May 13 2021

Census Bureau Built Extra Security into Its Field Devices

MDM, MFA and Apple helped the bureau protect the most personal information of more than 331 million U.S. residents.

When the U.S. Census Bureau prepared to outfit as many as 600,000 census takers with iPhones to go door to door to collect data, the agency focused on security every step of the way, from preparation and use of the devices to their decommissioning.

“Security is our No. 1 concern, other than data accuracy. We want to keep our data secure,” says Michael Thieme, assistant director for decennial census programs, systems and contracts.

For the 2020 census, enumerators used multifactor authentication to log in to their mobile phones and access their census-provided apps. When they visited homes to count residents who had not yet responded online or by mail, the enumerators filled out the census forms on the iPhones, where the data was encrypted. When they finished each questionnaire, the information was automatically transferred to secure cloud servers and deleted off the devices.

The only stumbling block was lack of internet access in remote areas. When the census employees were in dead spots, the data had to remain on the iPhones, but was immediately uploaded once internet connectivity resumed.

“We tried to keep data on the devices for as little time as possible,” Thieme says. “The data is encrypted on the phones, encrypted in transit and encrypted on our systems.”

Census Paired with Third-Party Partner to Protect Data

The Census Bureau, which counts the U.S. population every 10 years, takes data security and privacy seriously. The 2020 census was the most state-of-the-art population count in history; the bureau launched a website where residents could fill out census forms, and also eliminated some paper processes by digitizing its door-to-door field operation with iPhones.

Besides securing data from the iPhones, the bureau deployed comprehensive security measures and tools to secure the self-response website and to proactively monitor and protect its IT systems in the cloud and internal data centers.

In addition, the bureau is required by law to keep personally identifiable information private for 72 years after it’s collected, so it’s not only protecting the data from the current census, but also the previous seven as well.

“Our defenses never go down,” Thieme says.

The Census Bureau relied on multiple contractors for its mobile device strategy for door-to-door field operations. One contractor built the apps. Another ran penetration tests to ensure devices and applications were secure.

72 years

The amount of time the Census Bureau is required by law to keep personally identifiable information private after it’s collected

Source: U.S. Census Bureau

Meanwhile, CDW•G was in charge of acquiring, configuring and delivering more than 600,000 iPhones, iPad devices and Dell laptops to 248 census field offices throughout the U.S. And once the count was done, CDW•G was also in charge of erasing and disposing of the devices.

Ron Harris, CDW’s director of configuration services, says security was baked into every process from beginning to end. The company used dedicated wired and wireless networks to bolster security as employees set up and installed software on the mobile devices, he said.

“When we downloaded the apps, firmware and security policies, it was only on a network specifically for census. We did not share that network with any of our other customers, so there was no risk of mixing,” says Eric Thorson, CDW’s senior project manager for configuration services.

READ MORE: Configuration specialists can make your agency’s project more manageable.

How to Protect Data on Lost or Stolen Devices

As part of the effort, CDW provided asset management services and enrolled the devices in the Apple Device Enrollment Program (DEP), which essentially tied every iPhone and iPad to the Census Bureau, so only census workers could use the devices, Thorson says.

Apple DEP allowed the Census Bureau to manage device settings, including the required installation of VMware’s Workspace One mobile device management software.

“Only intended users could log in with their census credentials,” says Jack Nichols, CDW•G’s CTO for federal and senior manager of technical resources. “As soon as individuals logged in, that was recorded. We had unique IDs that each individual carried, so once they logged in, we knew an individual had that specific device, and that’s how we tracked them through the MDM platform.”

The MDM software provided extra security during field operations. Besides requiring multifactor authentication, the MDM software allowed the Census Bureau to remotely update the devices with software updates, including important security fixes, Thieme says.

If the devices were lost or stolen, the Bureau used the MDM software to remotely erase them. When the door-to-door field operations were completed last October, only 0.4 percent of the iPhones had been lost or stolen, he says.

“We had an excellent retention rate, and we feel good about that,” he says.

DISCOVER: How can Device as a Service ease an agency’s prelaunch workload?

How to Coordinate Delivery and Return of the Mobile Devices

When it came to delivery, the CDW•G team monitored the process and ensured that the devices were successfully delivered to the Census Bureau’s 248 field offices and were not lost or stolen. “We had tight chains of control and made sure all those assets were accounted for,” Thorson says.

On Oct. 15, when the enumerators completed 64 million household visits, the CDW•G team managed the device return process the same way, but in the opposite direction. CDW•G coordinated a biweekly pickup from the Bureau’s 248 offices.

Michael Thieme
Our defenses never go down.”

Michael Thieme Assistant Director for Decennial Census Programs, Systems and Contracts, U.S. Census Bureau

The majority of the devices were returned to the company’s Las Vegas configuration center after four weeks, says Randy Harris, CDW•G’s vice president of federal program management, capture and services.

The Census Bureau wanted CDW•G to erase the mobile devices in a secure location, so the technology solutions provider placed them in a caged-off area in the configuration center.

Eric Dahlin, CDW’s manager of configuration center delivery, says the decommissioning process had two parts: First, his team erased the devices, then digitally sanitized them. Data sanitization is a more stringent process to ensure that data is completely erased and not recoverable from the iPhone’s flash memory.

“We developed a process to guarantee every device went through that sanitization to ensure all the confidential information was erased,” Dahlin says. “Once we completed that, we sent the logs and artifacts to the Census Bureau to confirm, and at that point, the decommissioning of the devices was complete.”

Thieme says he’s pleased with how the Census Bureau was able to maintain security during the data collection process. The agency released the final population count on April 26 — 331,449,281 people, to be exact — as well as the number of seats each state will get in the House of Representatives beginning in 2023.

But, he says, the agency is not resting on its laurels. The Census Bureau is still calculating data needed to redraw congressional districts, information due at the end of September, so it’s critical for the agency to maintain a strong cybersecurity posture.

“We are still processing data, so we might still have a target on our back,” Thieme says. “We no longer have our internet site. We no longer have people out in the field with an opening into our system. Those things go away, and we calm down because of that. But with all the other systems, we are on high alert.”

releon8211/Getty Images