advertisement


Mr Bates vs the Post Office

raysablade said:
That is likely to be necessary in certain well defined circumstances. Failing to keep a record of what was done and why and also have a series of logged events on the audit trail to link that back to that activity is unacceptable in any critical business system.

That reports from the system would go on to be used as the only evidence for a criminal prosecution is astonishing.
Click to expand...

Pretty sure the guy, Richard Rolls, said they (FE) made changes to the accounts ie the Fujitsu engineers changed the amounts in the sub post masters accounts and so the changes would happen overnight ie £1000 shortfall appeared like magic from one day to the next, in fact one of the sub postmasters said the shortfall started at £2000 then they called the helpline who advised him or her to do this and that and within 30 minutes of being the phone to the helpline the shortfall had risen to £4000.

"The second episode of the series, which is available on ITV Player, depicted a scene that left viewers ‘sickened.’ It revealed how Fujitsu, hired by the Post Office, remotely altered subpostmasters’ financial figures without their knowledge. The shocking revelation contradicted the Post Office’s prosecution strategy, which asserted that no one could access the tills without the subpostmasters’ awareness.

Former Fujitsu engineer Richard Roll, a whistleblower who exposed remote access to accounts in 2015, was part of a team of 30 engineers with access to terminals remotely. The mounting pressure from Bates’ Justice For Subpostmasters Alliance (JFSA) group, backed by several MPs, prompted the Post Office to launch an independent investigation."

pembrokeshire-herald.com

ITV drama unveils shocking Fujitsu revelations in Post Office scandal

VIEWERS in Pembrokeshire were left in disbelief during the latest episode of the gripping ITV drama, “Mr Bates vs The Post Office,” which shed light on the alleged tampering of the secure £1 billion IT system by Fujitsu staff. The series, based on the real-life saga of postmaster Alan Bates...
pembrokeshire-herald.com pembrokeshire-herald.com

 
Sue Pertwee-Tyr said:
Not really, IMHO. A Royal Pardon can be perceived in some circles as 'you did it, but are forgiven' rather than quashing an unsafe conviction, which is what needs to happen here.
Click to expand...
I wonder how quashed convictions are treated under the ROA. Wouldn't surprise me at all if it makes no difference to the criminal "status" of the convicted. The UK just loves not allowing people to move on.
 
raysablade said:
That is likely to be necessary in certain well defined circumstances. Failing to keep a record of what was done and why and also have a series of logged events on the audit trail to link that back to that activity is unacceptable in any critical business system.

That reports from the system would go on to be used as the only evidence for a criminal prosecution is astonishing.
Click to expand...
I wouldn't be at all surprised if the system didn't have a logging system of any kind on it. Todays practices of audit trails, session logging etc on IT systems are a relatively modern thing. For example, we didn't even implement usernames/login on a large international telephone switch until the early 90's in one job I had, and I'm talking about at a VERY large telecommunications operator. I wouldn't be at all shocked to learn that the post masters just turned on their terminals and had immediate access, or that the Fujitsu employees simply had to ring the modem of the individual post offices system to do the same (or at best they used a universal username/password, so nothing could ever be traced to a given individual - very likely that username/password was also known to PO IT staff as well).
 
By the way - the use of the term "backdoor" is highly likely to be sensationalism. A remote log in capability is standard practice for support purposes in nearly all IT systems and maintenance agreements. Everybody knows they exist and there is zero subtefuge involed. A backdoor is by definition a secret access, that is deliberately hidden in such a way that anyone looking to secure system access is unaware of it's presence. It's often hardcoded in to the software and so doesn't appear in any configuration setting that any level of administrator etc can see.
 
gez said:
I wouldn't be at all surprised if the system didn't have a logging system of any kind on it. Todays practices of audit trails, session logging etc on IT systems are a relatively modern thing. For example, we didn't even implement usernames/login on a large international telephone switch until the early 90's in one job I had, and I'm talking about at a VERY large telecommunications operator. I wouldn't be at all shocked to learn that the post masters just turned on their terminals and had immediate access, or that the Fujitsu employees simply had to ring the modem of the individual post offices system to do the same (or at best they used a universal username/password, so nothing could ever be traced to a given individual - very likely that username/password was also known to PO IT staff as well).
Click to expand...
I'd be very surprised if an audit trail wasn't at least in the design of what was essentially an accounting system recording billions in cash transactions. When this started millions of pensioners were still getting paid in cash over the counter.
 
Reading a great column by Ian Birrell in the ‘I’, oh dear Ed Davey, best resign now. As I’ve said many times the Libs really are worse than the Tories.

The whole thing is a massive scandal & there should be a thorough reckoning on just who knew what in the Postal Service. There has obviously been a big cover up by subsequent management teams.
 
raysablade said:
I'd be very surprised if an audit trail wasn't at least in the design of what was essentially an accounting system recording billions in cash transactions. When this started millions of pensioners were still getting paid in cash over the counter.
Click to expand...
Not impossible of course. I was just highlighting that actual logging (by the systems themselves), rather than manually logged audit trails done by humans etc is a reasonably new thing. 30 years ago security was far down the list of priorities when it came to system design, certainly in comparison to today. Hell I've worked on systems that were only developed 10 years ago and they were only updated in the last couple years to audit user sessions etc.
 
gez said:
By the way - the use of the term "backdoor" is highly likely to be sensationalism. A remote log in capability is standard practice for support purposes in nearly all IT systems and maintenance agreements. Everybody knows they exist and there is zero subtefuge involed. A backdoor is by definition a secret access, that is deliberately hidden in such a way that anyone looking to secure system access is unaware of its ell it was secret presence. It's often hardcoded in to the software and so doesn't appear in any configuration setting that any level of administrator etc can see.
Click to expand...

Well it was a secret backdoor as far as the SPM’s were concerned the PO only admitted there was access four different ways in 2015 or thereabouts previously they denied there was access by anyone they maintained that only the SPMs or the PMs had access.
 
  • Like
Reactions: gez
gez said:
Not impossible of course. I was just highlighting that actual logging (by the systems themselves), rather than manually logged audit trails done by humans etc is a reasonably new thing. 30 years ago security was far down the list of priorities when it came to system design, certainly in comparison to today. Hell I've worked on systems that were only developed 10 years ago and they were only updated in the last couple years to audit user sessions etc.
Click to expand...

The Fujitsu engineers, according to Richard Rolls, were changing the amounts manually in the PM/SPMs accounts because they had to otherwise the system didn’t work.

The thing was riddled with bugs, all three versions of it.

That judgement that I posted above contains all of the known bugs, in the appendix, the entire judgement runs to about 500 paragraphs.

Basically, as others on here have pointed out, people had their hands in the till (900 prosecutions from 1991) so they brought out this system to catch the thieves it was basically an asset recovery process.
 
  • Like
Reactions: gez
It strikes me that the victims picked upon worked alone, or with a standby/assistant.

At my local Post Office there are at least 6 staff, so I don't see how the Vennals henchmen could pin a prosecution on all of them.

Yet presumably they were working with the same bugged system.
 
Minio said:
It strikes me that the victims picked upon worked alone, or with a standby/assistant.

At my local Post Office there are at least 6 staff, so I don't see how the Vennals henchmen could pin a prosecution on all of them.

Yet presumably they were working with the same bugged system.
Click to expand...

The investigators basically said either you (SPM/PM) stole the money, you made a mistake or someone else (staff) stole it.

They had no intention of pinning it on anyone it was just basically about getting the money back, as far as they were concerned it didn't matter who stole the money or who had made the mistake the only person responsible for paying it back was the SPM/PM or whoever had signed the contract.
 
Last edited:
The Times view on the Post Office scandal: System Failure

www.thetimes.co.uk

The Times view on the Post Office scandal: System Failure

Ministers continue to reward Fujitsu despite its role in the Horizon affair. It is time the firm was made to pay its share of compensation
www.thetimes.co.uk www.thetimes.co.uk

Optimistic thinking IMO. The contractor never warrants 100%. Plus, it shows a big naivety on the author to think anyone but the original programmers could pick up the pieces if Fujitsu were binned off. I guess TUPE or whatever might apply but it’d be a mess. This comment nails it:

 
Jubal said:
Optimistic thinking IMO. The contractor never warrants 100%. Plus, it shows a big naivety on the author to think anyone but the original programmers could pick up the pieces if Fujitsu were binned off. I guess TUPE or whatever might apply but it’d be a mess. This comment nails it:

Click to expand...
There's a qualitative difference between not being liable for the consequences of faulty software, and being complicit in a cover up. The fact that it was denied, for years, that anybody had remote access to SPM's Horizon systems, is at the heart of this. The fact that Fujitsu had a covert facility entering these systems and making changes (did it not occur to anybody that tweaking the numbers in an accounting package might show up elsewhere?), and maintaining the fiction that this never happened, and the fiction that nobody else was experiencing the problems, puts them right back on the hook for a big chunk of the responsibility for this, IMHO.
 
Reports in the Independent today about a postmaster in a tiny PO 'losing' £44k - several months' turnovern - and being forced to pay it back. By then the PO must have known Horizon was the issue. Doesn't that equate to extortion?
 
hc25036 said:
Reports in the Independent today about a postmaster in a tiny PO 'losing' £44k - several months' turnovern - and being forced to pay it back. By then the PO must have known Horizon was the issue. Doesn't that equate to extortion?
Click to expand...
There has been some talk about the police investigating the PO for fraud. ISTM that if the PO knows the funds are not a genuine shortfall, but an accounting glitch, covers up the knowledge, and then demands funds from the SPM on a false premise, that does, or at least, should, amount to fraud. It's using false representations to acquire money you are not legally entitled to, from somebody who does not owe it to you, for your own gain.
 
You must log in or register to reply here.


advertisement


Back
Top