INSTITUTE FOR CONSTITUTIONAL ADVOCACY AND PROTECTION GEORGETOWN UNIVERSITY LAW CENTER July 16, 2018 The Honorable Wilbur L. Ross, Jr. Secretary, Department of Commerce 1401 Constitution Avenue NW Washington, D.C. 20230 Concurrently via email: wlross@doc.gov Dr. Ron S. Jarmin Acting Director, U.S. Census Bureau 4600 Silver Hill Road Washington, D.C. 20233 Concurrently via email: ron.s.jarmin@census.gov Dear Secretary Ross and Acting Director Jarmin, The upcoming decennial census represents a moment of both opportunity and risk for our country. It is an opportunity, of course, to obtain an accurate rendering of our country’s composition so as to lay the foundations for fair and just elections and the proper apportionment of public resources in the decade to come. Among the risks, however, are those associated with the 2020 Census being the first electronic census in our nation’s history. As the Census Bureau itself has rightly recognized, “[s]afeguarding and managing information is essential to the credibility of the Census Bureau and to the success of its mission.” Ultimately, the accuracy of the 2020 Census will be improved by enhancing the public’s confidence in the secure collection and safe storage of that information. Our country’s elected representatives and, indeed, the American people deserve to understand the technical protocols and systems being utilized by the Census Bureau to ensure that the electronic collection and storage of information about millions of Americans will be handled as securely as possible. This is especially important in an age in which new types and sources of cybersecurity threats seem to emerge almost weekly. Despite repeated requests from Congress and from the public for a better understanding of the Census Bureau’s preparations for the first electronic census, the Bureau has not provided basic information such as whether two-factor authentication will be required for all access to the data obtained, whether relevant information will always be encrypted while in transit and also while at rest (and what specific encryption methods will be used), and whether other now-standard cybersecurity practices will be utilized. While the Bureau has released a considerable array of materials regarding the 2020 Census and even aspects of its electronic component, to the best of our knowledge none specifies how the Bureau is implementing even the most basic cybersecurity practices. 1 600 New Jersey Avenue NW, Washington, D.C. 20001 (202) 662-9042 reachICAP@georgetown.edu INSTITUTE FOR CONSTITUTIONAL ADVOCACY AND PROTECTION GEORGETOWN UNIVERSITY LAW CENTER The signatories to this letter represent a wealth of cybersecurity experience in government and in the private sector. We believe that it would enhance the confidence of the American people and their elected representatives for the Census Bureau to set out publicly the technical protocols and systems that it will use to ensure the security of the data obtained electronically in the 2020 Census as well as the security of the data obtained through paper forms before being scanned and also stored electronically. We urge the leadership of the Bureau and of the Department of Commerce to share publicly their plans for protecting information vital to the future of American voting but also tempting for adversaries that seek to harm our country and its foundational democratic processes. Such transparency and leadership would boost public confidence and also allow cybersecurity experts outside the government to offer assistance in addressing any concerns that they might identify. At a minimum, and as an alternative if deemed preferable, we urge Commerce Department and Census Bureau leadership to retain a reputable outside cybersecurity firm to conduct an end-to-end audit of current plans for data protection associated with the 2020 Census and, in turn, to have such a firm either confirm (ideally publicly) the adequacy of existing cybersecurity protocols and procedures or assist in addressing any gaps or vulnerabilities identified. We thank you for your consideration of this request and for your efforts to ensure that the 2020 Census is successful and secure. Sincerely, J. Michael Daniel, President and CEO, Cyber Threat Alliance; Former Special Assistant to the President and Cybersecurity Coordinator, National Security Council Joshua A. Geltzer, Former Senior Director for Counterterrorism, National Security Council; Former Deputy Legal Advisor, National Security Council Dipayan Ghosh, Former Senior Advisor on Technology Policy, White House Office of Science and Technology Policy; Former Privacy and Public Policy Advisor, Facebook Robert Litt, Former General Counsel, Office of the Director of National Intelligence Alexander Macgillivray, Former Deputy United States Chief Technology Officer; Former General Counsel, Twitter; Former Deputy General Counsel, Google Mary B. McCord, Former Acting Assistant Attorney General for National Security, Department of Justice Matthew G. Olsen, Former Director, National Counterterrorism Center; Former General Counsel, National Security Agency 2 600 New Jersey Avenue NW, Washington, D.C. 20001 (202) 662-9042 reachICAP@georgetown.edu INSTITUTE FOR CONSTITUTIONAL ADVOCACY AND PROTECTION GEORGETOWN UNIVERSITY LAW CENTER Christopher Painter, Former Coordinator for Cyber Issues, Department of State Daniel J. Rosenthal, Senior Fellow, George Washington University’s Center for Cyber and Homeland Security; Former Senior Counsel to the Assistant Attorney General for National Security, Department of Justice Paul Rosenzweig, Former Deputy Assistant Secretary for Policy, Department of Homeland Security James C. Trainor, Former Assistant Director for the Cyber Division, Federal Bureau of Investigation New America Public Interest Technology Team cc: Peter Davidson, General Counsel, Department of Commerce The Honorable Ron Johnson Chairman, Senate Homeland Security and Governmental Affairs Committee The Honorable Claire McCaskill Ranking Member, Senate Homeland Security and Governmental Affairs Committee The Honorable Trey Gowdy Chairman, House Committee on Oversight and Government Reform The Honorable Elijah Cummings Ranking Member, House Committee on Oversight and Government Reform 3 600 New Jersey Avenue NW, Washington, D.C. 20001 (202) 662-9042 reachICAP@georgetown.edu