scte long read
At corporate level however, that kind of view is at best irrelevant and at worst completely wrong. James Christie, an IT security manager and auditor is as passionate about ensuring the victims see justice as Nick Wallis and has written a powerful and scathing blog on the subject. In his introduction he says, “It’s very rare for an internal accounting system to attract massive publicity, but this has been a special case. Many lives have been ruined by a mixture of bad software and truly dreadful management.” Equally as passionate about ensuring the victims see justice, as an IT auditor and Information Security Manager with 20 years’ experience in blue-chip organisations, James rejected the notion that the Horizon debacle could be put down to the ‘wild west nature’ of the IT landscape at the time. “No, that isn’t right. Fujitsu and the Post Office were doing things that more mature corporations had stamped out maybe 10 years previously. Both corporations were deeply irresponsible, doing things that would have cost me my job working for IBM on large, outsourced contracts at that time. There was a general slackness in the management of IT that was unacceptable given the size of these organisations.” It seems surprising that chancers only appeared at contractor level; surely that attitude prevailed further up the ladder? “I think the line that people from the Post Office and Fujitsu are wanting to put out is that this happened a long time ago and people didn’t really know better then,” James answered. “I’ve seen it being argued, and that’s not so because even 20 years ago it was quite clear that the things they were doing were wrong. He went on, “ When I was an Information Security Manager working with Nokia, there was a €30,000 a week penalty if I didn’t ensure there was a proper control regime for powerful user accounts. Between the Post Office and Fujitsu, 19 years on, they’ve still not got these things sorted out. 19 years, that’s more than many people’s career in IT. They were never going to get it sorted out.” There is of course usually the beleaguered taxpayer in between, too often unaware where increasing and eye-watering amounts of their money is being wasted. The NAO have kept grim track of every one of these disasters and offered a
stored on site and uploaded at the end of each working day by ISDN to a series of back-end servers. After 2010 Horizon Online was brought in which provided real-time ADSL connectivity to the back end. Reconciliation issues were common as a result. “If you have electricity suppliers, banks, various other systems bolted onto the back end, well you can imagine the damage that got done. Bureau de change was a nightmare at first.” Horizon still exists today; it has limped on through various upgrades and revisions.
Nick added, “I have some sympathy with Fujitsu as out of the original 366 criteria for the project; 323 were changed by the government over the course of the tender process alone. However, both the government and Fujitsu massively underestimated the complexity of automating 20,000 post offices, to the extent that within months of signing the contract they had to renegotiate the terms as they just couldn’t do it.” From the start the process was besieged with problems, not least because the government opted for the cheapest provider, not the best. The management structure and culture of the Post Office meant that money could go to waste without question and decisions made at a senior level unchallenged. The officer- class nature of senior management within the Post Office and the dim view they took of their parochial Subpostmasters up and down the country added very much to an us-and-them dynamic. This impeded the chances of Subpostmasters at trial, who were considered guilty, and it was very much up to them to prove their innocence. The nature of Horizon backed that approach up; the deficits appeared while the Subpostmasters were at work, so it was nobody’s fault but theirs. The Horizon IT system was built on a Windows NT operating system on a PC using a database software program called Riposte. Even at the time, Nick says, it wasn’t written properly. Matters were not helped by Microsoft, who stopped providing support for NT a few years into Horizon’s existence. One can only guess at the security given such a shaky start. Nick went on, “Then it all went really wrong, and the Benefits Agency and the Post Office served a notice of non- compliance to Fujitsu, who rejected it. The Benefits Agency walked away, leaving the Post Office to deal with it.” A slew of financial incentives and contract revisions later, Fujitsu had benefitted handsomely in order to make the project work and in 2000 a report by the NAO (National Audit Office) estimated that £500m of public money had been wasted on the project before it had even been rolled out. Connectivity Issues Contract revisions aside, how much was actually wrong with the software and the connection? At the time Internet connections were via modem, if at all. Nick explained. “Initially – between 2000-2010 most of the transactions were
Given what the Post Office has experienced since, and the other
digitisation projects that the government has poorly executed one might imagine the appetite to have another crack at it - with new software, across all these lines of businesses, with all these retail outlets nationwide and the potential for bad publicity - is low.
The Landscape
With the benefit of hindsight it is perhaps too easy to assume that the lack of oversight, regulation, best practice, independent scrutiny were symptoms of a broader ‘wild west’ period in history where technology is concerned. After all, the mid 90s were when most of us will have sent an email for the first time; the Internet was powered by forgotten browsers Netscape and Lycos, and we didn’t really know what the Internet was for anyway. Friends Reunited and MySpace were still light years away. Hotmail – the preposterous idea that you could send an email from your own address regardless of your location – blew your writer’s mind, so much so that I stuffed airmail envelopes into my backpack ahead of a round the world trip in 1999, so dubious was I at the viability of the world wide web. Certainly as far as contractors are concerned there were, as Nick Wallis confirms, “plenty of chancers talking themselves into jobs they weren’t qualified to do. Coders, testers, systems and network engineers were all in demand, alongside the usual project managers, sales and marketing people. There were also plenty of middle-ranking execs with little understanding of what the young Turks in their charge were up to but had learned just about enough to bluff their way through.”