
A Link to the Shadow Inc. App That Blew Up the Iowa Caucus - dsr12
https://www.vice.com/en_us/article/z3b3g9/here-is-a-link-to-the-shadow-inc-app-that-blew-up-the-iowa-caucus
======
minimaxir
Security experts also decompiled the app:
[https://www.vice.com/en_us/article/3a8ajj/an-off-the-
shelf-s...](https://www.vice.com/en_us/article/3a8ajj/an-off-the-shelf-
skeleton-project-experts-analyze-the-app-that-broke-iowa)

~~~
Roboprog
Thanks. As basic (and utterly unnecessary/counterproductive) as this app
(client) is, it looks like the real villain is the server side.

------
Roboprog
Ob:
[https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_Ref...](https://www.cs.cmu.edu/~rdriley/487/papers/Thompson_1984_ReflectionsonTrustingTrust.pdf)

E voting shouldn’t exist. How badly it was implemented is moot.

~~~
dkarl
This isn't e-voting. The job of this software was to accomplish basically the
same thing as emailing some numbers to headquarters and entering them into a
spreadsheet. Precinct officials reporting their results can (and should) check
that the results they reported are the same results received at the state
level. You can see from the results that have been made public [0] that the
precinct numbers are very easy to check by hand, and the math to combine the
results can and should be independently checked by, say, copy-pasting the
numbers into an Excel spreadsheet. No trust required, none of the
complications involved in recording and verifying individual private ballots.

Even if the software was compromised, the incorrect numbers would be detected
by independent checks — the same checks you have to do anyway to guard against
data entry errors and typos in Excel formulas — and the correct results could
still be calculated. There was no way a hack could have done anything worse
than delay the release of the results, leak the results prematurely, or
possibly induce the party to release some manipulated initial results if they
were careless enough not to do any internal verification before releasing the
results to public scrutiny.

Everything involved in running an election can be done poorly. If we
unconditionally rail against software being used at all, then sure, we can
show off our clean hands when something goes wrong. But we accomplish nothing
to stop someone who doesn't know better from hiring a contractor who, like in
this case, doesn't do the job responsibly.

This software should exist. It should be subjected to an independent security
audit, thoroughly tested, supplemented with user training, and trusted only if
the results are independently verified at every step. Which is to say, not
really trusted. But it should exist.

[0] [https://results.thecaucuses.org/](https://results.thecaucuses.org/)

~~~
jakeogh
It's electronic voting. "Votes in transit" (Scott 2019):

Why Electronic Voting Is Still A Bad Idea:
[https://www.youtube.com/watch?v=LkH2r-sNjQs](https://www.youtube.com/watch?v=LkH2r-sNjQs)

It's also a standard incrementalism tatic.

~~~
dkarl
These are not votes. These are public tallies that can be verified by anyone
who was present at the precincts.

> It’s also a standard incrementalism tatic

This assumes the public is smart enough to make an informed distinction now
but will lose that ability in the future.

------
arnautdaniel
The amount of code, libraries, and resources needed to make this glorified
calculator on a "smartphone" is truly overwhelming.

Could literally do the same thing extremely well with an ncurses program and a
damn ssh link back to home.

Could literally have done the same thing with Google docs.

But no it's gotta be an app so Susan can use her smartphone. This is an
official event, not an ad hoc conversation during soccer practice. Yet,
apparently no one could setup a small desktop or a laptop to handle a
singularly simple task and do it well.

Instead, social onus and seemingly common wisdom says everything must be a
fancy looking app, and proceeds to throw 60k down the drain to accomplish
nothing.

I'm impressed.

------
brigham
The link to the APK is in the last paragraph of the article.

