Norwegians Require Open Source to Stop Fraud (and RIP Aaron Swartz)

The Norwegian government, evidently looking to stop retail tax fraud, has decided that every cash register in the country needs to be open source. Even if it means replacing every single one of them.

Also, RIP Aaron Swartz. They say ghosts are people with unfinished business. If anyone knows how to build a modem for receiving large amounts of data from the Great Beyond, consider hand-delivering it to a file-sharing darknet or Ecuadorian embassy near you.

Worth quoting for the sake of history, and memories of Boston Logan’s intolerance of blinking lights:
“MIT, to its great shame, was not as clear, and so the prosecutor had the excuse he needed to continue his war against the “criminal” who we who loved him knew as Aaron.” http://lessig.tumblr.com/post/40347463044/prosecutor-as-bully

Speaking of, for the would-be activists, a lesson in history from the son of an MIT graduate: http://www.petercoyote.com/latimes.html
I was amused to read recently that the Swiss have invented vending machines for gold, and business is brisk.

http://blogs.computerworlduk.com/open-enterprise/2013/01/another-reason-for-open-source-auditability/index.htm

“The Norwegian Ministry of Finance seems to be taking a bit of stick at the moment. It wants all the existing cash registers in the country thrown out and replaced with new ones, as the Norwegian site E24 reports (via Thomas Steen and Google Translate) […]

Not surprisingly, this massive upgrade is not popular. But it is apparently being pushed through in an attempt to prevent cash registers’ figures being massaged downwards in use so as to reduce tax. Here are the main requirements for the new systems:

suppliers must be able to prove that the system can integrate with external software that allows changing the online journal.

It shall not be possible to change the entries in retrospect or change preset text on goods and services at registration.

It shall not be possible to record sales without a receipt is printed.

It shall not be possible to drive out more than one copy of the receipt.

It shall not be possible to mark some groups so that they are included in the reports.

Of course, the big problem is how do you prove all these things? Simply showing that your cash register stops you doing them is not enough: there might be hidden functionality that allows it to be switched into fraudulent mode when people aren’t looking, perhaps using some weird keypress combination.

The article in E24 quotes the Norwegian association of tax auditors, which has an eminently sensible suggestion for solving this problem:

The source code must be opened

Without source code it is not possible to determine whether or “hidden” functionality exists or not. Just knowing that the tax authorities have access to the source code of the application, will reduce the effort to implement hidden functionality in the software

Although this is a very particular case, it raises crucially important issues that are likely to crop increasingly frequently. Essentially, any electronic device that has built-in digital capabilities is a fully-fledged computer these days. That means – potentially – code that allows forbidden behaviour might be shipped with it. The only sure way to catch this problem is to insist upon the source code being made available – and for inspectors to check that it really is the code being run in units in the wild.”

Advertisements
%d bloggers like this: