UK Post Office & Fujitsu
-
The fact that's always amazed me is that the Post Office management worked on the assumption that the computer system (Horizon) was always correct. I've worked in IT for about 40 years and currently support a legacy system which is slowly being replaced (and which I've written large parts of in the past). At the last estimate, it has a few million lines of code (C#, SQL, Javascript, etc), which some may not consider that large, but is large enough that few people could understand everything it does. It handles several tens of thousands of stock movements and financial transactions every day with the value running into billions annually; there are quite a few single transactions which are worth hundreds of thousands of pounds. If I get a report that there's an imbalance, my first thought is to check the transaction logs, code etc, and try to determine if there's a bug or a data error which might cause the issue. I do NOT assume the user is at fault except as a last resort. I find it hard to believe that the Horizon system was taken to be infallible and that people were convicted almost entirely on the basis that it had to be correct, while there was apparently little or no attempt to trace the 'supposed' stolen funds. If they'd taken the money, surely there'd be evidence of where it had gone? And the fact there there were hundreds of such cases, but no-one thought it odd that so many people who'd been loyal postmasters for decades suddenly had imbalances in their accounts after a new computer system was introduced, and no-one publicly considered that the system might be wrong beggars belief! Perhaps it's because I have worked in IT so long that I am always suspicious of the computer system first and the user second. Maybe the common man (or senior post office manager?) thinks "it's a machine exactly following its instructions so it must be right" while, as an IT person, I think "what instruction has someone given the machine now which makes it report the wrong information?".
Exactly this. What I also find surprising is that out of the hundreds of accused, some of which were very small post offices, not one sub-postmaster had kept a separate record of transactions for manual reconciliation - even right after the introduction of Horizon. Given that sub-postmasters are indeed responsible for their accounts, I'm amazed that no-one had kept such an audit (effectively carrying on the previous manual record keeping that Horizon replaced) - which, whilst not proof that fraud was not involved, would have at least provided evidence to any investigation. This issue has been rumbling on for so many years; I think I recall reading about the root cause quite some years ago, and periodically individual cases have been reported in the press - even national television - for ages. It's telling, and very sad, that it takes a "drama" on TV to finally get it into the general consciousness and give it the attention it's always deserved. Even then the issue has focussed on "remote access" and manual adjustments, rather than the actual bugs that caused the need for adjustments anyway. The last major system I built from scratch, the VERY FIRST thing I did was build a logging system so that everything could be tracked and debugged. On the database, for every table, before writing insert/load/update stored procedures, I wrote a couple of triggers per table that logged each and every data change (whether made by the application or by any other means). If these steps had been taken at Fujitsu, it might not have made detecting bugs easier, but would have provided evidence to assist in debugging and in identifying the source of changes to data.
But as the Guardian reported last week:
One member of the development team, David McDonnell, who had worked on the Epos system side of the project, told the inquiry that “of eight [people] in the development team, two were very good, another two were mediocre but we could work with them, and then there were probably three or four who just weren’t up to it and weren’t capable of producing professional code”.
Telegraph marker posts ... nothing to do with IT Phasmid email discussion group ... also nothing to do with IT Beekeeping and honey site ... still nothing to do with IT
-
A minor quibble, but I think it's important:
Alister Morton wrote:
the surviving postmasters and mistresses are to be pardoned
They are to be aquitted and exonerated. "Pardoned" suggests that they were guilty but are being "let off". I'm sure you didn't mean to imply that. They were and are, in almost every case, completely innocent.
Phil
The opinions expressed in this post are not necessarily those of the author, especially if you find them impolite, inaccurate or inflammatory.
Yes, you're right, exonerated rather than pardoned.
-
Exactly this. What I also find surprising is that out of the hundreds of accused, some of which were very small post offices, not one sub-postmaster had kept a separate record of transactions for manual reconciliation - even right after the introduction of Horizon. Given that sub-postmasters are indeed responsible for their accounts, I'm amazed that no-one had kept such an audit (effectively carrying on the previous manual record keeping that Horizon replaced) - which, whilst not proof that fraud was not involved, would have at least provided evidence to any investigation. This issue has been rumbling on for so many years; I think I recall reading about the root cause quite some years ago, and periodically individual cases have been reported in the press - even national television - for ages. It's telling, and very sad, that it takes a "drama" on TV to finally get it into the general consciousness and give it the attention it's always deserved. Even then the issue has focussed on "remote access" and manual adjustments, rather than the actual bugs that caused the need for adjustments anyway. The last major system I built from scratch, the VERY FIRST thing I did was build a logging system so that everything could be tracked and debugged. On the database, for every table, before writing insert/load/update stored procedures, I wrote a couple of triggers per table that logged each and every data change (whether made by the application or by any other means). If these steps had been taken at Fujitsu, it might not have made detecting bugs easier, but would have provided evidence to assist in debugging and in identifying the source of changes to data.
But as the Guardian reported last week:
One member of the development team, David McDonnell, who had worked on the Epos system side of the project, told the inquiry that “of eight [people] in the development team, two were very good, another two were mediocre but we could work with them, and then there were probably three or four who just weren’t up to it and weren’t capable of producing professional code”.
Telegraph marker posts ... nothing to do with IT Phasmid email discussion group ... also nothing to do with IT Beekeeping and honey site ... still nothing to do with IT
Humans are imperfect and messy. Software fails. But so do bridges and buildings. Even waste dumps. So do big and small businesses. So do government officials, armies, police forces, intelligent agencies, etc. Even entire countries. The reasons are very seldom simple. Corruption, ignorance, mismanagement, sickness and others play a role. Hindsight is great but it doesn't translate into foresight. It isn't a matter of having no failures. Best one can hope for is that at least they will try to do better at least for a short time.
-
Perhaps I have viewed too many movies and TV series legal dramas but it seems to me the defense attorneys should have investigated the Horizon code.
It wouldn't have helped. The evidence is that the Post Office ad possibly Fujitsu lied to cover themselves. They also prevented an IT company from carrying out forensic work on behalf of the victims.
-
Humans are imperfect and messy. Software fails. But so do bridges and buildings. Even waste dumps. So do big and small businesses. So do government officials, armies, police forces, intelligent agencies, etc. Even entire countries. The reasons are very seldom simple. Corruption, ignorance, mismanagement, sickness and others play a role. Hindsight is great but it doesn't translate into foresight. It isn't a matter of having no failures. Best one can hope for is that at least they will try to do better at least for a short time.
Exactly. That's why we as developers need to instrument our systems so that they are traceable and debuggable, track changes and so on. The issue with the Post Office was that their management, (and / or Fujitsu's) refused to acknowledge that their software was fallible, and therefore - even if it existed - failed to use the diagnostics to find out what had gone wrong. The only "culprit" left, therefore, were the users - the sub-postmasters. To what extent that refusal to accept that Horizon might have bugs was down to naivety, ignorance or stupidity, and to what extent it was deliberate, will hopefully come to light in the not-too-distant future.
Telegraph marker posts ... nothing to do with IT Phasmid email discussion group ... also nothing to do with IT Beekeeping and honey site ... still nothing to do with IT
-
It wouldn't have helped. The evidence is that the Post Office ad possibly Fujitsu lied to cover themselves. They also prevented an IT company from carrying out forensic work on behalf of the victims.
This is a good article on the subject of the software and the team at ICL from Computer Weekly Team working on controversial Post Office Horizon EPOSS software was the ‘joke of the building’ | Computer Weekly[^]
-
Exactly this. What I also find surprising is that out of the hundreds of accused, some of which were very small post offices, not one sub-postmaster had kept a separate record of transactions for manual reconciliation - even right after the introduction of Horizon. Given that sub-postmasters are indeed responsible for their accounts, I'm amazed that no-one had kept such an audit (effectively carrying on the previous manual record keeping that Horizon replaced) - which, whilst not proof that fraud was not involved, would have at least provided evidence to any investigation. This issue has been rumbling on for so many years; I think I recall reading about the root cause quite some years ago, and periodically individual cases have been reported in the press - even national television - for ages. It's telling, and very sad, that it takes a "drama" on TV to finally get it into the general consciousness and give it the attention it's always deserved. Even then the issue has focussed on "remote access" and manual adjustments, rather than the actual bugs that caused the need for adjustments anyway. The last major system I built from scratch, the VERY FIRST thing I did was build a logging system so that everything could be tracked and debugged. On the database, for every table, before writing insert/load/update stored procedures, I wrote a couple of triggers per table that logged each and every data change (whether made by the application or by any other means). If these steps had been taken at Fujitsu, it might not have made detecting bugs easier, but would have provided evidence to assist in debugging and in identifying the source of changes to data.
But as the Guardian reported last week:
One member of the development team, David McDonnell, who had worked on the Epos system side of the project, told the inquiry that “of eight [people] in the development team, two were very good, another two were mediocre but we could work with them, and then there were probably three or four who just weren’t up to it and weren’t capable of producing professional code”.
Telegraph marker posts ... nothing to do with IT Phasmid email discussion group ... also nothing to do with IT Beekeeping and honey site ... still nothing to do with IT
Even if they had kept manual records, I suspect the Post Office staff sent round to interview them would have ignored any evidence, or used it to imply the manual records were to cover up the fraud. These interviewers were bullies, using scare tactics beyond anything our esteemed police forces would use.
-
Private Eye have been reporting this since about 2011 I think, certainly a long time. Suddenly it's all blown up, due in no small part to the docudrama "Mr. Bates vs The Post Office" and everyone is suddenly very agitated as if it's only come to light. This was going on through three changes of government (Lab, Con-Lib, Con) the P.O. and Fujitsu repeatedly lied about the issues. Suddenly it's the most important home issue for the government (this being an election year may have some bearing) and at last the surviving postmasters and mistresses are to be pardoned and compensated. It's a national disgrace.
It's exonerated, their criminal records will then be expunged, hopefully the software for this works. The issue is that Parliament are bypassing the court system to do this and this sets an awful precedent. The political independence of the courts are bypassed, could Parliament decree a person's guilt at some future date? Perhaps a member of the judiciary could be used to oversee the exoneration process. Also, some numpty has said that one or two might actually be guilty. Now there will be the possibility of the innocent being tainted with suspicion anyway.
-
Exactly. That's why we as developers need to instrument our systems so that they are traceable and debuggable, track changes and so on. The issue with the Post Office was that their management, (and / or Fujitsu's) refused to acknowledge that their software was fallible, and therefore - even if it existed - failed to use the diagnostics to find out what had gone wrong. The only "culprit" left, therefore, were the users - the sub-postmasters. To what extent that refusal to accept that Horizon might have bugs was down to naivety, ignorance or stupidity, and to what extent it was deliberate, will hopefully come to light in the not-too-distant future.
Telegraph marker posts ... nothing to do with IT Phasmid email discussion group ... also nothing to do with IT Beekeeping and honey site ... still nothing to do with IT
DerekT-P wrote:
refused to acknowledge that their software was fallible,
Very, very rare in my experience that organizations admit to failure. Individual humans are more likely to admit to failure but are very resistant to it even so. The likelihood of either goes down as complexity goes up.
-
DerekT-P wrote:
refused to acknowledge that their software was fallible,
Very, very rare in my experience that organizations admit to failure. Individual humans are more likely to admit to failure but are very resistant to it even so. The likelihood of either goes down as complexity goes up.
Thankfully, yes very rare. That's part of what makes this scandal so shocking.
Telegraph marker posts ... nothing to do with IT Phasmid email discussion group ... also nothing to do with IT Beekeeping and honey site ... still nothing to do with IT
