The Census Bureau is trying to quell concerns that it’s not prepared to protect Americans’ data from cyber intrusions when it conducts the first fully digital census in 2020. Kevin Smith, the Census Bureau’s chief information officer, used a little-publicized quarterly meeting Friday to explain how the agency is working with the Department of Homeland Security and using tools such as encryption to safeguard the troves of information it will gather in the next population count. “I want to stress that protection of the data we collect is census’s highest priority,” he said. Smith outlined some fairly basic steps, which are unlikely to satisfy a growing group of critics who say the bureau has for months avoided answering questions about its cybersecurity preparations. These critics, including members of the House Oversight Committee and former senior national security officials, argue the bureau, which is part the Commerce Department, has fallen behind on important equipment tests and left the public in the dark about whether it had implemented even minimal cybersecurity practices. They want more transparency at a time when Russian election hacks and other data breaches are increasingly putting Americans’ personal information at risk.
“It’s good to see the Census Bureau beginning to address these concerns but, as we have seen from the threats to our electoral systems, the threat is great and the census data will be an extremely attractive target,” Christopher Painter, the State Department’s former top cyber diplomat, told me in an email.
“Moreover a breach or, worse yet, an intrusion that calls into question the integrity of the information, will have a major impact on citizen confidence,” said Painter, who was one of a dozen former officials who wrote to the bureau last month about their concerns. “Given the stakes, and the magnitude of the threat, continued focus and vigilance, and continued oversight and transparency, are needed to ensure that cybersecurity concerns are adequately prioritized and resourced.”
Indeed, foreign governments have already targeted Americans’ personal information. Moscow used such data to microtarget social media users during its disinformation campaign in 2016, and Russian hackers stole records on 500,000 voters when they breached a state voter database that year. The federal government is still dealing with the fallout from the massive hack of federal employee records from the Office of Personnel Management in 2015, which has been linked to the Chinese government.