POL00023431
POL00023431
Confidential and legally privileged
Goud Dickingor
Remote Access Rider
1. ACCESS TO HORIZON DATA
441 At several points in your letter you allege that Post Office has been tampering with transaction
data, suggest that this was the root cause of shortfalls in branches and that Post Office has
attempted to cover up this fact.
1.2 Before addressing this point in detail, we note that:
1.21 Post Office (as distinct from Fujitsu) does not have the ability to directly change
transaction data without a postmaster'’s knowledge. [TO BE DOUBLE CHECKED BY
DELOITTE]
1.2.2 You have not identified any change to transaction data by Post Office of Fujitsu that
was conducted without a postmaster’s knowledge.
1.2.3 There is no plausible reason why Post Office or Fujitsu would manipulate transaction
data so to intentionally make a branch's accounts inaccurate. This suggestion beggars
belief. Indeed, it would be detrimental to Post Office, placing it in breach of regulatory
requirements and contracts with its commercial partners.
1.2.4 The alleged manipulation of transaction data to create shortfalls affecting 198
Claimants over a 16 year period could not be happenstance. It would have required a
massive coordinated effort between Post Office and Fujitsu over a long period. The
idea that two commercial entities would have engaged in such a fraudulent practice for
years and for no desirable purpose is absurd.
1.3 This line of enquiry makes good headlines but has no substance. Taking a step back, one very
quickly realises that this allegation is irrational and is not the root cause of the shortfalls in Post
Office branches.
1.4 Since our Letter of Reply, Post Office has undertaken further investigations into the safeguards
put in place to prevent branch data being accessed and edited without the consent or knowledge
of Postmasters. In summary, all transactions recorded on Horizon that make up the branch
accounts are either inputted or approved by branch staff before they form part of the branch
accounts save in two limited circumstances:
1.4.1 Transactions input by Global Users physically present in branches.
1.4.2 Balancing Transactions.
Global Users
1.5 We addressed Global Users in our Letter of Response. The existence of Global Users has
always been known to postmasters and their actions would be entirely visible to postmasters.
1.6 If any of the Claimants are alleging that a Global User inappropriately conducted transactions in
their branch, please provide details of this. Alternatively, please confirm that Global User access
is not being alleged as the root cause of shortfalls in branches.
Balancing transactions
17 We addressed Balancing Transactions in our Letter of Response. Further investigation has
concluded that any Balancing Transaction input into the Branch Database’ are identifiable by
1 The Branch Database holds the live version of the transaction data used in day to day operations. It is
located on a server in a central data centre. Transaction data (other than the immediate data for a
4A_34370494_1 1
POL00023431
POL00023431
Postmasters as they appear on the transaction log report to which Postmasters have access (and
which they should review when trying to resolve a shortfall in the branch accounts). The
transaction user ID will not appear as that of any member of staff at the branch, but appear in the
format of “SUPPORTTOOLUSER99Q”.
1.8 The use of Balancing Transactions was disclosed to Second Sight during the mediation scheme.
This, in addition to the fact that Balancing Transactions show up in the branch accounts, means
that there can be no sustainable allegation that the existence of Balancing Transactions was
concealed from Claimants.
1.9 Even if the possibility of Balancing Transactions could be said to have been concealed, it is
fanciful to suggest that Balancing Transactions are, in fact, the root cause of shortfalls suffered
by 198 Claimants.
Administrator access
1.10 There are a number of authorised staff at Fujitsu who have "administrator access" to the core
functionality of Horizon. This access does allow Horizon to be changed, including the raw data in
its databases, and those amendments can result in the addition, deletion or modification of
transaction data. In theory, changes could be made to the Branch Database which could then
manifest as a discrepancy in a branch's real-world accounts.
1.11. During Second Sight's investigations, Post Office made enquiries of Fujitsu and Fujitsu confirmed
that there was no ability within Horizon to delete or change transaction records created by a
branch.
1.12 Post Office relied on Fujitsu's guidance when dealing with Second Sight, responding to cases in
the Scheme and making public statements. In light of what Post Office now knows about
administrator access, specifically the ability of administrators to change Horizon in a way that
could affect a branch's accounts, it accepts that certain statements it has made historically might
not have been correct. It is regrettable that this has happened and that this has only now come
to light, but Post Office does not accept that this has caused any harm to any Claimant.
1.13 Post Office's statements must be viewed in their full context:
1.13.1 First, the questions raised around "remote access" have changed over time and Post
Office has always responded to these questions. One cannot therefore attribute a
statement made several years ago to a question being posed today. To do so, would
be to take those statements out of context. For example, in the context of Second
Sight's work:
(a) The original "remote access" allegation came from Mr Michael Rudkin who
alleged (in Spot Review 5) that Fujitsu was running a "black ops centre" from the
basement of its office in Bracknell. This was checked and proven to be wrong as.
there was no live connection to Horizon in the basement.
(b) A different formulation of this issue raised by certain postmasters and Second
Sight was whether Post Office could "access" Horizon data. Post Office has
always had the ability to "access" (in terms of read only access) Horizon data and
it took some time to clarify with Second Sight what they were alleging.
(c) Second Sight also asked whether Post Office could remotely log on to a branch
terminal and conduct transactions in the name of a postmaster. Post Office /
transaction being conducted in real time with a customer) is not held locally on terminals in branches.
For example, when a postmaster in a branch requests on his local Horizon terminal a list of all the
transactions conducted on a specific day, this data is drawn from the Branch Database and sent over the
internet to the terminal in the branch. A similar flow of data happens when conducting transactions and
rolling over a branch's accounts.
4A_34370494_1 2
POL00023431
POL00023431
Fujitsu can log on to branch terminals for support reasons but cannot conduct
transactions through this route.
(d) Second Sight also questioned whether Post Office could post transactions into a
branch's accounts without a postmaster’s knowledge. This is the Balancing
Transaction issue that is addressed above and was disclosed to Second Sight.
(e) Finally, the question reached its current incarnation about changing the raw data
in Horizon in such a way as to effect changes in branch accounts.
In response to these issues, the responsible persons at Post Office made due
enquiries and provided fair responses on what was a highly technical and complicated
subject matter.
1.13.2 Second, we're not aware of an allegation that t Post Office made incorrect statements
before Second Sight began its work in 2012. By this time, many of the Claimants had
left their branches and so could not have relied on Post Office's allegedly incorrect
statements. In any event, you have presented no evidence that a postmaster has
relied on any such statement by Post Office or suffered a detriment as a result.
1.13.3 Third, certain of Post Office's statements were describing the functions of the Horizon
system as designed, not what Horizon could be changed to do or show using
administrator access. These statements were therefore not incorrect.
1.14 In light of the above, Post Office's position is that it has neither committed fraud nor deliberately
concealed any relevant matter. Depending on the particular statements made and the particular
Claimants receiving those statements, this is because either (i) it has not made untrue
statements or (ii) in relation to any untrue statements it has made, those statements were bona
fide believed to be true when made.
1.15 You have made, in general terms, very serious allegations that Post Office has committed fraud
Should the Claimants wish to pursue this point further, these claims must be set out in detailed
pleadings. Pleadings are needed to identify what (if any) an untrue statement was made to a
particular Claimant and, if so, how that Claimant relied on that statement. Post Office is not
aware of any Claimant that satisfies both these criteria.
1.16 In any event, regardless of what was or was not known or said historically, it is again fanciful to
suggest that administrator access is, in fact, the root cause of shortfalls in branch accounts. If
you are saying that Fujitsu has misused its administrator access so to deliberately create
shortfalls in a branch's accounts, this would be a further allegation of fraud and again this would
need to be fully pleaded in relation to each Claimant. At the moment we do not understand how
you say Post Office (as distinct from Fujitsu) was involved this alleged fraud or why Post Office
would be complicit in this.
1.17. At paragraph 194 you ask whether the Courts have ever been informed about "remote access"
issues. To answer that point would require a review of dozens of prosecutions and civil cases,
which would be disproportionate at this stage.
1.18 In response to paragraph 195, Post Office is aware of Professor McLachian's evidence. This
evidence was put before a jury and they found that Seema Misra was guilty of theft.
4A_34370494_1 3