Contract for Iowa caucus app underscores DNC focus on security

The contract between the Iowa Democratic Party and the company tasked with designing the app that sits at the center of the caucus meltdown on the opening night of the presidential nominating process underscores how deeply involved the Democratic National Committee was in ensuring the online tool was secure.

The app eventually failed on February 3, the night of the caucuses, with a glitch making it impossible for many precinct chairs to use the tool that was meant to calculate and submit data from Iowa’s more than 1,700 caucus sites. The app’s failure — combined with an overwhelmed call center and poor communication with the numerous presidential campaigns competing in Iowa — plunged the caucus process into chaos nearly two weeks ago. No results were reported that night and, even when they were, mistakes in the counting has further delayed the certification of the results.

The Democratic National Committee is not a party to the contract, which was signed by the Iowa Democratic Party and the app maker Shadow and was provided to CNN by a Democratic source with access to the contract, but a section of the contract does outline how the app makers must “work with the DNC Services Corporation/Democratic National Committee (‘DNC’) on an on-going basis as Consultant develops the software.”

The contract outlines how the national committee would be involved in multiple aspects of securing the app, including Shadow providing “continual access to review the Consultant’s system configurations, security and system logs, system designs, data flow designs, security controls (preventative and detective), and operational plans for how the Consultant will use and run the Software for informational dissemination, pre-registration, tabulation, and reporting throughout the caucus process.”

It also outlines how the app maker must work with DNC-approved “third party software penetration testers and third party forensic examiners on an ongoing basis” and “provide monthly written updates to the DNC regarding the Software status and timeline for implementation”

Yahoo was first to report the contents on the contract.

Xochitl Hinojosa, communications director for the DNC, told CNN that the committee “drafted broad language to make sure whatever vendor IDP ultimately hired was required to work with the DNC’s cybersecurity consultant.”

“We did not build the application, nor did we provide ‘oversight’ of its development — that’s the vendor’s responsibility,” Hinojosa said. “We only provided security assistance.”

DNC officials have long said they were involved in making sure the app was secure. And while there were issues with the app working on caucus night, both IDP and DNC officials have stated repeatedly that there was no hack or data breach.

In the wake of the calamitous caucuses, frustrated Democrats in Washington, DC, and Iowa, have been pointing fingers at any Democratic official who had any involvement in the process, including Troy Price, who resigned from his role as IDP chairman this week, and DNC Chairman Tom Perez, who is under pressure from his members to deliver successful caucuses next week in Nevada.

Price has been the focus of much of the criticism, but Iowa Democrats and some frustrated DNC members argue that the focus on Price obscures the role the DNC played in the caucus process, including its knowledge of the app.

“Tom Perez has to answer a lot of questions and can’t throw Troy Price under the bus,” Mike Kiernan, a former chairman of the Iowa Democratic Party, told CNN on Friday. “It’s evident now that the DNC was intimately involved with the software that malfunctioned.”

One frustrated DNC member, pointing to the fact that Perez called for a recanvass the day after the caucus meltdown despite having no authority to actually initiate the action, said, “The DNC trying to absolve themselves of any involvement.”

“There’s no campaign that I’ve talked to that’s happy with the way things are going right now,” the member said. “There’s no DNC member that’s happy the way things are going right now.”

But some DNC members remain behind Perez, however.

“Being the leader of the Democratic Party when something goes wrong isn’t easy, but Tom has steered the ship in the right direction,” said Yvette Lewis, a DNC Member. “I am confident that Democrats will be victorious in 2020.”

Some Democrats, in Iowa and close to the DNC, argue there is plenty of blame to go around for the caucus debacle.

“It’s everyone’s fault,” an Iowa Democrat who worked on the caucuses said bluntly.

Perez and Price were in frequent communication in the run up to the caucuses, one Iowa Democrat said, but Perez did not travel to Des Moines for caucus night, something Iowa officials said they felt was strange considering he is a frequent presence at nearly all party events.

A team of data, cybersecurity and communications officials from the DNC were on the ground in Iowa around the caucuses and were deeply involved with helping sort through the myriad issues that began on caucus night. The team also regularly briefed Perez on how things were going.

Two Iowa Democrats said the technology team from the DNC was deeply involved with ensuring the app was secure, in part because the state party does not have a technology team.

The Democrats also said because the national committee was hyper focused on cybersecurity in the run up to the caucuses, IDP began believing that those worries gummed up the process.

Even some Iowa Democrats, however, believe their state party is to blame for the chaos.

“The documents show the DNC was more involved than they let on, but not necessarily inconsistent with what they have said,” said an Iowa Democrat close to the process. “But unless the DNC was interfering with the IDP’s ability to do what they needed to do, the blame still lies with the IDP. We have to stand on our own two feet.”