April 27, 2021 and a day earlier than I wanted to send another episode out, but this one matters to me.
Housekeeping: if you’re interested in (and able to) support my writing and would like to subscribe, you can do so by visiting https://newsletter.danhon.com and entering your email address — even if you’re an existing subscriber — and you’ll be taken to a page where you can do a paid subscription.
TW/CW and note: the language used around suicide has been changed from an earlier version. Thank you to the reader who reminded me. If you are in crisis, in the U.S. you can contact the Suicide Prevention Hotline and in the U.K., the Samaritans.
Only one thing today: about the UK Post Office’s Horizon IT scandal.
I wrote very briefly last episode about Horizon, the UK Post Office’s IT modernization effort and at the request of Jennifer Pahlka, I’m going to go into a little more about it here.
I’m going to learn and write about five things for this piece:
This became the Benefits Payment Card project, and a contract was awarded to Pathway, a subsidiary of ICL, a technology contractor, in May 1996.
It’s important to note the priorities of the project, summarized by the National audit office as:
providing a fraud-free method of paying benefits that was a) automated, b) was cheaper, and c) continually reduced costs every year;
automating the Post Office’s transactions for “other customers”, automating products and support processes to improve competitiveness, increase efficiency, and “enable greater commercial opportunities”;
make reconciling benefits payments “full and speedy”; and
provide “improved service” to the Post Office and the Benefits Agency
I’ll just call it as it is and say that the above is a magical goddamn laundry list, and the equivalent of “computers will make everything, literally everything, better”. There isn’t much that isn’t included in the above project objectives. Any one of these projects is complicated.
Oh, and do it all by 1999, 3 years after the contract was awarded.
Good news! By October 1996, just 5 months after contract award, “a limited version of the system” — 10 Post Offices, and paying one benefit (Child Benefit). This eventually got extended to 205 post offices, but hey guess what: at the time, there were 19,000 post offices, and see if you can guess how long the 1996-era contract assumed it would take to roll out a live trial of the full system to all 19,000 post offices? Go on. See if you can guess.
Ten months. TEN MONTHS!
But, in a level of understatement I can only aspire to, the NAO says “designing and developing a fully functional system proved much more complex and took much more longer than expected”.
Yadda yadda yadda, the customers (the Benefits Agency and the Post Office) and the vendor decided it would be for the best if they came up with a new schedule (no doubt necessitating putting another finger in the wind and guessing), and, I don’t know, tried harder to do the impossible.
Doing the impossible is, well, it’s in the name: impossible. There’s a notice of breach of contract served by the customer, the vendor counter-sues, and then you’ll be shocked to learn that the project was going to have to “increase prices by 30 percent” or “extend the contract by five years and raise prices by five per cent”.
Refereeing this mess involved the Treasury (the money), the Department of Trade and Industry (the sponsor of the post Office), and the Prime Minister’s office because of course by now the project was very embarassing.
Oh, and by the way: in 1997, shortly after the contract was awarded, there was a change in administration and 18 years of Conservative government ended, bringing in New Labour.
In May 1999 (3 years after contract award, 24 months after the entire and about the project was descoped, and better to do that than lose face and cancel the whole thing. Instead: no smartcard but still “automate the Post Office”, make benefits payments by bank transfer, instead of via a card, let people still collect cash, and make special arrangements for those who don’t have a bank account.
The whole contract is effectively cancelled anyway with the descoping.
That’s just the first part of the project! Business as usual for a large, PR-driven, wildly unrealistic technology project designed to make everything better and with (from this point of view), lofty and undefined goals.
Here’s what happened after Horizon, the name of the IT system developed by ICL/Fujitsu, started to be used. This part is summarized from Post Office Trial:
Horizon is like a combination EPOS/EFTPOS/ERP system for the Post Office. It’s used by all of the post office branches (all 19,000 of them, and 60,000-odd staff).
So if Horizon says the balance and accounts of the post office branch you run are off, well… they’re off. “If Horizon says you should £80,000 worth of cash and stock and you only have £50,000, the Post Office considered you owed them £30,000.”
Unsurprising surprise: Horizon has bugs in it that result in discrepancies like this.
Unsurprising surprise 2: management and bureaucracy either fail to recognize, or are institutionally unable to recognize that its IT system could possibly have any faults.
Unsurprising surprise 3: management act as if these discrepancies are clearly somebody else’s fault.
If you’re an employee faced with this discrepancy, you have a few choices:
refuse to sign off on accounts you know you’re wrong (you end up being sidelined, so not great for your career);
pay back the money you know isn’t missing;
Or you have a fourth choice. You could sign off on accounts that you know inside aren’t right. The Post Office “called this false accounting”.
That’s when this got worse. The Post Office prosecuted (criminal charges) these subpostmasters who didn’t make good large discrepancies. “This was done on IT evidence alone, without proof of criminal intent” (my emphasis. Convictions meant the Post Office could seize assets and effectively put people into bankruptcy.
These prosecutions and convictions started in 2003.
The case,Hamilton & Others -v- Post Office Limited  EWCA Crim 577 has both the summary (4 pages) and full judgment (92 pages) available (as PDFs, natch, and hosted on a Wordpress site! Gotta love those wp-content URLs).
Here’s key examples of management behavior from the summary of the judgment:
The Post Office “knew there were serious issues about the reliability of Horizon”, “Yet it does not appear that the Post Office adequately considered or made relevant disclosure of problems or concerns with Horizon in any of the [prosecution] cases”
“On the contrary, [the Post Office] consistently asserted that Horizon was robust or reliable” (my emphasis). It also didn’t make any attempt to investigate when subpostmasters said there was a problem with Horizon.
This failure to disclose problems with Horizon and the failure to investigate reported problems — when involved in prosecutions — were “so egregious as to make the prosecution of Horizon cases an affront to the conscience of the court”. Each prosecution that succeeded “reinforced the asserted reliability of Horizon”.
I love court cases like this (see for example Judge Alsup’s cases) because they typically include (in England, at least) dry, withering descriptions of horrific technology systems in the classical judicial style. The full judgment outlines Horizon in paras 9-18, but in all the good kind of detail. For example, Horizon is still in use now (actually, it’s now the subject of a big replacement project to move to the Cloud, so… insert combination sigh/laugh), and if you do the maths (contract awarded in 1996, remember) that means there must be an Old Horizon System (referred to in the Horizon Judgment as Legacy Horizon”) and later a modernized version (“Horizon Online”) and apologies if this is triggering or traumatic in any way.
It’s offensive to see the Post Office leadership’s approach to what happened with Horizon. A system that was intended to reduce benefit fraud instead was used to prosecute innocent individuals. The people accused were not listened to. Management knew of defects but declined to investigate them.
Why might management do this? The judge in the High Court case (the case before the Court of Appeal) said:
“In my judgment, the stance taken by the Post Office at the time in 2013 (when a subpostmaster said Horizon had “put a phantom cheque on the [accounting] line” and spoke of going to his Minister of Parliament) demonstrates the most dreadful complacency, and total lack of interest in investigating these serious issues, bordering on fearfulness of what might be found if they were properly investigated” (my emphasis).
If only, you might cry, there had been better project management! If only there had been a risks register, for example! But of course there was. The previous case had a “heavily-redacted “Extract from Lessons Learned Log” of November 2015, in which a Post Office official acknowledged there had been “a failure to be open and honest when issues arise eg roll out of Horizon””.
Here’s some quick notes, and unfortunately, they would probably not come as a surprise:
This was a megaproject. A wholly irresponsible, PR-driven, fix-everything megaproject. The laundry list of objectives, the promises of full-automation, the perennial idea of dealing with substantial benefit fraud (when most studies [yeah, I know, citation needed] find that the level of fraud is pretty small, and fraud mitigation levels instead persecute claimants).
There were no users. Whether internal or external, it doesn’t look like the user experience was taken account of. What was supposed to be improved? What specific needs? Postmasters and subpostmasters didn’t have a choice about using Horizon.
A stupendous number of stakeholders: at the executive level, a parent department/agency (The Department of Trade and Industry) and the money (HM Treasury), the Post Office itself, the vendor and then all 60,000 post office staff who would need training.
A frankly irresponsible timeline (10 months to a full-scale pilot to all 19,000 post offices, transitioning from paper-based benefits books).
Fetishization of new technology: 1996, and the new system needs to use smart cards, and within 4 years, stakeholders can accept descoping to electronic bank payments, which are totally a thing in the UK unlike the uncivilized U.S.
Outsourcing of risk to the private sector. I can’t even begin with this one.
A big Digital Transformation project that goes wrong. Again.
A new procurement method, the Private Finance Initiative a magical innovative procurement policy where “private firms are contracted to complete and manage public projects”, and, well, financialization of government projects.
Charismatic megaprojects that survive administration changes (and even party political changes) in my view because of their unrealistic promises and the inability of leadership to see those unrealistic promises as a bunch of unrealizable bullshit, but are happy to leave someone else holding the bag.
The combination of promises and fear. There’s a note in the Court of Appeal judgment that the Post Office is one of the UK’s most trusted brands, and I’d have to agree: it’s true. The Post Office was incredibly trusted. That trust started to erode with its privatization, but Brits of a certain age have an image of the Post Office as a local institution. Management, I imagine, needed to protect that trust. Imagine saying that the entire accounting system of the Post Office was buggy.
So they chose the fear-based alternative instead of coming clean. They doubled down. They insisted that of course the system was trustworthy. They had to act as if the system was trustworthy. And that resulted in people going to jail, becoming estranged from their families, and died by suicide [The Evening Standard, April 12 2021].
The sister of the former post office worker who died by suicide said: “a bloody faulty computer system killed my brother”. [The Evening Standard, April 12 2021]
My heart goes out to Jayne Caveen. And I hate to do this: a computer system did not kill her brother. Horrible people in management killed her brother, and it’s easiest to blame it on a computer system.
People, people in management, people in positions of trust people running one of the most trusted institutions in England made those decisions to double down and to persecute and prosecute people knowing that the evidence wasn’t reliable and concealing that evidence wasn’t reliable. Intentionally not investigating reports for fear of what might be found, because it might affect public perception of trust, or because it might be discoverable and admissable in court. Cowardice, fear and a lack of integrity is what happened. Pride and boastfulness in a system that could never do what it could. Using technology was and is an excuse. Not taking responsibility is what happened.
Technology is for people and made by people and this is what happens when the people running it don’t realize that.
It doesn’t have to be like this. For that, writing for another day.
That’s it for today, with this Very Special Episode.
How are you doing?