The mobile app that appears to have caused problems during the Iowa presidential caucuses was built by a small Washington, D.C.-based company called Shadow Inc., the tech arm connected to nonprofit progressive digital strategy firm Acronym, according to people familiar with the matter.
State records show that the Iowa Democratic Party paid Shadow a little more than $63,000 over two payments in November and December. Shadow describes itself as a company that builds “affordable and easy-to-use tools” for progressives, according to its website.
In a statement, the Iowa Democratic Party said there had been no evidence of a hack of the app. The party hasn’t publicly disclosed the identity of the app’s creator, a decision that previously prompted alarm from cybersecurity experts.
In a statement late Monday, Acronym distanced itself from Shadow, saying it was one of a number of investors in the company. Acronym also said it was “reading confirmed reports of Shadow’s work with the Iowa Democratic Party on Twitter” and awaiting more information from the party about what had happened. Last year, Acronym’s Chief Executive Tara McGowan said it was launching Shadow as part of an acquisition of a political customer-relationship management tool.
The problems that surfaced Monday deeply frustrated party officials in Iowa, where voting was supposed to have wrapped up hours ago. Some precinct chairs struggled to transmit caucus results, according to people familiar with the situation, both via a mobile app and by a backup telephone system.
The state party said last month that it would record votes from the Iowa caucuses using the smartphone app because they said it would be easier and faster to report results from some 1,700 caucus sites.
The app was intended to help the precinct chairs record the results from each round of voting and take care of the delegate math. Then the precinct chair was supposed to use the app to send the results to the Iowa Democratic Party.
But critics expressed concern about the reliability of the app given security concerns around the 2020 elections. Cybersecurity experts also roundly criticized the Iowa Democratic Party’s decision to not identify the app maker publicly or allow it to be subject to open security and reliability testing.
The cybersecurity wing of the Department of Homeland Security recently offered to do some security testing on the app but the Iowa Democratic Party declined the outreach, according to people familiar with the matter. DHS declined to comment on the app, referring questions to the Iowa Democratic Party. After being sent multiple requests for comment, a spokeswoman for the Iowa Democratic Party said that she was checking about this and would circle back.
The state party has defended its plan, with officials saying in January that they were confident in their security systems and that if there were errors, the party would be able to correct them because there would also be paper records of the votes.
Monday’s challenges were the latest example of the perils that can result when technology is introduced to the voting process. Though digitized election equipment can often streamline vote tabulation and reporting, it introduces often unforeseen vulnerabilities that can shake public trust in the democratic process—a concern that has been top of mind for election officials since Russia’s interference in the 2016 presidential contest.
Last summer, the Iowa Democratic Party dropped plans to allow voting by phone—so-called “virtual caucuses”—after the party’s national committee objected to the proposal due to security concerns.
The apparent app mishap wasn’t the first time that the Democratic Party has faced technical issues due to a vendor. In 2018 the party’s national committee had to walk back the announcement of a suspected attempt to hack its voter database after it learned the issue was a false alarm set off by a security firm that detected a phishing test built by DigiDems, a volunteer group of technology experts that does work for Democrats.