Vepar5/Getty Images/iStockphoto

It looks as if the problem with the Iowa caucus was not hackers. The misstep happened earlier in the process of transitioning to an app to report caucus results and is much less exciting.

The volunteers running the caucuses were not trained on how to use the new app that powered the entire process.

“The app wasn’t included in the chair training that everyone was required to take,” Zach Simonson, the Democratic Party chair in Wapello County, told The New York Times.

SEE: Iowa caucus app fiasco: How it happened and lessons learned (free PDF) (TechRepublic)

Training and technology experts agreed that not training people during a technology transition is almost always a fatal error. Corinne Jones, president of CJC Human Resource Services, said that skipping the training step during a transition is an expensive mistake.

“Inevitably, the cost of this misstep is considerably greater since damage control and ultimately training staff properly is required, as well demonstrated with the app rollout in Iowa caucuses,” Jones said.

“Our firm specializes in training and we can attest that 85% of clients that initially failed to provide training on new systems or processes to employees return for the investment within three months of rollout.”

SEE: Iowa caucus results: Majority to be released by 5 pm EST

Sean Abbas, president and co-founder of Threads Culture, based in Cedar Rapids, IA, said that a failure like this is well above the pay grade of the volunteers.

“Rolling out new processes to a large, disconnected staff takes incredible communication and training,” he said. “Add to this situation, a new technology platform, millions of people watching and a tight window, it’s really a recipe for disaster.”

Larry Gadea, founder and CEO of the workplace tech company Envoy, said applying technology to existing paper-based solutions is never a one-step process, even for tasks as simple as volunteers counting votes or visitors checking in to an office.

“When the buyer isn’t the end user, it’s not unusual for the exact scenario we are seeing in Iowa to play out—where the end-user experience gets lowest priority and the technology as a result, functions poorly,” Gadea said.

“In order for Iowa’s caucus app to function without extensive user trainings, an incredible amount of time and effort needed to have been put into intuitive product design and user experience first,” he added.

SEE: Results delayed due to reporting inconsistencies after switch to new tech (CNET)

Steve Moore, chief security strategist at Exabeam, said that the best applications are made from a user’s perspective, not engineers’ perspectives.

Simone Petrella, CEO at CyberVista, said that training is often the first thing to get cut during the transition to a new system.

“It’s taken for granted that tech is intuitive and we don’t need training, so it becomes an afterthought until something goes wrong,” she said.

Mike Hughes, senior director of product marketing at OutSystems, also said that user experience should be at the heart of the design process.

“In the case of the Iowa caucus, Baby Boomers were the primary users, so a good app should be easy for that demographic to use without a lot of intense training,” he said.

Flawed approach to security

The Iowa Democratic Party selected the app and took a “security by obscurity” approach to the project by not disclosing any details about the app—several journalists raised red flags about the lack of transparency in the rollout.

Cybersecurity experts interviewed by NPR said that the party’s decision to withhold the technical details of its app doesn’t protect the system and in fact makes it hard to have complete confidence in it.

Petrella also said that refusing to share any details about the app before the caucuses was an ominous sign.

“If you are defaulting to not sharing any information, it is an indicator that you haven’t built security into the product anyway,” she said.

CyberVista specializes in workforce development focused on IT security.

Tim Mackey, principal security strategist at Synopsys CyRC, said that the lesson to take away from the Iowa caucus is that transparency matters when dealing with users.

“Party officials could’ve taken the opportunity to become transparent about the authors of the app, what security testing had been performed, how backup processes would be triggered–an opportunity which would’ve increased confidence rather than confusion,” he said.

The failure to train volunteers was only one of several best practice failures in Iowa, including skipping the RFP process and using untested technology.

The app was built by Shadow, a company that builds data management tools and volunteer engagement platforms for political parties and nonprofits. Shadow lists Hillary for America, Obama for America, Google, Kiva, Apple, the AFL-CIO, and the DNC as its clients.

The company’s explanation of its name casts an especially strange light on the problems Iowa is having with its app: “We see ourselves as building a long-term, side-by-side ‘Shadow’ of tech infrastructure to the Democratic Party and the progressive community at large.”

On Tuesday afternoon, Shadow released a statement on Twitter, saying the problem was with transmitting the data to the Iowa Democratic Party and that the company has fixed the problem.