Death by Dirty Data: 4 dead, hundreds imprisoned
How a postal system destroyed thousands of lives
Perfecting Equilibrium Volume Two, Issue 62
Take a little walk to the edge of town
Go across the tracks
Where the viaduct looms,
Like a bird of doom
As it shifts and cracks
Where secrets lie in the border fires, in the humming wires
Hey man, you know you’re never coming back
Past this square, past the bridge, past the mills, past the stacks
On a gathering storm comes a tall handsome man
In a dusty black coat with a red right hand
The Sunday Reader, Jan 21, 2024
At least four suicides. Hundreds of centuries-old family businesses bankrupted. Communities torn apart. More than 700 innocent people convicted of serious crimes: fraud. Embezzlement. Theft.
Except the crimes were imaginary; they only existed in the twisted memory of a bug-ridden computer system.
Dirty data sounds like one of those late-night TV diseases where some D-list star you don’t remember tells you of the heartbreak of some disease you never heard of...and then, of course, offers to sell you the cure. Alas, no: Corrupt data is all too real, and it’s everywhere.
If these people were guilty of a crime, it’s a crime every one of us commits daily. What do you do when an app or web page doesn’t respond immediately? You click it again, right?
Way to be a criminal.
This is the story of the British Post Office Horizon scandal. But it’s also the story of how human nature ensures that computer data will always be dirty. It’s the story of how programmers knew there were bugs in the system, but delivered it on time anyway. It’s the story of how government officials broke businesses, destroyed people’s lives, imprisoned some, drove some to suicide, and kept at it for a decade after finding out it was all a lie.
Most of all, this is a story of how data is corrupt because institutions instinctively drive ahead toward long-term goals rather than admit things are so broken that they need to start over. Because when the British Post Office realized how bug-ridden its Horizon accounting system was, it didn’t stop to fix the broken system. Instead it kept prosecuting subpostmasters for fraud and theft over those false accounting discrepancies…and offering reduced sentences in exchange for agreements to never, ever say there was something wrong with Horizon.
British subpostmasters are independent businesses; the closest American equivalent is a franchise. Some of these subpostmaster businesses have been held by a family for centuries in those quaint British villages we all enjoy watching on those cute BBC shows. Some of these villages are small enough that the banks have left, leaving the subpostmasters the only outlet offering financial services, as well as postal.
The agreements subpostmasters sign make them personally liable for any shortfalls or accounting discrepancies. And those discrepancies began piling up as soon as Horizon came online in 1999.
Here’s how Horizon corrupted the data. The Dalmellington Bug is named after the village in Scotland where it was first found. People all over the world click and hit enter repeatedly when their screens freeze or seem unresponsive; you do, too. Admit it! (So do I!) The Horizon screen would often freeze when subpostmasters were entering cash. But while the screen was frozen, the keyboard was not, and the system would duplicate the transaction every time the button was pressed.
So if you were entering a customer’s transaction for $15.81, hit enter, then impatiently hit it three more times while the screen stalled, Horizon would record four transactions for a total of $63.24.
And you’d be on the hook for the $47.43 difference.
Now repeat that several times a day, every day, for months and months, and the discrepancies are enormous. In Dalmellington, the bug ran up a discrepancy of 24,000 British Pounds, or about $30,000.
The worst part about this is that it is one of the bugs every programmer is taught to prevent. What are the chances that one Barnaby Jones Jr. made four identical transactions for $15.81 in 15 or 20 seconds? Flagging duplicate transactions is Bug Squashing 101.
Flagging duplicate transactions would have also caught the Callendar Square bug, where a database bug created new duplicate transactions when the user was trying to update an existing one. If anyone was working at 7 pm when the daily account summary ran in the background, the Callendar Square bug occurred and gave the wrong totals for the day.
These are all rudimentary bugs that should be caught by even the most basic quality control. And, indeed, Fujitsu engineers have now testified that by 1998 developers had identified significant problems. When the Post Office ran Horizon trials in 1999, it found severe difficulties. By 2001, developers had found hundreds of bugs; there are so many Horizon bugs that a full list has never been released, despite a decade of lawsuits and investigations.
In total, Fujitsu found that as many as one-third of all Horizon transactions were duplicates.
One third. But no one knows exactly.
What we do know is that between 1999 and 2015 the Post Office prosecuted (the British Post Office has the power to prosecute directly) around 3,500 subpostmasters for theft, fraud and false accounting based on Horizon’s dirty data.
And Post Office officials were celebrated for it. Post Office Chief Executive Officer Paula Vennells was given the Order of the British Empire – what we would call a knighthood – for her leadership of the organization. Defending Horizon was part of the basis for bonuses for postal executives.
So how did we learn all this?
The subpostmasters banded together, and struck back. In 2019 they won a court case overturning their convictions and putting the fault for the accounting errors on Horizon. The Post Office appealed, of course, and lost in 2021.
Yay! And then…
Nothing happened.
Or almost nothing. By the end of 2023 just 93 convictions had been overturned.
Then came New Year’s Day, and Mr Bates vs The Post Office, a four-part series aired on ITV January 1-4, watched by 9.2 million on the holiday and climbing each night to 10.31 million viewers for Part 4. The outrage was immediate, and overwhelming. More than 1.2 million people have already signed a petition demanding the government take back Vennells’ OBE; she has announced she is returning it, even though…neither of those is how it works.
Parliament and the Prime Minister have weighed in; legislation is being rushed through overturning all the convictions and recompensing those thousands of subpostmasters. The Horizon scandal is being called the biggest miscarriage of justice in British history.
So! Those crazy Brits! Anyway, all’s well that ends well, right?
Alas, no.
Fujitsu has still been handing Horizon data over to authorities for prosecutions of subpostmasters even after the system was declared at fault in court. And Fujitsu is still getting paid; the Post Office extended the Horizon contract through 2025 for an additional 95 million British Pounds.
And the government continues to give Fujitsu contracts, but only for stuff like the Ministry of Defense, His Majesty’s Revenue & Customs – the British IRS – and the Home Office. So nothing important.
To date, no one at the Post Office has been disciplined or fired.
And that’s the real reason we are talking about the Horizon scandal. It’s the perfect example of how giant tech projects become freight trains that are impossible to slow down, never mind stop. So they drive on, bugs and all, leaving a trail of corrupt data spewed out in their wake.
From a tech point of view, Fujitsu’s real crime was not catching stupidly simple bugs. Flagging duplicate records, again, is quality control 101. It’s such basic technology that for a few bucks you can buy utilities like EasyDuplicateFinder to clean up duplicate photos and files from your hard drive. (Full Feola Disclosure: I don’t get a commission; I do use and recommend it.)
Let’s say you are fortunate to be working on a system that had decent quality control, and they caught the easy bugs like duplicate records. That still leaves the much more difficult to find bugs.
Say, for example, the system has a bug that increments a record, instead of duplicating it. It’s child’s play to flag duplicate transactions when the system shows Barnaby Jones Jr. made four identical transactions for $15.81 in 15 or 20 seconds. But if instead the system incremented the original record and then showed one transaction for $63.24, how would you find that? There’s no obvious reason to suspect Barnaby Jones making one transaction for $63.24. The only way to catch it is if the original user notices the discrepancy; that the system shows a different number than the one they entered.
And, chances are, they are more likely to suspect their memory than the system.
At the end of the day, all data is dirty. Horizon Postal Data, as discussed. But every development project suffers from the same pressures that corrupted Horizon. Defense data. Hospital data. Air traffic data.
Your data.
Next on Perfecting Equilibrium
Tuesday January 23rd - The PE Vlog: We’re taking a couple of weeks developing marketing graphics for Feola Factory as an exercise to understand how and when AI tools are useful. This week we’re Photoshopping the steampunk camera we built in Adobe Firefly. Third in a series.
Thursday January 25th - The PE Digest: The Week in Review and Easter Egg roundup
Friday January 26th - Foto.Feola.Friday
I note that Fujitsu programming software was and may still be labeled "FACOM" after their line of IBM System 360 clones. Pronounced "fake'm." It all ties together. I tested FACOM BASIC sometime in the 1980s.