×

Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud

Soulskill posted about 2 years ago | from the open-source-the-cashiers-while-you're-at-it dept.

Open Source 161

Qedward writes "The Norwegian Ministry of Finance seems to be taking a bit of stick at the moment. It wants all the existing cash registers in the country thrown out and replaced with new ones. Not surprisingly, this massive upgrade is not popular. But it is apparently being pushed through in an attempt to prevent cash registers' figures being massaged downwards in use so as to reduce tax. The Norwegian association of tax auditors said: 'The source code must be opened.' 'Without source code it is not possible to determine whether or "hidden" functionality exists or not. Just knowing that the tax authorities have access to the source code of the application, will reduce the effort to implement hidden functionality in the software.'"

Sorry! There are no comments related to the filter you selected.

Just releasing the source may not fix it (5, Insightful)

phaunt (1079975) | about 2 years ago | (#42569717)

Releasing the source doesn't guarantee that a specific cash register is also running that code. So will this be all that helpful?

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42569729)

yes.

Re:Just releasing the source may not fix it (2, Insightful)

larry bagina (561269) | about 2 years ago | (#42569733)

and it doesn't guarantee that the compiler doesn't have a backdoor [bell-labs.com] of it's own.

Re:Just releasing the source may not fix it (4, Insightful)

rsagris (831741) | about 2 years ago | (#42569939)

Would people quit using this as an example of doubt? Show a real, honest to God, in the wild example of a widely used backdoor inserting compiler, or just STFU about it because while it might be possible it isn't in anyway practical or plausible enough to mention. If it was so easy to write a general use backdooring compiler, then it'd be actually seen, not fantasized about. -rs

Re:Just releasing the source may not fix it (2)

lingon (559576) | about 2 years ago | (#42570009)

To be honest, I have seen one or two proof of concepts of this. It's not that difficult to do, either (especially if there's money and tax avoidance in it). They should probably look into this as well as open sourcing the code, as a complement.

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42570055)

It's much harder to find a good programmer that knows what he's doing, than a crooked accountant.

Re:Just releasing the source may not fix it (3, Interesting)

aurispector (530273) | about 2 years ago | (#42570795)

You don't need a crooked accountant. Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.

All these tactics are characteristic of being on the wrong side of the Laffer curve. To quote Princess Leia: "The more you tighten your grip, the more star systems slip through your fingers".

Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.

Spending reductions are the first and best measure - tax revenues go UP when rates go down.

Re:Just releasing the source may not fix it (1)

ShanghaiBill (739463) | about 2 years ago | (#42570865)

Just don't ring up cash sales and you're good to go,

Until a plainclothes tax agent comes into your establishment, pays cash, and doesn't receive a receipt.

But I doubt if you have to worry about that too much, at least in California. If you pay cash at almost any Chinese restaurant, you will not get a cash register receipt. So either the checks are too infrequent, or the penalties too lenient, to have much effect.

Re:Just releasing the source may not fix it (1)

tnk1 (899206) | about 2 years ago | (#42571485)

Small business checks will be very infrequent, because they will not be a very efficient use of audit money. There's not enough tax money at stake with small businesses to go after them with actual agents, unless there is a desire to make examples of them. It is likely that some mom and pops do occasionally deal with that, but as long as they are not paying an absurdly low amount of tax, or their taxable revenues don't have an unexpected drop from previous years, chances are that no one is going to notice.

Re:Just releasing the source may not fix it (3, Funny)

OeLeWaPpErKe (412765) | about 2 years ago | (#42572157)

If you think this is about efficient use of government money ... you've not been to these countries.

This is about punishing "employers", finding an excuse to nail a few of them to the nearest cross (and then afterwards complaining that everybody is raising prices and only big companies that bribe government survive). And, more general, punishing anyone perceived as a capitalist. People who trade for a living in public places are of course straight in front of the leftist's gun barrel.

It is not about money, beyond the level that is required for the state to survive (and given that the state has been living on >100% borrowed money for decades, ...)

Re:Just releasing the source may not fix it (1)

tnk1 (899206) | about 2 years ago | (#42571457)

Well all of that is true... to an extent.

Yes, you will not catch everyone. Oh the other hand, you can probably increase your revenue significantly by ensuring that bigger organizations all comply with targeted audits on them. The small guys still get away with it, but as long as they don't stop paying taxes altogether, the government is probably all right.

Incidentally, this is why big government loves big business, or perhaps, needs big business. If you have a country full of small businesses, you have to audit 51% of those businesses to get a majority of the taxable revenues audited. If you have a country with much fewer businesses that do a majority of the business, then it is significantly easier to regulate them because you can have fewer auditing costs, and more of those dollars can be concentrated on a particular target, if you have the will to do so. You then rely on the corporation's control over it's affiliates/employees to do the fine grained control of the regulations, and big companies always have at least some disgruntled workers willing to rat out their bosses, which may not happen as often with small businesses.

Re:Just releasing the source may not fix it (2)

BasilBrush (643681) | about 2 years ago | (#42571773)

The only tax rate that is so low people won't bother cheating is 0%. A bit like software piracy - we see that people will still hack and pirate apps even when the price is as low as 99c.

Spending reductions are the first and best measure - tax revenues go UP when rates go down.

Right after you mention the Laffer curve. Of course the Laffer curve doesn't say that. Only above a certain rate is that true. Below that rate tax revenues go down when rates go down.

What's that rate? Nobody knows, because the Laffer curve is only a concept. No one can draw a chart of it. Economics are far too complex to be encapsulated by it.

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42572017)

Nobody knows, because the Laffer curve is only a concept. No one can draw a chart of it. Economics are far too complex to be encapsulated by it.

A quick looks shows this Laffer curve graph [investopedia.com] . And here the "expert of economics" BasilBrush said it couldn't be done.

In reality, it can be drawn, I showed it. It is a SIMPLE concept to understand, look it up. It has been PROVEN three times since WW2. JFK proved it, Regan proved, George W Bush proved it. That shows a 100% success rate at proving that it works that way. Has ANY other economic theory on tax rates ever even come close to being proven like this (Hauser's law has, but thats it as far as I know). The only people who claim it is too complicated and can't be proven are the ones who want to raise your taxes and they sound like idiots when this is trotted out because raising rates reduces revenue. They MUST resort to name calling and trying to say it isn't true when it has been shown three times to be true.

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42572001)

Spending reductions are the first and best measure - tax revenues go UP when rates go down.

Do you have any evidence that this is true in Norway?

Re:Just releasing the source may not fix it (1)

CrimsonAvenger (580665) | about 2 years ago | (#42571665)

(especially if there's money and tax avoidance in it).

They're not proposing this to combat "tax avoidance" (which is legal), but "tax evasion" (which is illegal).

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42570025)

Are there examples of cash registers which are running code which have illegal, hidden functionality?

If not, then your comment is equally applicable to this story.

Re:Just releasing the source may not fix it (5, Informative)

Anonymous Coward | about 2 years ago | (#42570111)

Are there examples of cash registers which are running code which have illegal, hidden functionality?

Oh yes; here in Sweden there was registers that had hidden features that could be activated in order to reduce the reported sums/amount of transactions by the users choice. Typically used in restaurants/bars. Since a couple of years all registers have to certified and connected to a 'black box' supplied by our equivalent to the IRS.
There was also frequent manipulation of the meters in taxis.

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42571209)

I used to do this manually. Back when I was 18 I worked at a Subway sandwich shop, and the cheaper subs were $3.99 (dating myself here...). There's a food tax here that doesn't apply on orders under $4.00, so when someone ordered several $3.99 subs, I'd punch it all up to show them the total (including the food tax), then once the customer handed over the money I'd quickly erase all but one sub, hit sale to open the till, and give the customer change based on the taxed amount. Then later I'd punch in each sub individually, and I'd end up with something like 20 cents per sub. It added up to an average of about $3 an hour once I got the best shifts for it, I think minimum wage was around $6 so it certainly helped. I even told the owner about it, he didn't care if I did it or not as long as nobody complained. I also told some regular customers, mostly because they were bound to figure it out sooner or later and possibly complain. Of course the $4 threshold hasn't budged to meet inflation so it's not so applicable anymore.

I never understood why fast food chains would prohibit accepting tips to lower the cost to consumers but didn't rig the menu to avoid the food tax. One restaurant took my advice and sold $3.99 plates and had vending machines for drinks, did well with that model.

Re:Just releasing the source may not fix it (1)

russotto (537200) | about 2 years ago | (#42570787)

Would people quit using this as an example of doubt? Show a real, honest to God, in the wild example of a widely used backdoor inserting compiler, or just STFU about it because while it might be possible it isn't in anyway practical or plausible enough to mention.

Ken Thompson actually did that, it wasn't just a concept. So yes, it is both practical and plausible.

Re:Just releasing the source may not fix it (1)

anubi (640541) | about 2 years ago | (#42571137)

MPU

Ken's Backdoor [scienceblogs.com]

Re:Just releasing the source may not fix it (1)

tnk1 (899206) | about 2 years ago | (#42571533)

Plausible, yes. Practical, no.

If you have the code, you can compile it. If the government has the code they can compile it, and obtain reference checksums of binaries. Adding backdoors will change the checksums because you can't add functionality to a binary without changing bits.

Since these are manufactured devices, you can make sure the vendor is releasing binaries that match the checksums you get with your compilations at the government offices. They will need to synchronize compiling methods, sure, but that's not going to be incredibly difficult to do.

The only way you can really backdoor code like that is to have the code have the ability to accept external modules and then write an offending module that you custom load on your machines. Chances are, the government would get wise to that too, since again, they have the code to see what is possible with it.

Re:Just releasing the source may not fix it (1)

gmueckl (950314) | about 2 years ago | (#42572123)

Well, you could force everyone trying to compile your software to use your compiler, e.g. if you bootstrapped a custom, self-hosted programming language just for the cash register software. Then everyone trying to verify the binaries would have to use your compiler binary for the process, which automatically introduces the backdoor in every version of the software ever compiled.

However, a compiler for a useful new programming language takes time and effort, so from an economic perspective this shouldn't make sense.

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42572151)

If the government has the code they can compile it, and obtain reference checksums of binaries. Adding backdoors will change the checksums because you can't add functionality to a binary without changing bits.

So the government is going to keep binaries for all combinations of platforms, compilers, and compiler flags for each and every source drop?

Releasing the source is bound to make things worse (1)

OeLeWaPpErKe (412765) | about 2 years ago | (#42572257)

Please note that it's an open question whether it's practical or not.

You could say the same about built-in kernel rootkits, they're very impractical to install on someone's machine. Yet we know about instances where machines were shipped with kernel rootkits installed.

Besides, why so complex ? Open sourcing these programs will lead to "tax optimizers". Write a program that reads in all the data files of the program, and outputs a "tax optimized" version with all the little details changed to better suit the business owner's tax situation. There will be absolutely zero ways of proving this was done, because the data files were generated by the exact same code that normally generates them based on sales, just with faked dates and missing transactions.

I wonder why everybody always comes with elaborate schemes to cheat using ridiculously complex methods to achieve these objectives when you could simply lie (and given the fact that no administration is ever accurate, finding an inconsistency is not exactly reason to throw the book at someone, keeping track of every single thing you do that involves money is a lot of work, you don't want to do it and as a result, accuracy is lacking at best).

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42569833)

Ssh.. don't spoil the fun now!

Re:Just releasing the source may not fix it (4, Insightful)

bloodhawk (813939) | about 2 years ago | (#42570107)

Not to mention you can just not register the cash in the machine or have separate machines that don't report centrally or any number of other ways. The machine being auditable only works if every other part of the sales process is auditable and controllable and really this isn't possible in anything but the largest organisations.

Re:Just releasing the source may not fix it (1)

gl4ss (559668) | about 2 years ago | (#42570885)

then you don't get a receipt.
anyhow, it's pretty easy for inspectors to go for a kebab and see if they get the receipt. or if there's multiple machines.
and not to be a racist or anything.. but around here in another nordic country these are the places which prefer cash. they all take cc's too though.

this just makes the inspections real simple to perform as there's no 20 different register providers. the point is that it's easy to check what has been put through the register and if it's running the code it should..

Re:Just releasing the source may not fix it (2)

BasilBrush (643681) | about 2 years ago | (#42571821)

then you don't get a receipt.

With multiple cash registers then of course you get a receipt. If your sale is rung up on register A then you get a receipt and it's reported for the taxman. If your sale is rung up on register B then you get a receipt but it's never reported to the taxman.

And there's nothing wrong with having multiple registers. Plenty of shops do. Any shop that has several cashiers for example.

Re:Just releasing the source may not fix it (1)

ilguido (1704434) | about 2 years ago | (#42570255)

Well, in that case a simple diff command could be enough to check if it's running the code it's supposed to run.

Re:Just releasing the source may not fix it (1)

lsatenstein (949458) | about 2 years ago | (#42570499)

What is more important is to have a sha256sum of the Cash Register program. The sum can be compared to a master copy held in the government premises. Not only that, the executed code could have some tamper resistant software to protect itself from tampering.

Do you want UEFI for cash registers?

Re:Just releasing the source may not fix it (1)

OeLeWaPpErKe (412765) | about 2 years ago | (#42572267)

Why fake the program when you could simply use the open source of that program to re-write the datafiles ?

Re:Just releasing the source may not fix it (1)

mrmeval (662166) | about 2 years ago | (#42570975)

Just stick a PC there tied directly in to the government servers. Let the government figure the bill and the tax. Simple. ;)

Re:Just releasing the source may not fix it (3, Insightful)

OeLeWaPpErKe (412765) | about 2 years ago | (#42572295)

We're talking here about tax departments that cannot manage to keep spreadsheet software operational on their office systems, cannot keep their own tax databases accessible of backed up, and worse. Never mind the fact that hardly any business administration is ever really correct in the first place. Having them run a centralized online service for millions and millions of customers sounds like a spectacularly bad idea. Besides, what about businesses without internet connection ?

I was amazed, when I first saw this, but cash registers never contain the amount of money their record claims they should at the end of the day. My jaw dropped to the floor for 20 minutes when I was told the same goes for ATMs. It tends to be a shortage because people are much more likely to complain when shortchanged (mostly accidentally), so it's expected to be a negative correction, up to 5% of the amount sold. This presents an obvious way to cheat that the taxman cannot (reasonably) attack businesses for.

Re:Just releasing the source may not fix it (0)

Anonymous Coward | about 2 years ago | (#42571319)

He who writes the source code decides nothing...
He who writes the COMPILER decides everything!

http://c2.com/cgi/wiki?TheKenThompsonHack [c2.com]

Re:Just releasing the source may not fix it (2)

tnk1 (899206) | about 2 years ago | (#42571427)

It could very well be helpful. The government could, in theory, generate checksums of binaries/firmware resulting from that code that are used in the registers and compare them with what they discover in audited machines. There might be some initial bumps in the road, depending on how they are generated/compiled, but you can be sure that the government will synchronize with the register vendor to make sure they know what they are looking for.

Of course, the government isn't going to catch everyone, but really, they may improve their tax collection significantly by just auditing the registers of a certain percentage of companies with large taxable revenues. No big or midsized company will be able to risk trying to pull one over on the regulators as long as it is clear that there is intent to actually run audits and the ability to obtain good data.

The government doesn't even have to catch you right now. If you put some particularly clever code that allows for hidden external modules or whatever, you may well get away with it for now, but if the government has the source, they will eventually know what to look for, and they will tack on charges as soon as it looks like you were being extra clever when they do discover you.

Of course, It begs the question... (0)

Anonymous Coward | about 2 years ago | (#42569749)

Whether cash register programmers are already adding "hidden" functionality. I have a hard time seeing that. How would you advertise : "Our registers have "hidden" functionality to help you skip on your taxes." Also, if a cash register company were to add this sort of functionality, it opens them up to huge liabilities.

Re:Of course, It begs the question... (1)

dkleinsc (563838) | about 2 years ago | (#42569769)

How would you advertise : "Our registers have "hidden" functionality to help you skip on your taxes."

My guess is that this would be the sort of verbal promise made by the salespeople of a dodgy cash register company. And it would be attractive to the kinds of businesses that are also pretty dodgy, e.g. bottom-feeder bars or strip joints.

Re:Of course, It begs the question... (4, Informative)

whoever57 (658626) | about 2 years ago | (#42570013)

I had a friend who installed POS systems in small businesses for a living. At restaurants, the most important feature of any POS system was the ability to make a table disappear out of the records.

Re:Of course, It begs the question... (0)

Anonymous Coward | about 2 years ago | (#42570673)

Boy do I believe that! Requiring businesses to be honest in any way is a radical idea.

Re:Of course, It begs the question... (5, Informative)

Interfacer (560564) | about 2 years ago | (#42570165)

Far from dodgy companies. This is a common feature in many (all?) cash registers used in small business, especially restaurants.
I know people who work in restaurants, and they told me that this is a public secret.

The way it works is that at the end of the day, you can make the register change the numbers by an amount or a percent. Ther register will then do the math to change the number of coffees served and muffins sold and things like that. It does this so that the numbers still make sense and correlate with expected ratios.
At that point, the business day is closed, the register is printed, and you get some money out of the till under the table. If the inspectors should come in during the day, you can just print whatever the current status is, which will then be immutable at the end of the business day to avoid discrepancies.

This functionality is not advertized in writing, but all sales persons know about it and know how they can explain this to the owners. All major registers have features like this, and I can understand why the inspectors would require open source. Because skimming money becomes an order of magnitude more difficult if you don't have a register to help you create a phony audit trail.

Re:Of course, It begs the question... (5, Interesting)

Anonymous Coward | about 2 years ago | (#42570535)

I was an auditor for a state in the USA (posting anon). This is widely known among auditors. The hard part is proving that the place did that.

The state has in the past (at least talk at the legislative level) talked about outlawing software with this feature, but the business burrow makes excuses, like for instance I think I heard these type of "features" are required for discounts, coupon type things, if someone isn't satisfied and get's a free meal, etc.

I think it's a bunch of BS since the software does these things quietly without making an audit trail, but nothing ever happened past the initial talks that I'm aware of.

And even if it did, you could say oh it was a 15% off day or some crap, so you could still hide it unless you could prove it wasn't.

I worked in banking previously, and it was widely known that business's hide money. See small business's want it both ways. They bring their tax info to the Bank for loan or w/e then the bank denies or less then they wanted or unfavorable terms, and some people actually say well I actually make more then this. Our loan officer used to joke about it during training. You can't have it both ways.

There are many things working in Auditing I've learned about. Some is very creative and some is just very simple.

Re:Of course, It begs the question... (1)

Anonymous Coward | about 2 years ago | (#42570773)

I always enjoyed the South Korean solution to the problem. They created a system wherein if you pay cash, you can ask for a special 'cash receipt'. Generating the cash receipt generates an automatic reporting to the government of the expense, associated with your account.

The kicker is, people who report their cash expenditures get 1% of their purchase back in taxes at the end of the year.

Re:Of course, It begs the question... (3, Informative)

daem0n1x (748565) | about 2 years ago | (#42571029)

Here in Portugal, the government has mandated all cash-registers to run certified programs that regularly upload transaction data to our Tax Authority.

Tax evasion has always been blatantly huge in restaurants, bars and cafés. It's no wonder the restaurant associations are up in arms with this. They've declared war on card payments too, which is something that pisses me off. They claim the bank rates are too high, but guess what the real reason is?

Just like the constructions business, they've had practically a licence to print money during the latest decades. Now with the economic crisis, they're going down the toilet. I'm not shedding a tear for them. I just pity their poor employees that will be out of work and are certainly not finding another anytime soon. They had shit-paid, stressful, long-hour jobs, but it's better than no job.

Re:Of course, It begs the question... (1)

ericloewe (2129490) | about 2 years ago | (#42571679)

Tax evasion has always been blatantly huge in restaurants, bars and cafés. It's no wonder the restaurant associations are up in arms with this. They've declared war on card payments too, which is something that pisses me off. They claim the bank rates are too high, but guess what the real reason is?

I'm curious as to how much pressure the government is actually willing to apply. A crackdown on under-the-table transactions is a lot more feasible when you can just look at the register and fine the owner for having unapproved software, since you don't have to prove tax evasion proper. They could definitely do a crackdown on suspected tax evaders more or less like the health authorities did their crackdown on the unsanitary chinese restaurants a few years back and scare most small businesses into compliance.

Re:Of course, It begs the question... (1)

tnk1 (899206) | about 2 years ago | (#42571567)

You could also consider it a means of the customer being able to correct their records manually, if needed. Obviously, the users of the registers are the customers, and the customers will get features that they want added. Unless there is a law against specifically that ability, chances are good the vendor will give you what you want or you will be able to request some sort of ability that makes it possible to use the feature as a backdoor to get the same result. It is up to the collector of the tax to produce valid results.

Re:Of course, It begs the question... (0)

Anonymous Coward | about 2 years ago | (#42569931)

They only need to advertise an "extendable plugin architecture" and let the free market do the rest.

Re:Of course, It begs the question... (2)

arth1 (260657) | about 2 years ago | (#42570039)

Or have functionality that's "customer customizable".

One easy way is registers that allow multiple currencies, which is common enough in Europe. Have the customer pay in "Kr" and get his receipt in "Kr" (the common symbol in Norway for Norwegian kroner, crowns), and then have the sales registered as NOK with an exchange rate of 1.5:1. Suddenly you only have to pay tax on 2/3 of your income.

Another easy way would be to split the credit between two accounts (which unlike double ledgers isn't illegal - but reporting just one of them most certainly is).

Or allow functions like deleting sales records to be accessible by anyone by running the register in a documented "test mode".

There are so many possible ways to allow the stores to game the system without being programming geniuses.

But is open source going to help? I am unsure.

Re:Of course, It begs the question... (1)

tnk1 (899206) | about 2 years ago | (#42571627)

Open source is really only going to help the bigger problem if there is legislation that prevents the code from having certain types of functionality.

In the narrow case, the Open Source could be highly successful in proving that the code that the vendor provides is the same code that is in the hands of the government. People have talked about backdoor compilers, but that doesn't defeat this because the government will insist on binaries that compiled with clean compilers.

The real question is whether they can make sure the vendor writes the code so that it cannot be cleverly manipulated to get the same effect as before. In other words, if I wrote code that is written in such a way there there is a bug or backdoor that the government does not manage to find in the 200000 lines of code in front of them, then adaptation will not be difficult. Having code does not mean you understand all that it can do.

How exactly are the 'massaging' the numbers? (1)

Derekloffin (741455) | about 2 years ago | (#42569763)

I code a Point of Sale, and while I could easily under report, even the most elementary audit would make it blatantly obvious that this was occurring, at least all the ways I would think to do it. I'm also curious how they plan to make 1 cash register program that covers the needs let alone desires of every business out there.

Re:How exactly are the 'massaging' the numbers? (1)

Anonymous Coward | about 2 years ago | (#42569849)

How to make one program suit all businesses ? Simple! That solution is in the mind of the politicians, they drag the facts and numbers out of their ass, then in reality, it will take 10 times as long as they plan for, and in the end it will all be scrapped after wasting millions of dollars on consulting services.

Re:How exactly are the 'massaging' the numbers? (0)

Anonymous Coward | about 2 years ago | (#42569873)

Wouldn't it just be certain core features though anyway? Plus if it is open source wouldn't that let you code any other features you want easily in an integrated package? I don't know. My web site is being built on an open platform and there are all sorts of features we are adding that would never be possible in a closed environment.

Re:How exactly are the 'massaging' the numbers? (2)

Derekloffin (741455) | about 2 years ago | (#42570011)

Certain core features, yes, definitely, but that would be far from sufficient for most businesses I know. As well, most businesses I know have a hard time keeping a competent IT guy on staff, let alone a team of programmers that many would need to implement the features they desire and maintain them. And since most Point of Sale software enhancements have no need to release to the general public, even if open source, you'll end up with 100s of forks (which won't work if it is supposed to be 1 master system), and most the solutions will be kept private, meaning most businesses, even if they have common needs, will still have to start from scratch every time. I just simply don't see this working at all. You either get one master system that is seriously unwieldy as it tries to cover a massive number of competing and will likely end up covering them all fairly poorly, or you get 100s of separate systems that are superficially similar which seems completely contrary to the whole point of the exercise to get 1 system.

Re:How exactly are the 'massaging' the numbers? (1)

semi-extrinsic (1997002) | about 2 years ago | (#42570095)

The most sensible way would be to require giving auditors access to source code upon request, no questions asked. Along with a few random controls, I could see that working as a deterrent.

Re:How exactly are the 'massaging' the numbers? (4, Informative)

vlad30 (44644) | about 2 years ago | (#42570263)

10-15 years ago I also wrote some POS software and it opened my eyes to the way many cash businesses operate. I was asked specifically to add by many of the businesses to add a "reduction feature" which I politely refused to do I would say 80% of potential sales were lost for this one reason. On competitor software they often demonstrated this feature would delete a percentage of completed cash transaction before the End of Month commit and rollover so auditing the data would show nothing this was so pervasive the owners of a franchise with at the time 350 + franchisees also requested it

On the other hand business who bought and used my software found much of their income was being fudged by employees usually through cancelled transactions. When a customer pulls out cash and says no receipt necessary the transaction is cancelled an the cash pocketed.

Re:How exactly are the 'massaging' the numbers? (1)

Derekloffin (741455) | about 2 years ago | (#42570329)

I suppose that makes some sense, but must say the auditors are pretty easily deceived if that gets by them, at least in any place with a hard inventory. In a service industry when stock is non-existent of perishable that could work, although making a uber register doesn't help at all there as you can still easily just not input the sale into the register.

Re:How exactly are the 'massaging' the numbers? (1)

nosferatu1001 (264446) | about 2 years ago | (#42571231)

Not easily deceived, you just cannot prove it without being there when it happens. Shrinkage can easily be huge in a perishable business

Posting as an IT auditor of ex big 4 and UK 10 who saw my colleagues pain.

Re:How exactly are the 'massaging' the numbers? (2)

thegarbz (1787294) | about 2 years ago | (#42571317)

I have interesting experiences with a new cash register on both these points. The franchise I work for was essentially ordered to install a certain franchise approved cash register to combat exactly this kind of fraud (not at our store specifically, but the fraud was rampant business wide). With many hundred stores in the country it would have cost an absolute fortune to replace all the registers.

One of the handy features of the new registers is the ability for it to automatically do analytics on sales performed by staff. They were designed to have an RFID tag before a staff member can perform sales. We don't have those at our store, but instead you insert the names of the staff working on any given day (only 2-3 out of a larger pool so the analytics works quite well). The cash register watches for key things such as when a many cancelled transactions correlate with certain staff working and sends an email. You can also pull out all sorts of records such as time the register was open, time to complete transaction etc to pinpoint staff members who may be slow / require more training on the machine.

And naturally with all such modern things it has a web interface so we can quickly log in from anywhere and check on people. Interestingly enough it reports real-time sales back to the head office and from their website we can see a ranking of all stores in the state at any given time, though just a number ranking, not the actual sales figures.

Cracking down on cash... (3, Interesting)

Duncan J Murray (1678632) | about 2 years ago | (#42569785)

These are the requirements from the article:

Suppliers must be able to prove that the system can integrate with external software that allows changing the online journal.
It shall not be possible to change the entries in retrospect or change preset text on goods and services at registration.
It shall not be possible to record sales without a receipt is printed.
It shall not be possible to drive out more than one copy of the receipt.
It shall not be possible to mark some groups so that they are included in the reports.

I can't remember who told me when I was much younger how to spot the people running cash businesses and not declaring all their tax - they wouldn't be able to get the mortgage for an expensive house, but the inside would be overly luxuriously appointed, and they'd often have a flash car bought outright.

Re:Cracking down on cash... (4, Insightful)

Belial6 (794905) | about 2 years ago | (#42569875)

Not being possible to drive out more than one copy of the receipt would be a disaster. Receipt printers are notoriously temperamental. If I want a receipt the store needs to be able to print it. Maybe require that the copy number be printed on the reciept, sure. But not to print a copy at all is just unworkable.

Re:Cracking down on cash... (1)

Derekloffin (741455) | about 2 years ago | (#42570035)

Indeed. Not to mention customers coming back to your store and wanting to see a receipt for a sale that was on their account. Also, I'm puzzled by the notion of requiring a print out. What good is that going to do? If they want no printed version, a print out is pretty easy to destroy (you can also easily make a computer think it's printing a physical copy when it is only printing a virtual copy, or even to the big bit bucket in the sky). Then there is the whole issue if you lose power, most businesses want at least some ability to continue functioning even if the computer is totally unavailable. I just don't get it.

Re:Cracking down on cash... (2, Interesting)

Anonymous Coward | about 2 years ago | (#42570119)

Some Euro countries already use registers like this. The ones we sell and manage are basically small Linux boards bolted to various printers with memory card for sales journal files(signed to detect tampering), Eprom for company/store identification and daily sales/tax reports and various communication and peripheral ports.
The register prints one original receipt - marked with small graphical logo. You can print as many copies as you want but they will be marked as such and lack the logo. For tax purposes you can use only the original receipt.

Re:Cracking down on cash... (1)

davester666 (731373) | about 2 years ago | (#42571923)

So, the customer can't get a valid receipt if there is any kind of hardware failure, like running out of paper, or dirt caught in the printer, or a power failure?

Re:Cracking down on cash... (1)

Anonymous Coward | about 2 years ago | (#42570087)

Project disaster warning sign: accountants are making engineering decisions.

Re:Cracking down on cash... (1)

flyingfsck (986395) | about 2 years ago | (#42572289)

Meh, the really successful ones will pay for the house in cash. Why have a mortgage when a briefcase full of cash is so much easier?

Projects like this already exist... (0)

Anonymous Coward | about 2 years ago | (#42569811)

Like:

http://opencashier.org

Norwegian lack of transparency. (0)

Anonymous Coward | about 2 years ago | (#42569821)

As a citizen of Norway, I think there should be no difference in how people are treated.

So:

Ministers of the government should start using the bus, or driving their own car to work. Today they use the field reserved for busses, driving cars with a private driver. Also, when we have visits of foreign head of states, all traffic is stopped, and everyone has to wait while streets are blocked for lengthy times, and tax money is wasted on police protection.

At the same time, we could start with learning exactly how the state spends it's money. When the state demands efficiency by the population, they demand nothing of themselves.

What the Norwegian govt. is - they're an organized gang that extract money from the population. First. you pay upwards of 50% tax on your income, and then 25% on everything you buy in value added tax, and if this is not enough, you pay tax if you have any assets (money, house), car taxes are high as nothing else, and yet, what the decisionmakers do, they only find new ways to collect money, but really don't care about fixing issues that needs fixing, for instance the very big problem with rush traffic in the capital, and the housing crisis in all major towns.

Most state entities are highly innefficient, and bureacracy is expanding at an alarming rate.

Good luck in finding goodwill in the Norwegian people Mr. TaxMan.

Re:Norwegian lack of transparency. (1)

Anonymous Coward | about 2 years ago | (#42570081)

American posing as a Norwegian.

Re:Norwegian lack of transparency. (1)

pipatron (966506) | about 2 years ago | (#42570357)

Whine whine whine I have to pay taxes to the evil gubmint so I have to whine in this article even when I don't have anything to add!

If you're not happy with the way your peers vote, then your options are to influence them in the right direction or move to a place with better peers. Whining just makes you seem like a sucker.

Meanwhile in Hungary... (0)

Anonymous Coward | about 2 years ago | (#42569823)

All cash registers must be connected to the ministry over the internet by April.

Opening source to the government != open source. (1)

vovick (1397387) | about 2 years ago | (#42569841)

Misleading title is misleading.

They seem to have missed the point (0)

Anonymous Coward | about 2 years ago | (#42569867)

One of the entire premises of FOSS is that the user has access to the code so they can modify it. That would of course precisely defeat the tax agency's purpose.

Re:They seem to have missed the point (1)

Dr_Barnowl (709838) | about 2 years ago | (#42569981)

Indeed - they could mandate that the cash registers are also TiVoized to prevent them running anything but the approved build, but then it isn't Free software.

Re:They seem to have missed the point (0)

Anonymous Coward | about 2 years ago | (#42570037)

Not everyone has a problem with Tivoization. Some people actually respect the freedom of others to sell what they want under the terms they want.

I hate how certain people/groups have hijacked the word "Free".

Re:They seem to have missed the point (3, Interesting)

pipatron (966506) | about 2 years ago | (#42570383)

There's nothing in the article about FOSS. There's not even anything about "open source", just that the tax agency should have access to the source code.

Re:They seem to have missed the point (1)

nosferatu1001 (264446) | about 2 years ago | (#42571243)

Sha256

Like the Nevada rules for slot machines (5, Interesting)

Animats (122034) | about 2 years ago | (#42569919)

Nevada has rules like that for slot machines. [nv.gov] Only tougher. Stuff like:

Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent authentication information.

Provide, as a minimum, a two-stage mechanism for verifying all program components on demand via a communication port and protocol approved by the chairman. The mechanism must employ a hashing algorithm which produces a messages digest output of a least 128 bits and must be designed to accept a user selected authentication key or seed to be used as part of the mechanism (i.e. HMAC SHA-1). The first stage of this mechanism must allow for verification of all control components. The second stage must allow for the verification of all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the verification information must be stored on a Conventional ROM Device. [Effective 11/1/2012] All gaming devices must also provide the same two-stage mechanism for verifying all program components on demand via a gaming device user interface where the results are displayed on the gaming device.

That's just one item. There are lots of other logging and audit trail requirements. The Nevada Gaming Commission checks these regularly.

Re:Like the Nevada rules for slot machines (3, Informative)

storkus (179708) | about 2 years ago | (#42570457)

I was a slot mechanic in the mid-late 90's in Nevada. Much of what was written in the parent message is new to me, but matches what we were doing back then with older tech. One thing to remember about selling a gaming machine in Nevada: the saying is, "If you can pass inspection in Nevada, you can pass anywhere." Nevada's Gaming requirements are simply the toughest in the world, and are why many machine manufacturers you might see at Indian casinos are not found in Nevada, and conversely why those that do almost always have an office there.

In the two casinos I worked for, we would keep "master" ROMs along with a dual-slot programmer in the vault. During inspections by the Nevada Gaming Commission (NGC), every time during large jackpots, or if a machine was paying out too much (percentage was too high), we would turn off the machine, open up mobo box (which was lockable, though this was only done at the casinos I worked at for Megabucks--this was an IGT and NGC requirement, and the only non-cash locks we didn't have keys for on the floor), pull the ROM out of the machine and do a direct compare to the master via the programmer--no PC needed. The master ROMs themselves could be compared to a master ROM that the manufacturer and NGC had; both also had the source code, as manufacturers have to give the source to NGC (but not the casinos).

We got some newer machines later that didn't run on 8051's: Bally Game Makers were relatively new at the time I was working my first casinos, and VLC and Williams were just getting into it by the time I left; Odyssey came out in between, which was the first (AFAIK) platform based on a PC. With the former machines, if I remember right, we just checked CRC's printed on a screen. I'm sure there was a better way, but if there was, I don't remember it; with the Odyssey, I never knew what you would verify it with: I'm assuming comparing one drive to another since it didn't have a CD-ROM and was pre-USB and such. It really didn't matter because, despite being so over priced (IMHO), they were never connected to any progressives and only had standard jackpots (under the $1,200 IRS-reporting limit, if I remember correctly).

WRT the cash machine problem, the issue is not whether you can open-source the software, but that the binaries are unaltered that are running on the machine. Most of you here on /. deal with this every day, and the method of simply running a hash on the ROM and comparing it to the "accepted" compile of the open software is all you need to prove it hasn't been tampered with. Sure, it can be replaced, but if the inspections are by surprise, they won't have time; alternately, you can do what they do with CB's here in the US and pot the shit out of the ROM--at that point, an inspection need not be more than visual.

The more the state has an iron grip on the economy (-1)

Anonymous Coward | about 2 years ago | (#42569953)

In Germany, I believe, all the wirtschaften (usually small family restaurants) had to replace their cash registers with ones that reportedly directly to the FinanzAmt. Unlike America, most people there pay cash (it's not a credit card heavy society, yet), so the restaurant business was very much on a cash basis and people did well in it often. As you can imagine, the taxes were historically fudged and so on, but with all the social nets these days, and the foreigners coming in to take full advantage of it (the post-WW2 Constitution promised assylum), the state became eager to clamp down somewhere for more funds.

The problem with such tightly controlled economies is that some free cash greases the wheels so to speak. The black market economies earlier in the 20th century (talking about vice goods such as alcohol, etc, not trafficking people) helped a lot more people out than giving it to the government would have (you see how they spend a lot of it), both in getting luxury goods they could not otherwise afford and getting some people decent pay they would not be qualified for in a regular institution - and overall allowed for a free flow. A pressure valve, so to speak. There are many such niche places to make such cash unencumbered by all the BS.

Anyway, Norway is even more heavily socialized, and they are getting a lot of bums from outside to support, that I'm not surprised by this development. Back in 2005, I was warned away from visiting one of those Scandinavian countries when I was in Europe, being told that a beer was something ridiculous like $8 ea. at a bar. Soon you won't be able to let one loose without them monitoring it and taxes you on the volume released (Globale Erwärmungssteuer).

Re:The more the state has an iron grip on the econ (0)

Anonymous Coward | about 2 years ago | (#42570099)

I doubt that you actually believe that Norway and "those Scandinavian countries" are Orwellian Nightmares where people can only get truffles on the black market.

Re:The more the state has an iron grip on the econ (0)

Anonymous Coward | about 2 years ago | (#42571631)

Did I say it was an Orwellian nightmare? Do things have to get to the level of Orwellian nightmare before it's considered a bad idea?

Allready done in Sweden (5, Interesting)

Kottie (2799359) | about 2 years ago | (#42570043)

Since a few years back all bussines are demanded to have a "black box" connected to the register that tracks all events. Tax authorities can come in any time and download the content to check for any irregularities. It logs everything including how many times and how often the drawer is opened.

Re:Allready done in Sweden (-1)

Anonymous Coward | about 2 years ago | (#42570117)

In Sweden? That's strange. I thought those smart people in Europe enjoyed paying their fair share of taxes. Taxes are how they pay for civilization.

I just don't believe any of this. This is some trick of Murdoch owned media sources.

Re:Allready done in Sweden (2)

pipatron (966506) | about 2 years ago | (#42570403)

Maybe Sweden isn't populated by clones.

Re:Allready done in Sweden (1)

Anonymous Coward | about 2 years ago | (#42570605)

I thought those smart people in Europe enjoyed paying their fair share of taxes.

People, yes. Corporations, no.

doesn't do a damn thing about "bin 6" (2)

swschrad (312009) | about 2 years ago | (#42570451)

being, of course, the pocket of the clerk at the register.

Similar in Portugal (3, Interesting)

danielmatos (1171429) | about 2 years ago | (#42570465)

In Portugal, for the last couple of years it is already required for every business to have a "certified" software that enforce some similar rules. Even though the software doesn't need to be open source, every invoice or receipt must include part of an hash key that is automatically generated based on key data (VAT Nr, amount, date, value), an asymmetric key given to each software manufacturer *and* the hash from the previous document. This makes it impossible to change any document after it has been printed out without invalidating every document printed after it. There was a requirement that every software had to be able to export accounting details in a standard format (SAF-T), if requested from the tax authority. Since 1-Jan-2013 every business is now forced to send monthly detailed invoce data to the tax authority.

Re:Similar in Portugal (0)

Anonymous Coward | about 2 years ago | (#42571777)

Which is why they simply charge you, hand you your food, and only pop the register to make change. This has become more difficult with debit cards, but I knew at least one kebab shop in Elephant & Castle, a really scary part of London, that did this for years. And it was the only place open at midnight, so they did a fair amount of business for me. (It was the only meal I could buy on my way home, my roommates tended to steal my groceries).

Re:Similar in Portugal (0)

Anonymous Coward | about 2 years ago | (#42571949)

I know it's not your point but... We see how well it is working for Portugal right?

I mean: the country is going to default (just like Greece did) and meanwhile it's just living on life support from the richer countries of the eurozone (which are probably going to default at one point too).

The idea is terrible because we can see an ever growing state with more and more power and hence, of course, less and less real economic activity trying to bleed people to death, forcing business owners to drawn under more and more bureaucratic paperwork and tax their way out of a recession.

As as been pointed above: the problem is not fraud, the problem is that the state *is* the thief stealing working people's money.

Taxes are too high. Way too high. And not the various states are f*cked because they realize they can't tax more or they'll stop the economy. So they think all they have to do is try to find the fraudsters. But it won't work.

Italy is in the same mess: hundreds of policemen paying visit surprise to fancy ski resorts in the Alps to check every Ferrari / Lamborghini / Porsche / Bentley driver and check how much revenue they declare...

These are all desperate measures which won't solve the fundamental issue: the state has become way too important in most westernized country and the only way out for these countries is a state default.

In addition to that, such measures (policing every single document and forcing yet more and more bureaucracy / paperwork / ework) are counter-productive in that they're destroying future wealth by discouraging people from creating new businesses.

Re:Similar in Portugal (0)

Anonymous Coward | about 2 years ago | (#42571961)

Sounds good as long as you are not required to get your cash registers from a single supplier.

Re:Similar in Portugal (1)

flyingfsck (986395) | about 2 years ago | (#42572273)

I heard that Petty Cash boxes are selling amazingly well in Portugal...

Crazy taxes (1, Interesting)

roman_mir (125474) | about 2 years ago | (#42570483)

Norway and the rest of the countries engaged in taxing people's income only distort the market, forcing people to figure out ways to avoid paying income taxes rather than concentrating on their business, actually improving the economy by doing the best they can.

I build and supply store management, supply chain management systems, POS is just one part of the chain, there are many many different ways that businesses can use to reduce their tax burden. You don't know it, but basically no small retailer would survive in the tax structures that are set up in a way that favour large monopolies and basically destroy small retailers. In business where a few percentage points either make or break your entire model, being able to reduce taxes can be the difference between staying open and shutting down.

Great idea (1)

Anonymous Coward | about 2 years ago | (#42570545)

Let us apply it at goverment level first.

Norway's IRS (0)

Anonymous Coward | about 2 years ago | (#42570735)

Norway is a rich country because of oil resources. Not exactly a struggling economy.
Norway can copy USA government methods to stop cheating. Simply adopt "you must be guilty unless you can prove you are innocent of cheating."
Norway should use auditing to determine if the books are correct. Trusting in a computerized register printout is like trusting a butcher's scale for accuracy.
Norway needs to improve their auditing skills and not waste their time digging in open source code. Who came up with this idea anyway? Armchair Olaf?

GO Norway. EVERYONE is a criminal (0)

gelfling (6534) | about 2 years ago | (#42571019)

I hope they imprison and fine people and THEN worry about the random trial and such, afterwards.

Damn commies (1)

PopeRatzo (965947) | about 2 years ago | (#42571329)

Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud

What they call "fraud", we call "free-market capitalism" here in the States.

Thank God I live in a country where the inalienable right of a corporation to defraud you is enshrined in the Constitution.

Not not granddaddy's open source software (1)

Shavano (2541114) | about 2 years ago | (#42571723)

Clearly, they can't be talking about open software the way we know it. If YOU had access to your cash register's software, you could hack it to underreport your transactions so as to evade tax. They only mean open to the government and it seems like there's no way to really accomplish their goal. What's to stop you from unloading the government-monitored software and making a version of it that they can't see and looks the same from their end but does something entirely different from your end?

Voting machines must be also be "Open Source" (0)

Anonymous Coward | about 2 years ago | (#42572195)

For the very same reason, voting machines (used largely in the US), should only use open source software.
And this software should be "frozen" about three months before use.
The code should be only compiled code, so byte to byte binary comparison for instant audit will be possible.
More safety measure should be take, this would be a little long to explain.
But in a few words, verifiable software is very important, for proper functionning of a democracy.
Jeffersonian.

No Sale (1)

flyingfsck (986395) | about 2 years ago | (#42572265)

No matter what they do, nothing prevents the clerk from hitting the No Sale button, or simply not hitting any button at all.

Re:No Sale (1)

PPH (736903) | about 2 years ago | (#42572465)

The register transaction time stamp synced to the surveillance camera above the cash register makes that a risky move.

: ) Commenting Out Functions (1)

infinitelink (963279) | about 2 years ago | (#42572301)

I think it would be awesome for code to be published which has the functions (that Norway's government hates) commented out, with stern warnings "don't compile with this code removed from comments, or these functions could become present."
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?