author photo
By Bruce Sussman
Tue | Feb 4, 2020 | 8:51 AM PST

After a night of confusion and uncertainty in which no results were reported for the Iowa Democratic caucus, people are searching for answers.

As in, searching on Google.

The search giant reveals what people are most often searching in its suggested list which pops up. "Was Iowa caucus hacked?" is in the number one spot. Take a look:


I texted a coworker during the caucus coverage Monday night, wondering the same thing.

As a cybersecurity journalist, I probably consider the hacking possibilities more than most, but it was hard not to wonder.

Both CNN and Fox News started voicing concerns last night and adding breaking news banners that something was wrong. The caucus was over and there were still zero results being announced. Look at the chyrons here:




Adding to the fire was a statement from the Iowa Democratic Party that it was dealing with "inconsistencies" in the voting data.

Now, let's address the question at hand.

Was the Iowa caucus hacked?

According to the Iowa Democratic Party, the Iowa caucus was not hacked. However, the party knows people are asking about this possibility.

In a statement the morning after the Iowa caucus, the party answered the question directly:

"We have every indication that our systems were secure and there was not a cyber security intrusion."

It also emphasizes that it took steps to protect the process:

"In preparation for the caucuses, our systems were tested by independent cybersecurity consultants."

Based on the statement by itself, it is hard to know how in-depth the cybersecurity analysis was. But for now, we'll have to assume hacking was not the issue.

Acting U.S. Homeland Security Secretary Chad Wolf told NBC News the federal government offered to test the caucus app for cybersecurity but the Democratic Party turned down that option.

Still, during the delay in results, Wolf said DHS did not detect any hacking.

"But what I would say is that, given the amount of scrutiny that we have on election security these  days, this is a concerning event and it really goes to the public confidence of our elections."

What went wrong in the Iowa caucus?

This story is being published about 14 hours after the Iowa caucuses started. And the Iowa caucus results page still shows no results from the night before:


So what went wrong? The Iowa Democratic Party (IDP) says its new election app to be used by leaders at each of the 1,700 or so caucus sites did not work correctly. 

"As precinct caucus results started coming in, the IDP ran them through an accuracy and quality check. It became clear that there were inconsistencies with the reports. The underlying cause of these inconsistencies was not immediately clear, and required investigation, which took time.

As this investigation unfolded, IDP staff activated pre-planned backup measures and entered data manually. This took longer than expected.

As part of our investigation, we determined with certainty that the underlying data collected via the app was sound. While the app was recording data accurately, it was reporting out only partial data. We have determined that this was due to a coding issue in the reporting system. This issue was identified and fixed."

And the IDP says it has paper backups, so everything is on the up and up, it's just taking more time.

"Because of the required paper documentation, we have been able to verify that the data recorded in the app and used to calculate State Delegate Equivalents is valid and accurate. Precinct level results are still being reported to the IDP. While our plan is to release results as soon as possible today, our ultimate goal is to ensure that the integrity and accuracy of the process continues to be upheld."

How could the Iowa caucus situation happen?

Jack Mannino, CEO at nVisium, an application security company, says he can see how this Iowa situation probably happened.

"It's evident that, at a minimum, there was a failure to perform adequate functional and stress testing of the Shadow app and its back-end. Systems perform differently in pre-production and live environments due to a number of factors—volume of usage, heavy loads, simulated to real attacks, and/or app component failures. This is why exhaustive and comprehensive testing must be done across the software development lifecycle from prototype development through integration to pre-production (or simulated environment), and especially before live deployment for such mission critical applications."

The problems with the app used in Iowa already has another state changing course. According to CNN, the Nevada Democratic Party has ditched plans to use the same app, despite having already paid $58,000 to Shadow Inc.

U.S. Senator warned Iowa and others about new voting technology

For several years now, U.S. Senator Ron Wyden has made cybersecurity and digital privacy issues a key focus of his. This includes election security and the faith people have in the election process.

He says he reached out to the Iowa Democratic Party before the caucuses to see if it needed any federal help to test its app—but never heard back.

And he's now warning other states to avoid the same kind of digital disaster.


[RELATED: U.S. Senator Would Lock Up Cybersecurity and Privacy Leaders Who Fail]

Where can I check for the Iowa caucus results?

On caucus night, it was interesting to watch each of the Democratic candidates claim they have momentum from the Iowa caucus.

It reminded me of when my kids played elementary school basketball. Since no one has an actual score at the end of the game, each team can act like a winner.

In this case, the scores will be posted eventually.

We hope.

Update: The results started coming in around 4 p.m. Iowa time on the day after the caucus.

View: Results of the Iowa Democratic caucus