WITN11080100
WITN11080100
Witness Name: Jeffrey Kramer
Statement No.: WITN11080100
Dated: 13/08/2024
POST OFFICE HORIZON IT INQUIRY
FIRST WITNESS STATEMENT OF JEFFREY KRAMER
I, Jeffrey Kramer, will say as follows...
INTRODUCTION
1.
lam a former employee of Imperial College London and held the positions of Professor, Head of
Department, Dean (now referred to as Consul) and Senior Dean (Consul)
2. This witness statement is made to assist the Post Office Horizon IT Inquiry (the “Inquiry”) with the
matters set out in the Rule 9 Request dated 20 February 2024 (the “Request”).
BACKGROUND
3. Ihave been asked to provide an account of my instruction by Post Office Limited (“POL”) to
investigate and opine on various matters relating to the Horizon ITSystem.
4. To aid in this task, I produced a Timeline of Events relating to the expert witness consultancy provided
to POL. This is filed in Document WITN11080101.
5. Professional background:
Professor Jeff Kramer, BSc (Eng), MSc, PhD.
FREng, CEng, FACM, FCGI, FIET, FBCS, MAE.
6. 1am an Emeritus Professor of Distributed Computing at Imperial College London. I was Senior Dean
and Member of Council from 2009 to 2012, Dean of the Faculty of Engineering from 2006 to 2009,
Head of the Department of Computing from 1999 to 2004. I have a BEng in Electrical Engineering,
and an MSc and PhD in Computing.
7. Iama Fellow of the Royal Academy of Engineering, a Chartered Engineer, Fellow of the ACM, Fellow
of the City and Guilds of London Institute, Fellow of the IET, Fellow of the BCS, and a Member of
Academia Europaea. I was program co chair of the 21st ICSE (International Conference on Software
Engineering) in Los Angeles in 1999, Chair of the Steering Committee for ICSE from 2000 to 2002,
and general co-chair of ICSE 2010 in Cape Town. I was associate editor and member of the editorial
board of ACM TOSEM from 1995 to 2001 and of IEEE TSE from 2003 to 2005. I was appointed Editor
in Chief of IEEE TSE from January 2006 to December 2009.
Page 1of7
WITN11080100
WITN11080100
8. I was awarded the 2005 ACM SIGSOFT Outstanding Research Award for significant and lasting
research contributions to software engineering. In 20111 was awarded the ACM SIGSOFT
Distinguished Service Award in recognition of his significant and extensive service to the software
engineering community. In February 2021 the Council of Imperial College London conferred on me the
Imperial College Medal in recognition ofmy outstanding contributions to the life and work of Imperial
College. I am currently a Visiting Professor at the National Institute of Informatics (NII) Tokyo, Japan,
and a Distinguished Visiting Professor at the Chinese University of Hong Kong.
9. I have been on over 50 international conference committees in the last 15 years and have given
numerous invited keynote talks at international conferences. I am co-author of books on Concurrency,
Distributed Systems and Computer Networks, and the author of over 250 journal and conference
publications. I have served on numerous national and international committees, advisory panels and
review panels. I have also worked with many industries, including BP, BT, NATS, Fujitsu *, Barclays
Capital, QinetiQ, Kodak, Microsoft and Philips, in research collaboration and/or as a consultant, and
acted as an expert witness for Denton, Hall, Burgin and Warren and for Covington and Burling.
“Dealings with Fujitsu were part of a research project over 20 years before this consultancy, and so
not considered a conflict of interest.
STATEMENT
10. The initial approach was to Imperial Consultants Itd (ICON) by lawyers Cartwright King (CK) on behalf
of the POL in September 2013. ICON contacted Dr. Dulay and myself as experts in the field. As
indicated by the Draft version of Scope of Work POL00040040 the aim was essentially to perform a
thorough investigation of the Horizon Online system and to “‘lay to rest the present concems relating
to the integrity of Horizon Online”.
1
a
. A Phased Approach:
As indicated in the timeline, WITN11080101, there were a number of discussions with Cartwright King
(CK) and POL (with Fujitsu apparently consulted)leading to a suggested two phase approach in
January 2014. Phase 1 was to focus on the so-called ‘Horizon Core Audit process (HCAPY that
comprises a number of elements including the central audit database, Horizon branch databases,
terminals at counters, plus transactions conducted with external sytems. This was to be the basis of
a detailed report on the rest of the system with an overall assessment of system integrity. This
proposal was apparently later (March 2014) reformulated by PO lawyers Bond Dickenson (Andrew
Pheasant) requesting an ‘initial review’ into Horizon to scope the work. The formal agreement
(POL00210444) was eventually signed in April 2014.
12. Although not explicit, the impression for reformulating and separating the work into the revised phases
(‘the Initial Review”, “the Proposal” and the potential for a future “final scope of work” was because of
a reluctance to commit to the expense of the complete investigation without having some indication of
our expertise and approach. Phase 1 would provide a more informed view of what would be required
in Phase 2 to achieve the goals of the investigation.
13. Phase 1 - The Initial Review (POLO0125569):
Page 2 of 7
WITN11080100
WITN11080100
As indicated in the timeline, WITN11080101, prior to the preparation and completion of the Initial
Review, a meeting was held at POL headquarters in May 2014 with Martin Smith (CK) and Andy Holt
(POL IT). At the meeting, issues discussed included the Second Sight (SS) report, Mediation Scheme,
audit trails, integrity, reliability, and case studies, with the intention to focus on technical system and
procedural aspects. Concerns raised at the time included central vs local data base reconciliation and
integrity. A ‘shopping list’ of requested documentation was produced and sent to Martin Smith
[WITN11080103 and POL00204789].
14. As far as I recollect, the documentation we received whilst preparing the Initial Review consisted of
some high level Fujitsu documentation (which forms some of the complete documentation received
and listed in POLO0318212), draft Instructions to Expert, the Second Sight (SS) interim report into
alleged problems with the Horizon System, and the Draft Scope for Computer Experts (see
WITN11080102).
15. Our review stated: “Can such complex systems (as Horizon) ever be determined to operate “without
defect or error, securely, robustly and with integrity”? This is simply not possible. No complex system
can be certified as bug (defect) free.” We had therefore suggested as follows: “How then should an
investigation into the integrity of Horizon proceed? The aim should be to provide a report on the extent
to which the system is fit for purpose, supports integrity and robustness, and facilitates maintenace
and upgrade.
We then indicated how we intended to go about this in Phase 2 of the project, the necessary
organisation and steps required, and an indication of the documentation required.
16. As I recall, the impression was that the Phase 1 Initial Review was accepted. At aroundtable meeting on
19" August 2014 at POL HK we discussed our Phase 2 proposal which was roughly articulated by POL
as “Can we argue that Horizon is fundamentally sound”.
17. Phase 2 - The Proposed Workplan:
The work commissioned thereafter was essentially the Phase 2 work we had described. This was to
include branch counter training/systems familiarization, meetings with Fujitsu to gain a greater
understanding of the architecture and workings of the Horizon Online system and complete access to
system documentation as required. This was to include the potential to run tests and explore case
studies, with particular interest on the auditing system. As far as we understood, the Phase 2 work
plan would meet the objectives of POL.
18. Phase 2- Meetings at POL HK and Fujitsu:
As indicated in the timeline, WITN11080101, a branch counter training session/systems familiarisation
session was held at POLHK on 22" September 2014, and meetings were held at Fujitsu in Bracknell
on 15" October and 27" November 2014.
19. The training session provided us with good insight into the task of Branch Managers and the system,
Page 3 of 7
20.
21.
22.
23.
24.
WITN11080100
WITN11080100
indicating that Horizon Online appeared to provide the required functionality but with the following
potential issues: Was there sufficient training for subbranch managers; the interface appeared to us
adequate but rather clumsy and prone to errors of use; possible interference between terminals; the
need to distinguish mistakes (forgetting end of transaction, merging two, ...) versus evidence of fraud;
and when discrepancies occur, it there appeared to be little or no guidance at training on how to
resolve these.
At the meetings at Fujitsu, presentations and discussions were on the following topics, with some
topics remaining to be clarified and further details to be provided
* High level design/architecture, change and support processes, audit system,
processes and standards.
¢ — Basket of actions; completion of basket to central system; reversal if fails.
* — Audit requests from PO if fraud suspected.
«Review of counter software; basket scenarios; reversals and recovery; SS bugs and bug
handling; update scenarios; testing and maintenance; some dispute cases.
* Some issues raised concerned recovery flag set when not completed, even though
receipt issued?
* Recovery process varies depending on service to bring system into consistency ( area of
concern with PO branch managers).
¢ — Audit trail consistency and reversals?
« Recovery?
Phase 2 — Documentation:
As indicated in the timeline, WITN11080101, there was initially some reluctance by Fujitsu (James
Davidson) to provide us with all requested documentation (see meeting of 15 ® October) though we
were subsequently reassured by Andy Holt of POLthat this would be forthcoming. Some Horizon
Architecture documentation was sent by James Davidson of Fujitsu to us in November. At the meeting
in November at Fujitsu, James indicated that he had the intention to set up some form of secure file
sharing facility for the documentation. However, this was never done, and we never obtained
satisfactory access to the required documentation.
Phase 2 - Views and Opinions:
No written views or opinions on the integrity of the Horizon Online IT were produced by us. However, at
meetings our views were expressed in our discussions which raised questions and issues and requests
for further documentation. Some of these that I recall are mentioned above in the meetingsection 20.
Phase 2 -— Dissatisfaction and Independence:
To the best of my knowledge and recall, at no point did POL, CK, Fujitsu or their representatives express
any dissatisfaction with our work or our views.
Other than the seeming reluctance to provide us with the requested documentation, our
independence was never challenged.
Page 4 of 7
25
26.
27.
28.
29.
WITN11080100
WITN11080100
. Phase 2 - Project termination:
After a frustrating period (November 2014 to July 2015— see timeline WITN11080101) during which no
progress was made while we awaited access to further documentation and for continued discussions
with Fujitsu, a meeting with POL was arranged for 29" July 2015 at POL HK. We were asked to indicate
the list of documents to which we had been given access [ref POL00318212 and POL00318159]. The
email message from Martin Smith to POL [ref POL00318211] seems to confirm the POL intention to
continue with Phase 2 of the project, though the email of Rodric Williams [ref PL00318159] does
indicate some irritation on the part of the POL lawyers with the lack of further progress.
At this meeting we verbally summarizedthe state of the work and gave a preliminary view that we
were not yet in a position to indicate whether or not the Horizon system was robust and sound, nor
whether or not problems had been properly dealt with. We stated that, after such a long break, we
needed to refresh our familiarisation with the system; that we only had some of the documentation
required and that we still needed convenient access to a documentation “vault” with the rest of the
documentation in order to continue .
A decision was made (or appeared to have been made) to continue with Phase 2. We were
subsequently informed by Martin Smith (CK) that he thought the meeting was constructive and
understood that the POL were considering the issues raised.
No further feedback or response from POL was ever received.
Final Comments:
It remains unclear to me exactly ..
14. why we were never given full access to the documentation ;
2. why a shared file system (“vault”) was never set up ;
3. why the hiatus for the first half of 2015;
4. why in June 2015 POL seemed keen to meet, and yet after what appeared to be a
constructive meeting on the 29" July 2015 at which it appeared that they wanted to continue
with Phase 2 of the project, no further communication or interaction took place.
I have my suspicions but do not know for sure.The Non-Disclosure agreement with the POL
(WITN11080104) was never signed by the POL.
Page 5 of 7
WITN11080100
WITN11080100
Statement of Truth
I believe the content of this statement to be true.
Signed:
Dated: 13" August 2024
Page 6 of 7
Index to First Witness Statement of Jeffrey Kramer
WITN11080100
WITN11080100
No. URN Document Description Control Number
1 WITN11080101 Timeline of Post Office Ltd engagement with WITN11080101
Imperial College London
3 POL00210444 Agreement to appoint expert POL-BSFF-0048507
4 POL00125569 Initial Review: Proposal for investigation into the
integrity of the Post Office Horizon Online POL-0130687
accounting system
5 WITN11080102 draft Instructions — IC Consultants Ltd. (9° May WITN11080102
2014)
6 POL00204789 Email from Paul Cray to Martin Smith and others re
Document List for Post Office Horizon Expert POL-BSFF-0042852
Witness Engagement
7 WITN11080103 ‘shopping list’ of documentation and information WITN11080103
requested (16thMay 2014)
8 POL00318212 List of Fujitsu documentation received POL-BSFF-0156262
9 POL00318159 Email from Jessica Madron to Rodric Williams re:
Meeting with experts on 14th July POL-BSFF-0156209
10 POL00318211 Email from Martin Smith to Rodric Williams,
Jessica Madron, Simon Clarke and other RE: POL-BSFF-0156261
Meeting with the Experts on 29th July 2015 at 11
a.m.
41 POL00318159 Email from Jessica Madron to Rodric Williams re:
Meeting with experts on 14th July POL-BSFF-0156209
12 WITN11080104 Non-Disclosure Agreement: Post Office Ltd and
Professor Kramer
WITN11080104
Page 7 of 7