Microgen - stock.adobe.com

A trial relying on computer evidence should start with a trial of the computer evidence

Learning from the Post Office Horizon scandal - the most widespread miscarriage of justice in recent British legal history

Together with seasoned digital lawyers such as emeritus professor Steve Saxby and barrister Stephen Mason, I and other experienced forensic expert witness ICT professionals have for many decades been warning of the non-validity of the “presumption of the reliability of computer evidence”. 

Over the past 30 years, having earlier carried out for HM Treasury, on behalf of the five major UK departments of state, my Verdict and Appeal studies into the legal reliability and security of computer software, systems and evidence, I have written many published articles and learned journal papers that have included putting forward the proposition that any trial relying on computer evidence should first commence with a trial of the computer evidence.

That well-posted proposition needs fresh consideration by lawmakers following the December 2019 English High Court Bates v Post Office judgments on the faulty prosecutions, over a 20-year period, of hundreds of innocent people for alleged misappropriation of funds. The resulting convictions relied on ineffectively challenged digital evidence, “presumed reliable”, from the Post Office’s defective Horizon system – the most widespread miscarriage of justice in recent British legal history. (See Computer Weekly's coverage of the Post Office Horizon scandal, below).

As a computer software and systems expert witness, I regularly deal with computer evidence, addressing the issue of its reliability and challenges thereto – from a practical, “in the litigation trenches” perspective. In my experience, the “discovery” of evidence, that is - disclosing it, and meeting objections to its disclosure - have been recurring features of the hundreds of cases in which I have been involved. 

That goes for the totality of the evidence, of which computer/electronic evidence, documents, algorithms, specifications, data, inputs/outputs, software, systems, fault tickets, logs, and so on, are but a part. Litigation lawyers, experts and the courts never “presume” anything about any evidence, in my experience.

Generally, disclosure becomes a sometimes key, tactical part of the whole case, and it can get massively argued over. There have been cases where specific issues, such as, “Can a machine give direct trusted evidence of its own functioning and outputs?” and “Is there an obligation to disclose passwords or crypto wallet addresses in order that evidence from a device or system may be accessed?” have been tortuously addressed, and disclosure precedents set. 

The bottom line is that well-practised ICT litigation solicitors, working with senior counsel and expert witnesses, generally manage to get judges to grant reasonable disclosure orders concerning computer evidence on a routine basis – digital evidence, and any supposed “presumption” as to its reliability, is always diligently examined, and robustly probed.

So what went wrong in the Horizon system case, causing 20 years of faulty prosecutions based on defective computer evidence? Why did lawyers and experts acting for defendant subpostmasters and subpostmistresses in these harrowing cases fail to get access to, and proper technical examination of, the subject computer software and systems development and testing records, fault ticket data and operational logs – evidence that only the Post Office controlled, and, it seems, always refused (or was never ordered) to provide to those defendants’ legal and expert teams.

I was approached to be an expert witness on behalf of a defendant accused in a Horizon system case right at the start of the affair in 1999. If the solicitor seeking my assistance with one of those first Post Office prosecutions could have obtained legal aid to engage me professionally on behalf of the subpostmistress client, and if that legal aid would have been of sufficient level to allow me to carry out my standard penetrating technical forensic investigation demands for, and analysis of, the Post Office’s computer evidence, then I believe it is highly likely that I would have identified, revealed, explained and/or demonstrated the systems fault(s) that were undiscovered and/or ignored when proceedings were subsequently pursued by the Post Office with legal actions over the next two decades, against hundreds of other subpostmasters and subpostmistresses. 

And who knows, much of the 20-year saga of flawed Post Office prosecutions based on faulty Horizon system evidence might then have been largely avoided.

Finding out what went wrong is now a matter of urgent importance – not just in terms of public and judicial administrative probity, to ensure that “lessons are learned”, appropriate actions taken, including, if need be, a change in the law, and such a miscarriage of justice cannot happen again, but to establish to what extent there was a failure of both ICT professionalism and management due diligence by the teams materially responsible for Horizon, its associated systems, and related decision-making, within the Post Office.

And it’s not as if we haven’t been here before. Some 18 years ago, in an invited Computer Weekly piece, Thought for the day: Learn from the tax credits debacle, I wrote: “The… roll-out of… tax credits should have been delayed. [The project managers]… decided to pull resources from vital performance testing of the system. Someone should have called a halt and substantially replanned the whole project… Someone should have blown a whistle… The important question is, did… senior managers go live with the… roll-out of a system… crucial to… daily lives… in the knowledge that the system would not necessarily be stable and error-free? 

“If the answer to that is ‘yes’… then the matter is very serious and it should not end there... Parliament should give the Public Accounts Committee wide powers to appoint its own truly independent and forensically experienced IT expert teams…  But if nothing changes and we leave… critical… IT procurement in the hands of well-meaning IT innocents, what hope have we that this appalling state of affairs should ever end?”

Simply substitute “PO Horizon” for “tax credits”.

My recommendation for the way forward is that the UK government's existing judge-led Horizon inquiry should include investigation of the ICT issues and presumption in law that computer evidence is accurate, supported by a team of experienced independent professional forensic ICT experts.  The latter could be designated, say, the forensic ICT-expert algorithm and computer taskforce (FIACT), and it could also in future play a vital role in monitoring and auditing the “government by algorithm” that is increasingly being imposed on citizens without their consent. 

This Horizon inquiry must have wide powers to: examine the facts, circumstances, genesis and conduct of the Horizon system debacle; and address the underlying (faulty)presumption of the reliability of computer evidence, from both legal and technical points of view.

It should absorb, and be guided by, the weight of scholarly and practitioner literature, plus “litigation trenches” protagonist evidence from lawyers and forensic expert ICT professionals concerning the ontological unreliability and insecurity of computer systems – arising as much from human imperfections in computer systems development and operational “good governance” principles and guidelines, as from intrinsic “open” von Neumann computer architecture and Gödel’s Incompleteness Theorem.

Stephen Castell is a computer software and systems expert witness and chairman of Castell Consulting.

Read Computer Weekly's coverage of the Post Office Horizon scandal

Read more on IT for retail and logistics

CIO
Security
Networking
Data Center
Data Management
Close