Post Office And Horizon - Just Jail Them All, Let Them Argue Their Way Out
Post Office And Horizon - Just Jail Them All, Let Them Argue Their Way Out
All here being the board of the Post Office since at least 1997
I’m normally mild mannered and very, very, pro-civil libertarian. That normally there has to carry a lot of weight and the Post Office scandal over the Horizon system is too much for it.
Jail them all and make them argue their way out.
No, really, every single member of the Board of Directors should be held on remand until their trial. By every I also mean every - right back to the beginning of this disaster which I’m pegging at 1997. Everyone who has served on the board of the Post Office since then is to be put in jail, no bail, held on remand. Then we listen to them trying to explain what they knew, when they knew it and how they lied and cheated to cover it up. Then we actually jail them - after that lovely trial.
This does sound a little bloodthirsty but there’s a reason here. One being that we’ve built Marble Arch in recent centuries so Tyburn is no longer available for that post being dragged on a hurdle entertainment. The other is because what the Post Office has done strikes at the very heart of how a system works.
Think, for a moment, of a closely related idea. That perjury is a very serious crime that attracts very considerable sentences. We’ve jailed a Cabinet Minister for some years for example. We jailed another one and his wife for a few months for perjury over mere points on a driving licence. Lying, under oath, in a courtroom, - perjury that is - attracts very heavy sentences, almost always vastly in excess of whatever punishment that would stem from what was being lied about.
The reason? Courts, the legal system, do not work if people can lie on oath in them. Perjury is a systemic crime, it’s a crime against the very system itself. So, off with their heads.
Now, there are allegations of perjury here too in this Post Office scandal. But that’s not quite my point. It’s that the smoke blowing, arse covering and generally vile commercial behaviour here threatens the very system by which we live.
Economists make much about how a place gets rich. The general idea is “institutions”. One of those is being in a high trust society. If the only people you can trust - including the courts and the law - are your cousins then the only people you’ll go business with will be your cousins. And not even them - I have cousins too - some of the time. A cousin based economic system gives us Pakistan, not somewhere full of human flourishing.
The Post Office scandal strikes at that heart of trust in society. Not because of the original mistake but because of the next two decades. Which is why they all need to go to jail.
As to the initial mistake I cannot prove this at all. But it is what I gather from gossip and general nattering with those who would have a clue. Some might recall that I used to write for The Register, also Computer Weekly (which, to its credit, has been shouting about this for near two decades now). The idea of me pronouncing upon programming is an absurdity - I cannot set up an Excel spreadsheet and that is an absolute truth, not some coy demurral - and yet here’s what I’m told happened. Told, again, in gossip and nattering, not as a formal identification.
Any banking system needs to deal with incompletes. There’s this node, part of the system, here, there’s this one over there. For the system as a whole to balance then they must communicate with each other. Say, a sub-post office and the main Post Office balance sheet and ledgers.
Sometimes communications between those two nodes will fail. Hey, it happens. More so then than now - don’t forget that back in the late 1990s we were pretty much all still working on dial up modems. So, failure is going to happen. A transaction, a balance sheet change, partially goes through but not wholly. As I say, this is going to happen. It’s just one of those “shrug” issues that has to be dealt with in any such system.
The claim is that the Horizon system did not deal with it. Or rather, dealt with it in an absurd manner - truly lunatic by the standards of banking software - and that’s where the initial problem started.
Good software says “this was incomplete, send it again” and then regards the incomplete as a nothing to be ignored. Absurdly bad, insane, software says “this was incomplete, send it again” and then counts both the incomplete and the complete as separate and to be added to the ledger transactions. That is, Horizon counted both the incomplete and the resend as changes in the central ledgers while the sub-post office was thinking that it had simply resent the incomplete and that the incomplete would be ignored.
From Computer Weekly we gain at least an indication of this:
In November 2015 the CWU wrote to subpostmasters warning them of a problem with the system, following an incident in which thousands of pounds' worth of payments were duplicated for one subpostmaster. If undetected, this would appear as losses when the accounts are completed, which would be the responsibility of the subpostmaster.
Yes, you should read that full piece and also the others linked to it on that site. Yes, we have duplication of what should be single transactions in the Horizon system. Now, whether that’s as common as my gossipy ears hear is another matter. But the base contention is indeed proven.
Readers on my blog (many of whom are, as it happens, tech and software types of my sort of age and therefore of some considerable experience) explained it thusly:
In my understanding, what it was was:
Correct functioning:
PO sends ‘credit £x’
HQ receives ‘credit £x’
HQ credits account
HQ sends ‘acknowledge credit £x’
PO receives ‘acknowledge credit £x’
PO removes item from queue
Failed functioning:
PO sends ‘credit £x’
HQ receives ‘credit £x’
HQ credits account
HQ sends ‘acknowledge credit £x’
PO /doesn’t/ receive acknowledge
PO retries
PO sends ‘credit £x’
HQ receives ‘credit £x’
HQ credits account
HQ sends ‘acknowledge credit £x’
PO receives ‘acknowledge credit £x’
PO removes item from queue
PO now has one ‘credit £x’ recorded, but HQ has two ‘credit £x’ recorded.
It’s a classic network transaction confirmation problem. In fact, a Networking 001 problem. It’s not even undergraduate level concepts. How do you know where a failed message has failed? Has the message to HQ failed, or has the acknowledge failed? The solution is to either use a sequence chain, or *not* transfer ‘change’ messages, but transfer ‘updated balance’ messages:
PO sends ‘account balance is £x’
HQ receives ‘account balance is £x’
HQ updates account
HQ sends ‘acknowledge account balance is £x’
PO /doesn’t/ receive acknowledge
PO retries
PO sends ‘account balance is £x’
HQ receives ‘account balance is £x’
HQ updates account
HQ sends ‘acknowledge account balance is £x’
PO receives ‘acknowledge balance is £x’
PO removes item from queue
This results in the PO recording a balance update to £x and HQ recording a balance update to £x.
That’s it. A structural mistake in the initial design of the software. A very bad, lousy, no good, structural mistake. A well known, understood, and solved problem in banking and accounting software. Which ICL (people say Fujitsu but it’s really the ICL which they took over) decided to ignore, not understand or just not care about.
Well, shit like that happens. What matters in a society is what we do about it. And as another of my commenters said:
Basic fault lay in PO top management. New computer system says that over 600 sub-postmasters/mistresses are embezzling in one year whereas previously it was one in six or seven years. Sub-postmasters say – we haven’t stolen a brass farthing, your computer is faulty. Computer guy insists “No, it’s fine” despite knowing that’s a lie. PO top management takes the one word of one liar over 600-odd honest men/women and fails to order a thorough investigation before calling in plod and sending innocent people to jail.
Guy who perjured himself should be in jail, PO top management should be in the stocks.
It’s that which means they should all be in jail. Because that’s the action which destroys that trust in society as a whole and impoverishes the nation. That’s the systemic problem and danger and why we make them argue their way out from His Majesty’s Pleasure, not us having to prove their way into it.
Now, there are other issues here. Ms. Vennell has some ‘splainin’ to do. You’re the CEO while the smoke blowing is going on then this buck stops with you. The recent TV programme deserves a mention. The long, long, fight for any semblance of justice or righteousness is another proof of the danger of non-punishment here. Computer Weekly gains kudos, Private Eye has chased the story at least. The Observer sounds quite like the Thundering Times of old. I’ve muttered bits here and there about it.
Ed Davey was the Minister who shrugged off the initial expressed concerns. SirEd is reported as then having taken a cool quarter million from the Post Office’s lawyers. Which is the one fun part of this story, we might be able to get that gurning grimace looking out from the right side of the bars for a change. He could then go back to his natural position in life, third place runner up in a Wayne Rooney lookalike competition.
And no, this isn’t good enough:
The justice secretary is exploring how to exonerate hundreds of sub-postmasters unjustly convicted during the Horizon IT scandal amid mounting pressure on the government to respond to the “biggest miscarriage of justice” in British history.
Sure, it’s a necessary step. But clearing those who were jailed isn’t enough, we need to jail those responsible. Which means jailing them all now and seeing who can argue their way out. Those who cannot we take their gongs, we take their pensions and we take their freedom. Because of the integrity of system - if appeals to natural justice and fairness aren’t enough.
Now, true, there is a risk to this. It is reversing the burden of proof and that’s a terrible, appalling, danger. Allow anyone that power and at some point - and yes, this would inevitably happen - then we’ll all get jailed as child pornographers for failure to prove that we’ve never seen a piccie of a 16 year old nipple. But it is, perhaps, a risk worth taking.
I cannot prove that the analysis of the software problem above is true and correct. But that’s what the general gossip and natter surrounding the issue is. As above, one of those mistakes and they do happen. But what followed was deliberate theft of money, reputation, freedom and in some cases even lives by those running the issue from the Post Office end. At which point we jail them all and see who can argue their way out and who cannot.
An example of how serious this all is. Marina Hyde in The Guardian:
Whether it will lead to anything you’d call justice is another matter. A chap I corresponded with not long ago thought the entire over-remunerated executive class covering the period in question should be chucked straight into prison and have to argue their way out;
Tim Worstall waves at being called “a chap”. For yea it were me.
That’s the Tim Worstall who is the arch neoliberal, used to be Ukip, worked directly for Nigel Farage, is a Senior Fellow at the Adam Smith Institute, is a frothmouthed lunatic by current British economic and political mores. That’s this same Tim Worstall being approvingly quoted in The Guardian. Now if that example of the lion lying down with the lamb (determine which is which to taste) isn’t going to impress upon you the importance of this issue then nothing will.
Jail Them All.
The duplicated transactions has the ring of truth, it also means that the failure to understand that the system was wrong is even worse. It means your accounting records will show that Mr blogs deposited 481.73 and then five minutes later made another deposit of 481.73, and gosh the books are off by 481.73. There are two explanations. One the system is broken. Two, Mr blogs is a very odd customer and the post office manager is an equally strange crook.
"I cannot prove that the analysis of the software problem above is true and correct." And you won't be able to, because it is not.
I very much agree with your analysis of what should happen, and you're right that the system itself was a disaster. But it's just not helpful (or true) to say that the fundamental issue was a single programming error and, from that, to imply that if only it had been built by cleverer or more experienced people all would be well.
In reality, it was an UNBELIEVABLY ambitious system (WAY more complex than any bank branch system or retailer POS system - it's perhaps better to think of it as trying to be both, at the same time, where the complexity of each system doesn't just add but multiplies owing to all the potential interactions and logical combinations, etc) and it was just inevitable that it would be riddled with bugs.
Yes - it could and should have been designed and tested better - a lot better. But, even if it had, loads of the bugs would still have arisen. Just browse the write-ups online of the various bugs... there were so many and they were so varied.
The fundamental issue was that those in charge (in both the Post Office and at Fujitsu) operated as if the system was perfect and so provided basically no support to SPMs in diagnosing/debugging issues (eg the stories of Jo Hamilton on her hands and knees trying to make sense of metres and metres of three-inch-wide printouts from the receipt printer because there was literally no other way to retrospectively try to figure out what had happened) and did nothing meaningful to investigate.
Net-net: yes... the system was a disaster. But it really isn't helpful to say there was basically just one big programming error. That makes it sound like, if only somebody cleverer had written it then this would never have happened. But that's just not true: even if it had been written by the best systems people in the world the scandal would still have happened. (And note: this does not excuse ICL/Fujitsu in any way... many of their people should also be in the jail that needs to be built to enable your proposal to happen!)