Slashdot Mirror
Sent To Jail Because of a Software Bug
First time accepted submitter toshikodo writes "The BBC is reporting a claim that some sub-post office workers in the UK have been sent to jail because of a bug in the accounting software that they use. The Post Office admits Horizon computer defect. I've worked on safety critical system in the past, and I am well aware of the potential for software to ruin lives (thankfully AFAIK nobody has been harmed by my software), but how many of us consider the potential for bugs in ordinary software to adversely affect those that use it?"
A government spokesman has stated they have "absolute confidence" in all their computer systems, and what happened to Mr. Buttle was merely an unfortunate accident that could have happened to anyone.
It is outsourcing. The sub-postmasters who are being charged with fraudulent accounting over the results of these bugs are mostly former Royal Mail employees who were sacked and hired back as independent retailers contracted to provide postal services with contracts that transferred all the risk onto the small retailer providing the service.
But at least the option to fix it yourself actually exists.
File under 'M' for 'Manic ranting'
So these employees were forced to use the UK PO accounting software, which had bugs, and which showed in some instances imaginary shortfalls that they had to repay with no way of defending themselves. Sounds peachy! I hope some judge throws the book at the UK post office and finds some way to redress the situation.
Similar thing happened to me ~10 years ago(another EU country). National Telecom kept insisting I owed them money, when I called to see WTF is going on not so helpfuldesk assistant said he can see my payment and it cleared but system still wants moar money, he knows its a glitch and I can ignore it. A month later I get a bill for 2x what they imagined I owed them plus interest. I called again, asked for name of helpdesk guy, asked him to check it and informed next bill comes like this I will be reporting fraud to the police with his name attached - he cleared whole thing in 10 minutes.
Yes, this was very asshole of me, but it goes to show where is a will, there is a way.
Who logs in to gdm? Not I, said the duck.
We make software for Healthcare professionals. As you can imagine, the risk footprint is pretty ugly.
We have special testing programs that are targeted at protecting patient safety.
We also have insurance up the wazoo (a technical term). Our PI Insurance covers us for several millions of dollars per claim, and hundreds of millions for class actions. It is our single biggest insurance expense for the entire organisation.
I'm happy to say that in 18 years, we've never made a claim against it, and we've never been notified of any negative consequence on any patients.
Private Eye, a fortnightly UK satirical and news magazine first raised this issue
almost two years ago. Here's a link to the journalist's blog article.
In what way were you being an asshole? Someone (or something) was trying to defraud you, and you stood your ground and made them (or it) stop. That's not being an asshole; that's merely being responsible.
Kid-proof tablet..
The problem, I think, is that there weren't any books per se to begin with: Everything is tabulated with a computer, and the computer is wrong.
And when the computer is off by tens of thousands of pounds/dollars/whatever: OMFG.
But lying? No. Telling the truth is good, especially when it comes to official money. "I don't know what's happening because we're off by a huge amount of money, far more than we could ever accomplish in a day's business" is a good starting point.
(Just because the books are already cooked by some outside force, does not mean that one must continue to cook them.)
Kid-proof tablet..
Everyone assumes someone is already out there testing all open-source software, which is why it never seems to get done.
Also, deliberate bugs and backdoors simply wouldn't be checked back in.
TFA quote:
Ms Hamilton said that, by the time the figure reached £36,000, she lied to the Post Office - wrongly telling them the books were balancing just so that she could open the office the next day.
With closed-source, the choices Ms Hamilton has:
* keep covering the differences caused by the bug
* refuse to pay and instead sue the Post Office/Royal Mail with the hope they'll ask Horizon computer system to check. Not going to happen: the plaintiff carries the burden of proof, the Post Office has no incentive to do anything.
With OSS, Ms Hamilton has (alone or in by association with other sub-postmasters) the choice between:
* do the same as for close source. or
* hire a QA team and, upon obtaining the proof, sue the Post Office for the unwarranted requests, cost of source audit and other unspecified damages. The Post Office has the choice between to keep losing such suits or pay their own source audit/QA process and release the fixes in OSS.
I wonder which of the two would minimize the total social cost of the package maintenance (in the very specific terms of the "unseen costs")?
Questions raise, answers kill. Raise questions to stay alive.
The sub-postmasters who are being charged with fraudulent accounting over the results of these bugs are mostly former Royal Mail employees who were sacked and hired back as independent retailers
...
Okay, so what they're saying is they fucked over the employees by taking away all their benefits and cutting their wages, they underfunded a software project that performed an apparently mission-critical function... and then fucked them over again when (surprise!) it didn't live up to the absurd demands of management.
Incompetence on this level by the government -- punishing the soldiers instead of the generals, has already lead to the failure of one major world economy whose various bureaucratic deitrius was "too big to fail", and I see Britain has failed to learn anything from the cluster fuck that is the remains of the US economy.
Well, British citizens... speaking as someone from the miserable colonies; It'll be nice to have some company.
#fuckbeta #iamslashdot #dicemustdie
What I build every day directly relates to the stats and commission of a large number of people. The problem is I'm given flawed methodology from the outset by the managers and above of these people. They basically do not have the analytical or even basic math skills required to be writing the requirements they are in charge of. When I point out all the problems with how they want to approach what we're doing, all I get in return is talk of scope creep and lines like "you're trying to fix today's problems when what we need done is the design for tomorrows system!" which I'm assuming they got out of a book or trade magazine because I hear it repeated enough. None of it really matters when they're doing something as idiotic as dividing every month by 30 to get a daily average.
"well most months are 30 days"
No, most months have 31... what about holidays and weekends?
"See? It all averages out!"
You and I have entirely different definitions of "average" and... whatever, I've written all my objections into the design requirements, please sign off that you're ignoring my warnings, thanks.
"Done!"
Again, your peoples numbers will be completely wrong...
*ahem*
The poor guy at the help desk: Was he, or was he not representing the company?
Kid-proof tablet..
They have misplaced trust in their computer system.
And misplaced lack of trust in human beings.
Accounting shortfall should not mean someone goes to jail.
It should mean a thorough investigation is launched, and the tool that first reported the shortfall should not be assumed to hold accurate information.
then what, nothing in OSS land takes responsibility for itself
Red Hat does. Even Ubuntu will to some extent. Any time you want you can get paid support for OSS and, given the right support contract and money they really will take care of you properly. The definitely take responsibility for the things they promise. (N.B. your two dollar desktop license really doesn't promise much at all).
Its free it (sort of works) if it doesnt fix it your self or fuck off
And this is the thing. We have seen before that people were sent to jail for bugs in breathalyzers. In some cases people who claimed these bugs were in courts that demanded source; they were set free. In other cases the proprietary software companies behind the machines managed to get them locked away without a fair trial.
If the shit hits the fan with OSS you always have one more option and the possibility to approach multiple support suppliers. This won't happen for free and it likely won't be included in any existing agreements, however you may be happy for the chance to spend $15000 on software consultancy and not spend the rest of your life in some US State hellhole. Your proprietary software vendor will be thinking of all the other people that might sue about a bug like that and will never ever help you out of the problem.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
To resummarize:
Sub-postmasters, for those who aren't aware, are private subcontractors of the UK postal system. They are not directly employed by the government, they operate as private businesses.
The UK requires them to use specific software, called Horizon, to manage all transactions and accounting.
This software had a pretty serious bug that resulted in wrongly calculated shortfalls into the thousands of pounds. Their contracts, however, stipulate that they must make up for shortfalls themselves. Doesn't matter if the software is wrong, that's what it says, that's what it is (sounds like government to me...)
This bug went unfixed for years, despite numerous complaints and reports.
Some postmasters started falsely reporting the shortfalls as the obviously miscalculated numbers climbed to ridiculous amounts (tens of thousands) that would put them out of business by the end of the day. Because falsely reporting accounting numbers is illegal (even though the "right" numbers are obviously wrong and completely not the postmasters' fault), some of them were sentenced to prison, most likely due to the strict, unwavering and unreasoning nature of law.
Basically, they were users self-correcting for what they knew was a flaw in the software they were forced to use, and they went to jail for it or otherwise paid dearly. Damned if you do, damned if you don't. All in all, a pretty deplorable miscarriage of justice.
You are the one talking shit, buddy. You think sub-postmasters buy this software? The Post Office REQUIRES them to use it. There is no way they would allow the sub-postmasters to see the code, and even if they did, how many of these little guys do you think can read code. If it was open source there would be geeks interested in the claims of the sub-postmasters who would be delighted to reveal that the evil Post-Office was screwing the little guy. They would do it for fun. And if there was noone to review the code voluntarily, the sub-postmasters could gang up to hire an INDEPENDANT consultant to do so.
A really wise post office chief would have done that audit before the first lawsuit.
Yes you are correct, but the trouble is that the word 'Postmaster' conjours an image of someone with authority over a medium to largish business. In reality a lot of postmasters in the UK are simply running a family business/ small shop that just happens to be the Post office as well. A lot of these people have no real business training, do some very simple bookkeeping themselves, and when some software comes along that they've never had to use before, that software had better be bug free and easy enough to use. Before anyone says no software is bug free, I know that, by bug free I mean 'not going to add 13,000 to the turnover of a small business seemingly at random' . In short I think blaming the Postmasters for not being wise enough is just a wee bit disingenuous.
In a cybernetic fit of rage she pissed off to another age...
Let's assume that for the sake of the example an equivalent piece of software was available at a viable price and was open source.
A small shopkeeper (what most postmasters in the UK are these days) is shown to have a considerable amount of missing money. They are prosecuted by the post office and a jury convicts them. The fact the 'computer' says the money is missing is a part of the evidence against them but if the 'know' they didn't take the money and it can't possibly have been anyone else who works for them then surely they could already pay auditors to track the transaction records and show they don't make sense right? Except that would assume that they think to do it, are confident it will prove their innocence and can afford the considerable cost upfront.
Yes, in theory, open source lets you check. However a bug in a complex accountancy system is likely to be very difficult and if you didn't find the bug then it could actually strengthen the evidence against you.
I like open source; it is not, however, a panacea to all the worlds ills. The bigger question here is how a prosecution started by faulty accounting software ended in a conviction. Unless the defence did a very poor job, the prosecution overstated their case or the jury mis-applied 'reasonable doubt' surely this shouldn't have happened.
There's another option that open source gives you that proprietary software doesn't: You can pay someone else to fix it. If it's really that irritating to you, but you really don't want to work on it yourself, why not use some cash to convince a developer to fix your bug? You'll get what you want, the developer will get some cash, and the project will have its bug fixed. Everyone wins.
What you're really demanding is that volunteers do what you want them to do free of charge. What will actually happen is that volunteers will do whatever they damn well please.
I am officially gone from