This week the political universe turned upside down by the failure of the Iowa caucuses.
Traditionally the event provides the first concrete tally after months of speculation about the presidential primary.
But Monday night’s Democratic caucuses ended inconclusively as the state party blamed technological problems for preventing it from reporting results.
The Iowa Democratic Party says an app created to compile and report caucus results malfunctioned due to a “coding issue,” delaying the count.
The problem was that the app only reported partial data when the precinct chairs sent the information to party headquarters.
The party didn’t roll the app out to its 1,678 caucus locations until a few hours before the meetings began Monday night.
That was a risky decision according to cyber security expert Erik Knight.
“Regardless of the cybersecurity risk, there should have been a ton of training and testing with the people using the app before it went live,” said Knight, who has two decades experience in the cyber security field. “As like with a lot of technology roll outs, the idea is sound but the people aspect was not accounted for.”
The party says there are no signs of hacking or other intrusion and that the underlying data is “sound.”
That hasn’t stopped multiple conspiracy theories from being circulated on the web.
Attention has already shifted to New Hampshire, which votes in a traditional primary next week.
That means one vote, one candidate.
But another early voting caucus state — Nevada — has now confirmed it will not use the same app utilized in Iowa.
“The thought that an app running on a personal or open source device – Android or IOS – transmitting over the open internet seems absurd to me,” said Knight. “The developer was trying to hide the app through obscurity. By not listing the app in the app stores, they provided direct downloads that throw a security warning. But in doing that they bypassed a number of the security protections that come along with a certified app through the trusted app stores.”
2020 will see a presidential election, along with nationwide elections for the House and a third of the Senate.
It will be a major test for efforts to improve security after Russian interference efforts in the 2016 election.
Iowa’s debacle has shaken voters across the country, already concerned about past failures.
Knight says the situation is a reminder of the risk states take when they ditch a paper record of ballots in exchange for technology.
“You need a paper trail today because you can tamper with the whole database through electronic methods, so you need a lot more fail-safe checks,” Knight told JimHeath.TV. “Making a jump from apps to personal cell phones is a huge and risky jump. Blockchain technologies will likely solve or alleviate those issues, but we are years away from that technology being widely accepted.”
The years following 2016 have seen election security become a big talking point on Capitol Hill, but with Republicans and Democrats divided over what needs to be done to ensure that similar interference does not happen again.
A big step Congress has taken is appropriating funds for state and local election officials to improve election security efforts, with Congress sending $380 million to the states in 2018, and an additional $425 million to states in appropriations bills.
But Democrats complain that Congress has not done enough.
Ransomware attacks, in which an attacker infiltrates a system and locks it until a ransom is paid, were endemic nationwide in 2019, hitting government entities and cities repeatedly.
The city governments of Baltimore, New Orleans and Pensacola, Fla., were hit by ransomware attacks this year, with city services affected for days afterward, while a coordinated attack hit almost two dozen small town governments in Texas in August.
School districts have also borne the brunt of ransomware attacks, with Louisiana Gov. John Bel Edwards (D) declaring a state-wide emergency in July after several school districts were hit.
The school district for Flagstaff, Ariz. was forced to close for two days in August to recover from a ransomware attack, affecting almost 10,000 students.
Knight suggests a severe lack of knowledge and understanding by lawmakers on cyber security issues is a big part of the problem.
“Hackers are looking for the weakest systems to tamper with, and in the end its far easier to manipulate the people over the systems through social engineering,” said Knight. “We’ve seen this through Facebook and other platforms. We are at risk from all sides, the law hasn’t caught up with the technology yet. In the recent congressional hearings with tech companies, it’s clear the people legislating have zero clue on how any of this stuff works. It makes for a very scary environment.”