The United States is planning an experiment in democracy: The 2020 census will be the first in the nation's history to be conducted electronically. The Census Bureau expects more households than not to participate in the process online using computers and even smartphones.
By ditching paper questionnaires, the bureau hopes to cut costs, streamline operations, and modernize the constitutionally mandated decennial count. But the decision to go from analog to digital couldn't come at a worse time. Russia's interference in the 2016 presidential election has raised root-level questions about the government's readiness (and willingness) to shore up its cybersecurity protocols ahead of the mid-terms.
That's why a murderer's row of national security experts wrote to Department of Commerce Secretary Wilbur Ross and Census Bureau Acting Director Ron Jarmin this week to ask for details about the bureau's strategy for protecting its data. Putting sensitive data about every American within the potential reach of a foreign power's hackers could undermine public confidence in the census—or worse.
"There's a motive out there for certain adversaries to obtain personal identifying information, whether it's for criminal purposes, as we've seen with identity theft and stealing of credit-card information, or whether it's nation-state adversaries for other purposes," says Mary McCord, former acting assistant attorney general for national security at the Department of Justice.
McCord is now a visiting professor at Georgetown Law and a senior litigator in Georgetown's Institute for Constitutional Advocacy and Protection, which arranged the memo. She and 10 other experts—all former career civil servants and political appointees from the National Security Council, National Security Agency, Department of Homeland Security, and other federal agencies—signed the letter to "urge the leadership of the Bureau and of the Department of Commerce to share publicly their plans for protecting information vital to the future of American voting but also tempting for adversaries that seek to harm our country and its foundational democratic processes."
To conduct the 2020 count, the Census Bureau aims to use electronic methods to both collect and store the data. That means this data is vulnerable to threats both in transmission and at rest. Paper questionnaires face potential risks, too, as they're scanned, uploaded, and stored in databases. The census includes information about every American resident, or at least that's the goal, and it's used to allocate congressional representation and federal funds. The census is critical, and even if none of the hypothetical threats against it come to bear, any public perception that the census isn't safe is a threat itself.
The Georgetown letter outlines two broad concerns with the next census. One is transparency. Response rates to the survey live or die by the public's trust in the process. For example, critics fear that the addition of an untested citizenship question may undermine public confidence in the 2020 census, leading to a potential undercount of vulnerable or hard-to-reach populations. Similarly, if the public comes to believe that the decennial count isn't secure, they may decline to participate. The Census Bureau has not responded publicly to requests from Congress or public-interest groups about its security protocols.
A more direct concern is that the bureau may be unprepared for an attack on census data. Danger can take multiple forms, including threats that the bureau may deal with internally (such as denial-of-service attacks or compromised devices) and external threats beyond the bureau's control (rogue sites impersonating the census). Both criminal and nation-state actors have used these methods and more to steal data or, more recently, interfere with elections.
McCord says that she isn't aware of any specific threat to the census. But she notes that the Office of Personnel Management was subject to a devastating data breach in 2015. (Fingerprints for nearly six million individuals were stolen as a result.) Russian hackers busted into the Department of State's computer system in 2014. North Korea may or may not have hacked Sony Pictures. It's not just rogue states: Half of all adult Americans were exposed in the Equifax credit data breach last fall. Chaos can come from all corners. President Donald Trump, who was briefed before his inauguration that Russian President Vladimir personally ordered the interference in his election, only begrudgingly accepted the fact this week.
Given the ongoing investigation into Russia's attacks on the election, concerns that the same thing could happen with the census may weigh on people's minds. Exfiltration of Americans' personal data is one challenge, says Joshua Geltzer, executive director for the Georgetown institute, but it's not the only one. "Another is whether an actor with nefarious intent would actually go into the database and attempt to—I'll use a very non-legal word—mess with it. To alter the data, even minimally, but enough to undermine people's confidence in it."
In response to the Georgetown letter, the Census Bureau issued a statement defending its cybersecurity program as robust, if necessarily invisible to the public. "We have incorporated industry best practices and follow Federal IT security standards for encrypting data in transmission and at rest," the statement reads. "As a matter of data security, we do not disclose our specific encryption methods, but we would like to note, in response to the concerns of the letter, that two-factor authentication is required for all who access the data."
John Thompson, the former director of the Census Bureau who stepped down in May of 2017, says that he is confident that the bureau's prep-work is up to snuff. "I think the Census Bureau is doing all of the right things to protect against cyber attacks," Thompson says. "That being said, one can never relax vigilance, or concern in the environment we are in today."
Others who have had a close look at the Census Bureau's preparations are less sanguine. In April, the Government Accountability Office issued a report that said that "the Bureau has not addressed several security risks and challenges to secure its systems and data, including making certain that security assessments are completed in a timely manner, and that risks are at an acceptable level."
For its part, the Census Bureau has been forced to work under severe cost restraints mandated by Congress. Top-level vacancies may also be frustrating the bureau (or at least its ability to comply with congressional requests). Trump backed a controversial pick for deputy director, who would not require Senate confirmation (and would be the de facto acting director), until the would-be nominee backed down. Mayors and other critics have accused the Trump administration of "sabotaging" the census.
The Georgetown letter calls on the Census Bureau to hire an outside cybersecurity firm to run an end-to-end audit on the bureau's data security apparatus. The bureau says that it's on it. One recent internal security presentation surveys how the bureau will manage cyberthreats ranging from compromised respondent devices to phishing scams—but it's scant on details.
Preparation for the 2020 census started years ago, even before the 2010 census was conducted. But this next census will take place in an atmosphere of evolving national security threats, some of them very recent (and successful). The stakes could not be much higher.
"The census is a pretty foundational thing for our democracy," Geltzer says. "The census is critical to voting in this country and how seats in the House and therefore how votes in the Electoral College get tallied and allocated. It's almost hard not to be interested in it, if you're interested in the law and the constitutional system and our democracy."