Cybersecurity reporter Eric Geller on protecting elections from hackers and finding inspiration in cutting-edge science
A series of interesting conversations with interesting people by Pocket.
Politico cybersecurity reporter Eric Geller spends his days investigating cybercrimes, data breaches, and digital encryption issues. But his first day on the job in June 2016 was particularly memorable: It was the day the Democratic National Committee announced that its systems had been breached by Russian hackers. We caught up with Geller to ask about how he explains complicated cyber topics to readers, whether voting systems in the upcoming midterm elections are secure, and how he uses Pocket to stay inspired.
You cover cyberattacks, hacking, encryption, and other digital security issues for Politico, with a particular emphasis on how these issues affect the government. How did you end up on this beat?
I started out as a reporter covering technology policy at a news site called the Daily Dot. This was in late 2014 when cyberattacks and data breaches were starting to become more common and more important. I spent the next year and a half or so covering issues like net neutrality and privacy, but I increasingly felt like cybersecurity was the place where all the action was. It was new, it was complicated, and it was urgent. I moved to Politico to join their newly reconstituted cybersecurity team in June 2016. As it turned out, my timing was fortuitous. I arrived on the same day that the Democratic National Committee announced that it had been hacked.
You often write about election security and data breaches. What, in your opinion, should be done to prevent interference in the upcoming midterm elections?
When I talk to cybersecurity experts, they mention a few big things. First, they want states to fix vulnerabilities in their voter registration databases. These are the systems most vulnerable to hackers because they’re connected to the internet. If hackers can drop people from the voter rolls, it will create chaos on Election Day. Second, experts want states to replace their electronic voting machines with systems that produce paper records. These records make it possible to tell if hackers have silently tampered with machines so they produce inaccurate tallies. Without paper, experts say, we have no way of knowing if that’s happened. And third, experts really want the states and the federal government to robustly and rapidly share information. If one state notices a problem but doesn’t report it, that state may be depriving other states of the early warning necessary to protect their systems.
All three of these things are happening to various extents. Many states are testing their voter registration systems to see if they’re vulnerable. Some, like Virginia, have eliminated their paperless voting machines. And every state participates in a partnership with the federal government that gives their top election officials security clearances so they can access classified threat information.
But many states either aren’t moving fast enough or aren’t moving at all to address the recommendations from cybersecurity experts.
You report on complicated topics. How do you make your writing accessible to readers without oversimplifying the content?
Every time I explain something in an article, I have to revise it over and over again while thinking, “What am I trying to explain? What matters about this?” My approach is to pretend like I’m explaining my story to a friend who knows nothing about cybersecurity. I say a sentence out loud to see if it sounds like something a human being could say. If it does, I’m probably good. If it doesn’t, I have to keep tweaking it.
How do you decide what to cover next? What’s your research process like when you’re digging into a new story?
Some of my reporting is based on the news of the day. I can’t predict when the government will unseal an indictment charging foreign government hackers with a massive corporate hack. Those stories often appear out of nowhere and force me to pause what I was doing.
Other stories are the result of congressional hearings, agency board meetings, and conferences, which I know about in advance and can plan around.
There are far too many things happening for me to cover them all, and I’m only one of three reporters on our cybersecurity team. I prioritize my coverage by looking at the specifics of every possible story. Is the bill this committee is debating likely to pass? If it passes, how big of an impact will it have? What policy areas is this agency advisory board discussing? Are the speakers likely to say something new, or are they just going to summarize what I’ve been reporting for months?
My research process starts with reviewing past coverage of an issue. That helps me find bills, regulations, and other documents that I need to understand. It also points me toward sources who can explain the story to me. I think people underestimate how often reporters call sources and simply say, “What does this mean?” Particularly in a complex technical area like cybersecurity, reporters often don’t understand the nuances of a story before they start conducting interviews.
How has covering your beat affected you personally?
I’m not really able to disconnect, but to some degree, that’s a good thing. I think a lot more about my personal security practices than I did before I got this job. I also bug my friends and family a lot more about their security practices now.
What do you think the biggest challenges are in journalism today?
People have short attention spans, they often let their biases direct their news consumption, and they don’t want to pay for journalism.
I think a lot about all three, but especially the first one. Because of the attention span issue, we have to keep simplifying and simplifying our stories, and sometimes that means eliminating the nuance that makes the story worth reading — and writing — in the first place.
I’m also worried that the erosion of trust in mainstream news organizations will not be easily reversed. The less people trust hard-working, responsible journalists, the more trouble we’re going to face.
What type of impact do you hope to have with your work?
I hope the people who read my stories come away with a deeper understanding of the trade-offs involved in complex policy issues, and I hope they use that knowledge to create and advocate for better policies.
Cybersecurity is a relatively new area of policymaking. Many lawmakers and regulators simply don’t understand it. We’ve spent thousands of years thinking about how to build better transportation systems and develop better medicine. Those areas of public policy are more settled; the basic dynamics are well-understood, and there’s a mountain of precedents and regulations. That’s not the case with cybersecurity. Everything is new and moving very fast. Lots of things are up in the air.
What have you been discovering, saving, and spending time with recently in Pocket?
In the past few weeks, I’ve been traveling a lot, and while I’m out of town and on the go, my reading list starts to pile up. I’ve been reading a lot about the recent IPCC climate change report, immigration policy, and of course election security — mostly long-form articles that I can’t read as soon as I see them.
I also use Pocket to save some of the daily newsletters I read. I have an IFTTT recipe that automatically sends new editions of the newsletters to Pocket when they hit the RSS feed. I could subscribe to these newsletters via email, but I prefer to read them through Pocket. I read Politico’s own Playbook newsletter this way.
Imagine if your Pocket came to life as a party or gathering and we were invited. What’s the vibe? Who would we meet?
It would mostly be a party about Washington politics, with lots of foreign policy and national security experts talking about how the world is changing in the Trump era. There would be one corner for stories about the international community, with murmured discussions about NATO and the European Union. And there would be lots of Politico stories wandering around.
But there would also be a group of science nerds talking about the latest amazing scientific discoveries, from the deepest oceans to the furthest reaches of space. Because while most of my Pocket saves are about politics and government, I also like to save stories about science and technology to keep me inspired and amazed. Covering cybersecurity, with its constant failures and pressing threats, can be depressing, and it can make one pretty cynical. I keep those feelings at bay by reading about cutting-edge space exploration technologies and discoveries of otherworldly underwater species.
Follow Eric’s reporting here and get Pocket to save stories like these and discover other great content.
