Voting Apps are Set Up to Fail

For all the shade, speculation, and shock around Iowa’s primary app disaster, there’s a missing piece: even if the creators had more time, more money, and better staffing, they were still set up to fail.

Before we even talk about how weird caucuses are or what the requirements might have been, or the impossible security challenges from foreign intelligence services, the circumstances themselves are enough to render all of this a terrible idea.

Suppose you were to take on a similar project.

There’s a hard deadline (voting day). You know that, like all software, you can do as much testing and QA as you want, but your first batch of real users are going to find a way to surprise you. Ideally, you’d like to roll it out to a small number of people or use cases, but you can’t do that here. It’s going to everyone all at once, and they’re going to use it for one night.

This means if there are bugs or usability issues on day 1, it doesn’t matter if you ship a patch on day 2. The party is over and everyone hates you.

It’s also extremely high stakes. That’s not unusual, people launch software for medical environments, banks, and utilities all the time. But what is unusual is should it crash, it’s too late, voting is over. It will be years before we try this again, at which point your team has turned over, the OS it was tested on is obsolete, and the requirements have probably changed again.

The combination of those three factors is so insane that nobody should ever attempt to deliver under them.

Software that runs hospitals and airplanes is also high stakes. If you screw it up, the patient is dead and the plane crashed. But you’d never roll out a brand new product to everyone at once, and could monitor the early real world uses closely for any signs of trouble.

Of course, I use those examples intentionally: there’s a whole fleet of 737s grounded over software problems. And while I’m 100% confident sloppy software in hospitals has killed people, the major EMR services do have people on site to help when they go live.

But let’s suppose, for just a moment, you are a master craftsman. Your team is so experienced that this is easy, and you ran two mock pilot caucuses with volunteers just to make sure everything works great, with 30 days of QA time to spare just in case you find something in the 11th hour. You learned from Shadow and’s experiences that you’re about to be blasted with concurrent users, and set your servers up to handle 10x the expected peak traffic. You’ve got this!

Except one of the factors we heard about last week is people at the caucuses had poor network connections and struggled to download the app or successfully send the data.

That’s going to happen. And it’s not your fault, but it’s now your responsibility. Somewhere out in rural Iowa a civic-minded 50-year-old accountant is struggling to make your masterpiece work on an EDGE connection. She’s taking her phone outside in the code and walking the perimeter of an elementary school, jumping in and out of airplane mode to try and get another bar.

She’s the unsung hero democracy needs, and everything would go much smoother if she wasn’t stuck in this ridiculous situation we’ve created.

So what’s the ideal way to build important infrastructure?

With a pilot program and a gradual rollout, the ability to catch surprises early before it’s operating at scale, the ability to manually correct problems without incident when something does go wrong, and frequent repetition that lets you polish out the quirks early and let it run smoothly for years to come. For something this important, some flexibility on the deadline is always wise too.

You’re not going to get any of that. Which, if you’re making a game, a social network, or a surprisingly popular mindfulness app, fine. I don’t have the patience for that level of chaos, but it doesn’t really matter if the first week is a shit show.

Working that way on democratic infrastructure isn’t acceptable. If you’re a smart person, you wouldn’t gamble with your reputation on it. If you’re a responsible person, you wouldn’t gamble with election integrity.