The Post Office IT scandal has attracted massive publicity this year, in the wake of ITV’s superb
“Mr Bates vs the Post Office”. Please watch it if you have not already done so.
This drama has generated pressure on the UK government, and pushed the scandal up the political agenda. The government has finally given more attention to the issues of compensation for the victims, and clearing the subpostmasters who were convicted of crimes which never happened.
I’m not going to talk about either issue here. I want to highlight the lack of interest in one of the more obscure, but nevertheless important, aspects of the scandal; the presumption that computer evidence is reliable. This is a difficult, messy problem. If there were a simple answer we wouldn’t be here in the first place.
I am part of a group of IT academics, experts and lawyers which has been campaigning on this issue for several years. I won’t repeat here in great detail our arguments against the presumption.
The presumption is wrong in principle and harmful in practice. When it recommended the repeal of section 69 of the Police and Criminal Evidence Act 1984 (PACE 1984) and the introduction of the presumption in its 1995 consultation paper [PDF, opens in new tab], and again in its 1997 final report [PDF, opens in new tab], the Law Commission was lamentably ignorant about the realities of modern computer systems.
I explained the Commission’s failings in depth in this article, “The Law Commission and section 69 of the Police and Criminal Evidence Act 1984”, which was published by the Digital Evidence and Electronic Signature Law Review in September 2023.
The Commission made three serious category errors. A category error is a mistake that is so serious that the culprit is not even talking about the right sort of thing, like discussing the regulation of fish farms as if salmon are the same as cows.
The first category error was the Law Commission’s belief that a computer was essentially the same as a single purpose electronic device, and that there was no difference between the behaviour of an individual computer and the behaviour of a nationwide network consisting of multiple components.
The commission talked repeatedly about whether “the computer” is working correctly and didn’t understand the subject well enough to know what every IT worker knows, that individual components might be working as expected but they can interact in ways that lead to error.
The second category error was to confuse hardware and software. The Commission assumed that the only question was whether the hardware was working correctly. Hardware is generally reliable, but the quality of software varies enormously, and this was true when the Law Commission was dealing with the issue in the 1990s. It was warned explicitly about the dangers of this error by the experts it consulted, but it ignored them.
The Commission quoted Mr Justice Steyn, who (R v Minors 1988) acknowledged that;
”…computers are not infallible. They do occasionally malfunction.
Software systems often have ‘bugs’. … Realistically, therefore, computers must be regarded as imperfect devices.”
Steyn, and the Law Commission, moved smoothly from hardware to software and back to hardware without realizing that they were talking about different things. They believed that computers might have bugs, but that this is an occasional problem (skating blithely over the obvious objection that prosecutions and litigation are far more likely to be concerned with occasional problems than mundane, routine matters). The reality is that hardware might fail occasionally, but software is inherently buggy. To talk of computers having occasional bugs is not just wrong, it is meaningless. Indeed, the thinking of Justice Steyn and the Law Commission was so detached from reality that it is tempting to say they weren’t even wrong.
The third category error was to misunderstand the role of computers in modern life, and this error was particularly significant in the Post Office Scandal. The Law Commission assumed that a computer was the same as breath-testing kit, that it allows its operator to see or understand more easily something that is objectively true or false and which can be verified by other means. This misunderstanding allowed the Commission to argue that rebutting a presumption of reliability should be straightforward.
13.18 Even where the presumption applies, it ceases to have any effect once evidence of malfunction has been adduced. The question is, what sort of evidence must the defence adduce, and how realistic is it to suppose that the defence will be able to adduce it without any knowledge of the working of the machine?
On the one hand the concept of the evidential burden is a flexible one: a party cannot be required to produce more by way of evidence than one in his or her position could be expected to produce. It could therefore take very little for the presumption to be rebutted, if the party against whom the evidence was adduced could not be expected to produce more. For example, in Cracknell v Willis the House of Lords held that a defendant is entitled to challenge an Intoximeter reading, in the absence of any signs of malfunctioning in the machine itself, by testifying (or calling others to testify) about the amount of alcohol that he or she had drunk.”
The Law Commission was arguing, in effect, that computer evidence could be refuted by independent witnesses vouching that it did not match external reality. That argument ignored a key feature of complex software systems; they produce output that is not readily available, or available at all, by other means. This happened in the Horizon prosecutions. The system calculated deficits and was the only source of information about an alleged deficit. The only alternative was a physical count and, of course, when that produced a different result it confirmed the deficit rather than disproving the system. The defendants claimed that they did not steal the money but there were no independent witnesses to confirm their story.
A defendant might call on the services of a forensic computer expert as a witness, but legal aid funding is insufficient to allow experts to investigate a complex software system in sufficient depth to explain why computer evidence is flawed. This would be a realistic option only if the supplier of the evidence actively co-operated, in which case there would be no need to hire such expensive expertise.
If the supplier of computer evidence chooses not to divulge contradictory evidence which would undermine their case then the presumption will be accepted. It is not necessary for suppliers of evidence to be dishonest. If they are incompetent and disorganised they will not possess the information they should disclose to the court. Incompetent producers of software might not even realise that they are misleading the court. The more clueless they are the more persuasive they might appear.
In practice the presumption means that a defendant, or the other party in a dispute, faces an impossible burden if they wish to refute computer evidence while the supplier of the evidence chooses not to disclose relevant problems. This has the effect of reversing the burden of proof.
The Law Commission recommended the repeal of PACE 1984 section 69 because it was concerned about the cost and wasted time that would arise if the reliability of computer evidence had to be proven before it could be deemed admissibly by a court. The concern was valid, even if the solution was appalling. Proponents of reform must therefore offer realistic alternatives if they are to be taken seriously and prompt the UK government into action.
Two possible solutions have been put forward. The first came from the group of lawyers and computing academics and IT experts to which I belong. The second was proposed by Alistair Kelman and Richard Sizer, experts who were misunderstood and misrepresented by the Law Commission in the 1990s.
”Recommendations for the probity of computer evidence”
In August 2020 Alex Chalk MP (then Parliamentary Under-Secretary of State at the Ministry of Justice, later HM Solicitor General for England and Wales, and at the time of writing Lord Chancellor and Secretary of State for Justice) asked Paul Marshall, Barrister, to submit a paper with recommendations for improving
the existing approach for submitting computer to courts. The group to which I belong submitted our paper to the Ministry of Justice in November 2020. There has been no action in response.
Our paper, “Recommendations for the probity of computer evidence” was published by the Digital Evidence andd Electronic Signature Law Review. The paper was also summarized into a briefing note, “The legal rule that computers are presumed to be operating correctly – unforeseen and unjust consequences”.
We recommended a two stage approach. The first stage would require providers of evidence to show the court that they have developed and managed their systems responsibly, and to disclose their record of known bugs. The first stage would involve disclosure of the following documents;
- known bugs, error logs, release notices and similar documents,
- security standards and processes,
- relevant audits of systems and IT management,
- evidence of responsible change management
A credible person with appropriate authority would be expected to confirm the accuracy of these documents. If nobody could do so, or if the disclosure revealed serious, relevant problems, or that the supplier of evidence was not managing their systems responsibly then there would a second stage. Here the onus would be on the supplier to prove that none of the failings revealed affected the reliability of the specific evidence submitted to the court.
Crucially, responsible organisations would maintain the documents required for stage one as a matter of routine, good management. The absence of these documents would be a telling indication that the evidence offered to the court is not reliable.
The ”Seven Statements” from Alistair Kelman and Richard Sizer
Alistair Kelman and Richard Sizer proposed their solution to this problem in their 1982 book “The Computer in Court”. Their proposal would mean that anyone who wanted to rely on computer evidence in court would have to provide an affidavit, or deposition, consisting of seven statements. This would provide the court with the information required to decide whether the evidence could be relied upon. I will quote from the 2nd edition of their book, published in 2011, which is available free online. See pages 55-56. However, the 1982 1st edition, which the Law Commission cited in its 1995 consultation paper, has exactly the same proposal.
Statement One should deal with the qualifications and experience of the person in charge of the computer system. This is to establish that he is capable of swearing such a document.
Statement Two should consist of a description of the computer system with reference to each of the components in the system by brand and model number, e.g. a Kamikaze DDB7 with the Asthma 2.6 operating system running custom written payroll programs.
Statement Three, a long statement, should deal with the quality of the individual components by reference to the development time involved in their creation. For example reference could be made here to any technical literature or manuals which were used, giving the number of man hours involved in their original development. Manufacturers of quality products would gladly assist in producing technical evidence of this kind.
Statement Four should deal with the testing and documentation standards applied to any custom written software. If the software had been bought-in, the software house, if reputable, should be willing to provide information on its testing and documentation standards.
Statement Five should deal with the procedures for logging updates to the software and the qualifications of the subordinate staff involved in the computer system.
Statement Six should deal with the physical and electronic security features of the installation.
Finally, Statement Seven should indicate how the particular computer printout came into existence and what it purports to show. In this section the person in charge can say that no faults manifested themselves during the material time which would indicate to him that the computer evidence could not be relied upon.
As with our group’s ”Recommendations for the probity of computer evidence” the Seven Statements should be available as a matter of course in well managed IT installations. Six of the seven statements regarding the reliability of the computer evidence could be pre-written and available for inspection at any time. Only the seventh would have to prepared for the court case in question.
Alistair Kelman’s twist in the tail – liability insurance
Alistair Kelman provided an interesting additional twist to his argument about the need for the Seven Statements test when he wrote an article for Computer Weekly in November 2023, “How to solve the computer evidence problem”.
…the change to bring in the Seven Statement Test could be implemented at no cost to the public purse by adopting a sensible risk management provision in respect of business insurance. This would be that if any company or organisation failed to have a comprehensive and up-to-date Seven Statement Test statement available for use in reliance upon its computer records, the automatic consequence of this would be that any Directors and Officers Liability insurance cover taken out by the company or by its directors and officers would be void. This rule would apply to private companies as well as
public companies.By this means the risk of criminal convictions arising from bad computer evidence would be moved from people, such as the defendants in the Post Office Horizon cases, to the directors and officers of the Post Office who could otherwise hide behind the corporate veil.
Such a reform would surely force directors to take their responsibilities seriously and ensure that their computer systems are developed and managed responsibly.
What next?
What will the government do about this? Until Mr Bates vs the Post Office pushed the Horizon IT scandal to the top of the political agenda the answer was clearly nothing. This was a difficult problem that had not gripped the attention of voters and the government had no intention of doing anything.
On 17 May 2022 James Cartlidge, Parliamentary Under Secretary of State (Ministry of Justice), made this statement in the House of Commons, when asked whether the government planned to assess presumption that
computer evidence was reliable.
”We have no plans to review the presumption, as it has wide application and is rebuttable if there is evidence to the contrary.”
This position, that the presumption is rebuttable, is obviously untenable nonsense, but the government could get away with it provided that only experts noticed and cared. That is no longer the case.
Doubtless it will be possible to find problems in the detail of the proposals for reform that I have outlined. If so, defenders of the status quo should come forward and explain why the proposals are flawed.
I thought carefully before accusing the Law Commission of committing category errors in its reports. I believe the accusation is justified. The Commission’s knowledge of computing was so poor and outdated that it rendered all its arguments absurd. It is as if our laws governing motor vehicles were crafted in the belief that they are essentially the same as horses.
The presumption was ludicrous in 2000 when it came into effect. Subsequent developments and advances have only made the problem worse. Computer systems and networks have become more complex and harder to understand and interpret. Shoddy practice in the development and management of systems is still rife. The presumption’s dangerous irrelevance will only become more of a menace as AI spreads and quantum computers enter wider use. How can anyone presume that AI systems or quantum computers have operated correctly as if they were simple mechanical devices. The current legal system in England and Wales is not remotely fit to cope with modern technology.
This is not a problem that can be dismissed because there is no easy, or obvious solution, or because there are flaws with the only solutions that have been offered. What should be done if not some variant of these reforms?
What will the government do? The government should either set out its own proposals for reform or it should present a credible defence for inaction. Spouting nonsense won’t do. If the government insists on waiting to see if the statutory Post Office Horizon IT Inquiry will recommend reform it will be guilty of wasting time. The case for reform is clear. The government has a responsibility to act by referring the problem back to the Law Commission, which cannot take action on its own initiative. Anything else is an abdication of responsibility.
James Christie's Blog 