Post Office scandal exposes flaws in computer evidence law

The first volume of the final report of the Post Office Horizon IT Inquiry published in July highlights the human impact of the misuse of computer evidence. Following, the Government’s recent consultation on the Use of Evidence Generated by Software in Criminal Proceedings, urgent reform is needed to the existing law on the use of software in criminal proceedings . This necessity is supported by revelations in August of the cover-up of an IT bug within the HM Court & Tribunals Service that caused evidence to be lost, overwritten or appear lost.

Currently a common law rebuttable presumption exists that evidence produced by computers is reliable unless proven otherwise and it is clear that the presumption has always been questionable, being based on incorrect conclusions by the Law Commission in its report Evidence in Criminal Proceedings: Hearsay and Related Topics in 1997. These unsound recommendations lead to the repeal of the then section 69 Police and Criminal Evidence Act 1984 with no replacement, ignoring the advice of experts and relying on “misunderstood or misrepresented” sources. Section 69 provided the opposite of current law by stating that statements in documents produced by a computer were not admissible unless first it was shown “that there are no reasonable grounds for believing that the statement is inaccurate because of improper use of the computer” and second “that at all material times the computer was operating properly”

As argued by Paul Marshall, the current legal position is the result of a “colossal” error on the part of the Law Commission in 1999 based on a fallacy that:

1.          most computer errors are visible or apparent to the operator, and 

2.          most computer error is the result of operator input.

Examples supporting a challenge to the current legal  presumption’s poignancy and relevance are author’s  research on the Post Office Horizon IT Scandal and misinformation resulting from the use of Generative Artificial Intelligence (GenAI).  These  offer an awareness of the truly flawed nature of the current legal position and how it pertains to generated evidence that, in part, has led to one of the widest miscarriages of justice in respect of the Post Office IT Scandal..

Evidence to the Post Office Horizon IT Inquiry has shown that Post Office Limited knew that there were bugs, errors and defects in the Horizon computer system that would not be apparent to an operator (sub-postmaster), but it did not disclose this to the sub-post masters (SPMs) that it then privately prosecuted for shortfalls generated by the system.  This denied them the evidence to rebut the common law position and a right to a fair trial. The change in the law that was the result of the Law Commission recommendation in 1999, discussed below, was fatal for the SPMs.  

The Horizon computer software was maintained as “robust” until it was established as unreliable in the Bates group litigation in 2019 which then resulted in the first overturning of convictions in 2021 and unprecedented legislation of the Post Office (Horizon System) Offence Act 2024, enacted to quash the remainder of more than 700 wrongful convictions of SPMs. The Horizon system was introduced in 1999 and prosecutions under it commenced in 2000, the same year as the change of the law came into effect which was successfully employed to secure the conviction of over 700 SPMs between 2000 and 2015 and the prosecution of many more. To effect a change to pursue private prosecutions more easily, the Post Office argued for the change in the law in 1999 in its response to the Law Commission consultation and then used the new legal position to prosecute SPMs, freed from the obligation to show that Horizon was working properly.

In prosecuting SPMs the Post Office did not have to prove in court that Horizon was reliable and operating correctly, as this was the presumption. SPMs may have argued that the computer system was to blame for the shortfalls but were unable to establish this in any audit, investigation or court proceedings.  The faults were not evident, and the Post Office failed to disclose any information that would have informed SPMs of it. The most shocking and well-known case was that of Seema Misra who was convicted of theft and sent to prison when pregnant when she was unable to show the cause of the computer problem that she argued was responsible for shortfalls at her branch. This is despite the Post Office knowing the bugs were not apparent to her.   The SPMs were not IT experts, nor did they possess the necessary forensic accountancy skills to locate any faults in the system to prove their concerns about the system.  The “travesty” in Seema Misra’s trial also eluded the judge in her trial. The change of the law on computer evidence and the introduction of Horizon by the Post Office “became inextricably linked” in the Post Office scandal that had a devastating impact in criminalising SPMs because of a faulty IT system and a legal rule that prevented a fair trial. 

Barriers to Rebuttal

As a result of the change of the law in 1999, the rebutting of this presumption has become unreasonably difficult bordering on oppressive (especially in instances of private prosecutions). The Post Office Horizon scandal illustrates the difficulty (and barriers) of rebutting the presumption. As argued by Karl Flinders of Computer Weekly, that first reported on the scandal in 2009 , it reveals in “stark terms, the inadequacy of the legal presumption that computers are always right”.  This  oppressiveness is derived from a variety of metaphorical barriers that would need to be overcome involving reluctance to effect full and appropriate disclosure and prohibitively high costs (particularly punitive to those in a fiscally weak position), lack of technical knowledge on the part of all parties involved in the judicial process including the Judiciary, agents of the court and s, such operators who may be accused of criminal activity such as SPMs in the Post Office scandal and unwillingness to question the nature of computer evidence and related submissions. Individually they operate as herculean tasks, suggesting that a tandem existence would amount to a nigh on insurmountable barrier to presumption.

Instances of Good Practice

Supporting reform there are some examples of good practice worthy of consideration. Specifically, measures taken in the United States in the Sarbanes-Oxley Act (SOX) to protect investors and restore trust after the Enron scandal.  SOX requires public companies, their auditors and stockbrokers to certify the accuracy of financial reports filed with the Regulator. Internal controls are imposed to assure the accuracy of financial reports and disclosures. Furthermore, the case of Dewalt v MassMutual Metro New York, while not explicitly related to technological systems and their outputs, evidences a willingness to question the extent to which technology is utilised. Though the reasoning behind this case’s inclusion in this submission relates to Artificial Intelligence, (in this instance a form of GenAI), it still nonetheless showcases a clear instance where members of the judiciary, knowledgeable about the pitfalls and limitations of the data from type of technology are willing to step in and question.

Moreover, in the case of Dewalt v MassMutual Metro New York, the judges were aware of the plaintiff’s involvement as an operator of a startup that seeks to assist with self-representation in legal matters utilising AI technologies. In effect there was a suggestion that the court may have been used to fulfil a role beyond accessing justice, which would in turn devalue its standing.

Potential Practicable Solution

The restoration of either Section 69 of the Police and Criminal Evidence Act 1984, or provisions reversing the current presumption that session, could address the current unsatisfactory position that has can deny individuals a human right to a fair trial.  However, in restoring the position to the pre-1999 position, there needs to be a clear discussion of the nature of the definition of the outputs of the technology. This will allow an element of future proofing, especially in the advent of rapid technological advancement. As such, the onus is not placed on the technology itself but rather its operating status and verification of the integrity of its outputs.

Furthermore, to reasonably future-proof this proposed solution, particularly in light of rapid technological advancement, the lens of the section should predominantly seek to define and concern itself with the form and accuracy of the output, as generated by a properly functioning system as it traditionally sought to do.

This recognises that although technology might evolve over time, the judiciary, the courts and the agents of the legal English legal system, while cognisant of the change should continue to recognise that the systems are not infallible, despite repeated assurances as to their accuracy which have been proven to be incorrect, not least in the Bates litigation.

Additional Considerations

Further actionable solutions are gleaned from the recommendations of Alistair Kelman, in his book, The Computer in Court: A Guide to Computer

Evidence for Lawyers and Computing Professionals. In a recent article in the Computer Weekly he set out a practical process that would enable the “safe use” of computer and internet evidence in civil and criminal proceedings. He recommends computer evidence in court proceedings needs to be supported with a with “a prescriptive affidavit or deposition in seven parts”. This detailed standardised Seven Statements document  would enable all parties to form reasonable conclusions on the reliability of the evidence being presented to the court, as well as  enable non-technical lawyers to raise questions and gain answers on  reliability of  computer evidence  considered in  court

As argued by Alistair Kelam, compliance with this seven-part affidavit would be a regulatory requirement of companies and government departments.  Six of the seven statements could be pre-written and held as detailed internal audit reports with a duty to maintain these as accurate and up-to-date. This would leave only the seventh statement to be drafted in each case. Such a standardised form, would also act as internal audit and improve good governance as part of sensible risk management. If a company or organisation failed to have a comprehensive up-to-date Seven Test statement for use in reliance of computer records, then this would have consequences such as liability for insurance cover. Therefore, this change could be implemented with no cost to public finances and transfer the risk of poor computer evidence in proceedings from individuals, such as the SPMs in the Post Office Scandal, to the management of companies (the Post Office).  

Concluding Thoughts

Ultimately, form aside, a change in the law would not only secure better justice but it would prompt companies to adhere to higher standards of auditing their systems, to ensure that information could be confidently relied on in court. The reputation damage suffered by the Post Office in the scandal it created is clear and evidences the importance of such measures and may and should prompt further compliance from private entities and possibly government departments with the proper auditing of computer evidence.

As stated in the call for evidence, the overarching objective needs to be to ensure “fairness and justice for all involved in prosecutions”, but the focus should be on securing the human right to a fair trial and securing an individual is able to defend themselves effectively in court proceedings. This should not be sacrificed for procedural simplicity, and so reform of the current legal presumption is urgently needed.