People have trouble prioritizing risk. For example, you often hear about the threat of voter fraud, when all evidence suggests that the risks of such fraud are inconsequential. In truth,\u00a0hacked voting machines are much more likely to affect an election\u2019s outcome.\u00a0Why would an election fraudster try to herd a flock of criminal participants to the polls when one mildly talented hacker could cause far more trouble?On a state-by-state level, most presidential elections are decided by many thousands of votes. For example, in 2012, Barack Obama beat Mitt Romney by more than 166,000 votes in the swing state of Ohio. Even in the 2000 election, the closest presidential contest ever, what sort of Houdini could have marshaled the miscreants necessary to cast a few hundred fake votes to tip the balance without getting caught? A hack of a single voting machine could accomplish the same objective.The good news is that voting machines are not connected to the internet, so physical access is required to hack them. The bad news: If you can get to them, they're easy to hack.Voting machines are dinosaursAmerica\u2019s voting machines include both old mechanical devices and voting computers, which tend to run old operating systems on unsupported, out-of-warranty laptops and servers. Today, approximately\u00a070 percent of \u00a0U.S. voting sites use a voting computer.It\u2019s amazing how many voting computers still run Microsoft Windows XP, though Microsoft hasn\u2019t supported it or offered critical security patches for years. According to the Brennan Center for Justice at New York University School of Law, 43 of our 50 states have voting computers that are at least 10 years old; 14 of those 43 states use voting computers that are 15 years old or more.Most of the people in charge of protecting, configuring, updating, deploying, and supporting these devices lack the experience or troubleshooting skills of today\u2019s average teenager. Few understand the security risks involved with the computers they manage.All voting computers can be hackedMost voting computer manufacturers (there are at least 15 vendors) believe white hat hacking is a menace. Proactive bug bounty programs do not exist. Only a few states require independent vulnerability audits.Every independently audited voting computer has been shown to contain numerous, basic, easy-to-exploit vulnerabilities. A fresh report\u00a0from the Institute for Critical Infrastructure Technology puts it succinctly: \u201cVoter machines, technically, are so riddled with vulnerabilities that even an upstart script kiddie could wreak havoc.\u201d In 2012, white hat hacker Roger Johnston explained to Popular Science how a voting computer\u2019s votes could be changed for less than $10 worth of RadioShack hardware.Well, at least such hacks require physical access. No one would consider connecting voting computers to the internet and making them exponentially more vulnerable. Right?The internet voting perilWrong. Thirty-plus states and the District of Columbia already allow some votes to be submitted across the internet.\u00a0More states want to experiment with internet voting. It\u2019s simply a matter of time.Scores of companies are lobbying for internet voting, including Simply Voting, which touts \u201cflawless elections made simple.\u201d Granted, I\u2019m confident any system is hackable, but at least this vendor seems to understand some of the risks.I don\u2019t have to think long and hard to imagine a broad, client-side, man-in-the-middle attack, which could flip votes without the vendor or the voter being able to detect it. Sophisticated malware able to accomplish similar tasks, in the form of banking Trojans, has been around for more than a decade.Keep the vote safeI know of no independent computer security researcher with voting machine expertise who will tell you that computerized-voting is safe as it stands -- or recommends moving to internet-based voting. Read Bruce Schneier\u2019s latest NSFW rant to get his take on the topic.Lots of other organizations, such Verified Voting,\u00a0are working hard to safeguard our current computerized voting experience. Verified Voting even lets you find out which voting computer or machine your voting precinct uses.All voting computer experts agree that verified paper audit systems must be maintained to audit and spot-check a voter\u2019s intent. Unfortunately, one quarter of our states don\u2019t require paper trails -- and only 26 require post-election auditing verification.Why is stealing elections so hard?Hacking an electronic voting computer isn\u2019t hard, but rigging an election is, mainly because physical access is necessary. Each physical hack adds to the risk of discovery, and you'd need to hit enough machines in the right places without detection to shift an election\u2019s outcome.Consider the 2000 presidential election. The incredibly tight outcome in Florida could not have been predicted. To swing any election, hackers would need to know who's going to the poll and how many votes would be necessary to offset the early, military, and absentee ballots (which often aren\u2019t counted until after the election). That can\u2019t be done with any level of accuracy.In today\u2019s world of ultrapolarized politics, where each side accuses the other of \u201crigging\u201d elections, keeping our elections reliable and tamper-free is paramount. But I don\u2019t think \u201celection observers\u201d and voter IDs will do it. Instead, we need paper trial auditing -- and we need to keep voting off the internet.