WASHINGTON — While the Democratic National Committee over the past 10 days has tried to distance itself from the troubled app that threw the results of the Iowa caucuses into disarray, a copy of the contract and internal correspondence provided to Yahoo News demonstrates that national party officials had extensive oversight over the development of the technology.
The Democrats’ Iowa caucuses took place on Feb. 3, but the outcome is still in question following a series of issues related to the failure of an app that was supposed to be used to submit results. In the days since the debacle, DNC Chair Tom Perez has criticized the Iowa Democratic Party, which ran the caucuses, and the developer of the app, Shadow Inc.
An unaffiliated Democratic operative in Iowa provided Yahoo News with a copy of the contract between Shadow and the Iowa Democratic Party. The contract, which was signed on Oct. 14, 2019, and refers to Shadow as the “Consultant,” specified that the company had to work with the DNC and provide the national party with access to its software for testing.
“Consultant agrees to work with the DNC Services Corporation / Democratic National Committee (‘DNC’) on an on-going basis as Consultant develops the software,” the contract reads.
The contract also specifies that Shadow agrees to “provide DNC continual access to review the Consultant’s system configurations, security and system logs, system designs, data flow designs, security controls (preventative and detective), and operational plans for how the Consultant will use and run the Software for informational dissemination, pre-registration, tabulation, and reporting throughout the caucus process.”
An email provided to Yahoo News also appears to show that Seema Nanda, the CEO of the DNC, and Kat Atwater, the national party’s deputy chief technology officer, were involved in drafting the contract and requested the addition of the provision that gave them access to Shadow and the app. In the email, dated July 30, 2019, Atwater provided an IDP official with draft text for the provision detailing the DNC’s access to the app. Atwater, in the email, said the provision was specifically requested by Nanda.
“In discussing our placement in the process with Seema on Friday, she suggested that it would be helpful to include the following provision in the contracts with your vendors,” Atwater wrote to the IDP.
DNC communications director Xochitl Hinojosa responded to questions about the contract language and Atwater’s email by saying the party wanted access to the app only to address potential security concerns.
“We requested access to the tool solely for the purpose of doing security testing,” Hinojosa said.
Hinojosa disputed that the DNC was involved in the development of the app. “The DNC drafted broad language to make sure whatever vendor IDP ultimately hired was required to work with the DNC’s cyber-security consultant,” she said. “We did not build the application, nor did we provide ‘oversight’ of its development — that’s the vendor’s responsibility. We only provided security assistance.”
The copies of Atwater’s email and Shadow’s contract with the IDP obtained by Yahoo News contained some redactions. Sources familiar with the original documents confirmed the authenticity of the copies. Atwater’s email was redacted to omit the name of the IDP official she communicated with. The Shadow contract was redacted to omit signatures and details about how much the company was paid by the IDP.
A source who worked on the caucus said the payment information was redacted from the copy of the contract provided to Yahoo News because there are ongoing questions about how much the company will ultimately receive due to the issues with the app. The source said Shadow has charged the IDP at least $60,000 for its work so far. Shadow and the firm’s CEO, Gerard Niemira, did not respond to multiple requests for comment.
The Iowa Democratic Party was introduced to Shadow through the state party in Nevada, which also planned to use an app made by the company for its caucuses, according to the same source.
In the wake of the Iowa fiasco, the Nevada Democratic Party announced it would not use Shadow’s app for its caucuses, which are set for Feb. 22.
Fallout from the Iowa debacle continues. The Associated Press has declined to name a winner, even though the Iowa Democratic Party had said Pete Buttigieg edged out Bernie Sanders in delegates, while Sanders won the popular vote. The party’s state chairman, Troy Price, announced his resignation on Wednesday and many experts have suggested Iowa may lose its coveted status as the first state to vote in the next presidential election. Price did not immediately respond to requests for comment.
In the days since the caucuses, Perez, the DNC chair, has laid the blame for the app debacle on the Iowa Democratic Party and Shadow for the issues with the results. “What happened last night should never happen again,” Perez said in a statement on Feb. 4.
Yet the contract demonstrated that the DNC should have had the opportunity to foresee some of the problems. One provision in the contract says Shadow would provide “monthly written updates to the DNC regarding the Software status and timeline for implementation.” It also required Shadow to work with outside consultants and cybersecurity specialists, which the DNC could “choose in its sole discretion.”
According to the source who worked on the caucus, the DNC did have Shadow work with an outside cybersecurity firm. The source blamed the DNC and its security consultants for some of the issues that took place with reporting the results on caucus night.
“They had a lot of thoughts and feelings on how this app was supposed to function, and I think there was advice that was given that led to the difficulties you saw on caucus night with people being able to log in,” the caucus source said. “The security steps that were taken made it difficult for an even technologically apt person to log in.”
Hinojosa, the DNC communications director, said there were no issues with security features and the login. According to her, all of the problems stemmed from code in the software’s back end.
Perez, who was elected chair of the DNC in February 2017, has made security a top priority in the wake of the Russian hack that targeted the party’s leadership during the 2016 election.
“We have staff working around the clock to assist the Iowa Democratic Party to ensure that all votes are counted. It is clear that the app in question did not function adequately,” Perez said. “It will not be used in Nevada or anywhere else during the primary election process. The technology vendor must provide absolute transparent accounting of what went wrong.”
On Feb. 6, Perez tweeted a demand for the IDP to recalculate the caucus results due to the issues that took place on the night of the vote.
“Enough is enough. In light of the problems that have emerged in the implementation of the delegate selection plan and in order to assure public confidence in the results, I am calling on the Iowa Democratic Party to immediately begin a recanvass,” he wrote.
Price rejected Perez’s call for a recount but said the state party would conduct a recanvass if it was requested by any of the Democratic presidential campaigns. Both the Buttigieg and Sanders campaigns had released statements saying they believed they were victorious based on their own internal numbers, and each requested recanvasses of specific precincts where they think there were discrepancies.
In an interview with the New York Times on Feb. 9, Perez explicitly blamed the Iowa Democratic Party for the mess and noted the state organization had ultimate responsibility for administering the caucuses.
“Troy Price was doing his best, but it wasn’t enough,” Perez said.
The source who worked on the caucus said they found Perez’s comments “extremely frustrating” because he did not disclose the DNC’s extensive role in the app.
“They were intimately involved in this process,” the source said of the DNC, noting the committee’s deputy CTO, Atwater, was on multiple conference calls during the app’s development.
Hinojosa responded to that criticism by pointing to an appearance Perez made on MSNBC on Monday where host Chris Hayes asked “who was responsible” for the app’s failure “and what will be done to hold the people responsible to account.” Perez said responsibility was shared between the Iowa party and the DNC. He also said the DNC was “learning from our mistakes.”
“Let me be very clear, we all fell short. While the Iowa party administers the election, we provide help,” Perez said, adding, “We have a partnership with our state parties. We’re all in this together. We all succeed together and, when we fall, we fall together. ... We fell short and I’m here to say I apologize for that.”
Shadow was launched by Acronym, a nonprofit organization that was established in 2017. In the aftermath of the caucus crisis, Acronym has tried to distance itself from Shadow, particularly as questions have been raised about ties the organization has with top Democrats, including a senior strategist for Buttigieg’s campaign.
The contract Shadow signed with the Iowa Democratic Party specified that the firm would not take on any clients that would interfere or conflict with its work on the Iowa caucuses. A section identifying “current Shadow consulting clients” listed just one: the Nevada State Democratic Party.
The document also suggested Shadow staff who were “providing strategic input” to Democratic presidential campaigns participating in the caucuses would not work on the app. One Shadow staffer, Sarah Chabolla, was identified under this section. The contract did not specify which campaign Chabolla is working for, and she did not immediately respond to multiple requests for comment.
Read more from Yahoo News: