The Post Office scandal shows the perils of putting our faith in IT

What was telling in the cases of the Post Office operators suspected of fraud was the lack of corroborative evidence.

They were supposed to have stolen thousands of pounds, yet there was precious sign of the money being spent on anything. There were no flash sports cars, speedboats, foreign villas or exotic holidays; no debts were paid off, and no cosmetic surgery occurred. If one subpostmaster had been careful and discreet, then that was possible, but 700 of them? It didn’t add up.

According to an expert drafted in by the Post Office to examine the computer data suggesting fraud or false accounting on a mammoth scale, it was this that first alerted them – the signal that something was odd. They were asked if the evidence against the subpostmasters was robust enough to be used in a court of law, in civil and criminal proceedings.

It was striking how these alleged villains had not splashed their ill-gotten gains. Nevertheless, there was no other explanation for what had occurred.

The convictions were drawn from files of a flawed Horizon IT system, supplied by Fujitsu, that was producing phantom transactions and thus creating discrepancies. That data was never properly challenged, due to a legal presumption that evidence from a computer is correct unless proven otherwise.

The expert was also questioned as to whether it was possible that the records had been tampered with; if a third party could somehow have gained access and manipulated them. Of this, there was no chance. It was down to the software alone.

Following this galling experience, the expert in question is one of several computer technicians and lawyers who are calling for an urgent change in the law.

The presumption that nothing is broken originates from a common law principle that “mechanical instruments” should be assumed to be working properly – typically it was applied in cases involving clocks, which it was presumed could be relied on to keep good time.

With the advent of computers, this was reversed in 1984, under the Police and Criminal Evidence Act, to require that anyone introducing computer-generated evidence must show that the system was operating and being used correctly.

But a 1997 review of the law covering hearsay evidence led to the courts being instructed once again to assume that computers are working properly, and that evidence based on their data is admissible. This is the current law, and the same principle is followed in other countries, among them New Zealand, Singapore and the US.

So from 1997, the onus to show that the computer was mistaken was put firmly back on the defendants.

That’s where the difficulty lies. The accused always struggle. They don’t have the same access to audits, designs, specifications, operations – precisely the information that might prompt the suggestion that the data being relied on is not guaranteed to be correct; that it might contain errors.

In the Post Office case, it was possible to link the glitches in the computer with the financial accounts – and, in the end, miscarriages of justice were revealed to have taken place.

At least they were exposed. There may have been numerous instances in which computer-generated evidence was used to convict or to obtain substantial damages where no wrongdoing occurred, but it’s impossible to say so for certain.

At a minimum, critics are demanding that there should be corroboration; that if someone is said to have stolen something, there should be an indication as to what happened next and where the money went.

It may be a positive to emerge from the Post Office debacle if, once the official inquiry is complete – or even before then – the law is able to be altered. It would have implications for all sorts of cases in which computer records are central to the proceedings.

“Without corroborative evidence, the rule should be that data cannot be depended upon,” said the IT expert drafted in by the Post Office. “The presumption of the last 27 years, of the infallibility of technological evidence, must no longer apply.”

They are supported by the IT professional body, BCS, which is formally calling for an end to the legal presumption that computer systems data is always correct, with no burden on the prosecution to prove it.

Dr Sam De Silva, chair of the BCS Law Specialist Group and technology partner at international law firm CMS, says: “The Post Office scandal highlights the dangers of unquestioningly accepting the output of IT systems as reliable evidence. There remains a legal presumption that the computer is always right.

“The Post Office could rely on the common law position that the courts were entitled to assume that the IT system was operating correctly.

“Without the benefit of the advice of IT experts supporting them, it was for the Post Office staff to prove that the outputs and logs from the computer system were flawed or not accurate. Yet how could non-IT specialists be expected to prove this when even some experienced IT professionals would find it a challenge to do so?

“If the Post Office had been required to prove that its computer system was operating reliably, most of the individual cases against the Post Office staff may well have had a different outcome.

“Organisations relying on evidence generated from computer systems to support prosecutions should be required to prove that the underlying computer system is reliable; we hope this will be a clear recommendation from the current inquiry.

“Whilst the Post Office scandal is the most high-profile case where the law in relation to the presumption of computer-generated evidence had inadvertent consequences, there have also been other cases in the past with similar issues.

“For example, there was a case involving a hospital in 2014 (R v Cahill; R v Pugh) involving an allegation that nurses falsified patient records because of discrepancies found with computer records. The presumption of computer-generated evidence led to a criminal trial.

“However, this trial was abandoned when the cause of the discrepancies was shown to be a problem with the IT database.”

Computer-generated data evidence covers myriad aspects of our daily lives – from unwanted car-parking fines and mobile phone usage to airline data, travel records, and more. It’s routinely deployed in enforcing penalties and prosecuting crime, even when the underlying data storage systems are demonstrably unreliable and were never intended to be used in this way.

The potential for another Horizon-type scandal, with a raft of fresh appeals, is considered real and obvious by leading criminal lawyers. Switching the presumption has implications too for AI and how that will play out legally.

It’s a small consolation but who knows, the suffering of those wrongfully convicted in the Post Office case might force a change that prevents others from experiencing the same pain.