48 comments

[ 3.6 ms ] story [ 47.6 ms ] thread
(comment deleted)

  Another post office operator, Seema Misra, was pregnant when she was sent to prison. She said in testimony that the local newspaper had published a photo of her and labeled her the "pregnant thief." While she was in prison, her husband was beaten up and subjected to racist insults, she testified.
The tidal wave of fascist & far-right grievances are so hard to contain and fight against in the moment. Multi-cultural societies everywhere are never getting rid of it, are they?
I have followed this scandal quite closely over the years, and these two quotations sum it up. Pretty sad:

"The report alleges that even before the program was rolled out in 1999, some Fujitsu employees knew that Horizon could produce false data."

"As the years went by the complaints grew louder and more persistent [...] Still the Post Office trenchantly resisted the contention that on occasions Horizon produced false data."

To the NY Times: please don't say they died by suicide. The passive voice makes it sound like some act of God, something regrettable but unavoidable that just somehow happened. It's important not to sugarcoat what happened: the postmasters killed themselves because the British state was imprisoning them for crimes they didn't commit, based on evidence from a buggy financial accounting system. Don't blur the details of what happened by making it sound like a natural disaster.

Horizon is the case that should replace Therac-25 as a study in what can go wrong if software developers screw up. Therac-25 injured/killed six people, Horizon has ruined hundreds of lives and ended dozens. And the horrifying thing is, Horizon wasn't something anyone would have previously identified as safety-critical software. It was just an ordinary point-of-sale and accounting system. The suicides weren't directly caused by the software, but from an out of control justice and social system in which people blindly believed in public institutions that were actually engaged in a massive deep state cover-up.

It is reasonable to blame the suicides on the legal and political system that allowed the Post Office to act in that way, and which put such low quality people in charge. Perhaps also on the software engineer who testified repeatedly under oath that the system worked fine, even as the bug tracker filled up with cases where it didn't. But this is HN, so from a software engineering perspective what can be learned?

Some glitches were of their time and wouldn't occur these days, e.g. malfunctions in resistive touch screens that caused random clicks on POS screens to occur overnight. But most were bugs due to loss of transactionality or lack of proper auditing controls. Think message replays lacking proper idempotency, things like that. Transactions were logged that never really occurred, and when the cash was counted some appeared to be missing, so the Post Office accused the postmasters of stealing from the business. They hadn't done so, but this took place over decades, and decades ago people had more faith in institutions than they do now. And these post offices were often in small villages where the post office was the center of the community, so the false allegations against postmasters were devastating to their social and business lives.

Put simply - check your transactions! And make sure developers can't rewrite databases in prod.

Suicide is a verb and result by itself. Would the author also say “he died by murder”?
What a horrible story.

What can you do when you know you are innocent but the court trusts the software more than it trusts people? And you are asked to repay something you never stole which off course leads to your financial ruin/divorce/... your kids bullied because you as a parent were deemed a thief... Imagine your spouse leaving you because of something you didn't even do...

Someone absolutely needs to go to jail over this. This kind of software is supposed to go through a lengthy compliance and certification process, so clearly whatever person put their signature on that "certified" document is responsible for these death.

The four-part mini-series Mr Bates vs The Post Office is worth checking out:

> A faulty IT system called Horizon, developed by Fujitsu, creates apparent cash shortfalls that cause Post Office Limited to pursue prosecutions for fraud, theft and false accounting against a number of subpostmasters across the UK. In 2009, a group of these, led by Alan Bates, forms the Justice for Subpostmasters Alliance. The prosecutions and convictions are later ruled a miscarriage of justice at the conclusion of the Bates & Others v Post Office Ltd judicial case in 2019.[4][5]

* https://en.wikipedia.org/wiki/Mr_Bates_vs_The_Post_Office

(comment deleted)
I thought British legal system and computer forensics were serious but this case is just a travesty of justice.
The failing is as much with the court as it is with Fujitsu. Why did they blindly accept Horizon’s data as evidence? What if the computer said the Queen stole all the money and ran off to Barbados, would they have thrown her in jail? Why was the output of a black box, which may as well have been a notebook Fujitsu could have written anything they wanted into, treated as gospel?
What was the actual bug in the software that caused the accounting errors?
I'd love to see a technical analysis of what went wrong with the software and what to do about it. Similar to when airplanes crash etc... This is another case like Therac-25 that should be tought in every IT master class.
The inquiry into this scandal was live streamed on Youtube.

You had lawyers quizzing people from all ranks of the Post Office and Fujistu; very interesting.

Ever since, I’ve worded my work related electronic communications with the supposition that a lawyer may read them at some point in the future.

If I’m ever asked to do something seemingly unusual or ‘out of the box’, it must be put to me in writing.

As someone who attempted suicide almost ten years ago, I'm disheartened by how cold-hearted the comments on this article are. Accusations of certain wording being "woke" or "PC" and completely ignoring the substance of the article itself, as if the wording were the tragedy here. If we must have this discussion, I stopped using the phrase "committed suicide" when I found out it was a relic of when it was illegal and stigmatized by the justice system. I prefer "died by suicide", and I appreciate when others use it too. Not in the sense that I will correct people when they say committed (because most people, the ones in this comment section excepted, don't know the origins), but rather "oh hey, that person knows about this, and they care too."
People should go to jail for this.

Anyone who has worked on a large migration eventually lands on a pattern that goes something like this:

1. Double-write to the old system and the new system. Nothing uses the new system;

2. Verify the output in the new system vs the old system with appropriate scripts. If there are issues, which there will be for awhile, go back to (1);

3. Start reading from the new system with a small group of users and then an increasingly large group. Still use the old system as the source of truth. Log whenever the output differs. Keep making changes until it always matches;

4. Once you're at 100% rollout you can start decomissioning the old system.

This approach is incremental, verifiable and reversible. You need all of these things. If you engage in a massive rewrite in a silo for a year or two you're going to have a bad time. If you have no way of verifying your new system's output, you're going to have a bad time. In fact, people are going to die, as is the case here.

If you're going to accuse someone of a criminal act, a system just saying it happened should NEVER be sufficient. It should be able to show its work. The person or people who are ultimately responsible for turning a fraud detection into a criminal complaint should themselves be criminally liable if they make a false complaint.

We had a famous example of this with Hertz mistakenly reporting cars stolen, something they ultimately had to pay for in a lawsuit [1] but that's woefully insufficient. It is expensive, stressful and time-consuming to have to criminally defend yourself against a felony charge. People will often be forced to take a plea because absolutely everything is stacked in the prosecution's favor despite the theoretical presumption of innocence.

As such, an erroneous or false criminal complaint by a company should itself be a criminal charge.

In Hertz's case, a human should eyeball the alleged theft and look for records like "do we have the car?", "do we know where it is?" and "is there a record of them checking it in?"

In the UK post office scandal, a detection of fraud from accounting records should be verified by comparison to the existing system in a transition period AND, moreso in the beginning, double checking results with forensic accountants (actual humans) before any criminal complaint is filed.

[1]: https://www.npr.org/2022/12/06/1140998674/hertz-false-accusa...

This was depressing to read. Failures at so many levels.

1. Immediately after Horizon was rolled out, issues were reported. But ignored

2. Prosecutors didn't bother to verify if there is another explanation before accusing thousands of people of stealing? Isn't it common sense to pause for a second and think, "could we please double check the evidence? how can thousands of postal workers suddenly turn into thieves?"

3. local newspaper had published a photo of her and labeled her the “pregnant thief.” - of course, UK tabloids. Click baits and write whatever the fuck they want, no matter whose lives are destroyed

4. post office has said that it does not have the means to provide redress for that many people - so they have the means to falsely prosecute and destroy the lives of thousands of people, but they don't have the means to correct their blunders?

This happened more than a decade ago. Citizens are expected to do everything on time (pay taxes, renew drivers license...) or get fined/jailed, but the government can sit on their butt for 10 YEARS and do nothing about a blunder they caused?

What about Fujitsu? Why can't the government make Fujitsu pay for the destruction caused by their shitty software?

Jeez. This is just fucking nuts

>Failures at so many levels.

Describes pretty much the vast majority of people. All groups/institutions/enterprises made of such people will follow a similar path. Point being - there is no hope.

What is amazing is the engineers the Fujitsu employed would testify in court against some of the subpostmasters saying "there were no faults" where in unearthed evidence of their support logs they could be clearly acknowledging bugs that could create false accounts, manually updating records and audit logs to balance it out (and also sometimes screwing that up).

See Nick Wallis' coverage: * https://www.postofficetrial.com/2019/03/the-smoking-gun.html * https://www.postofficescandal.uk/post/ecce-chambers/

> [Anne] Chambers closed the ticket with a definitive: “No fault in product”.

> The cause of the defect was assigned to “User” – that is, the Subpostmaster.

> When Beer asked why, Chambers replied: “Because I was rather frustrated by not – by feeling that I couldn’t fully get to the bottom of it. But there was no evidence for it being a system error.”

...

> Chambers conceded: “something was obviously wrong, in that the branch obviously were getting these discrepancies that they weren’t expecting, but all I could see on my side was that they were apparently declaring these differing amounts, and I certainly didn’t know of any system errors that would cause that to happen, or that would take what they were declaring and not record it correctly…. so I felt, on balance, there was just no evidence of a system error.”

> No evidence. [Sir Wyn] Williams pointed out that it surely was unlikely to be a user error if both trainers and auditors had recorded the Subpostmaster as inputting information correctly. Chambers replied:

> “Well, yeah, I… yes, I don’t know why… I’m not happy with this one. But I still stand by there being no indication of a system error and the numbers that they were recording just didn’t make a lot of sense.”

Effectively tortured to death.

One of the things that frustrates me with how ethics is taught in computer science is that we use examples like Therac 25, and people listen in horror, then their takeaway is frequently "well thank god I don't work on medical equipment".

The fact that it's medical equipment is a distraction. All software can cause harm to others. All of it. You need to care about all of it.