A large group of former Federal government officials–including national security and other experts from the Departments of State, Homeland Security, and Justice–urged Secretary of Commerce Wilbur Ross in a letter released yesterday to disclose the 2020 Census’ data protection and cybersecurity policies.
The letter, which called the first electronic census “a moment of both opportunity and risk for our country,” was signed by 11 individuals and one industry group. Ahead of a House Committee on Oversight and Government Reform Joint Subcommittee meeting tomorrow, the letter was also sent to Reps. Trey Gowdy, R-S.C., and Elijah Cummings, D-Md., who lead the House committee, as well as Sens. Ron Johnson, R-Wis., and Clair McCaskill, D-Mo., who lead the Senate Homeland Security and Governmental Affairs Committee.
“Ultimately, the accuracy of the 2020 Census will be improved by enhancing the public’s confidence in the secure collection and safe storage of that information,” the letter explained.
The letter took the Department of Commerce and the Census Bureau to task for not providing “basic information” regarding how the department intends to mitigate cybersecurity risks and safeguard U.S. residents’ data.
“Despite repeated requests from Congress and from the public for a better understanding of the Census Bureau’s preparations for the first electronic census, the Bureau has not provided basic information such as whether two-factor authentication will be required for all access to the data obtained, whether relevant information will always be encrypted while in transit and also while at rest (and what specific encryption methods will be used), and whether other now-standard cybersecurity practices will be utilized,” the letter said.
The former government officials urged the Census Bureau to publicly disclose “the technical protocols and systems that it will use to ensure the security of the data obtained electronically in the 2020 Census as well as the security of the data obtained through paper forms before being scanned and stored electronically.” The group described the information being collected as “vital to the future of American voting but also tempting for adversaries that seek to harm our country and its foundational democratic processes,” and said that public disclosure would enable cybersecurity experts outside of the government to aid in addressing any concerns the experts might find.
If public disclosure is deemed impossible, the letter suggested that Commerce and the Census Bureau hire “a reputable outside cybersecurity firm to conduct an end-to-end audit of current plans for data protection associated with the 2020 Census and, in turn, to have such a firm either confirm (ideally publicly) the adequacy of existing cybersecurity protocols and procedures or assist in addressing any gaps or vulnerabilities identified.”
Signatories on the letter are:
- J. Michael Daniel, president and CEO, Cyber Threat Alliance; former special assistant to the President and cybersecurity coordinator, National Security Council (NSC);
- Joshua A. Geltzer, former senior director for counterterrorism, NSC; former deputy legal advisor, NSC;
- Dipayan Ghosh, former senior advisor on technology policy, White House Office of Science and Technology Policy; former privacy and public policy advisor, Facebook;
- Robert Litt, former general counsel, Office of the Director of National Intelligence;
- Alexander Macgillivray, former deputy United States CTO; former general counsel, Twitter; former deputy general counsel, Google;
- Mary B. McCord, former acting assistant attorney general for national security, Department of Justice (DoJ);
- Matthew G. Olsen, former director, National Counterterrorism Center; former general counsel, National Security Agency;
- Christopher Painter, former coordinator for cyber issues, Department of State;
- Daniel J. Rosenthal, senior fellow, George Washington University’s Center for Cyber and Homeland Security; former senior counsel to the assistant attorney general for national security, DoJ;
- Paul Rosenzweig, former deputy assistant secretary for policy, Department of Homeland Security;
- James C. Trainor, former assistant director for the cyber division, Federal Bureau of Investigation; and
- New America Public Interest Technology Team