NCVO
Cyber Essentials Certified

When Software Goes Wrong

In 2000 the Post Office introduced a new accounting system ‘Horizon’ to manage all its branches. Over the next few years hundreds of sub-postmasters/postmistresses were prosecuted for theft, fraud and other charges as the system identified money was missing from the accounts.

Many of these people went to prison, even a pregnant woman and others had their lives ruined, disowned by their families, divorced. One poor soul even committed suicide, several others have died since.

The Post Office a bastion of trust with the UK population testified in court that the computer system system was correct and it was the sub-postmasters/postmistresses that were the criminals.

Over the last few years cracks began to show, a report by Second Sight specialists in fraud investigation who were brought in to vet the system, found it seriously flawed and the Horizon system was not ‘Fully Fit for Purpose’. Documents that would have showed accounting errors, were hidden and supressed by the Post Office and then they produced a document to counter Second Sights report, knowing they were already on shakey ground.

Last week the Court of Appeal overturned the convictions of nearly all of these law abiding people.

Sam Stein QC – representing some of the former sub-postmasters – said the Post Office’s failure to investigate and disclose serious problems with Horizon was “the longest and most extensive affront to the justice system in living memory”.

He said the Post Office “has turned itself into the nation’s most untrustworthy brand” by attempting to “protect” Horizon from concerns about its reliability.

The Post Office’s “lack of disclosure within criminal cases perverted the legal process”, This leads to the big question now is what will happen next, will the Post Office managment be brought to book, with court cases for falisifying evidence? Will Paula Vennells who was the CEO of the Post Office at the time, be tried for her part in the affair. Her life is now beginning to unravell with her losing her jobs at Morrisons, Dunelm and suspending her career as a Church of England minister.

So what went wrong?

As someone who worked on financial systems for many years, I suspect flawed testing and management pressure to deliver the software into production was a primary problem. If it works and the system errors are low, then release it. We can fix any shortfalls later. This is not uncommon in the business world but can be a minefield further down the line (Companies like Microsoft have operated like this for many years).

If we has system discrepancies we would run the systems through, re-processing the data we had in a test/debug environment and see if we could

  • a) reproduce the error
  • b) identify the point it would go wrong.
  • c) fix it
  • d) test it (including all the previous testing)
  • e) release the new version to production.

It should have been obvious to the Post Office management that they would not suddenly have that many fraudsters on their hands and it should have raised a red flag about the Horizon system. Of course if they knew that this number of fraudulent sub-postmasters/postmistresses is/was the norm then the Post Office must be in really bad shape.

In this case the Post Office were almost Judge, Jury and Executioner, they could bring prosecutions without referral to anyone like the DPP, their evidence was of their own making and some people have said the evidence was a a fabrication.

It’s important here that people are aware that computer systems are fallible, and that incidents like this should not make you think that your local retailer is a crook, they may or may not be, but proper systems, procedures and controls need to be in place to insure impartiality.

The Institution of Analysts and Programmers is working hard ‘Improving Software for Society’ with schemes like FURST and our Academic Partnerships. It is difficult when large organisations do not even follow the basics of software development practice.

The moral here is to TEST, TEST, TEST and then TEST again! and trust your end users, they are usually annoyingly right.

Comments are closed.