ACRONYM, a non-profit organisation lead by former Obama campaign worker Tara McGowan, appears to have admitted one of its companies, Shadow Inc. was responsible for building the application at the heart of today’s Iowa caucus imbroglio.
In an oddly worded statement, ACRONYM spokesperson Kyle Tharp said: “We are reading confirmed reports of Shadow’s work with the Iowa Democratic Party on Twitter and we, like everyone else, are eagerly awaiting more information.”
(As the company owner, it was not immediately clear why ACRONYM would choose to refer to “confirmed reports on Twitter” rather than itself confirm Shadow Inc. built the application at the heart of today’s electoral crisis in the US state).
The DNC has some great security people now, but my understanding is that this app was sourced by the state party and they haven’t provided any recognized experts access to test it. Not a process that engenders faith in the system.
Shadow Inc. (“building political power for the progressive movement with technological infrastructure”) said in July 2019 that it had been bought by ACRONYM.(ACRONYM describes itself as having in January 2019 “launched Shadow, a tech company focused on enabling organizers to run smarter campaigns”).
Shadow Inc.’s CEO Gerard Niemira was previously Head of Product for the Hillary for America campaign and also previous CTO for ACRONYM, his LinkedIn shows.
McGowan’s husband Michael Halle is a Pete Buttigieg strategist. Buttigieg controversially declared victory in Iowa, despite the absence of official results.
The relationships have proven rich fodder for conspiracy theorists, after the bungled caucus count in Iowa, with a winner yet to be announced.
The application in question did not go down and was not hacked, local officials say, but appears to have reported figures at odds with those in photos. Former Facebook CISO Alex Stamos was among those taking to Twitter to suggest the application had not been provided to “any recognised experts to test it.”
ACRONYM has a registration page to for those interested in “tools assessment”. It is insecure, Computer Business Review found when visiting.
Iowa’s caucus system involves 1,678 gatherings where voters express their presidential preferences—and try to convince one another to take their side. Voters stand in a location of the room allocated to their favoured candidate. Those whose first choice candidates don’t hit a “viability threshold” can move to another choice.
Local party communications director Mandy McClure said: “We found inconsistencies in the reporting of three sets of results. In addition to tech systems being used to tabulate results, we are also using photos of results and a paper trail to validate that all results match and ensure that we have confidence and accuracy in the numbers we report. This is simply a reporting issue, the app did not go down and this is not a hack or intrusion. The underlying data and paper trail is sound.”
It appears likely from reports thus far that the app was rolled out with inadequate training for users, resulting in tallying inconsistencies.
With Twitter sleuths racing to track down and test a build of the application, many stumbled across another application, “CaucusClick” set to be used for an upcoming vote in Utah. As the security began to prod and poke the application for bugs and security vulnerabilities, the CEO of its creator, Cerenimbus, had a thanks for “those who have reported bugs” and acknowledged it was still in testing four weeks ahead of its use.
I am the CEO for Cerenimbus, the maker of CaucusClick. My thanks to those who have reported bugs. This app IS NOT the one used in Iowa. This app is for Utah, for use at the end of March. The app is in testing of software changes, which is why you see some ugly messages.