By now you probably know the broad outlines of what went down in Iowa on Monday night: a hastily built, poorly written, badly distributed, slipshod app crashed and the Iowa Democratic Party utterly failed to plan sufficient backup solutions, delaying the reporting of caucus results. The web was awash with postmortems yesterday and rightly so. It’s not the absolute worst way to kick off real voting in the 2020 presidential election, but it’s within spitting distance of it.
The votes themselves are secure — thankfully there are paper backups for everything — but our sense of election security has been shaken again. The fiasco has opened the door to conspiracy theorists and bad actors who want to call this and future results into doubt. Some of that frankly irresponsible speculation came from major cable news outlets trying to fill the dead air the very night of the caucuses.
“I’m really disappointed that some of our technology created an issue that made the caucus difficult,” said Gerard Niemira, the CEO of political technology company Shadow Inc., in his first interview after the caucus. “We feel really terrible about that.”
You’re not the only one who feels terrible, bub.
But the thought that keeps running around my head is simply this: it should have been obvious that the app would fail. The warning signs were manifold, both before the voting started and the day of the caucuses.
That’s not exactly a keen insight, but the reason I can’t stop thinking about it is that even in 2020, too many people are weirdly deferential to the idea of an app. We’ve gotten wiser to misinformation on social networks, concerns about privacy violations, and even encryption, but we are still pretty dumb about how cloud computing and apps actually work.
If somebody told you their summer project was building a kit car, you’d have a sense of how much work that entails and how likely that person would be to succeed. But we don’t seem to have built up a similar sense of scale for apps. I don’t think everybody needs to “learn to code,” but I do think we’ve done a terrible job with literacy about code.
I’m not here to call anybody ignorant, but it seems clear to me that the leadership of the Iowa Democratic Party not only didn’t know about how apps work, but it didn’t know what it didn’t know and preferred not to.
Below is a not-so-brief and nevertheless incomplete list of warning signs that I think anybody conversant with computers should have recognized as a red flag. I don’t mean they should have recognized exactly why exactly each thing was wrong, but that they should have had the sense of tech scale to see that urgent questions needed to be asked and expertise sought out. These should have been emergency-brake moments, especially with an election at stake:
- The consulting group that made the app, Shadow, was paid just over $60,000 to develop the app, far less than it should actually cost to develop.
- The party insisted on “security through obscurity,” arguing that talking about the app too much would give hackers a heads-up to attack it.
- The app was rushed out so quickly it had to be distributed via two platforms mobile developers use to beta-test their software, TestFlight and TestFairy.
- Installing an app via these methods is not simple even for savvy users, and having voters install it on their personal phones has security implications that I can’t even begin to enumerate.
- The app required two-factor authentication (good!), but the instructions were apparently not sufficient, leading to yet more frustration. The New York Times reports that “some [precinct chairs] also took pictures of the worksheets they had been given — the PINs fully visible — and tweeted them out in frustration. Had the app worked, the information might have given trolls or hackers a chance to download the program and tamper with it.” Yikes.
- What’s more, as Nick Statt notes, “the app was distributed using the TestFairy platform’s free tier and not its enterprise one. That means Shadow didn’t even pony up for the TestFairy plan that comes with single sign-on authentication, unlimited data retention, and end-to-end encryption.”
- Shadow itself reportedly didn’t have the coding chops to pull off the app in the first place, especially on such a tight timeline. How carefully was this outfit vetted?
- The whole ecosystem of tech for campaigns is dysfunctional in the first place, with the wheel getting reinvented every four years and widespread distrust in publicly available tools. Here’s an eye-opening Twitter thread about the issue.
- Shadow’s previous products caused alarm among security experts. That includes members of the Biden campaign, which ended its partnership with Shadow after its texting platform “did not pass our cybersecurity checklist,” a Biden staffer tells the NYT.
- The app itself wasn’t stress-tested, and the errors it showed on election night were singularly unhelpful, as Motherboard reported.
- Local volunteers realized the fiasco was coming and the party didn’t adjust to open up more phone lines to accommodate the change.
I remember all of the drama and concern around Diebold’s election machines in the early 2000s. I remember the distrust and the widespread call for paper ballot backups. Luckily, Iowa at least learned the latter lesson.
But the difference between then and now is that our understanding of computing has moved from discrete machines to the cloud and apps. Computing has become so diffuse and the language around it so arcane that it’s easier to just see it all as [waves hands] “cloud stuff.” Companies have taken to calling your laptop “the intelligent edge,” for heaven’s sake!
What that means is that when it comes to integrating, securing, and trusting technology in our elections, there is a huge miasmic cloud of “tech stuff” to worry about, and it’s all too easy to just assume somebody else is handling it. Knowing the basics of how apps get installed on phones and interact with the cloud is no longer the stuff of expert coders, and we need to raise our expectations for basic literacy on that.
We shouldn’t expect everybody to know how to navigate the tech maze, but at the very least we all need to do a better job of knowing when to stop and ask for directions.
(p.s. I know “caucus” and “fracas” don’t technically rhyme but I couldn’t help myself.)
It’s not looking great for the biggest mobile phone show of the year, Mobile World Congress, which is set to take place in Barcelona this month:
More on Google
Google’s note on this seems wildly insufficient. At minimum, people should be informed exactly what videos of theirs were accidentally provided to other users.
In yesterday’s newsletter I was a little sloppy and quoted an old number from a story for Apple’s developer payouts ($120 billion) instead of more clearly citing the newer one ($155 billion). A couple of readers wanted me to expand on the reasons for the gap between Apple’s number and Google’s $80 billion, specifically that Apple’s number included money distributed in China while Google’s doesn’t. Fair, but I don’t know if that difference really makes up the gap for Android developers — the overall point still stands that despite Android’s larger numbers, there still seems to be more money in making iPhone apps.
Here’s that promised analysis of YouTube’s $15 billion revenue number from Julia Alexander.
More from The Verge
When all you have is a hammer...
We talk a lot about how the central problem with broadband access is the lack of fiber cable infrastructure. Google Fiber’s travails are a good example of how hard it is to actually get that done. Nick Statt points out that Google was paying much higher fees to get access to TV content than other broadband providers who also just happen to be cable companies, which is another limiting factor to new players trying to lay fiber that I hadn’t considered.
Ashley Carman is one of the world’s best reporters on how seemingly small product decisions influence personal behavior and — in this case — culture. It’s absolutely wild to think about how multi-million dollar productions feel pressure to adopt the same tropes that YouTubers use to engage their audiences as a way to boost their chances in the algorithm.
A source familiar with the show says the shoutouts were a creative decision rather than a Netflix-required one, which could speak to the pressure creators feel when competing within Netflix itself and against other original series.