The Post Office Horizon scandal is both simple and complex, straightforward but also difficult to grasp in all its interconnected detail.
The essence of the scandal is, of course, how groups of identifiable individuals within the Post Office – executives, lawyers and investigators – inflicted criminal legal liability and other horrors on unfortunate sub-postmasters and sub-postmistresses between 2000 and 2014, even though those executives, lawyers and investigators knew (or should have known) that the computer system on which they relied was flawed.
And when it became increasingly plain that there had been mass miscarriages of justice, groups of identifiable individuals within the Post Office and their external legal advisers sought to evade accountability and to cover-up what had happened, even employing extraordinarily aggressive litigation tactics.
But a saddening thing is that if it were not those particular identifiable individuals who were culpable (and they certainly should be held to account) then it would have been other individuals doing the same things. And this is because of legal and corporate contexts that facilitated this wrongdoing.
This is not to say that the guilty people can themselves blame the system – the culpable individuals could and should have done different things, at each and every step. Indeed, exceptional individuals could have stopped the nonsense and the cruelty.
But these were not exceptional individuals – they were individuals doing what they (wrongly) believed to be their job or performing what they (wrongly) believed to be their function or protecting what they (wrongly) saw to be legitimate interests.
As such it is not enough to identify and vilify villains, it also important to identify system failures that enabled such people to ruin the lives of so many innocent people.
Like the proverbial poor, the likes of Paula Vennells are always with us and will always somehow obtain senior positions. The question is what circumstances enabled this person and others to cause the consequences that they did.
*
This post set out the faults of the legal system.
Indeed, like Marley being dead in A Christmas Carol, an understanding that the legal system being at fault is the basis of the story of the Post Office scandal.
Without the legal system being constituted as it was, then the Post Office could never have done what it did.
*
The first legal fault is a rule of evidence: computer records must be presumed to be accurate unless shown to be otherwise.
Note that this is a presumption, not an absolute rule.
(And technically speaking the rule goes to admissibility of records as evidence, rather than the weight to be placed on them, but the practical effect is that once admitted the evidence is accepted for what it says.)
If computer records can be shown to be inaccurate, the presumption is rebutted.
The origin of this rule is from before the computer age: the days of mechanical instruments such as watches and then, more recently, speed cameras and breathalysers. The courts would presume such instruments were accurate and would allow prosecutions to rely on the evidence of such devices.
Such a rule of evidence makes sort-of-sense with such elementary contraptions, but it was (and is) woefully unrealistic with computer-generated data.
Indeed, software systems of any complexity are unlikely to be bug-free: the best one can hope for is that the bugs are not disruptive in any non-trivial way.
From 1984 to 1999 this rule of evidence had the presumption pointing the other way: it was for the prosecution to show the soundness of the computer evidence, and not the defendant. But this was repealed following a clumsy and ill-considered Law Commission proposal. The pre-1984 legal regime was reinstated.
If it were for the prosecution to show that the evidence was sound – with, say, certification on pain of perjury and full disclosure of error logs, and so on – then it is unlikely that many of the Post Office prosecutions could have taken place. It is certainly the presumption on which the Post Office relied upon in many prosecutions and in respect of which the Post Office resisted adverse disclosure.
In this way a mere rule of evidence created the conditions for horrendous miscarriages of justice.
There is no good reason for this presumption to remain. Prosecutions should only be able to rely on computer-generated records if (at least) on pain of perjury a director or similar figure certifies that there has been full disclosure of all relevant material to the defendant for the evidence to be properly tested.
No longer should any defendant be in the position of “computer says guilty”.
*
Now we come to the next legal problem: disclosure.
Disclosure is a lawyer’s word for the process of one party providing another party with access to material evidence.
In general terms, it is the step in a legal case – either criminal or civil – when a case is won or lost. It is easy to assert a case based only evidence in one’s possession or control; it is only when the evidence is seen in the round that the merits of the parties’ respective positions can be keenly seen.
In civil cases, parties disclose their evidence to each other; but in criminal cases it is usually the prosecution that has the disclosure obligation. And the prosecution – rightly – has the obligation to disclose all evidence – even (especially!) the evidence that assists the defendant.
Prosecution disclosure of all material evidence to a defendant is thereby fundamental to the notion of a fair trial.
This is particularly so when a defendant has a presumption against them, such as those facing computer evidence.
For the only real chance a defendant has to rebut the accuracy of computer evidence – especially that evidence relied upon by a large organisation – is to have access to internal information held by that organisation. Unless internal information is disclosed the defendant is a lamb to the slaughter.
In the Horizon cases, the Post Office refused and resisted disclosure of the internal error logs that would have shown the system was unreliable.
It is not yet clear whether this was a deliberate and dishonest failing, or whether those with disclosure obligations simply did not know of information held elsewhere in the Post Office. Perhaps it was a mixture of both.
What is clear is that in at least some cases, the Post Office adopted tactics that meant that the Horizon system would not be called into doubt for other cases.
Whatever the true reason for this non-disclosure, its effect was stark. Defendants who would have had a defence had no defence; charges were brought which otherwise would not have been brought; lives were ruined needlessly.
The public efficacy of any criminal prosecution is only as good as the performance of key obligations by the prosecution, else (to use a techie term) it is garbage in, garbage out (or GIGO).
By not disclosing evidence as to the unreliability of the Horizon system, while benefitting from the presumption in favour of the soundness of the system, this meant that the Post Office had it both ways. Attempts by defendants to obtain disclosure were opposed by the Post Office and rejected by the courts.
The Post Office did what it did, because it could get away with it.
*
And here we come to another glaring hole in the legal system: the use by the Post Office of private prosecutions.
The Post Office actually does not have any special standing to bring prosecutions; it has the same right to bring a private prosecution as any other person.
But the Post Office was prosecution-happy, with investigators boasting of holding interviews under the Police and Criminal Evidence Act.
Instead of prosecutions being a rare and extraordinary events, there were dozens, sometimes hundreds, a year after 2000, until they came to an abrupt halt in 2014.
The sub-postmasters and sub-postmistresses running post offices in their shops suddenly became a major criminal demographic.
When this happened perhaps senior managers at the Post Office would have thought that this grand explosion in larceny indicated that the evidence base may be faulty. But no.
Prosecute, prosecute, prosecute!
And because these were private prosecutions, there was no direct involvement by the Crown Prosecution Service and thereby no independent appraisal of the prosecution decision. Did the evidence available make out the offence? Was there a realistic prospect of a conviction on the evidence and the applicable law? Was a prosecution in the public interest? On these key questions, the Post Office prosecutors made their own, unchecked decisions, secure in the knowledge that the court would presume that computer records would be accepted as good evidence and that there would not be any disclosure otherwise.
In some cases – disgustingly – the Post Office ‘over’ charged with an offence of theft, even though there was insufficient evidence to show that the defendants were thieves, so that the (frankly) terrified defendants would plead guilty to the lesser offence of false accounting, which would normally avoid both a custodial sentence and the added stigma of a conviction for theft.
The Post Office simply got carried away with its role as an investigator and (private) prosecutor, and the convictions were easy because of the rule of evidence and the lack of disclosure.
Perhaps someone should have seen the convictions piling up and wondered what really was going on. But nobody cared. The computer said guilty, and the defendants had to be prosecuted, because they could be.
*
Because of the magnificent stand made by Alan Bates and his fellow victims of miscarriages of justice (and because of the outstanding blogging of Nick Wallis), there was a possibility that the legal tide could turn – that the legal system that had treated the defendants so badly could maybe give them belated justice.
But the legal system did not make it easy for the victims; the legal system made it hard.
Bates and others launched civil claims against the Post Office – civil claims which the Post Office did everything to oppose.
These civil claims were likely to have got nowhere, had it not been for two strokes of legal luck – neither of which were inevitable.
The first stroke of luck was that the claimants were able to get the court to agree to a ‘group litigation order’ – in effect, a class action. These orders are rare and far harder to obtain than they should be.
And these orders are not ideal. To bring such a class action – even in a straightforward case – means a great deal of lawyery work and often needs funders who will put the money up for this work in return for the possibility of a return if the case is successful.
But when faced with the extreme legal tactics of the Post Office, however, this meant extensive work which would need to be funded.
A group litigation order made it possible for Bates and others to meaningfully take on the Post Office – but it also meant that any returns would be subjected to the need to pay funders and lawyers.
It was not an ideal litigation device – but it was the only one that would mean the claimants could take on the might of the Post Office.
Yet even a group litigation order did not mean success – and, given the Post Office’s aggressive litigation manner, the civil claims may have ended in defeat.
And then there was the second, game-changing stroke of luck.
The case was allocated to a High Court judge called Sir Peter Fraser.
*
This is not a sweary blog, and so forgive the following characterisation.
Mr Justice Fraser was not going to take any of the Post Office’s shit.
*
In a sequence of judgments, Fraser skilfully and painstakingly dismantled the Post Office’s legal and technical case.
(It is difficult to imagine many, if any, other High Court judges with the technical understanding and confidence to do this – and it is scarily easy to imagine many High Court judges instead nodding-along with Post Office counsel.)
In two judgments in particular – “common issues” and “Horizon issues”, both of which are forensic masterpieces – Fraser showed that the Horizon system was flawed and that the Post Office knew that the Horizon system was flawed.
During these hearings the Post Office took fright.
They instructed perhaps the most expensive barrister in the land to ambush the litigation mid-hearing with a sudden application to have Fraser recused for “bias”. They also sought (and presumably paid for) advice from a former President of the Supreme Court on how the cases before Fraser could be derailed.
There has never been a civil litigation ploy quite like it: it was as odd as it was desperate. It was, at best, a nuclear option. At worst, it was improper.
And it failed.
The Court of Appeal put the Post Office and its eminent legal counsel back in their post box.
Fraser could carry on.
And he did.
His judgment on the “Horizon issues” is lengthy, but it should be read by anyone interested in the law and/or the technical side of the case.
The Post Office now had nowhere to hide.
*
Following on from the Fraser judgments, the Post Office position effectively collapsed.
The Court of Appeal began to overturn the convictions of those wrongly convicted – though because of an under-resourced and overly legalistic Criminal Convictions Review Commission, cases were only referred if the commission was certain they would succeed, rather than letting the Court of Appeal do its job.
The Post Office begrudgingly agreed to a settlement which, because of the nature of a group litigation order, meant considerable amounts went to the lawyers and funders of the claims, rather than to the claimants.
You would have thought that was it, but no.
*
The innocent victims continued to campaign, slowly getting more and more press interest.
(And the then-head of the Post Office, who oversaw many of the wrongs, was at this point awarded a CBE and appointed by the current government to the Cabinet Office.)
The government set up an inquiry under a retired senior judge, so as to get to the bottom of the affair. Few noticed or cared.
And pretty soon the Post Office was back to its old non-disclosure and other evasive tricks. Just as the Post Office failed in its disclosure obligations in the original criminal cases, it began routinely to fail in its disclosure obligations to the new inquiry.
GIGO.
And this is where the position was until a few weeks ago: claimants under-compensated; the wrongly convicted waiting endlessly for acquittals; the Post Office playing its usual non-disclosure games.
*
Then, this happened:
It is remarkable what difference a television programme can make.
Suddenly politicians urgently told each other (and voters) that something must be done, despite there being no new material facts since the Fraser judgments.
Perhaps the wrongs can be righted – at least for those victims who are still with us.
Perhaps the culpable individuals at the Post Office can be vilified.
But in all this noise, there is another issue.
What can be done about a legal system that makes it very easy for entities such as the Post Office to destroy lives but also makes it very difficult for those injustices to be corrected?
There were many individual failures – but there were systems failures too.
And until and unless those systems failures are addressed then further injustices will occur again, only with different culpable individuals.
****
This is a re-written and extended version of an article at Prospect magazine.
Comments Policy
This blog enjoys a high standard of comments, many of which are better and more interesting than the posts.
Comments are welcome, but they are pre-moderated and comments will not be published if irksome, or if they risk derailing the discussion.
More on the comments policy is here.
I read Sir Peter Fraser‘s judgments on the Post Office issues when you recommended them in your blog previously, and they were absolutely fascinating – and devastating.
and I still dont know who dreamt up the “recusal” strategy attacking Fraser’s probity. Staggering mistake and even Lord Grabiner looks grubby for its pursuit even if Neuberger (instructed by whom?) agreed a case to be explored.
Yeah. I mean, judges are permitted to show bias against parties who are full of it.
As usual, a painstaking and thoroughly enlightening piece of work for which thank you.
Just a little comment on “They also sought (and presumably paid for) advice from a former President of the Supreme Court on how the cases before Fraser could be derailed” – it will be Joe Public who will end up paying for this rather the corporate ‘they’, most of whom will walk away relatively unscathed.
As usual, excellent and focussed precis of the issues regarding the law (& the Post Office)
I see Chris Grey’s blog also talks on the issue, and mentions another ongoing abuse of power re EU citizens living legally in the UK.
However, would love to see an explanation of how the government were able to bring in a Law, retrospectively, regarding umbrella companies and Loan Charges. I’m particularly concerned in this backdating, which certainly does not seem democratic or fair* And why HMRC are targeting contractors rather than said umbrella companies for penalties and “unpaid taxes”? – I suspect the answer, of course, is, because they are easier to attack and bully.
*fair? OK, Law and justice often seem to be different things.
A passage in a short story by William Faulkner always comes to mind when the topic of law and justice arises:
–‘I’m interested in truth,’ the sheriff said.
–‘So am I,’ Uncle Gavin said. ‘It’s so rare. But I am more interested in justice and human beings.’
— ‘Aint truth and justice the same thing?’ the sheriff said.
— ‘Since when?’ Uncle Gavin said. ‘In my time I have seen truth that was anything under the sun but just, and I have seen justice using tools and instruments I wouldn’t want to touch with a ten-foot fence rail.’
(Or, from Hogfather by Terry Pratchett:)
“All right,” said Susan. “I’m not stupid. You’re saying humans need… fantasies to make life bearable.”
REALLY? AS IF IT WAS SOME KIND OF PINK PILL? NO. HUMANS NEED FANTASY TO BE HUMAN. TO BE THE PLACE WHERE THE FALLING ANGEL MEETS THE RISING APE.
“Tooth fairies? Hogfathers? Little—”
YES. AS PRACTICE. YOU HAVE TO START OUT LEARNING TO BELIEVE THE LITTLE LIES.
“So we can believe the big ones?”
YES. JUSTICE. MERCY. DUTY. THAT SORT OF THING.
“They’re not the same at all!”
YOU THINK SO? THEN TAKE THE UNIVERSE AND GRIND IT DOWN TO THE FINEST POWDER AND SIEVE IT THROUGH THE FINEST SIEVE AND THEN SHOW ME ONE ATOM OF JUSTICE, ONE MOLECULE OF MERCY. AND YET—Death waved a hand. AND YET YOU ACT AS IF THERE IS SOME IDEAL ORDER IN THE WORLD, AS IF THERE IS SOME…SOME RIGHTNESS IN THE UNIVERSE BY WHICH IT MAY BE JUDGED.
“Yes, but people have got to believe that, or what’s the point—”
MY POINT EXACTLY.”
I believe everyone should read Chris Grey’s latest blogpost alongside this by David Green and then ask where this all ends.
A knighthood for Mr Bates is not a solution.
Another amazing post for the non legally literate, like myself. Thank you so much for the exemplary clarity, and forensic sway.
It is shocking that before 1999 there so few prosecutions of sub postmasters and mistresses. Then there was this explosion in prosecutions, so either the Post Office had either employed the UK arm of the Mafia, or there was something else wrong.
So where was the government oversight as the court cases increased, where was the Post Office internal HR as the disciplinary cases stacked up, where was the legal insight as the courts backed up.
The Post Office are culpable, however the patterns were there for all to see, the change in the number of prosecutions where there for all to see.
So politicians of all colours, lawyers and journalists all are to blame. As with all state scandals from; Hillsborough to the NHS Blood scandal, from Orgreave to Widnrush, from Orgreave to Grenfell, those with nothing will never and have never be supported to fight the state.
This is why there will be another scandal and there will another TV Drama showing up how people somewhere have been totally wronged for too long and everyone will be shocked, again.
You ask, very reasonably, why the leap in prosecutions did not ring alarm bells. I think the point has been made that the belief at top levels was that Horizon was revealing formerly unsuspected levels of fraud by SPMs. This reveals something rather disturbing about the PO’s views of its colleagues but I suspect many top executives might have similar opinions of their low-level workers. You might well think that reflects something rather unpleasant about their views of human nature, including their own. I couldn’t possibly comment.
I have wondered the same as Steven, why they did not question how strange it was that suddenly so many SPMs were behaving dishonestly. And your reason, that they thought Horizon was merely disclosing previously undetected widespread fraud, is the only reason I could come up with. You say that this point has been made before: has it been an official response, or merely speculation from observers trying to rationalise why senior bods at the PO would not question why they suddenly apparently had hundreds/thousands of fraudulently behaving SPMs?
Speculation – which I regret I am unable o source at this point.
I have to say I have seen nothing whatsoever that could amount to a reasonable response by the Post Office to this scandal: nothing beyond “mistakes may have been made; lessons will be learned!”
I don’t like to think of myself as vindictive, but I do seriously believe that some very high profile names need to appear in the dock, or we will never get to the bottom of this scandal. I don’t mean the technical shortcomings but the failures in management and procedures that made the technical problems – literally – lethal.
From memory, when first passed, the Health & Safety Act 1974 terrified all levels of management because (for the first time ever?) they could see THEMSELVES facing jail terms for injuries and deaths previously accepted as normal happenings in business operations.
There were well-resourced systems for enforcing managerial accountability (active involvement of the workforce’s union representatives in safety management, free access for all to tribunals and proactive Factory Inspectors and Health & Safety Commission.
If we had laws and support systems that extended the H & W Act approach to ALL functions of management (IT, accountancy, HR etc) then we might be able to stop future Post Office and similar scandals at an early stage.
Yes.
Plus you need to throw in a considerable dollop of class prejudice and racism – after all these little SUB-postmasters were not real honourable postmasters, they were just grifters who it was expedient to employ, and who were bound to be on the take.
Thanks for the post! As a non-lawyer it was very helpful to me
Is there any chance that people at the PO, or Fujitsu, who withheld evidence, or prosecuted people with what they knew to be flawed/incomplete evidence, will be prosecuted? It seems like significant crimes must have been committed.
I heard today on Radio 4 that there are still issues and Horizon is still causing stress. How is this still the case?
Has Lord Neuberger been called to give evidence at the inquiry? If not, why not? Would be interesting to find out who said what and when/why from the horse’s mouth.
Thank you for this clear and incisive post which arrived just as we were watching the climax of Part Four of the ITV programme on catch-up!
I know no more of the legal background or basis than I have learned from this blog but I do have some experience of business computing and software going back to my first job as a systems programmer for ICL in the ’70s. I was never going to be a star of the programming world but I certainly came across GIGO then – and was regaled with stories about scams (not a word then in use) successful and not, that allowed computers ‘that never made mistakes’ to perform in ways that produced near-untraceable faults that could, sometimes, be turned to the advantage of an astute but unprincipled programmer. This turned out to be useful when, at the other end of my career, I was responsible for integrating the information system processes into a department of an international organisation responsible for distributing many billions of euros a year.
In 45 or so years I have NEVER met a computer expert who would assert that the computer (or rather the system of which the computer is the heart) cannot make mistakes. That the legal system should have chosen to adopt this as a principle is evidence (my Lord) of the deplorable lack of information processing expertise in our finest legal (and government) minds.
It is perhaps a general principle of life that the more expert a person becomes in his or her own field, the more trusting, indeed credulous, he or she is likely to be of presumed experts in other fields. If we remember that, we have learnt something, though not enough to compensate for the damage caused by you know who.
“ Suddenly politicians urgently told each other (and voters) that something must be done”
I think it was the Financial Times that best described this as “performative outrage”. Or perhaps it was Ian Hislop on Peston (which is worth a watch for the way he skewers the politicians).
I also think the legal community needs to take a long hard look at itself. The first five principles (of 7) for solicitors (barristers have something similar) are worth setting out in full:
You are required to act:
1. in a way that upholds the constitutional principle of the rule of law, and the proper administration of justice.
2. in a way that upholds public trust and confidence in the solicitors’ profession and in legal services provided by authorised persons.
4. with independence.
4. with honesty.
5. with integrity.
See much evidence of that here?
As Prof Moorhead said on Newsnight: whether the lawyers were lying or just misleading doesn’t matter, both are a breach.
How many more corporate catastrophes are needed before the Solicitors Regulation Authority admit (or are forced to admit by their supervisor, the LSB) that they are failing to do their job….?
Very much enjoyed your characterisation of Mr Justice Fraser. All the more so because you are not normally a sweary blog.
Also, as someone who occasionally has to write reports about complex issues for a living, reading the Justice’s Horizon Issue that you linked to, was a joy. Wonderfully clear and incisively written in plain English.
A very good summary. As someone involved in campaigning about disclosure failure by the prosecution, nothing about this post office scandal is a surprise for the reasons you identify. But with honourable exceptions as you point out, unfortunately the judiciary has failed miserably to support defence objections to disclosure failures. Miscarriages of justice are therefore inevitable as long as the judiciary lean against the defence and towards the prosecution on such matters.
I agree with you about the presumption in favour of acceptance of computer evidence, which is yet another example of how the system is skewed against the defence. Another example is the inference of guilt from silence.
Above all, though, as you illustrate in your excellent piece to fund access to justice, will continue the risk of injustice for the foreseeable future. Legal aid must be made available, otherwise legal rights of many ordinary people are in effect illusory..
And this is why it was so scary to watch, a corporate monster unfettered by law, cheerfully mowing down all who stand in its way. Reminded me a lot of dealing with the DWP
So many people have asked why politicians did not realise sooner that something was wrong with the Post Office prosecutions and the resulting convictions. Is no one bothered that the judiciary showed similar lack of concern? I do not know whether the sub-postmasters and -mistresses were tried in magistrates’ courts or Crown courts, but do the justices in each not talk to each other, compare cases and discuss the outcomes? Were they not curious about the sheer number of such prosecutions and their similarity? Had they no doubts about the Post Office evidence? I am ashamed to be so ignorant about our legal system; perhaps someone could explain the silence not just of politicians, but of judges as well – until the judgements of Sir Peter Fraser.
It is extraordinary how a well-made drama can change the national conversation. This is at “Cathy Come Home” level.
There certainly seems to be a degree of many people “just doing their job”, recalling Hannah Arendt’s famous description of “the banality of evil”. (Including, as I understand it, the Procurator Fiscal in Scotland, where the Post Office was not prosecuting privately.) Perhaps many were trusting that “the system” would work, and that someone else would spot and resolve any major problems.
But there also seems to be cases where incorrect and unjustifiable assumptions were made, lies where told, threats were made, and obligations such as disclosure were deliberately breached (or at least, the person responsible did not understand their obligations). Some people working at or for the Post Office knew they were doing wrong. Fujitsu knew there were bugs and many error reports, and they also knew they had the ability to amend branch records remotely and invisibly. And then gave evidence to the courts saying the opposite.
The prosecutions stopped, but other bad conduct at the Post Office continued after the “Clarke advice” in 2013, taking bad points in litigation for tactical reasons, often to put financial or other pressure on their opponents. The sort of old school litigation conduct that the Woolf reforms were mean to end. Ha ha. A clerk in holy orders surprisingly unconcerned about ethics.
This sort of approach continues today with their attitude to compensation. (See Dan Neidle today.) Not what they say, but what they actually do. Delay, deny, obfuscate, mislead.
As well as individual and systems failures, it seems to me there was and still is a massive cultural problem at the Post Office.
One element you have not commented on is the consistent failure of the judiciary to enforce prosecution disclosure obligations. This is not limited to the PO. If you read the excellent books by the Secret Barrister you will see that the problem plagues the entire criminal justice system. That they could rely on getting away with not disclosing probably encouraged the PO in its continued failures to do so
From the post: “Attempts by defendants to obtain disclosure were opposed by the Post Office and rejected by the courts.”
I do mention briefly in the post the failure of the courts to properly deal with disclosure applications – but you are right that a lot more could be written about this.
An excellent post, very informative; thank you!
I agree. For someone who has not been following the case in detail over the many years it is impossible to understand quite why it has produced such a horrible disaster for so many for so long. The analysis deserves wider circulation. Thank you for your efforts.
Also agree. For an ex PO employee who has been following the scandal for nearly a decade there are mixed feelings over the sudden political interest in an election year.
For some time I have anticipated a brilliant summary by DAG. I have not been disappointed.
Your comment about Sir Peter Fraser and his level of knowledge is very accurate – but I think of greater impact than people realise.
There is a dearth of knowledge across all levels – but especially across people in positions of responsibility – about how IT systems work and interact. Whether it’s judges, senior lawyers, MPs, civil servants, managers at the post office, or at any other business including banks. Which means they cannot really manage or deal with or spot problems in them. It’s a huge risk to every institution.
You are absolutely right Tom, we have a very serious public attitude problem.
Some time back the then home secretary Amber Rudd put it on public display when she told a Conservative fringe event, “I don’t need to understand how encryption works to want to deny its use to criminals.”
Our current foreign secretary as PM was similarly a champion of the dangerously stupid idea of banning encryption ( https://shorturl.at/agJX5 ). Encryption can be thought of as a digital padlock: Banning padlocks prevents honest people from securing their property and has no effect whatsoever on criminals who tend to ignore laws, especially unenforceable ones. It really isn’t that hard to understand. The big tech companies do and have elected to ignore our legislators and make themselves the sole protector of your digital security.
It’s hard to know which aspect of that is most frightening.
I am increasingly of the view that saying “I don’t understand IT” should get managers fired and MP’s recalled just as quickly as racist or misogynistic comments do these days. Ignorance is no excuse in the eyes of system administrators who need leaders to work with them to avoid reckless damage to people and property of the sort we see before us.
The Post Office scandal was fomented in an environment where the most powerful people in our country were setting a very bad example.
The public normalisation of claiming ignorance about how information technology works has cost lives.
There is nothing wrong with recognising ones own ignorance; that is why we have lawyers, doctors and other professionals to consult. It is not OK to ignore their advice or avoid seeking it simply because it is commercially or politically inconvenient. It is definitely not OK to state the fact of your own ignorance whilst simultaneously indicating you have no intention of doing anything about it.
Thanks to DAG for using a valid SSL encryption certificate that protects us while we use his excellent and important blog.
Completely agree with this comment – clearly not enough people understand the limitations of all IT systems. And that applies to senior executives and legal professionals. The consequences are profound as we can see here.
The system errors, particularly the Post Office’s over-zealous prosecution policy, is reminiscent of concerns over the RSPCA’s former prosecution policy and even police prosecutions before an independent prosecution service was established.
As an IT professional, I became aware of this case when first mentioned in Computer Weekly and have followed it with horror since. This article provides the greatest addition of useful knowledge that I have seen in one place.
The link to Mr Justice Fraser’s judgments is also useful.
This article by Alan Bates in the FT points out that the ability to get ‘litigation funding’ like the sub-postmasters did is now severely curtailed due to a Supreme Court judgement. And Ministers are dragging their feet about doing anything about it. Hopefully the current public mood will force them to act.
https://www.ft.com/content/1b11f96d-b96d-4ced-9dee-98c40008b172
Yes, but see this later article https://www.ft.com/content/3d089314-eb97-4e21-9101-962876c7d480
Absolutely agree with your analysis, and in terms of the lack of action by government and others over the years, much can be explained by the more general issue with software (and IT procurement) being “too difficult” for non-specialists to engage with. Lessons here for the debates over AI regulation.
Thank you for your detailed insight, clarity of thought and reasoning as well as the starkness of this written piece. Much appreciated.
As the father of a wronged sub postmaster and as someone, who in his professional life was a forensic accountant who acted as an independent expert witness in the Court of Session and Sheriff Courts in Scotland and the Commercial Courts in London and Cardiff covering cases involving professional negligence, fraud, personal injury and partnership disputes the inability of all the courts to accept so called independent experts giving evidence on behalf of the Post Office when these individuals were employed by Fujitsu beggars belief. No computer system is infallible, in my experience, and the Courts, with a very few honourable exceptions, questioned and requested evidence from the Post Office to prove that the system was free from bugs and errors.
,My son is one of a great number of sub postmasters and mistresses who were not charged provided they paid over the “illusory” shortfall. The derisory offer from the U.K. Government of £75000 to go away as recompense is shocking in the extreme. He lost his business, mental health, and his marriage due to the ineptitude and malevolence of the Post Office and Fujitsu and the Governments of all colours failing to correct a major miscarriage of justice which is part of a long line of miscarriages over recent years such as the infected blood scandal and so many others
I am reading the Horizon issues judgement, got as far as para 140, and even though I have followed the case over the years the behaviour of the post office is shocking me.
It’s just a litany of obfuscation and evidence-free circular reasoning.
It’s Emperor’s New Clothes stuff.
The judge pointing out the obvious truth that if a known error log entry is generated for an incident it cannot possibly be accepted that the system was working as expected is masterful.
Disclosure of error logs has been mentioned.
If error logs are a liability, a criminal organisation will write programs that do not log errors.
Errors might be of telephone lines or data entry, or assorted other events that are worth knowing about but not an indication of defective design.
Im gathering a team who have gone through similar. Please look out for me.
A particular problem about disclosure is inequality of arms. In order to get disclosure an applicant must know what should be available and also be able to produce a justification to a possibly not very helpful judge. For that they will often need expert assistance which in turn will have to be paid for. Legal aid rates, always assuming the applicant qualifies, are very low compared with more regular commercial work that appropriate experts can readily get. In addition these days the expert may find themselves under the regime of the Forensic Science Regulator and will have to pay in order to be certified – another reason for not wanting to take the work on. (Yes, I speak from personal experience in both criminal and civil matters).
Having gone through an employment tribunal as a ligant in person, I know how many barriers are put in your way during disclosure.
Be a lawyer or a judge you are tied up in knots and any justice is far away or found in deep pockets.
This is the legal analysis we’ve all been waiting for. It is masterly but, as I do not want to come across as sycophantic, I want to add a couple of extra points.
1. The Outsourcing system that has grown up following the Thatcher era makes it much easier to evade accountability and hide evidence. There always was a contractual / commercial reason to minimise the reality of software faults, so the relationship between the PO and its supplier needs to be investigated too.
2. I was engaged in pitching against Fujitsu for the Horizon renewal in 2014/15. All of us on my team knew about the scandal, what had caused it and why. It was absolutely common knowledge. I told the others “we can’t help but win this- Paula Vennells will end up in jail”. I was told, “don’t be naive: that’s exactly why we won’t win. how else will they cover their tracks?”
There is profound corruption at the heart of these contracts. It’s the next line of enquiry.
BUT Mr Green, you do a wonderful job. Please keep it up.
The use of closed source software, and a lack of a legal presumption that the program* is subject to disclosure, make it easier for an organisation run by the wrong sorts of people to prevent a clearly defective software system from being demonstrated as such.
The benefits of libre and open source software or even published source in this respect are often over-claimed, stopping prevention of examination doesn’t ensure errors are found, but it allows it. “To many eyes, all bugs are shallow” is catchy.
* Realistically, the source code, English-like statements later compiled** into nearly unreadable machine code – and comments, lines of description, advice to future programmers, and sometimes frustration, which don’t go into the executing program; and a hash*** of the operating program and of the source code as compiled independently which should be identical IE this is the version running.
** The compiler is a program. The better ones have their source code published, but for a frisson look up “the compiler hack”.
*** Cryptological check or security sum from clever maths. SHA2 for instance.
Doctor,
We need to make ourselves easier to understand. Requiring open source free to use code is no panacea, but it is prerequisite for systems that use it to be considered ‘reliable’ in a legally meaningful sense. We must work with our colleagues in the old professions to make our arguments clear and intelligible to an old person in a wig.
We can both cite examples of poor code that has been smuggled past millions of eyes for a long time. We both know that you can’t expect to avoid detection of faulty or malicious code for enough time to avoid fair legal consequences, provided you have shared it with the legion.
Thank you for your work.
… and I am guilty of being hard to understand above :) The second sentence should read:
Requiring open source free to use code is no panacea, but it is prerequisite for systems to use it if they are to be considered ‘reliable’ in a legally meaningful sense.
In reality, the issue is not with “closed source”, but instead one of how large-scale IT projects are negotiated – especially by the public sector. When the “wrong type” of people are involved – in the Horizon case, on both sides of the table – bad outcomes are certain.
We do need to ensure that experts, not generalists and certainly not only lawyers, are present at both sides of the negotiating table when negotiating contracts. Done properly, this means that proper acceptance procedures are adopted on behalf of the buyer, together with realistic warranties from suppliers. In cases where data integrity is important, specific measures need to be taken at contract time to ensure proper performance. These measures are not about legal wording, but about proper experts agreeing what the data integrity characteristics need to be and how a supplier will demonstrate at delivery time that their system achieves such criteria.
I used to work for ICL and we were capable of delivering very high integrity systems for very large customers. It is a matter of some regret that the people involved in Pathway / Horizon were not those who had previously implemented these systems.
Thank you for your work.
You write: “If it were for the prosecution to show that the evidence was sound – with, say, certification on pain of perjury and full disclosure of error logs, and so on…”
There are specific conditions that need to be met before it would be possible for an honest person to provide any such certification. Other commenters have alluded to the fact that software may be contrived to make it impossible to establish the truth value of assertions made about the results it produces. Furthermore, it can be designed to make it practically impossible to prove that such a contrivance was deliberate.
Certification on pain of perjury can and will be rendered valueless by dishonest actors.
Thankfully there is a way to keep people honest and software sound. It is a tried and tested mechanism without which the construction of the technological edifice on which our modern society depends would have been impossible. It is a strategy that is dismissed as a matter of course by most people and public institutions in the teeth of the evidence that shows it to be prerequisite to a fair and just world. We must recognise that proprietary software is by definition unreliable and is the real root of this specific evil and much besides.
Thank you for setting an example – even if you only did it to keep costs down – by using free and open source software written by the people for the people.
I will try a different “If it were …”
If it were so that public institutions were prohibited from using public money to finance the production of proprietary code whether directly or through acts of purchasing, the Post Office scandal could not have happened. We live in a world where half a dozen corporations have more power than nation states because our leaders think ignorance of the mechanisms used to produce wealth in quantities that provide the power pervert justice and democracy is an acceptable excuse for not addressing this utterly astonishing state of affairs.
It isn’t, and like Sir Peter Fraser, I have had enough of their obtuse nonsense. Our enemies who put the worship of Mammon before justice, sense and decency are powerful like none before, but we are legion.
In many of the prosecutions, the defendants were advised by their legal representation to plead guilty. My impression is that their legal representation just wasn’t able to actually defend their client against the resources of the PO, and they were simply managing that case as best they could.
There seems to be a mismatch in legal representation here that’s fundamental. SPMs couldn’t afford teams of lawyers and weeks of time to research the case. Yes, technically they are represented legally, but often they were left defenceless.
Some mention of immigration cases above (EUSS, where the government refused all demands for paper evidence of right to reside in favour of software). Note that in immigration cases (particularly asylum, but not only), ministers and MPs have consistently pushed to strip those on the sharp end of decisions even of the legal right to defend themselves, a process that sees its logical end in the moves by Jenrick and Braverman re the Rwanda bill.
As usual a beautifully crafted explanation of how flaws in the legal system aided and abetted the wrongdoings of powerful people and entities.
What stands out to me is the wave, the veritable tsunami of false accounting and theft that emerged in a very short space of time which went unnoticed as a tsunami and unchallenged as such.
Statisticians have a wonderful saying; one case could be a coincidence two cases is a pattern. If that is so, them what do 100s of cases make? And nobody, apart from the 100s of cases, questioned it.
Astonishing!
Goldfinger said, ‘Mr Bond, they have a saying in Chicago: “Once is happenstance, twice is coincidence, the third time it’s enemy action.” ’
I would hazard a guess that there was a period before fraud was suspected during which it was assumed the sub-postmasters were just having problems getting to grips with Horizon.
“There’s nothing fundamentally wrong with the software, the staff either don’t know how to use Horizon or are incapable of using Horizon.”
When an expensive piece of software like Horizon is rolled out, odds on any problems with it are down to human user error, I speak from experience, despite the software programmers themselves being human.
Thank you for this great analysis.
Unfortunately the failings of the legal system are not unique to this case. A previous example was a series of wrongful prosecutions of people on bail or probation for breaching curfew tag orders that were brought by companies like Serco that supplied the tags, provided the monitoring service, and when their own systems failed, prosecuted the unfortunate tag wearers – relying for “expert” testimony on the technical people who’d designed the tag in the first place. See blog posts here for the first case, and then here and here and cases in which people suspected of terrorism had cases against them fail.
Back in the 1990s and 2000s there was a similar series of cases involving ATMs where people who complained of phantom withdrawals were wrongly accused of being complicit.
There were also civil cases against bank customers where customers sued banks for their money back and failed, or where banks sued customers for money the customers said they hadn’t taken. The brutal inequality of arms in such cases led me to believe that the UK should abandon “costs shifting” – the rule that the loser in a civil case generally pays the winner’s costs. This has many pernicious effects. It not only shields banks and other large firms from their customers, but makes the UK a venue for libel cases brought by oligarchs against journalists and leaves much of antitrust law enforcement in the hands of sleepy regulators. We argued for the abolition of costs shifting last time the rule was reviewed but were of course ignored. Time for another go?
The CCRC has lost at least 40% of its funding since 2010. it is hobbled by having to predict the court of appeal’s decision on any case that it refers. One answer to the present fiasco is to make money available to the CCRC to hire scores of lawyers to handle P.O. Cases fast and send them to court. And maintain funding so the CCTC can do its job properly for the wrongful convictions that get less or no public attention.
Thank you so much for this. Would it be possible explore in more depth how (and perhaps why) it was possible for Sir Peter Fraser’s Judgment (No.6) “Horizon Issues” to be disabled for as long as four years. The Political as well as the Justice System, needs to acknowledge that, but for an accident of art, it could have been for very much longer.
ps: too many ‘that’s’
Can I ask what you think of the proposed so called Hillsborough Law campaign please David? Thanks
Having read the excellent ‘Show me the Bodies’ by Peter Apps, about the Grenfell fire and what led up to it, I am struck by the parallels of government and their agencies/contractors being able to obfuscate, ignore, and threaten with impunity up to and until something so significant happens that it becomes part of the public consciousness and only then is corrective action taken and can justice be done (maybe – it remains to be seen in both cases). How many more such cases are there?
Great article! One question regards your statement “It is not yet clear whether this was a deliberate and dishonest failing, or whether those with disclosure obligations simply did not know of information held elsewhere in the Post Office.”
I think it simply defies common sense for nobody in the entire prosecution team to not know that (a) incidents (faults) associated with computer systems are recorded, (b) to varying degrees the reason for the incident is documented (through processes known variously as problem management of CAPA etc), (c) records are maintained of reviews and tests conducted on software systems, (d) operators and system administrators will always have some access to the software systems and even the data, and that these processes will be documented with associated records of incidences where the processes are invoked and (e) that failure to have ALL of this may mean the organisation is in breach of data protection legislation and the basic requirements of ANY information security management system.
The law didn’t help with the Post Office’s last minute offer to settle either. As I understand this, very shortly before the Appeal Court was due to give its verdict on the “class action”, the PO made an offer that was low, but high enough that the union was forced to balance the risk to its other members against the probable judgement of the court.
This then forced the other claimants to accept too.
From what I have heard this sounds like a vicous final master-stroke by the Post Office.
It is indeed a horrible history and this was an interesting read. I do think that “No longer should any defendant be in the position of “computer says guilty”.” cannot be 100% maintained in a world that has coded a lot of behaviour in computer algorithms (paying a price in for instance agility, but also in transparency). A speeding ticket that is fully automated should stand. IT is fundamentally brittle (as it is logic, and logical mistakes are easy to make, nor can you catch all of reality in logic), so the requirements for “computer says guilty” must be very high indeed — but you cannot exclude “computer says guilty” for the full 100%. Having said that, when I was head of digital forensics, ages ago, our expert witness gave evidence of unreliability of a conclusion drawn from network records (the records themselves were reliable in that case, but they were not conclusive as they were assumed to be by the prosecution — another way in which this can go wrong), which got a conviction overturned on appeal. So, reliability of (conclusions from) computer data is something that should always be investigated.
An automated speeding ticket is a really good example of when NOT to fully automate (at least not without a human appeals process).
Computer number plate recognition still makes mistakes. I saw one recently where a plate had been cut off by the camera and the owner of a private number plate got the ticket instead of the Coach owner…
Speaking as a techie – no technology process should be fully automated.
It depends on how ‘good’ the (IT-run) decision process is and how ‘friendly’ the (human-run) appeals process is.
If errors are very rare and appeals is easy, it is fine. You’ll still find a few examples of errors, but there are no error-free processes, nor should you require them. This (good) story is relevant/related: https://davekarpf.substack.com/p/on-substack-nazis-laissez-faire-tech (“what is the maximum amount of mouse poop that ought to be allowed in your breakfast cereal?”)
I took your advice and started reading the “Horizon issues” judgement. 2 hours last night, another hour today, I’m up to point 514 and suspect I have many more to go.
In a way it’s a waste of my time (I’m in my fifties with 2 kids of 6 and 3, time is a rare commodity)… But.. It is an incredibly well written and fascinating document. I do hope it only goes to point 700 or so, not 2,130 ;)
Thanks for the link though (and I’m glad I’m not Mr Parker. He doesn’t come out well so far).
I think this is excellent. One thing it would be interesting to know is how the levels of prosecutions/convictions in Scotland (where PO private prosecutions aren’t allowed) compare with E&W – and if the rules for disclosure & “the computer is right” in Scotland are the same or different. I’ve not seen any reporting on the relative numbers of convictions in Scotland, but there seem to be a substantial number of them – and it’s not really possible to fully look at systemic issues (and how to fix them), without knowing what systems have produced them.
I am very uncomfortable with the concept of private criminal prosecution. It seems to fly in the face of my sense of justice, particularly Blackstone’s formulation. If the proper prosecuting authorities are not minded to bring a prosecution, then why should a private entity (with money) get a shot?
Perhaps there are some sensible cases for this, but it cannot be right that an organization which is coloured by the state is able to bring scattergun prosecutions with barely any oversight. As pointed out, there is no attempt to square this activity with the public interest. It is simply wrong in all respects, for which we should all feel a resounding sense of shame in our legal system which permitted this.
Did the Horizon system never produce any unexplained surpluses?
If so, would the PO have accepted them?
Yes it regularly produced surpluses which went in a Suspense Account and then to the Post Office’s P&L in due course.
If the DPP is required to scrutinise any private prosecution brought to their attention as potentially having insufficient evidence to proceed (such as the theft charges) then why didn’t the individual defence lawyers of the sub-postmasters take advantage of that referral process and involve the DPP, the only person with the power to stop it – indeed the obligation to stop it – in those circumstances? Why didn’t they? (Or did they and we haven’t found out yet?)
Because most defence lawyers are overworked, and at the lower end of the what people can afford are lacking in experience. When Paul Chambers was charged with an offence against s127 of the Communications Act 2003 for his ill judged tweet about Robin Hood Airport, the CPS prosecutor (who ought to have known better) convinced his lawyer that it was strict liability, and so he pleaded guilty. It certainly was not, and nor did anyone at the time pick up on the leading authority of DPP v Collins, until DAG came along. This, like that, is a travesty.
I wanted to add a note on the comment that Post Office has no special rights on prosecutions.
It does have two unusual rights:
Post Office Limited has access to the Police National Computer (PNC) which allowed them to lookup confidential details of the subpostmasters and indeed they could also write information to it too.
In Scotland, the Post Office is one of the 70 or so organisations which have the right to write a report to Procurator Fiscal, which is the process for requesting a prosecution. It is though up to the PF whether or not a prosecution is appropriate, and if so the PF will conduct the prosecution.
A further factor in this miscarriage of justice is the significant number of defendants who plead guilty, presumably due to the duress of facing imprisonment. There has never been a better case to demonstrate the failure of the courts to correctly determine the facts while admissions of guilt carry sentencing weight. In a truly adversarial system of truth finding this bias generating step would not be admitted. And furthermore in the sub postmaster’s case if this option was not present then the facts about Horizon are likely to have been tested earlier.
Thanks DAG,
You take the trouble to mention the private nature of the PO prosecutions and discuss it for a couple of pages. I worry that this is being put forward as an excuse and that some think that stopping PO private prosecutions will help to fix whatever caused the injustices.
Trouble is – In Scotland where the prosecutions were all carried out by the public prosecution service (Procurator Fiscal) the conviction rate per head of population was EXACTLY the same as in England and Wales. 70 in Scotland and 700 in England and Wales. This is close to the ratio of the populations.
The observation regarding the similar rate of prosecutions suggests to me that problems in the subpostmaster convictions lie elsewhere from fact of the Private Prosecutions.
Scotland’s Chief Legal Officer, The Lord Advocate published a statement about the PO Scandal on 16 January 2024.[1]
“prosecutors received assurances that the system was robust. These were assurances that prosecutors, without the benefit of hindsight, were ENTITLED to take at face value.” (my emphasis)
Of course this exemplary lack of curiosity, shown also by the PO prosecutors in England, essentially doomed the hapless victims of the PO and its mafia.
Could the problem be that an adversarial system of justice will always favour the strong over the weak?
[1] https://www.copfs.gov.uk/about-copfs/news/lord-advocate-s-statement-to-the-scottish-parliament-on-post-office-horizon-it-prosecutions/
Also at:- https://archive.is/hJ8AX
Thank you for this observation.
As someone who has worked with computers, including managing their integration into very high stakes public expenditure control, I find it frightening that anyone in a position of authority but not expert knowledge should state that people are entitled to take computer output at face value – particularly if lives and liberty are at stake,
Has anything been done to reflect on the wider implications of this affair, as it relates to the treatment of ‘computer evidence’ in court?
A large piece of the problem was that horrible people had got in charge.
They won’t have changed, and (absent extraordinary evidence to the contrary) won’t change.
For the protection of the rest of us, and the efficient working of State and business, they should be prevented from authority.
I think you miss the most obvious legal error of all.
One that taints judges, barristers and solicitors in the hundreds.
It is this simple….
Gareth Jenkins of Fujitsu infamy produced his boiler plate expert witness statement(s)….except they were not civil or criminal law compliant as they did not have the required blocks of text stating they were prepared in compliance with the relevant rules. Yup, they were clearly inadmissible.
How did any competent defence solicitor / barrister miss that. Any judge should have ruled them inadmissible.
How was it that a grand to total of, I think, three judges mused that if digital evidence was required an independent expert needed to be instructed. The musing was enough in all three cases to have proceedings dropped. That tells you all you need to know. Everyone involved in the prosecutions knew that the ‘facts’ could not be put under the microscope of proper independent expert opinion.
That’s … horrible.
The government as sole shareholder fought their own post masters tooth and nail. That’s the reality. No getting away from it. The government given it’s power and resources should be a model litigant not an aggressive win at all cost litigant. Hopefully Sir Wynn will strongly remind the government of it’s culpability.
“If it were for the prosecution to show that the evidence was sound – with, say, certification on pain of perjury and full disclosure of error logs, and so on – then it is unlikely that many of the Post Office prosecutions could have taken place.”
Forgive me if I’m wrong, but didn’t the Post Office have an expert repeatedly testify, on pain of perjury, that Horizon was “robust”?
The key point to realise here is that “robust” does not mean “error free”.
There are no software systems in existence that are “error free”, but there are those that provide features to detect when errors occur and so enable the possibility for the errors to be resolved and perhaps for the software that caused the error to be corrected.
Many systems have known errors that persist for months, years or even decades. They are never fixed – mostly because the costs and risks of fixing them are disproportionate compared to the error themselves.
The Post Office knew from inception that the Horizon system was not and could not be error free. They understood that one area of risk was keeping the counter systems and the central systems synchronised – and that the systems would never be synchronised at any time.
This may be a surprise, but that’s how distributed computing systems work. The most that can be said is that the central systems contain a snapshot of the counter systems at a point in time. The reverse is also true.
Horizon is a robust system, it always was. It was never, ever “error free”.
The issue that the Post Office has is that they treated Horizon as being ‘error free’ when it was simply robust. Perhaps they did not understand the difference – but that is perhaps why they need to be dealt with by the legal system?
A judge found categorically that the Horizon system was not robust. Furthermore, anyone with direct working knowledge of the system ought to have known that. As an IT expert, I have read the judgements and it is quite clear that the system was not in any way robust and that the IT experts for the Post Office and particularly Fujitsu were not being truthful.
I disagree with you and the judge.
Systems are never “error free”, and as an “IT expert” you should know that.
I am a computer scientist with over 40 years experience. I have designed robust systems orders of magnitude bigger than horizon. They were never “error free”.
The judge may well have used a different definition of “robust” to that used in the contract between the Post Office and ICL Pathway. The contractual definition is the one that matters.
I know about the system design – it was state of the art for its time. It was designed to be robust to failure. Did errors arise? For sure. Bugs? For sure.
The real issue is that “It experts” and lawyers do not understand the difference between “robust” and “error free”. The post office didn’t either – it knew there were errors and deliberately withheld that from defence lawyers and instead embarked on a series of prosecutions that had no proper evidentiary basis.
I never said error free, and neither did the judge. If you had read the judgements, you would know what definition of robust the “judge may well have used”. You should read them. They are forensic and masterful and worth the time. Believe me, I well understand the difference. I have 25 years experience in software engineering of distributed systems.
Your “real issue” is nothing of the sort. You know about the system design? Does that imply that you’re an insider defending it? It’s a bit late for that. Even Fujitsu are no longer defending it as it was then.
However it was designed, it was not operating in a robust manner. I could give examples, but I won’t because the judgements are extremely thorough. As a transactional accounting system, Horizon fell woefully below standard. As the judge opined, continuing to claim the system was robust is the 21st century equivalent of claiming the earth is flat.
“Forgive me if I’m wrong, but didn’t the Post Office have an expert repeatedly testify, on pain of perjury, that Horizon was “robust”?”
You’re not wrong, but this came up during the class action. The so-called robustness of the Horizon system was not effectively challenged during the prosecutions, nor could it feasibly have been. This is why the burden is on the wrong side.
The burden of proof that a system is working should be on the part of the system owner, No system is ever “error free”.
Full disclosure of all known errors, faults etc. should be disclosed to the opposing party.
Has this been the case, no prosecution could have been successful I suspect.
I agree. However, that is not currently where the burden lies. Please stop saying “error free”, as that is not at issue. Robustness is about fault tolerance, which already acknowledges the existence of errors and faults.
I agree that the burden is on the wrong side – and stated that.
“Error free” is precisely the issue. The system design – having been done in around 1996-7 was robust by design. The implementation was not error free. If you think there is something not “robust” (in late 1990’s terms) about a system design with workstations with fault tolerant memory and storage running on NT3.5 (best you could get for the price at the time) and a dual resilient pair of geographically separated server farms running on fault tolerant HP hardware under HP-UX, then you are simply dreaming. (All of the above is in the enquiry documents if you care to read them).
I may just understand rather more about fault tolerance than you might imagine.
I have read the judgements, and can see a number of issues with them. From a strict standpoint the system was not, and is not, robust – but by the same standard, no system is ever, or ever can be, robust. If you knew about system design, you would know that ‘system robustness’ comes down to reducing the chance of undetected errors, not making them 100% error / fault free in all circumstances.
“Believe me, I well understand the difference. I have 25 years experience in software engineering of distributed systems.”
Yawn. I have around 40, serving millions of online endpoints. Systems I have designed an worked on have delivered rather well for decades. Your experience started past the point that Horizon was designed and delivered.
Now, I’m not an insider on the system implemented but did understand only too well how the project was resourced and how the BA / Post Office fall out happened. In fact, you can read it all in the enquiry documents.
What do I actually think?
The system was designed to be robust using (for the time) state of the art components (software and hardware). It dealt with the non-persistent data networking that had to be used (ISDN at best, dial up at worst) and for the most part worked, and does work still, quite well. At no point was it error free, and the Post Office knew that. Indeed, the errors were in the very part of the system that dealt with ‘balancing’, and some of the code involved was distinctly poor quality.
All in all, the system had many errors, some affecting the data integrity of some transactions. The post office should have taken account of this when considering prosecutions. In particular, ICL did not ever represent that the system was 100% fault free – indeed the monthly support minutes show that the post office knew of faults.
If Horizon were re-implemented with modern technology, many similar faults would be recreated. To claim otherwise would be disingenuous.
To close, my “real issue” is indeed real. Pretending that systems like Horizon could ever be 100% robust, particularly when amateurs are making the judgements, is simply wrong. That you don’t understand that point makes my point rather well.
My friend, you are the only one using the term “error free”. It is your issue, not THE issue. Post Office were not led to believe and did not believe that Horizon was error free. They were told that it was extremely unlikely that errors in Horizon were responsible for the shortfalls that had been detected and corrected. They were given faulty information about error correcting procedures that were in place and standard. They were assured that certain interventions by Fujitsu which were in fact commonplace were not actually possible. Even one of the ex-Fujitsu witnesses was take by surprise on that.
This is not poker. Your 40 years in computer science is not a royal flush that beats my 25 years as a software engineer. I have worked in senior roles over the last decade and a half and I conceivably have more relevant recent experience than you do.
I also find it interesting that you have described your experience as computer science. The engineers design, build, and sustain the systems and applications at the coal face. I know what I’m talking about. You might know what you’re talking about, but you don’t appear to know what I’m talking about for some reason.
I also don’t really understand what point you’re trying to make. You seem to be suggesting that robustness is strictly a design issue as opposed to an implementation issue. I don’t accept that at all. Now you’re arguing against some notion of 100% robustness. This straw man is growing larger.
The issue of robustness comes up in question 3 of Accuracy and Integrity of Data: To what extent and in what respects is the Horizon System “robust” and extremely unlikely to be the cause of shortfalls in branches?
The meaning of robustness is explored in great detail in paragraphs 36-56 of the Horizon Issues under its own heading. The experts issued a joint statement in which there was partial agreement and some disagreement. The respondents took some time providing their definition of robustness. It did not come down to any definition provided in any contract.
In paragraph 54, judge Fraser summarises the concept of robustness:
“Robustness is indeed an engineering concept. It means the ability of any system to withstand or overcome adverse conditions. A robust system is strong and effective in all or most conditions. The robustness of a system is the effectiveness of the system in managing the risks of imperfections (which are inevitable in any system) and their consequences; this is the same meaning as how robustness was described in the Post Office’s written submissions dated 18 July 19. Robustness does not mean perfection.”
I really don’t see anything wrong with that. He has demonstrated a very good grasp of the technical issues.
Jason Rogers you have 40 years experience, Matt Flaherty has 25. That would suggest you are (or nearly) retired and Matt is in his prime. And technology is a fast mover.
Mary Rich – wisdom is something the young lack is it not?
Further, I’m still very active in the technology world. If you knew anything about it, you would know that the actual pace of change is somewhat different to the marketed rate.
I also have direct knowledge of the Horizon situation which people like Matt Flaherty do not. In particular his retrofitting of more modern technology to a system designed in the early 1990s is a typical mistake made.
No, Jason. You’re using the wrong definition of robustness. You haven’t actually defined it, but the way you’ve described it is not coherent. This wiki page, on the other hand, is:
https://en.wikipedia.org/wiki/Robustness_(computer_science)
Let’s not pick this scab. I can only imagine the replies that did not get through the filter.
I’m confident that I know the accepted definition of software system robustness. Wiki backs me up. Experience is important, but after decades, the difference in length of experience is not so important.
I think I perhaps misstated it slightly, so I’ll make a couple corections. Robustness is only a design consideration to the extent that it factors into design decisions. It is an implementation consideration when a methodology is chosen, say test driven development, which improves code quality, reduces defects, and encourages maintainability. It is most certainly an operational consideration.
Robustness is ultimately measured on how well a system operates. Robustness on paper means nothing, because nothing operates on paper. Robustness can improve or worsen when software is modified.
I am now closing down this exchange, giving Matt the last word.