Throughout Monday’s caucuses in Iowa, according to press reports, precinct chairs across the state struggled to use a hastily-built and inadequately tested mobile app, developed by a shadowy for-profit tech company, to report results to the Iowa Democratic Party. This seems to have been the main cause of massive delays in the publishing of results from the caucuses.

A system where the vote is taken literally by having people stand around in groups is apparently being disrupted by a software failure. — matt blaze (@mattblaze) February 4, 2020

When the media learned last month that the Iowa Democratic Party planned to use a mobile app to report caucus results, the party refused to reveal many details about the app. It didn’t publish the app’s source code for independent security researchers to inspect nor give any information about how thoroughly the app had been tested (apparently, not very thoroughly). The party wouldn’t even name the vendor that it hired to develop the app (Shadow, Inc.), claiming that doing so could inadvertently help potential cyber attackers. Elected officials couldn’t get answers, either. The office of Sen. Ron Wyden asked the Democratic National Committee for details about the app three times in lead-up to the Iowa caucuses, but the requests were ignored, according to the Wall Street Journal. Wyden is himself a Democrat, representing Oregon.

My warnings about this technology were ignored, and the result is chaos and a loss of confidence in our elections. Unless states step back from using unproven technologies in our elections this will keep happening. https://t.co/gAjV2kJJjB — Ron Wyden (@RonWyden) February 4, 2020

This is the opposite of what the Iowa Democratic Party should have done. Hiding the details of how a computer system works does nothing to make it more secure. This is known as “security through obscurity,” and it provides a false sense of security, while making it harder for people to have confidence that the system actually works as expected. Election systems should instead rely on the information security principle of “open design.” The National Institute of Standards, the federal agency responsible for recommending standards that industry and government agencies should follow, lists open design as an important principle for designing secure computer systems. “System security should not depend on secrecy of the implementation or its components,” NIST’s Guide to General Server Security says.

This open design practice is commonplace in the software industry, particularly in systems that handle very sensitive data. The Signal app, for example, is widely known as one of the best designed end-to-end encrypted messaging apps. Unlike the Iowa caucus reporting app: Signal’s source code is freely available on the internet for anyone to inspect. You can find the Android source code in this repository on GitHub, the iPhone source code in this one, and the desktop app source code in this one.

The inner workings of Signal’s encryption algorithm are publicly documented, and the implementation has been peer-reviewed. While it’s possible that cyberattackers could use this wealth of information about how the app works to find vulnerabilities, the benefits of open design by far outweigh the risks. When flaws are inevitably found, they are more likely to get fixed rather than to be quietly exploited by attackers, and the software ecosystem as a whole improves because of it. And, perhaps most importantly, open design gives users confidence in the security of the app without having to blindly trust the claims of the developers.

The Iowa caucus debacle is about rapid reporting of results, not about voting itself. Please keep those two things separate. The votes are backed on paper. The problem was the delivery system for reporting results quickly. — Kim Zetter (@KimZetter) February 4, 2020