Confidential and legally privileged
Remote Access Rider
POL00023434
POL00023434
i
i
ACCESS TO HORIZON DATA
At several points in your letter you allege that Post Office has been tampering with transaction
data, suggest that this was the root cause of shortfalls in branches and that Post Office has
attempted to cover up this fact. ~ if
» de we mim Thal we tan dol
“ndwwe erly”? Aas @ woot
1.24 Post Office (as distinct from Fujitsu) does not have the ability Genser 2 shoutd br
transaction data without a postmaster’s knowledge. [TO BE DOUBLE CHECKED BY ACCESS Ther
DELOITTE) speciGe . I
1.22 You have not identified any change to transaction data by Post Office orf Fujitsu that
was conducted withoul a posimaster's knowledge.
Before addressing this point in detail, we note that:
There is no plausible reason, sor hive you pul forward; why Post Office or Fujitsu [ Commented (U4): iat there is no plausibe reason
would maripulate transaction data so to intentionally make a branch's accounts for why Fu woula manipulate transaction dota, rather then
inaccurate, This-suggestion-beagars-beliel. Indeed, it would be detrimental to Post POL?
Office, placing it in breach of regulatory requirements and contracts with its commer I 1 POL were able to, and did maniguiae Wansaction datato I
partners, I causo shortfalls: and these shorts were then matia good by I
I
I Postmasters; would it not increase Post Office's ravens?
1.2.4, ‘The alleged manipulation of transaction data to create shortfalls affecting 198
Claimants over a 16 year period could not be happenstance. it wou'd have required a my woud fo se * Massie fous and ne sane
massive coordinated effort between Post Office and Fujitsu over a jong period. The —
idea that two commercial entities would have engaged in such a fraudulent practice for oe
years and for no desirable purpose is absurd Commented {MU2}: m0! sis this
I eeids mach 0 the argument?
ph
‘This line of enquiry makes good headlines but has no substance. Taking a step back, one very
quickly realises that this allegation is irrational and is not the root cause of shortfalls ir Post Office
branches.
AP: We were trying to add a sense of scale ~ eg, it wasn't
just a few stip ups or a rogue employee. Happy fo
reconsider, .
Since our Letter of Reply, Post Office has undertaken further investigations inte the safeguards
put in place to prevent branch data being accessed and edited without the consent or knowledge \ ab
of Postmasters. In summary, all transactions recorded on Horizon that make up the branch f .
accounts are either inputted or approved by branch staff before they form part of the branch I
accounts save in two limited circumstances: I
144 Transactions input by Global Users physically present in branches. I
I
4.4.2 Balancing Transactions. I
I
Global Users i
‘We addressed Global Users in our Letter of Response. The existence of Global Users has
always been known to postmasters and their actions would be entirely visible to postmasters.
if any of the Claimants are alleging that 2 Global User inappropriately conducted transactions in
their branch, please provide details of this. Alternatively, please confirm that Global User access
is not being alleged as the root cause of shortfails in branches
Balancing transactions
i
I
‘Formatted: English (United States)
i
i
i
i
i
———
a
located on a server in a ci
transaction being conducted in real
For example, when a postmaster in a branch requests an
transactions conducted on a specific day, this data is drawn from the Branch Database and sent over the
internet to the terminal in the branch. A sinnilar flow of data
We addressed Balancing Transactions in our Letter of Response. Further investigation has
concluded that any Balancing Transaction input into the Branch Database’ are identifiable by
Postmasters as they appear on the transaction log report to which Postmasters have access (and
which they should review when trying to resolve a shortfall in the branch accounts). The
transaction user 1D will rot appear as that of any member of staff at the branch, but appear in the
format of SUPPORTTOOLUSERS®"
The use of Balancing Transactions was disclosed to Second Sight during the Complaint Review
ation scheme. This, in addition to the fact that Balancing Transactions show up in the
branch accounts, means that there can be no sustainable allegation that the existence of
Balancing Transactions was concealed from Claimants.
Even if the possibilty of Balancing Transactions could be said to have been concealed, it is
fanciful to suggest that Balancing Transactions are, in fact, the root cause of shortfalls suffered
by 198 Claimants. if any of the Claimants ze allecma that a Bate clon. wos
inappropriately used in their branch, please. y_nlease contin
being alleaed 2
fice. pal Fthere are a humbet of
(who have “administrator access” to the core functionality of Horizon.
jorizon to be changed, including the raw data in its databases, and those I
CARFEST in the addition, deletion or modification of transaction data. In theory,
“—""Ghianges could be made to the Branch Database which could then manifest as a discrepancy in a
branch's real-world accounts.
Pagtseraanh Reese
sais ughatnvannvesedeg cents
pone vit
Post Office relied on Fujitsu's guidance when dealing with Second Sight, responding to
cases in the Scheme and making public statements. In fight of what Post Office now knows about
administrator access, specifically jhe abiity of administrators to change Horizon in a way that
could affect a branch's,accounte( it accepts that certain statements it has made historically might
not haye been Conectbe is regrettable that this has happened and that this has only now come
to ian not accept that this has caused any harm to any Claimant,
Post Office's statements must be viewed in their fall contoxt:
a
1 Post Olfice doc
First, the questions raised around “remote access” have changed over time and
Post Office has always responded to these questions. One cannot therefore attribute a
statement made several years ago to a question being posed today. To do so, would
be to take those slatoments out of context. For example, in the context of Second
Sight's work
ral data centre. Transaction data (other than the immediate data for a
1¢ with @ customer) is not held iccally on terminals in branches.
is loca! Horizon terminal a list of all the
appens when conducting transactions and
coling aver a branch's accounts.
4a 4374000,4
I answer, Second, it doesn't change the concealment point
r
POL00023434
POL00023434
trad operate Te
gvacter »
‘Conmented [MU3]: Only tobe inciudad if this does not
‘contradict what POL became avare of with Page 6 of Deiite's
2014 Board Erefing Paper
AP: My understanding Is that the briefing paper referred
to the audit store and this could not affect branch
accounts. I will double check with Detoitte
‘Commented [MU4]: How many, over how many years?
AP: Currently 34 — but that sounded large so we fet it out
Also it changed over time.
‘Commented [MUS}
I hay understanding is that enough this may be possi
controls that ere in place are adhered to (spectically the
segregation of dutias), than any change would leave an aust
tra. tis only whan the controls that are in piace are rot
aachreres to (by Fa) that leaves the possibly for no auctt trait I
to be lot
ithe
tt his is coreet, then I think we should include this i
qualification. tam not however clear whether the aut tail
would be visible fa the branch accounts oF just tie ARQ data? I
AP: I've not mentioned the audit trail point for two
reasons. First, we're stil not 100% sure of the correct
I “either £3 ean change data or they can't whether it
feaves an auuit tral is a different matter ~ alveit one that
I dowa the ine wilt become very "
Commented [MUG]: Presumanly we wil need lo share
vith Fujitsu prior to replying to Fresths?
AP: We don't have to, but we probably should
Do we Twante
these Sareneds
(ar rerpomaer &
speck quarters
we acy aly
weaved, w at
Anak rHey maul
wok Re eo
),
/
i
i
i
t
:
'
/
:
/
/
/
/
'
I
L
i
/
/
/
:
:
/
I
POL00023434
POL00023434
@)
The original "temote access" allegation came from Mr Michael Rudkin who
alleged (in Spot Review 5) thal Fujitsu was running a "black ops centre" from the
basement of its office in Bracknell. This was checked and proven to be wrong as
there was no live connection te Horizon in the basement,
©)
A diferent formulation of this issue raised by certain postmasters and Second
‘Sight was whether Post Office could "access" Horizon data. Post Office has
always had the ability to "access" (in terms of read only access) Horizon data and
it took some time to clarify with Second Sight what they were alleging.
©)
terminal and conduct transactions in the name of a postmester. Post Office /_ >”
Fujitsu can log on to branch terminals for support reasons bul canna conduct
transactions through this route.
Second Sight atso asked whether Post Office could remotely log fa abi
Second Sight also questioned whether Post Office could post transactions into a % . > ow
branch's accounts without a postmaster’s knowledge. This is the Balancing agin i Mas fo
Transaction issue that is addressed above and was disclosed to Second Sight, ey
€
Finally, the question reached its current incarnation about changing the raw data
in Horizon in such a way as to effect changes in branch accounts,
e)
In response to these issues, the responsibie persons at Post Office made due
enquiries and provided fair responses on what was a highly technical and complicated
subject matter
_.__. Second, we're not aware of an allegation that! Pest Office made incorrect
statements before Second Sight began its work in 2012. By this time, many of the
Ciaimants had ieft their branches and so could not have relied on Pos! Office's
allegedly incorrect statements. In any event, you have presented no evidence that a
posimaster has relied on any such statement by Post Office or suffered a detriment as
a result
Third, certain-of Post Office's statements were describing the functions of the
Horizon system as designed, not what Horizon could be changed to do oF show using
administrator access. These statements were therefore not incorrect,
In tight of the above, Post Office's position is that it has neither committed fraud nor
deliberately concealed any relevant matter. Depending on the particular statements made and
the particular Claimants receiving those statements, this is because either (i) it has not made
untrue statements or (ij in zelation to any untrue statements it has made, those statements were
bona fide believed to be true when made.
You have mad, in general terms, very serious allegations that Past Office has
committed fraud. Should the Claimants wish to pursue this point further, these claims must be
set out in detailed pleadings. Pleadings are needed to identify what (if any) an untrue statement
was made to a particular Claimant and, if so, how that Claimant relied on that statement. Post
Office is not aware of any Claimant that satisfies both these criteria,
In any event, regardless of what was or was not known or said historically, itis again
fanciful to suggest thal administrator access is, in fact, the root cause of shorfalls in branch . . a
accounts, Ifyou are saying that Fujitsu has misused its administrator access sa to deliberately ‘Commented [MUZ]: Could / should we ist nove a of the
create shortfalls in a branch's accounts, this wou'd be a further allegation of fraud and again this I hoops that would need tobe jumped trough and hues
would need to be fully pleaded in relation to each Claimant. At the moment we do not eee cht ra ainettamna, to ustrate just howe
understand how you say Post Office (as distinct from Fujitsu) was involved this alleged fraud or ‘posse K woul be to perfony sch fet
why Post Office would be complicit in this. Presuimabiy Delite could provi this?
‘AP: Deloitte are providing this but t won't be ready before I
the letter needs to go.
Brut we cheauld Say fo
sasearse.1 Wan eti couplicd wth
ty audy @] dirclo wad
Lo ououre ae ra
tounge to light eubsequesty
Wao AAS AOKD
MID At paragraph 194 you ask whether the Courts have ever been informed about “remote
access issues. To answer thal point would require a review of dozens of prosecutions and civil
cases, which would be disproportionate at this stage.
POL00023434
POL00023434
449.20 in response to paragraph 195, Post Office is aware of Professor McLachlan’s evidence.
‘This evidence was put before a jury and they found that Seema Misra was quilty of theft.
46 34376809, 4
i
i
i
i
i
i
i
i
i
i
i
i
Fi
i
i