Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Security Your Rights Online

Disaster Strikes Norwegian Government Web Portal 176

An anonymous reader writes "Altinn.no is a web service run by the Norwegian government, on which citizens can find, fill out and deliver forms electronically. Every year Norwegian citizens can also log in to check their tax results. This year, as every year, the site was unable to cope with the traffic generated from everyone wanting to check their taxes at the same time. New this year, however, was that once people were finally able to log in, a significant amount of people were logged in as someone else. Users then had access to all financial data of this unfortunate person over two years back in time, in addition to the financial information of his wife and the company he worked for. Altinn shut down some 15 minutes later, and has been down since."
This discussion has been archived. No new comments can be posted.

Disaster Strikes Norwegian Government Web Portal

Comments Filter:
  • by mjensen ( 118105 ) on Thursday March 22, 2012 @02:04AM (#39437991) Journal

    by the government sending them a letter saying how much is owed.

    The government does all the calculations.

    • by ThatsMyNick ( 2004126 ) on Thursday March 22, 2012 @02:47AM (#39438145)

      Which is good, right? For 90% of citizens, govt calculation is good enough. The only reason it is not being implemented in the US is because of the lobbying of Tax processing services.

      • by txoof ( 553270 ) on Thursday March 22, 2012 @04:59AM (#39438557) Homepage

        The Norwegian government had to recalculate my taxes and my wife's taxes no less than three times. They have the power to deposit money and withdraw it from my bank account. I tried to work out their calculations, but not being a native Norwegian speaker, I struggled to understand how they were doing things. I just have to trust that things are correct.

        The Norwegian government always seems to do what they say they will, they just do it in their own time and usually with six or eight tries to do it right...

        • They have the power to deposit money and withdraw it from my bank account.

          Is that a statutory power, or did you voluntarily give it? What if they calculate that you owe more than what is in your account?

        • by orzetto ( 545509 )

          They have the power to deposit money and withdraw it from my bank account.

          Well, anyone has the power to deposit money in your account, and I guess most people don't have a problem with that. On the other hand, the Norwegian government does not have the power to take money from your account. They give you a bill like any other business.

          I tried to work out their calculations, but not being a native Norwegian speaker, I struggled to understand how they were doing things.

          Funny, I am no native Norwegian speaker

      • by KjetilK ( 186133 ) <kjetil&kjernsmo,net> on Thursday March 22, 2012 @05:00AM (#39438559) Homepage Journal
        It is certainly very convenient, when it works. It feels kinda strange to trust every financial detail of my life to the government, so whether it is good in a real sense is a question I'm very open to debate. It does allow some very useful applications to be developed, with a very nice potential for streamlining interaction between government, citizens and private sector. This is actually very high on the government's agenda, which I'm happy about, because the bureaucracy is sometimes both heavy and heavy handed. If it is done well, it could potentially enable citizens to simulate possible choices in their lives before they make a decision: "If I do $that, the taxes will be $this". It would also enable an improved public debate: now it is a lot of bickering of the style "if you raise $that_tax, it will adversly effect $that_group" "no, it won't, but not doing it is required by $that_group". They're just making things up, of course, the debate is usually completely devoid of facts. Soon, it might be possible to simulate those scenarios on a regular basis, so we get real facts on the table before making a decision. Unfortunately, there's a long way from good ideas to actual implementations. I've been in meetings with the people who actually order these systems, and what can I say... Heads gotta roll to go anywhere... They're easily blinded by suits, and they have no idea what makes a robust system. So, for now, I'm not too confident it will happen, even though there are some very interesting ideas around.
    • by neyla ( 2455118 ) on Thursday March 22, 2012 @03:29AM (#39438261)

      That's not entirely true. What happens is this:

      The government sends you a form for filing taxes, the form is pre-filled with those values that have already been reported by other entities, but next to every one of these values there is a field for correcting the value if it is somehow wrong. (this happens if, for example, you've got private debts, or if your employer makes a mistake in reporting)

      You thus get a pre-filled form, but you should nevertheless check that the values on the form look correct before filing it.

      And yes, the form also contains calculations on taxes, thus it says: "assuming we got it correct, here's what your tax will be", but that part, offcourse, will change if you add or change anything on the form.

      • by OKK77 ( 683209 ) on Thursday March 22, 2012 @04:39AM (#39438497)

        It is done similarly in über-effective, ultra-efficient Singapore:

        1) Let's say I'm employed by company C. Company C will send to taxman my identity card number and the amount they have paid me for the tax year.
        2) Taxman will do the calculation of tax. Taxman will also consider the recurring tax claims/rebates I am likely to have (spouse/parents-related rebates, for example).
        4) Taxman sends me a reminder to confirm their calculations on their website.
        5) I will adjust the calculations if needed and submit the final figure.
        6) Taxman sends me the final amount of tax I need to pay with payment options including a 12-month instalment plan deducted from my bank account.
        7) If I'm audited, I will have to provide documents for the claims/rebates.

        Total time spent: about 1 hour (including claims for private insurance, education expenses, donations)
        Total $$$ spent: ZERO, ZILCH, NADA!

        • by Ihmhi ( 1206036 )

          I am surprisingly ignorant of the tax codes of the world. I thought things like the UK's VAT were way, way more common than filling out tax forms (albeit in a much easier manner than is the nightmare of the United States). Why don't more places use some sort of flat tax?

          • Because most places know that a flat tax is horribly regressive. Anyway, it isn't the stepped rates that make the tax code complicated, it is all the loopholes, exceptions and deductions.

            • by Ihmhi ( 1206036 )

              But couldn't that regression be fixed by a simple "If you make less than X, you don't pay" kind of thing?

              I still think it'd be massively easier to have it all collected automatically.

              • by Rakishi ( 759894 )

                The transition has to be smooth. Otherwise people are stuck in poverty. If they get a better job they suddenly make less "actual income" despite being paid more. It's already an issue with various government programs in the US where if you decide to, gasp, save money so you don't live paycheck to paycheck you lose your benefits.

                • by Ihmhi ( 1206036 )

                  I was on food stamps for a time (and might end up back on them...). If you had more than $2,000 in the bank you were ineligible (NJ). =|

            • by Solandri ( 704621 ) on Thursday March 22, 2012 @12:59PM (#39442975)

              Because most places know that a flat tax is horribly regressive.

              Unfortunately, the terms "progressive" and "regressive" when applied to taxes have been hijacked from their mathematical roots for political purposes. A flat tax is by definition not regressive, it's flat. A regressive tax is one whose effective tax rate decreases with increasing income. A progressive tax is one whose tax rate increases with increasing income.

              A flat tax does neither. It is flat. It is the same effective tax rate regardless of income.

              Where people get the idea that it is regressive is by pointing out that a certain fixed minimum amount of money needs to be spent on essentials (food, clothing, shelter). Poor people have to spend a greater percentage of their income on these essentials. Which means they have a smaller percentage of their income available for discretionary (optional) purchases. A flat tax takes the same percentage bite out of income, which turns into a larger proportional bite out of the discretionary income of poor people. e.g. Say $10k is the minimum needed for essentials, and the flat tax is 10%. A poor person making $15k has $5k discretionary income but pays $2k in taxes. That's 40% of his discretionary income. A rich person making $100k has $90k discretionary income but pays $10k in taxes. That's 11% of his discretionary income.

              However, this has nothing to do with a flat tax. It is easily corrected by excluding from taxation the minimum amount which needs to be spent on essentials. Something like the standard deduction which the U.S. uses. Once you do that, the flat tax is then a tax only on discretionary spending, and is the same rate regardless of income. It is not regressive. e.g. After a $10k standard deduction, the poor person pays 10% tax on $5k. The rich person pays 10% tax on $90k. Both are paying 10% on their discretionary income. It is flat.

              (I actually prefer a progressive tax, but hate it when people call a flat tax regressive. It's not if you implement the simple work-around of a standard deduction.)

          • I am surprisingly ignorant of the tax codes of the world. I thought things like the UK's VAT were way, way more common than filling out tax forms (albeit in a much easier manner than is the nightmare of the United States). Why don't more places use some sort of flat tax?

            You make it sound like VAT is the only tax we have to pay in the UK. This isn't true - we pay tax on income, capital gains, etc and there are all sorts of tax credits you can get based on your personal circumstances (the tax and benefits system sometimes seems so complex to me that I wonder if career benefits scroungers have to go to university to do a degree in scrounging!).

            Anyway, for most people, there is no requirement to fill in a tax return - your bank automatically deducts tax from any interest they

          • by zevans ( 101778 )

            I thought things like the UK's VAT were way, way more common than filling out tax forms (albeit in a much easier manner than is the nightmare of the United States).

            Ah no, we've cunningly combined the worst of all systems.

            - We have VAT (regressive, and CHARGED ON ESSENTIALS for far too much of the time.) Yesterday's annual announcement "rationalises" this by charging it on even MORE food items.
            - We have Income Tax which is then largely credited back to low earners in an incredibly complicated and time-consuming way, rather than just taking them out of the system initially.
            - We have National Insurance which is a regressive flat tax in everything but name. If you overpay

            • by zevans ( 101778 )

              Wait, I forgot the part where you personally are taxed on what your landlord's property was worth in 1993.

              • by Dusty101 ( 765661 ) on Thursday March 22, 2012 @02:09PM (#39443721)

                Although I can't comment on Norway from personal experience, I've had to complete tax forms in Finland, the UK and the USA.

                The Finnish ones were genuinely trivial: check option A or option B, sign it, date it and send it back: done. The tax office there knew exactly what was going on, the money was transferred electronically and the only other piece of correspondence I received was a confirmation slip.

                The British one was oh, a couple of sheets of A4 or so. Annoying, but manageable. The tax office there had actually issued it despite my not actually needing to file a manual return at all, so I had to fill it in with mostly zeroes and send it back. They initially seemed confused, and then just went quiet after a couple of clarifying conversations with people at the local office.

                The USA one was about 6 or 7 forms (I never did work out how many in the end), all with accompanying small-print documentation which in turn contained references to additional supporting documentation that contained "calculation tables" to supposedly help me understand the supporting documentation, so that I could then go back and fill in the tax form itself, and all its add-on appendices. I was told that I had the option of supplying a shoe-box full of receipts that I should have been religiously collecting for the previous year, or I could just take some standard number. I was also told that if I filled the forms in by following the incorrect advice of an official of the tax office, I was still liable for any additional fines arising. I have a Ph.D. in astrophysics, so I'm not unfamiliar with mathematics and logic, and even I just went ahead and hired an accountant.

                The USA's taxation scheme is far and away the most complex bureaucratic structure I have ever encountered. The 19th Century British Empire's mightiest bureaucrats would have wept in joy at its sheer scale and complexity. Kafkaesque doesn't begin to describe it.

        • by zevans ( 101778 )

          The UK government forces employers to do the calculations for all employees and for VAT. You'd think this would be ultra-efficient for the Revenue services as there's therefore nothing left to do but spot cock-ups and conspiracies, and yet it is still THE worst organisation in public or private life in the UK.

      • by cbope ( 130292 ) on Thursday March 22, 2012 @06:44AM (#39438909)

        Basically the same here in Finland. You get a pre-filled tax form in the mail. "Doing my taxes" every year takes no more than 5-10 minutes; checking the values are correct on the form, logging into the tax authority website, making corrections if needed (never needed to), adding deductions as needed, and then submitting it electronically. I even know when I will get my refund way ahead of time. The refund goes straight into my bank account automatically, I don't need to do anything. It's all very easy and simple to understand, even for a layperson without a finance degree.

        I don't need a paper record, it's all on file electronically. I only need receipts if I have significant, large deductions.

        It is FAR better than the system in the US, where a complete racket has been built up in the form of "tax services", and making the tax laws so complicated and full of loopholes that the average EDUCATED person cannot figure it out in 10 minutes or less. There is a serious problem when you need professional tax services or an accountant to do your personal taxes. I say this as an American living abroad for the past 12 years, so I have much experience with both systems.

        Back to the OP, wow... it looks like the tax authority really screwed this up. However, that doesn't change my view that it's still the best way to handle taxes. Mistakes can and do happen in any system. Luckily the issue was discovered rather quickly and they made the correct decision and took the system offline.

      • by Sir_Sri ( 199544 )

        That would seem to pose the same basic problem that taxes in the US/Canada have (where we file our own). Self employment income, some small business income, and income from things like garage sales would still need to be reported, and would basically junk all of the calculations they already did.

        So right now I'm in canada, and a grad student. We file our own taxes, but the government gets copies of all of our income statements from actual companies. So what do I have:
        Employment: Income as a Teaching assi

    • The government does all the calculations.

      Same thing happens here. Your tax return is something you deal with while waiting for your tea to brew.

      (I've also had to fill out a 1040. I was absolutely stunned at how complex such a (theoretically) simple thing can be made (the guide to filling your return, if formatted in standard octavo size, would literally be an entire book). I'd hate to imagine how much it costs the US economy each year for the entire country to fight their way through one of these monstrosities).

      • (I've also had to fill out a 1040. I was absolutely stunned at how complex such a (theoretically) simple thing can be made (the guide to filling your return, if formatted in standard octavo size, would literally be an entire book). I'd hate to imagine how much it costs the US economy each year for the entire country to fight their way through one of these monstrosities).

        Most of the country doesn't need to bother with the 1040. The much simpler 1040A covers most situations nicely. And can be done in ten mi

  • by macraig ( 621737 ) <mark.a.craigNO@SPAMgmail.com> on Thursday March 22, 2012 @02:12AM (#39438031)

    Really they need a staggered ticket system to distribute the load over time. Issue each citizen a ticket that indicates a period when they can log in to check data, both a soonest and latest date (stragglers not tolerated). This is no different than physical scenarios where people are grouped by first letter of last name, etc. in a crowded office and then each group served sequentially to lighten the load.

    • Reminds me of registration time at a California State University campus.
    • They don't even need to do it that advanced. Just keep the existing system, and tell people "County $x can log in today to see their tax returns, county $y can log in tomorrow, etc." Even if they didn't actually have a system blocking a person in county $y from logging in today, it would fix most of the traffic problem. People mainly do as they are told.
  • Wanna guess how the norwegian government decided how traffic shoul be scaled? Come on, guess They made a limit of 300 000 logins, before making the main web page redirect to a page saying "sorry the lines are full pleas pick a number" - it, apparantly , seemed more logical than scaling the hardware :P
    • They have a population of less than 5 million, so limiting to 300000 concurrent logins (6% of the total population) doesn't sound too crazy. Worst case, everyone wakes up on tax morning and goes to check online, and not everybody gets in until the end of the day.

      They probably had a fixed budget, with limited hardware, and/or didn't have the time to make it scalable.

      • Nevermind, it sounds like they've spent $200 million on this system since its inception and the site goes down due to traffic every year... that's some extreme incompetence at work.

    • by zevans ( 101778 )

      Since this is taxpayer money, it does indeed make sense to spread the load over time, which is free, rather than spread it across capacity, which is not.

  • I foresee a large lawsuit settlement in his future
  • Some key points (Score:5, Informative)

    by Anonymous Coward on Thursday March 22, 2012 @02:38AM (#39438121)

    * The government has spent on the order of $200 millions on this system
    * Accenture is the main developer
    * Every year the systems go down because it doesn't scale
    * This year a queueing system was put in place to "fix" scalability
    * From an outsider's view at least, it would seem like some cowboy decided to put up a Varnish-type frontend cache as a desperate measure to handle traffic with no thought given to sessions
    * An independent report basically slaughtered most of the systems with criticism of flaws last year, which was kept secret until a week ago
    * Also yesterday someone found several flaws which allowed any website to grab a json(?) script and steal userinfo if the browser had a valid session

    • by Anonymous Coward
      And why did the Norwegian Government accept the system, if it was this buggy?
      • by Skapare ( 16644 )

        Hopefully, they have not done so, yet.

      • Re:Some key points (Score:5, Interesting)

        by rmstar ( 114746 ) on Thursday March 22, 2012 @04:29AM (#39438465)

        And why did the Norwegian Government accept the system, if it was this buggy?

        That's anyones guess, but if it goes like everywhere else, the guys that were contracted for this work wore the nicest suits and made their clients feel visionary. The guys that knew their IT kept behaving improperly and had suits that didn't really fit them well. Also, they talked all the time of risks and danger. So it was a no-brainer, quite literally.

      • Re:Some key points (Score:5, Informative)

        by Terrasque ( 796014 ) on Thursday March 22, 2012 @04:44AM (#39438521) Homepage Journal

        This is actually a huge system, with many govt departments using it daily, and most of the time it works well. It's just that each year, when the rest of Norway also tries to log in, things go kaboom (That has happened several years in a row, I might add). The name, Altinn can be translated to all-in - it's basically THE portal between govt and citizens on many points. For example accountants use it daily (and every year they complain that they can't do anything at all for several days when this happens)

        So, most of the time it works (and works well, some might say), but a few days every year it's massively underscaled. This year, they apparently tried some half-baked emergency caching, which failed spectacularly.

    • by Skapare ( 16644 )

      Summary: overly pricey poorly developed unreliable unscalable stupidly managed bloat.

      This could have been done for less than $5 million.

    • by Afty0r ( 263037 )

      * Accenture is the main developer

      Found your problem. Right there.

      • by Viol8 ( 599362 )

        Bunch of useless egotistical idiots the lot of them. The know-nothings they hire seem to think they're gods gift because they work for this piss poor company , but most of them are clueless. Many a time I've had to sort out the mess they've created.

    • Re:Some key points (Score:5, Interesting)

      by Splab ( 574204 ) on Thursday March 22, 2012 @08:11AM (#39439501)

      They should have called up their Danish brothers in arms - we had the exact same failure here some years ago. Skat.dk kept going down, so they added loadbalancers but the way they assigned keys ended up with collisions and gave users access to other peoples data.

  • How, from a technical POV can this even happen? Dirty cache? Corrupted pointers?

    • The official statement, though dumbed-down to the point it's hard to figure out what was going on exactly, indicates it was a dirty cache. Most likely in a proxy used for SSL offload.
    • by Skapare ( 16644 )

      All the URLs look alike because the login ID is in cookies, and the cache wasn't set to figure in the cookie state.

  • by Compaqt ( 1758360 ) on Thursday March 22, 2012 @03:36AM (#39438283) Homepage

    When everybody's money is 'stored' in a government computer somewhere saying how much money you have, imagine what happens when there's a glitch putting your money in someone else's account.

    Yeah, I know, bank accounts.

    But, glitches happen there, too. At least you have a little cash to get to and from the bank to pursue the matter. When it's digital all the way down, what will you do?

    • This already happens once in a while with banks. Basically all transfers by accident gets sent to the same account. So after a few hours, that person is quite rich.
      Of course, they have routines for catching this, because they know it will happen, so when they catch it after a few hours, and correct it.

      Example: Norwegian man was Norways richest man for about 1 hour. [dagbladet.no], Google translated version [google.no]

    • by Tim C ( 15259 )
      Do I have cash? Or do I not discover the problem until I'm stood in front of the ATM, cursing at it for not dispensing any?

      It's a moot point anyway, as in either situation my first recourse would be to phone the bank, not visit it.
  • by skurk ( 78980 ) * on Thursday March 22, 2012 @04:25AM (#39438449) Homepage Journal

    I normally wouldn't care about this, but since the Norwegian government (i.e. the people, myself included) paid 1 billion NOK for this solution, I expect it to WORK. Mind you, this is not the first time we've had problems with Altinn, this has been a recurring drama the past few years. As the article states; every year they claim to be prepared, and every year they are unable to deliver.

    We're not *that* many people in Norway (recently hit the 5 million mark), and certainly not that many adults checking their tax returns online. Guesstimate: 1 million? And how many checks it simultaneously? Let's be generous and say half.

    So how the hell can a 175 million USD project not be able to deal with 500k visitors? It's a fucking joke.

  • All Norwegian tax returns are published publicly on the Internet, so Kenneth's information was already available to anyone who cared to check it. There's been no privacy violation here that I can see.

  • by Greyfox ( 87712 )
    I betcha some contractor decided to use a singleton in the authentication code or something like that! Probably worked great in single-user testing! And they probably never did any multi-user testing. I saw a very similar thing happen a company I worked for a few years back. They had to push back a release date because of static methods and members in a bunch of the auth code. Whole system worked great as long as only one user ever logged on at a time. Too bad we'll probably never know, because if there is

Help fight continental drift.

Working...