Motherboard is publishing the app used to tabulate early voting results in Iowa’s Democratic Presidential primary.
The app, called IowaReporter, ultimately won't affect the vote totals of the Iowa caucuses, which are being recounted with paper ballots and other hard documentation. But the app's failure—and the widespread attention this failure has received—spurred chaos on election night, followed by speculation, conspiracy theories, and political jockeying.
To try to combat that misinformation, it's necessary to offer complete transparency on what the app is, what it can and cannot do, and why it failed.
Election tech companies and the media are pushing for faster ways of reporting vote totals using apps like IowaReporter, which was developed by a company called Shadow Inc. But experts still agree that the most reliable, secure method of tallying votes is by using an offline solution that has a paper backup. In Iowa, the app was only intended for early vote reporting, which is used to disseminate results to the media. Once the app began failing on Monday night, Iowa abandoned it. The DNC confirmed to Motherboard that the app won’t be used again in any subsequent primary election, and Shadow Inc. told Motherboard that the app's back-end servers have been completely disconnected.
Companies like Facebook, Google, and Apple use bug bounty programs to secure software by having a wide range of security experts test for vulnerabilities that are then patched. Tech companies also increasingly use open source software, and penetration testing is now one of the cybersecurity world’s largest sectors.
In the run-up to the primary, the Iowa Democratic Party (IDP) declined to name Shadow as the company that developed the app. The IDP reportedly declined an offer by the Department of Homeland Security to test the app in advance.
"The app was sound, the data that came out of the app was sound, the math that was done on the app was sound," Gerard Niemira, CEO of Shadow Inc., told Motherboard. "All the the results we collected on the app were sound and have been verified as such," but he did acknowledge that, when caucus data was being moved to an IDP validation server for verification, a data formatting problem resulted in an error that caused some of Monday's problems.
Motherboard obtained a copy of the app. By decompiling and analyzing it, it’s possible to learn more about how the app was built and what might have gone wrong during the Iowa caucus. We reached out to several security researchers and asked them to analyze it for us, and have published an article about their findings.
Motherboard waited to publish the app until Shadow, which controls the app's back-end servers and accounts, confirmed that it had been taken offline. Niemira stressed that no voter data could be accessed from the app or from any of the databases it used.
What we are publishing is an inert app that is no longer being used for an election, that the DNC has stated will not be used in future elections, and that is no longer connected to backend servers or services.
But app developers, security researchers, election officials, and politicians can still learn from the shortcomings of this app's design to help inform future decisions about the use of internet-connected apps and voting machines. If election officials and technology companies decide to move towards digital voting, app-based vote reporting, and internet-connected voting machines, those systems must be secure and trustworthy. To ensure this, it is imperative to be transparent about what has been tried before and where it went wrong.
We are publishing the Android .apk file on our website. Anyone who would like to explore the app further and share findings can contact security reporter Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, OTR chat on firstname.lastname@example.org, or email email@example.com.