Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud

Qedward writes "The Norwegian Ministry of Finance seems to be taking a bit of stick at the moment. It wants all the existing cash registers in the country thrown out and replaced with new ones. Not surprisingly, this massive upgrade is not popular. But it is apparently being pushed through in an attempt to prevent cash registers' figures being massaged downwards in use so as to reduce tax. The Norwegian association of tax auditors said: 'The source code must be opened.' 'Without source code it is not possible to determine whether or "hidden" functionality exists or not. Just knowing that the tax authorities have access to the source code of the application, will reduce the effort to implement hidden functionality in the software.'"

Just releasing the source may not fix it

[phaunt]

Releasing the source doesn't guarantee that a specific cash register is also running that code. So will this be all that helpful?

Re:

[larry bagina]

and it doesn't guarantee that the compiler doesn't have a backdoor [bell-labs.com] of it's own.

Re:Just releasing the source may not fix it

[rsagris]

Would people quit using this as an example of doubt? Show a real, honest to God, in the wild example of a widely used backdoor inserting compiler, or just STFU about it because while it might be possible it isn't in anyway practical or plausible enough to mention. If it was so easy to write a general use backdooring compiler, then it'd be actually seen, not fantasized about. -rs

Re:

[lingon]

To be honest, I have seen one or two proof of concepts of this. It's not that difficult to do, either (especially if there's money and tax avoidance in it). They should probably look into this as well as open sourcing the code, as a complement.

Re:

[CrimsonAvenger]

(especially if there's money and tax avoidance in it).

They're not proposing this to combat "tax avoidance" (which is legal), but "tax evasion" (which is illegal).

Re:Just releasing the source may not fix it

[aurispector]

You don't need a crooked accountant. Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.

All these tactics are characteristic of being on the wrong side of the Laffer curve. To quote Princess Leia: "The more you tighten your grip, the more star systems slip through your fingers".

Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.

Spending reductions are the first and best measure - tax revenues go UP when rates go down.

Re:

[ShanghaiBill]

Just don't ring up cash sales and you're good to go,

Until a plainclothes tax agent comes into your establishment, pays cash, and doesn't receive a receipt.

But I doubt if you have to worry about that too much, at least in California. If you pay cash at almost any Chinese restaurant, you will not get a cash register receipt. So either the checks are too infrequent, or the penalties too lenient, to have much effect.

Re:

[tnk1]

Small business checks will be very infrequent, because they will not be a very efficient use of audit money. There's not enough tax money at stake with small businesses to go after them with actual agents, unless there is a desire to make examples of them. It is likely that some mom and pops do occasionally deal with that, but as long as they are not paying an absurdly low amount of tax, or their taxable revenues don't have an unexpected drop from previous years, chances are that no one is going to notice

Re:Just releasing the source may not fix it

[OeLeWaPpErKe]

If you think this is about efficient use of government money ... you've not been to these countries.

This is about punishing "employers", finding an excuse to nail a few of them to the nearest cross (and then afterwards complaining that everybody is raising prices and only big companies that bribe government survive). And, more general, punishing anyone perceived as a capitalist. People who trade for a living in public places are of course straight in front of the leftist's gun barrel.

It is not about money, beyond the level that is required for the state to survive (and given that the state has been living on >100% borrowed money for decades, ...)

Re:

[mrvan]

I think that in some cases it is even a policy to let the small shops get away with it, or at least I don't feel guilty if I get a discount for paying cash with a small shop owner.

They have enough trouble as it is while they generally provide a common good (diversity in the offering, shop owners generally take care of their neighbourhood, etc). The big boys strike all kinds of deals with the tax office and have recourse to various tax loopholes. This just makes it a slightly more level playing field...

Re:

[tnk1]

Well all of that is true... to an extent.

Yes, you will not catch everyone. Oh the other hand, you can probably increase your revenue significantly by ensuring that bigger organizations all comply with targeted audits on them. The small guys still get away with it, but as long as they don't stop paying taxes altogether, the government is probably all right.

Incidentally, this is why big government loves big business, or perhaps, needs big business. If you have a country full of small businesses, you have t

Re:

[BasilBrush]

The only tax rate that is so low people won't bother cheating is 0%. A bit like software piracy - we see that people will still hack and pirate apps even when the price is as low as 99c.

Spending reductions are the first and best measure - tax revenues go UP when rates go down.

Right after you mention the Laffer curve. Of course the Laffer curve doesn't say that. Only above a certain rate is that true. Below that rate tax revenues go down when rates go down.

What's that rate? Nobody knows, because the Laffer curve is only a concept. No one can draw a chart of it. Economics are far too complex to be

Re:

[swalve]

As you point out, the Laffer Curve has two sides. When tax rates are above 50%, lowering them raised revenue. When they are below 50%, lowering them reduces revenue.

Re:Just releasing the source may not fix it

[bogjobber]

Where to begin......

The Laffer curve, while an inarguable *concept*, doesn't actual help us in any way set tax policy because nobody knows where the tax rate that most efficiently produces revenue actually lies. Knowing that the graph is of a quadratic shape doesn't help at all if you don't know what the formula looks like.

You'll notice that the Laffer curve is always used to argue for lower tax rates, not higher, but the US individual tax rate is actually significantly *lower* than the most optimal tax rates predicted by most academic studies. Most of those studies put it in the 65-70% range, and I don't see many people that love to use the Laffer curve in arguments saying we should raise tax rates.

Secondly, this is talking about sales tax and VAT, *not* income tax. The Laffer curve has little to do with consumption taxes. Having a high taxation rate for different sorts of consumption taxes can actually have substantial benefits depending on what you're trying to do. Norway does have an extraordinarily high sales tax. AFAIK it is one of the highest in the world, which leads to lots of interesting behavior from their citizens as they try to avoid those taxes. It also leads to decreased consumption and more judicious use of resources.

Either way, Norway is usually at or near the top of the list for everything from education, health care, income equality, poverty, corruption and most everything else by just about any sort of metric that measures the effectiveness of government, so they're obviously doing something right.

Re:

[fa2k]

You don't need a crooked accountant. Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.

Cash sales are a rarity in Norway now, almost every purchase is by card

Re:

[Compaqt]

If that's the case, what's the tax dept. worried about?

Re:

[nbahi15]

Running an all cash business in Norway would be pretty disastrous. We receive and pay our bills via the bank electronically and in stores with chip-cards (BankAxept) for almost everything else. Visa and Mastercard are not universally accepted since the business would be charged a fee. I keep waiting for the day in which street performers put out little cellular bank card terminals since many people couldn't give them money even if they wanted to for the lack of cash.

Re:

[nbahi15]

In this vain I created an online petition for the White House to respond to. The US banking system could use some movement towards a modern replacement to checking. Petition to replace checking [slashdot.org]

Petition to Replace the US Checking System

[nbahi15]

In this vain I created an online petition for the White House to respond to. The US banking system could use some movement towards a modern replacement to checking.

Petition to Replace the US Checking System [usa.gov]

Re:

[DaveGod]

Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.

As an accountant, I can confirm that in the eyes of most clients, "too much" is whatever they are paying - no matter how much they are avoiding or evading, or what the tax rate is. The only time it is not "too much" is when they're getting a refund.

Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.

Tax authorities use ratio analysis heavily, it's extremely cheap and effective for them. If your gross profit margin deviates too far from their standard then it raises a flag and they come knocking.

They will apply their standard GP ratio to your purchases expens

Re:

[AmiMoJo]

Just don't ring up cash sales and you're good to go, then write off the missing merchandise as shrink.

Then the customer doesn't get a receipt and knows something is wrong. Most people in the UK wouldn't accept having no till receipt. You could ring it up and then fail to report revenue from that register, but then the taxman could compare the logs from the register to your reporting. That is why people try to fiddle the register itself.

Pro Tip - if you have to resort to draconian measure to collect taxes you're probably taxing people too much.

Interesting theory. If companies can generate billions of Euros of income via cash registers the tax rate would have to be pretty low before it wasn't worth them trying to ch

Re:

[russotto]

Would people quit using this as an example of doubt? Show a real, honest to God, in the wild example of a widely used backdoor inserting compiler, or just STFU about it because while it might be possible it isn't in anyway practical or plausible enough to mention.

Ken Thompson actually did that, it wasn't just a concept. So yes, it is both practical and plausible.

Re:

[tnk1]

Plausible, yes. Practical, no.

If you have the code, you can compile it. If the government has the code they can compile it, and obtain reference checksums of binaries. Adding backdoors will change the checksums because you can't add functionality to a binary without changing bits.

Since these are manufactured devices, you can make sure the vendor is releasing binaries that match the checksums you get with your compilations at the government offices. They will need to synchronize compiling methods, sure,

Re:

[gmueckl]

Well, you could force everyone trying to compile your software to use your compiler, e.g. if you bootstrapped a custom, self-hosted programming language just for the cash register software. Then everyone trying to verify the binaries would have to use your compiler binary for the process, which automatically introduces the backdoor in every version of the software ever compiled.

However, a compiler for a useful new programming language takes time and effort, so from an economic perspective this shouldn't mak

Releasing the source is bound to make things worse

[OeLeWaPpErKe]

Please note that it's an open question whether it's practical or not.

You could say the same about built-in kernel rootkits, they're very impractical to install on someone's machine. Yet we know about instances where machines were shipped with kernel rootkits installed.

Besides, why so complex ? Open sourcing these programs will lead to "tax optimizers". Write a program that reads in all the data files of the program, and outputs a "tax optimized" version with all the little details changed to better suit the

Re:Just releasing the source may not fix it

[Anonymous Coward]

Are there examples of cash registers which are running code which have illegal, hidden functionality?

Oh yes; here in Sweden there was registers that had hidden features that could be activated in order to reduce the reported sums/amount of transactions by the users choice. Typically used in restaurants/bars. Since a couple of years all registers have to certified and connected to a 'black box' supplied by our equivalent to the IRS.
There was also frequent manipulation of the meters in taxis.

Re:

[Compaqt]

Wait, so that also means that a company is prohibited from writing their own accounting system. Unless you're Big Corp.

Scary future.

Re:Just releasing the source may not fix it

[bloodhawk]

Not to mention you can just not register the cash in the machine or have separate machines that don't report centrally or any number of other ways. The machine being auditable only works if every other part of the sales process is auditable and controllable and really this isn't possible in anything but the largest organisations.

Re:

[gl4ss]

then you don't get a receipt.
anyhow, it's pretty easy for inspectors to go for a kebab and see if they get the receipt. or if there's multiple machines.
and not to be a racist or anything.. but around here in another nordic country these are the places which prefer cash. they all take cc's too though.

this just makes the inspections real simple to perform as there's no 20 different register providers. the point is that it's easy to check what has been put through the register and if it's running the code it s

Re:

[BasilBrush]

then you don't get a receipt.

With multiple cash registers then of course you get a receipt. If your sale is rung up on register A then you get a receipt and it's reported for the taxman. If your sale is rung up on register B then you get a receipt but it's never reported to the taxman.

And there's nothing wrong with having multiple registers. Plenty of shops do. Any shop that has several cashiers for example.

Re:

[omglolbah]

And when the taxman comes back 3 days later and asks the shop owner for the matching receipt from their register what happens then?

That -is- how they do it.
They buy something, save the receipt and come back later for an audit. If the sale cannot be found in the accounting records for the shop, it was never registered for tax and is illegal.

Re:

[BasilBrush]

And when the taxman comes back 3 days later and asks the shop owner for the matching receipt from their register what happens then?

They supply it. and then know that that particular days sales of register B will need to be included in their tax return.

Re:

[johanw]

gl4ss wrote: "then you don't get a receipt." Is getting a recepit common in shoarma/kebab restaurants in Norway? In The Netherlands I have gone to many, and almost none give receipts. They also have usually prices where you don't have to work with lots of change when you pay cash: most Dutch shops would charge 9,95, they just charge 10 Euro's. In one Chinese restaurant I frequently visit you couldn't pay by card until a few months ago. They would redirect you to the ATM just outside the restaurant.

Re:

[omglolbah]

You cannot really do business without a terminal here. Even the smallest and cheapest place has one.

And they're required to keep records of all transactions which is fairly easy to verify. Any terminal spits out a receipt and they are required to give the customer this receipt. Dropping by for a kebab and coming back a week later to audit the records is easy enough to do.

Re:

[ilguido]

Well, in that case a simple diff command could be enough to check if it's running the code it's supposed to run.

Re:

[lsatenstein]

What is more important is to have a sha256sum of the Cash Register program. The sum can be compared to a master copy held in the government premises. Not only that, the executed code could have some tamper resistant software to protect itself from tampering.

Do you want UEFI for cash registers?

Re:

[OeLeWaPpErKe]

Why fake the program when you could simply use the open source of that program to re-write the datafiles ?

Re:

[johanw]

Then they should ban all cash register software running on windows, since win32 binaries include things like compile time, and two different compiles of the same source will poduce binaries with different checksums.

Re:

[mrmeval]

Just stick a PC there tied directly in to the government servers. Let the government figure the bill and the tax. Simple. ;)

Re:Just releasing the source may not fix it

[OeLeWaPpErKe]

We're talking here about tax departments that cannot manage to keep spreadsheet software operational on their office systems, cannot keep their own tax databases accessible of backed up, and worse. Never mind the fact that hardly any business administration is ever really correct in the first place. Having them run a centralized online service for millions and millions of customers sounds like a spectacularly bad idea. Besides, what about businesses without internet connection ?

I was amazed, when I first saw this, but cash registers never contain the amount of money their record claims they should at the end of the day. My jaw dropped to the floor for 20 minutes when I was told the same goes for ATMs. It tends to be a shortage because people are much more likely to complain when shortchanged (mostly accidentally), so it's expected to be a negative correction, up to 5% of the amount sold. This presents an obvious way to cheat that the taxman cannot (reasonably) attack businesses for.

Re:

[TheLink]

I know people who worked as cashiers and when they start their shift they have to count the cash in a cash register to make sure it agrees with the records. If it's short the person you're taking over from loses that amount of money. If you don't bother counting and the amount of cash is short at the end of your shift then the difference comes out of your pay. So there is a fair bit of motivation to not make mistakes.

This procedure doesn't happen in all places of course. But if you're always losing money yo

Re:

[starblazer]

Whereas having more money just requires someone to forget to take the money within the time limit - the money then goes back into the machine (not sure if it goes back to the dispenser or a different compartment). Yes this is very rare but does actually happen. People don't take their money for all sorts of reasons.

Not all machines are the "presenter" type. I have a machine which has a spray dispenser. It just spits the bills out into a holder for the user to pick up. If for some reason the bills stick together and make it through all the anti-theft/multiple bill detector measures, I just had an ATM shortage. In a perfect world, the stuck bills should go into the reject bin and the machine tries again with a fresh bill from the cassette, thus preventing any loss.

However, any reliable ATM owner knows that they shou

Re:

[IrquiM]

Counting the money before you open is standard procedure when you're not the only person using the register. I do this every time I am tending bars. It is also not difficult to keep control of the change you give back. I have never had a negative difference in my register, and the positive is tips I leave in the register when we're short of any type of coins. By the way, we're one of those small businesses in Norway that would have to cash out for something we do not need.

Re:

[TheLink]

Yeah, that's why I find it strange the OP was saying that "cash registers never contain the amount of money their record claims they should at the end of the day."

To me that shows something is wrong somewhere.

Re:

[plover]

I'm surprised nobody here has mentioned the "fiscal printers" that keep a total of all figures printed in the right hand column. (IBM was selling them to Italian businesses decades ago.) There's a port on the printer that a tax collector can plug a device into and download the total transaction amount since the last reading. The device computes the sales tax due, and the collector demands it from the business. It doesn't matter how shady your POS software is, if the amount is printed on the receipt, the

Re:

[tnk1]

It could very well be helpful. The government could, in theory, generate checksums of binaries/firmware resulting from that code that are used in the registers and compare them with what they discover in audited machines. There might be some initial bumps in the road, depending on how they are generated/compiled, but you can be sure that the government will synchronize with the register vendor to make sure they know what they are looking for.

Of course, the government isn't going to catch everyone, but rea

How exactly are the 'massaging' the numbers?

[Derekloffin]

I code a Point of Sale, and while I could easily under report, even the most elementary audit would make it blatantly obvious that this was occurring, at least all the ways I would think to do it. I'm also curious how they plan to make 1 cash register program that covers the needs let alone desires of every business out there.

Re:

[Anonymous Coward]

How to make one program suit all businesses ? Simple! That solution is in the mind of the politicians, they drag the facts and numbers out of their ass, then in reality, it will take 10 times as long as they plan for, and in the end it will all be scrapped after wasting millions of dollars on consulting services.

Re:How exactly are the 'massaging' the numbers?

[vlad30]

10-15 years ago I also wrote some POS software and it opened my eyes to the way many cash businesses operate. I was asked specifically to add by many of the businesses to add a "reduction feature" which I politely refused to do I would say 80% of potential sales were lost for this one reason. On competitor software they often demonstrated this feature would delete a percentage of completed cash transaction before the End of Month commit and rollover so auditing the data would show nothing this was so pervasive the owners of a franchise with at the time 350 + franchisees also requested it

On the other hand business who bought and used my software found much of their income was being fudged by employees usually through cancelled transactions. When a customer pulls out cash and says no receipt necessary the transaction is cancelled an the cash pocketed.

Re:

[Derekloffin]

I suppose that makes some sense, but must say the auditors are pretty easily deceived if that gets by them, at least in any place with a hard inventory. In a service industry when stock is non-existent of perishable that could work, although making a uber register doesn't help at all there as you can still easily just not input the sale into the register.

Re:

[nosferatu1001]

Not easily deceived, you just cannot prove it without being there when it happens. Shrinkage can easily be huge in a perishable business

Posting as an IT auditor of ex big 4 and UK 10 who saw my colleagues pain.

Re:

[thegarbz]

I have interesting experiences with a new cash register on both these points. The franchise I work for was essentially ordered to install a certain franchise approved cash register to combat exactly this kind of fraud (not at our store specifically, but the fraud was rampant business wide). With many hundred stores in the country it would have cost an absolute fortune to replace all the registers.

One of the handy features of the new registers is the ability for it to automatically do analytics on sales perf

Re:

[Compaqt]

>And naturally with all such modern things it has a web interface so we can quickly log in from anywhere

Yeah, you, and any old hacker, too.

Re:

[thegarbz]

Oh dear god someone can see the cash register numbers through a website. I'm sure someone somewhere is quaking in their boots.

Re:

[Compaqt]

What was the normal percentage of desired reduction?

Re:

[Derekloffin]

Certain core features, yes, definitely, but that would be far from sufficient for most businesses I know. As well, most businesses I know have a hard time keeping a competent IT guy on staff, let alone a team of programmers that many would need to implement the features they desire and maintain them. And since most Point of Sale software enhancements have no need to release to the general public, even if open source, you'll end up with 100s of forks (which won't work if it is supposed to be 1 master syste

Re:

[semi-extrinsic]

The most sensible way would be to require giving auditors access to source code upon request, no questions asked. Along with a few random controls, I could see that working as a deterrent.

Cracking down on cash...

[Duncan J Murray]

These are the requirements from the article:

Suppliers must be able to prove that the system can integrate with external software that allows changing the online journal.
It shall not be possible to change the entries in retrospect or change preset text on goods and services at registration.
It shall not be possible to record sales without a receipt is printed.
It shall not be possible to drive out more than one copy of the receipt.
It shall not be possible to mark some groups so that they are included in the reports.

I can't remember who told me when I was much younger how to spot the people running cash businesses and not declaring all their tax - they wouldn't be able to get the mortgage for an expensive house, but the inside would be overly luxuriously appointed, and they'd often have a flash car bought outright.

Re:Cracking down on cash...

[Belial6]

Not being possible to drive out more than one copy of the receipt would be a disaster. Receipt printers are notoriously temperamental. If I want a receipt the store needs to be able to print it. Maybe require that the copy number be printed on the reciept, sure. But not to print a copy at all is just unworkable.

Re:

[Derekloffin]

Indeed. Not to mention customers coming back to your store and wanting to see a receipt for a sale that was on their account. Also, I'm puzzled by the notion of requiring a print out. What good is that going to do? If they want no printed version, a print out is pretty easy to destroy (you can also easily make a computer think it's printing a physical copy when it is only printing a virtual copy, or even to the big bit bucket in the sky). Then there is the whole issue if you lose power, most businesses

Re:

[Anonymous Coward]

Some Euro countries already use registers like this. The ones we sell and manage are basically small Linux boards bolted to various printers with memory card for sales journal files(signed to detect tampering), Eprom for company/store identification and daily sales/tax reports and various communication and peripheral ports.
The register prints one original receipt - marked with small graphical logo. You can print as many copies as you want but they will be marked as such and lack the logo. For tax purposes y

Re:

[Anonymous Coward]

Project disaster warning sign: accountants are making engineering decisions.

Re:

[flyingfsck]

Meh, the really successful ones will pay for the house in cash. Why have a mortgage when a briefcase full of cash is so much easier?

Re:

[IrquiM]

Good luck trying to do this in Norway.

Opening source to the government != open source.

[vovick]

Misleading title is misleading.

Like the Nevada rules for slot machines

[Animats]

Nevada has rules like that for slot machines. [nv.gov] Only tougher. Stuff like:

Provide a mechanism for keeping a record, in a form approved by the chairman, anytime a control program component is added, removed, or altered on any alterable media. The record must contain a minimum of the last 10 modifications to the media and each record must contain the date and time of the action, identification of the component affected, the reason for the modification and any pertinent authentication information.

Provide, as a minimum, a two-stage mechanism for verifying all program components on demand via a communication port and protocol approved by the chairman. The mechanism must employ a hashing algorithm which produces a messages digest output of a least 128 bits and must be designed to accept a user selected authentication key or seed to be used as part of the mechanism (i.e. HMAC SHA-1). The first stage of this mechanism must allow for verification of all control components. The second stage must allow for the verification of all program components, including graphics and data components in a maximum of 20 minutes. The mechanism for extracting the verification information must be stored on a Conventional ROM Device. [Effective 11/1/2012] All gaming devices must also provide the same two-stage mechanism for verifying all program components on demand via a gaming device user interface where the results are displayed on the gaming device.

That's just one item. There are lots of other logging and audit trail requirements. The Nevada Gaming Commission checks these regularly.

Re:

[storkus]

I was a slot mechanic in the mid-late 90's in Nevada. Much of what was written in the parent message is new to me, but matches what we were doing back then with older tech. One thing to remember about selling a gaming machine in Nevada: the saying is, "If you can pass inspection in Nevada, you can pass anywhere." Nevada's Gaming requirements are simply the toughest in the world, and are why many machine manufacturers you might see at Indian casinos are not found in Nevada, and conversely why those that d

Allready done in Sweden

[Kottie]

Since a few years back all bussines are demanded to have a "black box" connected to the register that tracks all events. Tax authorities can come in any time and download the content to check for any irregularities. It logs everything including how many times and how often the drawer is opened.

Re:

[nogginthenog]

My software has to speak to these things. The hardware is slow (serial) & shit.

The government doesn't even know what information we should be sending to these boxes and their guidelines are constantly changing. We've wasted 100s of man hours. Our customers are pissed off because transaction speed has dropped and they can't even print more than 1 copy of an invoice.

And at the end of the day they solve nothing.

Re:

[MeNeXT]

As all business owners will attest there is no technology which exists today that will prevent skimming. If you trust technology without constant supervision then you are on the road to bankruptcy. This only affects the honest business which now will pay an additional penalty when an employee goofs. This will not in any way slow down the thieves.

I will ask one question and I am sure that all the bright minds here can add a few thousand. What stops a business from creating multiple items at identical price

Re:

[pipatron]

Maybe Sweden isn't populated by clones.

Re:

[Anonymous Coward]

I thought those smart people in Europe enjoyed paying their fair share of taxes.

People, yes. Corporations, no.

doesn't do a damn thing about "bin 6"

[swschrad]

being, of course, the pocket of the clerk at the register.

Similar in Portugal

[danielmatos]

In Portugal, for the last couple of years it is already required for every business to have a "certified" software that enforce some similar rules. Even though the software doesn't need to be open source, every invoice or receipt must include part of an hash key that is automatically generated based on key data (VAT Nr, amount, date, value), an asymmetric key given to each software manufacturer *and* the hash from the previous document. This makes it impossible to change any document after it has been printed out without invalidating every document printed after it. There was a requirement that every software had to be able to export accounting details in a standard format (SAF-T), if requested from the tax authority. Since 1-Jan-2013 every business is now forced to send monthly detailed invoce data to the tax authority.

Re:

[flyingfsck]

I heard that Petty Cash boxes are selling amazingly well in Portugal...

Great idea

[Anonymous Coward]

Let us apply it at goverment level first.

Damn commies

[PopeRatzo]

Norway Tax Auditors Want To Open Source Cash Registers To Combat Fraud

What they call "fraud", we call "free-market capitalism" here in the States.

Thank God I live in a country where the inalienable right of a corporation to defraud you is enshrined in the Constitution.

Not not granddaddy's open source software

[__aaltlg1547]

Clearly, they can't be talking about open software the way we know it. If YOU had access to your cash register's software, you could hack it to underreport your transactions so as to evade tax. They only mean open to the government and it seems like there's no way to really accomplish their goal. What's to stop you from unloading the government-monitored software and making a version of it that they can't see and looks the same from their end but does something entirely different from your end?

Check The Software

[andersh]

Audits. Norway already has a department that checks measuring devices such as weights, [gas] pumps etc. Maybe they check cash registers as well. There are classes of devices that have to be certified periodically (a number of years) by law.

I believe they check the software at the gas pumps, because obviously the numbers have to match with the output they claim was sold and delivered to the customer. I believe it would be a small matter to run checksums on cash register software.

In fact I believe they might

No Sale

[flyingfsck]

No matter what they do, nothing prevents the clerk from hitting the No Sale button, or simply not hitting any button at all.

Re:

[PPH]

The register transaction time stamp synced to the surveillance camera above the cash register makes that a risky move.

: ) Commenting Out Functions

[infinitelink]

I think it would be awesome for code to be published which has the functions (that Norway's government hates) commented out, with stern warnings "don't compile with this code removed from comments, or these functions could become present."

Re:

[dkleinsc]

How would you advertise : "Our registers have "hidden" functionality to help you skip on your taxes."

My guess is that this would be the sort of verbal promise made by the salespeople of a dodgy cash register company. And it would be attractive to the kinds of businesses that are also pretty dodgy, e.g. bottom-feeder bars or strip joints.

Re:Of course, It begs the question...

[whoever57]

I had a friend who installed POS systems in small businesses for a living. At restaurants, the most important feature of any POS system was the ability to make a table disappear out of the records.

Re:Of course, It begs the question...

[Interfacer]

Far from dodgy companies. This is a common feature in many (all?) cash registers used in small business, especially restaurants.
I know people who work in restaurants, and they told me that this is a public secret.

The way it works is that at the end of the day, you can make the register change the numbers by an amount or a percent. Ther register will then do the math to change the number of coffees served and muffins sold and things like that. It does this so that the numbers still make sense and correlate with expected ratios.
At that point, the business day is closed, the register is printed, and you get some money out of the till under the table. If the inspectors should come in during the day, you can just print whatever the current status is, which will then be immutable at the end of the business day to avoid discrepancies.

This functionality is not advertized in writing, but all sales persons know about it and know how they can explain this to the owners. All major registers have features like this, and I can understand why the inspectors would require open source. Because skimming money becomes an order of magnitude more difficult if you don't have a register to help you create a phony audit trail.

Re:Of course, It begs the question...

[Anonymous Coward]

I was an auditor for a state in the USA (posting anon). This is widely known among auditors. The hard part is proving that the place did that.

The state has in the past (at least talk at the legislative level) talked about outlawing software with this feature, but the business burrow makes excuses, like for instance I think I heard these type of "features" are required for discounts, coupon type things, if someone isn't satisfied and get's a free meal, etc.

I think it's a bunch of BS since the software does these things quietly without making an audit trail, but nothing ever happened past the initial talks that I'm aware of.

And even if it did, you could say oh it was a 15% off day or some crap, so you could still hide it unless you could prove it wasn't.

I worked in banking previously, and it was widely known that business's hide money. See small business's want it both ways. They bring their tax info to the Bank for loan or w/e then the bank denies or less then they wanted or unfavorable terms, and some people actually say well I actually make more then this. Our loan officer used to joke about it during training. You can't have it both ways.

There are many things working in Auditing I've learned about. Some is very creative and some is just very simple.

Re:

[Anonymous Coward]

I always enjoyed the South Korean solution to the problem. They created a system wherein if you pay cash, you can ask for a special 'cash receipt'. Generating the cash receipt generates an automatic reporting to the government of the expense, associated with your account.

The kicker is, people who report their cash expenditures get 1% of their purchase back in taxes at the end of the year.

Re:

[Cassini2]

Mod Parent Up! After reading all the other comments, this is the only one that strikes me as a solution that might work.

Re:Of course, It begs the question...

[daem0n1x]

Here in Portugal, the government has mandated all cash-registers to run certified programs that regularly upload transaction data to our Tax Authority.

Tax evasion has always been blatantly huge in restaurants, bars and cafés. It's no wonder the restaurant associations are up in arms with this. They've declared war on card payments too, which is something that pisses me off. They claim the bank rates are too high, but guess what the real reason is?

Just like the constructions business, they've had practically a licence to print money during the latest decades. Now with the economic crisis, they're going down the toilet. I'm not shedding a tear for them. I just pity their poor employees that will be out of work and are certainly not finding another anytime soon. They had shit-paid, stressful, long-hour jobs, but it's better than no job.

Re:

[ericloewe]

Tax evasion has always been blatantly huge in restaurants, bars and cafés. It's no wonder the restaurant associations are up in arms with this. They've declared war on card payments too, which is something that pisses me off. They claim the bank rates are too high, but guess what the real reason is?

I'm curious as to how much pressure the government is actually willing to apply. A crackdown on under-the-table transactions is a lot more feasible when you can just look at the register and fine the owner for having unapproved software, since you don't have to prove tax evasion proper. They could definitely do a crackdown on suspected tax evaders more or less like the health authorities did their crackdown on the unsanitary chinese restaurants a few years back and scare most small businesses into complianc

Re:

[tnk1]

You could also consider it a means of the customer being able to correct their records manually, if needed. Obviously, the users of the registers are the customers, and the customers will get features that they want added. Unless there is a law against specifically that ability, chances are good the vendor will give you what you want or you will be able to request some sort of ability that makes it possible to use the feature as a backdoor to get the same result. It is up to the collector of the tax to p

Re:

[arth1]

Or have functionality that's "customer customizable".

One easy way is registers that allow multiple currencies, which is common enough in Europe. Have the customer pay in "Kr" and get his receipt in "Kr" (the common symbol in Norway for Norwegian kroner, crowns), and then have the sales registered as NOK with an exchange rate of 1.5:1. Suddenly you only have to pay tax on 2/3 of your income.

Another easy way would be to split the credit between two accounts (which unlike double ledgers isn't illegal - but r

Re:

[tnk1]

Open source is really only going to help the bigger problem if there is legislation that prevents the code from having certain types of functionality.

In the narrow case, the Open Source could be highly successful in proving that the code that the vendor provides is the same code that is in the hands of the government. People have talked about backdoor compilers, but that doesn't defeat this because the government will insist on binaries that compiled with clean compilers.

The real question is whether they c

Re:

[Dr_Barnowl]

Indeed - they could mandate that the cash registers are also TiVoized to prevent them running anything but the approved build, but then it isn't Free software.

Re:

[hawkinspeter]

Tivoization is clearly going against the intention of GPL. They should have used BSD licensed code to do what they wanted as people who write GPL code don't intend their code to be locked down by anyone.

Re:They seem to have missed the point

[pipatron]

There's nothing in the article about FOSS. There's not even anything about "open source", just that the tax agency should have access to the source code.

Re:

[IrquiM]

True. There are however other articles in Norwegian confirming that this is OSS software.

Re:

[nosferatu1001]

Sha256

Re:

[Anonymous Coward]

American posing as a Norwegian.

Re:

[pipatron]

Whine whine whine I have to pay taxes to the evil gubmint so I have to whine in this article even when I don't have anything to add!

If you're not happy with the way your peers vote, then your options are to influence them in the right direction or move to a place with better peers. Whining just makes you seem like a sucker.