When computer bugs end up with YOU in jail!

[TechyBen]

Long running errors at the UKs "Post Office" national postal service (now long privatised which is still state owned, there are separate privatised entities), ended up with many managers wrongly sent to prison for fraud and theft crimes.

After a long examination and delays in finding the route causes, Judges have now ruled that the faults and errors were with the Post Office and their accounting software supplier Fujitsu.

 

https://www.theregister.co.uk/2019/12/18/post_office_trial_fujitsu_horizon_judgment/

 

Quote

Fujitsu faces a potential criminal investigation after a High Court judge's savage criticism of the outsourcing company and one of its customers, the Post Office, at the end of a long-running trial over the state mail operator's core IT system.

 

Basically, occasionally a branch would look at their tills/accounts software reports at the end of the day, and it would say they should have (for example) £50K in transfers, £10K in cash. But when they checked them, only had 40K records for transfers in, and 9k in cash, as the software was dropping/losing records and transactions. IIRC this may have mainly been when the phone line went down. So small, isolated/country town Post offices with bad phone lines were disproportionately affected, which to the CEOs/investigators first looked like little family run shops were getting together to steal from the Post Office. They mistook "old computer bugs" for "old pensioner thieves". 

 

Wow. I remember reading about the cases before (years ago? [edit] 20 years!!! [/edit]), and poor managers writing to news papers/getting interviews about how they were certain they were innocent. That the faults must be with the computers. But no one on the shop floors could prove they did not steal any money (how do you prove a negative?!). They got sent to prison, or had to use their own cash to "hide" the shortfalls, or just got really really stressful and horrible jobs while being blamed for the errors.

 

Now, I've never noticed a real bad error working in retail, but I did notice some places I worked in had better computers systems than others. Oh, 99% of them worked well, but a few had GUIs or abbreviations, that meant errors were REALLY easy. Where others were a joy to work with and errors near impossible to key/miss.

 

Glad to see that people are getting proper justice. Just horrific those in the top and those in the responsible and tech/suppliers space made such a great mistake!

[ryao]

I once was called to do data recovery in a situation that was so bizarre that it almost looked like employee sabotage. I found the bug that caused it, but had I not done that, an innocent man would have likely gone to prison. I was well rested when I found the bug.

 

It is unfortunate that the programmers at Fujitsu were not able to prevent innocent people from going to prison because of bugs in their code. My guess is that it was caused by a mix of overwork (as is known to be common in Japan) and management not wanting to spend much on QA (which is common in the industry).

[TechyBen]

7 minutes ago, ryao said:

I once was called to do data recovery in a situation that was so bizarre that it almost looked like employee sabotage. I found the bug that caused it, but had I not done that, an innocent man would have likely gone to prison. I Was well rested when I found the bug.

 

It is unfortunate that the programmers at Fujitsu were not able to prevent innocent people from going to prison because of bugs in their code. My guess is that it was caused by a mix of overwork (as is known to be common in Japan) and management not wanting to spend much on QA (which is common in the industry).

I think it also goes deeper than that. There are programming best practices when dealing with accounting, or mission critical communications over a network. Or even just journaling/databases. These seem to be missing for such a large fault (both head office/local office databases not syncing, AND both databases losing/dropping vital data off the records with ZERO recovery/error/record of it).

 

However, to add to it the top brass management, possibly at the Post Office, also having suspicions, but instead sending innocent people to prison, one who then committed suicide, all for what? To protect their bonus or the status quo?

[ryao]

1 minute ago, TechyBen said:

I think it also goes deeper than that. There are programming best practices when dealing with accounting, or mission critical communications over a network. Or even just journaling/databases. These seem to be missing for such a large fault (both head office/local office databases not syncing, AND both databases losing/dropping vital data off the records with ZERO recovery/error/record of it).

 

However, to add to it the top brass management, possibly at the Post Office, also having suspicions, but instead sending innocent people to prison, one who then committed suicide, all for what? To protect their bonus or the status quo?

Is there any evidence that management at the Post

Office had suspicions? People tend to blindly trust computers as if they are infallible. I recall hearing about being people who were scammed by crooks activating their credit cards with ApplePay who were thought by credit card companies to be lying because ApplePay was said to eliminate the potential for scammers to make fraudulent transactions with people’s credit cards.

 

I suspect the guys who were falsely imprisoned will never trust computers again. Speaking of which, I used to check a computer’s math whenever a video game showed the result of a calculation as a sort of mini game. One day, I found that the computer was off by 1. It turned out that it implemented rounding by multiplying by 100, adding 51 and then dividing by 100 with integers. I felt vindicated for always checking computers’ math, although the bug ruined the game for me. I did not find it fun anymore after that. 

[TechyBen]

14 minutes ago, ryao said:

Is there any evidence that management at the Post

Office had suspicions? People tend to blindly trust computers as if they are infallible. I recall hearing about being people who were scammed by crooks activating their credit cards with ApplePay who were thought by credit card companies to be lying because ApplePay was said to eliminate the potential for scammers to make fraudulent transactions with people’s credit cards.

 

I suspect the guys who were falsely imprisoned will never trust computers again. Speaking of which, I used to check a computer’s math whenever a video game showed the result of a calculation as a sort of mini game. One day, I found that the computer was off by 1. It turned out that it implemented rounding by multiplying by 100, adding 51 and then dividing by 100 with integers. I felt vindicated for always checking computers’ math, although the bug ruined the game for me. I did not find it fun anymore after that. 

They aparently cut the third party investigation, 24 hours before completion, then burnt all the documentation in 2014. Then announced "all is great, there are no bugs". Yes, they knew.

[Tech_Dreamer]

Quote

Glad to see that people are getting proper justice.

[amdorintel]

interesting, so people were sent to prison for no real evidence other then some missing monies from a till system.

 

no evidence of a new lambo, offshore account, new rolex watch, literally no flash whatsoever, and the exact same spending habits over countless yrs.

 

where were the prosecutors looking, imaginary la-la land.

 

be a very nice lawsuit, but i know the united kingdom is a very unusual country in certain ways. collectors are allowed to take debtors property is a new one i've learned in the past few yrs simply from watching a tv series.

 

however, i do remember seeing a tv show where the uk mail system hiring system is very flawed, even a tv crew followed some deliverers around and it showed some shady activity.

[mr moose]

Situations like this is why I will never be quick to see digital evidence as anything other than a mass of messy data that needs to be sorted before fingers are pointed.

 

If it is this easy for a fault (unforeseen error) to put someone in jail, then how easy is it to set someone up or scapegoat them?

[CarlBar]

4 hours ago, amdorintel said:

interesting, so people were sent to prison for no real evidence other then some missing monies from a till system.

 

no evidence of a new lambo, offshore account, new rolex watch, literally no flash whatsoever, and the exact same spending habits over countless yrs.

 

where were the prosecutors looking, imaginary la-la land.

 

be a very nice lawsuit, but i know the united kingdom is a very unusual country in certain ways. collectors are allowed to take debtors property is a new one i've learned in the past few yrs simply from watching a tv series.

 

however, i do remember seeing a tv show where the uk mail system hiring system is very flawed, even a tv crew followed some deliverers around and it showed some shady activity.

 

Trust me everyone affected by this can almost certainly sue the ever living hell out of Fujitsu over this. 

[Guest]

53 minutes ago, CarlBar said:

 

Trust me everyone affected by this can almost certainly sue the ever living hell out of Fujitsu over this. 

There really is a lot more to it than a failure of IT here. The post office at the time was fully state owned with a very different structure from now. Investigation was done by a third party too, as well as police etc. So the parties to blame are quite varied and a large enquiry will be needed to ascertain exactly where things went wrong. You cannot put the blame on a single entity in cases like this.

[Guest]

5 hours ago, amdorintel said:

interesting, so people were sent to prison for no real evidence other then some missing monies from a till system.

 

no evidence of a new lambo, offshore account, new rolex watch, literally no flash whatsoever, and the exact same spending habits over countless yrs.

 

where were the prosecutors looking, imaginary la-la land.

 

be a very nice lawsuit, but i know the united kingdom is a very unusual country in certain ways. collectors are allowed to take debtors property is a new one i've learned in the past few yrs simply from watching a tv series.

 

however, i do remember seeing a tv show where the uk mail system hiring system is very flawed, even a tv crew followed some deliverers around and it showed some shady activity.

Please do not believe everything you see on TV, especially the kind of lowest common denominator tv you are talking about here. There are thousands of hard working and honest people working in the post office here. As in any walk of life there will be the odd rogue, but it is not the norm.

 

And yes, property can be used to recover funds for an injured party here in the UK. It is not easy to go that far down the line and in most cases this happens only to business assets not personal ones.

[TechyBen]

1 hour ago, Phill104 said:

Please do not believe everything you see on TV, especially the kind of lowest common denominator tv you are talking about here. There are thousands of hard working and honest people working in the post office here. As in any walk of life there will be the odd rogue, but it is not the norm.

 

And yes, property can be used to recover funds for an injured party here in the UK. It is not easy to go that far down the line and in most cases this happens only to business assets not personal ones.

IIRC leasehold items can of cause be taken back, and this at times applies to credit card purchases. However, the debt collectors either use encouragement (like a child asking for candy, lol) to get payments, or get an actual court order for payment/collection of goods (car/tv/etc).

 

Quote

The debt collector should:
• use language you understand
• contact you at reasonable times
• only come into your home if you have invited them to
• tell you the time and date that they will visit you
• during a visit, leave your property if you ask them to
• when sending you a letter, include clear information about who they are and why they are contacting you as well as the process that they are legally allowed to take to get the money that you owe
• provide you with information on your debt, such as the amount you owe
• if you ask for it, provide you with more information about your debt, such as what your original agreement was, and if there were any changes made to it later. For more information on how to request information on your credit or hire agreement see the OFT advice guide.

It seems "Bailiffs" are those with court orders. I am not sure if this applies for personal/shopping/bank debt too, or only just fines/tax payments. But even if it does cover other types of debt, they need a court order anyhow before they can take anything. Debt collectors don't have legal rights to go into a home or take anything, but can of cause try to ask/persuade people to pay, as most businesses with non-paying customers will!

[leadeater]

1 hour ago, TechyBen said:

Debt collectors don't have legal rights to go into a home or take anything, but can of cause try to ask/persuade people to pay, as most businesses with non-paying customers will!

Debt collectors normally will get a court order to pay outstanding debt if it goes unpaid with no attempt to pay it back, then they turn up with the police and seize assets or you pay up in full. They might lack direct power but they know how to get it when required.

[Bravo1cc]

Working in the industry that proves software for businesses like this, its all to common that proper testing in a new system is not done.

 

Correct testing at implementation is key. Our motto where i work is quality over quantity. We would never let this get through and me ensure thorough testing is done before our clients push their system live. To me this sounds like a rushed change in software that could have been avoided if the correct testing and QA was taken by whom ever was the project manager.

[Guest]

49 minutes ago, leadeater said:

Debt collectors normally will get a court order to pay outstanding debt if it goes unpaid with no attempt to pay it back, then they turn up with the police and seize assets or you pay up in full. They might lack direct power but they know how to get it when required.

It can be a lot more complex than that here in the UK. There is a big difference between for instance debt owed to certain government agencies to others, to private individuals etc. The inland revenue have a more aggressive stance than for instance the CSA or whatever they are called this week.

 

A friend of mine was until recently a “Sheriff” and has some rather colourful tales.

 

All going quite a bit off topic though, probably best to bring it back to the post office incidents. It is very hard for me to comment on this one as I work for Fujitsu. What I can say is companies like ours sometimes supply software and hardware but don’t manage it, sometimes a full managed service is provided and sometimes kit is supplied indirectly through a third party. I think it is wrong for people to comment that a company should be sued without knowing the full relationship, the details of the contract and how it was managed. This particular case will involve an inquiry I am sure, and it is only after that fingers can be wagged. The tabloid press here are some of the worst on the planet pedlars of lies, hope and general bull so should always be taken with a bucket load of salt.

[CarlBar]

5 hours ago, Phill104 said:

There really is a lot more to it than a failure of IT here. The post office at the time was fully state owned with a very different structure from now. Investigation was done by a third party too, as well as police etc. So the parties to blame are quite varied and a large enquiry will be needed to ascertain exactly where things went wrong. You cannot put the blame on a single entity in cases like this.

 

Yes and no.

 

Other may be at fault for how the investigations where handled but unless Fujitsu where not involved in support in any meaningful way, (and it dosen;t sound like they weren't), i don't see any way the courts aren't going to find them grossly negligent unless there's some info not in the OP that would absolve them, (and it would have to be pretty damn good evidence too). This isn't a case of some bug that existed only for a short time period and was found quickly once it started causing issues, the time period over which it's existed and the time span issues have been occurring in mean regular software updates or code reviews really should have caught it and with the suggestions of issues they really should have been looking into it.

 

I'm not saying there's absolutely no circumstances under which it could be judged Fujitsu are blameless but it would have to be a very extreme set of circumstances. And if they can be held to have goofed majorly, well they're totally vulnerable to get the ever living hell sued out of them by any who's well being (physichial, mental, or financial), was affected including many of those who dropped the ball during the investigation and had financial outlay a a result.

[Guest]

35 minutes ago, CarlBar said:

 

Yes and no.

 

Other may be at fault for how the investigations where handled but unless Fujitsu where not involved in support in any meaningful way, (and it dosen;t sound like they weren't), i don't see any way the courts aren't going to find them grossly negligent unless there's some info not in the OP that would absolve them, (and it would have to be pretty damn good evidence too). This isn't a case of some bug that existed only for a short time period and was found quickly once it started causing issues, the time period over which it's existed and the time span issues have been occurring in mean regular software updates or code reviews really should have caught it and with the suggestions of issues they really should have been looking into it.

 

I'm not saying there's absolutely no circumstances under which it could be judged Fujitsu are blameless but it would have to be a very extreme set of circumstances. And if they can be held to have goofed majorly, well they're totally vulnerable to get the ever living hell sued out of them by any who's well being (physichial, mental, or financial), was affected including many of those who dropped the ball during the investigation and had financial outlay a a result.

Thing is, the original investigation also would need to be held at fault. It is easy to blame IT in anything like this but there also has to be additional measures involved to protect individuals. If that hasn’t happened then the regulators need to be held accountable. You cannot scapegoat just one part of the story here and I am sure the courts will agree. There will be multiple elements held to account and hopefully lessons learnt for the future.
 

As I say, I have worked for Fujitsu for a very long time so it is very hard for me to comment or be unbiased so I will drop out here. I will say in my experience Fujitsu are a very good employer here in Europe, very supportive of their staff and customers. 

[NumLock21]

Is there a news article on this. If so link it, please.

I can't deal with personal opinions as news. I read it, and it felt like I'm reacting to it like some excited YouTuber. Even the OP in the source forum is the same.

 

 

[TechyBen]

21 minutes ago, NumLock21 said:

Is there a news article on this. If so link it, please.

I can't deal with personal opinions as news. I read it, and it felt like I'm reacting to it like some excited YouTuber. Even the OP in the source forum is the same.

 

 

Hahaha. My bad, fixed the link. I guess that's my fault for having multiple forums open at once... I really need to get around at deleting my online presence. Twitter and Reddit probably don't contribute much positively anyhow... but the tech. The Tech goodness on LTT forums is so addictive. XD

[Bravo1cc]

6 hours ago, Phill104 said:

It can be a lot more complex than that here in the UK. There is a big difference between for instance debt owed to certain government agencies to others, to private individuals etc. The inland revenue have a more aggressive stance than for instance the CSA or whatever they are called this week.

 

A friend of mine was until recently a “Sheriff” and has some rather colourful tales.

 

All going quite a bit off topic though, probably best to bring it back to the post office incidents. It is very hard for me to comment on this one as I work for Fujitsu. What I can say is companies like ours sometimes supply software and hardware but don’t manage it, sometimes a full managed service is provided and sometimes kit is supplied indirectly through a third party. I think it is wrong for people to comment that a company should be sued without knowing the full relationship, the details of the contract and how it was managed. This particular case will involve an inquiry I am sure, and it is only after that fingers can be wagged. The tabloid press here are some of the worst on the planet pedlars of lies, hope and general bull so should always be taken with a bucket load of salt.

I understand, my business i work for don't create the software but rather sell and modify it to a customers requirements. Just from my perspective i disagree with how this went down. If it was a company i worked for where we supplied the software it would have come back to us to see where the issue was before it ever got to this stage. To me it just seems like a pointing game rather than a productive investigation and some poor person boar the brunt of an angry director.

 

Anyhow its interesting to hear your perspective as your rather on the side of were we get our software from.

[Guest]

34 minutes ago, Bravo1cc said:

I understand, my business i work for don't create the software but rather sell and modify it to a customers requirements. Just from my perspective i disagree with how this went down. If it was a company i worked for where we supplied the software it would have come back to us to see where the issue was before it ever got to this stage. To me it just seems like a pointing game rather than a productive investigation and some poor person boar the brunt of an angry director.

 

Anyhow its interesting to hear your perspective as your rather on the side of were we get our software from.

Fujitsu are primarily a hardware and services vendor. I did work on the project in question in the distant past but only from a hardware point of view. I do not know where the software and support came from, or whether the ongoing maintenance and support of the software or OS side was from us, outsourced or done by the customer or even a combination of all three. These things are rarely as simple as they seem. Often it is easy to purport blame on the route of least resistance.

 

What worries me in this case is so many sub post masters seemed to be in fear. Some even using their own money to cover up discrepancies. To me that sounds like a more endemic management failure than just an IT issue.

[NumLock21]

So I've read the article, and if I understand it correctly, at the end of the day, Horizon system will show more than, what that post office actually has?

Let's say at the end of the day, Horizon says total for today is $10,000 but the post office actually made $9,000. Now postmaster has to take $1,000 out of their own pockets to make up for that "missing" amount otherwise they are accused of stealing?

Why not have cameras next above each cash register so everything is recorded, like what they do in supermarkets and restaurants, instead of automatically putting blame on the postmaster.

[Trik'Stari]

I gotta say, based on a few cases in the last couple of years, the UK court system would seem to need a very drastic overhaul.

 

Kinda disturbing that my own court system is based on the UK court system.

[Tieox]

The fact it took this long before someone pondered to check the FUCKING computer system shows how we need to seriously overhaul the UK government institutions understanding of IT systems.

 

Britain right now if you get a right jobsworth when trying to do anything :

 

 

 

[amdorintel]

21 hours ago, CarlBar said:

rust me everyone affected by this can almost certainly sue the ever living hell out of Fujitsu over this. 

wish the Pheonix pay system employee payroll system could say the same