Skip to main content

The Great Post Office Scandal

 

The Great Post Office Scandal by Nick Wallis is a depressing, dispiriting, and disheartening read. For anyone that cares about fairness and ethics in the relationship that business and technology has with individuals and wider society, at least.

As a software tester working in the healthcare sector who has signed up to the ACM code of ethics through my membership of the Association for Software Testing I put myself firmly in that camp.

Wallis does extraordinarily well to weave a compelling and readable narrative out of a years-long story with a large and constantly-changing cast and depth across subjects ranging from the intensely personal to extremely technical, and through procedure, jurisprudence, politics, and corporate governance.

I won't try to summarise that story here (although Wikipedia takes a couple of stabs at it) but I'll pull out a handful of threads that I think testers might be interested in:

The unbelievable naivety which lead to Horizon (the system at the heart of the scandal) being asserted to be working correctly on numerous occasions despite its huge size and complexity.

The extent to which this assertion is not questioned despite reports to the contrary and the sheer scale of the implementation and the number of transactions being processed making it statistically extremely unlikely even without the reports. 

The lack of visibility, oversight and audit trail for significant remote administrative operations on the local Horizon systems at local post offices.

The revelation that since 1999 in the UK there is a legal assumption that "mechanical instruments" are functional. This appears to include hardware, communications, and software systems of arbitrary complexity and so if "an IT system seemed to be working as it should, a defendant would have to prove that it wasn't" (page 122. I tried to look up the relevant change to legislation and think that this amendment is the one in which computer evidence becomes admissible without having to prove "proper use and operation.")

The unwillingness of the Post Office to look at, or even for, patterns in evidence that clearly pointed to a systemic issue with Horizon.

The power imbalance between those at the sharp end of the system, the practitioners with ground truth experience of its behaviour, and those with a vested interest in believing that there were no problems.

The dysfunctional arrangement between the Post Office and Fujitsu, the producer of the Horizon system. Contractually, the Post Office was discouraged from asking questions because it had to pay for each one and Fujitsu was discouraged from disclosing issues because of financial penalties.

The potential for distorted priorities when a contractor is building a system for a customer who is not the primary user and whose motivations are not aligned with those of the users.

The pre-existing disdain that the Post Office appeared to have for its sub-postmasters who run local post offices but are self-employed, and the callous way in which it pursued them aggressively through the courts for phantom losses.

The ways in which organisations can favour actions which appear to reduce their pain now, despite the multiplying risk of massive pain later and the collateral damage to those outside the organisation. When in the hole, don't just keep on digging: get a bigger spade.

The insufficiency of presenting the relevant data to the relevant people, sometimes. To be heard, a messenger might also need to create a context in which the relevant people are forced to listen. This is a social task and one that may involve pushing against considerable inertia.

The fact that all of this was done by people who, on the whole, would probably regard themselves as ethical individuals.
Image: Amazon

Labels

Labels:

Comments

Robert Day said…
I'm reading this at the moment, too. I share your reactions.

The other thing that this brings home to me - which no-one seems to have yet thought through - is the level of risk for Post Office and Fujitsu senior managers (and some middle managers too) of prosecution for the crimes of Perjury and Conspiracy to pervert the course of Justice. Both of these could run the risk of very senior people being handed down custodial sentences. That'll mar some LinkedIn profiles, and no mistake.
September 5, 2022 at 8:34 AM
James Christie said…
Good review of an excellent book about an important topic for software testers. You are correct that it was the repeal of section 69 of the Police and Criminal Evidence Act 1984 that established the current position in England & Wales, that computer evidence should be presumed to be reliable. I wrote about this in 2020 in the Digital Evidence and Electronic Signature Law Review.
https://journals.sas.ac.uk/deeslr/article/view/5226
November 18, 2022 at 9:31 PM

Post a Comment

Popular posts from this blog

Meet Me Halfway?

  The Association for Software Testing is crowd-sourcing a book,  Navigating the World as a Context-Driven Tester , which aims to provide  responses to common questions and statements about testing from a  context-driven perspective . It's being edited by  Lee Hawkins  who is  posing questions on  Twitter ,   LinkedIn , Mastodon , Slack , and the AST  mailing list  and then collating the replies, focusing on practice over theory. I've decided to  contribute  by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "Stop answering my questions with questions." Sure, I can do that. In return, please stop asking me questions so open to interpretation that any answ...
Post a Comment
Read more

The Best Programmer Dan Knows

  I was pairing with my friend Vernon at work last week, on a tool I've been developing. He was smiling broadly as I talked him through what I'd done because we've been here before. The tool facilitates a task that's time-consuming, inefficient, error-prone, tiresome, and important to get right. Vern knows that those kinds of factors trigger me to change or build something, and that's why he was struggling not to laugh out loud. He held himself together and asked a bunch of sensible questions about the need, the desired outcome, and the approach I'd taken. Then he mentioned a talk by Daniel Terhorst-North, called The Best Programmer I Know, and said that much of it paralleled what he sees me doing. It was my turn to laugh then, because I am not a good programmer, and I thought he knew that already. What I do accept, though, is that I am focussed on the value that programs can give, and getting some of that value as early as possible. He sent me a link to the ta...
Post a Comment
Read more

Can Code, Can't Code, Is Useful

The Association for Software Testing is crowd-sourcing a book,  Navigating the World as a Context-Driven Tester , which aims to provide  responses to common questions and statements about testing from a  context-driven perspective . It's being edited by  Lee Hawkins  who is  posing questions on  Twitter ,   LinkedIn , Mastodon , Slack , and the AST  mailing list  and then collating the replies, focusing on practice over theory. I've decided to  contribute  by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "If testers can’t code, they’re of no use to us" My first reaction is to wonder what you expect from your testers. I am immediately interested ...
Post a Comment
Read more

Beginning Sketchnoting

In September 2017 I attended  Ian Johnson 's visual note-taking workshop at  DDD East Anglia . For the rest of the day I made sketchnotes, including during Karo Stoltzenburg 's talk on exploratory testing for developers  (sketch below), and since then I've been doing it on a regular basis. Karo recently asked whether I'd do a Team Eating (the Linguamatics brown bag lunch thing) on sketchnoting. I did, and this post captures some of what I said. Beginning sketchnoting, then. There's two sides to that: I still regard myself as a beginner at it, and today I'll give you some encouragement and some tips based on my experience, to begin sketchnoting for yourselves. I spend an enormous amount of time in situations where I find it helpful to take notes: testing, talking to colleagues about a problem, reading, 1-1 meetings, project meetings, workshops, conferences, and, and, and, and I could go on. I've long been interested in the approaches I've evol...
3 comments
Read more

Don't Know? Find Out!

In What We Know We Don't Know , Hillel Wayne crisply summarises a handful of research findings about software development, describes how the research is carried out and reviewed and how he explores it, and contrasts those evidence-based results with the pronouncements of charismatic thought leaders. He also notes how and why this kind of research is hard in the software world. I won't pull much from the talk because I want to encourage you to watch it. Go on, it's reasonably short, it's comprehensible for me at 1.25x, and you can skip the section on Domain-Driven Design (the talk was at DDD Europe) if that's not your bag. Let me just give the same example that he opens with: research shows that most code reviews focus more on the first file presented to reviewers rather than the most important file in the eye of the developer. What we should learn: flag the starting and other critical files to receive more productive reviews. You never even thought about that possi...
Post a Comment
Read more

How do I Test AI?

  Recently a few people have asked me how I test AI. I'm happy to share my experiences, but I frame the question more broadly, perhaps something like this: what kinds of things do I consider when testing systems with artificial intelligence components .  I freestyled liberally the first time I answered but when the question came up again I thought I'd write a few bullets to help me remember key things. This post is the latest iteration of that list. Caveats: I'm not an expert; what you see below is a reminder of things to pick up on during conversations so it's quite minimal; it's also messy; it's absolutely not a guide or a set of best practices; each point should be applied in context; the categories are very rough; it's certainly not complete.  Also note that I work with teams who really know what they're doing on the domain, tech, and medical safety fronts and some of the things listed here are things they'd typically do some or all of. Testing ...
Post a Comment
Read more

Express, Listen, and Field

Last weekend I participated in the LLandegfan Exploratory Workshop on Testing (LLEWT) 2024, a peer conference in a small parish hall on Anglesey, north Wales. The topic was communication and I shared my sketchnotes and a mind map from the day a few days ago. This post summarises my experience report.  Express, Listen, and Field Just about the most hands-on, practical, and valuable training I have ever done was on assertiveness with a local Cambridge coach, Laura Dain . In it she introduced Express, Listen, and Field (ELF), distilled from her experience across many years in the women’s movement, business, and academia.  ELF: say your key message clearly and calmly, actively listen to the response, and then focus only on what is relevant to your needs. I blogged a little about it back in 2017 and I've been using it ever since. Assertiveness In a previous role, I was the manager of a test team and organised training for the whole ...
Post a Comment
Read more

Software Sisyphus

The Association for Software Testing is crowd-sourcing a book,  Navigating the World as a Context-Driven Tester , which aims to provide  responses to common questions and statements about testing from a  context-driven perspective . It's being edited by  Lee Hawkins  who is  posing questions on  Twitter ,   LinkedIn , Mastodon , Slack , and the AST  mailing list  and then collating the replies, focusing on practice over theory. I've decided to  contribute  by answering briefly, and without a lot of editing or crafting, by imagining that I'm speaking to someone in software development who's acting in good faith, cares about their work and mine, but doesn't have much visibility of what testing can be. Perhaps you'd like to join me?   --00-- "How can I possibly test 'all the stuff' every iteration?" Whoa! There's a lot to unpack there, so let me break it down a little: who is suggesting that "al...
Post a Comment
Read more

Not a Happy Place

  A few months ago I stopped having therapy because I felt I had stabilised myself enough to navigate life without it. For the time being, anyway.  I'm sure the counselling helped me but I couldn't tell you how and I've chosen not to look deeply into it. For someone who is usually pretty analytical this is perhaps an interesting decision but I knew that I didn't want to be second-guessing my counsellor, Sue, or mentally cross-referencing stuff that I'd researched while we were talking. And talk was what we mostly did, with Sue suggesting hardly any specific tools for me to try. One that she did recommend was finding a happy place to visualise, somewhere that I could be out of the moment for a moment to calm disruptive thoughts. (Something like this .) Surprisingly, I found that I couldn't conjure anywhere up inside my head. That's when I realised that I've always had difficulty seeing with my mind's eye but never called it out. If I try to imagine ev...
1 comment
Read more

Why Question?

Questions are a powerful testing tool and, like any tool, can be used in different ways in different scenarios with different motivations and different results. A significant part of my role is generating questions and I will generally have a lot of them. I will rarely ask them all, though, and I've put a lot of time and effort into learning to be comfortable with that. A couple of examples: I was in a meeting this week where the technical conversation was too deep for me to give a perspective from a position of knowledge. I could have disengaged, but I didn't. Instead, I asked occasional questions, not wanting to derail the discussion or disrupt the flow. Some were detail questions, to help grow my understanding. Some were scoping questions, to help understand motivations. The one that really landed, however, was about the focus of the meeting. Although I couldn't contribute at a low level, I understood enough to suspect that we were not discussing the key problem tha...
Post a Comment
Read more