The Horizon Post Office Scandal has become a pivotal case study for enterprises worldwide, offering critical lessons in IT system management and legal integrity.
Last week, an expert technical witness in the case, Jason Coyne, spoke with freelance investigative journalist Nick Wallis at Tech Show London and explained more about his role in proving that earlier versions of the system were faulty.
In 2003, Julie Wolstenholme, a British sub-postmistress, faced losing her job at the Post Office because she couldn’t reconcile a five-figure deficit on Fujitsu’s newly installed Horizon IT system.
Before the bailiffs could arrive at her Cleveleys branch, Wolstenholme had the foresight to take the Horizon terminal with her. Later, she told investigators, “This is the source of my problems; if you investigate this terminal, you will see where the problems lie.”
This is where Coyne enters the frame. He is a computer developer and technical expert witness who would later play a crucial role in the High Court litigation. The case was recently dramatised on UK broadcaster ITV in Mr Bates Vs the Post Office.
The drama charted the human impact of the Horizon IT scandal, which arose from faulty Fujitsu software that created false shortfalls in the accounts of thousands of sub-postmasters.
Between 1999 and 2015, over 900 sub-postmasters were convicted of theft, fraud, and false accounting based on faulty Horizon data.
At the Excel Centre in East London last week Coyne and Wallis — who was also the author of The Great Post Office Scandal and a script consultant on the ITV drama — wanted to discuss lessons learned from the scandal and what could have been done better regarding the implementation and rollout of IT systems.
In the 1990s, Coyne developed a stock control system that he offered to small businesses. Later, he worked with larger enterprise-wide systems, databases, and networks.
In 2003, the Post Office lawyers contacted Coyne as they pursued Wolstenholm in civil court to recover their possessions.
“They wanted me to write a report saying there was nothing wrong with the computer system that could have led to the faults experienced by the Cleveleys sub-postmistress,” Coyne recalled.
“I said I’d need to look at the system, the help desk logs, and the audit logs. A lot of that wasn’t available at the time, but I could tell from what was available that the computer system was causing this discrepancy.”
Desperate to keep this information out of the public domain, the Post Office settled the case with this post-submistress, although she still lost her job.
Whistleblowing tech booms as new EU law comes into force
Fourteen years later, Alan Bates, a former sub-postmaster, gathered 554 affected sub-postmasters to file a lawsuit against the Post Office. Coyne was again called upon as an expert technical witness, this time for the postmasters.
“We needed to disprove three fundamental points about Horizon,” he recalled.
“The Post Office insisted there were no bugs in it. We knew straightway that there was a chance that this was faulty because I’ve not seen a new system that doesn’t have any bugs in it.”
He continued to say that the Post Office had claimed that remote access to sub-postmasters’ accounts wasn’t possible and that he was sure that wasn’t the case.
“The Post Office also said that nothing could impact branch accounts; the only person who had input was the sub-postmaster. But because of network banking, we knew that this couldn’t be true because there needed to be back-end reconciliation,” he explained.
Perhaps unsurprisingly, Coyne encountered resistance from the Post Office’s legal team as he sought to access error logs, help desk logs, and release notes.
“The first battle was the acceptance that the Horizon system wasn’t the same system in 2016 as in 2000. I knew that in any organisation, there would be release notes, so we started to attack release notes and their disclosures.”
“Then there were the Known Error Logs (KELs) and documents created as a result of the sub-postmasters ringing up about an IT problem being found and remedial action taking place.”
Other documents Coyne sought were Business Impact Statements. These looked at what the likely problems on the accounts were because of the defect that had been discovered.
Coyne linked these documents together to prove defects in Horizon, which started at one point and existed until another point, and that they had a business impact on these particular branch accounts.
“That put a missile through one of the core arguments—that there weren’t any bugs and that if there were, they didn’t impact branch accounts.”
Wallis has been following the Horizon IT Scandal story since 2010. He first heard about it from a taxi driver who told him about his pregnant wife being sent to prison for a crime she didn’t commit.
He emphasises that the disaster and its human impact were inevitable from the very beginning.
“It’s important to note that the Horizon IT system was existential for Fujitsu; it was their Golden Goose. It may not have had a UK arm today if it wasn’t for the Post Office’s business. So, it relied on it — and the funds it received from the government to pretend everything was fine.”
“Horizon was also existential to the Post Office because, without it, they couldn’t do network banking and grow their business. It had to be reliable so it didn’t scare off corporate clients plugging into the system.”
Wallis added that when it came to the court case, by the time the Post Office knew they were sitting on hundreds of injustices, it became existential from a financial perspective, so they had to “dig into the trenches and defend at all costs.
He added, “If your tech becomes an existential threat to your business, your customer’s business or your own business, you have a major problem. Especially if it’s not particularly good, especially if it’s causing harm.”
In November 2021, the Post Office slashed its value from £145m to “nil” following the compensation payouts that followed. Wallis and Coyne’s takeaways from the scandal are useful for today’s tech leaders to protect their businesses, customers, and users from similar harm.
According to Wallis, any major technological advancement designed to improve lives must acknowledge that “it will cause harm somewhere, and the harm that it might cause needs to be baked into the conception of that big leap.”
“Do the disaster planning,” he advises, “because things will go wrong. What’s the worst-case scenario? What are the risks? How can you mitigate against them? Is it worth that risk? What do you do to make it good again if things go badly wrong?”
For Coyne, it’s important that enterprises create a culture in which the people who report to them can challenge them.
“What was happening in the Post Office was that people would couch things as: ‘I need to be able to say, ‘no this didn’t exist’, find me an answer that fits that proposition”.
“[former Post Office CEO] Paula Vennells said in an email that we found: ‘I need to be able to prove remote access is not possible. Find me the evidence.’ It should be the other way around. People should be able to challenge the concepts at the top.”
Coyne’s second piece of advice is for firms to really understand their supply chain risks. “The Post Office didn’t know where Fujitsu’s role and responsibilities ended and theirs started. When it came to the investigations, people didn’t know who to speak to. The default position was to blame the Post Office submasters — they were thieves, and the Fujitsu kit was infallible.”
He also recommends that companies create a data map to know where all their data is.
“If you are ever involved in litigation of any type, there will be a disclosure process. You need to have a data map to know where all the data is in your organisation.”
“The Post Office didn’t have this, and it tripped them up. They didn’t know they’d migrated from an Exchange version to a 365 version, for instance, and that they only took across ‘Live Accounts’ with them. This situation caught them out, but many other orgs make similar mistakes.”
Following the High Court litigation and the broadcast of the ITV drama, the UK government has passed landmark legislation today (13 March) that will allow hundreds of wrongly convicted sub-postmasters to have convictions quashed.
This blanket exoneration, delivered through the Post Office (Horizon System) Offences Bill, is designed to quash convictions brought about by erroneous Horizon evidence, clearing the names of many people who have had their lives ruined.
For sub-postmistresses like Julie Wolstenholme, the government has also confirmed that it will propose a compensation scheme for postmasters who were not convicted but still suffered due to Horizon’s failures.
Subscribe to our Editor's weekly newsletter
Newsletter
Share
