Former U.S. officials call for transparency in cybersecurity of 2020 census
Nearly a dozen former U.S. officials with cybersecurity and intelligence backgrounds are calling on the Census Bureau to be open about how it plans to protect the troves of sensitive information it will collect in the 2020 census.
In a letter released Monday by the Georgetown University Law Center, 11 officials write that Americans deserve to know that the systems and technical protocols the bureau is using will not put collected information at risk.
“This is especially important in an age in which new types and sources of cybersecurity threats seem to emerge almost weekly,” the officials say, addressing Commerce Secretary Wilbur Ross and acting Census Bureau Director Ron Jarmin.
Signatories on the letter include former White House Cybersecurity Coordinator Michael Daniel, former National Counterterrorism Center Director Matthew Olsen and other Obama administration officials.
Cybersecurity is especially pertinent for the upcoming census because it will be the first to allow people to respond online, which introduces a host of technical challenges.
“We urge the leadership of the Bureau and of the Department of Commerce to share publicly their plans for protecting information vital to the future of American voting but also tempting for adversaries that seek to harm our country and its foundational democratic processes,” the letter says.
The letter authors want the bureau to shed light on whether access to the data will require multi-factor authentication and whether any of it will be encrypted (and if so, how), as well as any other measures it will take to secure the data.
The officials say current information on the security measures is scarce, despite requests from Congress and open records requests from the public.
“Such transparency and leadership would boost public confidence and also allow cybersecurity experts outside the government to offer assistance in addressing any concerns that they might identify,” the officials write.
The authors say that the Commerce Department and Census Bureau should at the very least to bring on a third-party cybersecurity firm to audit the 2020 census’s technical plan. The firm should publicly confirm whether the existing protections are adequate and address any shortfalls it spots.
Last month, acting Commerce Department CIO Rod Turk floated the idea of having the Census Bureau consult with U.S. intelligence agencies to identify vulnerabilities and threats in the census’s process. He also said that Commerce is using Department of Homeland Security’s Continuous Diagnostic and Mitigation program to look for supply chain vulnerabilities when new technology is onboarded for use.
Still, the former officials say the public needs more information in order to trust that the massive undertaking will be carried out securely.
“Ultimately, the accuracy of the 2020 Census will be improved by enhancing the public’s confidence in the secure collection and safe storage of that information,” the letter says.