The Horizon IT scandal, frequently called the largest miscarriage of justice in British history, is back in the headlines thanks to a prime-time ITV dramatisation. The resulting surge of interest has led to Paula Vennells, who ran the Post Office from 2012 to 2019, agreeing to return her CBE. But there’s also a technical underside to the very human story of power run rampant.
What was Horizon?
In layperson’s terms, Horizon was a till. More specifically, it was an electronic point-of-sale (Epos) system. It replaced the old paper-based tills that had been used in post offices across Britain with a new networked system. It was also the massive backend of those tills, that networked together the entire Post Office system.
What were the supposed advantages?
Replacing paper receipts with an electronic database should have saved post office operators time and effort, allowing them to manage their accounts at the push of a button. At the simplest end, for instance, the Horizon system could collate all the transactions over the course of a month and calculate how much cash was still expected to be in the Post Office’s coffers.
What went wrong?
The system was simply not up to the tasks placed on it. The Post Office knew as much as early as 1999, when trials run in preparation for the launch revealed “severe difficulties being experienced by subpostmasters”, the inquiry into the scandal heard.
One member of the development team, David McDonnell, who had worked on the Epos system side of the project, told the inquiry that “of eight [people] in the development team, two were very good, another two were mediocre but we could work with them, and then there were probably three or four who just weren’t up to it and weren’t capable of producing professional code”.
What sort of bugs resulted?
As early as 2001, McDonnell’s team had found “hundreds” of bugs. A full list has never been produced, but successive vindications of post office operators have revealed the sort of problems that arose. One, named the “Dalmellington Bug”, after the village in Scotland where a post office operator first fell prey to it, would see the screen freeze as the user was attempting to confirm receipt of cash. Each time the user pressed “enter” on the frozen screen, it would silently update the record. In Dalmellington, that bug created a £24,000 discrepancy, which the Post Office tried to hold the post office operator responsible for.
Another bug, called the Callendar Square bug – again named after the first branch found to have been affected by it – created duplicate transactions due to an error in the database underpinning the system: despite being clear duplicates, the post office operator was again held responsible for the errors.
after newsletter promotion
Were the problems all bugs?
No. Even if the system had worked as intended, it still fell short of acceptable standards. In 2015, for instance, the Post Office told the House of Commons inquiry: “There is no functionality in Horizon for either a branch, Post Office or Fujitsu to edit, manipulate or remove transaction data once it has been recorded in a branch’s accounts.” This was untrue, and the Post Office admitted as such four years later during a high court case.
In fact, staff at Fujitsu, which made and operated the Horizon system, were capable of remotely accessing branch accounts, and had “unrestricted and unaudited” access to those systems, the inquiry heard.