With the U.S. Census Bureau’s 2020 count less than a year away, agency leaders are working to keep their data safe from hacks and to ensure the integrity of the information they receive that will in turn be used to shape congressional districts.
As of December 2018, the bureau had identified nearly 1,100 census system security weaknesses , according to a Government Accountability Office report.
The GAO report, released in March 2019, found the bureau has not hired adequate staff “to oversee the $886 million contract for integrating the Information Technology (IT) systems needed to conduct the 2020 Census.”
According to the report, 21 of 44 positions in the government program management office responsible for integrating the IT systems were vacant in November.
Exacerbating the problem, the Bureau’s new director, Steven Dillingham was sworn in Jan. 7, filling the position of permanent director after a nearly 18-month vacancy.
“When I was there, I was of course worried about the cybersecurity because everybody had to be,” said John H. Thompson, director of the Census Bureau from August 2013 to June 2017. “I thought that the bureau was doing everything they should do and could do, but a lot has transpired since June of 2017.”
During a 2018 test leading up to the 2020 census, the report found “the bureau’s data management reporting system did not always provide accurate information because of a software issue.”
With congressional and state representation as well as federal funding reliant on the headcount in each state and locality, the accuracy, security and processes of the 2020 census are critical.
“Any part of [the census] that is digitized is at risk,” said Paul Rosenzweig, a former Department of Homeland Security official and founder of homeland security consulting firm Red Branch Consulting.
In July 2018, Rosenzweig was one of 11 individuals, many of whom were former government officials with expertise in cybersecurity, who wrote a letter to the Department of Commerce and Census Bureau, asking leaders to share how they would ensure the security of the census data.
The response was basically “trust us, don’t worry,” Rosenzweig said. Government leaders rarely describe their security playbooks for the public.
While past censuses involved workers walking around the entire country to confirm addresses, mailing paper questionnaires and using scanners to record census results, “we said we need to take the census process into the 21st century,” said Thompson, who oversaw the developing and initial testing of many systems that will be used in next year’s count.
One of Thompson’s concerns is to avoid a repeat of the healthcare.gov roll-out when the site was overloaded and shut down temporarily almost immediately after its debut in 2013. Thompson also said he is concerned that foreign interests could try to interfere in the census.
“I would not be surprised if that there will be attempts to disrupt the census either through cyber-hacking or through disinformation campaigns like we saw in the last election,” he said.
In 2016, the Australian government shut down its online census website to protect the integrity of the data from a potential attack, according to a statement from Timothy Pilgrim, the Australian privacy commissioner.
The digital element of the 2020 census, in which citizens can respond online, makes confirming the accuracy of U.S. census records more difficult, Rosenzweig said.
“The lack of a hard copy backup makes it very difficult to determine whether or not the information you’re dealing with has been tampered with,” said Rosenzweig. He added that the decision to not have a backup saves money, but incorporates large amounts of risk.
“The democracy of the United States depends on having an accurate, well-thought-of census,” Thompson said.