
Mysterious startup Shadow under scrutiny after Iowa caucus meltdown - cpeterso
https://venturebeat.com/2020/02/04/mysterious-startup-shadow-under-scrutiny-after-iowa-caucus-meltdown/
======
VengefulCynic
As an Iowan who has had the dubious pleasure of having used Shadow's software,
I would like a lot of scrutiny directed at both Shadow and their software.

I worked as a Precinct Captain for one of the Caucuses in Iowa last night, and
I didn't personally have any issues. But I heard from colleagues who
definitely did. Also, yesterday we got an email with a 7-page google doc
instructing us on how to reset the browser caches on our phones to avoid
issues with data carry-over from the Mock Caucuses that we had been holding.

It's entirely possible that my ability to follow directions and my status as
Not-an-Octegenarian-Caucus-Volunteer is all that kept me out of trouble.

As a software guy, all I can say for sure is that I'm overwhelmingly grateful
that we kept paper backups so we don't have to rely on this software.

~~~
munk-a
All software involved in the voting process should (1) not exist except for
tallying and communication purposes (no electronic voter records) and (2) be
open sourced and verified by known third parties.

Four days ago when the register dug into this they were refused access to test
the app[1], they were not given mockups or any information about the UI[1],
they weren't told who developed the app[1], they weren't told how the contract
was given out to develop the app[1], they weren't told why the app was thought
to be necessary[1], and they were told the app was verified by a third party
testing firm but that who that was couldn't be disclosed[1].

Iowa moving forward with this app was extremely ill-advised and I'm actually
rather sad that the register didn't raise more hell on receiving all these red
flags.

1\. A red flag...

~~~
aksss
security by obscurity is not security.

------
supernova87a
Enough with the conspiracy, mystery, scheming, evil explanations of what's
going on. Sufficiently advanced incompetence is indistinguishable from malice,
and that's all that's going on here.

This is a bunch of amateur app coders, managed by amateur product designers
and sales people, who got paid by clueless amateur voting registrars, to make
an app that was rushed, not tested at scale, deployed without training, and
allowed to get Iowa into this situation by someone not treating it with the
seriousness it deserved.

No more, no less. Just normal human incompetence.

~~~
tathougies
So the argument is that former members of the Clinton campaign -- highly
competent individuals familiar with elections -- put together a company
comprised of 'amateur app coders' paid by 'clueless amateur voting
registrars'?

The founder, Gerard Niemira and Krista Davis, have a great pedigree. Niemira
was formerly at kiva.org. Davis was on the Clinton campaign tech team. These
are not incompetent individuals.

Now, you may be right that this is all incompetence. However, your contention
that these are 'amateur coders', managed by 'amateur product designers',
getting paid by clueless 'amateur voting registrars', is completely
ridiculous. The leadership team is clearly professional and tech-savvy..

~~~
honkycat
"The leadership team is clearly professional and tech-savvy.."

And yet they failed miserably.

I'm so sick of this attitude. Leadership never takes the fall, it is always
the underlings who get the blame.

Their important high visibility project failed. The leadership failed. When
you fail, that means you did not perform in a competent way.

~~~
tathougies
I think you mistook me. I am clearly blaming the leadership team, but not for
incompetence. For actual malice. They clearly knew what they should do, and
decided not to. That should be something they are punished for, not their
employees.

~~~
paulgb
If you're claiming malice, what's the theory of malice? Who benefits from
this?

~~~
tathougies
I don't have a theory... I'm just noting that professional neglect at this
level is malice, whether due to laziness or actual ill intent.

Like, if I sold someone a piece of software that I knew hadn't been tested and
told them it worked great, that is malicious behavior, whether my motive was
to make a quick and easy buck, to eat ice cream instead of doing actual work,
or to ensure that my customer failed. The behavior is malicious independent of
motivation.

~~~
paulgb
Malice refers to intent, the idea of "malice... without ill intent" doesn't
make sense. That's why Hanlon's Razor is worded as it is. By your definition,
any shoddy work could be considered malicious.

I get your point though, I think we're just arguing semantics.

~~~
aksss
"negligence" is probably the word that's being sought here.

------
protomyth
They named the company Shadow. I am reminded of the movie quote "They
literally call themselves Decepticons. That doesn’t set off any red flags?".

I can almost see the name used in countries that have legitimate shadow
governments, but in the US this is a really bad name akin to having cavalry in
the name when focusing on the reservations (yes, someone did, they though it
was cute and they did prove unhelpful). Names are a first impression and this
is a really bad one.

~~~
dguaraglia
This and 'Fraud Guarantee' will go down as the stupidest company names of the
decade, whether they were involved in malfeasance or not.

~~~
generationP
"Fraud Guarantee", supposedly, was meant to mitigate the effect of having
"fraud" pop up as the first suggestion when you google for Parnas's name. (See
[https://lawandcrime.com/high-profile/now-we-know-why-
indicte...](https://lawandcrime.com/high-profile/now-we-know-why-indicted-
giuliani-associate-named-his-business-fraud-guarantee/) .)

~~~
dguaraglia
Hah, in that case it's not as stupid of a name. Reminds me a bit of how
Blackwater keeps changing names every few years to avoid the PR nightmare
associated with... well, being a bunch of mercenaries killing people for
money.

------
davinic
Mysterious startup? Seems identical to almost every small dev shop I've ever
seen, complete with bizdev people who over-promise and clients who might not
know better. My understanding is that they started development just 2 months
ago and never bothered to train users. That's all I need to know.

~~~
donarb
MSNBC interviewed a precinct captain who stated she had no problems with the
app. Last week they were given test PINs for training purposes so training was
provided.

~~~
davinic
Sure, but many did, and many because they were in rooms with large numbers of
people and they were depending on wifi and cell service, which often fails in
those situations. Then throw in different phones, OSs, versions, etc. Word is
that this app was rolled out with no user training.

------
munk-a
How loud do all the software developers need to yell "use paper ballots"
before people figure out that electronic counting (for quicker results) isn't
a terrible idea, but electronic records and simply adding more technology to
the system makes voting confirmation and integrity weaker.

This app had no reason to exist - there isn't a reason why they couldn't use
almost any other approach to collect the results for publishing - there are
very few numbers to keep track of and people are only looking for provisional
numbers on election night anyways.

~~~
coredog64
Paper ballots are already being used. There is an exquisite paper trail, with
signed and personally identifiable records being kept until the convention.

------
lostgame
Shadow, Inc.? Really? Sounds like a Bond villan's organization, what a strange
name, especially with 'mysterious' put before it.

~~~
LOL_Arch_Linux
It is an odd choice of a name for a company that wants to build public-facing
applications for the Government.

------
tempsy
I have no idea what all the features of this app are but nothing I’ve heard
makes it sound like this couldn’t have been accomplished using a google form
and google sheet

------
jstewartmobile
Considering the "butterfly ballot" and the "hanging chad," what on earth made
someone think an app was a good idea where people can't even figure out paper?

The process needs to be dumbed-down--kindergaten style. Give everone a
jellybean to put in their candidate's jar, and if some dummy eats his
jellybean instead of depositing it...

~~~
elicash
The bigger problem wasn't that the app used by precinct campaigns to report
back to the Dem Party, it was the convoluted rounds of voting that didn't add
up in some precincts and caused the party to have to review all of the paper
backups.

So yeah, getting rid of the caucus (which is undemocratic anyway) and letting
people just vote for who they want is the solution. Fixing the app doesn't fix
that people were too confused in certain precincts to count it correctly.

------
ourmandave
Shadow, we move fast and break Iowa.

------
jeffFrom18F
Probably being wildly naive here, but wouldn't it be better if there were an
open-source solution for this sort of thing that could be used by both
parties?

~~~
elicash
Every state has a very different process. Even within the same state, Iowa
Dems and Republicans have a different process. The work this company did in
_Nevada_ for their caucus (which now reportedly will not be used, for obvious
reasons) had to be a different solution than the one for Iowa. But yeah,
somebody could probably build an open source solution that has the calculator
and other functions.

I think they'll likely go back to just transmitting via phone, though.

------
Stranger43
I don't get the mystery angle, it's the usual loyalty over competency game
where the insiders reward you from having done work for an previous campaign
or being an grassroot college activist by making sure you keep getting work.

It's the good old pork barrel and an proud American tradition that overstayed
it's welcome with the general public but remains a big part of America's
political economy.

------
brutal_chaos_
Many comments here and in other threads regarding this app seem to put blame
on the DNC. Please note, however, the app was commissioned by the Iowa
Democratic Party (IDP), not the DNC.

------
solarkraft
Why exactly was this app needed at all? Couldn't a $13 node.js app or telegram
bot have done the job of receiving a number from under 2000 people just as
well?

~~~
Stranger43
Apps are cool man!!!

It's kind of part of the general back to the 90ies mentality of the DNC, yes
there absolutely no need for an custom app to do this especially given it's a
caucus and not a closed box election, and as there is no reason for keeping
the raw data secret doing the counting process, an signed message on any
platform(it could and should be public) would be sufficient security.

Heck telefaxes with an off the shelf OCR business grade solution at the other
end would have been fast effective and likely cheaper but would have meant
less opportunity for the Iowa party bosses to mingle with the well connected
Washington apparatus.

This just smell of vanity project where a bunch of low power politicians felt
their status would increase with an successful app launch only to have the
whole thing blow up in their faces.

------
ghostoftiber
Wow I disagree with the tone of the article. They're comparing the operations
of the Shadow company with the Trump company. That's a false equivalence -
Trump as purchasing social media services. Shadow is literally inserting
itself into the tally and facilitation of the voting process, and it's got
links to Clinton.

That's not social media advertising, that really smacks of straight up voter
fraud and abuse to me.

~~~
elicash
Obviously Dem vendors will have worked with Dem candidates.

I'm working with a vendor right now that works with Bloomberg, even though my
org hasn't endorsed yet. (We wall that Bloomberg consultant off from our work.
If we couldn't work with firms that worked with any of the candidates, then we
couldn't hire ANYBODY.)

~~~
ghostoftiber
That's not the concern - the concern is that a company which doesn't seem to
list it's roster or have any public information about it is now attaching
itself directly to the voting systems. The Community has been in an uproar
before about how opaque code is in voting machines, why shouldn't we be
concerned about not only the code but the employees of a company who are
involved in voting?

~~~
elicash
These aren't voting machines. "Involved in voting" is quite misleading. The
app doesn't actually help with the voting part. They help in the calculation
of delegates and the transmission.

The votes are recorded on paper. This had a calculator tool (that actually
functioned correctly) to count the delegates. The part the failed was the
transmission of results to the Iowa Dem Party. The back-up (in addition to
paper) was the phone hotline they normally use, but that got overloaded.
Additionally, the overall caucus process for reporting -- unrelated to the
tech -- was more convoluted this time around and the numbers didn't match for
the different rounds of voting. This bigger problem caused the party to have
to go back to the paper backups in order to verify results. That's what took
so long.

I'd be shocked if anybody actually disputed any of the results. Every campaign
keeps their own records of as many precincts as possible and they're announced
to everybody attending. Plus, there's the paper. And people record video of
these events on their phones these days, too.

In short, this wasn't a voting system, as you claim. It was a reporting
system. What's the vendor they used for the _phone_ reporting system? Are you
upset that you don't know the names of the employees who run that phone
hotline system? I'd be fine with a requirement for that for reporting systems,
but nobody has ever asked for it previously for past elections so we shouldn't
be shocked we don't have it now.

Also, when you said it had "links to Clinton," I took it as you had a concern
about that. Glad we're both in agreement that it's actually quite normal for
vendors that Dem Party would and should use. It's normal - encouraged, even! -
for Democratic vendors to work with Democratic candidates.

~~~
ghostoftiber
> Organizers of the local meetings were supposed to use the app created by
> startup Shadow to report results from Iowa’s unusual voting system. In the
> caucuses, people wishing to support a candidate must be physically present
> at a meeting, where they stand in groups and wait to be counted.

> To make that process more efficient, the Iowa Democratic Party gave local
> managers the Shadow app to input results. But results were delayed and
> backup measures — such as calling a hotline — also failed, according to the
> New York Times.

From the article, I definitely read that as the app is the way that results
were reported. I also read it as the phone and paper ballots were the backup
systems.

The app absolutely is involved in voting, even if it's not the most
authoritative resource, nor should it be. This was discussed last year (for
example) in:
[https://www.desmoinesregister.com/story/news/politics/2019/0...](https://www.desmoinesregister.com/story/news/politics/2019/07/08/iowa-
caucuses-nevada-voting-phone-2020-presidential-election-democratic-dnc-how-to-
caucus-vote/1677812001/)

> What's the vendor they used for the phone reporting system?

Dunno, we should find out, and then find out why that wasn't correctly
implemented either. Who's brilliant idea was it to accept election results
over the same line which served the helpdesk?

> Are you upset that you don't know the names of the employees who run that
> phone hotline system?

Yes, you should be too.

~~~
elicash
> I definitely read that as the app is the way that results were reported

That's my point. It's about how caucus managers tell the Iowa Democratic Party
how many votes there were, for who, in each round. It has nothing to do with
how people actually vote, which is done by walking into certain corners of the
room and filling out pieces of paper.

I want a comprehensive, independent audit of all of the things that went
wrong, done by an entity that every single campaign would have veto power over
selecting. I don't care to know the names of the people who built the phone
system, personally, since it'd be part of my recommended audit, but have no
problem with a rule that makes them public moving forward because why not. I
don't like the idea of making the lives of developers miserable when this
seems like a problem at EVERY LEVEL -- at the Iowa Dem Party, DNC, individual
campaigns that didn't object, owners of this company, and sure, the
developers, too.

