This article was originally posted to Freedom to Tinker on August 17, 2016.

There’s been a lot of discussion of whether the November 2016 U.S. election can be hacked.  Should the U.S. Government designate all the states’ and counties’ election computers as “critical cyber infrastructure” and prioritize the “cyberdefense” of these systems?  Will it make any difference to activate those buzzwords with less than 3 months until the election? First, let me explain what can and can’t be hacked.  Election administrators use computers in (at least) three ways:

1. To maintain voter registration databases and to prepare the “pollbooks” used at every polling place to list who’s a registered voter (for that precinct); to prepare the “ballot definitions” telling the voting machines who are the candidates in each race.
2. Inside the voting machines themselves, the optical-scan counters or touch-screen machines that the voter interacts with directly.
3. When the polls close, the vote totals from all the different precincts are gathered (this is called “canvassing”) and aggregated together to make statewide totals for each candidate (or district-wide totals for congressional candidates).

Any of these computers could be hacked.  What defenses do we have?  Could we seal off the internet so the Russians can’t hack us?  Clearly not; and anyway, maybe the hacker isn’t the Russians—what if it’s someone in your opponent’s political party?  What if it’s a rogue election administrator?

To maintain voter registration databases and to prepare the “pollbooks” used at every polling place to list who’s a registered voter (for that precinct); to prepare the “ballot definitions” telling the voting machines who are the candidates in each race.
Inside the voting machines themselves, the optical-scan counters or touch-screen machines that the voter interacts with directly.
When the polls close, the vote totals from all the different precincts are gathered (this is called “canvassing”) and aggregated together to make statewide totals for each candidate (or district-wide totals for congressional candidates).
Any of these computers could be hacked. What defenses do we have? Could we seal off the internet so the Russians can’t hack us? Clearly not; and anyway, maybe the hacker isn’t the Russians—what if it’s someone in your opponent’s political party? What if it’s a rogue election administrator?