We are back in court 26 for day 20 of the Horizon trial. Final day of cross-examination for the Post Office’s independent IT expert Dr Robert Worden (pictured). Live tweets to follow. The hashtag is #postofficetrial - more info at postofficetrial.com

Dr Worden is being cross-examined by Patrick Green QC for the claimants. Sir Peter Fraser is the managing judge. For more info on this long-running (and insanely expensive) litigation, see postofficetrial.com

Usual disclaimer: I am paraphrasing and describing what is happening/being said in court. Nothing is a direct quote unless in “direct quotes”.

DW = Dr Worden
PG = Patrick Green QC
H = Horizon, the PO’s IT system
PO = Post Office
JC = Jason Coyne, the claimants’ IT expert
DG = Anthony de Garr Robinson QC for the Post Office
H1, H2 etc = the Horizon Issues
(what this trial is all about: postofficetrial.com/2019/06/horizo…)

Okay here we go...

PG: DW - yesterday we arrived at a point where you’d seen the Fujitsu (F) presentation about the Dalmellington bug and the £25K outstanding. Let’s go to that in your expert report...

[it has a whole chapter called The Dalmellington Incident]
PG that very title suggests just one event.
PG takes him to a line which says: "Post Office and Fujitsu were concerned that Horizon should not induce the user to make such an error, even in rare circumstances...

….So, a KEL and a Peak were created, and this problem in Horizon was fixed.”
and
"To make this point more clearly: in my opinion, for many KELs, it would have been obvious to Fujitsu that any error in branch accounts...

… would have been corrected in due course, by the normal processes.”

PG saying how he goes from the specific re Dalmellington to the general re error-fixing and then back to specific re Dalmellington.

PG notes he refers specifically to Torstein Godeseth (TG) witness statement re Dalmellington (TG is Horizon Chief Architect) and a note by Fujitsu’s apparent Bug Finder General Anne Chambers (AC) who is very conspicuous by her absence in this trial.

PG points out that nowhere...

… does DW point out that the Dalmellington bug affecting 88 branches with 112 incidents
DW accepts
PG There are two reasons for this. You didn’t know or you did know and you chose not to mention it.
DW the latter - over the whole sequence of several years...

… the only error was a quickly done remming error. All remming errors get corrected by TCs.
PG would it have been helpful to note errors which had potential to have an impact on branch accounts
DW they did have a TRANSIENT effect, but not a LASTING one
PG could have mentioned...

…. it tho.
DW I could have mentioned the 112 errors which happened over the years compared to the 20,000 manual errors made every year, but if I didn’t I’m sorry
J where did you get 20,000 from
DW the table which says there are 100,000 errors a year and approx 20,000 are...

… remming errors.
[DW is much less chuckly old prof which he has been over the last two days and quite grumpy today - I prefer him like this. Spikier]
[we move on]

PG is now looking at a table of bugs which have an impact on branch accounts the Remming In Bug which JC found but DW does not acknowledge. DW says: "As for the Dalmellington bug, above – PO had a robust process...

… for detecting and correcting remming errors, whatever their origin.
So, there were no lasting effects on branch accounts.”
PG takes him to appendix of his first report...

[which took some time]
we are still on the Remming in bug
PG asks if DW has looked at the PEAK behind the KEL behind the bug he cites in his table
DW says he hasn’t read the PEAK
PG it shows an error of £20K, which suggests its v serious.

DW but I understand the process of remming TCs and it is my understanding they are resolved.
PG did you look at the other PEAK in this KEL
DW no
[we look at it]
“this is not another example of the duplicate rem system which we have seen in the past"

We go down the PEAK - AC says: “Gareth Jenkins thinks it should not be possible to complete the rem in on both counters, please investigate”
PG if that is the case - if GJ was right - that then was a bug in the system.
DW yes
PG if he was wrong, it was a defect for allowing...

… him to do it.
DW i see - something has gone wrong yes
PG so it’s a fair question
Dw yes
PG and it affects branch accounts
DW you get a transient error
[PG lets that hang - this is the battleground - DW introduced the idea of LASTING impact on branch accounts...

… which wasn’t in the H issues. He sees many reported bugs as TRANSIENT in that he claims they all get or got resolved by countermeasures. J asked him how long a bug can be transient - DW said months]
[the public “gallery” was empty until now. Sue Knight has just walked in]

[Sue lives in the Lizard in Cornwall. She was prosecuted by the Post Office and was advised to plead guilty to false accounting. She refused on grounds she thought she was innocent and the prosecution melted away. True fact. You can watch her story here: …whatyouwishfornickwallis.blogspot.com/2014/12/the-on…]

[DW and PG we are going through a list of bugs…]
PG this was a lasting bug
DW but they took a decision based on its frequency that it was not worth addressing as it would get picked up in the remming process
PG it was a lasting bug
DW it might have got fixed in the next release

PG that’s speculation in favour of the Post Office
DW yes you’re right and I shouldn’t have done that.
DG stands up - could m’learned friend distinguish between a lasting bug and a bug with lasting effect?
PG I think DW knew what I meant
DW I did.

[we’re onto Local Suspense Issue - which DW does not acknowledge. He says: "The KEL acha5259Q implies that PO and Fujitsu were able to identify all occurrences of the problem, without being notified by any Subpostmaster...

… . I would therefore expect them to have corrected any impact on branch accounts as part of normal error correction processes….

…. I would not expect evidence of all corrections to accounts to have survived to the present day. Peaks and KELs are not used to record corrections of financial impact….

… Fujitsu analysed the KEL (Parker WS) and said: ‘Temporary financial impact which would have been cancelled out in the following period by a corresponding discrepancy’”
PG did you read that KEL?
DW possibly

PG we see it had the possibility to cause an impact on branch accounts and probably did
DW yes

PG is reading more from the underlying KEL - how the bug had hit a number of branches and had the capacity to do so again. Did you know how many branches?
DW no
PG let’s have a look - 33 in a couple of weeks of testing
DW but potentially more
PG you hadn’t spotted that?

DW my analysis was not about bugs, it was about their lasting effect.
PG did you look at the PEAK for this bug
DW doubt it
[PG goes to the PEAK]

A KEL is a Known Error Log of incident PEAKs. PEAKs are generated by Fujitsu 3rd tier support when a problem is passed to them by Post Office 2nd tier support. KELs can contain many PEAKs if a problem persists or appears in a contingent iteration.

PG reading from PEAK saying SPM was bounced back by 3rd tier support to 2nd tier support because F thought it was a balancing error. They got that wrong
DW yes
PG and that is an example of User Error Bias
DW accepts

[we are looking at PEAK I can’t see re a “Java Exception” bug causing rollover and subsequent discrepancies, screen freezes etc]
PG you didn’t see this, did you?
DW no

DW many PEAKS will show problems and fixes that don’t work. The KELs distil the information

[PG reads on] lots of incidences etc… you didn’t read this?
DW I read the KEL and formed the opinion it was a transient effect so I didn’t drill down.

[we are on to failed recoveries]
[we are looking at a KEL with more than 2000 PEAKS in it from 2010 to 2018]
PG if something is handled by NBSC and sorted straight away - it doesn’t make it to F support?
DW no - you can fix yourself, and go to NBSC and yes then get to F support.

PG and some failed recoveries can be done in branch, some go to NBSC…
DW not sure - some go via MSC…
PG well let’s look at JC’s report - 2472 PEAKs which are potentially listing a discrepancy in branch accounts.
DW its about temporary discrepancies...

PG let’s park the issue of temporary for a moment about which we’ve heard a lot - what JC has written is fair? yes?
DW this issue between the experts is that JC believes a lot of the failed recovery can be automated and I don’t - it’s very delicate…
[we move on to reversals]

PG reads:"In April 2003 due to a failure in regression testing, Horizon version S30 was released by Fujitsu and this introduced a bug where the value of transactions reversed by Subpostmasters was shown twice in the amount of the reversal in branch accounts...

…
PSteed2847N (the KEL associated to the PEAK record (see Supporting Evidence column)) records: “the PM should be contacted to say that the problem is due to a software error and that they should ask the NBSC for balancing procedures”.

PG and you put: "Transaction reversals are a complex area which, like recoverable transactions, are less familiar to Subpostmasters...

… and are more prone to human error. They lead to many calls to the help line and to many KELs and Peaks - not necessarily related to any fault in Horizon.”
[they have a chat about this]

PG showing him how a witness statement about an error caused by an intermittent power failure from Fujitsu replicates his report.
DW They copied my report
PG so where did you get the info about this bug from then
DW from the KEL or PEAK
[we move on]

[now looking at a Drop and Go problem disclosed on 30 May 2019 (ie during this trial). It is a PEAK created in August 2018]
PG reading F engineer report: so the mystery is how a top up of £30 appeared in a basket without being credited to anyone. We’ve heard about this before...

… but not had enough evidence.
PG breaks to say that we’ve seen evidence before of F engineers closing calls when they don’t have evidence
DW yes a black mark against support for that
PG continues reading:

"Here are the keystrokes and evidence from the counter which might help ATOS”
PG so we’ve got actually keystrokes listed here
DW I don’t think they are, I think they’re event logs
PG so you think, somewhere in the system you can find these keystrokes
DW pretty sure. yes

PG lets look at the CD balance top up script in this KEL and look at the fix applied to it - see here "Drop and Go top up live issue fix”
PG this was also disclosed on 30 May so you may not have seen this before…
J what’s the date on it?
PG this doc is april 2018...

PG and the fix report has the same script as noted in the KEL. It says the script had a bug in it which incorrectly allowed the transaction to continue after a timeout and there is a fix that goes in.
DW yes
PG this document - having identified the bug and the fix. Is dated...

… April 2018, but if we look at the PEAK which demonstrates the same problem, it’s August 2018.
DW so afterwards
PG yes and we see that whoever was writing the PEAK [Henk Bakker? sounds like] - the bug is a mystery to him.
PG so there’s been a detailed fix in April

… but still a mystery several months later.
DW it’s a different branch. it seems a similar problem
PG it’s the same script in both docs
DW did we look at that
PG we did - well we looked at the name. it’s the same
DW it is

PG I put it to you it’s not very reassuring is it?
DW well fixes do go wrong. That does happen.

[we rise for a short break. I am going to risk a Rolls Building coffee machine coffee. If the machine is working]

[we’re back. DW has inadvertently left his Pret Takeaway cup behind him on the judge’s bench. Judge saw it and scowled as he walked in but didn’t say anything.]

J has just said “so am I right in saying in the bottom corner e2 =l/x?”
[I’m playing catch up. I was distracted by the coffee cup]

[okay we’re going through DW’s statistical calculations.]

DW the whole table is my assumptions of fact and if I’m wrong on any of them, the court can put their ones in, which is why I produced the formulas
PG in terms of number of affected branches by particular bugs… receipts and payments mismatch - 60 to 62, Callendar Sq 30

… Dalmellingon 88…
DW doesn’t accept Dalmellington
PG okay accepting that - if we were to look at the branches affected by bugs…
PG so 148 bugs affecting 48 branches each - so that 6960 bugs, multiply that by 258 and we have 30+K, or if we go to favour the PO, we have...

… 20+K.
PG now there are only 550 claimants. On actual incidents of bugs affecting branch accounts - that is totally consistent, is it not?

DW Over pop of 30m branch accounts, claimant POs had 50,000 of them
PG we’re back to Penny Black
DW no we’re not -we’re doing maths - 32 x 50/3 = 1 occurrence of a bug to each claimant during their tenure
PG thank you
[! - DW just seems to have accepted the maths...

… that says its plausible each claimant could have been hit by a bug in their accounts. We can all pore over that in the transcript]

[so this trial really is about error-correction - countermeasures - suspect claimants will say they are not as “robust” as DW thinks they are or

should be]
[we have moved on]
PG There were no service audits of H before 2012
DW non disclosed
PG there were the 2010 and 2011 E&Y audits… let’s go to the 2010 audit...

PG reads: there was no SAS70 audit of F control environment available - told it wasn’t done due to bespoke F environment which made it too costly so E&Y did their own…
PG they say: "we continue to face difficulties getting accurate info from Fujitsu…” had you read this?

DW not sure - probably not
PG reads: in relation to control observations POL has made significant changes to its IT environment including bringing Credence into scope for the first time - so this suggests Credence was never part of any audit if any were taking place.
DW whereas..

… POLSAP may have been
PG exactly
PG reads: so we established a key person at F to deal with the difficulties of auditing H, but we had real problems obtaining information
PG now - if you are record-keeping properly you should be doing so in real time
DW yes
PG and they weren't

DW well we don’t know the nature of the challenges they were getting
PG reading out level of top level access to H system - which had been going on for some years - is dramatically stopped.
DW yes I don’t know about dramatically

DW bear in mind these challenges we were talking about were coming at a time when F were preparing to go from legacy H to H online
PG so you’re trying to think up excuses for Fujitsu
DW no I’m just trying to think about what might have been going on

PG this is the E&Y management letter looking primarily at accounts… and it says it should not be relied up for forming opinions about weaknesses in H - recommendations should be seen as refinements rather than fundamental control deficiencies.
So they’re expressing...

… concerns
DW yes about governance (ie what control PO have over their own system) and control environment which is access…
PG you heard there were a number of concerns expressed in relation to generic accounts etc - let’s go to the PEAK on APPSUP

[they do]
PG we’ve seen this several times before. This starts in the progress narrative 1 Feb 2011 - SSC (F support) database users do not have the correct permissions.

PG and you can see further down the page. user Dave Hayward 6 May 2015 - so this goes from Feb 2011 to May 2015 and you didn’t deal with APPSUP in your reports -
DW no I didn’t
PG and it’s a very powerful role
DW yes
PG JC identified it and if you look under Dave...

… Hayward’s name - there is a list of people who have access and it states it is contrary to security policy.
PG and your definition of robustness requires a strong policy which is carried out
DW yes - but it’s proportionate
PG if you have an acceptable security policy...

… but it’s not followed. It’s still a problem.
DW yes
PG and if the hole in the security policy is a role which is extremely powerful - it magnifies the risk
DW yes but the F lot were pretty trustworthy
PG you haven’t met them
DW but I’ve read loads of PEAKs and KELs...

PG let’s look further down the note. It says “customer not aware” - so PO are not aware of incorrect permissions being given to SSC
DW yes
PG reads down - so there’s a tiny tidy up task script produced by dev, but the people in SSC were using the APPSUP role so they...

… couldn’t use the script because it was sent to SSC. Who weren’t using SSC roles because they were all on the much more powerful APPSUP role.

[PG is using this example to argue that many or all of SSC staff were using the APPSUP role which sounds like a universal access]
PG so there’s a discussion lower down and it states that SSC users have ALWAYS been APPSUP.
DW accepts

PG - AC adds “when we go off-piste, we use APPSUP, can we have both” - what do you think that means
DW either things we’re not supposed to do, or not doing what we usually do
PG neither of those two categories are hermetically sealed?
DW absolutely

PG reads from another doc: APPSUP is extremely powerful and should only be used in special circs and temporarily for emergency data amendments in BRDB live. It is a security breach if any user has access
PG now- you hadn’t picked up on APPSUP as a role in either of your reports

PG and you weren’t aware there was a standing MSC for any changes to be made
DW “standing” MSC?
PG were you aware of what that was?
DW no

PG you can see that… in April 2013 Andy Beardmore - the initial motive for this PEAK was to ensure everyone had SSC access - because too many people had too many privileges because of the APPSUP role.
DW this is recapping what we’ve been through
PG yes

[DW much less spikey after the break than he was before]
[PG reading from PEAK about this security issue]
PG it looks at this stage there is tidying up going on with users, but there is a release PEAK which stops NEW people having access to APPSUP role
DW don’t know enough...

… about it.
PG traces a line about continuing cocerns re security access up to 2015. So the security policy was still being breach up to 2015.
DW yes
PG and you hadn’t picked up on it because you hadn’t read that PEAK?
DW accepts
PG and you hadn’t reported on APPSUP either
DW no

PG takes DW to the E&Y 2011 audit.

PG reads: inappropriate privileged access at the Oracle database level - it is recommended a periodic review is performed to ensure no wrong access is allowed

PG reads: where access is deemed to be inappropriate, this access should be revoked immediately.
See that?
DW isn’t quite sure how the table they are reading from marries up

DW but agrees when he is satisfied that it does.

PG reads further in this document about a failure of record-keeping by Post Office and F for changes to branch accounts
DW so all of this is saying PO need to be more involved or formally need to record stuff
PG there was no internal control to authorise fixes - increased risk..

… of fixes not being tested or approved prior to migration to live
DW agrees
J asks DW how would you described script to a layman
DW a sequence of steps to execute a computer business process
J line of code?
DW yes a line of code

[the short adjournment]

Went for a wander during lunch with Sue Knight - they lady who was prosecuted by the Post Office after she gave them several decades of service. She reminded me of a detail of her story I couldn’t put in my One Show piece...

… which was that after the Post Office case against her collapsed (when she refused to plead guilty) a Post Office security manager walked up to her as she was standing by her barrister, shook her hand, gave her his card and said...

…“well done, Sue. It should never have got this far”.
Sue sees this as a human act of magnaminity amid the madness of her prosecution. I see it as something rather different. She carries that man’s card in her purse as a reminder that good people exist and as she showed me it...

… she burst into tears outside court.

Sue travelled six hours to get here today and has to leave early to travel six hours to get back tonight. She felt it important to bear witness to these court proceedings...

… and she says she is not bitter about what happened to her.

Sue and her partner live in rented accommodation. They were forced to sell their house because after losing the income from her Post Office it became unaffordable...

… Sue has to be at work at 7am tomorrow morning even though she is past retirement age. She and many claimants like her are still having to work because their life savings have been swallowed up by what happened to them. Jo Hamilton is sitting next to Sue in court today...

… he is working outdoors in all conditions as a landscape gardener at the age of 72, because they have nothing.

Some of the claimants’ situations are pretty bleak. They are the only ones in this courtroom not getting paid...

… and it’s why the turnout in court is diminishing - travel costs, work demands, sheer exhaustion…

Anyway. Thought I’d balance up my usual flippant tweets with something else for changes.

And obviously I haven’t checked Sue’s anecdote with the man who came and shook her...

… hand and told her she shouldn’t have been prosecuted.

But now I have a photograph of his card, I will.

Okay back to the court tweets.

Dr Worden has just admitted something PG has put to him has made him change his opinion on something. I’ll make sure I’ll look at this when I get the transcript tonight. Sorry.

PG now looking at Richard Roll’s (Fujitsu whistleblower) witness statement and what DW has to say about it in his report.

PG is still talking to DW about security controls and RR’s assessment of them.
PG has pointed out that DW disagrees with them based on...

… on what he has read in the services audits about hte controls which “would have” been in place.
PG points out the earliest services audit is 2012 and RR left F in 2004.
DW good point.
PG an apology due to RR there?
DW I’m sorry I shouldn’t have put that in my report.

[we are now looking at event logs and their general visibility]
PG when you say visible - would these be available to SPMs?
DW oh no.
PG so let’s have a look at some logs
[we do]
PG I wasn’t talking about those

Sorry DW says that.

PG are you talking about ARQ logs then?
DW no
PG what are you talking about
DW there are tools available and lots of people spend their time looking at them - you can pull them out on the day
PG on the day? and would this include keystrokes…?

[DW isn’t clear exactly which logging data is which and who would see what on it]

[we go to the issue of remote access]
PG you agree with JC that PO could do more or less anything...

DW yes
PG and you looked at the issue of access at the counter - [reads from doc] - it is difficult for experts to say x or y never happened because of the complexity of the system
PG that pertains to what you were saying about plumbing the depths and it being a swamp...

DW yes, layers and layers of complexity.
PG okay let’s explore this.
PG this is about F access to H. Did F have the ability to insert or inject and the answer is yes and you explain why
Fixes is yes and rebuilds is yes
b) without knowledge of SPM and you say “no"

“changes would be visible in branch”
PG Can we focus on this?
DW I think it’s been superseded by the joint statement
PG so you can’t exclude it
DW yes

J asks if that’s a yes it can be done or a don’t know
DW don’t know
[weirdly the public gallery is now rammed - a bunch of people have just walked in and plonked themselves next to Jo and Sue, and there are loads on the PO side. Both were virtually empty this morning]

DW the whole issue of visibility of data to the SPM…
PG is difficult
DW yes
PG so even if PO gave the SPM ARQ data
DW I don’t think they should be given ARQ data
PG Okay so if PO requested ARQ data to show and explain to the SPM, the SPM would have to have remote access...

… in mind as a possibility, wouldn’t they?
DW yes
[ we go to the Post Office response to the Panorama programme I co-produced on this story]
PG reads: there is no evidence of transactions recorded by branches being altered remotely
DW: didn’t see the programme

PG in 2015 PO were in response to a BBC documentary Panorama, which Mr Roll was on saying there was remote access, the PO are forcefully saying no there is no remote access. How would an SPM consider remote access, even if they were to get the necessary data?
DW I didn’t...

… consider PO’s public position.
J what about the statement that branch transactions can’t be changed

DW the DVA can do anything and we can’t say what can’t be done - it could be but there’d be a discrepancy between the audit store and the branch

J but changes could be written to the BRDB?
DW yes
J okay. Mr Green - I don’t see much value to me in questioning an IT expert on the Post Office’s public position on this subject.

[PG talking about logs of F access to horizon and the data trail - they ...

… only recorded log on/log off until 2015.]
PG and you looked at the post-2015 access logs to see what more info there was
DW I didn’t get very far with it because of the way the info was set out
PG goes to TG’s WS which states the level of access post-2015...

… and that there was only log on/log off access before 2015.
DW agree - I didn’t go into privileged access logs much

[everyone who was in the public gallery has just marched back out again. maybe they got the wrong trial]

PG you agreed the privileged user logs were hard to understand and not a very useful source of information about remote access ncluding balancing transactions
DW yes
PG and you say the same about the Managed service user logs
DW yes, but I”m less sure about that now having...

… looked more at them.
PG change approvals are meant to be in the OCPs and OCRs
DW not sure how MSCs, OCPs and OCRs overlap
PG they ought to be somewhere in there?
DW yes
PG no one id’d the APPSUP role to JC - he had to find it himself.

PG so JC can see the APPSUP user group was used 2K+ times between 2009 and 2018 with usernames including Anne Chambers etc from SSC
DW yes they do
PG and in response TG said to JCs findings - he confirms the APPSUP role - is privileged user access to BRDB but there is no evidence

… of it actually being used to change transaction data.
PG goes to Mr Parker’s WS and he comments on APPSUP - it’s not a new type of remote access and refers across to TG - those logs suggest the APPSUP role has been used 2175 times to make emergency amendments to the BRDB

… but it isn’t clear.
PG now neither Mr Parker or TG looked at the logs, and you’ve agreed they’re hard to look at, whereas JC has and got this answer
DW yes but Mr Parker works there and would know how SSC works better
PG you agree that if these logs are hard to read...

… it means there isn’t a meaningful way of monitoring exactly what privileged user access users are actually doing.
DW on this disclosed evidence, agrees.

[point PG has just spent a long time making is that lots of people had top level access to H when they shouldn’t have, and it’s not been possible to know what all the people with top level user access to H ever did]
[we now go to OCPs and OCRs]
PG notes the four eyes protocol...

… which requires someone to sign off a change to H.
PG notes that the overseer of this engineer’s work in this particular document was himself - he’s making a change to hundreds of branches and he’s monitoring himself
DW yep, looks like it
[short break]

[we have established that our visitors earlier were at the wrong trial]

[okay we’re back]
PG takes DW to an OCP 2 March 2009.

PG it’s to insert corrective transactions at the branch - you can see raised AND monitored by Anne Chambers [another example of self-monitoring] and another one purging migration data raised AND monitored by Anne Chambers
[then goes to another one] and we see raised AND...

… monitored by a Mr Ramchandran.
So it’s not recorded, the four eyes, always, in the way you would expect
DW agrees
[we move on]

PG now remember where F said that as far as he was aware the SQL insert tool had only been used once.
PG in a well-maintained system, people shouldn’t be working from draft docs which haven’t been approved
DW yes, but it happens much more nowadays - phases overlap...

PG okay this is from 2007 doc design for Transaction Correction tool [sorry that’s the one which F says it was only aware it had been used once] - it will allow people insert transactions WARNING the use of this powerful tool has risk. If the SQL is wrong it could cause...

… serious unintended consequences.
PG so - there was a perceived need for the tool, that it was a powerful tool, there was a need for protections, clear guidance and a table to which it writes so its use can be audited.
PG we’ve seen from AC about wanting to go off-piste...

… through APPSUP how it was valued. And we now know the APPSUP tool was more powerful than the transaction correction tool and had fewer controls.
DW agrees
PG takes him to a 2010 PEAK to amend the TC tool
DW to amend the templates, more precisely
PG if there was no...

… perceived use for the tool in the future, it would be a surprise to develop the template for future use
PG the TC tool was carefully designed to meet a need. it’s common ground it was only used once and there were occasions where it could have been used and the APPSUP tool...

… was used instead.
DW got to be careful, because F only would go off-piste if they really needed to
PG how do you know. the APPSUP tool gave them such freedom that they didn’t need the TC tool
DW but they only did it if they really had to.
PG let’s go to JC’s report...

… he says more than one injection has been done for following reasons: the TC tool created in 2012, there is a list of changes and template changes etc. this suggests modifciations and balancing transactions within the BRDB is not unusual
DW I think most inserts were not TCs

PG is JC’s not a reasonable opinion to hold
DW the tables it has been designed for are not the ones which could affect transactions
PG but you could use it to affect branch transactions
DW it was only used once for balancing transactions - it may have been used in other ways

PG is that conjecture or do you know that
DW is pretty sure he knows
PG but we know F engineers very much valued having the APPSUP role
DW they needed it sometimes

[we move on - PG only xe-ing DW till 4pm, then there’s re-examination by DG for the PO for half an hour]

PG this is a doc dated 24 May 2019 so absolutely no complaint about it being disclosed on 30 May.

PG it is called Global User Process Management and it is about risk of access to Horizon…
PG actions taken - 32 people who had already left business were removed
PG next steps - no current owner of the process, but the no one has owned data integrity for several years

PG not great is it?
DW no something’s fallen between the cracks here

PG the more investigation that’s done and the better the problem is recognised as a system problem, the more documentation we’d be likely to see about it
DW F’s preferred method is to fix things quickly, so if things are fixed quickly we won’t see much documentation

PG Finally let’s look at the wording of the last page of your report. Did you find that document you refer to [? not sure what it is]
DW no I was pointed towards it
[n further questions]
[reexaminations by DG for the PO]
DG you were asked questions about the gaps in the...

… columns and you decided the gaps were not significant. is that right?
DW correct
DG it was put to you you’d put false evidence about that later and the premise on which that was put to you was that...

… you were told you couldn’t possibly have chosen the column with the gaps in on purpose.
DW i remember
DG it is a surprising suggestion and I wish to explore it. The info you got this from was an Angela van den Bogerd witness statement…
[ he does - I thought this was a...

… tiny point, but maybe DG is keen to get it straightened out. Don’t know why. Maybe because PG raised an issue of the witness's integrity? can any lawyers help out here?]

DG what do you make of the suggestion you made a stupid mistake and should have used column F?
DW F is not the column to use and that is blindingly obvious
[we move on to ARQ data requests]
DG it was suggested to you that there were various costs attached to ARQ requests.

DG and it was suggested to you that a figure of more than £200 for an ARQ request was much lower than £450 that the £around 250 figure was yours...

DW the point was that if you’re doing 100,000 ARQ requests a year charging £200 a go is ludicrous.

[DG says the line of qs...

… on this were an attempt to impugn his integrity]

DG takes him to Callendar Square PEAK - from Sep 2005. You agreed the bug had been around since 2000
DW I agreed the cause had been around since 2000
DG the impression may have been given that it was undetected until 2005 and I want to explore this
[reads from PEAK and says…]

[it notes it’s a well-dcumented Horizon problem]
DG what should we infer from that
DW well we know F knew about it and they were trying to get Escher to fix it and had been doing so for five years.

DG the impression may have been given you only looked at KELS - how many PEAKS did you look at?
DW loads for all sorts of issues
DG but large numbers by the time of your first report?
DW no
DG how many
DW a couple of dozen

[we have gone back to Callendar Square]
DW saying manifestations of the CS bug would have been double entry accounting which would have got picked up by the back end systems
DG what does this PEAK show us about CS?
DW that the Riposte problem would be easily picked up. Easily.

DG and CS?
DW yes CS as a manifestation of the Riposte problem too

[as with previous re-examinations we are zipping around between subjects - DG is attempting to cover 3 days in 45 mins as PG had to do four days in the same amount of time last week - it’s basically seems like a process (I’m sure a lawyer will correct me if I’m wrong)}

… whereby anything that the “home” QC heard during cross-examination which concerned them, mainly for lack of clarity about the witness’s position or understanding of that position in court, can be explored and clarified so the judge is in no doubt.]

DG were you aware of any symptoms of the CS bug appearing after the fix went in
DW no
[we move on to “grey” power problem]
DG you were asked some extraordinary questions about this today - your comments on JC’s first report about KELs… if we go to your analysis...

DG “this was caused by a complex “grey” communications failure” and you were asked where you got the word “grey” from.
DW I imagine it was the KEL
DG well let’s have a look - under the heading May 2010 - there is a discussion about black and white comms
DW grey is not in...

… the KEL.
DG no
DW I would possibly have made up that word myself [chuckles]
[no further questions]
J you were asked about privileged user logs - you said they were unclear - you said you couldn’t get to the bottom of it in the time you had - how long did you spend on them?

DW less than a day
J relatively recently you served your third report on the court. I am not going to ask you any question on its contents, but how it happened.
J the docs you relied on are PEAKS KELS OCRS OCPs etc - when did you first get access to those docs

DW - KELS was way back in 2018, OCPs and OCRs was a months
J a while
DW yes
J have you ever served one of your expert reports on the court directly before
DW no I’ve had it done to me but I haven’t, no
J you sent an email to my clerk

DW yes I was advised to do it
J by whom
DW the Post Office lawyers
J and did you draft the covering email yourself?
DW yes
J did you show it to anyone or have it approved?
DW no
J okay thank you. your evidence is finished.

J date ordered for submissions in writing
oral closing is 1 and 2 July - a day each
J 1st and 2nd of July I look forward to seeing you all then.
[judge rises]

So that’s it - I’ll get a report up around 9pm tonight and the transcript will go up as soon as I receive it (usually around 7.30pm).

You’ll find both here postofficetrial.com where you’ll also find a wealth of reports, docs and info on this trial.

I’m very grateful to anyone and everyone who has followed, replied, retweeted etc over the last two weeks. Your communications have created a wealth of info I’ll try to plough through next week.
This means new stories going up on postofficetrial.com even though court...

… isn’t sitting. If you want to be alerted to them and get an occasional gossipy “secret” email with lots of info about the story, what’s happening behind the scenes etc, please do consider joining the secret emailers - there’s a tip jar on postofficetrial.com

A final thank you to everyone who has donated well, ever, but especially over the last two weeks - it’s great to know people are interested in this litigation and the reporting of it. Your funding means I can keep doing this and I do want to see it through, whenever that might be

Given the Post Office has requested permission to appeal the first trial judgment at the court of appeal and I did hear casual mention of a fifth trial next summer (not in court so you can’t tell how serious it was), there are potentially (with appeals) at least 18 months to go.

which is not great for anyone. but there you go.

Have a great weekend.

#postofficetrial