POL00363956
POL00363956
Claim Nos. HQ16X01238, HQ17X02637 & HQ17X04248
IN THE HIGH COURT OF JUSTICE
QUEEN’S BENCH DIVISIO:
The Post Office Group Litigation
MR JUSTICE FRASER
BETWEEN:
ALAN BATES & OTHERS
Claimants
— and —
POST OFFICE LIMITED
Defendant
TORSTEIN OLAV GODESETH WS 1 - PARAS REQURING CORRECTION
INTRODUCTION
1. This note sets out paragraphs that TG needs to correct and/or consider in light of
Coyne 2 and the supplemental witness evidence. This note should be read in
conjunction with the note sent on 18 February 2019 at 13.44 regarding further
information/evidence required from TG.
2. All references to paragraph numbers are to TG’s first witness statement.
3. TG should state the correct fact, when he got a fact wrong why was that information
incorrect the first time and where it is correct consider adding additional information to
support his assertion/caveat any assertion made.
PARAGRAPHS
Post Office Remote Access
4. 47 — Consider the definition given to “access”. In particular, limiting access to “read
only”.
POL00363956
POL00363956
5. 49 — Consider whether this statement is correct (namely that it is not possible for PO
employees to insert or inject new transaction data into Horizon, or edit or delete
transaction data stored in Horizon).
6. 50 — Consider amending nature of assertion in light of Coyne 2 and supplemental
evidence. This paragraph is limited to paragraph 10.2(i) of the Claimants’
provisional/outline document in relation to the Horizon Issues dated 17 August 2018.
7. 51 — Consider assertion that “/t/ransaction data or other data in branch accounts
cannot be inserted, injected, edited or deleted by someone logged into a global
branch but not physically present in a branch.”
8. 52 Are there other branch codes? See for example Coyne 2 para 4.21 in relation to
999993.
9. 53 to 54 — Are these limitations still correct? Can these users do more than is set out at
these paragraphs. See for example Coyne 2 comments 4.19 to 4.20.
10. 55 — Is it still correct to state that the user would have to be physically present in
branch?
Fujitsu Remote Access
11. 57 — It is correct that Fujitsu could not edit or delete transaction data (in addition to
matters set out in WS).
a. What about additional tools (beyond BT tool)?
b. Or possibly using SQL scripts or manual SQL as a workaround where there is
no tool?
c. What about statement that he is not aware of Fujitsu staff editing or deleting
transaction data (bar one example already set out in WS).
12. 58 — Paragraph 58 gives the impression that “remote access” is limited to the example
of BTs and the SSC users.
a. Aside from SSC (30) who else could use BT tool? (See Coyne 2 paragraph
5.471 to 5.472 is it really only these 307).
b. Do SSC (30) overlap at all with the 45 or so privileged users?
POL00363956
POL00363956
c. Correction needed in light of any other tools available, possibility to use SQL
and/or privileged user access.
d. Further paragraph 58.5 — has there only been one use (of this tool or any other
tool (not just the BTs tool) /use of SQL) (see Coyne 2 paragraph 5.408(a) and
5.438).
e. What about the equivalent transactions in Legacy Horizon — how often did
these happen and were these always identifiable in transactions logs as such?
f. At paragraph 58.10 — is it true that the method of inserting at the
correspondence server was always used — if so how do we know this is true/if
it is not the case that this method was always used explain the practical
implications of this/why this is not true (see Coyne 2 4.83(b)).
g. Would the audit records record the insertion as suggested by TG? See Coyne 2
paragraphs 5.433 to 5.438).
Privileged Users
13. 59 — Including:
a. Is the number of users limited to 19 and 26 as stated?
b. Is it true that there are no policies in place?
c. Is it true that this has never been used?
d. Is it true that any edit/change would be flagged?
14. 61 —Is it true that there are no other ways that Fujitsu could edit/amend data?
a. What about other tools (both in Online and Legacy)?
b. SQL, both scripts and manual?
c. Did users with privileged access really never change branch transaction data
and if so, what is the basis for knowing that users have never had to edit/delete
transaction data?