4 Comments

The duplicated transactions has the ring of truth, it also means that the failure to understand that the system was wrong is even worse. It means your accounting records will show that Mr blogs deposited 481.73 and then five minutes later made another deposit of 481.73, and gosh the books are off by 481.73. There are two explanations. One the system is broken. Two, Mr blogs is a very odd customer and the post office manager is an equally strange crook.

Expand full comment

"I cannot prove that the analysis of the software problem above is true and correct." And you won't be able to, because it is not.

I very much agree with your analysis of what should happen, and you're right that the system itself was a disaster. But it's just not helpful (or true) to say that the fundamental issue was a single programming error and, from that, to imply that if only it had been built by cleverer or more experienced people all would be well.

In reality, it was an UNBELIEVABLY ambitious system (WAY more complex than any bank branch system or retailer POS system - it's perhaps better to think of it as trying to be both, at the same time, where the complexity of each system doesn't just add but multiplies owing to all the potential interactions and logical combinations, etc) and it was just inevitable that it would be riddled with bugs.

Yes - it could and should have been designed and tested better - a lot better. But, even if it had, loads of the bugs would still have arisen. Just browse the write-ups online of the various bugs... there were so many and they were so varied.

The fundamental issue was that those in charge (in both the Post Office and at Fujitsu) operated as if the system was perfect and so provided basically no support to SPMs in diagnosing/debugging issues (eg the stories of Jo Hamilton on her hands and knees trying to make sense of metres and metres of three-inch-wide printouts from the receipt printer because there was literally no other way to retrospectively try to figure out what had happened) and did nothing meaningful to investigate.

Net-net: yes... the system was a disaster. But it really isn't helpful to say there was basically just one big programming error. That makes it sound like, if only somebody cleverer had written it then this would never have happened. But that's just not true: even if it had been written by the best systems people in the world the scandal would still have happened. (And note: this does not excuse ICL/Fujitsu in any way... many of their people should also be in the jail that needs to be built to enable your proposal to happen!)

Expand full comment

There were jury trials over this. Expert witnesses said that what you describe did not happen. Somebody hired these expert witnesses to go out and bat for them. So yeah, jail them all.

Expand full comment

Good point re expert witnesses. It raises another point that I should have mentioned with respect to blame.... don't forget that the legal presumption at the time (and maybe still today?) is that a computer system is working unless the *defence* can prove it is not.

This also - indirectly - supports my argument that Tim is massively over-simplifying the technical problem. Had there just been one big, idiotic error in how Horizon was built then it's possible (albeit still only just possible) that a defence team in one of the 700+ trials could have proved it. But the reality was hundreds (if not more) of very subtle, often quite rare, issues, many of which only happened in very specific scenarios, but were devastating in their impact. And this made it impossible for a defence team - poorly funded and with no access to the system, logs, error reports, its code or its design - to prove that a specific fault occurred that could explain the shortfall. Of course, this makes the behaviour of those inside POL and Fujitsu who knew all this even more egregious.

Expand full comment