Former U.S. officials call for transparency in cybersecurity of 2020 census
Nearly a dozen former U.S. officials who dealt with cybersecurity and intelligence are calling on the Census Bureau to open up about how it plans to protect the troves of sensitive information it will collect in the 2020 census.
In a letter released Monday by the Georgetown University Law Center, 11 officials write that Americans deserve to know that the systems and technical protocols the Census Bureau is employing to collect and store information about them are not putting that information at risk.
“This is especially important in an age in which new types and sources of cybersecurity threats seem to emerge almost weekly,” the officials wrote in their letter to Commerce Secretary Wilbur Ross and acting Census Bureau Director Ron Jarmin.
Signatories on the letter include former White House Cybersecurity Coordinator Michael Daniel, former National Counterterrorism Center Director Matthew Olsen and other, mostly Obama-era, officials.
Cybersecurity is especially pertinent for the upcoming census because it will be the first to allow people to respond online, introducing a host of technical challenges.
“We urge the leadership of the Bureau and of the Department of Commerce to share publicly their plans for protecting information vital to the future of American voting but also tempting for adversaries that seek to harm our country and its foundational democratic processes,” the letter says.
The letter asserts that the public lacks basic information about how the Census Bureau plans to secure the personal data it will collect from the U.S. population. The authors want the bureau to shed light on whether access to the data will require multi-factor authentication and whether any of it will be encrypted — and if so, how? — as well as any other measures it will take to secure the data.
The officials say there is a dearth of information about the cybersecurity of the census despite requests from Congress and open records requests from the public for information.
“Such transparency and leadership would boost public confidence and also allow cybersecurity experts outside the government to offer assistance in addressing any concerns that they might identify,” the officials write.
The authors say that the Commerce Department and Census Bureau should at the very least bring on a third-party cybersecurity firm to audit the 2020 Census’s technical plan. The firm should publicly confirm whether the existing protections are adequate and address any shortfalls it spots.
Last month, acting Commerce Department CIO Rod Turk floated the idea of having the Census Bureau consult with U.S. intelligence agencies to identify vulnerabilities and threats in the census’s process. He also said that Commerce is using Department of Homeland Security’s Continuous Diagnostic and Mitigation program to look for supply chain vulnerabilities when new technology is onboarded for use in the census.
Still, the group of former officials says that the public needs more information to trust that the massive undertaking will be carried out securely.
“Ultimately, the accuracy of the 2020 Census will be improved by enhancing the public’s confidence in the secure collection and safe storage of that information,” the letter says.