Zeynep Tufekci writes:

The [Democratic] party paid [the for-profit tech firm] Shadow $60,000 to develop an app that would tally the [Iowa caucus] results, but gave the company only two months to do it. Worried about Russian hacking, the party addressed security in all the wrong ways: It did not open up the app to outside testing or challenge by independent security experts.

This method is sometimes dubbed “security through obscurity,” and while there are instances for which it might be appropriate, it is a fragile method, especially unsuited to anything public on the internet that might invite an attack. For example, putting a spare key in a secret place in your backyard isn’t a terrible practice, because the odds are low that someone will be highly motivated to break into any given house and manage to look exactly in the right place (well, unless you put it under the mat). But when there are more significant incentives and the system is open to challenge by anyone in the world, as with anything on the internet, someone will likely find a way to get the keys, as the Motion Picture Association of America found out when its supposedly obscure digital keys, meant to prevent copyright infringement, quickly leaked. Shadow’s app was going to be used widely on caucus day, and independent security experts warned that this method wasn’t going to work. The company didn’t listen.

If Shadow had opened up the app to experts, they likely would have found many bugs, and the app would have been much stronger as a result. But even that process would not have made the app secure. An app that is downloaded onto the phones of thousands of precinct officials across Iowa—with varying degrees of phone security and different operating systems—cannot be fully protected against Russian or any other hackers. Underground “hacks” for sale allow remote attackers to infiltrate phones, especially ones without the latest system updates, as is the case for many Android phones. Creating a more hardened phone network is possible, but that would require issuing secure phones to every official, and providing training and technical support. There is no indication that any of that was done here.

But why bother hacking the system? Anything developed this rapidly that has not been properly stress-tested—and is being used in the wild by thousands of people at the same time—is likely to crash the first time it is deployed. This has happened before, to Orca, Mitt Romney’s Election Day app, which was supposed to help volunteers get voters to the polls, but instead was overwhelmed by traffic and stopped working, leaving thousands of fuming voters without rides. It happened in 2008 to Barack Obama’s app, dubbed Houdini, which also crashed on Election Day. It happened to HealthCare.gov—the website that was launched to help people find coverage under the Affordable Care Act, but that failed so badly, it took a team of people from Silicon Valley who quickly and voluntarily left their much cushier jobs and worked seven-day weeks for months to fix it. [Continue reading…]