An institute that studies election security criticized the Nevada Democratic Party for planning to use a digital tool for its caucuses, arguing that Nevada was likely to run into many of the same issues that Iowa did with its voting app last week.
The Open Source Election Technology (OSET) Institute began its Twitter thread Sunday with a link to a story from The Nevada Independent, which detailed how the Nevada Democratic Party (NDP) will be using a digital “tool” on the day of that state’s caucuses on February 22.
The Independent reported that NDP staffers made a distinction between its tool and the app that was used by the Iowa Democratic Party for their caucuses on February 3. A faulty app that was not tested properly and had coding issues led to delays of the Iowa results.
“Deja Vu; this time in NV,” OSET’s first tweet read. “Let’s be clear from the start: their’s is an ‘App’ and no designation of “tool” changes that. Let’s stop playing word games here. The fact that its pre-loaded & may not use mobile connectivity is the only ‘difference.'”
The institute dismissed the NDP’s distinction between an “app” and a “tool,” arguing that any difference between the two was superficial.
“It’s nonsense to get caught up in nuanced definitions over App vs. Tool in order to separate their upcoming caucus from Iowa,” OSET’s explained. “This is lipstick on the pig. An ‘App’ is the digerati abbreviation for ‘software application’ distributed over mobile networks (e.g., ‘5G’ services).”
2/ It’s nonsense to get caught up in nuanced definitions over App vs. Tool in order to separate their upcoming caucus from Iowa. This is lipstick on the pig. An “App” is the digerati abbreviation for “software application” distributed over mobile networks (e.g., “5G” services).
— OSET Institute (@OSET) February 9, 2020
Twitter
OSET noted that there were two key differences between the app used in Iowa and the tool the NDP is set to use: First, the latter is “pre-loaded [and] configured by IT support,” and the iPads that contains the tool will be distributed. Second, the tool itself does the work of calculating the caucus results. However, that was where the differences endedwhich does not bode well for Nevada, according to OSET.
“Although it appears they have [two] more weeks than Iowa had, they *still* suffer from much of the same product management missteps, the first & foremost being doing *nothing* to engender *trust* (communication + transparency) in what they’re doing,” OSET said.
4/ But that’s where it ends. Although it appears they have 2 more weeks than Iowa had, they *still* suffer from much of the same product management missteps, the first & foremost being doing *nothing* to engender *trust* (communication transparency) in what they’re doing…
— OSET Institute (@OSET) February 9, 2020
Twitter
OSET also wrote that the same issues with the app used in Iowa appeared to be present with Nevada’s tool: “lack of adequate testing (all aspects); transparent code vetting; training (read the article in #1 above); security audit; and above all, resiliency planning.”
6/ They say only a fool makes the same mistake twice. So, let’s start with the DNC (and in this case plus the NDP) immediately being transparent: A) *who* developed the App? B) *who* vetted the code? C) *who* tested the App and Service? 🤔And…
— OSET Institute (@OSET) February 9, 2020
The organization also called for the NDP to be more “transparent,” and an answer a plethora of questions about the tool: Who developed the tool? Who has tested it? How it will be used to report the results of the caucus?
8/ …F) *who* exactly reviewed & signed-off on this App (including those at the DNC)? Which security experts were brought in to (re)configure the NV solution (as the article above describes)? In short, if the DNC & NDP want to improve *trust* in all of this, then…
— OSET Institute (@OSET) February 9, 2020
Twitter
“In short, if the DNC & NDP want to improve *trust* in all of this, then do the right things,” OSET suggested. “A) communicate and be totally transparent. B) name names. C) identify organizations involved, D) clearly describe the system- how it works & why you believe it will be different than the @ShadowincHQ Iowa disaster, and E) disclose who the vendor is and whether its still @ShadowincHQ or their work handed over to another vendor.”
10/ …E) disclose who the vendor is and whether its still @ShadowincHQ or their work handed over to another vendor. F) do this now with 14 days to go. Otherwise this is potentially another #failure in the making. In fact, we’re going to make some predictions here…
— OSET Institute (@OSET) February 9, 2020
Twitter
The institute predicted that “the DNC & NDP will *not* engender any trust by failing to completely answer these questions” and that there will be problems with the app on Caucus Day.
“Please prove us wrong,” read the final tweet in the thread. “Otherwise, there will be very serious questions about *why* this money was spent to build unnecessary Apps in the first place. Stay tuned.”
12/ Please prove us wrong. Otherwise, there will be very serious questions about *why* this money was spent to build unnecessary Apps in the first place. Stay tuned. /End
— OSET Institute (@OSET) February 9, 2020
Twitter
According to its official website, the Palo Alto, California-based OSET Institute focuses on “researching, developing, and making innovative election software public technology … in order to increase verification, accuracy, security, and transparency … and ensure that ballots are counted as cast.”
Newsweek contacted the Nevada Democratic Party for comment on OSET’s comments but did not receive a reply before publication.