In the wake of indictments against 12 Russian operatives for hacking into the Democratic National Committee, cybersecurity experts are raising concerns about plans but he U.S. Census Bureau to use digital questionnaires for the first time ever in 2020.
Eleven former government cybersecurity employees demanded the Census Bureau and Department of Commerce outline any planned security measures in a letter that was coordinated and released by Georgetown Law’s Institute for Constitutional Advocacy and Protection on Monday.
“American people deserve to understand the technical protocols and systems being utilized by the Census Bureau to ensure that the electronic collection and storage of information about millions of Americans will be handled as securely as possible,” the letter reads. “This is especially important in an age in which new types and sources of cybersecurity threats seem to emerge almost weekly.”
Concerns over data security have increased after revelations that Cambridge Analytica, a political consulting firm, was able to harvest data from up to 87 million Facebook profiles and that Russians involved in the meddling of the 2016 election were successful in stealing the personal information of about 500,000 voters from one state’s board of elections website.
Among the former government officials who signed the letter regarding the census include J. Michael Daniel, a former special assistant to the president and the cybersecurity coordinator for the National Security Council, Matthew Olsen, the former Director of the National Counterterrorism Center and Joshua Geltzer, a former senior director for counterterrorism at the National Security Council.
In an interview with TIME, Geltzer said he’s not only worried about Russian entities, but also about “those who may be watching and learning from what Russia has been doing,” he said.
“The stakes are huge for this information,” he continued, citing that information from the decennial census helps determine how many House seats and electoral college votes each state is allocated.
And even if the information is not hacked, the notion that it could be hacked due to government inaction is also troubling, Geltzer said.
“The biggest thing I worry about when it comes to the sanctity of government held information these days is not just the direct harm I suppose, but the more diffuse broader sense of a lack of confidence,” he said. “Because democracy, in part, rests on people’s confidence in institutions, on the foundation on which other decisions get made. Allocating votes and seats are those foundations.”
The letter notes that if the Census Bureau has already taken steps to protect information from the 2020 census, it should publicize that.
“Such transparency and leadership would boost public confidence and also allow cybersecurity experts outside the government to offer assistance in addressing any concerns that they might identify,” it says.
The Government Accountability Office released a report highlighting similar security concerns about the 2020 census in October of 2017, to no avail.
At a minimum, the Census Bureau should retain an outside cybersecurity firm to conduct an audit of the bureau’s plans to either publicly confirm they are satisfactory, or address their vulnerabilities, the cybersecurity letter-signers suggest.
The charges that Deputy Attorney General Rod Rosenstein announced on Friday heightened the need for the experts’ call-to-action, Geltzer said.
“To have it laid out in an indictment that way — including naming the names of those foreign officers — shows the determination on the part of hostile actors to use digital vectors as ways to interfere in the functioning of our democratic process,” Geltzer said. “That’s the type of thing that the census process should guard against, given the climate, given what we know about those actors.”