The top voting machine maker in the country, ES&S, distributes modems or modeming capability with many of its DRE and optical-scan machines. (Some states, including California and New York, require voting machine makers to not only remove communication devices from their systems but also eliminate communications capability from their software for security.) About 35,000 of ES&S’s newest precinct-based optical scanner, the DS200, are used in 31 states and the District of Columbia and can be outfitted with either analog or cellular modems to transmit results. Maryland, Maine, Rhode Island and the District of Columbia use only DS200 machines statewide (though they also use two other systems specifically for disabled voters and absentee ballots); Florida and Wisconsin use the DS200s in dozens of counties, and other states use them to lesser degrees. ES&S’s earlier model M100 optical scanners, which also can be equipped with modems, have long been used in Michigan — a critical swing state in the 2016 presidential election — though the state is upgrading to DS200 machines this year, as well as machines made by Dominion Voting Systems. Dominion’s machines use external serial-port modems that are connected to machines after an election ends.

Not every polling place with embedded modems uses them to transmit results. Richard Rydecki, Wisconsin’s state elections supervisor, says counties in his state decide individually whether to transmit election results. Fred Woodhams, spokesman from the Michigan Department of State, said the same is true in his state. But even if a precinct doesn’t use its modems, having them embedded in voting machines is still a risk, experts say.

“If it is available for use” by an attacker, says Stauffer, “it can be used.”

ES&S insists that its security measures would prevent hackers exploiting or interfering with modem transmissions. According to a one-page document the company provided, the voting machines digitally sign voting results before transmitting them via modem and encrypt them in transit using SFTP — secure file transfer protocol. The election-management systems that receive results then check the signature to authenticate the data transmission. This theoretically means results couldn’t be swapped out and replaced with different ones. That is, unless an attacker can obtain ES&S’s signing key.

These keys, explains noted cryptographer and computer-security expert Matt Blaze, ‘‘need to be stored in the machine, and if they’re stored in the machine and under control of the software, any compromise of that software could be used potentially to extract” them. Blaze, who teaches at the University of Pennsylvania, says that ES&S machines he examined for Ohio’s secretary of state a decade ago had a number of security problems, including with key security.

As for using the modems to hack into machines and compromise their software, ES&S says its modems are configured to only initiate calls, not receive them, and can make calls only after an election ends, preventing anyone from dialing in or having them dial out at other times. The company also says results are not sent directly to the election-management systems but to a data communications server that operates as a DMZ, or ‘‘demilitarized zone,’’ separated from the internet and the election-management system by firewalls. The election-management system accesses the DMZ to collect the results.

ES&S advises election officials to configure the external firewall that protects the DMZ to only accept connections from IP addresses assigned to the voting machines. And election officials in Rhode Island, which uses ES&S’s DS200 machines with modems, told me that the modems only transmit for about a minute, which wouldn’t be sufficient to hack into voting machines or results servers.

But Stauffer and others say none of this would prevent a skilled hacker from penetrating the machines via their modems. Although overwriting the machine’s firmware, or voting software, would be difficult to do in just a minute, Stauffer says installing malware on the underlying operating system would not. An attacker might be able to do this directly through the modem to the voting machine, or infect the election-management system on the other end and install malware that gets passed to voting machines when officials program future elections. In either case, the malware could disable modem controls on the voting machines and make the devices secretly dial out to whatever number an attacker wants whenever he wants, while also altering system logs to erase evidence of these calls. This would let an attacker connect to the machines before or during an election to install malicious voting software that subverts results.