Firearms Talk banner
1 - 17 of 17 Posts

·
Registered
Joined
·
294 Posts
Discussion Starter · #1 ·
FYI, from NSSF:
************

Major ATF Ruling Authorizing
Electronic A&D Books

Following discussion with the National Shooting Sports Foundation (NSSF) -- the trade association for the firearms industry -- and many industry members, the Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF) announced yesterday a major new ruling authorizing federal firearms licensees to use electronic (computerized) acquisition and disposition records provided the software used satisfies certain ATF requirements set forth in the ruling signed by Acting Director Michael Sullivan.

FFLs will no longer need to seek a variance from the Director of Industry Operations to keep a computerized A&D book.

"NSSF would like to congratulate ATF, and in particular the leadership of Acting Director Sullivan, on helping to reduce the paperwork burden on industry," said NSSF Senior Vice President and General Counsel Lawrence G. Keane. "We look forward to continuing to work with ATF on other ways to utilize technology to aid America's firearms manufacturers and retailers to reduce their paperwork burden while continuing to permit ATF to protect public safety."

The ATF, at the urging of NSSF and firearms retailers, is expected to launch a voluntary E– Form 4473. This is a development which will save retailers time and greatly reduce the likelihood of entry violations.

NSSF's Mission Statement
"Our purpose is to provide trusted leadership in addressing industry challenges and in delivering programs and services to meet the identified needs of our members."

Click here to visit the NSSF Web site and see how we accomplish this mission.

COPYRIGHT © 2008 by National Shooting Sports Foundation, Inc. Permission is granted for broadcast, publication, retransmission to e-mail lists, Web sites or any other copying or storage, in any medium, online or not, if 1) the text is forwarded in its entirety, including this paragraph, and 2) no fee is charged. "Bullet Points®," "National Shooting Sports Foundation®," "NSSF®," and all other trade names, trademarks, service marks, logos and images of the National Shooting Sports Foundation appearing in this publication are the sole property of the Foundation and may not be used without the Foundation's prior express written permission. All other trade names, trademarks, service marks, logos and images appearing in this publication are trademarks or registered trademarks of their respective owners.
 

·
Banned
Joined
·
13,934 Posts
I see one problem with this. If a firearms dealer is keeping an electronic record of all firearms transactions. It needs to be done on a computer that is not (NOT) connected to the Internet in any way.

They should not use a wireless network either. If they have to use a wireless network they need to install a physical firewall between the computer and the Internet and use the highest amount of encryption over their wireless network which is WPA (Wireless Protected Access). For no reason should the dealer run a wireless network and use Wired Equivalent Privacy (WEP) which means it offers you the same amount of protection as a wired network would. I personally would not have a wireless network anywhere close to the computer that had these forms on them.

Windows has holes MAC OSX has holes. Linux would be your best and safest operating system to use with this why? Well no one writes viruses for Linux because the guys that write viruses are running Linux not windows xp or vista. Linux is also open-source and has hundreds of thousands of people making changes to the OS all the time so a backdoor on your Linux might not be unlocked on mine. Their is really no sure fire way to keep these records safe. If these records are on a computer they can be obtained no matter what. Short of a fire that totally melts the Hard drive there is a way to recover data. If the computer is hooked up to the Internet it is only a matter of time before someone opens an email and gets virus, trojan, worm, or something nasty on it. So me personally I would not buy from a store using this. That is the Network Engineer in me. I have a buddy that can hack your computer in a matter of a few minutes and retrieve 99% of your data in a few more minutes.

So to me this is not a good solution as of right now. If the FFL does do this it should be on a laptop that either goes home with him at night or goes in the biggest nastiest safe in the building
 

·
Registered
Joined
·
294 Posts
Discussion Starter · #3 ·
well, not being all that tech savvy, and not an FFL holder, I cant really comment. I just thought it would be of interest to folks...:)
 

·
Banned
Joined
·
13,934 Posts
What is going to happen is people are going to be less secure with their records and then they are going to lose them to a computer crash Blue Screen of Death (BSOD) or something like that. Or they are going to have the computer compromised or stolen outright. That gives them access to social security numbers and personal information. Then not only do they know some of the guns you just bought they know your address, your name and social. So they are going to steal your id along with your guns.

I don't see this as being a good thing myself.
 

·
Banned
Joined
·
6,964 Posts
I see one problem with this. If a firearms dealer is keeping an electronic record of all firearms transactions. It needs to be done on a computer that is not (NOT) connected to the Internet in any way.

They should not use a wireless network either. If they have to use a wireless network they need to install a physical firewall between the computer and the Internet and use the highest amount of encryption over their wireless network which is WPA (Wireless Protected Access). For no reason should the dealer run a wireless network and use Wired Equivalent Privacy (WEP) which means it offers you the same amount of protection as a wired network would. I personally would not have a wireless network anywhere close to the computer that had these forms on them.

Windows has holes MAC OSX has holes. Linux would be your best and safest operating system to use with this why? Well no one writes viruses for Linux because the guys that write viruses are running Linux not windows xp or vista. Linux is also open-source and has hundreds of thousands of people making changes to the OS all the time so a backdoor on your Linux might not be unlocked on mine. Their is really no sure fire way to keep these records safe. If these records are on a computer they can be obtained no matter what. Short of a fire that totally melts the Hard drive there is a way to recover data. If the computer is hooked up to the Internet it is only a matter of time before someone opens an email and gets virus, trojan, worm, or something nasty on it. So me personally I would not buy from a store using this. That is the Network Engineer in me. I have a buddy that can hack your computer in a matter of a few minutes and retrieve 99% of your data in a few more minutes.

So to me this is not a good solution as of right now. If the FFL does do this it should be on a laptop that either goes home with him at night or goes in the biggest nastiest safe in the building
Why can't an FFL have a wireless network for his primary computer, but a secondary computer without a wifi card (either an older laptop or a new desktop), and hardwire his FFL computer directly into his router. Use SSL to transmit sensitive data and don't worry about wireless signals being intercepted.

I take umbrage, incidentally, at your comment that we Linux users are the ones writing viruses. :D Sure, we laugh a lot at Windoze users who have to reinstall their OS every so often, but we're not the black hats.
 

·
Banned
Joined
·
13,934 Posts
no not everyone is a black hat. I ment no slight towards you other OS users.

You and I can talk SSL and that but really how many FFL's are in the know about tht kind of security. most banks don't encrypt your data set over the net from an atm machine. If the ATF wants this done then I think they need to set standards for the FFL dealers as far as security and encryption of the FFL data.
 

·
Registered
Joined
·
512 Posts
I don't think BATF is supporting this via the internet. What they are doing is now allowing any FFL to keep his books in EXCEL or via a custom software application. The problem before was that if you wanted to do this, you had to get a variance to keep the records electronically. I know of several EXCEL macro's that are available for this function.

I don't think there are going to be any more privacy issues than there were when hardcopy books were required. There are more issues today when you use your Credit card at the grocery store.
 

·
Banned
Joined
·
13,934 Posts
I don't think BATF is supporting this via the internet. What they are doing is now allowing any FFL to keep his books in EXCEL or via a custom software application. The problem before was that if you wanted to do this, you had to get a variance to keep the records electronically. I know of several EXCEL macro's that are available for this function.

I don't think there are going to be any more privacy issues than there were when hardcopy books were required. There are more issues today when you use your Credit card at the grocery store.
I personaly don't want anything to do with electronic copy's of a 4473 floating around. It is to easy to get the information off a computer unless you have a system like the pentagon who gets 1 million + attacks everyday.
 

·
Registered
Joined
·
187 Posts
What is going to happen is people are going to be less secure with their records and then they are going to lose them to a computer crash Blue Screen of Death (BSOD) or something like that.
Lol. One of my teachers use the Blue Screen Of Death jokingly all the time. I agree though if this program is hooked up to the internet it won't take long before its hacked.

Blue Screen Of Death
 

·
Registered
Joined
·
5 Posts
My 2 Cents.

Electronic data keeping is perfectly safe and lessens the amount of paperwork and storage for dealers.

That said, I agree that anyone who decides to use electronic means of data keeping should be aware of problems such as hard drive failures, security, and theft.

Hard drive failures can be mitigated by a regularly scheduled full backup on separate hard drive/s. Both need to be malware and virus scanned daily or at the very least every other day if you are wired (or wirelessly) connected to the internet. Weekly if not connected and you are transferring data from a connected source.

Security is important and I agree, use more incryptioin than the WEP. Use your firewall and any additional security that you can get. We have a responsibility to keep our customer's information confidential.

Theft applies to both hard and electronic formats. Both need physical security and electronic needs the added software security. Or hardware, as CPTtango30 suggested, and don't connect your database computer to the internet.

I think there are pluses and minuses with both methods. You just have to be committed to whichever method you use and deal with the extra paperwork or deal with the extra electronic security.

Me, I am electronic all the way. I doubt my laptop will be connected to the internet anyway but just in case, it will have my desktop as backup and all the extra security I can get. Hey, it's deductable. Why not. :)

GS
 

·
Registered
Joined
·
1 Posts
A BATF Inspector told me that they actually prefer electronic records keeping when conducting Inspections. This allows them to do searches and to get printouts of the records.
 

·
Registered
Joined
·
12 Posts
Online paranoia

There seems to be a lot of hub-bub over the wireless connectivity and overall security...some things to consider:

A wireless connection is only as secure as the application/site running on it - ie, add your credit card information to a site without SSL security and it is not the CONNECTION that determines the safety of the transfer of information.

Some information is only useful if LINKED - your first name and last name are only useful if they are linked, and then only if they are again linked to your address AND your ssn AND your credit card number.

Who exactly is stealing this data? The information is being sent to a government agency who then SCANS and/or ENTERS INTO A SOFTWARE SYSTEM all the same information, which then lives in a database that is made available to users within the government and contractors, some of whom live hundreds of miles away from the servers and use wireless connections to access data and email.

Anyone who remembers the stone ages (when paper records were locked (maybe?) at night, where paper copies were not always shredded, and when people walked away with folders or threw away documents all the time) would agree that there are disadvantages to any system when human beings come into play.
 

·
Banned
Joined
·
87 Posts
Sounds like fear of the unknown...

I personaly don't want anything to do with electronic copy's of a 4473 floating around. It is to easy to get the information off a computer unless you have a system like the pentagon who gets 1 million + attacks everyday.
That's nothing more than technophobia. A low-end computer with a RAID drive for HD crash protection, and NO connection to any other machine and you're good. Better still, use a removable RAID, and pop it into your fireproof safe (or take it home and put it in your home safe) when you close shop. Put a decoy HD into your computer to spoof any crook.

A good encryption program, like PGP, will make it as secure as you'll ever need. Heck, if the government has trouble breaking PGP, your local crook doesn't have a chance!!!

The point is that NO system is foolproof. The guy who uses paper books is just at risk for data theft, though the crook will have to come to the FFL to get them. Same with electronic; keep it on ONE machine, and the crook will have to go to that ONE machine to get the electronic info. Basic safeguards will protect both.
 

·
Registered
Joined
·
692 Posts
no not everyone is a black hat. I ment no slight towards you other OS users.

You and I can talk SSL and that but really how many FFL's are in the know about tht kind of security. most banks don't encrypt your data set over the net from an atm machine. If the ATF wants this done then I think they need to set standards for the FFL dealers as far as security and encryption of the FFL data.
This is one thing that irritates the hell outta me about Linux users... they think anything and everything should be THAT FRIGGIN' SECURE and NOTHING ELSE WILL DO.

Let me pose these questions that are actually grounded in REALITY:

1. Do bad guys or hackers REALLY CARE about my A/D data? Do they really care who I sold a gun to, and where they live?

2. Is the ATF *REALLY* qualified to set ANY kind of "standards" for anything computer based?

Here's a couple of clues.

1. Electronic A/D programs simply store where a specific firearm was purchased, and who it was sold to.

2. Electronic 4473s are not stored. They're filled out, then PRINTED for signatures. This is where the sensitive data is stored... on HARD COPY.

3. It's harder to steal a whole computer than it is a "bound book".

4. Backups (both soft AND hard copies) are just good business sense. You can print off as many bound copies of your A/D records as you want, and it's a hell of a lot easier than Xeroxing the traditional bound book.

5. Again, NOBODY CARES about who you got your firearms from or who you sold them to... at least they don't care enough to try and hack WEP security.

Put THAT in your pipe and smoke it!
 

·
Banned
Joined
·
87 Posts
This is one thing that irritates the hell outta me about Linux users... they think anything and everything should be THAT FRIGGIN' SECURE and NOTHING ELSE WILL DO.

Let me pose these questions that are actually grounded in REALITY:

1. Do bad guys or hackers REALLY CARE about my A/D data? Do they really care who I sold a gun to, and where they live?

2. Is the ATF *REALLY* qualified to set ANY kind of "standards" for anything computer based?
Agreed. Obviously, hackers are after more *lucrative* info that A/D data. The black hats are into identity theft, usually worked on contract for other criminals. IMHO, they'd be after your financial records in an attempt to force you out of the local market than to find out where you get your guns, and where they're going.

I would be against a standard for an electronic A/D system. No standards means that much more work dealing with the multitude of data formats! The ones to set the standard would be IEEE, as they also set the standards for almost everything else electronics-related, including transmission protocols. Those guys are the experts, and IF it were to come to it, ATF would be smart to let IEEE pick the formats.

Again, use PGP to encrypt, and keep backups of all your data, electronic or written!!
 

·
Registered
Joined
·
692 Posts
I would be against a standard for an electronic A/D system. No standards means that much more work dealing with the multitude of data formats! The ones to set the standard would be IEEE, as they also set the standards for almost everything else electronics-related, including transmission protocols. Those guys are the experts, and IF it were to come to it, ATF would be smart to let IEEE pick the formats.

Again, use PGP to encrypt, and keep backups of all your data, electronic or written!!
I'm a software developer. I'm against "standards" because I write my own stuff. "Standards" would mean more rules for me to follow based on someone else's idea of how things should be done.

I print a hardcopy of my A/D data that is securely stored with my 4473s. I print my own 4473s using the new program available on the ATF website. I like the electronic copy of my A/D data because I don't have to flip through pages... I can scan a barcode of any gun I have and it goes right to that record. My A/D data is digitally stored on a USB thumbdrive, and I remotely back it up daily in ZIP format. I keep all shipping slips so if I lose a week's worth of data I can rebuild it with my hard copies. There's no guesswork. When I close shop, the thumbdrive goes with me and is stored in a secured undisclosed location (no, not my glovebox :p ) so even if there *IS* a break-in, and they steal my computer, they get no customer OR vendor info. My POS data is on the same thumbdrive. All I have to do is buy a laptop and install the POS and A/D software I use, and I have my data readily available. I can pick right up and keep on truckin'.

I do use the same computer for my POS as I do my A/D. Whenever I get a new merchant acct, it's the same computer I run credit card transactions. It's connected to the internet (behind TWO hardware firewalls).

I'm just not that worried about the security of my data... even if a hacker got into my computer, they most likely wouldn't know what they were looking for.
 
1 - 17 of 17 Posts
Top