The Census and the Data
tl;dr: how secure is census data? Does that concern matter?
As many people know, 2020 is also a year for conducting the Census as mandated by the US Constitution.
What many people may not know, however, is that a small sub-section of households receive something called the American Community Survey.
It is a much longer, more in-depth questionnaire and, according to the letter from the US Census Bureau, “you are required by law to respond.”
Over the years, however, some people have challenged the legality of the questions being asked as an infringing upon a right to privacy or speech. However, the courts have so far maintained that the the questions are constitutional.
My issue with the ACS is not the questions, it’s the answers.
Unique Data is a Honeypot
In the discussion about the merits of the ACS, Wikipedia offers:
American Community Survey data provides important information that cannot be found elsewhere.
If it can’t be found elsewhere, that means it’s unique. And if it is unique, someone is going to want it.
All of the case law, at least as far as I could tell, regarding the legality of the ACS is most recently from the 2000 Census. There may be cases working their way through the system from the 2010 Census, about which I am not aware.
Still, in either event, both of those Censuses (Censi?) occurred before the arrival of Big Data and globalized networks of data hackers.
That’s where my concern comes from.
How Secure is the ACS Data?
When you answer the ACS, you are giving up a LOT of personal information. You are either entering it into a website form or filling out a paper form.
Either way, what you don’t know is: what happens to the data after you complete the input.
Sure, the law says that
“The census records data specific to individual respondents are not available to the public until 72 years after a given census was taken, but aggregate statistical data derived from the census are released as soon as they are available. “
72 years being the average life expectancy of women, was the explanation proffered. Go figure.
“every employee at the Census Bureau takes an oath of nondisclosure and is sworn for life to not disclose identifying information. Violations can result in a 5-year prison sentence and/or $250,000 fine.[17]
All of that is well and good, but that’s a ton of trust that respondents are putting in the individuals who collect the data and the database administrators who secure it.
Honestly, it makes me very uncomfortable.
Claims are Not Enough. Proof Is
The Census website says:
“Our Technology is Secure
- Secure systems design: Working with industry partners, we have designed our systems with many layers of security to defend against and neutralize cyber threats.
- Secure data collection: We have developed and maintain a secure internet connection for collecting your information.
- Data encrypted: Your data is encrypted during data collection and then stored on our private, internal Census Bureau network, which is isolated from the internet by firewalls and other security measures.
- Limited access: Our data systems are secured by two-factor authentication.”
I’m all in favor of the Census, particularly given how important it is for seats in the House of Representatives.
However, these claims are just words on a website. How would I (or anyone) know how secure the data is?
Who has the keys for the data encryption?
How can the Census Bureau prove that the data one submits through the site or via the mail actually is secure?
I realize that these are questions most people won’t ask and I realize I may be a bit paranoid, but in this era of data theft on a massive scale, US citizens deserve more.
Kind of like the Estonian X-road.