Slashdot Mirror
Sent To Jail Because of a Software Bug
First time accepted submitter toshikodo writes "The BBC is reporting a claim that some sub-post office workers in the UK have been sent to jail because of a bug in the accounting software that they use. The Post Office admits Horizon computer defect. I've worked on safety critical system in the past, and I am well aware of the potential for software to ruin lives (thankfully AFAIK nobody has been harmed by my software), but how many of us consider the potential for bugs in ordinary software to adversely affect those that use it?"
A government spokesman has stated they have "absolute confidence" in all their computer systems, and what happened to Mr. Buttle was merely an unfortunate accident that could have happened to anyone.
Private Eye, a fortnightly UK satirical and news magazine first raised this issue
almost two years ago. Here's a link to the journalist's blog article.
Everyone assumes someone is already out there testing all open-source software, which is why it never seems to get done.
Also, deliberate bugs and backdoors simply wouldn't be checked back in.
TFA quote:
Ms Hamilton said that, by the time the figure reached £36,000, she lied to the Post Office - wrongly telling them the books were balancing just so that she could open the office the next day.
With closed-source, the choices Ms Hamilton has:
* keep covering the differences caused by the bug
* refuse to pay and instead sue the Post Office/Royal Mail with the hope they'll ask Horizon computer system to check. Not going to happen: the plaintiff carries the burden of proof, the Post Office has no incentive to do anything.
With OSS, Ms Hamilton has (alone or in by association with other sub-postmasters) the choice between:
* do the same as for close source. or
* hire a QA team and, upon obtaining the proof, sue the Post Office for the unwarranted requests, cost of source audit and other unspecified damages. The Post Office has the choice between to keep losing such suits or pay their own source audit/QA process and release the fixes in OSS.
I wonder which of the two would minimize the total social cost of the package maintenance (in the very specific terms of the "unseen costs")?
Questions raise, answers kill. Raise questions to stay alive.
then what, nothing in OSS land takes responsibility for itself
Red Hat does. Even Ubuntu will to some extent. Any time you want you can get paid support for OSS and, given the right support contract and money they really will take care of you properly. The definitely take responsibility for the things they promise. (N.B. your two dollar desktop license really doesn't promise much at all).
Its free it (sort of works) if it doesnt fix it your self or fuck off
And this is the thing. We have seen before that people were sent to jail for bugs in breathalyzers. In some cases people who claimed these bugs were in courts that demanded source; they were set free. In other cases the proprietary software companies behind the machines managed to get them locked away without a fair trial.
If the shit hits the fan with OSS you always have one more option and the possibility to approach multiple support suppliers. This won't happen for free and it likely won't be included in any existing agreements, however you may be happy for the chance to spend $15000 on software consultancy and not spend the rest of your life in some US State hellhole. Your proprietary software vendor will be thinking of all the other people that might sue about a bug like that and will never ever help you out of the problem.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
To resummarize:
Sub-postmasters, for those who aren't aware, are private subcontractors of the UK postal system. They are not directly employed by the government, they operate as private businesses.
The UK requires them to use specific software, called Horizon, to manage all transactions and accounting.
This software had a pretty serious bug that resulted in wrongly calculated shortfalls into the thousands of pounds. Their contracts, however, stipulate that they must make up for shortfalls themselves. Doesn't matter if the software is wrong, that's what it says, that's what it is (sounds like government to me...)
This bug went unfixed for years, despite numerous complaints and reports.
Some postmasters started falsely reporting the shortfalls as the obviously miscalculated numbers climbed to ridiculous amounts (tens of thousands) that would put them out of business by the end of the day. Because falsely reporting accounting numbers is illegal (even though the "right" numbers are obviously wrong and completely not the postmasters' fault), some of them were sentenced to prison, most likely due to the strict, unwavering and unreasoning nature of law.
Basically, they were users self-correcting for what they knew was a flaw in the software they were forced to use, and they went to jail for it or otherwise paid dearly. Damned if you do, damned if you don't. All in all, a pretty deplorable miscarriage of justice.
You are the one talking shit, buddy. You think sub-postmasters buy this software? The Post Office REQUIRES them to use it. There is no way they would allow the sub-postmasters to see the code, and even if they did, how many of these little guys do you think can read code. If it was open source there would be geeks interested in the claims of the sub-postmasters who would be delighted to reveal that the evil Post-Office was screwing the little guy. They would do it for fun. And if there was noone to review the code voluntarily, the sub-postmasters could gang up to hire an INDEPENDANT consultant to do so.
A really wise post office chief would have done that audit before the first lawsuit.
Yes you are correct, but the trouble is that the word 'Postmaster' conjours an image of someone with authority over a medium to largish business. In reality a lot of postmasters in the UK are simply running a family business/ small shop that just happens to be the Post office as well. A lot of these people have no real business training, do some very simple bookkeeping themselves, and when some software comes along that they've never had to use before, that software had better be bug free and easy enough to use. Before anyone says no software is bug free, I know that, by bug free I mean 'not going to add 13,000 to the turnover of a small business seemingly at random' . In short I think blaming the Postmasters for not being wise enough is just a wee bit disingenuous.
In a cybernetic fit of rage she pissed off to another age...
Let's assume that for the sake of the example an equivalent piece of software was available at a viable price and was open source.
A small shopkeeper (what most postmasters in the UK are these days) is shown to have a considerable amount of missing money. They are prosecuted by the post office and a jury convicts them. The fact the 'computer' says the money is missing is a part of the evidence against them but if the 'know' they didn't take the money and it can't possibly have been anyone else who works for them then surely they could already pay auditors to track the transaction records and show they don't make sense right? Except that would assume that they think to do it, are confident it will prove their innocence and can afford the considerable cost upfront.
Yes, in theory, open source lets you check. However a bug in a complex accountancy system is likely to be very difficult and if you didn't find the bug then it could actually strengthen the evidence against you.
I like open source; it is not, however, a panacea to all the worlds ills. The bigger question here is how a prosecution started by faulty accounting software ended in a conviction. Unless the defence did a very poor job, the prosecution overstated their case or the jury mis-applied 'reasonable doubt' surely this shouldn't have happened.