Civil Rights Coalition Comments on Changes to Census Bureau’s Confidentiality Pledge
Jennifer Jessup, Departmental Paperwork Clearance Officer, Department of Commerce
Departmental Paperwork Clearance Officer
Department of Commerce
Room 6616, 14th and Constitution Avenue NW
Washington, DC 20230
Submitted via email
Re: Notice of revision of the confidentiality pledge under Title 13, United States Code, Section 9 (Document Citation: 81 FR 90319)
Dear Ms. Jessup:
On behalf of The Leadership Conference on Civil and Human Rights, a coalition charged by its diverse membership of more than 200 national organizations to promote and protect the civil and human rights of all persons in the United States, and its Census Task Force, we appreciate the opportunity to provide comments in response to the U.S. Census Bureau’s Federal Register notice regarding revisions to the confidentiality pledge it provides to its respondents under Title 13, United States Code, Section 9. The Census Task Force is committed to ensuring a fair and accurate census and believes that the collection of useful, objective data about our nation’s people, housing, economy, and communities is among the most significant issues facing our democracy today.
The confidentiality pledge, in its current form, has served the Census Bureau well in gaining the trust and protecting the civil liberties of people residing in the United States. The fact that any circumstance would warrant a revision to this fundamental and time-tested promise should raise concerns. The proposed revision of the confidentiality pledge reflects the acceptance of a false choice between security and confidentiality, a decision that risks compromising the personally identifiable information or proprietary data of U.S. households and organizations and discouraging participation in the bureau’s surveys. Therefore, we urge the Census Bureau and the U.S. Department of Homeland Security (DHS) to put in place alternative measures that will allow the Census Bureau’s longstanding confidentiality pledge to remain intact, while ensuring compliance with the Federal Cybersecurity Enhancement Act of 2015.
Current Confidentiality Pledge is Effective
The Census Bureau’s Title 13 confidentiality pledge embodies a key pillar of the bureau’s ethical code, which has served the agency well. Census Bureau testing has shown that assurances of confidentiality are effective at securing respondent participation in its surveys. Testing for the 2010 Census showed that anonymity was important to participants. In addition, participants responded well to assurances that their data would only be used for statistical purposes and responded negatively to the idea of two-way agency data sharing. In particular, Census staff recommended against including information that evokes strong reactions, like “immigration agencies.”
A fundamental goal of Census Bureau data collection activities is accuracy, which depends on broad participation by households and organizations. Lack of trust in the confidentiality of personal data presents a major barrier to census participation, especially among hard-to-count population groups, despite the survey’s mandatory nature. Qualitative, ethnographic investigation shows that some immigrant and Muslim communities already fear the census, and assurances in the confidentiality pledge can be instrumental in garnering responses. Importantly, these communities’ fears are not unjustified. The Census Bureau provided address-level data to other parts of the U.S. government to help facilitate the unjust internment of Japanese Americans in camps during World War II. Recognizing the stain on our nation’s history, as well as the importance of preserving the integrity of the nation’s largest statistical agency, Congress subsequently strengthened the confidentiality provisions of the Census Act to prevent any sharing of personally identifiable information outside of the Census Bureau, for any reason. Allowing non-sworn agents of the U.S. government to see confidential information — even to advance the bureau’s cybersecurity — easily could generate additional fear in disadvantaged and persecuted communities, resulting in disparate racial and ethnic impacts and undermining the validity of datasets.
Revised Pledge Abandons Confidentiality Protections
Revising the confidentiality pledge reflects a decision that goes against the most recent decennial census operational plan, which includes the following goal: “Ensure that all people handling or reviewing Title 13 and Title 26 materials are Special Sworn Status certified.” According to the Federal Register notice, the Census Bureau’s proposed confidentiality pledge revision stems from an agreement between the Census Bureau and DHS under the Federal Cybersecurity Enhancement Act of 2015. Under this agreement, DHS provides “protection against cyber malware” through a technology known as Einstein 3A, which electronically searches Internet traffic in and out of federal civilian agencies in real time for malware signatures and has the capacity to block traffic, also in real time. Einstein 3A (“A” for “accelerated”) operates as a managed security service provided by internet service providers. In other words, Einstein 3A involves private ISPs scanning all traffic that flows to and from the federal government. When it detects potentially malicious traffic, which could include personally identifiable information, it intercepts and segregates the data so it can be reviewed by personnel at DHS. As noted below, the affected data are then segregated and reviewed by DHS personnel.
Consequently, the revised pledge would state, “Per the Federal Cybersecurity Enhancement Act of 2015, your data are protected from cybersecurity risks through screening of the systems that transmit your data.” Neither the pledge nor the notice offer the public any guarantee that personally identifiable information could not be accessed by other federal government agencies. Once such information is in the possession of individuals who are not bound by Title 13’s strict confidentiality requirements and penalties, the potential for misuse arises and could be difficult to detect, monitor, and prevent.
It is unclear what data will be seen by public officials who are not bound by the Census Bureau’s strict confidentiality protections. In fact, the notice states that when Einstein 3A detects a malware signature—however defined—“the Internet packets that contain the malware signature are shunted aside for further inspection by DHS personnel. Since it is possible that such packets entering or leaving a statistical agency’s information technology system may contain a small portion of confidential statistical data, statistical agencies can no longer promise their respondents that their responses will be seen only by statistical agency personnel or their sworn agents” [emphasis ours]. At a time when the Census Bureau itself has identified negative public perceptions and distrust as major threats to a successful decennial census in 2020, this admission moves in the wrong direction.
Alternative Approaches Are Available
There are viable alternative approaches that would remove the need to revise the Census Bureau’s successful statistical confidentiality pledge. We urge your immediate consideration of at least two administrative solutions to ensure that personally identifiable information cannot be seen by anyone other than Census Bureau employees or their sworn agents. One solution is to train sworn Census Bureau employees to perform Einstein 3A functions for Census Bureau internet traffic. Another option is to require DHS employees who monitor Census Bureau internet traffic using Einstein 3A, to take the current Title 13 confidentiality pledge that binds Census Bureau staff to the strict requirements and penalties of the law. These straightforward, sensible solutions would maintain the strict confidentiality protections the law intends, promote enhanced data security, and require no revision to the established confidentiality pledge that the Census Bureau makes to respondents.
Additionally, we strongly urge DHS to pledge to strip all personally identifiable information from any cybersecurity threat indicator it shares outside the department. The strict confidentiality requirements that encourage participation in the census, especially among vulnerable minority communities, must trump the provisions of the Cybersecurity Information Sharing Act of 2015 (“CISA”) that encourage government-wide sharing. It is worth noting that such an outcome is not inconsistent with the application of prior laws enacted to protect the nation’s security, vis-à-vis Title 13-protected data. The Department of Homeland Security and Department of Justice confirmed during the 2010 Census that the Patriot Act did not trump the strict Title 13 requirements to maintain a firewall between personally identifiable information and all other government agencies. Here, especially with respect to Einstein 3A intercepted traffic, there is a significant threat that, absent a complete scrub of personally identifiable information from any cyber threat indicator, personal information could be used, and access abused, for purposes that will chill participation in the census.
DHS could conceivably make this pledge in an addendum to the Privacy and Civil Liberties Final Guidelines promulgated by US-CERT. Section 105(b)(2)(B) of CISA requires the agencies to periodically review the privacy and civil liberties guidelines, and CISA requires the guidelines to include procedures to safeguard cyber threat indicators that contain personally identifiable information, and permits the guidelines to include sanctions against personnel who fail to comply.
Thank you for this opportunity to comment on the revisions to the confidentiality pledge as the Census Bureau strives to count everyone once and in the right place in the decennial census, meet the urgent needs of communities, and strengthen public trust and participation in demographic and economic censuses and surveys. If you have any questions about these comments, please contact Corrine Yu, Leadership Conference Managing Policy Director, at 202-466-5670 or [email protected] or Indivar Dutta-Gupta, at 202-662-9098 or [email protected].
President & CEO
Executive Vice President