The Post Office cover-up, and why data shouldn't be trusted
Obviously, with so many people having watched Mr. Bates vs The Post Office, and learning, through the dramatised version of events, the extent of what could safely be called a huge cover-up, the public wasn’t going to be content with yet another inquiry concluding with the usual crap about ‘failures in The System’ and ‘lessons being learned’ before the whole affair is forgotten about and it’s business as usual. I think that desensitisation to inquiry after inquiry over the scandals du jour is why it took an ITV drama to get the government to actually take it seriously.
As I understand it, the Horizon system was developed by ICL in the late-1990s, and was acquired by Fujitsu, which then provisioned the system to the Post Office as an accounting system.
Defects in the software (or less likely the hardware) caused Horizon to miscalculate the accounts being managed by the subpostmasters - a fact known to employees at Fujitsu, who, it was later found, were accessing the Horizon terminals remotely to address the problem. Some of the accounts were overlooked, and ~730 subpostmasters were wrongfully (not just wrongly) prosecuted for false accounting and theft. This was known about in the IT industry for roughly a decade, but few of us could imagine the degree of deception and incompetence behind what happened. Actually, in light of what came out, a picture is emerging of innocent people having been intentionally defrauded by executives within the Post Office and of their lives having been deliberately ruined in order to protect The System. And maybe because the honours system has evidently become something that rewards deception and incompetence.
Operation Ore was used as a case study during my undergraduate years, to impress on us the importance of knowing that certain things - which network admins and security people will encounter at some point in their careers - must be investigated thoroughly, carefully and without bias, because a failure to do that could ruin an innocent person’s life.
I mention that particular case study because there are important parallels with the Horizon scandal (which will also find its way into the textbooks), having occurred around the time the first subpostmasters were convicted, and being another example of how ignorance and unquestioning trust in surface data (and in authority) can result in a miscarriage of justice. There were other common factors, such as the digital forensics and software engineering fields having yet to be established. The difference is that, in the case of the Horizon scandal, it could be argued that the deliberate cover-up made the digital evidence aspect cursory.
In short, as Operation Ore unfolded, around 2,000 people were charged with child pornography offences after their credit card details were found in a database of some forum. I’m told, by a detective who established the local Hight Tech Crime Unit, that ‘expert witnesses’ in those days were often IT technicians who didn’t understand the intricacies of what an operating system does under the surface, and consequently didn’t know how to gather, preserve and interpret digital evidence - rather like the Post Office’s lead investigator revealed himself, in his statements to the inquiry, to be grossly unqualified for his position.
It later turned out, after lives were ruined in the course of Operation Ore, that an unknown number of the accused were actually victims of identity theft, and their credit card details were used in the wrong place at the wrong time.
With what I understand of the Horizon scandal, I find it implausible that the Post Office and Fujitsu weren’t in posession of hard evidence relating to the cases, that system administrators at Fujitsu weren’t keeping accurate records of what they accessed and why, and that employees were able to access the Horizon terminals with no auditing system in place.
I was surprised that nobody thought to ask the three important questions:
‘Is it possible that defects exist in the software that would cause accounting discrepancies?’. The expert opinion, obviously, would be ‘yes’.
‘What investigation was done to rule out system defects as the cause of accounting discrepancies?’
‘How thoroughly was the software tested, and what evidence can be provided for that?’
Whatever the case, I believe things are worryingly more dangerous for everyone these days, as automation is encroaching on every aspect of our lives, as reasonable people are replaced by opaque self-service things, and as the government still trusts and rewards Fujitsu with multi-million contracts, and is still prepared to make life-and-death decisions on the back of data ‘models’ generated by appallingly substandard software.
What happened to the subpostmasters could easily happen to thousands of people who might each believe they’re just exceptionally unlucky in some isolated misunderstanding, and who don’t have the means or the expertise to challenge the system. If the Horizon system was used to automate the welfare system, as was originally intended, and people were wrongly being convicted of benefit fraud, would there have been any inquiry? If one is charged with theft because of a defect in a self-scanning machine, how would that be challenged?