Post Office CTO had 'nagging doubts' about Horizon system despite reliability assurances

The former CTO of the Post Office had "nagging doubts" about the Horizon system at the center of one of the most far-reaching miscarriages of justice in UK history, yet he continued to sign off statements to MPs attesting to its security and reliability.

Horizon is an EPOS and back-end finance system for thousands of Post Office branches around the UK, first implemented by ICL, a technology company later bought by Fujitsu. From 1999 until 2015, around 736 subpostmasters and subpostmistresses were wrongfully convicted of fraud when errors in the system were to blame. A statutory inquiry into the mass miscarriage of justice launched in 2021 is ongoing.

During questioning at the Post Office Horizon IT inquiry this week, former IT boss Mike Young agreed it was his responsibility to make sure that what was said to Parliament was absolutely accurate, even though he had no personal contact with MPs about the Horizon system.

Young agreed he was aware of the "robust stance" on Horizon's reliability and security that the Post Office wanted to communicate to the government department responsible and its minister, Ed Davey, after his meeting with Sir Alan Bates, the subpostmaster who led the Justice For Subpostmasters Alliance (JFSA).

Flora Page, the lawyer representing former subpostmasters Lee Castleton and Seema Misra in the inquiry, suggested Young "didn't bother to find out" whether information given to MPs was accurate.

Young said he thought the stance was accurate based on information provided by Fujitsu and his own team.

However, in 2011, as "heat" from the media, campaigners, and MPs built, he said he started to have doubts.

"At the point that you've got more and more subpostmasters... it grew... the JFSA, saying the system was wrong. If you didn't have that nagging doubt, you've got a bit of a problem. It acts almost as a conscience check. What I said and maintained [was] I saw nothing in the Horizon system beyond what was in rollout, and then some of the change activities and the hardware failures that suggested Horizon was doing anything but what it was prescribed to do, and it certainly was within its SLAs, and where there were failings, they were highlighted."

Young said his opinion changed as evidence emerged in the Second Sight report [PDF], commissioned in 2012 to investigate problems with Horizon. The report identified system issues that caused account imbalances, and said the Post Office was focused on recovering the money and prosecuting subpostmasters rather than finding the cause of the problem.

A second report in 2015 said the system could produce errors due to faulty or outdated equipment, communication errors, and lack of security.

As of 2011, Young told the inquiry this week, he became worried about issues around who could access and change account data in the system.

"I've no doubt about that because I thought that might be better policed, but it was addressed in a relatively short timescale," he said. "It's only with the hindsight of this inquiry and some of what I've learnt from the Second Sight Report that I now know, through that benefit, that some of the audit logging... wasn't as locked down as best practice would indicate and it was open to abuse."

However, Page maintained that in 2011 senior managers who were sending responses to the media attesting to the robustness and security in the Horizon system were the same people who had received a December 2010 email from Lynn Hobbs, the organization's general manager of network support, saying she had discovered that Fujitsu could put an entry into a branch account remotely.

Young responded: "We have to be careful about how we use our language. A backdoor is, for me, as for most people in tech... well, then there was no backdoor as far as I was concerned at this point."

The inquiry continues. ®