In 2012, the Iowa Republican Party named Mitt Romney (now Utah's senator) as the winner of its presidential caucuses. But 16 days later, long after Romney rode a wave of momentum into New Hampshire, the Iowa GOP said that then-Pennsylvania Sen. Rick Santorum had actually won after votes that weren't turned in on caucus night were counted.
In 2016, Democrat Hillary Clinton and Independent-turned-Democrat Bernie Sanders virtually tied in the delegates they had won to the next stage of Iowa's process. At 2:30 A.M. the next day, the Iowa Democratic Party said that Clinton had won 699.57 state delegate equivalents, while Sanders won 695.49 delegates. Her spokesman declared victory and she got the headlines.
With 2020's Iowa caucuses days away on February 3 and a tight Democratic field, the question if some version of history will repeat itself is not conjectural. But today's scenarios mostly concern a disruption of the caucus process in Iowa in cyberspace: from either sabotaging the voting technology or disinformation about the reported outcome. The same threats would also face Nevada, 2020's third contest and also a state party-run presidential caucus.
National media like National Public Radio and the Associated Press have worried that Iowa's use of a smartphone app by 1,600-plus precinct chairs to report local results is a cybersecurity risk. The Washington Post has worried about disinformation because the Iowa Democratic Party will release two potentially conflicting figures — raw vote counts and delegates awarded. (Nevada is also using a precinct-reporting app and will release these same figures.)
The response to these threats has been predictable. Officials at the Iowa Democratic Party, the Nevada State Democratic Party, Democratic National Committee and even the federal Department of Homeland Security (whose election security team has worked with both states) all said that many steps have been taken to avert threats that could disrupt the process. The state parties also further said that they have ramped up efforts to combat disinformation.
"Iowa Democrats have worked in partnership with the DNC and national cybersecurity experts to develop systems and safeguards to efficiently and securely report results on caucus night while actively monitoring and combating disinformation," Troy Price, Iowa Democratic Party chair, said by email. "We take our responsibility to protect the integrity of the democratic process and secure Iowans' votes very seriously."
"From the beginning, NV Dems [the Nevada State Democratic Party] has been committed to making our First in the West Caucus the most accessible, expansive and transparent caucus yet," Shelby Wiltz, Nevada State Democratic Party Caucus director, said by email. "We developed a reporting application [smartphone app] in order to streamline the process and provide our volunteers with additional support to run their caucuses as efficiently as possible."
However, if something were to go badly wrong with compiling results in Iowa or Nevada — something of a scale that exceeds the random confusion that comes with using any new voting tool — it is unlikely that the two states' backup systems could quickly verify the results in the wee hours after the caucuses end; certainly not before some candidate claims victory and boards a post-midnight plane to the next state.
That assessment comes from examining publicly available party documents about potential caucus recounts. Both states are using similar technology, procedures and press statements. The documents, especially a Nevada 2020 Caucus Recount Manual, suggest that it could be a week or more before the party could examine their paper records to see if they matched the app-filed electronic results. The initial delays come from assembling all the paper records.
"If something fails, then what?" asked David Jefferson, a computer scientist who has analyzed voting systems since the 1990s and a board member of Verified Voting, an advocacy group. "The question is not as easily answered by saying, 'There are paper backups, so don't worry.'"
"If there are failures, what is the backup plan?" he continued. "What is the process if there are electronic failures of some kind? What happens if something written down on paper doesn't match the electronic versions? Then what do they do?"
Presidential caucuses are unlike most elections in America. They are party-run town meetings in more than a thousand local precincts spread across their state. Democrats will only have a few caucuses in 2020, but the two that come early are pivotal. Iowa is 2020's first contest. Nevada is the third.
Caucus voting is also different. The caucuses will have two rounds of voting, where any candidate who gets less than a viability threshold (usually 15 percent) is disqualified. Voters rank their choices, and if their first choice is not viable, their next viable candidate will get their vote. This process requires the caucus chairs to do some math. After the voting, each caucus divides a preset number of delegates to the winners. The allocations are based not on how many people show up locally, but by geography to balance urban, suburban and rural representation.
All of this complexity is why the Iowa and Nevada state parties wanted to develop an app for precinct chairs to use: first for the caucus math and then to transmit the results of their rounds of voting and delegate allocations. (In Nevada, the caucus chairs will also receive the results of early voting before their caucus begins; Iowa does not have an early voting option.)
Using the app as a calculator is not controversial — although it is likely to lead to some degree of user confusion due to unfamiliarity. That assessment comes from Iowa academics who note that most caucus chairs are over 60 years old and would rather call in their results. But security experts consider receiving and sending data via Wi-Fi or cell phones as risky. Also, because caucuses aren't government-run elections like primaries, there are few legal penalties for meddling.
There are a few other differences between Iowa and Nevada in the approaches and technology each has chosen. The only time Iowa will expose voting data to online threats is at the end of the night when precinct chairs use the app to file results.
In Nevada, there are more digital systems in use. That state party will link early voting sites to an online voter registration system. (Iowa will print precinct voter lists.) Nevada also will offer four days of early voting, where participants will use party-owned tablets, which is online voting. Nevada also will send the early voting results to each precinct chair's app, so that all of the early votes and live attendee votes are applied at the local level. In other words, Nevada's digital system is more complex than Iowa's system — and perhaps more inclusive.
Both state parties also have backup plans that were approved by the DNC's technology team and by the DNC's Rules and Bylaws Committee. The states must have paper record backups of all the voting. Thus, every caucus voter will fill out presidential preference cards. The caucus chairs also will fill out summary sheets that document the precinct's two rounds of voting and resulting delegate allocations. And, if a precinct chair can't use an app — for any reason — they can telephone in the results to party headquarters.
In general, coverage of these 2020 plans has focused on the cybersecurity and disinformation threats. Those reports, in turn, have prompted top party officials to take second looks at their mostly undisclosed precautions and publicly seek to project confidence.
"The Rules Committee has been following the news stories and has inquired about the facts," said James Roosevelt Jr., Rules and Bylaws Committee co-chair. "And while it is not something that comes to us for approval, we have not learned anything that would lead us to intervene."
But the media coverage hasn't focused on what would happen next if something significantly interrupted, disrupted or corrupted any part of the caucus process. Nor have statements by top party officials addressed that scenario, as party officials at state and national levels are all making the same points to express confidence in their new procedures and digital tools.
However, if one parses the timelines laid out in state party documents concerning any possible recount, it appears that it could be many days before the final results would be publicly released should some large-scale disruption occur.
Iowa has not released any document explaining how it will handle recounts. But Nevada has, and its process would not look at the voter intent on the individual presidential preference cards, its recount manual said. It also would not look at falsified registrations or bad behavior by participants. Both happened in the past. It would only manually compare the results on the precinct summary sheet to what the caucus chair app reported or the chair called in. Campaigns, which would have to pay for the recount upfront, can send their representatives to observe. But reporters and the public are excluded, the documents said.
Nevada's recount process starts by giving precinct chairs two days to turn in all of their paper voting records. It envisions finishing 13 days after the state's February 22 caucus.
Iowa and Nevada risks differ
These details suggest different potential snafus in these two high-profile caucus states.
Iowa has fewer cybersecurity risks because their system has fewer online elements. But because the state party will release two sets of numbers — raw vote totals and delegates awarded — there is a prospect of some disinformation if the popular vote winner does not emerge as the winner of the most delegates to the process's next stage. In other words, the likelihood of disinformation seems more likely than a voting system meltdown, especially if people do not understand the delegate allocations are akin to a state version of the federal Electoral College.
To be sure, Iowa and national party officials are well aware of this scenario.
"Fundamentally, if people want to cast doubts on the results, they can always find ways to say, 'This is not what democracy looks like,'" said Roosevelt, the Rules Committee co-chair. "In fact, this is what democracy looks like in a diverse country. There are urban areas. There are academic areas. There are rural areas. And different numbers of people will caucus in those areas. But they will be aggregated for a congressional district total. So it is what democracy looks like."
On the other hand, Nevada's state party is asking more from its digital tools and from its caucus chairs and volunteers that will run their caucuses. While they, like the Iowa party, have partnered with the same security experts in government (DHS) and academia (Harvard's Defending Digital Democracy Project) that government officials have been working with to prepare for 2020's elections, Nevada's 2020 caucuses will rely on several online-based elements — vote total transmissions, voter registration and online voting for early voters.
For months, the Nevada party's statements have been upbeat and emphasized their expectations of success. They have released documents with timelines and details if a recount is necessary. But compared to the Iowa Democratic Party, Nevada is placing a bigger bet that their digital tools will deliver.
"Throughout this entire process, protecting the voices of Nevada Democrats has been our number one priority," said Shelby Wiltz, caucus director. "We continue to work with a team of security experts with varying backgrounds to combat disinformation and to ensure the integrity of our process."