Post Office CTO had 'nagging doubts' about Horizon system despite reliability assurances The former CTO of the Post Office had "nagging doubts" about the Horizon system at the center of one of the most far-reaching miscarriages of justice in UK history, yet he continued to sign off statements to MPs attesting to its security and reliability. Horizon is an EPOS and back-end finance system for thousands of Post …
But I'm not going to.
People were jailed, wrongly, people had reputations and lives destroyed, some are sadly no longer with us due to this crusade against them.
Protecting a brand, when it was known to be flawed, then going on to prosecute people to this extent is morally reprehensible and legally shocking!
Post Office need to have all of the BS "rights" to prosecute removed, if that hasn't happened already.
Exactly this, the Post Office Management should never have been let near investigation and prosecution of suspected fraud cases.
The problem with Government (and quasi government stuff like this) is Politicians always see IT as a "magic wand" that will automatically stop fraud etc. which they believe is rife among us serfs.
When they see a lot of apparent fraud they don't stop to think "hang on maybe it's the computer system" they gleefully take the opportunity to clean up Dodge City and claim the result as a win (In any case admitting you spent multi millions on something flawed is not something they will readily admit to), and for the supplier to openly admit to problems on a project earning millions, well it's a brave person who'd scream it from the rooftops, most companies usually assume they will fix the kinks on the fly, hence altering data, "just this once and we'll find and fix the bug, probably something simple!".
They should have had an independent dedicated investigation unit with police officers with experience in this field (City of London Police are the UK experts in financial cases I believe), together with software engineers experienced in investigation to actively look for possible bugs (would never happen up front as would be too expensive, also admitting that data could be flawed and results less than perfect would not be their first choice)
Therefore you had a perfect storm, all the parties who should have looked for potential problems had no incentive to, and this for a project which when it was begun was heralded as the largest non military project in Europe, think how many post offices and sub post offices were involved (about 14,000 Post Office branches according to Computer Weekly), hundreds of cases merge into the background when there's thousands of offices/transactions involved:
It will probably happen again when some politician kicks off another grandiose scheme to "stop fraud" or "bring more efficiency", already happened multiple times before with DWP, HMRC and others
https://www.computerweekly.com/feature/Post-Office-Horizon-scandal-explained-everything-you-need-to-know
The issue is not that he received assurances from his senior team and Fujitsu, but that he did not check the basis on which those assurances were made. he did not ask for an independent technical security assessment report, or even an audit to ISO27001 by a competent independent team. He just relied on what he was told without questioning it too hard. That is what some people would call 'sloping shoulders', I call it abrogation of responsibility.
A recurring theme people use in their defence is that 'someone else' told them the system was fine and that was that.
Who are these 'someone else'?? Why did even the head of IT have 'someone else' telling him everything was hunky dory?
Sooner or later names will have to be named, if it's not the head of IT then who was it?
On the otjher hand the reason he was paid so much is because "the buck stops here"
There's a marked reluctance to find C-levels legally responsible for company decisions but having seen laws passed to make such things possible, I've also seen _massive_ changes in company operating procedures to ensure that every I is dotted and T crossed
Bear in mind that "Limited Liability" only applies to shareholder financial risk. Management and board members can and should be found personally liable for criminal behavious and decisions
In some countries he'd be safer in jail than allowed to freely walk the streets, given what happened to the families of some of the people victimised
Genuine question.
My understanding of this case is that in simple terms Fujitsu had access to remote systems and were able to edit transaction data. They did this to make it appear as though bugs were either resolved or had never occurred in the first place. However they did this without any real form of audit logging (for dubious reasons) or understanding/caring about the ramifications of doing this in a financial application.
Naturally anyone who is now being "accused" is simply pointing the finger elsewhere.
Realistically how is anyone going to get definitive answers on a case like this when identifying and tracing the source of every bodged transaction is effectively impossible?
I'm not for one moment saying any of this is alright but I also don't see how anyone expects to get all the relevant information to prosecute the appropriate people.
This post has been deleted by its author
There was no audit logging.
No any form of double-entry by the looks of it.
I've only worked in accounting software once, and when I said "we have two ways of tracking transactions" shall I get rid of one, the accountant in the team said "no! great, keep them both, we can use them to counter-check against each other". A principle that seems lost in Horizon (probably, to this day. Which lays it open to fraud.).
There was some kind of audit logging but it was held within Fujitsu and under the terms of the contract, POL had to pay Fujitsu for them to retrieve those logs. You see this becoming a huge bone of contention during Second Sight's review when they start asking for audit data and POL quibble on the basis of cost.
>That money was going somewhere...
There wasn't any money.
A software bug said that a small Sub Post Office in Tobermory sold £65535 worth of stamps over lunch - then the post master better have £65535 cash in the till, or they have obviously stolen it !
There certainly was money after the SPMs "repaid" money they didn't actually owe as it was never actually missing. Where the fuck has that all gone? Someone (likely several) has benefited from procedes of crime. There was fraud and theft, but it was by Fujitsu, the Post Office, and their executives, not the SPMs.
How many people are here that can instantly recognize that £65535 is £ (2^16)-1 or basically the highest unsigned 16 bit integer number that you can have, unsigned is 0..65535, signed is -32768 to 32767, and anytime this pops up then it's probably not a random or chance amount and more likely a programming error of some kind.
Malicious prosecutions to cover up shortcomings are an area where the people involved should be facing jailterms AT LEAST as long as those served by the victims
Post Office has billions of pounds in liabilities around its neck as do the individual staff involved in making the decisions to prosecute. That's why they're closing ranks
Lots of money (LOTS and LOTS of money) is still missing. Since it is now obvious that it was not the Postmasters who were stealing it, where did it go, how, and where is it now? Those who had access to the system and could "adjust" it at will, look to me to be the primary suspects. Whether within Fujitsu or even the Post Office itself? And who is now looking into this? Obviously can't let either the Post Office or Fujitsu anywhere near to running the investigation themselves. This story has only just begun......
As far as I am aware, none of these convicted postmasters have been found with the ill-gotten-gains, which would, of course, be recoverable if they existed.
Those who were 'forced' to pay back 'lost money' were contributing to the PO bosses bonuses.
It now appears that it was 'somebody else's fault'. They've been coached by their legal team who have no incentive to get matters concluded.
> Terminal retransmitted the transaction. Head office logged it as a second sale.
Which is why a transaction should have unique reference, so if it's retransmitted then Head Office detect the duplicate.
Duplicate transactions are a possibility that has been considered and solved in many paper, computer and network processes. Surely Horizon couldn't have that basic a flaw?
Also, that doesn't explain the "remote access" issue, unless Fujitsu were changing the unique reference at both ends to allow the transaction to be processed.
Post office terminal sent a sales transaction to head office. Head office sent an ack packet back. Ack packet didn’t arrive at the terminal. Terminal retransmitted the transaction. Head office logged it as a second sale.
WTF!!! This is the classic double commit problem. I remember being taught all about this in compsci and working with it in EFTPOS using AS2805/ISO8583.
The standard approach was to send a request and if the response did not arrive in time a reversal was sent. The original requests and responses could be discarded but the reversals had to be stored and forwarded. Total F*ckwits
You're CTO with nagging doubts, but you don't do anything about it ?
Of what use were you, exactly ?
Oh, right : signing off reports saying that everything was fine.
So, corrupt to the bone, eh ? And now you're pretending to have a conscience ?
A bit late for that.
It beggars belief that this guy was hired as CTO, and managing the IT activity.
As far as I can see he has:
1) No academic training/knowledge of software technology
2) Zero experience of developing code himself
3) Zero experience of managing a software development group
4) Zero experience of procuring software from a 3rd party
Yet again, a person in the wrong job. Appointed to a senior and extremely well compensated role for which lacks the required skills, abilities, knowledge and experience to do it properly.
Didn’t anybody wonder about the scope of this supposed crime wave? Seven hundred some-odd independent and disorganized small business people embezzling from the Royal Mail? Only in some dystopian sci-fi film.
Sure, one or two, or even ten might try that. But, not one judge, or detective, or silk-wearing barrister or auditor stopped to think and to ask the obvious questions when the number of accused started climbing into the hundreds? Impossible to believe. There is an untold story somewhere in this mess about a suppressed whistleblower.
The Post Office had long viewed Sub-Postmasters as outsiders who were all thieving bastards, they just never had any proof. Horizon comes online and confirms their already existing bias, instead of being surprised at the number of 'thieves' they were instead impressed by how well it was catching them.
Go back and look at the rollout history before it was renamed Horizon
ICL was full of shit and the project became the most expensive failed rollout in history
They knew the bugs were there and smply said they'd fixed everything. These are the SAME bugs which existed and were documented in Pathways failure
To be fair, implementing a more robust accounting system could EASILY generate that kind of response, things that were totally missed before because there was no way to check them, but which flag up immediately in a newer system.
And judges are not there to do the research for you, they judge the case in front of them based solely on the evidence in front of them. Anything else is dangerous. It would be for the lawyers (especially defence) to say "There have been X hundred court cases in recent years because of the Horizon system, which is far in excess of the previous system, can you account for that? Is it not possible that my client is one of many being unjustly accused?"
Fact is, many of the people that went to court PLEADED GUILTY because they were advised to do so. In that instance, neither the lawyers or judges have much to do beyond dotting the i's and crossing the t's. It's why you never plead guilty to something that you know you didn't do. You've basically said "Yes, I did that, exactly as described." and there's no way back short of a pardon or major scandal.
But a new accounting system suddenly detecting 100's of cases of potential fraud over 16 years (so barely 50 cases a year), out of about 7000 subpostmasters, their other employees, etc.? Yeah, it's significant but it's not implausible. Especially when some of those pleaded guilty and in the process even accepted the evidence from Horizon was accurate.
If you were to suddenly implement "insider trading laws" on 7000 stockbrokers and their employees and departments, I would bet that you'd find more than 100 cases a year.
The real problem is the Post Office's rather unique ability to act on its own: "when an organisation is allowed to act as a prosecutor when it is also the victim and the investigator of an alleged offence".
i.e. crusty old laws with no modern need for them and people able to run amok and avoid oversight.
If they'd had to push their case through the normal entities (such as they had to do in Scotland and Northern Ireland), the number of instances would have been less but still might have flagged something in people's brains along the way.
Easier said than done. Especially in this scandal.
The accused subpostmasters were royally fucked over in so many ways. The Post Office knowingly withheld evidence that would have proved innocence or at least raised sufficient reasonable doubt if cases went to court. The PO anf Fushitsu were also perjuring themselves by claiming Horizon was infallible even when they knew it wasn't. The PO intimidated their victims: threatening to spend gazillions on prosecutions => the accused couldn't possibly hope to afford the resources of mounting a matching defence. This meant the logical but wrong choice for many victims was to cop a plea for a lesser charge to avoid bankruptcy, homelessness and jail time even though they were innocent.
What would any rational person do in these circumstances?
"The Post Office knowingly withheld evidence that would have proved innocence or at least raised sufficient reasonable doubt if cases went to court. "
This in itself is a serious criminal matter and there's no statute of limitations for such things in British law - which is why ranks are closing
> Private Eye was asking those questions > 20 years ago. I believe Computer Weekly was too, though I never read that publication.
Yes, CW uncovered the story first and PE only picked-up on it after a year or so, iirc, when its persistence was starting to become apparent.
> Didn’t anybody wonder about the scope of this supposed crime wave?
Given that there are now allegations that the previous accounting system - Capture - was also buggy, maybe the number didn't actually go up and there were just as many wrongful prosecutions under the old system?
It's a horrible thought.
According to his witness statement, his job titles were "Operations Director", "Chief Technology and Operations Services Director" or "Chief Operations Officer". Never CTO. See pdf at:
https://www.postofficehorizoninquiry.org.uk/evidence/witn11130100-mike-young-witness-statement
The statement gives a summary of what he claims his different roles involved.
It also notes he is a former soldier in the British Army, and a former policeman (rank of Detective Sergeant).
I'm wondering how the hell you go from army and police to CTO of an organisation as big as Post Office Limited. I don't think he could've been an officer in the army, as he was a relatively lowly Detective Sergeant in the police - officers tend to go straight into cushy business jobs via the old boys' network (the British Army is still almost entirely class based rather than a meritocracy). I know plenty of police officers who are ex-army, but they were at most non-commissioned officers and resorted to joining the police as their pensions were virtually non-existant. If he was a Slime (Army Intelligence) or from another branch with IT skills, then I don't see him joining the police. So very strange career progression.
It's been interesting to hear the evidence and cross-examinations about remote access. It seems to me that there has been obfuscation. IMHO remote access is pretty much an intrinsic requirement for IT Systems and should not come as a surprise. The key issue is whether the remote access is used to alter the ledger and whether or not the audit log can be bypassed. Double-entry book keeping has been around for hundreds of years and no doubt there will be endless case law surrounding security of the ledger and how corrections are handled. To my way of thinking common sense would apply - any adjustments would have to be logged and signed-off by the business owner, not least to protect whoever is applying those adjustments. What were they thinking?
As I understood it, double entry bookkeeping consisted of having two ledgers, each of which was updated individually. Reconciliation was then done between the two ledgers. If they didn't match there was a problem. Modern systems seem to accept an update to the first ledger and then apply that to the second ledger - or am I really, really wrong?
Modern systems will generally update both ledgers as a single transaction
Transaction in both the financial and database sense.
For example, if you withdraw money from a bank ATM, the two entries would be
Deduct the money from your bank account
Deduct it from the cash balance held inside the ATM [if it is an ATM owned by the bank]
or add it to the balance due to the owner of the ATM [if it is an ATM owned by someone else]
If they charge you for the privilege, then there will be four entries. The other two would be
Deduct the charge from your bank account
Add it to the bank's sales income.
In that case, it would be two financial transactions, but a single database transaction.
The only original reason for a double entry system is you only needed to add, no subtraction was required. From what I remember this was to do with the use of roman numerals.
In sales/ledger/account systems you don't need a double ledger but each transaction is recorded against each sale/purchase/banking etc.
The oldest recorded use of double-entry bookkeeping in the West is in what is now Italy in around 1300. Arabic numerals were introduced to the west about 100 years before that.
It possibly came to the West from India (based on the Desi Namu system which is fairly similar but with Debits on the right and Credits on the left. Arabic numerals were actually invented in India.
So I'm not sure that double-entry bookkeeping had anything to do with Roman numerals.
One of the big ones was lottery tickets, those sales were handled with a different machine which was connected to the Horizon POS. The connection would keep dropping and cause the messages to get re-sent, but Horizon would count them as multiple sales even though they had the same sale number.
> How can outdated equipment "mess up" with numbers this way?
It doesn't. This is unlocked database transactions or the equivalent
Banks solved this issue before the first GenXers were born. The fact that it happened in the late 1990s shows just how much of a "kids in bedrooms" programming mentality prevailed acriss both organisations
They manipulated people to the point where the innocent had no choice other than to confess to a crime they didn't commit rather than risk losing absolutely everything.
They manipulated people to the point where some of those who weren't happy admitting to something they didn't do decided instead to cease existing.
They withheld information that may well have demonstrated the innocence of the accused; this is where it gets really nasty - they knew something was amiss and decided to carry on screwing people over anyway.
The whole bloody board/directors/the lot should be behind bars - and for a good long time, none of this "we'll let you out in three months if you promise to be good" shit. If everybody blames everybody else, great, means they're all guilty. Don't wait for the first domino to fall, push.
And the laws need changed to ensure that this sort of abuse of power doesn't happen again.
Knowing how they buried these people under suspicion and allegation, knowing they were innocent, knowing they couldn't fight back and knowing that the prosecutions were driving people into despair such that suicide became an option and the craveness to allow it to go on is beyond the measure of any human metric of criminal culpability. This is murder by system.
I'd bring back writs of outlawry for everyone involved. As they so denied innocents the protections of law or even common decency - let's see how iron-jawed they are when someone toys with their existence in the same arbitrary manner.
My question is how much money has been paid to ICL/Fujitsu over the decades this was going on for 'support' on something that from the sounds like it was written by idiots and was not fit for purpose?
As don't forget the Post Office is a government run company, so its our money that they have been paid.
So Fujitsu should be on the hook to pay the compensation to the affected postmasters.
I can't find the link to the actual enquiry document that highlights this but there are several examples of the code available to read that confirm your "written by idiots" point. My favourite was actually a function to return the negative of its argument; ie when given d, to return -d. As if the use of a function isn't pointless enough, the algorithm used was something like:
if d<0 then return abs(d)
else return d-2*d
1) Given that Horizon was and continues to be as useful as a chocolate fireguard and effectively makes its results up as it goes along, can POL's financial accounts for the last 20 odd years be treated as reliable?!
2) Is there such an offense as racketeering in the UK? Because to me, POLs behaviour towards SPMs in shaking them down for every penny they had on the flimsiest context screams racketeering to me.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2025
