Federal officials and lawmakers pressed the Census Bureau to increase testing of new technologies being used in the 2020 census, lest they jeopardize the integrity of the population count.
The bureau estimates the census will cost $15.6 billion, a $3 billion increase over its original estimate. To save money the bureau plans to increase automated data collection, use administrative records when it can, verify addresses with aerial imagery, and allow internet responses for the first time.
New technologies introduce new risks to the census count “in part because they have not been tested extensively, if at all,” said Robert Goldenkoff, director of strategic issues at the Government Accountability Office, during testimony before the House civil rights subcommittee on Wednesday. In 2017 and 2018, the bureau scaled back operational tests, citing budget uncertainties.
“Without sufficient testing across the range of geographic locations, housing types, living arrangements, and demographic groups, operational problems can go undiscovered,” Goldenkoff said. “And the opportunity to refine procedures and systems could be lost.”
While the bureau has made “important progress” in mitigating some risk, Goldenkoff said, it’s been on GAO’s High Risk List since February 2017 and is delayed in addressing 104 corrective actions in areas like operations, information technology and cybersecurity.
Bureau Director Steven Dillingham said the bureau rigorously scans for vulnerabilities each month, addressing about 100 risks a month from a running list of 300.
“There will be risk identified and risk coming off, so we’re working the list,” Dillingham said. “And that’s actually the way GAO recommends we do business.”
“I would never envision that risk list reaches zero,” he added.
A June Department of Commerce Office of Inspector General report found severe risks to census cloud environments, where respondents’ personally identifiable information will be stored.
“The bureau is home to one of the largest databases of identifiable, personal information on the American people,” said Rep. Jamie Raskin, D-Md., chairman of the subcommittee. “The security of this data is paramount, not only to a well-run census, but to the public’s confidence in our system.”
Dillingham said the environments hadn’t been breached, but the bureau needed to ensure no one had special access to them and they could be taken down in a way that left no data behind.
“Immediate action was taken; it was some time ago,” he said. “It involved contractors and setting up the system.”
Most of the corrective actions have been made, he added, with the remainder monitored weekly.
A total of 52 IT and cybersecurity systems will be used at different census stages, the bureau recently delivering two new ones for early hiring and training. The next few months will see testing and production deadlines for many additional systems — five of which the bureau is at risk of missing, according to GAO.
Deliveries supporting internet self response and recruiting and hiring for peak operations need to be “closely monitored” because they are fast approaching, said Nicholas Marinos, director of IT and cybersecurity at GAO.
While most of the 52 systems received initial authorities to operate (ATOs), five are still awaiting authorization, and nine require their security controls be reassessed prior to the census due to additional development work.
The census begins in Alaska in less than six months and the nationwide count in March. The resulting population data is used in redistricting and apportioning billions of dollars reaching millions of people through federal, state and local programs and services.
When it comes to data collection, the bureau is using the “latest, state-of-the-art softwares (sic)” and encryption while working with agency partners and “major, high-tech companies,” Dillingham said.
“We can no longer rely on collecting data in the usual ways and places,” Dillingham said. “With internet and phone options, we have the tools to go into the less-visible, hard-to-count areas and collect the data.”