Cybersecurity experts worry about census data

Shutterstock image By Pasko Maksim Stock vector ID: 591206291 

With approaches to election security still up in the air, a group of former cybersecurity officials are concerned about the cybersecurity of another democratic foundation: the decennial census.

In a July 16 letter to acting Director of the Census Bureau Ron Jarmin and Commerce Department Secretary Wilbur Ross, the former officials stressed the importance of the security of data collected by the bureau's first-ever electronically based survey and pushed the bureau to publicly share plans for how it plans to protect that information.

The signatories include former White House Cyber Coordinator Michael Daniel, former Office of Director of National Intelligence General Counsel Robert Litt, former State Department cyber lead Christopher Painter and Mary McCord, who formerly served as acting assistant attorney general for national security.

"Ultimately, the accuracy of the 2020 Census will be improved by enhancing the public's confidence in the secure collection and safe storage of that information," they wrote.

Census has listed public perception of the bureau's ability to safeguard response data and the prospect of a cybersecurity incident among its "major" risk areas for 2020.

However, the group noted, despite congressional and public request, the bureau has not publicized how it "is implementing even the most basic cybersecurity practices," such as whether two-factor authentication will be required to access collected data and whether data will be encrypted.

Among the information collected by the decennial is the age, race, relationship and -- for the first time since 1950 -- the citizenship status of people living in the U.S.

The signatories said they believe that publicly sharing how the bureau plans to protect that data will help boost confidence in the results and help make the count as accurate as possible.

"Such transparency and leadership would boost public confidence and also allow cybersecurity experts outside the government to offer assistance in addressing any concerns that they might identify," they wrote.

Alternatively, the former officials recommended the bureau could "at a minimum … retain a reputable outside cybersecurity firm to conduct an end-to-end audit of current plans for data protection associated with the 2020 Census."

Earlier this year, Census CIO Kevin Smith said the bureau has been working with the intelligence community and private industry, including social media companies, to help prepare for these risks and boost public trust.

Census did not respond to a request for comment, and it has previously declined requests to speak with officials about the census's cybersecurity.

About the Author

Chase Gunter is a former FCW staff writer.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected