The Iowa caucuses debacle raises more questions than answers, and a Rice University voting security expert is available to weigh in.

The fiasco comes after the Iowa Democratic Party rolled out an app used to gather caucus results. A small company developed the app in just two months and didn’t test it on a large scale before it was deployed to help count the first votes cast in the 2020 presidential election, according to The New York Times.

"There's a truism among election officials that you never roll out a new process or technology during a major election," said Dan Wallach, a professor of computer science and electrical and computer engineering. "You instead use a small, off-year, low-turnout election to try out your new stuff, so you can shake it down and figure out your issues. The Iowa Dems appear to have not taken this to heart."

Wallach suspects the problems can be blamed on the lack of planning and testing rather than hacking.

"We have plenty of evidence of a lack of planning and testing, although I'd like to see more comment from the people running the show," he said. "My guess is that they're pulling their hair out, so they’re too busy to adequately communicate with the press. Still, there's a saying among pilots that your priorities should be, in order: aviate, navigate, communicate. I don't see anything nefarious in the lack of communication that we're getting from the Iowa Dems on their caucus results."

Even if the app wasn't hacked, Wallach said this technological failure may play into election security and integrity fears.

"This certainly buttresses concerns that many, including myself, have about online voting," he said. "Companies like Voatz are pushing for online voting, without any apparent concerns for all the ways that things could go wrong. At least with the Iowa caucuses, we know that local caucus chairs have all the results written down on paper tally sheets, and the issue here appears to be with the transmission of that information. Presumably, those tally sheets all still exist, so we have some 'ground truth' to get to, even if takes a few days for the Dems to cobble together some sort of alternate reporting system — for example, Google Forms."

Wallach said the situation in Iowa offers lessons about the use of mobile apps in elections.

"When you first roll out a bespoke app, you can't assume it will just work, much less work well — for example, with good scalability, usability and security," he said. "It's likely that some subset of these issues happened in Iowa. We just don't yet know which ones."

The potential for problems like this is the reason why regular voting machines are certified and independently tested, Wallach said.

"There are so many ways that we need to improve security for voting machines, but at least we know that there's been at least some scrutiny," he said. "For contrast, there appears to have been absolutely no equivalent scrutiny applied to Iowa's caucus reporting app."

Wallach said the same issue applies to voter registration and e-pollbook systems, as well as every internet voting system.

"There are no standards and no third-party testing for any of this stuff," he said.

Wallach is an expert on voter security and has commented widely on the topic to local and national media outlets, as well as in testimony before the U.S. Congress. For more information, visit https://csweb.rice.edu/dan-wallach.

Rice University has a VideoLink ReadyCam TV interview studio. ReadyCam is capable of transmitting broadcast-quality high-definition and standard-definition video directly to all news media organizations around the world 24/7.