The app didn’t work. Millions of us watched in growing frustration as we came to realize that the Iowa caucuses, the start of primary voting, would be derailed by a phone app glitch. It was infuriating that poor planning and shoddy software could upend a core part of our democratic process. But what few realized in those agonizing hours was that we were also watching what might be a preview of the possible pandemonium coming in just a couple months when the United States conducts its first online census.
In these last months of preparation, community activists are scrambling to make the most of the decennial count, spending millions to reach every American they can. For elected officials, an undercount may mean fewer seats in Congress or state legislatures. For social service groups, it may mean fewer federal funds for everything from hospitals to food assistance. And for countless vulnerable communities, the census risks leaving them unseen, undercounted, and underserved.
But in the arms race to improve census outreach, few have paid attention to a looming cybersecurity threat that exists because the census is going online. As in prior decades, the process will start at your mailbox, but that’s where the similarities will typically end. Where in past years, Americans would fill out a paper form with information about the people living in each residence, in April, most families will be asked to submit their information over the internet. A digital census may be cheaper for the country and easier for some, but it creates barriers for others and risks a repeat of the destructive digital mischief we saw play out in Iowa.
Last week, we saw the Democratic Party roll out a poorly tested and ultimately unusable app, turning the most-watched caucus in the country into a giant software beta test. Iowa showed the danger of deploying digital infrastructure without rigorous testing. Yet in 2020, as we make the most radical change to the census in generations, the government did less testing, not more. Budget cuts forced the Census Bureau to scrap its 2017 field tests, along with two of the three comprehensive trial runs planned for 2018.
Incompetence wasn’t the entire story in Iowa. Conservative activists also exploited the Democrat’s technology woes to make a bad situation worse, flooding the Democratic Party’s phone lines. The 2020 census could also fall victim to bad actors trying to hack or overload the system.
Even if the foreign powers that targeted us in 2016 let the census go undisturbed, that still leaves countless other threats. Partisan attackers might provide false census responses to alter the population counts, undercutting representation for parts of the country and even potentially skewing the Electoral College. Even worse, hackers and others could see census data collection drives as an opportunity to track countless peoples’ data with relatively little effort.
Digital systems also put up other barriers: Online forms may prove intuitive for Gen Z respondents, but it’s hard to imagine my 100-year-old grandmother navigating the system unassisted. That’s why states such as New York, Washington, and Alabama have committed tens of millions of dollars to supplement federal census outreach with local efforts. New York City alone awarded $19 million to dozens of grassroots groups to help reach their communities.
The outreach effort is most urgent for the immigrant Americans who have been systematically targeted by the Trump administration. Last year, the Supreme Court blocked the administration’s cynical efforts to chill immigrant participation by asking the public to disclose if they were citizens, but the fear that move inspired—that census data might be used by ICE and other federal agencies—still lingers.
It’s hard to imagine my 100-year-old grandmother navigating the system unassisted.
This is why grassroots immigrant groups have been some of the leading recipients of census outreach funding. In New York City, the small financial-planning nonprofit Ariva received $125,000 for its four-month census outreach. In Maryland, Centro De Apoyo Familiar, a housing counseling agency with a staff of only four (per its website), received $250,000 for census outreach, more than some counties. But, alarmingly, many of these groups have no cybersecurity personnel or training. Like many of the other census funding recipients, neither of these organizations lists any IT or cybersecurity staff, leaving it unclear who will protect the integrity of their census systems. Their staff and volunteers are preparing for this momentous count with little or no training on the sort of threats they might face from those who want to disrupt and delegitimize the census.
Even worse, some of the largest community census partners find themselves mired in internal bureaucracy. One New York City census outreach director told me that her nonprofit’s IT department refused to support the computers and Wi-Fi access points purchased with census grants, since the items were not coming through the standard procurement process.
But this isn’t just my concern; the census officials themselves are worried. The bureau has tried to provide some basic guidance by saying nonprofits should “follow best practices for securing devices and networks,” updating software and adding a password to their Wi-Fi. But those steps are simply not enough, and the Census Bureau knows it. In the end, their solution is to simply wipe their hands of responsibility for the mess they’re making, saying the Census Bureau “cannot and does not protect any devices that you make available to the public.”
It’s just as urgent that we protect the census that determines how much power our votes really have.
As Americans saw with the Iowa caucus, deploying untested electronic systems without federal oversight can be a recipe for disaster. More and more Americans are recognizing the urgency of protecting our voting systems, but it’s just as urgent that we protect the census that determines how much power our votes really have.
Of course, many nonprofits are being vigilant about security and thoughtful in how they design their systems. Here in New York, the public library system has been privacy-minded from the start, outlining plans for standalone census-response computers. These devices will be locked down to prevent any other software from being installed and will run on a separate network, secure from third parties.
The problem is that many of those groups being asked to reach out to the hardest-to-count, most vulnerable Americans are being denied the resources they need to do the same. In the weeks we have left, the cities and states taking a stand for an inclusive count need to address the problem, providing funding, guidance, and other resources to ensure that these front-line organizers collect data securely. It’s a lot to accomplish with so little time, but we can’t wait 10 more years to get this right.
Albert Fox Cahn is the founder and executive director of the Surveillance Technology Oversight Project (S.T.O.P.) at the Urban Justice Center, a New York-based civil rights and privacy group, and a fellow at the Engelberg Center for Innovation Law & Policy at N.Y.U. School of Law.
Zachary Silver is a civil rights intern at the Surveillance Technology Oversight Project (S.T.O.P.) at the Urban Justice Center and a third-year law student at the Benjamin N. Cardozo School of Law.