GnuCash and Swedish accounting legislation

[Mike or Penny Novack]

On 1/18/2016 3:46 PM, Liz wrote:
> On Mon, 18 Jan 2016 21:26:48 +0100
> Draug <draug at kolabnow.com> wrote:
>
>> I've replied with some more questions regarding where they draw the
>> line, as I pointed out pretty much everything can be edited or redone
>> if you want to. But it still seems I'm out of luck using GnuCash for
>> my company. Is there anything I can do in GnuCash to satisfy the
>> demands of the Swedish accounting legislation? Otherwise I might have
>> to redo all my accounting in some other program..
>
>
> Every week, or other period, burn a copy of your data file(s) to a CD-R.
> Call the latest one your enduring copy.
>
> Disclaimer: I live in Australia, and if someone makes a stupid law, we
> work around it, because that is our culture. This contributes to the
> most complex tax system devised as the ATO chases intelligent people
> working out ways not to pay their share.
>
> Liz
Do you understand what Liz is saying. Do you understand the your Swedish 
legislators apparently do not know (or are being deceived about) what is 
possible and what is not. I am saying that IF a (competent) Swedish 
software engineer has physical access to the program and data (physical 
access to the machine, the software to be run on it, the data being 
stored on it) then he or she COULD alter the data, and that it would be 
quite difficult to detect that had been done*.

In other words, there AREN'T any secure accounting packages (in the 
sense of a LITERAL reading of the Swedish law). Of course what is 
possible that some companies have convinced authorities that "ours is 
secure" so there is an authorized list of "compliant computerized 
accounting software". OR (and this is perhaps more likely) the law is 
not intended to be understood literally. Perhaps it is being interpreted 
to mean "secure against alteration by an ordinary user who lacks 
advanced software skills".

In THAT case, gnucash would be insecure, because any end user could 
alter the data.

But do understand why the gnucash developers aren't putting in the sorts 
of password protections, checks against alteration, etc. "to make it 
impossible to alter the data" because TO THEM that is not possible (in 
the literal sense). After all, if they wrote the software with those 
protections it would be pretty obvious how THEY could get around them.

Michael D Novack

* You are almost certainly familiar with "system data" associated with 
the files on your computer, yes? Things like "date last changed". Well a 
PROGRAM within the computer put that there, not magic. I've never messed 
around with this in the small computer operating world so would have to 
research how. But in the IBM mainframe operating systems I used to write 
under back in my working days, I did know how I could change a file and 
have it "labeled" to appear that YOU changed it YESTERDAY. Or I could 
take a file last changed by D on 20151231, alter it tonight, but have it 
labeled back to "by D on 20151231" << in other words, like it hadn't 
been changed >>

A very great deal of practical computer security is based on "ignorance" 
<< by which I mean lack of knowledge that would be FAR beyond what is 
required to do their jobs >>