ORLANDO, Fla. — The stakes are high when a major civic exercise involves a large population, new technology that has not been thoroughly tested and an entire country waiting on the results.
Just ask the organizers of the Iowa caucuses, which offered a cautionary tale on the technological woes that could befall a big political event. Some observers worry that this year's census carries the same potential for mayhem — except on an infinitely larger scale.
The U.S. Census Bureau plans to try out a lot of new technology. It's the first once-a-decade census in which most people are being encouraged to answer questions via the internet. Later in the process, census workers who knock on the doors of homes that have not responded will use smartphones and a new mobile app to relay answers.
A government watchdog agency, the Census Bureau's inspector general and some lawmakers have grown concerned about whether the systems are ready for prime time. Most U.S. residents can start answering the questionnaire in March.
“I must tell you, the Iowa [caucus] debacle comes to mind when I think of the census going digital,” Eleanor Holmes Norton, the congressional delegate for the District of Columbia, said this week at a hearing on the census.
Cybersecurity is another worry. Experts consider the census to be an attractive target for anyone seeking to sow chaos and undermine confidence in the U.S. government, as Russia did in the 2016 presidential election.
In a worst-case scenario, vital records could be deleted or polluted with junk data. Even a lesser assault that interfered with online data collection could erode public confidence. In 2016, a denial-of-service attack knocked Australia's online census offline, flooding it with junk data.
The Census Bureau says it's ready. The agency promises that responses to the questionnaire will be kept confidential through encryption, and that it's working with the Department of Homeland Security and private-sector security experts to thwart cyber attacks. To hinder illegitimate responses, the bureau is blocking foreign IP addresses and stopping bots from filling out fake responses, among many other measures.
The bureau says it has developed two secure data-collection systems, so that if one goes down, the other can substitute. Other mechanisms are in place to prevent failure and to back up essential functions.
"All systems are go," bureau Director Steven Dillingham said.
For the past three years, the Government Accountability Office has placed the census on its list of high-risk programs, mainly because it is relying on technology that has not been used before.
Just last week, census officials decided to use a backup data-collection system for handling the online responses. That step was taken after officials grew concerned that the primary system, developed by a third-party contractor, would not be able to handle excessive traffic. The primary system experienced performance problems when up to 400,000 people were answering questions at the same time.
The backup system, called Primus, was developed in-house and can handle up to 600,000 users at once. But it was never tested during a test-run for the decennial census in Rhode Island two years ago.
"Late design changes such as a shift from one system to another can introduce new risks during a critical moment," Nick Marinos, the GAO's director of information technology, testified this week at the congressional hearing. "The bureau needs to quickly ensure that the system is ready and that contingency plans are finalized to reflect this change and fully tested before going live."
Then there's the mobile app for census takers who will be sent out to visit the homes of residents who have not filled out the forms by May. Bureau officials are still working to find out why the app sometimes needs to be restarted or reinstalled for it to work properly, according to a GAO report released this week.
In Iowa, a newly developed smartphone app was blamed for delaying the reporting of results from the first-in-the-nation presidential contest .
The Census Bureau has not finalized its backup plans for the online questionnaire system. As of the end of last year, the bureau still had to do 191 corrective actions for cybersecurity that were considered "high risk" or "very high risk," the GAO said.
Last summer, the bureau's Office of Inspector General identified several weaknesses in the agency's backup planning efforts, including the ability to recover data stored in the cloud in the event of a large-scale attack or disaster.
In the same report, the inspector general said the bureau did not securely use commercial cloud services during census preparations and found many security deficiencies that indicated the agency was "behind schedule and rushed to deploy its systems" for the Rhode Island test-run.
The inspector general currently is conducting another audit of the bureau's information-technology security, but there's no word on when it will be finished, said Robert Johnston, the agency's chief of staff.
In Iowa, fewer than 200,000 voters picked a candidate. The census will be conducted on a much grander scale as it attempts to count residents in almost 130 million households with the help of 52 IT systems. The nationwide headcount has been touted as the largest peacetime operation the government undertakes.
An accurate count is crucial for determining how many congressional seats each state gets and the distribution of $1.5 trillion in federal spending. Respondents who do not want to answer the questionnaire online can do so by telephone or by mailing in a paper form.
Dillingham told lawmakers that the concerns raised by the inspector general had been remedied. The Census Bureau is prepared to distribute millions of paper forms in the event a catastrophe prevents people from responding online, bureau officials added.
"We can recover data if we had a breach," said Albert Fontenot, an associate director at the bureau. "At the worst case, we would send someone out to re-collect that data."
Associated Press Technology Writer Frank Bajak in Boston contributed to this report.