The 2020 Census Is a Cybersecurity Fiasco Waiting to Happen

For the first time, the census will be conducted mostly online. What could possibly go wrong?

In 2016, Australia tried to run a more efficient national census by conducting it online. Things went badly from the start. On the day the survey was posted, hackers launched a denial-of-service attack that brought down the system for 40 hours. The census was eventually taken, but the government suffered massive embarrassment.

Now the United States is planning its first census that will be conducted primarily online. And with ongoing hacking of US political and government data by foreign powers, it’s no surprise security experts are warning that things could go very wrong.

“We know that certain foreign intelligence services like to mess with US institutions and to try and cause distrust in the system, right?” says Patrick Gray, a leading cybersecurity journalist based in Australia who was the first to piece together what happened there in 2016. “Messing with the census would be a good way to do that.”

The US Census Bureau tested an internet survey in 2000 and scrapped it in 2010 because of concerns over data collection effectiveness and security. Now, despite cost overruns, underfunding, understaffing, and tight deadlines, it’s back for 2020.

Jake Williams, a former National Security Agency hacker, says there are several ways state-sponsored or politically motivated hackers could undermine the census. They could launch an attack like the one in Australia to overwhelm the system and undermine confidence in it. They could flood the portal with phony data to manipulate the results. Or they could breach the system and leak people’s personal information. Any of these would take substantial time and money to fix.

“It’s asymmetric warfare,” Williams says. “If I can spend $1 and force you to spend $10, that’s the Cold War all over again. That’s how we won.”

Already, problems have cropped up. The bureau’s compressed timeline prevented it from conducting reliable tests to detect holes in the computer system’s security. In tests it did conduct, data collected by census workers could not be transmitted and in some cases was deleted completely.

A lack of confidence in the internet census could be self-fulfilling. In Australia in 2016, people opted to leave some personal information blank on their forms after civil liberties groups warned that their data might not be properly secured.

Kenneth Prewitt, who led the Census Bureau from 1998 to 2001, says a breach of the basic information people submit to the census probably wouldn’t lead to identity theft but could erode trust in government. “It wouldn’t amount to much because there’s not much to learn,” he says. “But the optics of it would be devastating.”

Image credit: Mother Jones illustration; Ylivdesign/Getty


Mother Jones was founded as a nonprofit in 1976 because we knew corporations and the wealthy wouldn't fund the type of hard-hitting journalism we set out to do.

Today, reader support makes up about two-thirds of our budget, allows us to dig deep on stories that matter, and lets us keep our reporting free for everyone. If you value what you get from Mother Jones, please join us with a tax-deductible donation today so we can keep on doing the type of journalism 2019 demands.

We Recommend


Give a Year of the Truth

at our special holiday rate

just $12

Order Now

Sign up for our newsletters

Subscribe and we'll send Mother Jones straight to your inbox.

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.


We have a new comment system! We are now using Coral, from Vox Media, for comments on all new articles. We'd love your feedback.