Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud

← Back to Stories (view on slashdot.org)

Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud

Posted by Soulskill on Saturday January 12, 2013 @08:50AM from the open-source-the-cashiers-while-you're-at-it dept.

Qedward writes "The Norwegian Ministry of Finance seems to be taking a bit of stick at the moment. It wants all the existing cash registers in the country thrown out and replaced with new ones. Not surprisingly, this massive upgrade is not popular. But it is apparently being pushed through in an attempt to prevent cash registers' figures being massaged downwards in use so as to reduce tax. The Norwegian association of tax auditors said: 'The source code must be opened.' 'Without source code it is not possible to determine whether or "hidden" functionality exists or not. Just knowing that the tax authorities have access to the source code of the application, will reduce the effort to implement hidden functionality in the software.'"

161 comments

Min score:

Reason:

Sort:

Just releasing the source may not fix it by phaunt · 2013-01-12 08:55 · Score: 5, Insightful

Releasing the source doesn't guarantee that a specific cash register is also running that code. So will this be all that helpful?
1. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 08:58 · Score: 0
  
  yes.
2. Re:Just releasing the source may not fix it by larry+bagina · 2013-01-12 08:58 · Score: 2, Insightful
  
  and it doesn't guarantee that the compiler doesn't have a backdoor of it's own.
  
  --
  Do you even lift?
  These aren't the 'roids you're looking for.
3. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 09:11 · Score: 0
  
  Ssh.. don't spoil the fun now!
4. Re:Just releasing the source may not fix it by rsagris · 2013-01-12 09:29 · Score: 4, Insightful
  
  Would people quit using this as an example of doubt? Show a real, honest to God, in the wild example of a widely used backdoor inserting compiler, or just STFU about it because while it might be possible it isn't in anyway practical or plausible enough to mention. If it was so easy to write a general use backdooring compiler, then it'd be actually seen, not fantasized about. -rs
5. Re:Just releasing the source may not fix it by lingon · 2013-01-12 09:40 · Score: 2
  
  To be honest, I have seen one or two proof of concepts of this. It's not that difficult to do, either (especially if there's money and tax avoidance in it). They should probably look into this as well as open sourcing the code, as a complement.
6. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 09:42 · Score: 0
  
  Are there examples of cash registers which are running code which have illegal, hidden functionality?
  If not, then your comment is equally applicable to this story.
7. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 09:48 · Score: 0
  
  It's much harder to find a good programmer that knows what he's doing, than a crooked accountant.
8. Re:Just releasing the source may not fix it by bloodhawk · 2013-01-12 09:58 · Score: 4, Insightful
  
  Not to mention you can just not register the cash in the machine or have separate machines that don't report centrally or any number of other ways. The machine being auditable only works if every other part of the sales process is auditable and controllable and really this isn't possible in anything but the largest organisations.
9. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 09:58 · Score: 5, Informative
  
  Are there examples of cash registers which are running code which have illegal, hidden functionality?
  Oh yes; here in Sweden there was registers that had hidden features that could be activated in order to reduce the reported sums/amount of transactions by the users choice. Typically used in restaurants/bars. Since a couple of years all registers have to certified and connected to a 'black box' supplied by our equivalent to the IRS.
  There was also frequent manipulation of the meters in taxis.
10. Re:Just releasing the source may not fix it by ilguido · 2013-01-12 10:14 · Score: 1
  
  Well, in that case a simple diff command could be enough to check if it's running the code it's supposed to run.
11. Re:Just releasing the source may not fix it by lsatenstein · 2013-01-12 10:54 · Score: 1
  
  What is more important is to have a sha256sum of the Cash Register program. The sum can be compared to a master copy held in the government premises. Not only that, the executed code could have some tamper resistant software to protect itself from tampering.
  Do you want UEFI for cash registers?
  
  --
  Leslie Satenstein Montreal Quebec Canada
12. Re:Just releasing the source may not fix it by russotto · 2013-01-12 11:37 · Score: 1
  
  Would people quit using this as an example of doubt? Show a real, honest to God, in the wild example of a widely used backdoor inserting compiler, or just STFU about it because while it might be possible it isn't in anyway practical or plausible enough to mention.
  Ken Thompson actually did that, it wasn't just a concept. So yes, it is both practical and plausible.
13. Re:Just releasing the source may not fix it by aurispector · 2013-01-12 11:37 · Score: 3, Interesting
  
  You don't need a crooked accountant. Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.
  All these tactics are characteristic of being on the wrong side of the Laffer curve. To quote Princess Leia: "The more you tighten your grip, the more star systems slip through your fingers".
  Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.
  Spending reductions are the first and best measure - tax revenues go UP when rates go down.
  
  --
  I have mod points. The reign of terror begins now.
14. Re:Just releasing the source may not fix it by ShanghaiBill · 2013-01-12 11:50 · Score: 1
  
  Just don't ring up cash sales and you're good to go,
  Until a plainclothes tax agent comes into your establishment, pays cash, and doesn't receive a receipt.
  But I doubt if you have to worry about that too much, at least in California. If you pay cash at almost any Chinese restaurant, you will not get a cash register receipt. So either the checks are too infrequent, or the penalties too lenient, to have much effect.
15. Re:Just releasing the source may not fix it by gl4ss · 2013-01-12 11:54 · Score: 1
  
  then you don't get a receipt.
  anyhow, it's pretty easy for inspectors to go for a kebab and see if they get the receipt. or if there's multiple machines.
  and not to be a racist or anything.. but around here in another nordic country these are the places which prefer cash. they all take cc's too though.
  this just makes the inspections real simple to perform as there's no 20 different register providers. the point is that it's easy to check what has been put through the register and if it's running the code it should..
  
  --
  world was created 5 seconds before this post as it is.
16. Re:Just releasing the source may not fix it by mrmeval · 2013-01-12 12:11 · Score: 1
  
  Just stick a PC there tied directly in to the government servers. Let the government figure the bill and the tax. Simple. ;)
  
  --
  I'd go on a Vegan diet but the delivery time from Vega is too long. --brownkitty
17. Re:Just releasing the source may not fix it by anubi · 2013-01-12 12:36 · Score: 1
  
  MPU
  
  Ken's Backdoor
  
  --
  "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
18. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 12:44 · Score: 0
  
  I used to do this manually. Back when I was 18 I worked at a Subway sandwich shop, and the cheaper subs were $3.99 (dating myself here...). There's a food tax here that doesn't apply on orders under $4.00, so when someone ordered several $3.99 subs, I'd punch it all up to show them the total (including the food tax), then once the customer handed over the money I'd quickly erase all but one sub, hit sale to open the till, and give the customer change based on the taxed amount. Then later I'd punch in each sub individually, and I'd end up with something like 20 cents per sub. It added up to an average of about $3 an hour once I got the best shifts for it, I think minimum wage was around $6 so it certainly helped. I even told the owner about it, he didn't care if I did it or not as long as nobody complained. I also told some regular customers, mostly because they were bound to figure it out sooner or later and possibly complain. Of course the $4 threshold hasn't budged to meet inflation so it's not so applicable anymore.
  I never understood why fast food chains would prohibit accepting tips to lower the cost to consumers but didn't rig the menu to avoid the food tax. One restaurant took my advice and sold $3.99 plates and had vending machines for drinks, did well with that model.
19. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 13:03 · Score: 0
  
  He who writes the source code decides nothing...
  He who writes the COMPILER decides everything!
  http://c2.com/cgi/wiki?TheKenThompsonHack
20. Re:Just releasing the source may not fix it by tnk1 · 2013-01-12 13:24 · Score: 2
  
  It could very well be helpful. The government could, in theory, generate checksums of binaries/firmware resulting from that code that are used in the registers and compare them with what they discover in audited machines. There might be some initial bumps in the road, depending on how they are generated/compiled, but you can be sure that the government will synchronize with the register vendor to make sure they know what they are looking for.
  Of course, the government isn't going to catch everyone, but really, they may improve their tax collection significantly by just auditing the registers of a certain percentage of companies with large taxable revenues. No big or midsized company will be able to risk trying to pull one over on the regulators as long as it is clear that there is intent to actually run audits and the ability to obtain good data.
  The government doesn't even have to catch you right now. If you put some particularly clever code that allows for hidden external modules or whatever, you may well get away with it for now, but if the government has the source, they will eventually know what to look for, and they will tack on charges as soon as it looks like you were being extra clever when they do discover you.
21. Re:Just releasing the source may not fix it by tnk1 · 2013-01-12 13:31 · Score: 1
  
  Well all of that is true... to an extent.
  Yes, you will not catch everyone. Oh the other hand, you can probably increase your revenue significantly by ensuring that bigger organizations all comply with targeted audits on them. The small guys still get away with it, but as long as they don't stop paying taxes altogether, the government is probably all right.
  Incidentally, this is why big government loves big business, or perhaps, needs big business. If you have a country full of small businesses, you have to audit 51% of those businesses to get a majority of the taxable revenues audited. If you have a country with much fewer businesses that do a majority of the business, then it is significantly easier to regulate them because you can have fewer auditing costs, and more of those dollars can be concentrated on a particular target, if you have the will to do so. You then rely on the corporation's control over it's affiliates/employees to do the fine grained control of the regulations, and big companies always have at least some disgruntled workers willing to rat out their bosses, which may not happen as often with small businesses.
22. Re:Just releasing the source may not fix it by tnk1 · 2013-01-12 13:36 · Score: 1
  
  Small business checks will be very infrequent, because they will not be a very efficient use of audit money. There's not enough tax money at stake with small businesses to go after them with actual agents, unless there is a desire to make examples of them. It is likely that some mom and pops do occasionally deal with that, but as long as they are not paying an absurdly low amount of tax, or their taxable revenues don't have an unexpected drop from previous years, chances are that no one is going to notice.
23. Re:Just releasing the source may not fix it by tnk1 · 2013-01-12 13:45 · Score: 1
  
  Plausible, yes. Practical, no.
  If you have the code, you can compile it. If the government has the code they can compile it, and obtain reference checksums of binaries. Adding backdoors will change the checksums because you can't add functionality to a binary without changing bits.
  Since these are manufactured devices, you can make sure the vendor is releasing binaries that match the checksums you get with your compilations at the government offices. They will need to synchronize compiling methods, sure, but that's not going to be incredibly difficult to do.
  The only way you can really backdoor code like that is to have the code have the ability to accept external modules and then write an offending module that you custom load on your machines. Chances are, the government would get wise to that too, since again, they have the code to see what is possible with it.
24. Re:Just releasing the source may not fix it by CrimsonAvenger · 2013-01-12 14:10 · Score: 1
  
  (especially if there's money and tax avoidance in it).
  They're not proposing this to combat "tax avoidance" (which is legal), but "tax evasion" (which is illegal).
  
  --
  
  "I do not agree with what you say, but I will defend to the death your right to say it"
25. Re:Just releasing the source may not fix it by BasilBrush · 2013-01-12 14:31 · Score: 2
  
  The only tax rate that is so low people won't bother cheating is 0%. A bit like software piracy - we see that people will still hack and pirate apps even when the price is as low as 99c.
  
  Spending reductions are the first and best measure - tax revenues go UP when rates go down.
  Right after you mention the Laffer curve. Of course the Laffer curve doesn't say that. Only above a certain rate is that true. Below that rate tax revenues go down when rates go down.
  What's that rate? Nobody knows, because the Laffer curve is only a concept. No one can draw a chart of it. Economics are far too complex to be encapsulated by it.
26. Re:Just releasing the source may not fix it by BasilBrush · 2013-01-12 14:39 · Score: 2
  
  then you don't get a receipt.
  With multiple cash registers then of course you get a receipt. If your sale is rung up on register A then you get a receipt and it's reported for the taxman. If your sale is rung up on register B then you get a receipt but it's never reported to the taxman.
  And there's nothing wrong with having multiple registers. Plenty of shops do. Any shop that has several cashiers for example.
27. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 15:22 · Score: 0
  
  Spending reductions are the first and best measure - tax revenues go UP when rates go down.
  Do you have any evidence that this is true in Norway?
28. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 15:29 · Score: 0
  
  Nobody knows, because the Laffer curve is only a concept. No one can draw a chart of it. Economics are far too complex to be encapsulated by it.
  A quick looks shows this Laffer curve graph. And here the "expert of economics" BasilBrush said it couldn't be done.
  In reality, it can be drawn, I showed it. It is a SIMPLE concept to understand, look it up. It has been PROVEN three times since WW2. JFK proved it, Regan proved, George W Bush proved it. That shows a 100% success rate at proving that it works that way. Has ANY other economic theory on tax rates ever even come close to being proven like this (Hauser's law has, but thats it as far as I know). The only people who claim it is too complicated and can't be proven are the ones who want to raise your taxes and they sound like idiots when this is trotted out because raising rates reduces revenue. They MUST resort to name calling and trying to say it isn't true when it has been shown three times to be true.
29. Re:Just releasing the source may not fix it by gmueckl · 2013-01-12 15:57 · Score: 1
  
  Well, you could force everyone trying to compile your software to use your compiler, e.g. if you bootstrapped a custom, self-hosted programming language just for the cash register software. Then everyone trying to verify the binaries would have to use your compiler binary for the process, which automatically introduces the backdoor in every version of the software ever compiled.
  However, a compiler for a useful new programming language takes time and effort, so from an economic perspective this shouldn't make sense.
  
  --
  http://www.moonlight3d.eu/
30. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-12 16:03 · Score: 0
  
  If the government has the code they can compile it, and obtain reference checksums of binaries. Adding backdoors will change the checksums because you can't add functionality to a binary without changing bits.
  So the government is going to keep binaries for all combinations of platforms, compilers, and compiler flags for each and every source drop?
31. Re:Just releasing the source may not fix it by OeLeWaPpErKe · 2013-01-12 16:04 · Score: 3, Funny
  
  If you think this is about efficient use of government money ... you've not been to these countries.
  This is about punishing "employers", finding an excuse to nail a few of them to the nearest cross (and then afterwards complaining that everybody is raising prices and only big companies that bribe government survive). And, more general, punishing anyone perceived as a capitalist. People who trade for a living in public places are of course straight in front of the leftist's gun barrel.
  It is not about money, beyond the level that is required for the state to survive (and given that the state has been living on >100% borrowed money for decades, ...)
32. Re:Just releasing the source may not fix it by OeLeWaPpErKe · 2013-01-12 16:26 · Score: 1
  
  Why fake the program when you could simply use the open source of that program to re-write the datafiles ?
33. Re:Just releasing the source may not fix it by OeLeWaPpErKe · 2013-01-12 16:32 · Score: 3, Insightful
  
  We're talking here about tax departments that cannot manage to keep spreadsheet software operational on their office systems, cannot keep their own tax databases accessible of backed up, and worse. Never mind the fact that hardly any business administration is ever really correct in the first place. Having them run a centralized online service for millions and millions of customers sounds like a spectacularly bad idea. Besides, what about businesses without internet connection ?
  I was amazed, when I first saw this, but cash registers never contain the amount of money their record claims they should at the end of the day. My jaw dropped to the floor for 20 minutes when I was told the same goes for ATMs. It tends to be a shortage because people are much more likely to complain when shortchanged (mostly accidentally), so it's expected to be a negative correction, up to 5% of the amount sold. This presents an obvious way to cheat that the taxman cannot (reasonably) attack businesses for.
34. Re:Just releasing the source may not fix it by swalve · 2013-01-12 19:00 · Score: 1
  
  As you point out, the Laffer Curve has two sides. When tax rates are above 50%, lowering them raised revenue. When they are below 50%, lowering them reduces revenue.
35. Re:Just releasing the source may not fix it by bogjobber · 2013-01-12 20:06 · Score: 5, Insightful
  
  Where to begin......
  
  The Laffer curve, while an inarguable *concept*, doesn't actual help us in any way set tax policy because nobody knows where the tax rate that most efficiently produces revenue actually lies. Knowing that the graph is of a quadratic shape doesn't help at all if you don't know what the formula looks like.
  
  You'll notice that the Laffer curve is always used to argue for lower tax rates, not higher, but the US individual tax rate is actually significantly *lower* than the most optimal tax rates predicted by most academic studies. Most of those studies put it in the 65-70% range, and I don't see many people that love to use the Laffer curve in arguments saying we should raise tax rates.
  
  Secondly, this is talking about sales tax and VAT, *not* income tax. The Laffer curve has little to do with consumption taxes. Having a high taxation rate for different sorts of consumption taxes can actually have substantial benefits depending on what you're trying to do. Norway does have an extraordinarily high sales tax. AFAIK it is one of the highest in the world, which leads to lots of interesting behavior from their citizens as they try to avoid those taxes. It also leads to decreased consumption and more judicious use of resources.
  
  Either way, Norway is usually at or near the top of the list for everything from education, health care, income equality, poverty, corruption and most everything else by just about any sort of metric that measures the effectiveness of government, so they're obviously doing something right.
36. Re:Just releasing the source may not fix it by unix_core · 2013-01-12 21:55 · Score: 1
  
  Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.
  I think people will always have more or less ambivalent views when it comes to taxes, it's never fun to pay up. Though after all, Norway is a democracy and most people actually voted for the socialist/environmentalist coalition hence they are in government. So I guess a majority is in favour of high taxes. Maybe for a lot of americans, it's hard to see connection between taxes and social welfare as so much of it gets spent on the military. But in the nordic countries, lowered taxes will very likely impact social benefits (and absolutely not just for the unemployed) and going to piss people of for sure unless you manage to do that in a very sublte and deceptive way.
37. Re:Just releasing the source may not fix it by fa2k · 2013-01-12 23:13 · Score: 1
  
  You don't need a crooked accountant. Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.
  Cash sales are a rarity in Norway now, almost every purchase is by card
38. Re:Just releasing the source may not fix it by johanw · 2013-01-13 00:13 · Score: 1
  
  gl4ss wrote: "then you don't get a receipt." Is getting a recepit common in shoarma/kebab restaurants in Norway? In The Netherlands I have gone to many, and almost none give receipts. They also have usually prices where you don't have to work with lots of change when you pay cash: most Dutch shops would charge 9,95, they just charge 10 Euro's. In one Chinese restaurant I frequently visit you couldn't pay by card until a few months ago. They would redirect you to the ATM just outside the restaurant.
39. Re:Just releasing the source may not fix it by johanw · 2013-01-13 00:14 · Score: 1
  
  Then they should ban all cash register software running on windows, since win32 binaries include things like compile time, and two different compiles of the same source will poduce binaries with different checksums.
40. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-13 01:11 · Score: 0
  
  Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.
  That is a flawed argument.
  Companies does a lot more to get ahead of competition. It could be anything like having desks turned in a way as to shave a second from travel time during bathroom breaks or having everyone use the same pencil size to save a few cents during pencil purchases.
  It doesn't matter how small the tax is, companies will still try to not pay it just to get ahead.
  You could remove it completely but then you can't run law enforcement, military or other things necessary to keep a nation going.
  Pro Tip - You haven't figured the world out yet, spend some more time thinking on it before you post.
41. Re:Just releasing the source may not fix it by TheLink · 2013-01-13 01:37 · Score: 1
  
  I know people who worked as cashiers and when they start their shift they have to count the cash in a cash register to make sure it agrees with the records. If it's short the person you're taking over from loses that amount of money. If you don't bother counting and the amount of cash is short at the end of your shift then the difference comes out of your pay. So there is a fair bit of motivation to not make mistakes.
  
  This procedure doesn't happen in all places of course. But if you're always losing money your cashiers are stealing from you. Mistakes happen, but they don't really happen that often.
  
  For ATMs I'm not convinced that short falls are more common than having more money. Because it takes time to correct a shortfall. Whereas having more money just requires someone to forget to take the money within the time limit - the money then goes back into the machine (not sure if it goes back to the dispenser or a different compartment). Yes this is very rare but does actually happen. People don't take their money for all sorts of reasons.
  
  If your ATMs are having regular shortfalls, someone is probably stealing the money. Or maybe you need to change your ATMs and ATM vendor.
  --
  
  Too many replies beneath your current threshold
42. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-13 02:06 · Score: 0
  
  Ah, clever boy. Its not a 50% tax rate though, that number is what is unknown and what is debated, but the original guy said it wasn't even possible to understand the Laffer curve and you understood it nearly completely instantly. Hauser's Law is better for guessing rate. That states that the US federal government gets 15% of GDP regardless of what the rates are set to. Look that the wide range of rates and time this has been shown for. So to INCREASE revenue you have to INCREASE GDP, changing tax rates has no effect on tax revenue (for some this may be a difficult concept). So by recently raising rates do we think it will increase or decrease GDP? Every expert will tell you the tax rate change will DECREASE GDP, so the recent increase in tax rates will decrease tax revenue. The sad thing is all the experts know this and pretend they don't. There was even an interview with Obama once where he was asked if he knew increasing rates would decrease revenue and his response was he was using the tax rates for social justice not for increasing revenue. So we have a president who wants to increase the debt in order to punish those who work because its not fair they have more than those who don't work.
  And there you have the problem with the country. When the government is out to punish its citizens for daring to provide for themselves we don't have a union anymore and its only a matter of time before a revolt happens.
43. Re:Just releasing the source may not fix it by mrvan · 2013-01-13 02:18 · Score: 1
  
  I think that in some cases it is even a policy to let the small shops get away with it, or at least I don't feel guilty if I get a discount for paying cash with a small shop owner.
  They have enough trouble as it is while they generally provide a common good (diversity in the offering, shop owners generally take care of their neighbourhood, etc). The big boys strike all kinds of deals with the tax office and have recourse to various tax loopholes. This just makes it a slightly more level playing field...
44. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-13 02:48 · Score: 1
  
  In Portugal there was some frauds in software with hidden features in the past. This year, on January 1, also came into effect new rules. All sofware used in such equipment must be certified (and audited) by the state, and the data is encrypted with various schemes of public and private keys so the owners can not change their own data in the software DBs. There is even a web services interface, yet not mandatory, but maybe in the future, where sofwtare transmits billing to the national tax service in real-time.
45. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-13 03:04 · Score: 0
  
  This might make it easier to defraud the government as the source will be available it will be a simple matter to "patch" the code and add in anything the "patcher" wants.
46. Re:Just releasing the source may not fix it by nbahi15 · 2013-01-13 03:16 · Score: 1
  
  Running an all cash business in Norway would be pretty disastrous. We receive and pay our bills via the bank electronically and in stores with chip-cards (BankAxept) for almost everything else. Visa and Mastercard are not universally accepted since the business would be charged a fee. I keep waiting for the day in which street performers put out little cellular bank card terminals since many people couldn't give them money even if they wanted to for the lack of cash.
47. Re:Just releasing the source may not fix it by nbahi15 · 2013-01-13 03:27 · Score: 1
  
  In this vain I created an online petition for the White House to respond to. The US banking system could use some movement towards a modern replacement to checking. Petition to replace checking
48. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-13 03:34 · Score: 0
  
  Really then please explain how viruses can easily be attached to just about any program with little effort. It's rather simple to add in just about any code wanted to a compiled program with a compiler, and with the compilers becoming more complex it's getting more difficult to detect such code. Any real hacker could tell you this, this is how almost every hacker performs their attacks.
  Now to write a general backdoor that is integrated into the host program takes some real skill. However, you don't need a general backdoor, just one that reads memory out to you and can write back to memory. What you think hackers haven't perfected this already? Now if you also know the target OS you can even add in hidden hooks that allow you to read/modify/write to any general interface, (Edit box, Rich edit, Winsock, to list a few that I know hackers currently use with windows. This applies to any known interface, the more the hacker knows the easier it is.) hackers already know this and are already taking advantage of it, it makes the data they are getting much easier to interpret when they know the context it was input under.
  The only difficulty with all of this is simply getting people to use your back-door ridden compiler without detecting the back door. There is the only real difficulty with this whole thing, and it's why you don't see too many of these. Viruses can be easily attached to a program using the same techniques, and the scary part is that they can do it after the program is already compiled by simply shifting a few values around and making a few address corrections, all simple stuff.
  I know all of this because I have done it. Granted I haven't done anything on a massive scale, or attempted to distribute anything I did. I just did it to learn how it was done. It wasn't even hard, you can find most everything you need with a few hours of searching Google. With micro-controllers (which is what runs the modern cash register) things are even easier, because they don't usually have the advanced memory management of an OS, some do but most don't, and even then it doesn't take too much to learn. The biggest concern i have is that i doubt that the Norwegian association of tax auditors will have the resources for every cash registers source to be examined in detail, and who's going to pay for all this "upgrading"? So, in the end it amounts to nothing, just a huge tax payer's expense.
49. Re:Just releasing the source may not fix it by omglolbah · 2013-01-13 03:54 · Score: 1
  
  And when the taxman comes back 3 days later and asks the shop owner for the matching receipt from their register what happens then?
  That -is- how they do it.
  They buy something, save the receipt and come back later for an audit. If the sale cannot be found in the accounting records for the shop, it was never registered for tax and is illegal.
50. Re:Just releasing the source may not fix it by omglolbah · 2013-01-13 03:57 · Score: 1
  
  You cannot really do business without a terminal here. Even the smallest and cheapest place has one.
  And they're required to keep records of all transactions which is fairly easy to verify. Any terminal spits out a receipt and they are required to give the customer this receipt. Dropping by for a kebab and coming back a week later to audit the records is easy enough to do.
51. Re:Just releasing the source may not fix it by DaveGod · 2013-01-13 04:18 · Score: 1
  
  Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.
  As an accountant, I can confirm that in the eyes of most clients, "too much" is whatever they are paying - no matter how much they are avoiding or evading, or what the tax rate is. The only time it is not "too much" is when they're getting a refund.
  
  Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.
  Tax authorities use ratio analysis heavily, it's extremely cheap and effective for them. If your gross profit margin deviates too far from their standard then it raises a flag and they come knocking.
  They will apply their standard GP ratio to your purchases expense, declare that as your actual sales and inform you they will send you a bill. Your accountant then pulls out the excuses handbook and negotiates until both sides are too tired of the whole thing and so you settle up.
  You could skim a bit off the top without query, but then it's not worth bothering. Generally there's 3 kinds of businesses - those who pay their tax, those who are too greedy and those who are both but are making enough money that they can substantially reduce tax "legitimately".
  One advantage of certified tills is that evidence value applies to the business as much as it does the tax man.
52. Re:Just releasing the source may not fix it by AmiMoJo · 2013-01-13 05:01 · Score: 1
  
  Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.
  Then the customer doesn't get a receipt and knows something is wrong. Most people in the UK wouldn't accept having no till receipt. You could ring it up and then fail to report revenue from that register, but then the taxman could compare the logs from the register to your reporting. That is why people try to fiddle the register itself.
  
  Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.
  Interesting theory. If companies can generate billions of Euros of income via cash registers the tax rate would have to be pretty low before it wasn't worth them trying to cheat their way out of some of it. Companies making that much usually do try to cheat via creative accounting, offshoring profits and so forth.
  Even a 1% rate on â1,000,000,000 means paying 10 million in tax, so the rate would have to be about 0.01% before it wasn't worth trying to dodge.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
53. Re:Just releasing the source may not fix it by BasilBrush · 2013-01-13 06:28 · Score: 1
  
  And when the taxman comes back 3 days later and asks the shop owner for the matching receipt from their register what happens then?
  They supply it. and then know that that particular days sales of register B will need to be included in their tax return.
54. Re:Just releasing the source may not fix it by starblazer · 2013-01-13 07:04 · Score: 2
  
  Whereas having more money just requires someone to forget to take the money within the time limit - the money then goes back into the machine (not sure if it goes back to the dispenser or a different compartment). Yes this is very rare but does actually happen. People don't take their money for all sorts of reasons.
  Not all machines are the "presenter" type. I have a machine which has a spray dispenser. It just spits the bills out into a holder for the user to pick up. If for some reason the bills stick together and make it through all the anti-theft/multiple bill detector measures, I just had an ATM shortage. In a perfect world, the stuck bills should go into the reject bin and the machine tries again with a fresh bill from the cassette, thus preventing any loss.
  However, any reliable ATM owner knows that they should use new/ATM quality cash and fan it before entering it into the cassette. That 30 second maneuver virtually eliminates loss.
55. Re:Just releasing the source may not fix it by Anonymous Coward · 2013-01-13 10:39 · Score: 0
  
  I visited Norway last year, makes America look like Somalia.
56. Re:Just releasing the source may not fix it by volmtech · 2013-01-13 11:11 · Score: 1
  
  Is there a spending curve for government? At some point is government spending enough money or is the only answer "more"?
57. Re:Just releasing the source may not fix it by IrquiM · 2013-01-13 11:38 · Score: 1
  
  Counting the money before you open is standard procedure when you're not the only person using the register. I do this every time I am tending bars. It is also not difficult to keep control of the change you give back. I have never had a negative difference in my register, and the positive is tips I leave in the register when we're short of any type of coins. By the way, we're one of those small businesses in Norway that would have to cash out for something we do not need.
  
  --
  This is blinging
58. Re:Just releasing the source may not fix it by TheLink · 2013-01-13 21:56 · Score: 1
  
  Yeah, that's why I find it strange the OP was saying that "cash registers never contain the amount of money their record claims they should at the end of the day."
  
  To me that shows something is wrong somewhere.
  --
  
  Too many replies beneath your current threshold
59. Re:Just releasing the source may not fix it by Compaqt · 2013-01-14 04:22 · Score: 0
  
  I don't think it's "always". It depends on the rate.
  10% is OK. (That's "all that God asks" for, if you go by the tradition of tithing.)
  20%, you sort of start to have some concern.
  30% is a whole lot. A third of your income.
  50%, you're working halftime for yourself, and half for the State.
  Above 50%, and you're definitely a serf. You're the slave, and the State is the master.
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
60. Re:Just releasing the source may not fix it by Compaqt · 2013-01-14 04:32 · Score: 1
  
  If that's the case, what's the tax dept. worried about?
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
61. Re:Just releasing the source may not fix it by Compaqt · 2013-01-14 04:54 · Score: 1
  
  Wait, so that also means that a company is prohibited from writing their own accounting system. Unless you're Big Corp.
  Scary future.
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
62. Re:Just releasing the source may not fix it by plover · 2013-01-16 14:15 · Score: 1
  
  I'm surprised nobody here has mentioned the "fiscal printers" that keep a total of all figures printed in the right hand column. (IBM was selling them to Italian businesses decades ago.) There's a port on the printer that a tax collector can plug a device into and download the total transaction amount since the last reading. The device computes the sales tax due, and the collector demands it from the business. It doesn't matter how shady your POS software is, if the amount is printed on the receipt, they collect the tax on it. And if the amount isn't printed on the receipt, the customer doesn't pay it.
  
  --
  John
Of course, It begs the question... by Anonymous Coward · 2013-01-12 09:00 · Score: 0

Whether cash register programmers are already adding "hidden" functionality. I have a hard time seeing that. How would you advertise : "Our registers have "hidden" functionality to help you skip on your taxes." Also, if a cash register company were to add this sort of functionality, it opens them up to huge liabilities.
1. Re:Of course, It begs the question... by dkleinsc · 2013-01-12 09:02 · Score: 1
  
  How would you advertise : "Our registers have "hidden" functionality to help you skip on your taxes."
  My guess is that this would be the sort of verbal promise made by the salespeople of a dodgy cash register company. And it would be attractive to the kinds of businesses that are also pretty dodgy, e.g. bottom-feeder bars or strip joints.
  
  --
  I am officially gone from /. Long live http://www.soylentnews.com/
2. Re:Of course, It begs the question... by Anonymous Coward · 2013-01-12 09:28 · Score: 0
  
  They only need to advertise an "extendable plugin architecture" and let the free market do the rest.
3. Re:Of course, It begs the question... by whoever57 · 2013-01-12 09:40 · Score: 4, Informative
  
  I had a friend who installed POS systems in small businesses for a living. At restaurants, the most important feature of any POS system was the ability to make a table disappear out of the records.
  
  --
  The real "Libtards" are the Libertarians!
4. Re:Of course, It begs the question... by arth1 · 2013-01-12 09:45 · Score: 2
  
  Or have functionality that's "customer customizable".
  One easy way is registers that allow multiple currencies, which is common enough in Europe. Have the customer pay in "Kr" and get his receipt in "Kr" (the common symbol in Norway for Norwegian kroner, crowns), and then have the sales registered as NOK with an exchange rate of 1.5:1. Suddenly you only have to pay tax on 2/3 of your income.
  Another easy way would be to split the credit between two accounts (which unlike double ledgers isn't illegal - but reporting just one of them most certainly is).
  Or allow functions like deleting sales records to be accessible by anyone by running the register in a documented "test mode".
  There are so many possible ways to allow the stores to game the system without being programming geniuses.
  But is open source going to help? I am unsure.
5. Re:Of course, It begs the question... by Interfacer · 2013-01-12 10:03 · Score: 5, Informative
  
  Far from dodgy companies. This is a common feature in many (all?) cash registers used in small business, especially restaurants.
  I know people who work in restaurants, and they told me that this is a public secret.
  The way it works is that at the end of the day, you can make the register change the numbers by an amount or a percent. Ther register will then do the math to change the number of coffees served and muffins sold and things like that. It does this so that the numbers still make sense and correlate with expected ratios.
  At that point, the business day is closed, the register is printed, and you get some money out of the till under the table. If the inspectors should come in during the day, you can just print whatever the current status is, which will then be immutable at the end of the business day to avoid discrepancies.
  This functionality is not advertized in writing, but all sales persons know about it and know how they can explain this to the owners. All major registers have features like this, and I can understand why the inspectors would require open source. Because skimming money becomes an order of magnitude more difficult if you don't have a register to help you create a phony audit trail.
6. Re:Of course, It begs the question... by Anonymous Coward · 2013-01-12 10:57 · Score: 5, Interesting
  
  I was an auditor for a state in the USA (posting anon). This is widely known among auditors. The hard part is proving that the place did that.
  The state has in the past (at least talk at the legislative level) talked about outlawing software with this feature, but the business burrow makes excuses, like for instance I think I heard these type of "features" are required for discounts, coupon type things, if someone isn't satisfied and get's a free meal, etc.
  I think it's a bunch of BS since the software does these things quietly without making an audit trail, but nothing ever happened past the initial talks that I'm aware of.
  And even if it did, you could say oh it was a 15% off day or some crap, so you could still hide it unless you could prove it wasn't.
  I worked in banking previously, and it was widely known that business's hide money. See small business's want it both ways. They bring their tax info to the Bank for loan or w/e then the bank denies or less then they wanted or unfavorable terms, and some people actually say well I actually make more then this. Our loan officer used to joke about it during training. You can't have it both ways.
  There are many things working in Auditing I've learned about. Some is very creative and some is just very simple.
7. Re:Of course, It begs the question... by Anonymous Coward · 2013-01-12 11:16 · Score: 0
  
  Boy do I believe that! Requiring businesses to be honest in any way is a radical idea.
8. Re:Of course, It begs the question... by Anonymous Coward · 2013-01-12 11:34 · Score: 1
  
  I always enjoyed the South Korean solution to the problem. They created a system wherein if you pay cash, you can ask for a special 'cash receipt'. Generating the cash receipt generates an automatic reporting to the government of the expense, associated with your account.
  The kicker is, people who report their cash expenditures get 1% of their purchase back in taxes at the end of the year.
9. Re:Of course, It begs the question... by daem0n1x · 2013-01-12 12:23 · Score: 3, Informative
  
  Here in Portugal, the government has mandated all cash-registers to run certified programs that regularly upload transaction data to our Tax Authority.
  Tax evasion has always been blatantly huge in restaurants, bars and cafés. It's no wonder the restaurant associations are up in arms with this. They've declared war on card payments too, which is something that pisses me off. They claim the bank rates are too high, but guess what the real reason is?
  Just like the constructions business, they've had practically a licence to print money during the latest decades. Now with the economic crisis, they're going down the toilet. I'm not shedding a tear for them. I just pity their poor employees that will be out of work and are certainly not finding another anytime soon. They had shit-paid, stressful, long-hour jobs, but it's better than no job.
10. Re:Of course, It begs the question... by tnk1 · 2013-01-12 13:50 · Score: 1
  
  You could also consider it a means of the customer being able to correct their records manually, if needed. Obviously, the users of the registers are the customers, and the customers will get features that they want added. Unless there is a law against specifically that ability, chances are good the vendor will give you what you want or you will be able to request some sort of ability that makes it possible to use the feature as a backdoor to get the same result. It is up to the collector of the tax to produce valid results.
11. Re:Of course, It begs the question... by tnk1 · 2013-01-12 14:00 · Score: 1
  
  Open source is really only going to help the bigger problem if there is legislation that prevents the code from having certain types of functionality.
  In the narrow case, the Open Source could be highly successful in proving that the code that the vendor provides is the same code that is in the hands of the government. People have talked about backdoor compilers, but that doesn't defeat this because the government will insist on binaries that compiled with clean compilers.
  The real question is whether they can make sure the vendor writes the code so that it cannot be cleverly manipulated to get the same effect as before. In other words, if I wrote code that is written in such a way there there is a bug or backdoor that the government does not manage to find in the 200000 lines of code in front of them, then adaptation will not be difficult. Having code does not mean you understand all that it can do.
12. Re:Of course, It begs the question... by ericloewe · 2013-01-12 14:15 · Score: 1
  
  Tax evasion has always been blatantly huge in restaurants, bars and cafés. It's no wonder the restaurant associations are up in arms with this. They've declared war on card payments too, which is something that pisses me off. They claim the bank rates are too high, but guess what the real reason is?
  I'm curious as to how much pressure the government is actually willing to apply. A crackdown on under-the-table transactions is a lot more feasible when you can just look at the register and fine the owner for having unapproved software, since you don't have to prove tax evasion proper. They could definitely do a crackdown on suspected tax evaders more or less like the health authorities did their crackdown on the unsanitary chinese restaurants a few years back and scare most small businesses into compliance.
13. Re:Of course, It begs the question... by Anonymous Coward · 2013-01-12 18:47 · Score: 0
  
  Far from dodgy companies. This is a common feature in many (all?) cash registers used in small business, especially restaurants.
  Being common does not stop this from being dodgy.
14. Re:Of course, It begs the question... by Anonymous Coward · 2013-01-13 02:32 · Score: 0, Funny
  
  Aren't you a proud piece of shit, working for the man. People are assholes, nobody should on their own volition work as a government agent of any type since that only means they are pieces of shit, but they do and so they are.
15. Re:Of course, It begs the question... by Cassini2 · 2013-01-13 05:20 · Score: 1
  
  Mod Parent Up! After reading all the other comments, this is the only one that strikes me as a solution that might work.
How exactly are the 'massaging' the numbers? by Derekloffin · 2013-01-12 09:01 · Score: 1

I code a Point of Sale, and while I could easily under report, even the most elementary audit would make it blatantly obvious that this was occurring, at least all the ways I would think to do it. I'm also curious how they plan to make 1 cash register program that covers the needs let alone desires of every business out there.
1. Re:How exactly are the 'massaging' the numbers? by Anonymous Coward · 2013-01-12 09:13 · Score: 1
  
  How to make one program suit all businesses ? Simple! That solution is in the mind of the politicians, they drag the facts and numbers out of their ass, then in reality, it will take 10 times as long as they plan for, and in the end it will all be scrapped after wasting millions of dollars on consulting services.
2. Re:How exactly are the 'massaging' the numbers? by Anonymous Coward · 2013-01-12 09:17 · Score: 0
  
  Wouldn't it just be certain core features though anyway? Plus if it is open source wouldn't that let you code any other features you want easily in an integrated package? I don't know. My web site is being built on an open platform and there are all sorts of features we are adding that would never be possible in a closed environment.
3. Re:How exactly are the 'massaging' the numbers? by Derekloffin · 2013-01-12 09:40 · Score: 2
  
  Certain core features, yes, definitely, but that would be far from sufficient for most businesses I know. As well, most businesses I know have a hard time keeping a competent IT guy on staff, let alone a team of programmers that many would need to implement the features they desire and maintain them. And since most Point of Sale software enhancements have no need to release to the general public, even if open source, you'll end up with 100s of forks (which won't work if it is supposed to be 1 master system), and most the solutions will be kept private, meaning most businesses, even if they have common needs, will still have to start from scratch every time. I just simply don't see this working at all. You either get one master system that is seriously unwieldy as it tries to cover a massive number of competing and will likely end up covering them all fairly poorly, or you get 100s of separate systems that are superficially similar which seems completely contrary to the whole point of the exercise to get 1 system.
4. Re:How exactly are the 'massaging' the numbers? by semi-extrinsic · 2013-01-12 09:57 · Score: 1
  
  The most sensible way would be to require giving auditors access to source code upon request, no questions asked. Along with a few random controls, I could see that working as a deterrent.
  
  --
  for i in `facebook friends "=bday" 2>/dev/null | cut -d " " -f 3-`; do facebook wallpost $i "Happy birthday!"; done
5. Re:How exactly are the 'massaging' the numbers? by vlad30 · 2013-01-12 10:15 · Score: 4, Informative
  
  10-15 years ago I also wrote some POS software and it opened my eyes to the way many cash businesses operate. I was asked specifically to add by many of the businesses to add a "reduction feature" which I politely refused to do I would say 80% of potential sales were lost for this one reason. On competitor software they often demonstrated this feature would delete a percentage of completed cash transaction before the End of Month commit and rollover so auditing the data would show nothing this was so pervasive the owners of a franchise with at the time 350 + franchisees also requested it
  On the other hand business who bought and used my software found much of their income was being fudged by employees usually through cancelled transactions. When a customer pulls out cash and says no receipt necessary the transaction is cancelled an the cash pocketed.
  
  --
  Your'e all thinking it, I just said it for you
6. Re:How exactly are the 'massaging' the numbers? by Derekloffin · 2013-01-12 10:23 · Score: 1
  
  I suppose that makes some sense, but must say the auditors are pretty easily deceived if that gets by them, at least in any place with a hard inventory. In a service industry when stock is non-existent of perishable that could work, although making a uber register doesn't help at all there as you can still easily just not input the sale into the register.
7. Re:How exactly are the 'massaging' the numbers? by nosferatu1001 · 2013-01-12 12:48 · Score: 1
  
  Not easily deceived, you just cannot prove it without being there when it happens. Shrinkage can easily be huge in a perishable business
  Posting as an IT auditor of ex big 4 and UK 10 who saw my colleagues pain.
8. Re:How exactly are the 'massaging' the numbers? by thegarbz · 2013-01-12 13:03 · Score: 2
  
  I have interesting experiences with a new cash register on both these points. The franchise I work for was essentially ordered to install a certain franchise approved cash register to combat exactly this kind of fraud (not at our store specifically, but the fraud was rampant business wide). With many hundred stores in the country it would have cost an absolute fortune to replace all the registers.
  One of the handy features of the new registers is the ability for it to automatically do analytics on sales performed by staff. They were designed to have an RFID tag before a staff member can perform sales. We don't have those at our store, but instead you insert the names of the staff working on any given day (only 2-3 out of a larger pool so the analytics works quite well). The cash register watches for key things such as when a many cancelled transactions correlate with certain staff working and sends an email. You can also pull out all sorts of records such as time the register was open, time to complete transaction etc to pinpoint staff members who may be slow / require more training on the machine.
  And naturally with all such modern things it has a web interface so we can quickly log in from anywhere and check on people. Interestingly enough it reports real-time sales back to the head office and from their website we can see a ranking of all stores in the state at any given time, though just a number ranking, not the actual sales figures.
9. Re:How exactly are the 'massaging' the numbers? by Anonymous Coward · 2013-01-12 17:52 · Score: 0
  
  Employee theft is controllable and less of a concern than the absolute rape that the IRS gives you.
10. Re:How exactly are the 'massaging' the numbers? by Compaqt · 2013-01-14 04:56 · Score: 1
  
  What was the normal percentage of desired reduction?
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
11. Re:How exactly are the 'massaging' the numbers? by Compaqt · 2013-01-14 05:18 · Score: 1
  
  >And naturally with all such modern things it has a web interface so we can quickly log in from anywhere
  Yeah, you, and any old hacker, too.
  
  --
  I'm not a lawyer, but I play one on the Internet. Blog
12. Re:How exactly are the 'massaging' the numbers? by thegarbz · 2013-01-14 20:48 · Score: 1
  
  Oh dear god someone can see the cash register numbers through a website. I'm sure someone somewhere is quaking in their boots.
Cracking down on cash... by Duncan+J+Murray · 2013-01-12 09:04 · Score: 3, Interesting

These are the requirements from the article:
Suppliers must be able to prove that the system can integrate with external software that allows changing the online journal.
It shall not be possible to change the entries in retrospect or change preset text on goods and services at registration.
It shall not be possible to record sales without a receipt is printed.
It shall not be possible to drive out more than one copy of the receipt.
It shall not be possible to mark some groups so that they are included in the reports.
I can't remember who told me when I was much younger how to spot the people running cash businesses and not declaring all their tax - they wouldn't be able to get the mortgage for an expensive house, but the inside would be overly luxuriously appointed, and they'd often have a flash car bought outright.
1. Re:Cracking down on cash... by Belial6 · 2013-01-12 09:17 · Score: 4, Insightful
  
  Not being possible to drive out more than one copy of the receipt would be a disaster. Receipt printers are notoriously temperamental. If I want a receipt the store needs to be able to print it. Maybe require that the copy number be printed on the reciept, sure. But not to print a copy at all is just unworkable.
2. Re:Cracking down on cash... by Derekloffin · 2013-01-12 09:45 · Score: 1
  
  Indeed. Not to mention customers coming back to your store and wanting to see a receipt for a sale that was on their account. Also, I'm puzzled by the notion of requiring a print out. What good is that going to do? If they want no printed version, a print out is pretty easy to destroy (you can also easily make a computer think it's printing a physical copy when it is only printing a virtual copy, or even to the big bit bucket in the sky). Then there is the whole issue if you lose power, most businesses want at least some ability to continue functioning even if the computer is totally unavailable. I just don't get it.
3. Re:Cracking down on cash... by Anonymous Coward · 2013-01-12 09:55 · Score: 1
  
  Project disaster warning sign: accountants are making engineering decisions.
4. Re:Cracking down on cash... by Anonymous Coward · 2013-01-12 09:59 · Score: 2, Interesting
  
  Some Euro countries already use registers like this. The ones we sell and manage are basically small Linux boards bolted to various printers with memory card for sales journal files(signed to detect tampering), Eprom for company/store identification and daily sales/tax reports and various communication and peripheral ports.
  The register prints one original receipt - marked with small graphical logo. You can print as many copies as you want but they will be marked as such and lack the logo. For tax purposes you can use only the original receipt.
5. Re:Cracking down on cash... by davester666 · 2013-01-12 15:00 · Score: 1
  
  So, the customer can't get a valid receipt if there is any kind of hardware failure, like running out of paper, or dirt caught in the printer, or a power failure?
  
  --
  Sleep your way to a whiter smile...date a dentist!
6. Re:Cracking down on cash... by flyingfsck · 2013-01-12 16:31 · Score: 1
  
  Meh, the really successful ones will pay for the house in cash. Why have a mortgage when a briefcase full of cash is so much easier?
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
7. Re:Cracking down on cash... by IrquiM · 2013-01-13 11:43 · Score: 1
  
  Good luck trying to do this in Norway.
  
  --
  This is blinging
8. Re:Cracking down on cash... by Anonymous Coward · 2013-01-13 13:28 · Score: 0
  
  It shall not be possible to drive out more than one copy of the receipt.
  This is daft. Each receipt should have a unique ID (sequential is good enough and easier to audit). That way the number of copies doesn't matter as much. If you're worried about tax fraud from customers modifying their receipt then hash the full contents of the receipt (ID, transaction time, till ID, operator and items) and print that on the receipt too.
Projects like this already exist... by Anonymous Coward · 2013-01-12 09:07 · Score: 0

Like:
http://opencashier.org
Norwegian lack of transparency. by Anonymous Coward · 2013-01-12 09:09 · Score: 0

As a citizen of Norway, I think there should be no difference in how people are treated.
So:
Ministers of the government should start using the bus, or driving their own car to work. Today they use the field reserved for busses, driving cars with a private driver. Also, when we have visits of foreign head of states, all traffic is stopped, and everyone has to wait while streets are blocked for lengthy times, and tax money is wasted on police protection.
At the same time, we could start with learning exactly how the state spends it's money. When the state demands efficiency by the population, they demand nothing of themselves.
What the Norwegian govt. is - they're an organized gang that extract money from the population. First. you pay upwards of 50% tax on your income, and then 25% on everything you buy in value added tax, and if this is not enough, you pay tax if you have any assets (money, house), car taxes are high as nothing else, and yet, what the decisionmakers do, they only find new ways to collect money, but really don't care about fixing issues that needs fixing, for instance the very big problem with rush traffic in the capital, and the housing crisis in all major towns.
Most state entities are highly innefficient, and bureacracy is expanding at an alarming rate.
Good luck in finding goodwill in the Norwegian people Mr. TaxMan.
1. Re:Norwegian lack of transparency. by Anonymous Coward · 2013-01-12 09:53 · Score: 1
  
  American posing as a Norwegian.
2. Re:Norwegian lack of transparency. by pipatron · 2013-01-12 10:29 · Score: 1
  
  Whine whine whine I have to pay taxes to the evil gubmint so I have to whine in this article even when I don't have anything to add!
  If you're not happy with the way your peers vote, then your options are to influence them in the right direction or move to a place with better peers. Whining just makes you seem like a sucker.
  
  --
  c++; /* this makes c bigger but returns the old value */
3. Re:Norwegian lack of transparency. by Anonymous Coward · 2013-01-12 19:42 · Score: 1
  
  As a citizen of Norway, I think there should be no difference in how people are treated.
  So:
  Ministers of the government should start using the bus, or driving their own car to work. Today they use the field reserved for busses, driving cars with a private driver. Also, when we have visits of foreign head of states, all traffic is stopped, and everyone has to wait while streets are blocked for lengthy times, and tax money is wasted on police protection.
  Many years ago I worked near the Dam square in Amsterdam, about 100m from the royal palace. Every once in a while a convoy of visitors would be rushed to the palace (swift actions, lots of police on motor cycles clearing the way just in front of the convoy), and the cars would be parked on the pavement behind the palace, most of them with CD number plates (Corps Diplomatique). Once I walked by during a lunch break and one diplomat had parked his car not behind the palace but on the pavement across the street. A wheel clamp was attached and I saw a diplomat in a pinstripe suit demanding from a traffic warden that it be removed. The diplomat was about as furious as one can get, I've rarely seen people become that angry, but the traffic warden obviously was immune to angry parking violators and he wasn't impressed at all. He calmly pointed out that the guy should have parked in the designated area and wouldn't get preferential treatment. The fine couldn't be paid on the spot, he had to go an office in some inconvenient location for that. I immensely enjoyed seeing this man, whose attitude made it very clear that rules for ordinary people didn't apply to him, getting this treatment from an ordinary guy.
4. Re:Norwegian lack of transparency. by Anonymous Coward · 2013-01-13 13:59 · Score: 0
  
  That was an amusing story. Thing is in Norway (and I guess it's bad in many other countries too), if you want to drive into the capitol at rush hour, it takes a lot of time. But if you work for the govt. as a minister, you just ask your driver to take the bus file. So they have no real incentive to fix this. We have a shitload of oil money, yet we are very poor at upgrading our infrastructure.
  And as for Democracy in Norway, there's none. It's all run by big corporate. There's an illusion of Democracy though.
5. Re:Norwegian lack of transparency. by Anonymous Coward · 2013-01-14 02:33 · Score: 0
  
  Of course, the rich will always have more power to lobby for themselves, but the Norwegian government and parliament is running the show. Most regular folks here prefer the red tape and bureaucracy to being slaves to the rich.
  If you want to drive in the bus lane, get a scooter/motorcycle or electric car.
Meanwhile in Hungary... by Anonymous Coward · 2013-01-12 09:09 · Score: 0

All cash registers must be connected to the ministry over the internet by April.
Opening source to the government != open source. by vovick · 2013-01-12 09:12 · Score: 1

Misleading title is misleading.
They seem to have missed the point by Anonymous Coward · 2013-01-12 09:16 · Score: 0

One of the entire premises of FOSS is that the user has access to the code so they can modify it. That would of course precisely defeat the tax agency's purpose.
1. Re:They seem to have missed the point by Dr_Barnowl · 2013-01-12 09:33 · Score: 1
  
  Indeed - they could mandate that the cash registers are also TiVoized to prevent them running anything but the approved build, but then it isn't Free software.
2. Re:They seem to have missed the point by Anonymous Coward · 2013-01-12 09:45 · Score: 0
  
  Not everyone has a problem with Tivoization. Some people actually respect the freedom of others to sell what they want under the terms they want.
  I hate how certain people/groups have hijacked the word "Free".
3. Re:They seem to have missed the point by pipatron · 2013-01-12 10:33 · Score: 3, Interesting
  
  There's nothing in the article about FOSS. There's not even anything about "open source", just that the tax agency should have access to the source code.
  
  --
  c++; /* this makes c bigger but returns the old value */
4. Re:They seem to have missed the point by nosferatu1001 · 2013-01-12 12:49 · Score: 1
  
  Sha256
5. Re:They seem to have missed the point by hawkinspeter · 2013-01-13 03:02 · Score: 1
  
  Tivoization is clearly going against the intention of GPL. They should have used BSD licensed code to do what they wanted as people who write GPL code don't intend their code to be locked down by anyone.
  
  --
  You're a temporary arrangement of matter sliding towards oblivion in a cold, uncaring universe
6. Re:They seem to have missed the point by IrquiM · 2013-01-13 11:46 · Score: 1
  
  True. There are however other articles in Norwegian confirming that this is OSS software.
  
  --
  This is blinging
7. Re:They seem to have missed the point by Anonymous Coward · 2013-01-13 14:32 · Score: 0
  
  No, you don't want your GPL code locked down by anyone. I don't care if my GPL code is Tivoized, as long as any changes they make to it are available in accordance with GPL.
  How many coders still release under GPL2 instead of 3 because of this very issue?
Like the Nevada rules for slot machines by Animats · 2013-01-12 09:25 · Score: 5, Interesting

Nevada has rules like that for slot machines. Only tougher. Stuff like:
Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent authentication information.

Provide, as a minimum, a two-stage mechanism for verifying all program components on demand via a communication port and protocol approved by the chairman. The mechanism must employ a hashing algorithm which produces a messages digest output of a least 128 bits and must be designed to accept a user selected authentication key or seed to be used as part of the mechanism (i.e. HMAC SHA-1). The first stage of this mechanism must allow for verification of all control components. The second stage must allow for the verification of all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the verification information must be stored on a Conventional ROM Device. [Effective 11/1/2012] All gaming devices must also provide the same two-stage mechanism for verifying all program components on demand via a gaming device user interface where the results are displayed on the gaming device.
That's just one item. There are lots of other logging and audit trail requirements. The Nevada Gaming Commission checks these regularly.
1. Re:Like the Nevada rules for slot machines by storkus · 2013-01-12 10:46 · Score: 3, Informative
  
  I was a slot mechanic in the mid-late 90's in Nevada. Much of what was written in the parent message is new to me, but matches what we were doing back then with older tech. One thing to remember about selling a gaming machine in Nevada: the saying is, "If you can pass inspection in Nevada, you can pass anywhere." Nevada's Gaming requirements are simply the toughest in the world, and are why many machine manufacturers you might see at Indian casinos are not found in Nevada, and conversely why those that do almost always have an office there.
  In the two casinos I worked for, we would keep "master" ROMs along with a dual-slot programmer in the vault. During inspections by the Nevada Gaming Commission (NGC), every time during large jackpots, or if a machine was paying out too much (percentage was too high), we would turn off the machine, open up mobo box (which was lockable, though this was only done at the casinos I worked at for Megabucks--this was an IGT and NGC requirement, and the only non-cash locks we didn't have keys for on the floor), pull the ROM out of the machine and do a direct compare to the master via the programmer--no PC needed. The master ROMs themselves could be compared to a master ROM that the manufacturer and NGC had; both also had the source code, as manufacturers have to give the source to NGC (but not the casinos).
  We got some newer machines later that didn't run on 8051's: Bally Game Makers were relatively new at the time I was working my first casinos, and VLC and Williams were just getting into it by the time I left; Odyssey came out in between, which was the first (AFAIK) platform based on a PC. With the former machines, if I remember right, we just checked CRC's printed on a screen. I'm sure there was a better way, but if there was, I don't remember it; with the Odyssey, I never knew what you would verify it with: I'm assuming comparing one drive to another since it didn't have a CD-ROM and was pre-USB and such. It really didn't matter because, despite being so over priced (IMHO), they were never connected to any progressives and only had standard jackpots (under the $1,200 IRS-reporting limit, if I remember correctly).
  WRT the cash machine problem, the issue is not whether you can open-source the software, but that the binaries are unaltered that are running on the machine. Most of you here on /. deal with this every day, and the method of simply running a hash on the ROM and comparing it to the "accepted" compile of the open software is all you need to prove it hasn't been tampered with. Sure, it can be replaced, but if the inspections are by surprise, they won't have time; alternately, you can do what they do with CB's here in the US and pot the shit out of the ROM--at that point, an inspection need not be more than visual.
Allready done in Sweden by Kottie · 2013-01-12 09:46 · Score: 5, Interesting

Since a few years back all bussines are demanded to have a "black box" connected to the register that tracks all events. Tax authorities can come in any time and download the content to check for any irregularities. It logs everything including how many times and how often the drawer is opened.
1. Re:Allready done in Sweden by pipatron · 2013-01-12 10:36 · Score: 2
  
  Maybe Sweden isn't populated by clones.
  
  --
  c++; /* this makes c bigger but returns the old value */
2. Re:Allready done in Sweden by Anonymous Coward · 2013-01-12 11:06 · Score: 1
  
  I thought those smart people in Europe enjoyed paying their fair share of taxes.
  People, yes. Corporations, no.
3. Re:Allready done in Sweden by Anonymous Coward · 2013-01-12 19:00 · Score: 0
  
  And Sweden has one of the highest tax rates in the world.
  If governments learned how to live off a reasonable tax rate, the all the under-the-table stuff wouldn't happen.
4. Re:Allready done in Sweden by nogginthenog · 2013-01-12 21:47 · Score: 1
  
  My software has to speak to these things. The hardware is slow (serial) & shit.
  The government doesn't even know what information we should be sending to these boxes and their guidelines are constantly changing. We've wasted 100s of man hours. Our customers are pissed off because transaction speed has dropped and they can't even print more than 1 copy of an invoice.
  And at the end of the day they solve nothing.
5. Re:Allready done in Sweden by MeNeXT · 2013-01-13 16:02 · Score: 1
  
  As all business owners will attest there is no technology which exists today that will prevent skimming. If you trust technology without constant supervision then you are on the road to bankruptcy. This only affects the honest business which now will pay an additional penalty when an employee goofs. This will not in any way slow down the thieves.
  I will ask one question and I am sure that all the bright minds here can add a few thousand. What stops a business from creating multiple items at identical prices and just reprinting the same receipt every second time? You cannot stop the printing of multiple receipts because to err is human, printers jam, equipment fails and multiple other reasons including reprints for the client.
  The tax rates need to be fair and affordable otherwise the social contract that permits the collection of taxes falls apart.
  
  --
  DRM? No thanks, I'll just get it somewhere else...
Re:The more the state has an iron grip on the econ by Anonymous Coward · 2013-01-12 09:57 · Score: 0

I doubt that you actually believe that Norway and "those Scandinavian countries" are Orwellian Nightmares where people can only get truffles on the black market.
doesn't do a damn thing about "bin 6" by swschrad · 2013-01-12 10:44 · Score: 2

being, of course, the pocket of the clerk at the register.

--
if this is supposed to be a new economy, how come they still want my old fashioned money?
Similar in Portugal by danielmatos · 2013-01-12 10:48 · Score: 3, Interesting

In Portugal, for the last couple of years it is already required for every business to have a "certified" software that enforce some similar rules. Even though the software doesn't need to be open source, every invoice or receipt must include part of an hash key that is automatically generated based on key data (VAT Nr, amount, date, value), an asymmetric key given to each software manufacturer *and* the hash from the previous document. This makes it impossible to change any document after it has been printed out without invalidating every document printed after it. There was a requirement that every software had to be able to export accounting details in a standard format (SAF-T), if requested from the tax authority. Since 1-Jan-2013 every business is now forced to send monthly detailed invoce data to the tax authority.
1. Re:Similar in Portugal by Anonymous Coward · 2013-01-12 14:32 · Score: 0
  
  Which is why they simply charge you, hand you your food, and only pop the register to make change. This has become more difficult with debit cards, but I knew at least one kebab shop in Elephant & Castle, a really scary part of London, that did this for years. And it was the only place open at midnight, so they did a fair amount of business for me. (It was the only meal I could buy on my way home, my roommates tended to steal my groceries).
2. Re:Similar in Portugal by Anonymous Coward · 2013-01-12 15:08 · Score: 0
  
  I know it's not your point but... We see how well it is working for Portugal right?
  I mean: the country is going to default (just like Greece did) and meanwhile it's just living on life support from the richer countries of the eurozone (which are probably going to default at one point too).
  The idea is terrible because we can see an ever growing state with more and more power and hence, of course, less and less real economic activity trying to bleed people to death, forcing business owners to drawn under more and more bureaucratic paperwork and tax their way out of a recession.
  As as been pointed above: the problem is not fraud, the problem is that the state *is* the thief stealing working people's money.
  Taxes are too high. Way too high. And not the various states are f*cked because they realize they can't tax more or they'll stop the economy. So they think all they have to do is try to find the fraudsters. But it won't work.
  Italy is in the same mess: hundreds of policemen paying visit surprise to fancy ski resorts in the Alps to check every Ferrari / Lamborghini / Porsche / Bentley driver and check how much revenue they declare...
  These are all desperate measures which won't solve the fundamental issue: the state has become way too important in most westernized country and the only way out for these countries is a state default.
  In addition to that, such measures (policing every single document and forcing yet more and more bureaucracy / paperwork / ework) are counter-productive in that they're destroying future wealth by discouraging people from creating new businesses.
3. Re:Similar in Portugal by Anonymous Coward · 2013-01-12 15:10 · Score: 0
  
  Sounds good as long as you are not required to get your cash registers from a single supplier.
4. Re:Similar in Portugal by flyingfsck · 2013-01-12 16:27 · Score: 1
  
  I heard that Petty Cash boxes are selling amazingly well in Portugal...
  
  --
  Excuse me, but please get off my Pennisetum Clandestinum, eh!
5. Re:Similar in Portugal by Anonymous Coward · 2013-01-12 20:31 · Score: 0
  
  Easy to break the key, and replay the transactions to fabricate a new story.
  There should be a camera over the cash register with ring up amount visible . This is enough. If they are not lazy sods, any fiddling
  WILL be spotted. AVTECH H264 is a nice unit.
6. Re:Similar in Portugal by Anonymous Coward · 2013-01-13 02:55 · Score: 0
  
  In Portugal now there is even a web service interface working since last January 1, yet not mandatory, but probably will be in the future, where software transmits billing data to the national tax service in real-time.
Great idea by Anonymous Coward · 2013-01-12 10:57 · Score: 1

Let us apply it at goverment level first.
Norway's IRS by Anonymous Coward · 2013-01-12 11:25 · Score: 0

Norway is a rich country because of oil resources. Not exactly a struggling economy.
Norway can copy USA government methods to stop cheating. Simply adopt "you must be guilty unless you can prove you are innocent of cheating."
Norway should use auditing to determine if the books are correct. Trusting in a computerized register printout is like trusting a butcher's scale for accuracy.
Norway needs to improve their auditing skills and not waste their time digging in open source code. Who came up with this idea anyway? Armchair Olaf?
GO Norway. EVERYONE is a criminal by gelfling · 2013-01-12 12:21 · Score: 0

I hope they imprison and fine people and THEN worry about the random trial and such, afterwards.
1. Re:GO Norway. EVERYONE is a criminal by Sigg3.net · 2013-01-13 01:17 · Score: 1
  
  I'm just guessing here, but it's probably a political issue since investigations show that some 80% of restaurants/bars were using dual records, one official and one unofficial.
  
  --
  Defining Statistics and Social Research
Damn commies by PopeRatzo · 2013-01-12 13:05 · Score: 1

Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud
What they call "fraud", we call "free-market capitalism" here in the States.
Thank God I live in a country where the inalienable right of a corporation to defraud you is enshrined in the Constitution.

--
You are welcome on my lawn.
Re:The more the state has an iron grip on the econ by Anonymous Coward · 2013-01-12 14:00 · Score: 0

Did I say it was an Orwellian nightmare? Do things have to get to the level of Orwellian nightmare before it's considered a bad idea?
Not not granddaddy's open source software by __aaltlg1547 · 2013-01-12 14:24 · Score: 1

Clearly, they can't be talking about open software the way we know it. If YOU had access to your cash register's software, you could hack it to underreport your transactions so as to evade tax. They only mean open to the government and it seems like there's no way to really accomplish their goal. What's to stop you from unloading the government-monitored software and making a version of it that they can't see and looks the same from their end but does something entirely different from your end?
Voting machines must be also be "Open Source" by Anonymous Coward · 2013-01-12 16:12 · Score: 0

For the very same reason, voting machines (used largely in the US), should only use open source software.
And this software should be "frozen" about three months before use.
The code should be only compiled code, so byte to byte binary comparison for instant audit will be possible.
More safety measure should be take, this would be a little long to explain.
But in a few words, verifiable software is very important, for proper functionning of a democracy.
Jeffersonian.
Releasing the source is bound to make things worse by OeLeWaPpErKe · 2013-01-12 16:24 · Score: 1

Please note that it's an open question whether it's practical or not.
You could say the same about built-in kernel rootkits, they're very impractical to install on someone's machine. Yet we know about instances where machines were shipped with kernel rootkits installed.
Besides, why so complex ? Open sourcing these programs will lead to "tax optimizers". Write a program that reads in all the data files of the program, and outputs a "tax optimized" version with all the little details changed to better suit the business owner's tax situation. There will be absolutely zero ways of proving this was done, because the data files were generated by the exact same code that normally generates them based on sales, just with faked dates and missing transactions.
I wonder why everybody always comes with elaborate schemes to cheat using ridiculously complex methods to achieve these objectives when you could simply lie (and given the fact that no administration is ever accurate, finding an inconsistency is not exactly reason to throw the book at someone, keeping track of every single thing you do that involves money is a lot of work, you don't want to do it and as a result, accuracy is lacking at best).
No Sale by flyingfsck · 2013-01-12 16:25 · Score: 1

No matter what they do, nothing prevents the clerk from hitting the No Sale button, or simply not hitting any button at all.

--
Excuse me, but please get off my Pennisetum Clandestinum, eh!
1. Re:No Sale by PPH · 2013-01-12 17:13 · Score: 1
  
  The register transaction time stamp synced to the surveillance camera above the cash register makes that a risky move.
  
  --
  Have gnu, will travel.
2. Re:No Sale by volmtech · 2013-01-13 11:34 · Score: 1
  
  Except the video camera aimed at the cash register just for that reason.
: ) Commenting Out Functions by infinitelink · 2013-01-12 16:34 · Score: 1

I think it would be awesome for code to be published which has the functions (that Norway's government hates) commented out, with stern warnings "don't compile with this code removed from comments, or these functions could become present."

--
Intelligent idiots are we. | Evil men do not understand justice.
Check The Software by andersh · 2013-01-12 22:38 · Score: 1

Audits. Norway already has a department that checks measuring devices such as weights, [gas] pumps etc. Maybe they check cash registers as well. There are classes of devices that have to be certified periodically (a number of years) by law.
I believe they check the software at the gas pumps, because obviously the numbers have to match with the output they claim was sold and delivered to the customer. I believe it would be a small matter to run checksums on cash register software.
In fact I believe they might as well require them to be online [and constantly report checksums]. There isn't a shop location in Norway that doesn't already have some digital connection to the debit card payment system run by the Norwegian banks' [shared] exchange. Most Norwegians hardly touch cash any longer, it's mostly debit cards and has been for the last decades.
Debit Cards Rule by Anonymous Coward · 2013-01-12 22:40 · Score: 0

The problem is that most Norwegians only use debit cards, and that information is transparent to the government on the bank-end of things.
Your cash register isn't required to be hooked up to the card terminal... or rather they don't have to exchange and transmit information beyond that point. Well, not yet it isn't.
Reports From The Future by Anonymous Coward · 2013-01-12 22:43 · Score: 0

Hello from the future! Most Norwegians don't even use cash any longer, it's all debit cards here.
Done Badly In Sweden? by Anonymous Coward · 2013-01-12 22:50 · Score: 0

This isn't exactly the same, so it's not "already done" in Sweden. It's something similar, but the Norwegian solution seems more logical. This will be a direct and online connection. That black box just seems like a waste of money.
Petition to Replace the US Checking System by nbahi15 · 2013-01-13 03:31 · Score: 1

In this vain I created an online petition for the White House to respond to. The US banking system could use some movement towards a modern replacement to checking.
Petition to Replace the US Checking System
Problem solved by Anonymous Coward · 2013-01-13 03:54 · Score: 0

Tech solutions are so weak.
USB or Serial by Anonymous Coward · 2013-01-13 05:03 · Score: 0

It does not have to be serial, there is USB versions available to! Which, of course are faster :)
Re:Crazy taxes by Anonymous Coward · 2013-01-13 06:51 · Score: 0

Stop talking to yourself, you little despot. Please leave Slashdot, for you give honest classical liberals a bad name.
"Suffrage was limited for a good reason...suffrage should be limited and the change in the law that gives everybody a "right to vote" is the real fundamental problem"
--roman_mir
Re:Crazy taxes by fascismforthepeople · 2013-01-13 09:45 · Score: 1

you give honest classical liberals a bad name.
Quite the opposite. roman_mir gives liberals a good name, because he is not one of them. He automatically makes everyone else look sane and reasonable, no matter how few people agree with them philosophically here on slashdot. roman_mir is not a classical liberal, he is a neo fascist.

Read what he writes. He promises freedom but his plans would deliver slavery. He is championing fascism for the people.
Oh Norway... by Anonymous Coward · 2013-01-13 14:17 · Score: 0

For good or for bad, this HAD to come from Norway.