DG says remote access is injecting, editing or deleting data in branch accounts. NOT access to other systems which may contain simiarl info.
DG are you aware of any occasion when that was exercised to change branch accounting data?
JC yes because changes were made...
DG how many retrospective documents have you found?
DG this takes me by surprise. is this in your report?
JC I got it from the OCPs etc which I was only given after I wrote my report etc
DG is the defendant aware of this?
DG why didn’t you tell the defendant you were aware of this?
JC I thought they’d already know
DG did you discuss it with Dr Worden?
DG do you think it would have been helpful to have discussed this with Dr W
DG How am I a meant to ask you something about which has not been put forward or identified to me
J describe these docs
JC OCR and OCPs - requests for changes to data
J when did you say you got them?
JC Jan or Feb
DG there are two copies of docs which record remote access MSCs, OCPs and OCRs.
You got the MSCs in Dec and the OCPs and OCRs in Jan.
DG and your report was served on 1 Feb
DG do you accept Fujitsu could only make a change to data with a colleauge witness
JC yes there are docs stating this
DG it was a 4-eyes requirement for any change
DG were you in court when Mr Roll confirmed it was applied strictly
JC yes although...
DG this isn’t in your report. should you not have put this in your report
JC to be fair there are lots of things which could have gone in the report
DG would it not have been helpful to put it in?
DG your fourth joint statement was made on 4 March and contains reference to OCPs and OCRs including unilateral associations by you - did you not think it was relevant?
JC no it may..
[we move on. DG is hacked off no one has told him about blanket permissions and lack of strict application of the 4 eyes rule]
JC’s answer to DG;s next question is “No.”
DG now discussing PEAKS, and many tens of thousands of OCPs, MSCs and OCRs.
DG and describe the sort of access
JC most often, yes
DG it won’t necessarily be very detailed,
JC but you wont see the effect
DG you’ll see the nature of it
JC but not the number
DG so between all these docs you have a rich resource to form a sense of the scale of remote access performed in the last 15 or 16 years.
JC you get an indication
DG and you are capable of performing search...
JC no - that’s not a very easy task to identify. you can’t search very easily search for SQL statments or FAD code which is often not filled in. We recently found the word Riposteimport was a possible sign of remote access
DG where a problem at branch which requires remote access the PEAK will ID the branch concered
JC it will sometimes say an “adjustment” or “correction’ needs to be made at the branch, but it’s not consistent.
JC if you were confident you had all the search terms that identified remote access
DG could you not have done that search?
DG and you and Dr Worden have the FAD codes of all the claimants
JC in one of my early requests for info I got a response back saying I shouldn’t be asking for anything which would identify the claimants.
JC let’s have a look at the RFI
DG maybe after a break
Patrick Green stands up: there’s an issue of fairness here. [he seems to suggest we should got the RFI]
J I’m not going to have a spat during
[DG has received messages from his team that Dr Worden published the FAD codes in his report]
J did you have the FAD codes before Dr Worden published them?
[FAD codes are branch identifiers]
DG so if remote access has happened on some occasions but doesn’t happen 1000s of time a year. You don’t think that do you?
JC higher in legacy Horizon than Horizon online, but no sense of scale
DG you haven’t found hundreds of OCPs and OCRs detailing remote access
DG you have found relatively few
JC there is often a need to make a correction to ...
DG no a PEAK registers remote access - it only goes quiet when its a TC
JC we don’t know
DG come on. Fujitsu are very careful and process-driven. When there is remote access...
JC accepts that is likely
DG so of the PEAKS you’ve seen you’ve seen relatively few examples of remote access.
JC tens, twenties
DG not hundreds. a relatively small number to the 3m branch accounts published over the last 20 years. Less than 30?
DG so if remote access has only happened, let’s say 100 times over the last 20 years and it is carefully recorded, would you accept the chances of remote access affected branch accounts is vanishingly small compared to 3m accounts
DG a second order issue?
JC we have evidence it has caused a problem
JC yes we saw one earlier in this trial
DG and that’s the only one you have seen
JC it is one I have seen
DG and chances of them making a mistake would be very small
DG less than 5%
JC not comfortable with figures
DG so we know there are relatively small numbers of remote access
JC it is small
DG so this issue is not of great practical significance. a second order issue
JC we’ve excluded rebuilding etc are we going to come on to that?
JC that’s how it should work, but there is evidence of that failing and having to be rebuilt manually
DG very few times this has happened
JC I’ve found ten
JC if it happens, yes.
DG are there any other types of remote access
DG so I’m going to xe you on the forms of remote access here
JC you started the session by reducing what remote access is
DG yes but in the description I gave you in relation to Horizon issue 10 do you agree with our initial description of remote access when we started this morning
DG what are recovery flags?
JC flags put on the...
DG but it’s not Horizon Issue 10 is it
JC no but it affects that transaction data
DG but it’s not part of it.
JC they are an indicator that something needs to be checked in branch accounts
JC yes - assembling everything needed and pushing it into the database
DG so balancing transactions for example as defined by Mr Godeseth in the transaction...
JC they are balancing transactions
DG I appreciate that’s how you think of them, but the technical term for something done by the transaction correction tool.
JC it’s basic accounting terminology
DG there is a difference between machine deletion and manual deletion. Machine deletion for the purpose of removing...
DG when PO used to send error notices up to 2005 - that’s NOT remote accees, but when TC’s were introduced in 2005 that is a form of remote access?
DG In answer to my question did you say error notices are a form of remote access?
JC they are a form of remote access.
[there is some confusion here as we try to work out what JC may or may not have said about error notices in his report]
We go to p242 of JC's report: "Prior to TCs, I do not consider manual entry of error notice amounts to be inserted transactions...
DG has your view changed today?
JC the remote access issue we’ve agreed today excludes both error notices and TCs
J I think we should deal with it likes this.
J asks JC if he thinks error notices either in his report or today are remote access.
[we move on]
JC it’s not but it could have an impact on branch accounts.
JC depends what you mean.
DG TPS harvests data from the system to put into the database and it flags up reconciliation errors.
DG but the chances of a change to the TPS data would be picked up and the
DG no one would make a change in TPS to change a figure right?
DG so the TIP repair tool is to fix a problem in TPS because it’s not compliant with client or branch accounts.
JC it shouldn’t occur
DG you’re struggling to accept something that is blindingly obvious. The chances of someone using the TIP repair tool to introduce a discrepancy is very small
JC it would require human error
DG commonsensically its very small.
DG you really don’t want to talk about extent do you?
JC no but my illustration [Santander] was because you said they would accept the SPMs position over anyone else’s. and the example was PO accepting the client’s over the SPM
DG and you’re suggesting that in circs that SPM is working fine and an error is introduced, do you accept the circs of PO accepting that error over the branch is small
JC relative to total number of daily transactions it is small, but we’re still talking about 1000s of TIP repair tool transactions
DG a day?!
DG that is a surprise to me. Is there are PEAK...
DG of the PEAKS you’ve seen how many use the TIP repair tool
JC wouldn’t like to give a number until I’ve seen the evidence. But it is in the evidence
J suggests JC gets a chance to find the evidence over lunch.
[court rises for a break]
DG you referred to the fact bulk changes were made by means of the TIP repair tool. Would you accept those changes are not transaction data changes. They are changes to attributes...
DG so when we’re talking about erroneous transaction data being corrected we don’t need to worry about the bulk data changes
JC unless they were bulk changes to the transaction type etc
DG have you ever seen this
DG this is a 3rd order issue it requires a series of unfortunate events to happen.
JC agrees it would be a fraction of a per cent
DG is grateful
DG suggests his first and second report he glosses over changing data in branch accounts and wide rare possibilities that...
DG thanks that has saved a great deal of time.
[they go to a joint statement i can’t see]
DG in the real world you have no reason to believe this has ever happened with Horizon
JC automated way, yes. but when automated way fails, it has to be done manually. they need to get the messages out and import recovered messages onto the lives systems.
JC it might be Parker 2
[they are trying to find it]
DG reads from Mr Parker’s witness statement which describes this process.
DG asks if he could find that information for him overnight
DG for all this to have an affect on branch accounts it would be rare.
JC no the PEAK suggested elements of the message should be changed. the PEAK didn’t say - “change a value”. The real mistake would be accidentally duplicating or deleting transactions.
JC there’s always a danger
DG so you wouldn’t change anything - it would have to be a mistake
JC you would have to change something
DG but not the transaction data
DG how many times have you seen this
JC there’s a few PEAKS which discuss this...
DG could you bring these to court tomorrow?
DG re the evidence you’ve heard and seen about Fujitsu’s processes - needing 2 pairs of eyes so the chances of something going wrong would be very very low?
DG are there any other forms of data rebuilding you wish to discuss?
JC happy to move on
[quibble about this from claimants’ QC]
DG brings up rare case when we can’t get transactions off a disc and that Fujitsu would notify PO.
So this would involve
JC this reminds me of a case where they lost the transactions and an SPM injected their transactions manually they were then picked up and doubled.
DG so this was recorded in a PEAK?
DG could you bring in that PEAK
JC adds a note about PEAKS being created by 3rd tier support in Fujitsu. a PEAK is only created post-referral. Before it’s up the Post Office how it is dealt with.
DG are you suggesting if there has been a problem of this magnitude...
JC That is the process which should be followed.
JC no I’m happy with what’s covered in that statement.
DG thank you.
[we go to injecting a transaction into legacy Horizon]
DG and that would be the practice
JC though I’ve seen numbers lower than 32 being used
DG why isn’t that in your report
JC its’ more recent...
DG it’s not a criticism of you, but it’s hard to do a cross examination when the goalposts keep moving
JC would you like me to add it to my homework?
DG if you could. sorry i realise you are answering my q's
[we move on]
JC it is helpful this. I didn’t get to benchmark it tho
DG but you can’t challenge it
JC no I'm not in a position...
And we’re off...
[from memory an engineer went into a branch account to fix something and made a mistake on the way out which left the SPM liable for £484. This might be about to be debunked. Last time the PO witness accepted this was what...
[They are all looking at a PEAK or KEL log for this error and going through it line by line eg “it is the best that the branch is not advised.”]
DG raises this and reiterates that this is the only example JC has noted
JC agrees the solution should have worked.
DG reading loss of $1000 dollars after the fix went in. Are you questioning that it wasn’t Fujitsu
DG this is a rare occurrence - this sort of fix?
DG hammering the point from the Fujitsu log that this sort of fix is an absolute rarity
JC yes. can we look at the line of code that was used?
DG it’s not on this PEAK
JC that highlights the problem of searching...
JC this is not the actual message
DG and you suggest they got it wrong, by reference to another document we’ll get to in a moment
DG and it would be a surprise if the test worked and then it didn’t when it went live?
JC no I don’t think their test could replicate the live environment
DG is that fair? they rolled the test stock unit over to see what the...
JC I don’t know what the set up of the SSC [Fujitsu 3rd tier support] is - I don’t know how much info is there.
DG you are trying to resist my notion that this test worked and therefore it’s unlikely the fix worked
JC I don’t think either of us know what they
DG you suggest they inserted the wrong figure. [they look at another doc] you say this insertion caused a loss in the branch.
DG see the last insertion - TRT - tip repair tool. This is an OCR about changing data in the TPS system.
JC so its not about...
DG yes. so as night follows day that whatever change made it didn’t constitute an insertion into the message store.
JC this is a secondary form of correction after the insertion into the message store
DG doesn’t matter...
DG it’s nothing to do with it
JC it might be, but it is affecting branch accounts
DG no we spent a long time this morning agreeing that the Tip repair tool does not affect branch accounts.
J that’s exactly what I’m doing
[judge and DG discussing the OCR and where it appears in the PEAK]
Judge has just used the word "antepenultimate".
JC resisting saying its the difference between the two.
DG wants JC to accept the fix which the claimants have previously contended caused a loss in branch didn’t.
DG the OCP was raised on 10th Dec and the correction to the message store was made on the 11th.
JC one doc said 12th Dec at 1507 - either the OCP or the OCR.
J that’s the OCR
DG now you’ve latched onto that and said “aha! there’s been an error and that error must be responsble for the loss.” It’s not
J I think that’s agreed
DG so we’ll move on
J I want to understand the chronology though - and I appreciate you are acting, as you say, on instruction.
[J now talking through what he understands here]
J satisfied with his understanding of what he is seeing and what has been said.
[we’re now on a joint statement I can’t see. the Post Office legal team tell me they’re reluctant to release the joint statements until Dr Worden has been sworn in. it is their prerogative to do that]
JC transaction insertions are possible
DG but no one has got into the message store and edited a line of data
JC that’s what they’re doing
DG the narrow question is...
JC no but I’ve seen them edit other data
DG puts the question again.
JC yes - asks for a document to be pulled up
JC no my Lord set me some homework and I started it at lunchtime
J I don’t think I set you any homework…
JC yes, sorry...
JC is taking the court through the PEAK…
DG this is an example of a transaction insertion?
DG SSC has a transaction insertion capability
JC that’s not how it’s done, it’s taken out of a branch, edited and put back in
DG that wasn’t my question
JC this has been inserted, but by taking it out, altering it and putting...
DG you have said there has not been a remote deletion. I’m asking you about editing.
JC it’s an insertion of something which is already there. It’s not a new transaction. It’s been edited.
[we move on]
[we now appear to be talking about the TIP repair tool vs the TRT (transaction repair tool)]
DG can you explain the use of SQL line editor to change tables that doesn’t cause problems?
JC it’s quite easy.
[and KELS and PEAKS]
JC There are thousands of crashes across the estate every month and the repairs/fixes are usually automated. However some will cause problems requiring SPMS having to call...
DG that’s not what I asked you about…
DG takes him to his 2nd report "Fujitsu, by creating SQL scripts, could delete relevant records in order to negate previous operations. Whilst this is not necessarily...
operations that are all intrinsic to transaction accounting.”
DG can we agree you are referring to something which is not the deletion of transaction data
JC it’s a balance
DG but its’ not a transaction
DG quotes gareth jenkins saying an OCP is needed for the..
JC accepts this logical.
DG but this does not affect the branch accounts - it allows a way to deal with the glitch
DG I think you may agree there was no change to transaction data or...
JS yes I agree
DG am I right in thinking you’ve only seen relatively few numbers of PEAKS of this sort
JC there are a few
DG given the number of transactions over a 20 year period you’ve found relatively few?
JC from the docs we’ve...
DG and Fujitsu are reluctant to make changes, and when they do, they do it very carefully
JC from what I’ve seen
DG they’re not cavalier or acting unilaterally or inappropriately
[move on to two docs, the E&Y 2011 report and an internal PO report]
DG but you haven’t found any evidence of lax controls
JC no but we have documents which are incomplete and so we don’t know what happened.
DG takes him to the E&Y 2011 report - exec summary p3. Which I can’t see.
DG goes to JC’s 2nd report...
DG asks what evidence he has that PO did not implement these recommendations.
JC goes to the table at section 2 of the E&Y report
DG so that supports your inference?
JC sec 2 deals with points made previous year sec 4 for current year
DG so sec 2 doesn’t justify an assertion that PO chose not implement the recommendations. Because its referring to past events
JC asks to go to that doc
DG has a better one...
DG shows him a document showing that Fujitsu and Post Office are doing some work based on the recommendations in the E&Y report.
JC accepts that is what he is seeing
DG takes him to another doc.
JC accepts that is the case
DG takes him to another document about enhancing change management process - “enhancing” doesn’t suggest its deficient...
DG so quite a lot of things being done is strengthening and enhancing change management process.
JC one of the changes discussed was that Fujitsu should tell the Post Office about changes to H
DG you are trying to say in your report that E&Y gave...
JC holds his ground
[DG takes instruction]
DG so far we have not seen ANY proposal recommended by E&Y that hasn’t been acted on in some way by PO
DG goes to the 2013 auditors’ report...
JC hang on - so it’s just saying it’s not included in the audit any more?
DG what isn’t?
JC so in 2011/12 improvements were recommended...
DG look at the far right column - the answer to your question is no.
DG you were aware of these documents weren’t you? You did read this documents, didn’t you? Before making your claims in your report
DG that has nothing to do with your claim in your report that they chose not to improve their procedures. Do you see?
JC right - so this is the 2012 audit and this is the first time this issue has arisen...
DG I am not sure if the proposal was made in 2011. But you are making crits of the PO throughout your 2nd report. You claim that the PO did not take these recommendations up. You looked at all the docs and decided that PO chosen not to...
JC it appears I have made a mistake and should have referred to the 2012 audit.
JC I’d have to look at the 2012 audit again.
J well we’re in 2013 report and Mr DGR is taking you to p4
DG reads from p4 - DG calls this a ringing endorsement from the auditors about POs enhancements, yes?
[there is a slight pause whilst DG checks his documents]
JC says I have never seen a situation in any other company before where two serious changes were made to a system and the customer wasn’t told
[explains situation] and I think you agreed it was a sensible thing to do.
JC it’s poor position to be in, but it was a way out
DG what gives you the right to state that
JC because it affects the system
DG but it’s not about access controls...
JC I thought you were going to take me to the section in the E&Y report about privileged user access
DG the 2011 one?
DG my question to
JC I’m confused about this as I thought you were going to take me to the section of the report about remote access
DG I’m not going to debate with you what I am and am not going to take you to. My question is after your...
JC it wasn’t conscious
DG but it must have been conscious to put the criticism in
JC I was trying to find problems relating to errors bugs and...
DG no - you were just trying to lob coconuts at the Post Office
JC no that’s not fair. it’s not about that - it’s about identifying weaknesses and areas which haven’t been acted on.
JC does so but also wonders if this is the right document
[I’m totally confused]
DG lists a load of stuff and says this contributes to the overall robustness of Horizon, doesn’t it Mr Coyne?
DG reads more control objectives and notes they’re quite important in the light of criticisms in...
DG continues to read about the control access procedures listed. Quite important again in the course of these proceedings?
JC yes. which is why I am quite surprised how many were brought up in an earlier E&Y document.
DG but between 2012 and 2017...
DG one POLsap user could develop software - this issue was flagged and resolved before the audit published. Only one user and it was resolved without any problems.
DG in your report with your criticisms don’t you think you should have balanced it
JC you’ve just taken me through a lot of things not relevant to my criticisms.
DG you should have had proper regard to the audits before criticism?
DG would that be a convenient moment?
J it would. Would you like to start tomorrow at 1015?
DG I would love to start tomorrow at 1015.
J I think there are only a few people in this courtroom who share your enthusiasm for that...
[J checks witness is okay to start at 1015. Claimants’ QC confirms he has agreed with DG that his re-examination will start at 3.45pm tomorrow]
It’s been another long and very dry day, but there have been some interesting moments.
If you’ve enjoyed this thread, please do take a look at postofficetrial.com ...
If you haven’t donated before and want to chuck a few quid in the tip jar I’d be enormously grateful.
Contributions of £20 or more get on the secret email list.
His widow Karen remains a claimant in this case. It’s just a reminder this litigation is about human beings, not a computer system.
Back tomorrow at 1015.