Morning. We are in Court 26 of the High Court’s Rolls Building for Day 16 of the Horizon trial, part of the Bates v Post Office group litigation. Live tweets to follow. Pictured is Ron Warmington, MD of Second Sight which investigated Horizon for the Post Office.
#postofficetrial

Jason Coyne (JC), independent IT expert for the claimant Subpostmasters is being cross-examined by Anthony de Garr Robinson (DG), QC for the Post Office. This is his third day of evidence. Day 1 report: postofficetrial.com/2019/06/anthon…
Day 2: postofficetrial.com/2019/06/horizo…

You can also read the transcripts from the last two days and read Mr Coyne’s two expert reports at postofficetrial.com

Final note before we start - I am paraphrasing and describing what people are saying and doing in court. Nothing is a direct quote unless in “direct quotes”.

We are, according to DG, focusing on remote access today.

DG says remote access is injecting, editing or deleting data in branch accounts. NOT access to other systems which may contain simiarl info.

DG quotes Horizon Issue 11 which is about audit trails and permissions when accessing branch accounts.

JC asserts there was an annual blanket authorisations given for a number of tasks by PO to Fujitsu to undertake “any” emergency or critical actions.
DG are you aware of any occasion when that was exercised to change branch accounting data?
JC yes because changes were made...

… then it was reported retrospectively.
DG how many retrospective documents have you found?
JC hundreds
DG this takes me by surprise. is this in your report?
JC I got it from the OCPs etc which I was only given after I wrote my report etc
DG is the defendant aware of this?

JC I thought they would be aware.
DG why didn’t you tell the defendant you were aware of this?
JC I thought they’d already know
DG did you discuss it with Dr Worden?
JC no
DG do you think it would have been helpful to have discussed this with Dr W

JC I got the documents disclosed to me after the reports were written
DG How am I a meant to ask you something about which has not been put forward or identified to me
J describe these docs
JC OCR and OCPs - requests for changes to data
J when did you say you got them?

JC not sure
J ballpark?
JC Jan or Feb

DG there are two copies of docs which record remote access MSCs, OCPs and OCRs.
You got the MSCs in Dec and the OCPs and OCRs in Jan.
DG and your report was served on 1 Feb

JC yes.
[moves on]
DG do you accept Fujitsu could only make a change to data with a colleauge witness
JC yes there are docs stating this
DG it was a 4-eyes requirement for any change
JC yes
DG were you in court when Mr Roll confirmed it was applied strictly
JC yes although...

JC… I have notices some docs which have the same name in operator/witness boxes
DG this isn’t in your report. should you not have put this in your report
JC to be fair there are lots of things which could have gone in the report
DG would it not have been helpful to put it in?

JC you’ve asked me a question, and I’ve answered it and I can see how it would have been helpful
DG your fourth joint statement was made on 4 March and contains reference to OCPs and OCRs including unilateral associations by you - did you not think it was relevant?
JC no it may..

… well be relevant.
[we move on. DG is hacked off no one has told him about blanket permissions and lack of strict application of the 4 eyes rule]

DG is now telling JC off. DG says he has a limited amount of time to xe him on two massive reports and he wants simple non-sidetracked answers to his questions.
JC’s answer to DG;s next question is “No.”
DG now discussing PEAKS, and many tens of thousands of OCPs, MSCs and OCRs.

DG a remote access rquirement will be mentioned in a PEAK won’t it
JC yes
DG and describe the sort of access
JC most often, yes
DG it won’t necessarily be very detailed,
JC but you wont see the effect
DG you’ll see the nature of it
JC but not the number

DG as well as PEAKS you can search OCPs, OCRs and MSCs etc
JC yes
DG so between all these docs you have a rich resource to form a sense of the scale of remote access performed in the last 15 or 16 years.
JC you get an indication
DG and you are capable of performing search...

… to find these docs indicating scale of remote access.
JC no - that’s not a very easy task to identify. you can’t search very easily search for SQL statments or FAD code which is often not filled in. We recently found the word Riposteimport was a possible sign of remote access

… so we don’t actually search very well.
DG where a problem at branch which requires remote access the PEAK will ID the branch concered
JC it will sometimes say an “adjustment” or “correction’ needs to be made at the branch, but it’s not consistent.

DG you could choose a sample of branches and work out how often they’ve been remote accessed and then you could form a sense of scale of the remote access
JC if you were confident you had all the search terms that identified remote access
DG could you not have done that search?

JC we could have looked at what happened to a particular FAD codes
DG and you and Dr Worden have the FAD codes of all the claimants
JC in one of my early requests for info I got a response back saying I shouldn’t be asking for anything which would identify the claimants.

DG that’s not true. you need to be careful what you’re saying here
JC let’s have a look at the RFI
DG maybe after a break
Patrick Green stands up: there’s an issue of fairness here. [he seems to suggest we should got the RFI]
J I’m not going to have a spat during

cross-examination. DG continue.
[DG has received messages from his team that Dr Worden published the FAD codes in his report]
J did you have the FAD codes before Dr Worden published them?
JC no

[FAD codes are branch identifiers]

DG moving on to Horizon issue 13 - to what extent did remote access happen and how carefully remote access was carried out
JC agreed
DG so if remote access has happened on some occasions but doesn’t happen 1000s of time a year. You don’t think that do you?
JC no

DG do you have a sense of the likely scale?
JC higher in legacy Horizon than Horizon online, but no sense of scale
DG you haven’t found hundreds of OCPs and OCRs detailing remote access
JC no
DG you have found relatively few
JC there is often a need to make a correction to ...

… a discrepancy. And there is an option to do remote access or issue a transaction correction.
DG no a PEAK registers remote access - it only goes quiet when its a TC
JC we don’t know
DG come on. Fujitsu are very careful and process-driven. When there is remote access...

… it is detailed in the PEAK.
JC accepts that is likely
DG so of the PEAKS you’ve seen you’ve seen relatively few examples of remote access.
JC tens, twenties
DG not hundreds. a relatively small number to the 3m branch accounts published over the last 20 years. Less than 30?

DG yes?
JC yes
DG so if remote access has only happened, let’s say 100 times over the last 20 years and it is carefully recorded, would you accept the chances of remote access affected branch accounts is vanishingly small compared to 3m accounts

JC reasonably, not vanishingly small
DG a second order issue?
JC we have evidence it has caused a problem
DG really?
JC yes we saw one earlier in this trial
DG and that’s the only one you have seen
JC it is one I have seen

DG okay, but do you accept that when Fujitsu did remote access they did it carefully, yes?
JC yes
DG and chances of them making a mistake would be very small
JC small
DG less than 5%
JC not comfortable with figures
DG so we know there are relatively small numbers of remote access

DG and the chances of making a mistake is small so the chances of making a mistake on branch accounts is very small
JC it is small
DG so this issue is not of great practical significance. a second order issue
JC we’ve excluded rebuilding etc are we going to come on to that?

DG yes we are, but when there is a crash and counter needs to be rebuilt from a mirror server - that’s how it works, yes?
JC that’s how it should work, but there is evidence of that failing and having to be rebuilt manually
DG very few times this has happened
JC I’ve found ten

DG so ten occasions over a 10 year period. When that happens properly that is a sign of robustness, isn’t it
JC if it happens, yes.

[DG takes him to forms of remote access described in a joint statement which I don’t have access to]
DG are there any other types of remote access
JC no
DG so I’m going to xe you on the forms of remote access here
JC you started the session by reducing what remote access is

DG no I defined it. "I’m not trying to pull a fast one" - it’s just we have to agree what we are discussing and then discuss it in the time we have.

JC explaining that back end access could be remote access
DG yes but in the description I gave you in relation to Horizon issue 10 do you agree with our initial description of remote access when we started this morning
JC yes
DG what are recovery flags?
JC flags put on the...

… database when there is a possible problematic transaction
DG but it’s not Horizon Issue 10 is it
JC no but it affects that transaction data
DG but it’s not part of it.
JC they are an indicator that something needs to be checked in branch accounts

DG when we talk about inserting or injecting data - can we agree that is manual injecting of transaction data.
JC yes - assembling everything needed and pushing it into the database
DG so balancing transactions for example as defined by Mr Godeseth in the transaction...

… correction tool. I am only going to be talking about ones used by that tool.
JC they are balancing transactions
DG I appreciate that’s how you think of them, but the technical term for something done by the transaction correction tool.
JC it’s basic accounting terminology

DG okay but for the purposes of this discussion I am going to use the term balancing transactions as exercises useing the transaction correction tool
JC okay
DG there is a difference between machine deletion and manual deletion. Machine deletion for the purpose of removing...

… a problem in order to rebuild the database enhances robustness, does it not.
JC agrees
DG when PO used to send error notices up to 2005 - that’s NOT remote accees, but when TC’s were introduced in 2005 that is a form of remote access?
JC yes

DG that is not the form of remote access that we are concerned with in Horizon Issues. It doesn’t assist matters to include TCs and TAs.
JC agreed.
DG In answer to my question did you say error notices are a form of remote access?
JC they are a form of remote access.

DG but they’re issued by post
[there is some confusion here as we try to work out what JC may or may not have said about error notices in his report]
We go to p242 of JC's report: "Prior to TCs, I do not consider manual entry of error notice amounts to be inserted transactions...

…. as the Subpostmaster is responsible for entering them on their system, which differs from TCs as they are resident within the accounts electronically.”
DG has your view changed today?
JC the remote access issue we’ve agreed today excludes both error notices and TCs

J intervenes. He thinks one of DG’s juniors has misheard and answer and set a hare running. There is burbling.
J I think we should deal with it likes this.
J asks JC if he thinks error notices either in his report or today are remote access.
JC “No.”
[we move on]

DG any change made to any data in the TPS or TIPS system is not a change to branch accounts in H
JC it’s not but it could have an impact on branch accounts.

DG would you agree that changes to TPS or TIPS is a second order issue.
JC depends what you mean.
DG TPS harvests data from the system to put into the database and it flags up reconciliation errors.
JC yes
DG but the chances of a change to the TPS data would be picked up and the

… PO would have to make a decision to accept the TPS data rather than the branch data.
DG no one would make a change in TPS to change a figure right?
JC yup
DG so the TIP repair tool is to fix a problem in TPS because it’s not compliant with client or branch accounts.

DG that’s very unlikely?
JC it shouldn’t occur
DG you’re struggling to accept something that is blindingly obvious. The chances of someone using the TIP repair tool to introduce a discrepancy is very small
JC it would require human error
DG commonsensically its very small.

JC it would require human error
DG you really don’t want to talk about extent do you?

We are talking about Santander corrections sent to post office which were sent on to Subpostmasters as TCs which SPMs then disputed - this is a rabbit hole.

DG this has nothing to do with changes made by the TIP repair tool
JC no but my illustration [Santander] was because you said they would accept the SPMs position over anyone else’s. and the example was PO accepting the client’s over the SPM

DG what I was seeking to ascertain from you is that the chances of Fujitsu making a mistake using the TIP repair tool and the chances of PO accepting that mistake is very unlikely. not impossible, but in the real world, very unlikely

JC I accept it’s very low, but it only requires one error to be made.
DG and you’re suggesting that in circs that SPM is working fine and an error is introduced, do you accept the circs of PO accepting that error over the branch is small
JC yes

DG but then it generates a TC which the SPM can dispute.

DG you not accept in the real world it’s a tiny chance of this getting picked up
JC relative to total number of daily transactions it is small, but we’re still talking about 1000s of TIP repair tool transactions
DG a day?!
JC yes
DG that is a surprise to me. Is there are PEAK...

… for every TIP repair tool.
JC no
DG of the PEAKS you’ve seen how many use the TIP repair tool
JC wouldn’t like to give a number until I’ve seen the evidence. But it is in the evidence
J suggests JC gets a chance to find the evidence over lunch.
[court rises for a break]

Big discussion between the QCs now judge and witness is out of the room about when JC got the information about blanket permissions for remote access and when he got the OCPs and OCRs which showed that the four eyes remote access rules were potentially breached.

[We’re back]
DG you referred to the fact bulk changes were made by means of the TIP repair tool. Would you accept those changes are not transaction data changes. They are changes to attributes...

JC yes
DG so when we’re talking about erroneous transaction data being corrected we don’t need to worry about the bulk data changes
JC unless they were bulk changes to the transaction type etc
DG have you ever seen this
JC no

DG and for it to happen it would require a mistake to be made, PO would have to mistake in reviewing it and then the Postmaster would have to make a mistake in not spotting it.
JC agrees
DG this is a 3rd order issue it requires a series of unfortunate events to happen.

DG all of which are individually unlikely
JC agrees it would be a fraction of a per cent
DG is grateful

We are currently having a discussion about the definition of remote access. JC’s is wide and DG’s is focused on changes to branch accounts.
DG suggests his first and second report he glosses over changing data in branch accounts and wide rare possibilities that...

… data changes could one day in certain circs possibly have an effect on branch accounts. Do you think it would have been fair to make that distinction in your report.
JC no

DG do you accept global users cannot access branch accounts
JC yes
DG thanks that has saved a great deal of time.
[they go to a joint statement i can’t see]

DG is picking up on an idea which JC came up with which allows a clever criminal, with universal access rights to Horizon to tap into payments and divert them to their own bank account. DG Suggests anyone trying to do this would get caught and only someone with training and...

… access could do it.
DG in the real world you have no reason to believe this has ever happened with Horizon
JC correct

DG going to the rebuilding of transaction data in branch. accepts possibility. Enhances robustness, yes?
JC automated way, yes. but when automated way fails, it has to be done manually. they need to get the messages out and import recovered messages onto the lives systems.

DG you’re referring to a process Mr Parker refers to, I think, in his third statement.
JC it might be Parker 2
[they are trying to find it]

[they think they have found it]
DG reads from Mr Parker’s witness statement which describes this process.

JC only quibbles with automatic renumbering of manually inserted text lines. He says sometimes they are inserted manually with textpad
DG asks if he could find that information for him overnight
JC agrees
DG for all this to have an affect on branch accounts it would be rare.

DG Mr Parker says Fujitsu did not make adjustments to transaction data…
JC no the PEAK suggested elements of the message should be changed. the PEAK didn’t say - “change a value”. The real mistake would be accidentally duplicating or deleting transactions.

DG is that likely?
JC there’s always a danger
DG so you wouldn’t change anything - it would have to be a mistake
JC you would have to change something
DG but not the transaction data
JC correct
DG how many times have you seen this
JC there’s a few PEAKS which discuss this...

JC I haven’t searched specifially for it, but I’ve only seen a handful
DG could you bring these to court tomorrow?
JC yes
DG re the evidence you’ve heard and seen about Fujitsu’s processes - needing 2 pairs of eyes so the chances of something going wrong would be very very low?

JC it would be low
DG are there any other forms of data rebuilding you wish to discuss?
JC happy to move on
[quibble about this from claimants’ QC]
[resolved]
DG brings up rare case when we can’t get transactions off a disc and that Fujitsu would notify PO.
So this would involve

… a debate between PO, SPM and Fujitsu and everyone would know the problem and what to do…
JC this reminds me of a case where they lost the transactions and an SPM injected their transactions manually they were then picked up and doubled.
DG so this was recorded in a PEAK?

JC yes
DG could you bring in that PEAK
JC yes
JC adds a note about PEAKS being created by 3rd tier support in Fujitsu. a PEAK is only created post-referral. Before it’s up the Post Office how it is dealt with.
DG are you suggesting if there has been a problem of this magnitude...

… eg doubling of transactions - it wouldn’t get referred back to Fujitsu
JC That is the process which should be followed.

DG is asking if he has any further thoughts on data rebuilding that JC wishes to bring up. [this is very odd - he’s done this twice in 10 minutes - every other xe I’ve seen has been led by the QC not the witness. Something’s up!]

[JC is looking through his report.]
JC no I’m happy with what’s covered in that statement.
DG thank you.
[we go to injecting a transaction into legacy Horizon]

DG it is true messages injected into legacy Horizon would carry flags so that they could be identified in an audit trail
JC yes
DG and that would be the practice
JC though I’ve seen numbers lower than 32 being used
DG why isn’t that in your report
JC its’ more recent...

JC it’s come to my attention more recently than my last report
DG it’s not a criticism of you, but it’s hard to do a cross examination when the goalposts keep moving
JC would you like me to add it to my homework?
DG if you could. sorry i realise you are answering my q's

… but it would have been helpful to have a supplementary report on all this [JC now has a list of documents and examples to look at tonight and bring back tomorrow], but if you could bring that document back I would be grateful.

[we move on]

DG asks him to accept a PO witness statement from Mr Parker that data has been injected 14 times and one of those occasions was changing the transaction data.
JC it is helpful this. I didn’t get to benchmark it tho
DG but you can’t challenge it
JC no I'm not in a position...

… to do that.

[lunch. reconvening around 2pm]

Very surreal moment just now as I find myself in the gents with Jason Coyne and Anthony de Garr Robinson. We end up discussing our best techniques to get the hand-dryer working. It’s been a long three days...

Now Mr de Garr Robinson (DG), the Post Office’s QC, is about to resume cross-examining Mr Coyne (JC).

And we’re off...

DG could we discuss the $1000 PEAK? [this was brought up by Patrick Green QC for the claimants in the pre-adjournment Horizon trial.] This was when an SPMR wasn't told about a change being made… are you aware of any other changes made without SPM awareness?
JC no

For background as to this $1000 problem - here is the piece I wrote about it at the time: postofficetrial.com/2019/03/the-sm…

DG is taking JC through the error in some detail.
[from memory an engineer went into a branch account to fix something and made a mistake on the way out which left the SPM liable for £484. This might be about to be debunked. Last time the PO witness accepted this was what...

… happened.]

[They are all looking at a PEAK or KEL log for this error and going through it line by line eg “it is the best that the branch is not advised.”]
DG raises this and reiterates that this is the only example JC has noted
JC concurs

DG now reading out the solution to balance this rogue $1000 (it was a foreign exchange transaction).
JC agrees the solution should have worked.
DG reading loss of $1000 dollars after the fix went in. Are you questioning that it wasn’t Fujitsu

JC yes I think it was Fujitsu who caused it because the fix was done incorrectly
DG this is a rare occurrence - this sort of fix?
JC yes
DG hammering the point from the Fujitsu log that this sort of fix is an absolute rarity

DG Now Ms Chambers (the Fujitsu engineer) says that the balancing transaction was inserted and you are saying that didn’t happen or happened erroneously
JC yes. can we look at the line of code that was used?
DG it’s not on this PEAK
JC that highlights the problem of searching...

… for this.
DG okay.

DG is describing in detail the information that is going to be put in the message
JC this is not the actual message
DG and you suggest they got it wrong, by reference to another document we’ll get to in a moment
JC yes

DG and you accept they tested this message?
JC yes
DG and it would be a surprise if the test worked and then it didn’t when it went live?
JC no I don’t think their test could replicate the live environment
DG is that fair? they rolled the test stock unit over to see what the...

… consequences are?
JC I don’t know what the set up of the SSC [Fujitsu 3rd tier support] is - I don’t know how much info is there.
DG you are trying to resist my notion that this test worked and therefore it’s unlikely the fix worked
JC I don’t think either of us know what they

… did.
DG you suggest they inserted the wrong figure. [they look at another doc] you say this insertion caused a loss in the branch.
JC yes
DG see the last insertion - TRT - tip repair tool. This is an OCR about changing data in the TPS system.
JC so its not about...

… insertion of data into the message store.
DG yes. so as night follows day that whatever change made it didn’t constitute an insertion into the message store.
JC this is a secondary form of correction after the insertion into the message store
DG doesn’t matter...

… if it is before or after.
DG it’s nothing to do with it
JC it might be, but it is affecting branch accounts
DG no we spent a long time this morning agreeing that the Tip repair tool does not affect branch accounts.

JC could I have a look at the time the reference to the time of the $1000 is made in the PEAK
DG yes
J that’s exactly what I’m doing
[judge and DG discussing the OCR and where it appears in the PEAK]
Judge has just used the word "antepenultimate".

DG saying the value of the figures in the OCP have no relevance to the message store in the branch.
JC resisting saying its the difference between the two.
DG wants JC to accept the fix which the claimants have previously contended caused a loss in branch didn’t.

JC so between the 12th at 1200 and before the 14th Dec when this is recorded.
DG the OCP was raised on 10th Dec and the correction to the message store was made on the 11th.
JC one doc said 12th Dec at 1507 - either the OCP or the OCR.
J that’s the OCR

DG message store is changed on the 11 Dec. On 14 Dec Ann Chambers reviews everything and says it’s all gone fine, but $1000 loss has appeared afterwards.
DG now you’ve latched onto that and said “aha! there’s been an error and that error must be responsble for the loss.” It’s not

JC there were two changes. One to the message store and one to the TPS system
J I think that’s agreed
DG so we’ll move on
J I want to understand the chronology though - and I appreciate you are acting, as you say, on instruction.
[J now talking through what he understands here]

[this is a strong, but inconclusive challenge to the single smoking gun the claimants have unearthed so far. you’ll have to read the transcript when its posted up later to get into the detail]

J satisfied with his understanding of what he is seeing and what has been said.

[we move on]
[we’re now on a joint statement I can’t see. the Post Office legal team tell me they’re reluctant to release the joint statements until Dr Worden has been sworn in. it is their prerogative to do that]

DG you’re not aware of any edits in transaction data in legacy Horizon are you?
JC transaction insertions are possible
DG but no one has got into the message store and edited a line of data
JC that’s what they’re doing
DG the narrow question is...

… have you seen anyone remotely accessing the message store in a branch and anyone changing a value
JC no but I’ve seen them edit other data
DG puts the question again.
JC yes - asks for a document to be pulled up

DG talk me through this PEAK. did you come armed with this document after having completed your reports?
JC no my Lord set me some homework and I started it at lunchtime
J I don’t think I set you any homework…
JC yes, sorry...

DG well this is a voyage of discovery for me so could you take me through it.
JC is taking the court through the PEAK…
DG this is an example of a transaction insertion?
JC yes
DG SSC has a transaction insertion capability
JC yes

DG my question was different. I asked if anyone had gone into a branch and edited a transaction
JC that’s not how it’s done, it’s taken out of a branch, edited and put back in
DG that wasn’t my question
JC this has been inserted, but by taking it out, altering it and putting...

… it back in.
DG you have said there has not been a remote deletion. I’m asking you about editing.
JC it’s an insertion of something which is already there. It’s not a new transaction. It’s been edited.
[we move on]

DG would you agree there has only been one use of the transaction tool to change data in the BRDB?
JC yes

[we have moved on during which I had a tweetdeck crash]
[we now appear to be talking about the TIP repair tool vs the TRT (transaction repair tool)]
DG can you explain the use of SQL line editor to change tables that doesn’t cause problems?
JC it’s quite easy.

[they are talking about different types of recovery data in Horizon and the use of SQL script]
[and KELS and PEAKS]

There has just been a very long discussion about data recovery and the possible problems with it.
JC There are thousands of crashes across the estate every month and the repairs/fixes are usually automated. However some will cause problems requiring SPMS having to call...

… through to Fujitsu third line support at which point they’ll have to look at the Ann Chambers KEL full of the workarounds. That is not an example of a system working as it should.
DG that’s not what I asked you about…
[etc etc]

[we’re now on a quick break before the last session of the day. I suspect we’ll go beyond 4.30pm as DG and JC have got sidetracked by some important discussions. It’s been a fascinating day so far - I just don’t like it when they start talking about documents I can’t see...

… I start losing all frames of reference and then am a bit lost when they get to the point. Also bear in mind JC and DG have been preparing for these three days for the best part of 18 months - so they can go quite deep on technical detail which I have no real understanding of]

[okay we’ve had a break]
DG takes him to his 2nd report "Fujitsu, by creating SQL scripts, could delete relevant records in order to negate previous operations. Whilst this is not necessarily...

…. deletion of transaction data, it is the modification to
operations that are all intrinsic to transaction accounting.”
DG can we agree you are referring to something which is not the deletion of transaction data
JC it’s a balance
DG but its’ not a transaction
JC accepts

[oh good we’re back in another PEAK (a Fujitsu support log of a fault) i can’t see]

DG says it refers to a branch which has migrated to a new system. Because of a glitch in the migration to Horizon online a figure has crept into the new starting balance. It means the branch can’t roll into it
JC accepts
DG quotes gareth jenkins saying an OCP is needed for the..

… BDB which is slightly different from the fix proposed by Ann Chambers. He wants to change the time on the stock units and delete the opening balance for the next trading period to get rid of the rogue figure so stock units and branch will be aligned.

… and can be rolled over into new trading period.
JC accepts this logical.
DG but this does not affect the branch accounts - it allows a way to deal with the glitch
JC yes
DG I think you may agree there was no change to transaction data or...

… the accounting position of the branch.
JS yes I agree
DG am I right in thinking you’ve only seen relatively few numbers of PEAKS of this sort
JC there are a few

DG you’ve reviewed 1000s of KELS, PEAKS, OCRs, OCPs and MSCs and in that process you’ve been looking for instances of remote access affecting branch accounts?
JC yes
DG given the number of transactions over a 20 year period you’ve found relatively few?
JC from the docs we’ve...

… been given, yes.
DG and Fujitsu are reluctant to make changes, and when they do, they do it very carefully
JC from what I’ve seen
DG they’re not cavalier or acting unilaterally or inappropriately
JC agrees
[move on to two docs, the E&Y 2011 report and an internal PO report]

[which JC says suggests lax controls]
DG but you haven’t found any evidence of lax controls
JC no but we have documents which are incomplete and so we don’t know what happened.
DG takes him to the E&Y 2011 report - exec summary p3. Which I can’t see.

DG quotes "the recommendations we make in this report are refinements” and don’t highlight major deficiences…
DG goes to JC’s 2nd report...

"Regarding the specific recommendations in the 2011 audit it is my opinion that the key recommendations directly impact on some of the 18 countermeasures outlined in Dr Worden’s report and therefore are relevant to the question of robustness of Horizon since they offer an...

… opportunity to improve these countermeasures which it appears Post Office chose not to take”
DG asks what evidence he has that PO did not implement these recommendations.
JC goes to the table at section 2 of the E&Y report
DG so that supports your inference?

DG is that what you’re saying
JC sec 2 deals with points made previous year sec 4 for current year
DG so sec 2 doesn’t justify an assertion that PO chose not implement the recommendations. Because its referring to past events
JC asks to go to that doc
DG has a better one...

… to take him to, which he does with JC’s position.
DG shows him a document showing that Fujitsu and Post Office are doing some work based on the recommendations in the E&Y report.
JC accepts that is what he is seeing
DG takes him to another doc.

DG which talks about implementing recommendations. This does not suggest that PO chose not to take action on their recommendations
JC accepts that is the case
DG takes him to another document about enhancing change management process - “enhancing” doesn’t suggest its deficient...

JC accepts this is the case
DG so quite a lot of things being done is strengthening and enhancing change management process.
JC one of the changes discussed was that Fujitsu should tell the Post Office about changes to H
DG you are trying to say in your report that E&Y gave...

… four recommendations which the Post Office chose not to take up. And that is not the case.
JC holds his ground
[DG takes instruction]
DG so far we have not seen ANY proposal recommended by E&Y that hasn’t been acted on in some way by PO
JC agrees

JC but on the subject of privileged user access it didn’t get addressed because we saw the PEAKS
DG goes to the 2013 auditors’ report...

DG bottom of the page "POLsap access review”. - reads - then far right column - management says “complete” and if we go back to p4…
JC hang on - so it’s just saying it’s not included in the audit any more?
DG what isn’t?
JC so in 2011/12 improvements were recommended...

… we noticed improvements, but then finance excluded.
DG look at the far right column - the answer to your question is no.
JC okay
DG you were aware of these documents weren’t you? You did read this documents, didn’t you? Before making your claims in your report

JC and point number 4 is about accepting that the risk exists.
DG that has nothing to do with your claim in your report that they chose not to improve their procedures. Do you see?
JC right - so this is the 2012 audit and this is the first time this issue has arisen...

… is that what you are putting to me.
DG I am not sure if the proposal was made in 2011. But you are making crits of the PO throughout your 2nd report. You claim that the PO did not take these recommendations up. You looked at all the docs and decided that PO chosen not to...

… take up the recommendations made. That is not supported by the evidence in those reports. Not every single jot and tittle, but they did clearly respond. You have now seen this evidence.
JC it appears I have made a mistake and should have referred to the 2012 audit.

DG are you making an assertion about the 2012 audit or the 2013 audit.
JC I’d have to look at the 2012 audit again.
J well we’re in 2013 report and Mr DGR is taking you to p4
DG reads from p4 - DG calls this a ringing endorsement from the auditors about POs enhancements, yes?

JC agrees.

[there is a slight pause whilst DG checks his documents]

DG reading again about notes from change management controls assessment by E&Y in 2013
JC says I have never seen a situation in any other company before where two serious changes were made to a system and the customer wasn’t told

DG hang on we’ve discussed all this
[explains situation] and I think you agreed it was a sensible thing to do.
JC it’s poor position to be in, but it was a way out
DG what gives you the right to state that
JC because it affects the system
DG but it’s not about access controls...

DG which is what you’re talking about in your report. Your report depicts a very different picture from that painted by Ernst and Young.
JC I thought you were going to take me to the section in the E&Y report about privileged user access
DG the 2011 one?
JC yes,
DG my question to

you is about what you have written in your report
JC I’m confused about this as I thought you were going to take me to the section of the report about remote access
DG I’m not going to debate with you what I am and am not going to take you to. My question is after your...

… repeated criticism of the Post Office throuhgout your second report why you chose not to put the contents of the 2013 E&Y report
JC it wasn’t conscious
DG but it must have been conscious to put the criticism in
JC I was trying to find problems relating to errors bugs and...

… defects.
DG no - you were just trying to lob coconuts at the Post Office
JC no that’s not fair. it’s not about that - it’s about identifying weaknesses and areas which haven’t been acted on.

[we move on]

DG has just been asked to look at a joint Post Office/Fujitsu document about IT infrastructure re failed access attempts.

Sorry JC has just been asked to look at this report.

DG asks him to read the assessment and accept it is good
JC does so but also wonders if this is the right document
[I’m totally confused]

J steps in to say although DG says from time to time we are having a discussion or debate. We’re not. He’s cross-examining you, so you need to follow his questions closely. If you want to raise a wider point or issue that’s fair but you need to focus specifically on what...

… you’re being asked.
JC understands.

[we return to the document DG was taking JC through]
DG lists a load of stuff and says this contributes to the overall robustness of Horizon, doesn’t it Mr Coyne?
JC yes
DG reads more control objectives and notes they’re quite important in the light of criticisms in...

… JC’s report.
JC agrees
DG continues to read about the control access procedures listed. Quite important again in the course of these proceedings?
JC yes. which is why I am quite surprised how many were brought up in an earlier E&Y document.
DG but between 2012 and 2017...

… there was only one deviation from the standards, which in fairness I’ll take you to. [it is the 2015 E&Y report]
DG one POLsap user could develop software - this issue was flagged and resolved before the audit published. Only one user and it was resolved without any problems.

DG so over 5 years - two minor issues.
JC yep
DG in your report with your criticisms don’t you think you should have balanced it
JC you’ve just taken me through a lot of things not relevant to my criticisms.
DG you should have had proper regard to the audits before criticism?

JC yes that would have been helpful.
DG would that be a convenient moment?
J it would. Would you like to start tomorrow at 1015?
DG I would love to start tomorrow at 1015.
J I think there are only a few people in this courtroom who share your enthusiasm for that...

… however I am one of them.

[J checks witness is okay to start at 1015. Claimants’ QC confirms he has agreed with DG that his re-examination will start at 3.45pm tomorrow]

And we are done. I’ll unroll the tweets and get a brief report up tonight along with the transcript.

It’s been another long and very dry day, but there have been some interesting moments.

If you’ve enjoyed this thread, please do take a look at postofficetrial.com ...

… which is where all the reports about this litigation (and transcripts and court documents) are posted.

If you haven’t donated before and want to chuck a few quid in the tip jar I’d be enormously grateful.

Contributions of £20 or more get on the secret email list.

And a world away from the dryness of today a lady who introduced herself as Emma has just come up to say hello. It’s her first day at any hearing in this litigation. She’s been here on her own. She is Julian’s daughter. Julian is no longer with us, but this is what I wrote...

… about him when I heard he had died.
…whatyouwishfornickwallis.blogspot.com/2016/08/julian…
His widow Karen remains a claimant in this case. It’s just a reminder this litigation is about human beings, not a computer system.
#postofficetrial
Back tomorrow at 1015.
N