A recent report alleges that the infamous app used in the Iowa Caucuses lacked key digital safeguards and could have been hacked using basic methods. The app’s developer, Shadow, continues to maintain that “the integrity of the vote in Iowa was not compromised in any way.”
ProPublica reports that the Iowa Caucuses app used to count and report votes from individual precincts and continues to delay results, could have been vulnerable to hacking. According to officials at Massachusetts-based Veracode, a security firm that reviewed the software at ProPublica’s request, the IowaReporter App was extremely insecure and could have had sensitive information such as vote totals and passwords intercepted or changed.
Veracode’s chief technology officer Chris Wysopal stated that it was a “poor decision” to release the app without fixing many of the issues that it contained. “It is important for all mobile apps that deal with sensitive data to have adequate security testing, and have any vulnerabilities fixed before being released for use,” he said.
The weaknesses reinforce concerns about political parties managing elections, especially in an era of heightened sensitivity to digital security issues — and about the Iowa Democratic Party’s actions in particular. Party officials, who touted the new technology as a fast way to tally votes, may have given short shrift to assuring not only the app’s effectiveness but also its security, experts said.
There’s no evidence that hackers intercepted or tampered with caucus results. An attack would have required some degree of sophistication, but it would have been much easier to pull off had a precinct worker used an open Wi-Fi hotspot to report votes instead of a cell data plan.
Still, the turmoil over counting the votes in Iowa has raised fresh doubts about the election’s integrity. “It absolutely hurts confidence overall because you have folks looking at this and saying: ‘Did my vote matter? Did it count?’” said Amber McReynolds, the former elections director in Denver and now CEO of the National Vote at Home Institute. “And they’ll ask those questions again in November.”
Questions about the app posed to the Iowa Democratic Party were referred to the app’s maker Shadow Inc. The Iowa Democratic Party’s spokeswoman, Mandy McClure, stated that all “electoral data and results have been exported from the application and are in the process of being verified through the paper record.”
The CEO of app developer Shadow, Gerard Niemira, said in a statement to ProPublica that “we are committed to the security of our products, including the app used during the Iowa caucuses. While there were reporting delays, what was most important is that the data was accurate and the caucus reporting process remained secure throughout. Our app underwent multiple, rigorous tests by a third party, but we learned today that a researcher found a vulnerability in our app. As with all software, sometimes vulnerabilities are discovered after they are released.”
Niemira added that no “hack or intrusion” occurred during the caucuses. He further stated that “the integrity of the vote in Iowa was not compromised in any way.” Read more at ProPublica here.