There are huge risks in trusting computer systems to be always right – an illogical position currently backed up by UK law. If we are to avoid future scandals such as the Post Office vs the sub-postmasters, there must be fundamental technology and regulatory change – or employees and franchisees will continue to be at risk. The concept of the ‘golden thread’ of digital information now being introduced in legislation offers a route forward, writes Nish Kotecha.
On 28 January business secretary Kemi Badenoch revealed publicly that she had asked the Post Office chair, Henry Staunton – who had been in his role for just over a year – to resign in the wake of public outcry over the wrongful convictions of hundreds of sub-postmasters. Badenoch – herself no stranger to computing controversy after admitting hacking the website of Labour politician Harriet Harman back when she used to work in IT – claimed that Staunton could not continue in the role because the Post Office needed a change of culture and governance.
Post Office scandal
“I felt there was a need for new leadership, and we have parted ways with mutual consent,” she said. Some may argue that this was a case of closing the stable door long after the horse had bolted given that the key facts of the huge miscarriage of justice had been established by the High Court three years before Staunton was even appointed.
The Post Office story after all began back in the late 1990s and is constantly evolving, as the public inquiry into the saga rumbles on with its daily findings of coverups, redactions, lies and hardship.
At the heart of the David vs Goliath scandal is a computer system called Horizon developed by ICL in the 1990s, before the British firm was absorbed fully into Fujitsu and the law regarding evidence from computer systems. Since 1997, the position in law regarding computer evidence has been: “In the absence of evidence to the contrary, the courts will presume that mechanical instruments [including computers] were in order at the material time”.
This replaced section 69 of the Police and Criminal Evidence Act 1984, which had required the prosecution to prove that a computer was operating properly at the relevant time before a document produced by such a computer could be admitted as evidence. But this requirement had been found to be burdensome and inconvenient as computer use took off in the 1980s.
As a result, since 1997, computers have been presumed to be operating correctly, unless there is evidence to the contrary.
This law change has contributed to creating the Post Office Horizon scandal.
By 2015 it had been established, thanks to whistleblowers employed by Fujitsu, that contrary to the claims of the Post Office not only did Horizon have glitches but it was possible for employees of Fujitsu and the Post Office to alter accounts remotely – something that had always been strenuously denied. Recent inquiry hearings have underlined this finding.
But what are the dangers of the 1997 law for “employees” in other businesses? Franchise models often require the franchisee to commit to buy supplies from the franchisor and use the franchisor’s IT system. Franchisees appear to be at the mercy of systems “imposed on them from head office”, as per Fujitsu’s Horizon system in the Post Office.
The implications are far-reaching. If a sub-contractor to a government entity can manipulate accounts remotely then what’s to stop a franchise business doing the same? Many high street food brands, gym operators and so on use the franchisee model. McDonald’s alone, for example, employs about 120,000 people in the UK. Overall, there are about 300,000 people employed under the franchise model in the UK.
HR teams of the franchisor are responsible for leave requests, paid sick leave, employee classification into workers and self-employed, reasonable adjustments, overtime requirements, the tracking of working hours, recruitment, background checks etc.
The Post Office Horizon scandal has shone a light on this model and it could be argued franchisees are at the mercy of systems imposed from head office in the same way as sub-postmasters are Fujitsu’s Horizon system in the Post Office.
The Post Office debacle has showed us that we need safeguards. Today, we have a technology safeguard: blockchain – a technology that the vast majority of franchise owners are yet to implement.
A single source of truth
Blockchain is the technology behind a distributed network of computers that can be used to store data securely but which, uniquely, has a single memory – a single source of truth. That means data cannot be freely copied and edited to create an alternative version of the truth, which is why blockchain technologists refer to it as the “trust platform”. If the Horizon system was created on a blockchain database the wrongful accusations may never have been made. Although humans could still lie of course.
Blockchain creates transparency and tamper-proof accountability by recording all steps in a process. A blockchain network could have been created between the lock terminals at the individual post offices and the head office ensuring that no change could be authorised by any individual without the other in agreement and, once approved the digital footprint would be forever stored. Blockchain has been available as a tamper proof database since 2008, albeit it has become a lot easier to integrate and use with legacy systems in recent years. The question arises as to why you would not use a tamper proof database in such implementations? Answer: if you felt the need to have the ability to change records without the other person knowing or approving.
There is precedent here: the Building Safety Act 2022. One of the key obligations under the Act is to create and maintain a golden thread of information throughout the lifecycle of the building. This includes up-to-date safety information about the building which must be captured and maintained digitally for the lifecycle of the building. The government has acknowledged the need for ‘single source of truth’ (Golden Threat Principle no 4) by bringing all information together in a single place and record changes in full. The only technology that can do this is blockchain.
Surely such technology should become a regulatory requirement. Only then can we be confident of technological protection from such David vs Goliath scandals as Post Office Horizon.
Latest HR job opportunities on Personnel Today