e-FA10. It's officially a mess!

dcmdon said:
If it accesses the same database that is used when someone from the FRB manually enters information off a paper form, then the risk is the same no matter how you do it.
Click to expand...
No, the risk is proportional to access. This is a fraud fire house where before it was just a leaky faucet.

Much like credit card fraud was a physical problem, then when BBS came around, it went national and now that the internet is here, its a global institution.
 
I don't disagree with you that risk is proportional to access.

But if the system is ALREADY architected such that the public side hits the same db that the FRB people use, the risk is there whether you use the web based system or not.

I'm not debating the data security of the system. I'm debating whether using the web side of the system exposes you to any additional risk. It doesn't.

Don
 
dcmdon said:
I don't disagree with you that risk is proportional to access.

But if the system is ALREADY architected such that the public side hits the same db that the FRB people use, the risk is there whether you use the web based system or not.

I'm not debating the data security of the system. I'm debating whether using the web side of the system exposes you to any additional risk. It doesn't.

Don
Click to expand...
Which is it?
 
dcmdon said:
The access is already architected into the system. By providing web access they increase risk.

But that risk exists whether you use the web based system or not.

I hope I'm making my point clear.
Click to expand...

Are you saying that the risk to everyone is not increased by usage, but rather that the risk goes from $small_risk to $large_risk simply by, and *only* by, turning on the web access system?

To some degree I agree with you, but not completely. I'm not sure I trust that the system's security certificates and server updates &c. to be updated and maintained properly, so there's a chance that a man-in-the-middle attack could succeed, one that couldn't if we don't use it.

Furthermore, if I fill out a paper form, there's a non-zero chance they'll scan it wrong or lose it, both would *decrease* my risk.
 
Yes. I am saying that by enabling a web portal, they increase risk.

I'm not sure what you mean by "If I fill out a paper form there's a non-zero chance they'll scan it wrong".

I'm assuming that you mean there is an increased chance of error if a human reads and enters your paperwork vs if you did it online. I'd agree with that.

I'm not sure how that decreases your risk.

Here's the reality. Electronic entry is generally safer, more efficient, and less prone to errors than paper systems. And that is great, if the entries you are making are voluntary and you trust the entity you are doing "business" with. The real problem is that this is a coercive relationship with an entity that enforces its extra-legal edicts at the barrell of a gun. Its exacerbated by the fact that this electronic system is being managed in a semi-competent (I may be being generous) way at best.

We all know e-forms can be safe, secure, quick, efficient. We enjoy their benefits daily. But our goal here should be to lawfully resist any attempt to computerize or automate any process associated with the unconstitutional registration of firearm. To me that means using a paper form for as long as I can lawfully do so.

It is precisely BECAUSE paper is less accurate and convenient for those maintaining a registry that we should want to use paper.
 
dcmdon said:
Yes. I am saying that by enabling a web portal, they increase risk.

I'm not sure what you mean by "If I fill out a paper form there's a non-zero chance they'll scan it wrong".

I'm assuming that you mean there is an increased chance of error if a human reads and enters your paperwork vs if you did it online. I'd agree with that.

I'm not sure how that decreases your risk.
Click to expand...

It decreases my risk because it's less likely they'll have accurate information about me, which means they're less likely to know what I do or don't have, which means they're less likely to trust their own data, which means they're less likely to use that data against any of us. The numbers are very, very small, of course, and dependent on somebody at the FRB recognizing the above problems with their broken system.

Here's the reality. Electronic entry is generally safer, more efficient, and less prone to errors than paper systems. And that is great, if the entries you are making are voluntary and you trust the entity you are doing "business" with. The real problem is that this is a coercive relationship with an entity that enforces its extra-legal edicts at the barrell of a gun. Its exacerbated by the fact that this electronic system is being managed in a semi-competent (I may be being generous) way at best.

We all know e-forms can be safe, secure, quick, efficient. We enjoy their benefits daily. But our goal here should be to lawfully resist any attempt to computerize or automate any process associated with the unconstitutional registration of firearm. To me that means using a paper form for as long as I can lawfully do so.

It is precisely BECAUSE paper is less accurate and convenient for those maintaining a registry that we should want to use paper.
Click to expand...

Yes, that's exactly what I meant.
 
dcmdon is correct if FRB really connected such a sensitive database to an internet connected server, which would be stupidity personified, which leads me to suspect they probably did it. If this is the case, a hacker could touch submissions made on paper by anyone, not just those electronically filed.

The submissions "should" be delivered to a sacrificial database. In other words, if some "anonymous" hacker compromised the system they'd be able to access just those submissions that had not already been validated and moved.
 
The submissions "should" be delivered to a sacrificial database. In other words, if some "anonymous" hacker compromised the system they'd be able to access just those submissions that had not already been validated and moved.
Click to expand...

Unlikely, since the system validates LTCs and the chances they would bifurcate the database into "essential to keep available" and "one way only" is slim. Also, keep in mind that what you see with the e-FA10 is just part of the MIRCS system which was originally, and primarily, designed to provide law enforcement support for the licensing process as well as dealer validation of licenses and entry of sales data.

The number of businesses that put critical information on internet connected systems is astronomical, and the consequences of systems we generally accept as "internetted" being compromised dwarf that of the FRB database.

Virtually EVERY major brokerage house has all accounts on-line and such on-line access gives the ability to execute trades and, in some cases, transfer funds to unaffiliated accounts. Ditto for bank accounts. And then there are medical records - it's common for hospital patients to use the patient access system to see their own lab results on a laptop before the MD stops by with them (convenient, since protocol precludes nurses from giving the patient this info, though it happens for some routine items). One of the largest credit card clearing houses allows the merchant to change the bank account to which credit card payments are transferred by entering it on-line rather than providing a paper document.

The real risk would be if the FRB did not use security equivalent to the banks and brokerage houses (which despite assertions that "any system is hackable" seem to be doing pretty well), combined with the fact that, unlike the private sector, the jobs of anyone blowing it on security would remain safe and the state most probably immunized against torts.
 
Rob Boudrie said:
Unlikely, since the system validates LTCs and the chances they would bifurcate the database into "essential to keep available" and "one way only" is slim. Also, keep in mind that what you see with the e-FA10 is just part of the MIRCS system which was originally, and primarily, designed to provide law enforcement support for the licensing process as well as dealer validation of licenses and entry of sales data.

The number of businesses that put critical information on internet connected systems is astronomical, and the consequences of systems we generally accept as "internetted" being compromised dwarf that of the FRB database.

Virtually EVERY major brokerage house has all accounts on-line and such on-line access gives the ability to execute trades and, in some cases, transfer funds to unaffiliated accounts. Ditto for bank accounts. And then there are medical records - it's common for hospital patients to use the patient access system to see their own lab results on a laptop before the MD stops by with them (convenient, since protocol precludes nurses from giving the patient this info, though it happens for some routine items). One of the largest credit card clearing houses allows the merchant to change the bank account to which credit card payments are transferred by entering it on-line rather than providing a paper document.

The real risk would be if the FRB did not use security equivalent to the banks and brokerage houses (which despite assertions that "any system is hackable" seem to be doing pretty well), combined with the fact that, unlike the private sector, the jobs of anyone blowing it on security would remain safe and the state most probably immunized against torts.
Click to expand...

I don't disagree really with any of your comments.

However, I can choose another bank or broker if I don't like their security or business practices.

If I choose to own guns, I am compelled to deal with the FRB. There is no alternative.

They have a duty to operate in a manner and with standards that are beyond reproach. They don't live up to that...
 
namedpipes said:
They have a duty to operate in a manner and with standards that are beyond reproach. They don't live up to that...
Click to expand...

No gov't agency lives up to this.

Sad but true.

Always remember, gov't is NOT responsible for any damages to the people harmed when systems are hacked, employees sell personal data to illegals (ID theft), etc. Private industry can, have, will and should be sued for damages in such cases, but gov't is always exempt from "responsibility"!
 
However, I can choose another bank or broker if I don't like their security or business practices.
Click to expand...

Quite true, and it's interesting to see how different banks handle security representations - ranging from "You will not be held responsible for fraud" to "you agree any use of your password, however obtained, is considered to be authorized by you". To see an example of a bank attempting to hide behind this, read up on Joe Lopez v. Bank of America.
 
LenS said:
No gov't agency lives up to this.

Sad but true.

Always remember, gov't is NOT responsible for any damages to the people harmed when systems are hacked, employees sell personal data to illegals (ID theft), etc. Private industry can, have, will and should be sued for damages in such cases, but gov't is always exempt from "responsibility"!
Click to expand...

I have a tendency to see what ought to be as opposed to what is...
 
LenS said:
No gov't agency lives up to this.

Sad but true.

Always remember, gov't is NOT responsible for any damages to the people harmed when systems are hacked, employees sell personal data to illegals (ID theft), etc. Private industry can, have, will and should be sued for damages in such cases, but gov't is always exempt from "responsibility"!
Click to expand...

Government operates the same as any other monopoly with the added downside that you are forced to buy their services under threat of death.

Rob - not to get too geeky, but my bank logs the IP address and if the accessing IP changes, requires you to answer 4 challenge questions in addition to username and password. The answers to the challenge questions are case sensitive. Its a real pain in the ass. I was a beta tester and during the beta period, I came up with a slogan for the system:

Libertylink, so secure even our customers can't get in.

Ha.
 
JWPaolilliJr said:
So when are you folks going get together and refuse to use the eFA10 and make GUIDO follow the law? No unity, No desire, and No results!! You get what you deserve.
Click to expand...
The bottom line is there can be no meaningful protest movement in this state while suitability exists. The state can simply remove you from the pool of lawful gun owners with a stroke of a key.

This is why we have and should continue to frame this as a civil rights issue that goes far beyond just firearms.
 
JWPaolilliJr said:
So you tell me that you live in fear of making the government follow the law and be accountable to the people. You truly have become "Subjects".

Demand that you be supplied with hard copy FA10's as required by law. Flood these bastards with paper.
Click to expand...
What I am telling you is that in MA, there are a small number of people willing to speak out and work to change the system because many understand, not fear - it is a fact, that they can be silenced as gun owners for doing so.

I don't use the eFA10 system for FTF transfers, I obtain and use the appropriate paper forms.

I don't live in fear. I speak my mind. I am working to change the system actively and encouraging others to do the same. The reality though is that, depending on the town you live in, you may face a binary ability to participate in this discussion as a gun owner.
 
JWPaolilliJr said:
Yes I did move, I did something instead of pissing, moaning and wringing my hands. So that is the choice, that you folks have to make. Do something to resolve your problems, or to embrace the chains and bonds of those problems. That choice is yours.
Click to expand...
I am also doing something other than pissing, moaning and wringing my hands... I put my time/money where my mouth is.

Starting to see more people at the state-house when I go too - so that's a good thing.

I work to get good people on the ballot locally. I donate time/money/porsches to 2A orgs. I go to the state-house and testify. I attempt, thus far unsuccessfully, to sway my representative to stop trampling my rights (and I work to get her out of office at the next election in the mean time).

I understand leaving too. I consider it now and then, but for now, it seems worth it to try to fix it rather than run away.

Could I do more? Sure, everyone can do "more," and I am always on the look out for ways to do it, but I do have a day-job too, so I have to choose my battles wisely.
 
JWPaolilliJr said:
Good, I wound you up, That's a good thing. Now the others need to be wound up as you are.
Click to expand...
Well, I am glad you feel so important, the public schools would be proud of your self-esteem, but you didn't actually do anything other than leave... [wink]

I wound myself up - some time ago...

I moved to this state having no idea how screwed up it was and understanding that all states are screwed up to some degree. Then when I had enough time to pick my head up from the grind stone and look around, I realized I had underestimated how bad it was and got to work.
 
Because your RKBA is at the whim of a CLEO there are only really 2 choices.

1) play ball while working to change the laws
2) armed insurrection

I think most of us will agree that an armed insurrection is not appropriate at this point in time.

So instead fight the soft war:

1) vote
2) support pro 2a candidates
3) work the legislature with letters, phone calls, testify at hearings, etc.
4) financially support MA SPECIFIC pro-2a groups

Re Choices: We chose to move to MA recently. I understand the downside, but the pros outweighed the cons and we chose to move here. So far I'm happy with the decision, although I have to say that also having a residence in CT removes much of the sting to moving here.


Don
 
Last edited:
The non willingness to "fight" this has nothing to do with fear/suitability, and everything to do with the fact that Guida and co will likely continue doing whatever they want to, regardless of whatever we do. We could all crapflood them with FA-10 PDF printout forms, and maybe they would go back to just scanning them like they are supposed to, if we got lucky, but in the end, does it really matter?

The other problem is, the S128A/B crap is best described as being akin to a law requiring a permit to be obtained before you can fart legally. If you fart without obtaining the permit, will anyone know or ever care? And the answer to that is, probably not, 99% of the time outside of a few narrowly defined circumstances. I know damn well there are people in this state throwing the rejection letters in the trash and not caring about it, feeling they have fulfilled their obligations.


-Mike
 
Last edited:
JWPaolilliJr said:
Really, You are living in la la land! I was involved, VP of Mass. Sportmen's Council, BOD Mass Trappers, Delegate to Middlesexx County League, Out right told town officials that the by laws and ordinances had no bearing on state lands, then defied them to enforce thier by laws. Yeah, I was involved. I do not need to explain or validate the reasons of why I moved to you, or to anyone else.
But it appears that you seem to enjoy running others down, so be it, I guess that is how you play.
Click to expand...
Lighten up Francis. I am not "running you down." Just returning the ribbing you are giving me for being here and not going all William Wallace on them.

The reality for all of us is that family and jobs mean that we can't always drop everything and move to a better state. Not only that, but for all its (many) problems there are good things about where I live.

If you can't take it - don't dish it out. [wink] I don't think any less of you for moving away. I also understand why people give up, but while I am here, I will be doing everything I can to move my town and state into compliance with the Constitution.

There are plenty of people doing nothing and just "taking it" or worse as you can find in "out yourself threads," but you are barking up the wrong tree with me on that criticism.

- - - Updated - - -

drgrant said:
The non willingness to "fight" this has nothing to do with fear/suitability, and everything to do with the fact that Guida and co will likely continue doing whatever they want to, regardless of whatever we do. We could all crapflood them with FA-10 PDF printout forms, and maybe they would go back to just scanning them like they are supposed to, if we got lucky, but in the end, does it really matter?
Click to expand...
Mike, you are right to point out that good 'ol apathy plays a big part too, but I think you are understating the "chilling effect" that suitability has on people's willingness to call it like it is. I've heard too many people censoring themselves to think otherwise.
 
dcmdon said:
Rob - not to get too geeky, but my bank logs the IP address and if the accessing IP changes, requires you to answer 4 challenge questions in addition to username and password. The answers to the challenge questions are case sensitive. Its a real pain in the ass. I was a beta tester and during the beta period, I came up with a slogan for the system:
Click to expand...

This is becoming increasingly common with banking systems. It does not, however, offer protection to "takeover viruses" that route the connection through your system :).

But, the only real incentive for increasing security is if the banks cannot hide behind "If you were hacked, so sorry". Banks could never get away with "Any signature of a check bearing your account #, even if a forgery, is considered authorized by you". It was always the bank's obligation to satisfy itself the withdrawer was legit and, if necessary, transfer funds only when it had recourse against the cashing party in the event the check was a forgery.
 
Please use the "Print Transaction" button provided below to view and/or print the transaction form for your record. The transaction form must be printed now and cannot be printed later.
Click to expand...

great... effin "Print" button takes me to a blank page.....

MFers......
 
inerlogic said:
great... effin "Print" button takes me to a blank page.....

MFers......
Click to expand...

i recently made a purchase and the E-FA-10 worked perfectly. whole thing took 5mins. made the purchase from a LEO and we met at the station, but that should make no difference. I was pleasantly surprised to see it work. I guess it was a fluke
 
Worked great for me everytime.... maybe you did something wrong... but if you didn't get a copy and want one, just call, they were awsome when I screwed my first time... they sent me 2 copys in about 2 days..
 

Similar threads

Firearm Legislation? This is how it's done in a "free state"
Replies
13
Views
572
APFSDS
APFSDS
Still going to FA10? Top Pentagon Insider: Abolish Second Amendment, Deploy National Guard For Mass Gun Confiscation Effort
Replies
29
Views
1K
1919FAN
1919FAN
Transfer a preban pistol to Ma but the FFL said it's not on the list
2
Replies
33
Views
2K
zork51
Z
  • Locked
2016: How did dealers FA10 stripped lowers? They were NOT complete guns...
Replies
20
Views
685
drgrant
drgrant
ATF E-Forms Intentionally Shut Down (LOL for Maintenance)
Replies
16
Views
1K
Dressed to Kill
Dressed to Kill
Back
Top Bottom