/CNN

With the Nevada Democratic caucuses only a week away, both caucus workers and presidential campaigns are worried about the lack of detail the state party is providing about how the results reporting process will work. The worries come after the state party stopped working with Shadow Inc., the company behind the app whose “coding errors” were at the heart of the chaos of the Iowa caucuses. Having scrapped plans to use a pair of Shadow’s apps, the parties will instead use a “caucus calculator,” as outlined in a new memo released by the Nevada State Democratic Party Thursday. Described as “user friendly,” the calculator will be used to add early voting data into each precinct and calculate totals on caucus day, February 22, along with paper work sheets. The tool, which the party does not consider an app, will be available on iPads owned by the party and “accessed through a secure Google web form.” A similar memo was sent to the presidential campaigns on Monday.

West Virginia: State Expands Online Voting as Security Worries Grow | Patrick Groves/Government Technology

West Virginia, which has become an early tester of blockchain voting, is expanding Internet voting to include those with physical disabilities. But the move comes just as researchers from the Massachusetts Institute of Technology (MIT) have published a paper asserting that Voatz — the app West Virginia has been using in its pilot tests — has serious flaws, including the ability of bad actors to change votes without voters’ knowledge. Gov. Jim Justice signed SB 94 into law last week giving the secretary of state permission to create a system that allows people with physical disabilities to vote electronically. The Office of the Secretary of State lauded its success with Boston-based vendor Voatz that tallied 144 ballots from uniformed and overseas citizens in 2018. The Secretary of State’s Office may choose the startup again to enact the new law’s mandate for the 2020 primary and general elections. But election security experts and computer scientists have grown increasingly skeptical of the cybersecurity surrounding voting apps, especially after a mobile app used during the Iowa Caucus recorded data accurately but only reported it partially due to a coding error.

National: Voting on Your Phone: New Elections App Ignites Security Debate | Matthew Rosenberg/The New York Times

For more than a decade, it has been an elusive dream for election officials: a smartphone app that would let swaths of voters cast their ballots from their living rooms. It has also been a nightmare for cyberexperts, who argue that no technology is secure enough to trust with the very basis of American democracy. The debate, long a sideshow at academic conferences and state election offices, is now taking on new urgency. A start-up called Voatz says it has developed an app that would allow users to vote securely from anywhere in the world — the electoral version of a moonshot. Thousands are set to use the app in this year’s elections, a small but growing experiment that could pave the way for a wider acceptance of mobile voting. But where optimists see a more engaged electorate, critics are warning that the move is dangerously irresponsible. In a new report shared with The New York Times ahead of its publication on Thursday, researchers at the Massachusetts Institute of Technology say the app is so riddled with security issues that no one should be using it.

National: MIT researchers identify security vulnerabilities in voting app | Abby Abazorius/MIT News

In recent years, there has been a growing interest in using internet and mobile technology to increase access to the voting process. At the same time, computer security experts caution that paper ballots are the only secure means of voting. Now, MIT researchers are raising another concern: They say they have uncovered security vulnerabilities in a mobile voting application that was used during the 2018 midterm elections in West Virginia. Their security analysis of the application, called Voatz, pinpoints a number of weaknesses, including the opportunity for hackers to alter, stop, or expose how an individual user has voted. Additionally, the researchers found that Voatz’s use of a third-party vendor for voter identification and verification poses potential privacy issues for users.

Utah: Lawmaker says Iowa caucuses a cautionary tale for online voting | Art Raymond/Deseret News

Issues in the recent Iowa Democratic caucuses with a smartphone app are a further reminder, according to one Utah lawmaker, that the state should move slowly and deliberately toward any future change to a statewide online voting system.

To that end, Rep. Mike McKell, R-Spanish Fork, is sponsoring a proposal to spend some 20 months on a study to determine what, if any, digital voting system is secure enough to trust with running Utah elections. That proposal, HB292, got unanimous support from the House Government Operations Committee on Wednesday and is now headed to the full body for further consideration. Ahead of the meeting, McKell told the Deseret News the proposed study isn’t due until October 2021 and would have no impact on the upcoming general election, nor the 2021 off-year municipal elections. The goal of the study, McKell said, is to take the necessary time to do a thorough assessment of the potential advantages, and pitfalls, of moving the voting process into the digital realm. “I think we need to slow things down and commit to a thorough review of internet voting,” McKell said. “I think there are a lot of pressures in play to use new technologies and take advantage of efficiencies they can bring. “But we just saw a whole host of problems in Iowa … that are a reminder that we’re just not there yet.”

National: Iowa’s app fiasco worries mobile voting advocates | Tonya Riley/The Washington Post

The fiasco caused by an app that failed to properly transmit votes in the Iowa caucuses is worrying the mobile voting industry, which hoped 2020 would be a banner year. Companies — and proponents of incorporating more technology into elections — are trying to avoid being lumped in with the hastily made app used in Iowa. They’re saying its failure proves serious investment in user-friendly, secure election technology is more critical than ever. “We need to ensure that every new idea is tested, transparent and secure — just like the eight successful mobile voting pilots conducted to date,” Bradley Tusk, the founder and CEO of Tusk Philanthropies, said in a statement. “Enough is enough. 2016 should have been enough of a wake-up call. Iowa just confirmed it.” Tusk Philanthropies has funded pilots for mobile voting across the country, launched in a push to increase participation in elections. Unlike the app used in Iowa, which was developed to relay vote counts, the pilots use technologies that allow voters to easily vote from their mobile phones. So far, the pilots have largely been limited to eligible uniformed and overseas voters and voters with disabilities. But any expansion is sure to fall under an even more critical spotlight. Any malfunction — or hack — of an app used directly for voting in 2020 could have far greater impact in undermining public faith in the Democratic process than one Democratic caucus gone wrong.

Washington: Seattle-area election will use smartphone voting system that worries some experts | Jay Greene /The Washington Post

As it became clear that a technical mishap would delay results from the Iowa caucuses last week, Sheila Nix raced to prepare a chart illustrating how the glitch was isolated. Nix is president of Tusk Philanthropies, an organization that’s working to boost turnout through mobile-voting projects and was not involved in the Iowa caucuses. But she has been working on a Seattle-area election that culminates Tuesday to elect a seat on the board of the King Conservation District, which promotes sustainable uses of natural resources. It is one of Tusk’s most high-profile efforts. Nix didn’t want the Iowa debacle to discourage potential voters from using their mobile phones to cast their ballots. The chart Nix’s team created, posted on the King Conservation District’s website, noted that the technology used in Iowa, unlike Tusk’s partners, was “untested, and created in secrecy,” and that Iowa didn’t have a backup plan in the event there was a problem. But she said she also recognizes that the fiasco in Iowa was a setback for everyone working on digital elections. “We know we have an additional level of education that must be done,” Nix said. ‘It kind of failed us’: With eyes of the world on Iowa, another hiccup in American democracy.

Washington: We voted with a smartphone in a Seattle-area election, and this is what we discovered | Monica Nickelsburg/GeekWire

Mobile voting is fast, convenient, and vulnerable. Those were my takeaways testing out the mobile voting pilot available to all voters in the greater Seattle region Tuesday. More than 1.2 million Seattle-area voters have the option to cast their ballots online in a little-known election for the Board of Supervisors of the King Conservation District, a resource-management organization operating under state authority. To cast my ballot online, I visited the King Conservation District website on my smartphone. The first page explained my options for voting, including casting my ballot online. It also included an infographic detailing how this mobile voting pilot is different from the app that malfunctioned during the Iowa Democratic caucuses last week. Clicking “Vote Now” led to a series of prompts within the web browser on my phone. First I reviewed the sample ballot provided. Then it was time for the main event. … The speed and convenience of mobile voting is undeniable. … But there will always be folks who sit small, local elections out. My husband, for example, probably won’t vote in this one. Could that become an opportunity for fraud? I decided to find out.

Nevada: Democrats Tight-Lipped About Vote-Counting Plans | Tarini Parti and Alexa Corse/Wall Street Journal

The Nevada Democratic Party is still working on its process for conducting and transmitting the results of its Feb. 22 caucuses and has been unable to answer questions about how that will be carried out, causing alarm among volunteers and campaigns. With early voting starting in less than a week, volunteers who have attended training sessions said they were confused about the process and technology they were expected to use for the state’s caucuses. And questions from campaigns to the state party have either been ignored or only heightened concerns when answered, according to campaign aides. The state party has said that it is evaluating its process and will have backups including paper records in place to ensure that the caucuses run smoothly. In the aftermath of the debacle in Iowa’s caucuses, where glitchy technology and poor planning cast confusion over the outcome, the Nevada State Democratic Party said it would no longer use an app built by Shadow Inc., the vendor in charge of a similar app that failed in Iowa. Nevada’s app was set to play an even bigger role than the one in Iowa did, according to people familiar with the issue. The Nevada Democratic Party, which is implementing early voting for its caucuses for the first time, was planning on using the app to fold in early voting results with caucus night alignments, calculate the threshold required for viability for candidates and the realignment results and then transmit them. Ditching the app has forced the party to make changes to multiple parts of the process, the people said. Some of those changes still aren’t clear, they said.

Iowa: How the Iowa Caucuses Became an Epic Fiasco for Democrats | Reid J. Epstein, Sydney Ember, Trip Gabriel and Mike Baker/The New York Times

The first signs of trouble came early. As the smartphone app for reporting the results of the Iowa Democratic caucuses began failing last Monday night, party officials instructed precinct leaders to move to Plan B: calling the results into caucus headquarters, where dozens of volunteers would enter the figures into a secure system. But when many of those volunteers tried to log on to their computers, they made an unsettling discovery. They needed smartphones to retrieve a code, but they had been told not to bring their phones into the “boiler room” in Des Moines. As a torrent of results were phoned in from school gymnasiums, union halls and the myriad other gathering places that made the Iowa caucuses a world-famous model of democracy, it soon became clear that the whole process was melting down. Volunteers resorted to passing around a spare iPad to log into the system. Melissa Watson, the state party’s chief financial officer, who was in charge of the boiler room, did not know how to operate a Google spreadsheet application used to input data, Democratic officials later acknowledged.

Nevada: Election Security Institute Criticizes Newly-Unveiled Nevada Caucus App After Iowa Disaster | Hunter Moyler/Newsweek

An institute that studies election security criticized the Nevada Democratic Party for planning to use a digital tool for its caucuses, arguing that Nevada was likely to run into many of the same issues that Iowa did with its voting app last week. The Open Source Election Technology (OSET) Institute began its Twitter thread Sunday with a link to a story from The Nevada Independent, which detailed how the Nevada Democratic Party (NDP) will be using a digital “tool” on the day of that state’s caucuses on February 22. The Independent reported that NDP staffers made a distinction between its tool and the app that was used by the Iowa Democratic Party for their caucuses on February 3. A faulty app that was not tested properly and had coding issues led to delays of the Iowa results. “Deja Vu; this time in NV,” OSET’s first tweet read. “Let’s be clear from the start: their’s is an ‘App’ and no designation of ‘tool’ changes that. Let’s stop playing word games here. The fact that its pre-loaded & may not use mobile connectivity is the only ‘difference.'” The institute dismissed the NDP’s distinction between an “app” and a “tool,” arguing that any difference between the two was superficial.

Oregon: Two counties offer vote-by-mobile to overseas voters | Andrew Selsky/Associated Press

Two Oregon counties are offering the opportunity for U.S. military members, their dependents and others living overseas to vote in special elections this November with smartphones, officials announced Wednesday. While some technology experts have warned that such systems could be insecure, the two counties have already advised hundreds of registered voters living overseas about the option to cast ballots using blockchain-based mobile voting. Oregon residents normally vote by mail. Jackson County Clerk Christine Walker expressed confidence in the system and said it will help ensure that the votes of those overseas will be counted. She noted that overseas mail systems can be unreliable and that she was very worried that Washington’s threats to pull the United States from the United Nations’ postal agency would prevent voters overseas from casting ballots. “We need to make sure that our military and overseas voters have the not only ability to vote, but they can easily access their ballots in a safe manner,” Walker said in a telephone interview Tuesday. “There was a potential crisis going on.”

Washington: ‘Proceed very cautiously’: Experts say online elections raise security concerns | Amy Radil/KUOW

Voting online is now an option for certain voters in King, Pierce, and Mason counties. But Washington state lawmakers and security experts say these methods should be “off the table” in 2020. Tuesday, February 11 is the last day for voters in the King Conservation District election to submit their online ballots. The election made headlines last month as the country’s first in which all eligible voters cast ballots via smartphones and computers. Pierce and Mason counties plan to use the same method to allow military and overseas voters to cast ballots in the presidential primary. But the failure of the app at the Iowa caucuses last Monday has inflamed doubts around online voting. Even before then, Washington Secretary of State Kim Wyman and cybersecurity experts condemned online balloting calling for the exclusive use of paper ballots this year. Should Washington voters worry about online voting? …Computer scientist Jeremy Epstein has a much different perspective than Tusk. He argues the platforms Tusk has funded through two firms, Voatz and Democracy Live, are not transparent. “Both Voatz and Democracy Live have talked about, ‘Oh yes we’ve had security assessments,’” said Epstein, who works for the Association for Computing Machinery. “But they won’t release any information on what they’ve tested, what the results are. They just said, ‘don’t worry, be happy.’” Epstein said there are no standards for secure internet voting because it is “fundamentally insecure. ” He add that “we don’t want to build standards for ‘safe cigarettes,’” and “we don’t build standards for ‘safe’ internet voting because it’s a contradiction in terms.”

Iowa: The Iowa Caucuses App Had Another Problem: It Could Have Been Hacked | Jack Gillum and Jessica Huseman/ProPublica

A glitch in the smartphone app used to count and report votes from individual precincts continues to delay results from Monday’s Iowa caucuses. But a closer look shows that the app had a potentially graver problem that apparently did not come into play: its vulnerability to hacking. The IowaReporterApp was so insecure that vote totals, passwords and other sensitive information could have been intercepted or even changed, according to officials at Massachusetts-based Veracode, a security firm that reviewed the software at ProPublica’s request. Because of a lack of safeguards, transmissions to and from the phone were left largely unprotected. Chris Wysopal, Veracode’s chief technology officer, said the problems were elementary. He called it a “poor decision” to release the software without first fixing them. “It is important for all mobile apps that deal with sensitive data to have adequate security testing, and have any vulnerabilities fixed before being released for use,” he said. The weaknesses reinforce concerns about political parties managing elections, especially in an era of heightened sensitivity to digital security issues — and about the Iowa Democratic Party’s actions in particular. Party officials, who touted the new technology as a fast way to tally votes, may have given short shrift to assuring not only the app’s effectiveness but also its security, experts said.

Iowa: Democrats to undergo independent review of caucus chaos | Thomas Beaumont and Seth Borenstein/Associated Press

Iowa Democratic Party Chairman Troy Price, under immense pressure following the state’s presidential caucus debacle, said Friday that an independent review will determine what caused the problems that led to a dayslong delay in reporting the results, inconsistencies in the numbers and no clear winner. “We will be undergoing an independent, forensic review,” Price told reporters Friday in Des Moines. “What went right? What went wrong? Start to finish.” But almost nothing went right Monday night, first when an app local Democratic volunteers were to use to report the results from almost 1,700 precincts failed, and then when a massive backlog of phone reports and inquiries followed. It brought the reporting of the results of the leadoff presidential nominating contest to a standstill. It took until Thursday for the state party, which operates the series of statewide political meetings, to issue what it said are complete results.

Nevada: Democrats debut to volunteers new iPad-based ‘tool’ to calculate math on Caucus Day in the wake of Iowa fiasco | Megan Messerly/Nevada Inpedendent

Nevada Democrats are planning to use a new caucus tool that will be preloaded onto iPads and distributed to precinct chairs to help facilitate the Caucus Day process, according to multiple volunteers and a video recording of a volunteer training session on Saturday. The new tool will help precinct chairs fold in the results from people in their precinct who chose to caucus early with the preferences of in-person attendees on Caucus Day by calculating the viability threshold and carrying out the two alignments in the caucus process, according to the volunteers and the video recording. Details about the tool come two days after Nevada Democrats said that they would not use any apps for their Feb. 22 caucus after a coding error in a similar program used by Iowa Democrats delayed the release of results from that state’s nominating contest earlier this week. In the video, a party staffer tells volunteers that the new mechanism “is not an app” but should be thought of as “a tool.”

Iowa: Maker of glitchy Iowa caucus app has Democratic Party ties | Michael Biesecker and Brian Slodysko/Associated Press

The little-known technology start-up under scrutiny after the meltdown of the Iowa Democratic caucuses on Monday was founded little more than a year ago by veterans of Hillary Clinton’s failed 2016 presidential campaign who had presented themselves as gurus of campaigning in the digital era. Shadow Inc. was picked in secret by the Iowa Democratic Party after its leaders consulted with the Democratic National Committee on vetting vendors and security protocols for developing a phone app used to gather and tabulate the caucus results. Party officials in Iowa blamed an unspecified “coding issue” with the software that led to it producing only partial and unreliable results. It did not identify the firm that produced the technology, but campaign disclosure reports show that the Iowa party paid $63,000 to Shadow in late 2019. After the company came under withering criticism on social media Tuesday, it issued a series of tweets that expressed “regret” over technical glitches which contributed to a delay in the release of results, but stopped short of apologizing.