POL00243366
POL00243366
Confidential and subject to litigation privilege
Rider: Remote Access
Section 5(B) — Response to the factual allegation that Horizon does not record transaction
accurately and /or that Post Office has been manipulating Horizon data.
1.1 The Letter of Claim makes a number of imprecise references to the idea that Horizon does not
accurately record branch transactions and / or that Post Office has edited branch transaction
data so to make it inaccurate.' We repeat our above points about the need for your clients to
provide proper particulars of allegations if they are to be maintained.
1.2 There are a number of controls and processes in place to protect the integrity of data within
Horizon. These include:
1.2.1 Each basket of transactions must balance to zero (ie. the value of goods and services
vended much match the payments made / taken from the customer) otherwise the
basket will not be accepted by the counter terminal in branch. This ensures that only
complete baskets are recorded.
1.2.2 Counter transactions are committed atomically (ie. a transaction is either successful in
its entirety or it is not successful at all).
1.2.3 A unique Journal Sequence Number is applied to “digitally sign” every counter
transaction. This allows missing or duplicate transactions to be detected and
remedied.
1.2.4 A master record of transaction data is stored in a central "audit store" which has
controls to ensure the permanency of data and a data retrieval process which
validates data integrity.
1.3 The majority of transactions that make up the branch accounts are generated in branch. There
are however four ways in which Post Office (or Fujitsu on Post Office's instruction) can influence
those accounts:
1.3.1 Transactions originating at Post Office. A number of "transactions" are generated
by Post Office and sent to branches, namely transaction corrections, transaction
acknowledgements and remittances of cash / stock into a branch.? A key feature of
these transactions is that they must be approved in branch (by the postmaster or his
assistants) before they form part of the branch accounts.
1.3.2 Global Users. Global Users are setup by default on Horizon in every branch. These
are user accounts for Post Office staff to use when undertaking activity in a branch,
such as training or audits. It is possible for these Global Users to conduct transactions
within a branch's accounts. However, this access is only possible if the user is
physically in the branch using a local terminal and the transactions are recorded
against the Global User ID.°
1.3.3 Balancing transactions. Fujitsu (not Post Office) has the capability to inject a new
"transaction" into a branch's accounts. This is called a balancing transaction.* The
balancing transaction was principally designed to allow errors caused by a technical
‘ Add XREFs TO LOC
? See paragraph 7.16 onward in Second Sight's Part One Report for a more detailed explanation of
these processes.
° Strictly speaking, the Global User ID should be used to generate a new unique ID for the Post Office
staff member and the new ID would then be used for training, audits, etc.
4 The use of balancing transactions was explained to Second Sight and is referenced in its Part Two
4A_33442637_1 1
POL00243366
POL00243366
issue in Horizon to be corrected: an accounting or operational error would typically be
corrected by way of a transaction correction. A balancing transaction can add a
transaction to the branch's accounts but it cannot edit or delete other data in those
accounts. Balancing transactions only exist within Horizon Online (not the old version
of Horizon) and so have only been in use since around 2010.° Their use is logged
within the system and is extremely rare. As far as Post Office is currently aware a
balancing transaction has only been used once’ to correct a single branch's accounts
(not being a branch operated by one of the Claimants).”
1.3.4 Access to databases. There are a small number of persons at Fujitsu (not Post
Office) who have special permissions to access and edit, within strict controls, the
databases and servers that sit behind Horizon. Use of these permissions is logged
and so there would be an audit trail of any activity undertaken using these
permissions. Enquiries are continuing as to whether this access could be used to
affect a branch's accounts but we currently understand that, if this is possible, it would
be a difficult and time consuming process. In any event, given the above methods
open to Post Office to deal with errors in a branch's accounts, the use of this access to
amend a branch's accounts would also be extremely rare — indeed, Post Office is
making enquiries as to whether it has ever happened.
14 During the Scheme, it was alleged that Post Office had the ability to "remotely access" Horizon
in order to conduct transactions. This allegation is understood to mean that a Post Office (or
Fujitsu) employee could log on to a terminal in a branch from a different location outside the
branch and conduct (or edit or delete) customer transactions. To be clear: this is not possible.
1.5 Ultimately, no postmaster going through the Scheme was able to point to a particular transaction
that they believed had been created, edited or deleted by Post Office without their consent.
Moreover, you have presented no evidence that misuse of any of the above processes by Post
Office was the cause of any shortfall in any Claimant's branch.
1.6 Post Office maintains that the combination of technical controls in Horizon and operational
controls at Post Office and in branch (including the need for postmasters to diligently monitor
their branch accounts, cash and stock as described in Schedule X) provides satisfactory
assurance that Horizon does accurately record the transactions input by the Claimants (or their
assistants).
Paragraph 8.5 — Response to the allegation that Post Office concealed its remote access
capabilities and that therefore the limitation deadline should be extended
Amendments to original letter shown in yellow
1.1 Atno point didIPost Office conceal facts relevant to the Claimants’ causes of action in relation,
any of the matters referred to in paragraph 127 of the Letter of Claim. You assert four ways in
which Post Office allegedly concealed matters:
Report at paragraph 14.16.
° Post Office is making enquiries as to whether something akin to a balancing transaction existed in
Horizon before the upgrade in 2010.
® This was in relation to one of the branches affected by the "Payments Mismatch" error described in
Schedule 6.
7 Several hundred other balancing transactions have been used but not in a manner that would affect
branch accounting. These were generally used to "unlock" a Stock Unit within a branch.
4A_33442637_1 2
POL00243366
POL00243366
1.1.1 You say that Post Office's investigators disregarded problems with Horizon — a point
we have addressed above. We cannot see how ignoring an issue amounts to a
deliberate act of concealing information from your clients. By ignoring an issue as
you suggest, Post Office would not have had the information in the first place in order
to subsequently conceal it.
1.1.2 You Say that helpline operators persistently said to postmasters that "they were the
only one". No evidence has been advanced which shows that this statement was ever
made, still less in relation to issues that were known by the relevant operators to be
recurring. The idea that there was some form of conspiracy orchestrated by Post
Office to make all its helpline operators lie to postmasters using these exact words to
hide known problems is ridiculous.
1.1.3 You say that Post Office has acted obstructively in refusing to disclose certain
information. We have addressed Second Sight's particular requests for documents in
Schedule 4, which shows these requests were minor in the wider context. Against a
background where Post Office has handed over hundreds of thousands of documents.
to third parties, including Second Sight and the CCRC, it is not sustainable to suggest
that Post Office has operated a system of mass suppression of documents. In any
event, we note Second Sight's views at the end of the Part Two Report:
"...we wish to place on record our appreciation for the hard work and
professionalism of Post Office’s in-house team of investigators, working for
Angela Van Den Bogerd, Post Office’s Head of Partnerships.
Our work would have been much harder and taken much longer without the high quality work carried out
by this team. We have also received excellent support from the administrative team set up by Post
Office to support the Working Group." ®
These comments make clear that Post Office has been anything but obstructive.
® Paragraphs 26.5 and 26.6
° Add XREF to Remote Access section
*
4A_33442637_1 3