Category Archives: Campaign4Change

Civil servant in charge of £9.3bn IT project is not shown internal review report on scheme’s failings.

By Tony Collins

“If people don’t know what you’re doing, they don’t know what you’re doing wrong” – Sir Arnold Robinson, Cabinet Secretary, Yes Minister, episode 1, Open Government.

Home Office officials kept secret from the man in charge of a £9.3bn project a report that showed the scheme in serious trouble.

The Emergency Services Network is being designed to give police, ambulance crew and firemen voice and data communications to replace existing “Airwave” radios.  The Home Office’s permanent secretary Philip Rutnam describes the network under development as a “mission-critical, safety-critical, safety-of-life service”.

But Home Office officials working on the programme did not show an internal review report on the scheme’s problems to either Rutnam or Stephen Webb, the senior responsible owner. They are the two civil servants accountable to Parliament for the project.

Their unawareness of the report made an early rescue of the Emergency Services Network IT programme less likely. The scheme is now several years behind its original schedule, at least £3.1bn over budget and may never work satisfactorily.

The report’s non circulation raises the question of whether Whitehall’s preoccupation with good news and its suppression of the other side of the story is killing off major government IT-based schemes.

With the Emergency Services Network delayed – it was due to start working in 2017 – police, ambulance and fire services are having to make do with the ageing Airwave system which is poor at handling data.

Meanwhile Motorola – which is Airwave’s monopoly supplier and also a main supplier of the Emergency Services Network – is picking up billions of pounds in extra payments to keep Airwave going.

Motorola may continue to receive large extra payments indefinitely if the Emergency Services Network is never implemented to the satisfaction of he emergency services.

EE is due to deliver the network component of the Emergency Services Network. Motorola is due to supply software and systems and Kellogg Brown & Root is the Home Office’s delivery partner in implementing the scheme.

Has Whitehall secrecy over IT reports become a self-parody?

The hidden report in the case of the Emergency Services Network was written in 2016, a year after the scheme started. It said that dialogue between suppliers, notably EE and Motorola, did not start until after the effective delivery dates. Integration is still the main programme risk.

MP SIr Geoffrey Clifton Brown has told the Public Accounts Committee that the report highlighted an absence of clarity regarding dependency on the interface providers, which caused something of an impasse.

He said the report “alluded to the fact that that [a lack of clarity around integration] remains one of the most serious issues and is not showing any signs of resolution”.

Stephen Webb has been in charge of the project since its start but he is the business owner, the so-called “senior responsible owner” rather than the programme’s IT head.

In the private sector, the IT team would be expected to report routinely to a scheme’s business owner.

But in central government, secrecy over internal assurance reports on the progress or otherwise of major IT-related projects is a Whitehall convention that dates back decades.

Such reports are not published or shared internally except on a “need-to-know” basis. It emerged during legal proceedings over the Universal Credit IT programme that IT project teams kept reports secret because they were “paranoid” and “suspicious” of colleagues who might leak documents that indicated the programme was in trouble.

As a result, IT programme papers were no longer sent electronically and were delivered by hand. Those that were sent were “double-enveloped” and any that needed to be retained were “signed back in”; and Universal Credit programme papers were watermarked.

The secrecy had no positive effect on the Universal Credit programme which is currently running 11 years behind its original schedule.

Webb has told MPs he was “surprised” not to have seen review report on the Emergency Services Network. He discovered the report’s existence almost by accident when he read about it in a different report written a year later by Simon Ricketts, former Rolls Royce CIO.

This month the Public Accounts Committee criticised the “unhealthy good news” culture at the Home Office. The Committee blamed this culture for the report’s not being shown to Webb.

The Home Office says it doesn’t know why Webb was not shown the “Peter Edwards” report. The following was an exchange at the Public Accounts Committee between MP Sir Geoffrey Clifton-Brown, Webb and Rutnam.

Clifton-Brown: When you did that due diligence, were you aware of the Peter Edwards report prepared in the fourth quarter of 2016?

Rutnam: No, I’m afraid I was not. The Peter Edwards report on what exactly, sorry?

Clifton-Brown: Into the problems with ESN [Emergency Services Network], in particular in relation to suppliers.

Rutnam: I do not recall it. It may have been drawn to my attention, but I’m afraid I do not recall it.

Webb: It was an internal report done on the programme. I have not seen it either.

Clifton-Brown: You have not seen it either, Mr Webb—the documents tell us that. Why have you not seen such an important report? As somebody who was in charge of the team—a senior responsible officer—why had you not seen that report?

Webb: I don’t know. I was surprised to read it in Simon’s report. [Simon Ricketts.]

Chair: Who commissioned it?

Webb: The programme leadership at the time.

Chair: That is the board?

Webb: The programme director. It was a report to him about how he should best improve the governance. I think he probably saw it as a bit of an external assurance. It probably would have been better to share it with me, but that was not done at the time.

Clifton-Brown: “Probably would have been better to share it”? That report said that dialogue between suppliers, notably EE and Motorola, only started after the effective delivery dates. The report highlighted that there was not clarity regarding dependency on the interface providers, and that caused something of an impasse. It also alluded to the fact that that remains one of the most serious issues and is not showing any signs of resolution. That was in 2016, in that report. Had that report been disseminated, would we still be in the position that we are today?

Webb: I think that we would have wanted to bring forward the sort of [independent] review that the Home Secretary commissioned, and we would have done it at an earlier date.

Clifton-Brown: Why did you need to? You would not have needed to commission another review. You could have started getting to the root of the problem there and then if you had seen that report.

Webb: Yes.

Comment:

Webb and Rutman seem highly competent civil servants to judge from the open way they answered the questions of MPs on the Public Accounts Committee.

But they did not design the Emergency Services Network scheme which, clearly, had flawed integration plans even before contracts were awarded.

With no effective challenge internally and everything decided in secret, officials involved in the design did what they thought best and nobody knew then whether they were right or wrong. With hindsight it’s easy to see they were wrong.

But doing everything in secret and with no effective challenge is Whitehall’s  systemically flawed way of working on nearly all major government IT contracts and it explains why they fail routinely.

Extraordinary?

It’s extraordinary – and not extraordinary at all – that the two people accountable to Parliament for the £9.3bn Emergency Services Network were not shown a review report that would have provided an early warning the project was in serious trouble.

Now it’s possible, perhaps even likely, the Emergency Services Network will end up being added to the long list of failures of government IT-based programmes over the last 30 years.

Every project on that list has two things in common: Whitehall’s obsession with good news and the simultaneous suppression of all review reports that could sully the good news picture.

But you cannot run a big IT-based project successfully unless you discuss problems openly. IT projects are about solving problems. If you cannot admit that problems exist you cannot solve them.

When officials keep the problems to themselves, they ensure that ministers can be told all is well. Hence, ministers kept telling Parliament all was well with the £10bn National Programme for IT in the NHS  – until the scheme was eventually dismantled in 2011.

Parliament, the media and the public usually discover the truth only when a project is cancelled, ends up in the High Court or is the subject of a National Audit Office report.

With creative flair, senior civil servants will give Parliament, the National Audit Office and information tribunals a host of reasons why review reports on major projects must be kept confidential.

But they know it’s nonsense. The truth is that civil servants want their good news stories to remain uncontradicted by the disclosure of any internal review reports.

Take the smart meters roll-out. Internal review reports are being kept secret while officials give ministers and the Department for Business, Energy and Industrial Strategy the good news only. Thus, the latest Whitehall report on smart meters says,

“Millions of households and small businesses have made the smart choice to get a smart meter with over 12.8 million1 operating in smart mode across Great Britain. This world leading roll out puts consumers firmly in control of their energy use and will bring an end to estimated bills.”

Nothing is said about millions of homes having had “smart” meters installed that are neither smart nor compatible for the second generation of smart meters which have a set of problems of their own.

The answer?

For more than 30 years the National Audit Office and the Public Accounts Committee have published seemingly unique reports that each highlight a different set of problems. But nobody joins the dots.

Sir Arnold, the Cabinet Secretary said in “Yes Minister“, that open government is a contradiction in terms. “You can be open, or you can have government.

This is more than a line in a TV satire.  It is applied thinking in every layer of the top echelons of civil service.

Collective responsibility means civil servants have little to fear from programme failures. But they care about departmental embarrassment. If reviews into the progress or otherwise of IT-enabled programmes are published, civil servants are likely to be motivated to avoid repeating obvious mistakes of the past. They may be motivated to join the dots.

But continue to keep the review reports secret and new sets of civil servants will, unknowingly each time, treat every project as unique. They will repeat the same mistakes of old and be surprised every time the project collapses.

That the civil service will never allow review reports of IT programmes to be published routinely is a given. If the reports were released, their disclosure of problems and risks could undermine the good news stories ministers, supported by the civil service, want to feel free to publish.

For it’s a Whitehall convention that the civil service will support ministerial statements whether they are accurate or not, balanced or not.

Therefore, with review reports being kept secret and the obsession with good news being wholly supported by the civil service, government’s reputation for delivering successful IT-based programmes is likely to remain tarnished.

And taxpayers, no doubt, will continue to lose billions of pounds on failed schemes.  All because governments and the civil service cannot bring themselves to give Parliament and the media – or even those in charge of multi-billion pound programmes –  the other side of the story.

Home Office’s “unhealthy good news culture” blamed for Emergency Services Network Delays – Civil Service World

Emergency Services Network is an emergency now – The Register

Home Office not on top of emergency services programme – Public Accounts Committee report, July 2019

Advertisements

Is Britain capable of managing its own affairs after Brexit?

By Tony Collins

The slogan “take back control” implies Britain is adept at running what it currently controls. But is it?

Ministers and officials now control central government administration. The following summarised case studies give an indication of how well they cope with this task:

– Ministers and senior civil servants lost billions on the National Programme for IT in the NHS after repeatedly telling Parliament of its successes. The scheme was “dismantled” in 2011. Afterwards a new organisation was formed, NHS England, which went from IT disaster to IT disaster.

– The biggest reform in central government, Universal Credit, is, so far, 11 years behind schedule and is the second botched welfare reform programme, the £2.6bn “Operational Strategy” being the first.

– Central government’s largest department, the DWP has had its financial accounts qualified every year for the last 31 years because of high levels of fraud and error. Overpayments and underpayments are now at their highest level since 2005-6.

– The Home Office has gone from IT disaster to IT disaster, as has the Ministry of Justice and the Rural Affairs Agency only sometimes pays farmers the correct amount of subsidy.

– The Emergency Services Network is more than £3.0 over budget and isn’t expected to pay for itself until 2029.

– The Department for Business, Energy and Industrial Strategy continues to tell Parliament of the success of its £12bn smart meter rollout programme. But the few dozen latest-generation SMETS2 smart meters installed in Britain’s homes are said to have cost £28m each.

– Last month a report of the National Audit Office said government data is of such poor quality that officials try to steer around it.

– Last week, the Public Accounts Committee’s annual report said, “we see the same pattern of mistakes repeated consistently across Government”.

– It said the same in its 2018 annual report. The repetition of problems and mistakes was “depressingly familiar”.

– When a minister tries to cut what he sees as the exorbitant costs of central government administration, senior civil servants fight against him. Former Cabinet Office minister Lord Maude, who wanted to bring down the costs of central government IT, later lamented the “overt disobedience” of some senior civil servants.

– Transparency in central government is almost non-existent. The LSE found it impossible to establish the costs of central government administration, in part because civil servants keep changing what counts as an administration cost.

As an aside, a look at how well ministers and officials handle the nation’s finances shows that net public sector pension liabilities are £1,865bn, the equivalent of more than £68,000 per UK household and 92% of GDP.

The shortfall between assets and liabilities increased from £2,420bn to £2,565bn in 2017 and borrowing rose by £58bn – far more than the entire “Brexit divorce bill” of £39bn.

[Medical negligence claims on their own stood at £78.4 billion at 31 March 2018.]

Comment

The little openness that exists in government IT depends to an extent on EC open tendering regulations. Open competition for contracts is also largely the result of EC regulations.

These regulations ensure contracts and winners are published; and the EC investigates allegations of breaches of its rules.

Without these regulations, ministers and officials would have more freedom to award large contracts to the same companies – ones that may later recruit them.

Anyone who regularly reads National Audit Office reports knows that there are pockets of competence in central government but consider how IT over the last 30 years has cut costs for the private sector and compare that with the increasing costs of running central government.

There are impressive exceptions, the Department for Digital, Culture, Media & Sport being one.

A frightening thought?

EC regulations deter corruption among ministers and officialdom. Why would anyone be in a hurry to be rid of them?

UK central government administration is largely unaccountable and opaque at the moment, particularly when it comes to arm’s length bodies such as the Post Office. After Brexit, central government administration is destined to become less open and accountable, and thus more costly – a frightening thought for anyone who cares how their taxes are spent.

Horizon IT trial has a focus on probability theory – but it’s seemingly impossible events that cause some of the worst failures of complex systems

By Tony Collins

Can probability theory explain a single one of the Post Office’s major incidents?

Analysis and comment

One focus of the latest High Court hearings over the Post Office Horizon system has been the likelihood or otherwise of known bugs causing losses for which sub-postmasters were held responsible.

The Post Office argues that Horizon is robust and it has countermeasures in place to ensure any errors with potentially serious consequences are detected and corrected.

So reliable is Horizon – thousands of people use it daily without lasting problems – that the Post Office has expressed no doubts about blaming sub-postmasters for losses shown on the system.

But sub-postmasters argue that they did not steal any money and that spurious losses were shown on a system that was demonstrably imperfect at times.

The arguments and counter-arguments have left journalist Nick Wallis who is covering the trial with this impression …

“What you can’t do is actually get a sense of whether Horizon’s bugs, errors and defects caused discrepancies for which subpostmasters have been held liable…

“The expert answer to whether Horizon is responsible for causing discrepancies in branch accounts appears to be ‘possibly’ or ‘possibly not’.”

As Wallis also points out, there may not be enough information on which to make a definitive judgement.

The Post Office’s own expert has referred to …

“levels of depth and complexity in the way Horizon actually works which the experts have not been able to plumb …”

The expert agreed that it was usually difficult to make categorical negative statements of the form: x or y never happened.

This uncertainty raises questions of about how any judge can decide whether Horizon did or did not cause the losses complained of in the litigation.

As part of its case, the Post Office has used probability theory – a branch of maths – to help demonstrate the robustness of Horizon.

This was some of the evidence given in court …

“And we have to take 50,000, we divide it by 3 million, and what I get from that is I can cancel  all the thousands out and I get 32 x 50/3, so that is about 500.  So it is consistent with one occurrence of a bug to each claimant branch during their tenure.”

Another piece of evidence …

“the chances of the bug occurring in a Claimants’ branch would be about 2 in a million.”

The expert made it clear that statistics are not a substitute for hard facts.

But what when the seemingly impossible occurs?

Adding to the “levels of depth and complexity in the way Horizon actually works which the experts have not been able to plumb” is a layer of further possible uncertainty: whether bugs or complex system-related issues affected branch accounts in ways that were not detected or were not considered possible as part of a complex sequence of apparently random events.

Below is a list of some aircraft accidents involving technology or complex system-related problems where the seemingly impossible or the unanticipated happened.

As these involved a sequence of events that had not been considered possible or were not deemed a serious risk, the system operators (pilots) had not been trained to mitigate the consequences.

In many of the accidents, pilots were blamed initially but investigators found, sometimes after years of tests of systems and equipment, that the aircraft was at fault.

The Post Office in the High Court hearings has compared the robustness of Horizon to aircraft and other systems. The Post Office’s QC compared Horizon’s robustness to “systems that keep aircraft in the air, that run power stations and run banks”.

Banking systems are indeed robust but they do fail sometimes; and when they do,  thousands of customers can be locked out of their accounts for days. as happened at Tesco Bank, RBS and TSB.

Power station IT tends to be designed, tested and implemented, in the UK at least, to defence safety-critical standards that impose a rigour not required of commercial systems such as Horizon.

With aircraft systems, however, it may be worth looking at how similar they are or different to Horizon. As air crash investigations are usually exhaustive in their thoroughness, we, the public, know what has gone wrong because reports are published.

We know, therefore, that some of the worst air crashes are caused by occurrences of the seemingly impossible.

Aircraft manufacturers could not, with any authority or credibility, tell investigators of a series of air crashes that, as they cannot fully understand the complexity of the system, they will have to take it that pilots must be to blame given that the aircraft is demonstrably robust.

That millions of flights take place every year without incident, and planes have triple redundancy in their flight systems and fail-safe measures in place for critical components, would not be good reason to assume pilots must be to blame for crashes.

And imagine telling air crash investigators that they could use probability theory to work out the likelihood of a serious fault causing a particular major incident.

The seemingly impossible occurs – a list

These are some of the most notorious failures of complex aircraft systems where the seemingly impossible happened …

  • Nobody thought it possible that new technology on one of the world’s safest aircraft, the 737 Max, could leave pilots fighting to lift the plane’s nose at the same time as complex systems were inexplicably keeping the nose pitching towards the ground. Probability theory would not have explained what went wrong or why – because such a sequence of events was not foreseen. After the first crash, pilots were blamed. After the second crash in March 2019, various countries grounded the plane.  Modifications now being made are likely to save hundreds of lives in future. In the end, despite an initial assumption of pilot error, precise faults in complex systems were identified as the probable cause of both crashes.
  • Nobody thought it possible that a computer-controlled engine on a modern jet airliner, a Boeing 767, could go into reverse thrust at nearly 30,000 feet. Being a theoretical impossibility, pilots were not trained to try and mitigate the consequences. Compulsory improvements after the crash have, potentially, saved many lives by avoiding similar accidents. Probability theory would not have explained what went wrong or why. Initially pilots were blamed but eventually it was found that they could not have recovered from such an event at that altitude.
  • The sequence of events that led to the crash into the side of a mountain of an A320, one of the world’s safest and most reliable aircraft, had not been anticipated. The crash’s lead investigator described the accident as a “random” event. Nobody who designed the computer-controlled plane had anticipated that a confusing screen display, an easily-made input mistake, a little-known autopilot feature that compounded the problems and the absence of a computer-based ground proximity warning system, could combine with poor pilot training to cause a disaster. The crash of Air Inter Flight 148 near Strasbourg airport in France led to industry-wide changes, including a redesigned screen display, more pilot training and more widespread use of onboard warning systems. It was thought the pilots had entered “3.3” into the autopilot believing this to be the angle of descent on their approach to the airport. But the same autopilot control was used to set the rate of descent. The autopilot, being in the “wrong” mode, took the plane on a disastrous 3,300 feet-per-minute descent instead of a more relaxed 3.3 angle of descent. The crash was caused by an unanticipated sequence of events. “It a fascinating lesson about the random dimension of accidents,” said the French lead investigator Jean Paries. “Half a second before or half a second later and we wouldn’t have had the accident.” Probability theory would not have helped identify the contributory factors or the “random” sequence of events.
  • Nobody thought that rain and hail could cause both engines on a 737 to flame out. The engines were certified to cope with water. But flame out they did, on a flight from Belize to New Orleans in 1988. Amazingly, the pilots glided the unpowered airliner onto a narrow grass levee next to a canal and everyone survived. If the plane had crashed and little wreckage recovered and everyone on board had died, the pilots might have been blamed because of an absence of evidence of technical malfunction, as the engines showed signs only of mild hail damage.
  • It was always considered possible, even likely, that birds could be ingested into a computer-controlled jet engine. But it was not considered likely that birds could ingested into the core of the engine. It was even less likely that birds could be ingested into the engine’s core and stop it from working. The idea of birds being ingested into the core of two engines and greatly reducing thrust in both of them at the same time was not even tested for, or pilots trained to cope, because it was thought impossible. But nobody had considered that migrating flocks of Canada geese would be in the vicinity of New York’s LaGuardia airport. The birds weigh up to 10 pounds. The plane’s engines were certified to cope with birds weighing up to four pounds. With a loss of power in both engines, the Airbus A320 glided safely onto the Hudson river, piloted by the gifted and now-famous pilot Chesley “Sully” Sullenberger. Probability theory would have been of no use in identifying what went wrong or why.
  • It was thought impossible that a modern airliner could lose all three of its separate hydraulic systems on one flight but that is exactly what happened on United Airlines Flight 232. The tail engine on a DC-10 had an uncontained fan disk failure in flight, which damaged all three hydraulic systems and rendered the flight controls inoperable. Nobody had considered that a rupture could occur just below the tail engine where all three hydraulic systems were in close proximity. But a number 2 engine explosion hurled fragments that ruptured all three lines, resulting in total loss of control to the elevators, ailerons, spoilers, horizontal stabilizer, rudder, flaps and slats. Probability theory could not have identified the cause.
  • At first, pilots were blamed for a series of 737 crashes where a suspected component was tested by investigators but it performed perfectly every time. After more than five years of investigations,  hundreds of fatalities and thousands of tests on the component, it was discovered that in a very rare set of specific circumstances, the component could not only jam but jam in a way that left the rudder in an extreme position on the opposite side to that expected. This was the equivalent of a car driver turning the steering wheel left and it jams hard over to the right. The seemingly impossible had happened. No probability theory would have helped identify the fault.
  • Nobody had thought it possible that a Chinook helicopter tethered to the ground at Wilmington, Delaware, USA, during tests could be destroyed by an uncontrollably surging computer-controlled engine. It happened because an electrical lead had been unplugged to simulate an electrical failure. The engine software had not been programmed to cope with such an eventuality. It kept pumping fuel into the engine because the software misinterpreted the unplugged lead as evidence the engine was delivering insufficient power.
  • Nobody had considered the possibility of wasps contributing to the deaths of all 189 people on a 757 bound for Germany. The wasps were thought to have nested in a pitot tube which fed incorrect data to the cockpit instruments. As a result, pilots were told simultaneously that the plane was flying too fast (which can cause break-up of the airframe) and too slowly (which can cause a stall and send the plane plummeting to the ground). As such an eventuality was not considered possible, pilots were not trained to cope with the effects of a blocked pitot tube or with conflicting warnings that they were flying too fast and too slowly at the same time. Probability theory would not have helped identify the cause.

So what? – Horizon is not an aircraft system

There are more similar incidents in which the seemingly impossible happened.

All of the aircraft had duplicate or triplicate critical components, methods of error detection and correction, contingency measures, built-in redundancy – and a great deal more in terms of rigorous real-world user testing, independent analyses and firm change control.

And still the aircraft or its complex systems failed. Probability theory and statistics would have solved none of the incidents.

Investigators identified a probable cause after each incident by having a full understanding of the systems and equipment involved, full disclosure of information, in most cases the print-outs from black boxes and dogged independent investigations that sometimes involved years of tests of  single components on multi-million dollar test rigs.

There has been no requirement to determine the exact cause of every major incident involving Horizon.

How, then, can anyone know for certain that Horizon was performing as expected when sub-postmasters were blamed for losses of tens of thousands of pounds  – losses that turned out to be ruinous for them and their families, and on rare occasions led to suicide?

Can probability theory explain a single one of the Post Office’s major incidents?

The Post Office will continue to argue its Horizon system is robust. But the complex systems on more than a dozen planes that crashed, causing the loss of hundreds of lives, were also robust.

The planes crashed not because a one-in-a-million risk materialised but because of a series of events that designers had not considered possible. For this reason, there were no procedures for coping with the events.

We know about the random events and seemingly impossible causes of air crashes because they are among the most thoroughly investigated of all failures of complex systems. Lessons are required to be learnt.

But how does all this leave us on the question on whether Horizon did or did not cause the losses in question?

Perhaps the truth is best summed up in Nick Wallis’ comment that the  expert  answer to whether Horizon is responsible for causing discrepancies in branch accounts seems to be “possibly” or “possibly not”.

But does “possibly” or “possibly not” provide strong enough grounds for Post Office actions that have ruined hundreds of lives?

More to the point, we have with the Horizon system, as with air crashes, evidence of major incidents. Every accusation against a sub-postmaster who denies any knowledge of losses is a major incident. On this basis, there is evidence of hundreds of major Post Office incidents.

But working back from each major incident, there is no full understanding by experts of how exactly the systems worked.

As the Post Office’s expert put it, there are “levels of depth and complexity in the way Horizon actually works which the experts have not been able to plumb …”

There are no print-outs from accident black boxes. There are not single investigations that have taken years to establish the full truth or multi-million pound test rigs on which to assess all the technology in question.

In short, there are many more questions than answers. Is this a just basis for the Post Office’s 100% certainty that it was right to blame sub-postmasters for losses shown on Horizon?

With uncertainty over the exact cause(s) of each incident, was it just and right to require sub-postmasters to make good losses shown on Horizon?

Arguably, that is the same or similar as holding pilots, whether dead or alive, responsible for plane crashes that could have been caused by a random sequence of events that were thought impossible.

Would you feel safer in a plane or running a village post office?

Nick Wallis’ postofficetrial blog

Karl Flinders has reported extensively on Horizon and the trials for Computer Weekly.

Tim McCormack’s “Problems with POL [Post Office Ltd]” blog.

Stephen Mason, barrister and associate research fellow at the Institute of Advanced Legal Studies in London, has written an excellent article (related to the Horizon dispute): the use of the word robust to describe software code

Will Post Office need state bail-out if it loses Horizon IT trial?

By Tony Collins

The Government is now aware, if it wasn’t before, that Horizon IT trials could end up costing the publicly-owned Post Office hundreds of millions of pounds.

Is continuing the case a gamble with public money?

Tom Cooper, the Government’s shareholder on Post Office board

Journalist Nick Wallis has questioned a minister and a senior official on the possible cost implications if the Post Office loses a High Court case over the Horizon IT system.

His questions to the Post Office minister Kelly Tolhurst and civil servant Tom Cooper, who is the government’s representative on the Post Office board, could help to ensure that the Government is aware that the Horizon IT trial may end up costing the Post Office hundreds of millions of pounds if it loses.

This awareness could raise questions among ministers and civil servants about whether the Post Office will face financial problems or even insolvency if it loses the Horizon trials.

The litigation began in 2017 and the Post Office has lost all of the several rulings so far. Judgements have been strongly critical of the Post Office, its approach to the litigation and its behaviour.

Hundreds of millions of pounds?

Tom Cooper joined the Post Office’s board as non-executive director last year. On the board he represents, on behalf of the Department for Business, Energy and Industrial Strategy,  the Government’s 100% shareholding in the Post Office.

He is a director of UK Government Investments, which is wholly-owned by HM Treasury and represents government interests on the boards of arm’s length bodies including the Post Office.

Wallis asked Cooper about the government’s strategy if the claimants win the case. Claimants are about 550 former sub-postmasters who are suing the Post Office – potentially for hundreds of millions of pounds – because they say they were unjustly forced to make good non-genuine losses shown on the Horizon system.

The Post Office is strongly defending the case, arguing that Horizon is robust and that the sub-postmasters were to blame for actual losses.

In his reply to Wallis, Cooper explained that claimants have not declared the size of the damages they seek. Wallis cited Freeths solicitors, which represents the former sub-postmasters, as saying the litigation could cost the Post Office hundreds of millions of pounds.

Cooper replied that no sums of that nature had been mentioned in court. At this point, one of Cooper’s colleagues politely terminated the interview.

Bail-out?

Wallis also questioned Post Office minister Kelly Tolhurst on the possible cost implications if the Post Office loses the case. She politely declined to answer directly saying, “I can’t really go into the litigation stuff… I’m not being evasive. I can’t speak to you about it.”

Wallis asked whether, if the Post Office loses, the government could end up bailing out the Post Office. Tolhurst said she wouldn’t “get into theoretical-based outcomes of the litigation.”

But Tolhurst disclosed that there were conversations going on between the Post Office, civil servants and the ministry [Department for Business, Energy and Industrial Strategy which is the Post Office’s parent ministry].

HM Treasury’s UK Government Investments is responsible for ensuring the Post Office has enough investment and subsidy funding to ensue it is commercially sustainable in the longer term, whilst meeting its social obligations, particularly around minimum network coverages requirements.

UK Government Investments also advises ministers on Post Office commercial and policy issues.

Comment

Wallis’s interviews with Cooper and Tolhurst are important developments: they mean that officials and ministers cannot credibly deny in future that, if they end up bailing out the Post Office, it has come as a shock.

In Wallis’ questions, he made it clear that solicitors Freeths had said the litigation could end up costing the Post Office hundreds of millions of pounds.

Cooper tacitly acknowledged in his reply that he had heard what Wallis said. Indeed, Cooper’s impressive financial background indicates that he will have a good understanding of the possible cost implications for the Post Office if it loses the case.

Cooper was global co-chairman of mergers and acquisitions at Deutsche Bank. He was at UBS Investment Bank for 21 years where his various roles included head of European merger and acquisitions.

Of course, ministers and officials could argue internally – at the moment – that taxpayers are not funding the litigation.

Indeed, Whitehall officials have obtained a written assurance from the Post Office that it will fund the Horizon litigation from its own money, not public money that is allocated to modernisation and new investment in the Post Office’s network.

But it’s a different story if the Post Office runs into financial trouble.

The Government would have no choice but to use public money for a bail out. It could not allow the Post Office to go bust.

And thanks to Wallis’ questions yesterday,  ministers could not argue they were unaware of the full possible cost implications of losing the case.

Indeed, it is incumbent on civil servants now to make sure ministers are aware of what could happen if the Post Office loses the case and cannot afford to pay damages and costs from its own money.

When fully aware of the risks – the gamble with public money – will ministers and officials allow the Post Office to continue spending large sums on the High Court case – or will they urge it to settle now before many more millions of pounds are spent on legal costs?

The judge in the trials, Mr Justice Fraser, has said the case will continue for “years”. Ministers and officials could therefore take the attitude that they may be long gone by the end of the trials and therefore costs are a matter for their successors.

Or they could do the right thing and urge the Post Office to limit its potential liabilities by settling now.

Wallis has a full account of his conversations with Cooper and Tolhurst on his postofficetrial blog.

Post Office Ltd and the money tree – Tim McCormack’s blog

Post Office ordered to pay £5m towards claimants’ costs – part of Computer Weekly’s coverage of Horizon trials

Are councils short of money? Only for public services

By Tony Collins

Councils are short of money for public services – but not for senior officers’ pay-offs or botched deals.

A recent case is highlighted by Somerset’s County Gazette.

It says that restructuring costs for a newly-created council – in which two local authorities merged to save money by way of a “digital revolution” – are likely to double after more people than expected took redundancy.

The new council is expected to pay about £6m in redundancies instead of the target figure of £3m.

According to Somerset’s County Gazette, the pay-outs include £343,000 to the former chief executive of one of the two councils in the merger, Taunton Deane Borough Council, which was a founder member of the failed Somerset One joint venture with IBM.

The Southwest One enterprise cost taxpayers tens of millions of pounds more than it saved.

Now it emerges that five other senior officers involved in the Somerset merger plans have received pay-offs of more than £100,000 each; and although 191 council staff were laid off last year as part of the merger plans, the new council is now considering recruiting dozens of much-needed extra staff.

Campaigner David Orr, a former IT professional at Somerset County Council, has written to the chief executive of newly-created Somerset West and Taunton Council, to express concerns about pay-offs, consultancy costs involved in the merger and what he called the “failed transformation”.

Somerset West and Taunton Liberal Democrat councillor Mike Rigby said,

This [the merger] is a spectacular failure. An uncontrolled exodus of staff, walking away with tens or even hundreds of thousands of pounds, in advance of a “digital revolution” that never arrived.

The council thought it could lose 120 staff as 250 council services went online. The problem is that 191 staff left while fewer than 20 services are available online.

“No consideration as to whether any of those 191 staff were carrying out essential duties so now we’re having to fill many of the redundant roles.

“An utter shambles … It’ll take some time to put this all back together.”

The new chief executive of Somerset West and Taunton Council, told the BBC,

“We’ve overshot that target (£3m), mainly because people put their hands up for voluntary redundancy…

“I think ultimately, people who were eligible to apply for voluntary redundancy decided to take that opportunity.” He said there had been no limit on the number of employees eligible for voluntary redundancy.

“There was an acceptance that if people wanted to take voluntary redundancy, they could do – that’s the way it was set up.

Short of money?

Although councils are said to be short of money for public services – it was reported in 2017 that many were facing bankruptcy – the Taxpayers’ Alliance said last month that, across the country, 2,441 council officers  — a four-year high – earned at least £100,000 a year with 607 of those receiving at least £150,000 in 2017-18.

A total of 28 local authority employees received remuneration in excess of a quarter of a million pounds in 2017-18.

One council has 55 employees earning more than £100,000.

Councils say they need to pay the equivalent of private sector salaries to attract the right people to run large and complex local authorities.

A Local Government Association spokesperson said councils are  “large, complex organisations” that make a “huge difference” to people’s lives.

The spokesperson added: “Senior pay is always decided by democratically elected councillors in an open and transparent way.”

Comment

IT-led transformations are fun. They are a break from routine and great for the CV.

The supplier gains. Those at the council working on the transformation gain. A win-win. Even the public may gain if anyone can ascertain from a complicated deal whether any savings have been made.

If the deal fails,  nobody is constitutionally accountable except the volunteer councillors.

And councils seem to follow the principle that every overtly botched IT-led transformation needs to be followed by a new IT-led transformation. If that doesn’t succeed, a third may make up for the other two.

All the while, senior council officers continue to receive no-risk salaries of £100,000 + and/or large pay-offs.

Large amounts of money paid to senior officers does a disservice to the mass of lower or middle grade council officers who earn appropriate sums and bear the same risks of losing their jobs as anyone in the private sector.

Why do councils exist?

Botched deals leave less for public services. And the more senior council officers continue to receive large sums of money whether their councils succeed or not,  the more they will reinforce the fat cat stereotype and convince people that councils exist for their own benefit rather than the public’s.

As more public services disappear while the cost of the council payroll soars, the more people will wonder whether their local council would prefer not to offer any services at all.

A Yes Minister episode had officials boasting of the efficiency of a newly-built and fully-equipped NHS hospital that had no patients.

The hospital was fully staffed with 500 administrators and ancillary workers but had no money left for any nurses or doctors.

Is this where councils’ public services are headed?

Thank you to campaigner David Orr who seeks to hold those in power in Somerset to account.

 

Would you feel safer in a plane or running a village Post Office?

By Tony Collins

Technology-related controversies involving Boeing and the Post Office raise similar questions  

Technology is cited as a factor in the crashes of two Boeing 737 Max aircraft in which a total of 346 people died.

Technology is also cited as a factor in suicides, bankruptcies, marriage break-ups and ruined lives of hundreds of former sub-postmasters and their families.

Journalist Nick Wallis reports this month on sub-postmaster Peter Murray  who had a stroke in December last year as the Post Office pursued him for alleged shortages of £35,000 shown on the Post Office’s Horizon branch accounts system.

Unknown to Murray when he took over a post office in Great Sutton, Cheshire, the previous sub-postmaster Martin Griffiths had taken his own life. An inquest heard that Griffiths was being pursued by the Post Office over alleged shortfalls shown on Horizon that ran into tens of thousands of pounds.

The scale of the tragedy in crashes of the two 737 Max aircraft cannot be compared to the Post Office’s Horizon controversy.

But anyone who has studied common factors in plane crashes, bridge collapses, Space Shuttle tragedies and other engineering, IT and human failures may see similarities in the complaints by pilots about the Boeing’s 737 Max technology and complaints by former sub-postmasters about the Post Office’s Horizon branch accounting system.

Excessive secrecy?

The Horizon and 737 Max controversies are marked by allegations of a cover-up of computer-related problems which Boeing and the Post Office deny.

The technology’s operators (pilots and sub-postmasters) complained that they were not being given the full facts after major incidents. Pilots expressed concerns direct to Boeing about the 737 Max’s MCAS anti-stall system. The pilots received assurances that any problems were not serious.

But the second fatal crash of a 737 Max happened after those assurances; and the MCAS system was implicated in both crashes. It transpired that pilots kept trying to raise the plane’s nose while MCAS anti-stall software kept pitching it towards the ground.

A known problem had not been fixed. It was known that MCAS could, in rare circumstances such as faulty sensor data, pitch down the nose even if the plane was not in danger of stalling.

In the two 737 Max crashes, some aviation specialists believe that MCAS  was being fed erroneous data from a faulty sensor. In one of the crashes, a sensor might have been damaged by a bird strike.

Usually with critical aircraft software, an alert is given to pilots when sensors are faulty; and pilots are trained in what to do. But if manufacturers do not judge new software to be safety-critical, they may not consider alerts and related training to be vital on all aircraft.

Sub-postmasters received repeated assurances from the Horizon helpline when they raised concerns about unexplained shortfalls shown the system. For them and their families, a series of life-changing events followed those assurances, culminating in some cases, in serious health-related events or worse.

Blame the operator?

After major incidents, Boeing and the Post Office have defended their technologies and pointed to the system operators: pilots and sub-postmasters.

Other common factors in complaints against technologies in the 737 Max and the Post Office’s Horizon system include:

  • A questionable ability of the system operators – pilots and sub-postmasters – to be taken seriously when they raised concerns about the technology.
  • Little or no statutory scrutiny of the technology in question although its performance could profoundly affect lives. Boeing self-certified the technology in use in the 737 Max. The Post Office’s Horizon system was not subject to any statutory or regulatory inspection. Horizon was scrutinised by forensic accountants Second Sight and the Post Office dismissed its partially unfavourable findings. It also ended Second Sight’s contract.
  • Structural secrecy that prevented pilots and sub-postmasters understanding fully the technology they were required to use.
  • Major incidents that were treated by Boeing and the Post Office as one-offs. Links between major incidents may not be immediately obvious because they are sometimes the result of a complicated combination of events that might not have congealed in exactly the same way before. But, even after two similar, fatal crashes of the 737 Max, the US Federal Aviation Authority said the aircraft was safe. When countries across the world including Britain grounded the 737 Max, the Federation Aviation Authority had no choice but to act. The aircraft remains grounded worldwide; and European and US regulators are at odds over the depth of the oversight changes required to avoid such software-related crashes again. It appears Boeing will end up having to change the way it operates. After hundreds of complaints about the Horizon system, the Post Office is facing a group litigation action. Former sub-postmasters are claiming damages for financial loss, personal injury, deceit, duress, unconscionable dealing, harassment and unjust enrichment. The Post Office disputes the whole basis of the claimants’ case and maintains that large numbers of sub-postmasters knowingly submitted false accounts. The Post Office maintains that Horizon worked perfectly adequately.

Old technology?

There’s also the question of whether the controversies might have been avoided if ageing designs had been replaced entirely rather than modified to keep pace with business imperatives.

Boeing’s 737 design goes back to 1960s and the Horizon system to the 1990s. But fundamentally new designs would have required hugely costly retraining programmes for pilots and sub-postmasters. .

Normalising the questionable 

A further common consideration – as in the loss of the Challenger Space Shuttle – is whether questionable institutional practices and behaviour had become normalised. A fascinating 575-page book on this problem, “The Challenger launch Decision” shows in minute detail how NASA managers did not violate their procedures. Instead they set and followed bad precedents – what the author Diane Vaughan called the “normalization of deviance”. She said,

“It was not amorally calculating managers violating the rules that were responsible for the tragedy. It was conformity.”

Vaughan found that it is easier for large organisations to blame the technology operators for institutional failures rather than identify structural and cultural causes of disaster. She warned of the dangers of seeing organisational failures as the result of individual actions.

“… taken-for-granted aspects of organisational life created a way of seeing that was simultaneously a way of not seeing”. She added,

“Any remedy that targets only individuals misses the structural origins of the problem.”

The organisation’s culture is “supremely important” in allowing constructive criticism to be heard. But Vaughan concludes in her book that NASA’s economic pressures and cultures leading up to the Challenger disaster are still there.

Arguably, it is almost impossible for a large organisation to change its culture unless change is forced on it. When a subsequent Space Shuttle mission [Columbia] ended in disaster, an official report highlighted NASA’s underlying organisational and cultural issues that contributed to the accident.

Clearly, it is possible for everyone involved in the design and implementation of technology for large organisations to do everything right according to long-established procedures – and still have a succession of disasters.

Boeing

A comprehensive account of what went wrong with the design and development of Boeing’s 737 Max software has been published in The Verge. It is headlined, The many human errors that brought down the 737 Max”.

It explains how Boeing needed to modernise the ageing 737 design – but not too much because major changes would have required a retraining of thousands of pilots, which would have added to costs for potential customers.

Instead of a new design of airframe, Boeing put larger and more efficient engines on an aircraft that remained essentially the same. The heavier engines needed repositioning, further forward, on the wings, which affected handling of the 737 in certain circumstances, but any aerodynamic changes were made largely invisible to pilots by new MCAS software.

The modified aircraft was an apparent winner. It required less than three hours of computer-based training. Boeing sold a record-breaking $200bn worth of the 737 Max before the first prototype took to the skies.

But pilots became concerned after the first fatal crash. Captain Laura Einsetler, who has flown for over 30 years, including on 737s, told The Verge she was not told the full facts on how the new technologies worked.

“I don’t have the schematics. I don’t have the cockpit panels. I don’t have an instructor that I can ask questions to,” she said, “You’re hoping that the first time you see the Max is on a nice clear day. But sometimes it’s not, and you’re showing up at night or in bad weather into an airplane that has all these changes.” Pilots were not told about the MCAS anti-stall system.

This secrecy meant that the aviation world was not generally aware that, at the time of the first fatal Max crash in October, if MCAS was being fed incorrect data from a faulty sensor, 737 pilots could end up fighting against the plane’s software for control of the aircraft.

A Boeing 737 Max, Lion Air Flight 610, with 189 passengers and crew, went into the Java Sea 12 minutes after taking off from Jakarta, Indonesia in October last year. Nobody survived.

About five months later, Ethiopian Airlines Flight 302, with 157 passengers and crew, crashed six minutes after take off from Addis Ababa. Nobody survived. Minutes before each crash, pilots had been fighting against MCAS to lift the nose but MCAS kept pointing it towards the ground. It was the software that had the final, tragic say.

One of the lessons from the crashes is that the US Federal Aviation Authority may include software in its certification tests in future rather than leaving delegated authority with Boeing.

Post Office control

In the case of Horizon, the Post Office has remained in full control.

When some sub-postmasters faced with unexplained shortfalls ended up in prison, the Crown Prosecution Service and police were not always involved in their cases. It was the Post Office that was the investigating and the prosecuting authority. Nothing sub-postmasters could say to the Post Office about Horizon would shake its belief in the system.

However, the Post Office is facing criticism by High Court judges. In the litigation between sub-postmasters and the Post Office, the Horizon trial judge Mr Justice Peter Fraser has been strongly critical of the Post Office, its behaviour, actions and most of its witnesses. In his “common issues” judgement, he said that some of the Post Office’s submissions “seem to have their origins in a parallel world”. The Post Office has appealed the common issues judgement.

Has the Post Office’s control gone unchecked for too long? Would the Post Office, like Boeing, benefit from having its technology subject to close statutory scrutiny? Particularly when, like Boeing, it controls technology that has the power to change the course of people’s lives.

Comment

The safety culture in the aviation world has much to teach the designers and operators of business systems generally.

Aircraft design has evolved over decades on the basis of trying to anticipate the improbable and even the impossible. On rare occasions, all the main engines on Airbus and Boeing flights have failed and passengers have emerged from the incidents unscathed.  Examples include British Airways Flight 9 (a Boeing 747), US Airways Flight 1549 (an Airbus A320) and Taca Flight 110 (a Boeing 737)..

This aviation industry’s safety culture means that when things go tragically wrong, lessons are usually learned. There are currently congressional hearings in the US into the two fatal crashes of the 737 Max; and lengthy statutory investigations by the National Transportation Safety Board are underway.

Worldwide media coverage of new disclosures about Boeing’s 737 Max technology has been relentless. Boeing has been compelled to act. The regulators may also change their practices. There remains in Europe a deep distrust of the competence of the Federal Aviation Authority.

The Post Office is not accustomed to being told what to do. Its much earlier predecessor, the General Post Office, was an arm of government and had its own special investigations unit responsible for intercepting letters as part of British intelligence service operations. Some of the Post Office’s work today falls within the scope of the Official Secrets Act. It is not answerable to shareholders (except a single government representative on the board).

Even with a legal challenge from Justice for Subpostmasters Alliance and solicitors Freeths, who represent sub-postmasters, the Post Office has sought to exercise control.

In 2017, the Post Office opposed the sub-postmasters’ application for a Group Litigation Order. The judge granted it. In 2018, the Post Office sought to strike out between about one quarter to one third of all of the evidence served by the sub-postmasters. It said the evidence was irrelevant to the first trial. The trial judge disagreed and ruled that the evidence stay.

In 2019, the Post Office has sought to have Peter Fraser removed as the trial judge. It said he was biased. The Court of Appeal disagreed, which means the judge will stay for the remaining three trials. The Court of Appeal issued a 17-page judgement against the Post Office. The Law Society Gazette described the ruling as “scatching”.

The Post Office remains in control, however. Being 100% government-owned, it can spend money without fear of going bust. Taxpayers would have to bail it out in any financial crisis. It has the power to seek to appeal every major judgement, or appeal refusals to grant a right of appeal, all of which could extend the proceedings for years. Judge Fraser expressed a concern about escalating costs in his judgement in March 2019 when he said,

“The Post Office has appeared determined to make this litigation, and therefore resolution of this intractable dispute, as difficult and expensive as it can.” [Par 544).

He also said that the Post Office appears, at least at times, to conduct itself as “though it is answerable only to itself”.

 If the Post Office has no fear of going bust in any financial crisis, could it control the outcome of the proceedings by appeals and extensions that may eventually drain the other side of its private financing?

Would you feel safer in a plane or running a village Post Office?

It is reassuring for airline passengers to know that plane makers can be held to account if things go wrong. At an ordinary domestic level, homeowners would want to be able to hold a roofer or a central heating company to account if things went wrong. It can be argued that any company is only as good as its reaction when things go wrong.

If anything goes seriously wrong when you are running a village post office, you are in the hands of the Post Office. If the computer says, inexplicably, that you have debts totalling £30,000, £50,000 or £80,000, your options may be limited: pay in full, go bankrupt, lose your home and your health or worse.

Culture

It appears the Post Office has shown little or no compassion to most of those who have complained about shortfalls shown on Horizon. Its corporate mindset is that Horizon cannot be the cause of discrepancies. Nobody can change an institutional mindset or force it to change.

After decades of IT-related failures in Whitehall, some costing billions of pounds, such as the £10bn National Programme for IT in the NHS (NPfIT) secretive institutional cultures and mindsets have remained unchanged. Indeed, health officials in recent months have sought to to re-introduce facets of the NPfIT that were discredited years ago, such as central control of locally-based IT.

Even if the Post Office eventually loses the Horizon case and ends up with costs and damages exceeding £100m – and possibly a much larger sum – it could not be compelled to change its culture. The Post Office’s board and senior officials may change. But not the culture.

Why flying is so safe

If Boeing and Airbus were able to treat every major incident as a rare one-off and hold the pilots responsible every time, it is doubtful flying would be as safe as it is. Statute, rules, government-imposed investigations, a safety culture and the risk of the flying public boycotting airlines perceived as unsafe forces manufacturers and airline engineers to learn lessons from accidents.

The result is that accidents and fatalities are a fraction of what they were in the 1990s. A person could fly once a day for four million years before succumbing to a fatal crash, according to Arnold Barnett, a professor of statistics at the Massachusetts Institute of Technology (MIT).

As for those running a village post office, there are no official statistics on how many sub-postmasters have been affected by unexplained deficits shown on Horizon. What is known is that about 550 former sub-postmasters are party to a legal action against the Post Office over the system and a further 500 or so former sub-postmasters are said to have had similar problems but are not in the group litigation. That is a total about one in eleven of all the 11,000 people who are running post offices in the UK.

The chances of being in an intractable dispute with the Post Office over unexpected shortfalls remain very low, however; and the chances of being in an intractable dispute that is a factor in suicide are infinitesimal. A recent unofficial survey indicated that the majority of sub-postmasters regard Horizon as reliable.

But some of the 1,000 or so former sub-postmasters who have been pursued for deficits have suffered life-changing experiences. In most major incidents on aircraft, passengers and crew walked off unscathed.

Statistics can mean little at the best of times and probably nothing when trying to answer whether you would feel safer in a plane or running a village post office. If perception rules your choice, the answer would be obvious: running a village post office is surely much safer than flying at 35,000 feet in a metal tube.

Once you realise, however, that when you have board an aircraft you are highly likely to emerge unscathed from any major technology-related incident, the answer is not so obvious.

Thank you to David Orr for your emailed link to an article on Boeing’s 737 Max that suggested senior management were not aware of the plane’s technology problems.

**

The Post Office claim I owe them £35,000, despite never showing or telling me what I have done wrong – Nick Wallis’s postofficetrial blog

Post Office applies to appeal damning judgment in first Horizon trial – Computer Weekly’s coverage of the Post Office trial

Post Office Limited and the money tree – campaigner Tim McCormack’s blog

Appeal Court throws out Post Office bid to remove judge

The many human errors that brought down the 737 Max – The Verge

How is Post Office paying for increasing costs of Horizon IT litigation – MP asks questions

The Post Office has lost all four High Court rulings  (so far) in a series of hearings over its Horizon IT system. There are still three trials to go. With appeals, the number of hearings and judgements, and  the duration of the case, are indeterminate.

How is the publicly-funded Post Office paying for litigation that is, in essence, its defence of the Horizon system?

By Tony Collins

Labour MP Kevan Jones has this week asked a series of pertinent questions about costs and the Post Office’s dispute with former sub-postmasters over the Horizon branch accounting system.

His Parliamentary questions are likely to draw the attention of business secretary Greg Clark to the increasing costs of a High Court trial in which more than 550 former sub-postmasters seek compensation and damages from the Post Office. They say they were made to pay for unexplained shortfalls shown on Horizon that could have been caused by bugs or other system weaknesses.

The Post Office says Horizon is robust and the shortfalls were the result of dishonesty or mistakes by sub-postmasters or their staff. The Post Office has pursued sub-postmasters for “debts” shown on the Horizon system of millions of pounds in total.

Kevin Jones’ questions follow a judgement last month in which a High Court judge, Mr Justice Peter Fraser, referred to the Post Office’s approach to the costs of the litigation.

“The Post Office has appeared determined to make this litigation, and therefore resolution of this intractable dispute, as difficult and expensive as it can,” said the judge.

Since that judgement, costs have risen further because the Post Office has decided to appeal last month’s judgement. The Post Office has also applied for the judge to remove himself from three remaining trials over the Horizon system. which caused the second trial to be suspended.

This week it has emerged that costs, which could run into tens millions of pounds, are set to rise again. Although the judge has refused permission for the Post Office to appeal his refusal to remove – “recuse”  himself, the Post Office can ask the Court of Appeal to grant that permission.  BBC legal commentator Joshua Rozenberg has tweeted,

 

 

Kevan Jones has asked the business secretary Greg Clark:

  • what steps he is taking to ensure the Government is held accountable for the decisions and actions of Post Office Limited in the handling of postmasters’ problems with Horizon.
  • whether public money has been used to pay costs involved in the ongoing dispute with postmasters since 2000.
  • whether the Lord Chancellor will determine the extent of any conflict of interest on the part of Tim Parker by reason of his dual roles of (a) the Chairman of Post Office Limited; and (b) the Independent Chair of the HM Courts and Tribunal Service Board.
  • what the anticipated increased cost implications are for Post Office Limited in its dealing with serving Subpostmasters following the High Court decision handed down on 15 March 2019.
  • whether the Post Office has ever taken into profit from its suspense accounts any unreconciled sums recovered from Subpostmasters.

Former sub-postmaster Alan Bates, founder of Justice for Subpostmasters Alliance and lead claimant in the case, told Computer Weekly, 

“This move by Post Office Ltd to have the judge recused was just another act by an organisation abusing the use of public money to litigate a valid case into the ground in order to protect the reputations of just a few individuals and a dysfunctional business.”

The Post Office said, “We will be seeking to appeal the judgment on the recusal application and to continue to vigorously defend this litigation. We believe the overall litigation remains the best opportunity to resolve long-standing issues in order to ensure a stable and sustainable Post Office network for the benefit of the communities who rely on our services every single day.”

Freeths, solicitors for the sub-postmasters,  has submitted an application for the Post Office to pay the legal costs in the first trial, likely to be for several million pounds.

Comment:

Kevan Jones is right to ask questions about the publicly-funded Post Office and costs. The Post Office appears to have no cap on how much it is prepared to spend on the litigation; and it has shown little or no concern about how many years the case will continue.

Institutions, particularly public ones,  have a duty to spend money wisely. Not cutting your losses when you are losing a series of High Court hearings is poor judgement.

The Post Office has a choice: continue to pour money into a case that looks, on the basis of evidence so far, to be unwinnable.  Or pay the millions it is giving lawyers to its former sub-postmasters instead.

It’s a decision the Post Office will not make on its own – in which case Kevan Jones and his Parliamentary colleagues must continue their campaign for justice.

Thank you to sub-postmaster “Mrs Goggins”  and former sub-postmaster Jo Hamilton whose tweets alerted me to Kevan Jones’ questions.

Computer Weekly’s coverage

Journalist Nick Wallis’ coverage

Former sub-postmaster and campaigner Tim McCormack’s blog

 

Does the Post Office Horizon IT dispute boil down to this?

By Tony Collins

In the High Court today,  the Post Office will argue for the judge in the Horizon IT trials to sack himself.

The Post Office is concerned that the judge’s criticisms of the Post Office in his first judgement could affect his future three judgements. The Post Office accuses the judge, Sir Peter Fraser QC, of bias.

Given the thousands of pages of legal documents that relate to the four trials in this dispute,  it is easy to assume that the arguments are hard to grasp for anyone new to the case.  But the issue at stake in the Post Office Horizon IT trials is a simple one:

  • who is to be believed – system owner or user –  when one side says the computer system was robust and reliable and the other side says it wasn’t working as originally intended and was producing unexpected outputs?

The Post Office says in essence: the losses shown on Horizon were real and were the user’s responsibility, the users in this case being sub-postmasters.

The users’ counter-argument is in essence: we didn’t take any money and the losses shown on an imperfect Horizon were unexpected outputs. Not our fault.

It’s the same argument when there are major incidents that involve planes or autonomous cars:

  •  is the aircraft or car manufacturer correct when asserting that it was the user’s fault (pilot or driver).
  • Or is the manufacturer not owning up to IT faults and blaming the user?

Major aviation incidents are investigated independently by statutory bodies. But the Post Office is not automatically subject to any statutory investigation when its IT is alleged to have gone wrong.

It could be said that the four High Court trials over the Horizon branch accounting system are the equivalent of the aviation world’s statutory independent investigation.

The big difference is that Boeing or Airbus cannot ask for the head of an independent inquiry into suspected IT problems after major incidents to be sacked. The Post Office can.

Postofficetrial – coverage by Nick Wallis

Post Office could face huge bill for first Horizon trial – Karl Flinders, Computer Weekly

Will more campaigners die as they await justice in extended Post Office IT dispute?

A High Court dispute over the Post Office Horizon IT system is expected to cost tens of millions of pounds. But what is the human cost of delaying the outcome?

Tomorrow a High Court judge will consider an application by the Post Office to recuse – remove – himself from a series of trials that relate to the Post Office’s Horizon IT system. The Post Office accuses him of bias.

The Post Office’s application means that the second of four trials is currently suspended. A final outcome of the various hearings, after appeals,  could be years away.

Will any delayed final outcome have an effect on the 600 or so sub-postmasters who are part of the litigation?

It is a concern expressed by the judge in the case, Sir Peter Fraser, QC who is head of the High Court’s Technology and Construction Court. In his 1,100-paragraph judgement delivered last month after the first trial, he said,

“Even on that intended timetable, some Claimants [sub-postmasters] may be waiting far longer than is ideal to have their claims fully resolved either in their favour, or against them.

“Some of the Claimants are retired; some are elderly; some have  criminal convictions under review by the Criminal Cases Review Commission.

“Nobody involved in this litigation is getting any younger as time passes. The Post Office itself is under a cloud in respect of these unresolved allegations and I consider it to be an obvious point that resolution of this litigation as soon as possible is in the interests of all the parties – all the Claimants and the Post Office – in the interests of justice and the wider public interest.”

Is the Post Office trying its best to expedite an outcome? Mr Justice Fraser suggested the opposite. His judgement said,

“The Post Office has appeared determined to make this litigation, and therefore resolution of this intractable dispute, as difficult and expensive as it can.” [Par 544].

Separately, the judge said,

“It does appear to me that the Post Office in particular has resisted timely resolution of this Group Litigation whenever it can, and certainly throughout 2017 and well into 2018.” [Par 14]

The judgement referred to the Post Office’s “attritional approach of the Post Office to this litigation”. [Par 569]

If the judge is right and if the Post Office board is determined to make the litigation as difficult and expensive as it can, what of the human cost of any delays taking into account the age of some of those involved and the hopes of those with criminal convictions whose cases are under review?

Traumatised

Journalist Nick Wallis who is covering the High Court trials reports that he has been told that some sub-postmasters remain “traumatised” by their experience of losses shown on the Horizon system that they were required to make good.

Some of the sub-postmasters, says Wallis,  “are having to work long past retirement age” with all their life savings taken to pay for losses that are now in dispute as part of the sub-postmasters versus Post Office litigation.

The Post Office contends that Horizon is robust and that it was justified in holding sub-postmasters responsible for discrepancies and shortfalls shown on the system. The sub-postmasters claim damages saying the Post Office unjustly required payments for losses shown on an imperfect Horizon system. They argue the losses were not real shortfalls.

For one justice campaigner, Julian Wilson, a former sub-postmaster from Redditch in Worcestershire,  time ran out in 2016. Nick Wallis knew Wilson as a gentle, generous and good humoured man. The Post Office prosecuted Wilson for false accounting after unexplained shortfalls on the Horizon system.

The Criminal Cases Review Commission was reviewing his conviction when he died.

Wilson had been sentenced to 200 hours of community service and had to pay the Post Office £27,500 plus £3,000 costs. He told the Daily Telegraph in 2013,

“Initially, when there were discrepancies [on the Horizon system], my wife and I were putting the money in. As the discrepancies got larger and larger, we were no longer able to afford it.

“I told my line managers on several occasions that I was concerned about this, and the comment I got back from them was: ‘Don’t worry, the system will put itself right.’

“But it never did, so I was taken to court. I hadn’t taken a penny. Everything we’ve got has gone. In the last few weeks, we’ve been doing car boot sales to try to get some money to put some food on the table. My wife even had to sell her engagement ring.”

Comment

It is by no means certain that all of the 600 or so former sub-postmasters who are fighting for justice will live to know the final outcome of the trials.

If sympathetic to its former sub-postmasters, the Post Office could settle the litigation or seek expedited judgements. On the other hand, the Post Office could, given its deep pockets as a public institution,  seek to replace trial judges and appeal judgements. If so, a final outcome could be delayed with no end date in sight,

Business minister Kelly Tolhurst MP has responsibility for postal affairs. In deciding whether or not to intervene, will she weigh up the cost in human terms of a dispute that began more than 10 years before the start of the High Court Horizon trials?

MPs called the Post Office Horizon dispute a national scandal but to the family of Julian Wilson it is a tragedy. They live with the knowledge that he went to his grave a near-bankrupt convicted criminal whose wife ended up selling her engagement ring  because of events that followed losses shown on a branch accounting system.

Nick Wallis’ Post Office trial coverage

Post Office lacked humanity in treatment of sub-postmasters, says peer – Computer Weekly’s coverage of the Post Office’s trial

Blog of campaigning former sub-postmaster Tim McCormack

Is the Post Office harming its reputation by continuing to fight sub-postmasters in High Court Horizon IT trials?

By Tony Collins

The head of the High Court’s Technology and Construction Court, Sir Peter Fraser QC, in his judgement on the first Post Office trial over the Horizon IT system, referred to Post Office’s attempts to protect its reputation in some of the evidence it gave to the court.

These are some of the comments from his judgement,

 “He [the Post Office witness] sought to give me evidence highly favourable to the Post Office, which I consider was slanted more towards public relations consumption rather than factual accuracy.”

“As with the other more senior members of the Post Office group of witnesses [he] is articulate, intelligent and also acutely aware of how much the reputation of the Post Office hinges on these proceedings. His evidence was presented in terms obviously designed to put the best possible gloss for the Post Office on matters, and some of his statements simply did not stand scrutiny.”

“Her [a senior Post Office witness] judgment also seems to have been uniquely exercised to paint the Post Office in the most favourable light possible, regardless of the facts.”

But is the Post Office instead harming its reputation by seeking to remove the judge which extends the length of the trials and adds to costs? Will this tweet yesterday afternoon from a postmaster prove typical of the reactions of current sub-postmasters?

Financial journalist Paul Lewis who presents BBC Radio 4’s “Moneybox” has described the Horizon IT controversy as a “real scandal“.  MPs have described the Post Office’s actions as a “national scandal”.

During the High Court trials, the Post Office has depicted sub-postmasters who are witnesses in the case as liars and has accused a High Court judge of bias. It criticised its own forensic accountants Second Sight who produced a report that, in part, supported some of the sub-postmasters who had complained about losses on the Horizon system being computer-generated and not actual losses.

Is the Post Office’s reputation being further harmed because, as a public institution, it has an in-built resistance to admitting it could ever have been wrong?

Excellent blog post by Computer Weekly’s editor in chief

postofficetrial – Nick Wllis’ blog

Computer Weekly’s trial coverage