B (4:23)

Well, even. Even during the training, which was in this, like, training place, nobody could understand the software too well. It was very clunky. It was Windows NT, which even in 2005 was old. I think it was discontinued in about 1996. I think I might be wrong with that. But they had a special contract with Microsoft just for them to keep the Horizon software, you know, updated and things like that, because that software was totally void by then. So they had a special contract just with them, paying them a fortune just for Microsoft to Keep updating it, because the cost of replacing it all would have been so high. This is one of the reasons why we ended up in this situation. We did, really, because it generally worked. It generally worked, but it was, when it went wrong, how they dealt with it, and this was the problem generally.

A (5:15)

Worked is a red flag, especially in financial software. To see why even a tiny glitch mattered, you need to see how money actually moves through these Village Post Office. Running a post office wasn't just about selling stamps, right? The post office was the village's front desk, kind of acting like a bank for a lot of things. There was pensions being paid out in cash, there was bill payments, there were deposits, there was just standard parcel stuff. But in a typical week, 100 to 150,000 pounds moved across that counter. That's like 200,000 USD. Most of that money was in Scott's. It belonged to the post office or the pensioners, but every transaction paid him a fee and that's what made the business viable. Also, that foot traffic just lifted up the shop. People coming through would buy greeting cards or snacks or magazines.

B (6:00)

Yeah, it did, really. I mean, the amount of transactions that were taking place every day in the Post Office, it was phenomenal, really. Way beyond what I was expecting. I'd really bitten off something more than I wanted to, but actually got in there and started working doing this. So you're always just going to get a little giving someone the wrong change or typing something into the system, a tempe out or something like that. Because of the thousands of transactions you're doing every week, it would be surprising for it to actually be absolutely perfect, the cash situation. So it was going to be a very, very small part.

A (6:35)

Out by month end, Horizon demanded a perfect balance.

B (6:39)

I had a discrepancy from the previous owner that I had to pay, that I had to pay. And I tried to chase him up for this money, but of course it never materialised. So I had to pay about £600 of his debt. I'd only been in there about a week, so that was not a great start. But anyway, in 2008, suddenly the system said I was 1750 pounds out.

A (7:04)

Scott was used to the system being off by a few pennies here and there, but this time the numbers were way off. This was something else entirely.

B (7:11)

And it said that I had stamps to that value in the post office, more than I'd actually got.

A (7:16)

Scott didn't have the first class stamps the system claimed he did, but mistakes happen, right? He figured that maybe it would Sort itself out. Maybe in a different day it would go the other way.

B (7:26)

The way the system works, you come to the end of like a financial period, which is, which is every month. And you have to. The system has to be set so it's exact, so it can cut off that period and start a new period. But it's what's known in their parlance is the system rolls over to a new period, but it can't do until any discrepancies are resolved. And you can't just say, oh, I'll resolve it, you know, because they'll want the cash.

A (7:54)

Scott contacted the higher ups, he contacted the support line, but basically he couldn't open the store next day and start doing transactions if he didn't close the month. And if he couldn't do transactions, he wouldn't have enough to cover his lease or cover payroll. And so he said he was out 1750. And he tried to tell them that it was a mistake, but what they said was, well, the system says that you owe us 1750, so we can take it out of your pay either in one payment or two.

B (8:20)

So I had to pay it. And that was when the alarm bells are ringing, you know, like, what the hell, what happens if they say something else is out? I've just got to pay that, you know, and you're dealing with such high value stuff, it can soon get way out of hand or less. It's the whole risk is on me here because of what this computer's saying, you know, and we knew it wasn't right, but we'd have no problems before proper problems. So it was very difficult to blame the system straight away. We just wondered what the hell had gone wrong, you know, how could this have actually happened?

A (8:50)

This was a financial setback and it was terrifying. Scott made only a tiny profit on each transaction, so even small mistakes like this could easily ruin him. And because of that, anxiety started to creep in.

B (9:01)

And do you remember the financial crash of 2008 that had a big impact on us and everything. There was people queuing up down the street paying, some people paying millions of pounds into post office accounts. I don't know what it's like in Toronto, but in the UK, the UK only guarantee £85,000 per account in the event of a bank going bust or anything like that. So this is no good to the millionaires that lived all around me. So they realized, though they got to know very quickly that the post office, which fronted up accounts for the bank of Ireland, guarantee the total amount. So they were just Shifting all the money into that. And there was millions of pounds coming over the counter now and we'd already had this discrepancy, you know, we were like, oh, my God, what's gonna happen with this?

A (9:51)

One day, Scott found himself £4,000 short. And if he told the Post Office, he knew exactly what they would say.

B (9:59)

I couldn't really tell the Post Office about it because I knew they'd just immediately take the money. And when you're in a small business like that, you're not in the position to just be paying loads of money out that have seemingly just disappeared, you know what I mean? You're just not in that financial position. Things can start going wrong. You've got wages to pay, you know, bills to pay. And this money isn't something you haven't done if you sort of mean they just take it off you. You had to. You basically had to adjust the system to say that that money was now in, as if I'd put the cash in, but actually I'm harboring a 4,000 pound discrepancy now.

A (10:36)

You had $4,000 more or £4,000 more in cash than you actually had.

B (10:40)

That's right. So which meant the system could roll over thinking that that £4,000 is in, but it's not. And I'm hoping corrections are going to come to correct any mistakes we made, even though I knew we hadn't really made any mistakes like this. You know, he's just hoping upon hope that something's going to come down the line to help out.

A (11:00)

Scott's stuck, right? If he admits he's short, he has to pay up and then he won't have enough left for staff or rent. But if he claims the money's there when it isn't, then he's just betting. He's just hoping that tomorrow the numbers will magically fix themselves somehow. Maybe someone, somewhere will spot the and things will just set themselves right. Maybe he just needs a little time, he needs to stall. Or maybe there's another way. Maybe Scott can cover this himself over time, skip a little bit from his pay each time, take on some personal debt, pay suppliers late, and eventually that £4,000 will even out. But if the Post Office needs their money right away, that's a whole different problem. So he lies, right? So he says he has the money, he'll figure it out later, but then there's another day and suddenly now he's out £9,000, and then the next day it's even more than that and it keeps piling up Day after day, until before he knows it, he's £44,000 short.

B (11:56)

All of a sudden, he's just total stress, you know, total stress and anxiety. Because I know that I'm in trouble as well, and not just financial trouble, but I know that I'm going to be in trouble at whether I lose my contract. Even if a load of auditors arrive and see the problem, I'll still lose my contract for dealing with it like that.

A (12:14)

I don't know, like, it feels like you should be able to file a support ticket or something and be like, hey, there's not money here. Or I don't know, like there was no recourse that you could take somehow.

B (12:26)

No, there was nothing. That was the contract, said we're reliable, and that was it. They knew that they'd go to court on that, and they did go to court on that.

A (12:35)

Scott kept the store running even though he owed the post office more money than he could ever pay back and still keep the business afloat. He kept it running because the fallout hadn't hit yet. On paper, he was holding £44,000 for the post office that was theirs. But for now, no one was asking for it. And so he was okay.

B (12:54)

What happens in this sort of cash situation like this, you end up with too much cash in and you need to take. Get some out and you get cash vans to come and collect it and take it to cash centers and that, because you end up stuffed with cash and it's not very good for security. It's not very practical to have so much cash. So I always used to keep the sort of amount in this post office, about 80,000 in cash because you have pensions to pay. Surprisingly how much it's paid out from this. Suddenly I'm 44,000 out now. And my system came up with an amount that it wanted me to remit out to bring the, the amount held in the office down to a sensible level. And I couldn't do it. It would mean I'd have about 10,000 left in the post office. I wouldn't be able to operate like that. So I ignored it. I ignored this request. And two days later one of their auditors, auditors arrived to find out why. So that was when the, the axe fell down. But I was pleased that the auditor was there because I thought, well, I don't have to hide anything anymore. Surely now I'll probably lose my contract, but surely now all the. Any errors that have happened in my branch will come to light. But they never did the slightest bit of Investigation. They just immediately started prosecution proceedings. You know, this is how they operated.

A (14:12)

Did you try to explain, like, to the auditor, like, how did that go down?

B (14:16)

Yeah, they just. They just didn't believe you. They just didn't believe you. They just presumed you'd nicked it, you know, presume you've stolen it. So they didn't listen to any explanations or as far as they were concerned, you spent it, you know, you've had this money, you've squirreled it away, you know, what have you done with it? They came to search my house to see if there's rather nice things suddenly appeared in my house, like a nice new car outside or something like that. Fortunately for me, there wasn't, you know, there was very little actually in my house at the time which did have mitigating effects, I think, because I think they were surprised at how little there was in my house. I had a computer system and a big beanbag at that time. I didn't have any furniture or anything just at that particular time. I think that helped slightly. But anyway, the prosecution proceedings were the norm.

A (15:03)

How did they search your house? Like they're not. They're not the police.

B (15:06)

Well, incredibly, in the uk, there's three different bodies that have got this power of. Of prosecution and everything. In other words, they don't need to use what we have as the Crown Prosecution Service, because what happens is the police gather evidence, they give it to the Crown Prosecution Service, they decide whether there's a case and then it goes to court or not. You don't like that, but some people can usurp the Crown Prosecution Service and take you straight to court. Ministry of Defence, Her Majesty's taxes, hmrc, of course, the police and everything. And some incredible ancient law, old Elizabethan law, Royal Mail have also got this power as well. I think it was because way back in 1690 or something, people carrying valuables around for other people and stuff like that were targets. So they ended up. They had their own, like, not police force, but security people. It's kind of gone on from there and they've still got their own security fraud squad, police with powers not quite the same as the police, but enough to put to take me straight to court.

A (16:15)

There was no way out. The auditors and prosecutors from London had already made up their minds. Sub postmasters like Scott, they probably couldn't be trusted. Why would someone take on a job like this, handling all that money, if they weren't trying to skim a little off the top so they could gamble or worse in their Eyes. Scott was just another criminal hiding in plain sight, a bad egg in the system. And prosecution was the only way forward.

B (16:38)

Yeah, well, I, I got charged with five counts of false accounting that was changing the figures five times in a row basically. And they were going to do me for theft as well, even though there was no evidence of theft. And we actually had a memo on post office headed note paper saying after their exhaustive investigations, we find no evidence of theft yet they were still going to try and prosecute me for that. You know, I went to Chester Crown Court, handcuffs, everything, you know, so there we go.

A (17:12)

The story is so like, unfortunate that I feel like I just need to say it out loud. Scott put everything on the line. He used his savings, his mom's inheritance that she got from selling her business, and he even took a mortgage on his house, all to invest in this business, which is just something people do to start a business. Fair enough. But now he's in handcuffs and he thought maybe the court would sort things out for him. But in reality, he was up against one of the oldest and most powerful institutions in the uk. The odds were stacked against him. They had their own prosecution branch. And from here, things only got worse. I get it. I'd be hopeful if I were Scott. I'd probably think, you know, what's the worst that could happen? Maybe I'll have to sell the store, but at least I can move on from this nightmare. I thought this was going to be my job, but now I just want to get out of it. But in fact, it didn't work out that way. It got much, much worse. But what had just happened? Where was this money actually going? Let's start with the stamps. The first big blow that Scott took. Imagine it's 2008. It's the end of the day. The receipt printer is still warm. There's a line of rubber bands on the counter from where Scott's been bundling up the stamps. This is the end of day, tidy up time, count out the stamps in the drawer, tell the computer what you got. Make sure all the numbers all line up on the screen. It's a simple form. You know the amount of stamps in. He scans the tray, he taps enter. The screen hesitates. Maybe the computer freezes. Maybe it does that sometimes. So he hits enter again, because that's just what you do. But here's what I think happened. The system would freeze and then it would repeat. It would play back your key presses so that one stock in entry turns into two. The screen didn't warn him the screen was frozen. It just added another batch of stamps to his ledger. So that means in the drawer, there's what he actually unpacked, there's today's stamps, but in the computer there's today's twice. What that means is nights close or the next day. They think he's holding more stamps than he does, more than physically exist. They. It's not missing cash exactly. It's just ghost stamps that the system insists should be there or the money for them. And that's how you wake up owning 1750 in stamps that you've never seen. It's not that Scott skimmed anything. It's because the counter said hit enter, and he hit it and the screen hiccuped and the software created a version of the world that didn't actually exist. Now, those bigger discrepancies, I have some theories too, for how they could start. It's the same type of glitch, just on a larger scale. If a builder brings in 2,500 pounds and Scott enters it in and the cursor hesitates, so he hits enter again. It's a busy store. He's got to move on. One real deposit now becomes two entries. And then an hour later, cafe owner comes in with fifteen hundred dollars to deposit. Same pause, same double enter. And no one would notice this in the rush. The cash is there, it's counted and it's real. But at closing, it says that there's £4,000 more cash in than is actually in the drawer. It's just two ghost deposits. Right? It's not theft, it's just buggy software. It's not innovative. There's a system of checks and balances that should be in place. But the reason things failed here has to do with how this software was built. In the 90s, the UK government set out to modernize every Post Office counter. They wanted to get rid of old paper benefit books and they wanted to switch to a card system. So they bought in this company called ICL Pathway to handle both jobs. They're going to put I, you know, a computerized point of sale system in every branch, in every Post Office store, and they're going to move all their benefits payments online. There's two pieces to the system, the Post Office and the benefits. The benefits part gets cut. The whole thing doesn't go well. There's delays, there's fights over cost, there's changing requirements, but somehow the counter system survives. And that's the system that's running Windows nt. At Scott's office, the project is Seen as a huge failure. But they can save this post office part and maybe things will be better. Newspapers write up stories about all the wasted money of this project, but it still rolls out. And even without the benefit cards, putting computers on every counter still feels like progress. It sounds like a sunk cost problem. They put all this money into this failed project and surely they can save some of it by rolling out the small piece of it. And because this was built in the 90s, you know, it has dial up modems and it has unreliable connections and thousands of tiny shops that need to communicate to home base. So the system was built offline first. Every branch got their Windows NT box and it was hooked up to scales and a barcode scanner and a receipt printer and a messaging layer that was called repost. So if the network went down, you could still serve customers. Transactions just queued up locally and then when the Internet was back, the data was synced for the time. That was a smart trade off. The Internet was not reliable, but it is a trade off. When you have this sort of store and forward system, your truth comes from a pile of queued messages on various machines. And they can get delayed and they can get retried and they can even get replayed. These are just the problems of a distributed system. Most days everything works fine and the ledger looks clean. But every so often, maybe it doesn't work out. Most days you never notice any of this. You sell stamps, you pay out pensions, you take deposits. The cash drawer has the money in it, the terminal has its numbers. And at the end of the day, those two sets of records are supposed to match up. But when they don't, when you're left staring at two realities. What's in the tilt and what's in the screen. How do you reconcile that? You might think like Scott did, that the numbers have to balance out eventually. If a deposit got doubled somewhere, someone should end up with twice the money in their account and that should be flagged. There should be discrepancies that show up somewhere. Double entry accounting is supposed to catch these things. You can't actually just create money out of nowhere. But I actually looked into this. While the ledger system that tracked what Scott made and owed each day was offline first, the banking transactions were live in real time. There are real time communications with the bank. So it's very possible the money was deposited once. But because of a double press or because of a network hiccup, there was two records in Scott's system for it. And somewhere these numbers must get reconciled. The Money transferred into somebody's account, you know, should line up with these aggregate of data across all these post offices. So in fact, somewhere it should all shake out and even out. But not in any place or on any timeline that actually helped Scott. Most days, the software worked fine, but there, it turns out, were plenty of known bugs, enough to cause real mistakes. And behind the scenes, people at Fujitsu were scrambling to keep things running. They were patching issues, they were finding ways to update the ledger, forcing the numbers to add up and be correct. But Scott didn't know any of that. All he saw was the computer telling him that he should have money that he did not in fact have. And then the auditors seeing the same numbers and jumping to their own conclusions. Hey, here's a small town guy who's stealing from us. Let's make an example of him. If you're from the uk, you might have heard parts of the story before, maybe not about Scott, but about the 13 postmasters who took their own lives after facing similar accusations. Scott didn't take that way out, but his life was definitely turned upside down by all of this. And we'll get into that. But what about the software itself and the people who maintain it? How could an organization that took this failed software project and push it out and was constantly fighting bugs and drowning in heirs turn around and aggressively prosecute people who were affected by those bugs? Let's rewind. After Horizon was created, but before it got Scott put into handcuffs, before it got him splashed across papers as a thief, the company who created it was acquired by Fujitsu, and so Fujitsu held the maintenance contract for the software. Scott had no idea. But Fujitsu engineers had already had a name for a bug that seemed a lot like the one that was draining his account. They called it Calendar Square, after a Falkirk shopping center where they first spotted it in September 15, 2005, a sub postmaster at the Calendar Square post office tried to move stock from one counter to the safe, but the transaction just seemingly disappeared. Wanting the books to balance, he tried it again. But what he didn't know is Horizon's repost messaging layer had frozen. It had a message timeout waiting for lock. And when the terminal was restarted, when the lock was finally cleared, it replayed that queued message. Suddenly, both versions of the transfer showed up. Two transfers in for a single transfer, out in double entry bookkeeping, which I'll touch on at some point. For every transaction, there is both an in and an outside, and this is a careful check on things. But on paper, this Branch suddenly had a surplus in one account without a matching shortfall in the other. And because of that, the operator, the sub postmaster, was on the hook to repay the difference. Fujitsu logged this failure as peak PC12642, and a few days later it happened again. And then it was given a different number and both incidents landed in their internal error logs. So they put the incidents in their known error logs and they gave advice to the support people at the Post Office. If somebody reports this problem, tell them to reboot the machine and whatever they do, don't enter it again. Internal emails at Fujitsu admitted that this lock bug had been showing up at a number of sites, most weeks going back as far as 2000. But the subpostmasters were never warned. Fujitsu just kept the known error log to themselves. So if this is what happened to Scott, and if he managed to reach the Post Office before a restart or whatever occurred to get the double posting, the staff there wouldn't necessarily know what to tell him. But it's wild that the folks running the Horizon system already knew this bug inside and out by the time it happened to him. But for the actual sub postmasters dealing with this, they were kept totally in the dark. And that was just one of the issues, right? There was another one called the reming out problem. Reming out being short for remitting out. The end of the day routine, where you've got too much cash on hand and, and you seal the extra money in pouches, log it into the system and then a van comes and picks it up. Basically, you're moving money from cash on premises to cash on transit, right? You don't want too much around so that you don't get robbed. You can imagine an end of day Scott on a busy pension day has too much cash in hand. So he follows the routine. He prepares. These pouches each have £10,000 in them and 20 notes. Each bag gets sealed and it has a barcode on it. And in Horizon, he's supposed to enter that he has this 10,000 pound bag and then he has the second 10,000 pound bag and it should subtract 20,000 pounds from the branch's holdings and add 20,000 to the pouches ready for collection. But this reming out bug, which sounds really bad, if you did two bags and they had the same amount in them, Horizon only subtracted the first one from the branch's holdings, even though both bags showed up going into the van. In other words, the van would get their $20,000, but the branch would Say it had only taken out 10,000. When people talk about balancing the books, this is what they're talking about. Both sides need to match. You can't take out 10,000 here and deposit 20,000 over there. It doesn't make any sense. But that was the bug. Both bags left the branch, both were in the van, but the system acted like only one had gone. And so on paper, it looked like at the end of the day there was £10,000 of cash missing. It's like the ghost stamps, only this time the numbers are much bigger. Yeah, that's the reason double entry accounting exists. Every transaction gets recorded twice. Once as a debit in one account and once as a credit in another. And those two need to balance. If they don't, you've either created or destroyed money out of thin air. And this isn't a new idea, right? The idea of recording everything twice goes back to merchants in Renaissance Italy in the 1400s. They were using double entry bookkeeping. If you've ever written code, double entry accounting might feel familiar, right? It's basically a 15th century version of like a two phase commit. You can't close the books until both sides acknowledge the change has happened. You have like two physical machines separated on a network and you're taking something from one and moving it to the other. Both sides need to confirm that they've gotten that change or. Or it didn't actually happen. If one side never acknowledges, or if things just hang, then it doesn't count. It's also kind of like test driven development, right? Every code change needs a matching test. One side needs to match the other. If the logic in the test or the logic in the code you added is incorrect, something will fail. And that's a sign you need to figure out what's going on. There's so many metaphors for this. The other way to think of it is like a checksum, right? If a checksum doesn't pass, then the data's corrupted. But really the system should not allow you to have a debit in one account that doesn't match a credit in another. It's just a simple integrity check. And instead of investigating and blaming the system for breaking basic accounting rules, somehow the finger gets pointed back at the subpostmaster. That's the reming out bug. And in February 2007, Fujitsu reviewed this bug and they found internal notes showing 49 branches were hit in that month. And maybe because this one is obvious and doesn't balance, they did remotely access some of these branches machines and try to fix up the ledger entries. We don't know if Scott's branch was one of them. We don't know if this was the bug he hit. The details just aren't available. What we know is that in some cases, Fujitsu was working behind the scenes to try to correct these errors without telling the contractors like Scott, or even telling the post office itself what was going on. And there was so many bugs like this. There was an earlier bug from May 2005 called the Kell G Maxwell 38 5P. All we know about that bug is it says possible bug encounter code. But they were never able to pin down what happened. There was never a change. We don't know which post offices were affected, and we don't know what the fallout is because we're piecing this together after the fact. And there were plenty of other issues. And honestly, we'll never know what really happened to Scott because no one bothered to look. The problem was there's so many layers. There was the software company doing the maintenance fixes. They built the software. They don't want to talk about bugs. There's the support people at the post office and they're overwhelmed. And that's why the first time, the numbers didn't add up. Scott did what anyone would do. He called for help, and he gets the cue music. And then he gets a unsympathetic support worker who's working through a script. Check the till, recount the stamps, maybe power cycle things. Have you tried closing the session and then reopening it? It's hard to say whether the agent is even really listening or just working through a script. One thing's for certain, right? He reminds Scott. The contract says that the branch must balance to roll forward. If Scott can't fix it, the difference comes out of his pay. It's in your contract, sir. You can spread it over two deductions if that's makes it easier. Scott hangs up, feeling small. Not just that they've taken money out of his pocket, but that they don't trust him. If the computer says the stamps are there, then they're there. If they're missing from his drawer, then that's on him. So he pays, right? In that first case, he pays that 1750 and he tells himself it's just a glitch and it'll work out, and that's fine. This is his business. He's excited. But then, yeah, a few days later, the numbers don't add up again and the gap's even bigger. I'm just playing this back in My mind right. If he admits the shortfall, then they'll take the money right away. And maybe he won't be able to make payroll, or maybe he won't be able to pay the lease. So he's a businessman. He does what he needs to do to keep the business running. He forces the period to roll over. He tells the system that he has the money. He tells them what it wants to hear, just to make it through the night, make it to the next day. And that desperate entry to move forward is what was later called false accounting. That's what got him put in handcuff. That's the moment where the system of prosecution decided that he was the villain and he was someone to blame. But here's what's interesting to me. Right behind that maze that Scott couldn't see, there was real experts, the ones who could spot a software bug. They were just hidden inside Fujitsu's back office and they were trying to fix things. Maybe they were working very hard. You know, they had a list of known errors, but those never made it out. And if the problem you had looked like something in their error logs, support might notify them, maybe it would quietly get fixed, I don't know. But if it didn't, or if no one checked, then you're stuck. And Fujitsu was swamped with these bugs, but they also kept them under wraps. This list of known errors, they kept that as an internal list. They never shared it with the Post Office support at all. So it's not just a software thing. It's about organizations and culture. The Post Office treated every shortfall as a personal debt against the subpostmasters. You either had to pay up or they took the money from you. And it seemed like there was some sort of quiet disdain where this big institution looked down on these village shopkeepers, like people in charge in London while the subpostmasters are working in their villages. But there was, at least in theory, another option. If Scott had known the right phrases, and if he was willing to lose pay and to not just forcibly roll it over, he could have refused to roll over the period. He could have stood his ground not entering anything, but not accepting their numbers, I don't know what would have happened then. But what I'm imagining is maybe he eats the cost on that first time, but the second time he goes all forensic accounting on them. He starts writing down every transaction. He starts taking screenshots who pressed what, what happened, where he starts a formal dispute process with them, says that he wants to report a system defect, is very clear about his words and is very demanding of an audit before any penny is taken from his pay. If he had known that the software had so many issues, I mean, which of course he didn't. And if he had taken the time, maybe he could have shown them, or maybe not, but maybe he could have written to his mp, maybe he could have got a lawyer to send them a letter and maybe, just maybe, that would have pushed them to look into it, to get off the script. And then somebody would stop saying, it's your problem if the numbers don't balance, you just need to pay. If he could get people's attention like that, maybe he could get the issue escalated. Maybe then Fujitsu would have stepped in, they would have taken a real look, maybe they would have straightened things out. I do think it's possible. But think about what this really means. Scott's got to operate this business and all of a sudden now you. He's got to be a legal expert, be a forensic accountant, be a site reliability engineer, and use some sort of bureaucratic kung fu to get people's attention while customers wait in line and want to get their pensions or want to get their packages. He's supposed to risk his payroll and his reputation and all this hope on the fact that he could make some change happen. And there were 14,000 sub postmasters and many of them were having problems. So it's a lot to get above the noise. And when you're contacting the support line and their job is to get you off the line and move on to the next one. And Scott didn't have a map to all of this. He didn't know that all this was going on. All he had was this useless support line and his lease payment and this cash drawer that never matched the numbers on his screen and these people telling him he had to pay. And so the next time, he just entered what the computer wanted him to so that he could open up his shop and he could do his business. It's a choice that's completely human and totally understandable and one that would get him arrested. I think it's interesting. Sad, but interesting. How you can look at the details of this and see how it ended up where it did. Horizon is a textbook case of how big software projects go wrong. Yes, the goal was to modernize every post office counter and replace benefit books with a payment card. But government projects like this have a bad track record. The bigger the project, the lower the chance of success. And this project was one of the largest IT contracts in European history. As I mentioned on paper this project was supposed to do two things, the welfare payments and computerize the accounting. But that involved two different agencies and two different sets of requirements. And it all was in one contract and it went sideways. Patrick McKenzie, patio 11. He's covered stories like this before. He says government software projects fail for pretty predictable reasons. He says all systems reflect the culture they are created in. No system of importance can be accurately described without the context of the culture that created it. In other words, the institutions and the culture of how things are done are the hard part of government software, not the technical details. Because maybe they could have straightened out the technical details, but things were already a tangle. There was overlapping institutions and there was conflicting incentives between the software company and the subcontractors and the post office. And everybody had a contract and everybody was working to contract. And when you build software to contract, you get something that hits the checkboxes, that has the process but maybe is not working. The problem is that government procurement processes don't reward working software. They reward compliance and following the RFP and audibility. It's like ordering a car with a parts list. You can check every box for all the pieces of a car, but end up with something that doesn't actually get you anywhere. And then because institutions hate admitting failure, they basically can never admit failure. The easiest path to salvation when the welfare project failed was just turning this whole thing into the horizon postmaster system. This software project is tragic, but it's also kind of fascinating. There's just so many things that went wrong and I can't possibly go over everything that went wrong here. And as Patty11 said, it's more cultural than being a specific person who made a specific error in a specific place. But for one interesting example, imagine you're going to roll out this system. It's a nationwide offline, first point of sale system with active users across every small village and major city in all of the uk. In other words, it's a lot, right? And there are a lot of ways to roll out a system like this. If you're forcing the use of a failed project to save face, you should consider maybe rolling it out piecemeal, doing a canary deploy of some sort, or doing some sort of gated rollout. Try to use the software in a small number of Post Office owned stores. Keep a very close eye on it in small numbers like that. Maybe just one slow store to start, but really spend time and make sure each issue is resolved and investigated. There was actually 115 post office stores that were owned and operated by the Crown. And so that is a feasible plan. Just do those 115, investigate every problem, maybe run the system side by side with the old system and see how it lines up. That's something I would suggest. But the institutional reality of large government organizations pushes projects of this scale towards big bangs. The software is done. We had checklists, and all the checks have been checked. No one is going to raise their hand to say, oh, actually there's this problem over here. So when rollout started in 2000, when these horizon terminals, when these Windows NT boxes were bolted to scales and given barcode scanners and receipt printers, it was rolled out to all 14,000 village post offices all at once. And I'm assuming because before rollout, we decided that the software was correct and perfect for the task. I'm using air quotes here, but you probably can't see them. But because we decided it was correct and perfect, except for some known issues that actually Fujitsu is keeping to themselves. There's a simple rule, right? If your books don't balance, it's because of you and not the software. And so you must pay the difference. And that's why, as Scott was taking over his post office, Shop Horizon had all these failure conditions perfectly lined up. All the things that Patio 11 warns about. So by early 2000, as Scott was taking over his village shop, Horizon had all, you know, the hallmarks that patio 11 warns about. A contract that's optimized for process over getting the right outcome. Lots of people who can veto things, but yet no single accountable owner. An architecture that amplifies small glitches into accounting discrepancies, and an institution that's unwilling to admit that there might be faults. So when those glitches hit, the entire weight of the institution tilted towards prosecuting the subpostmasters. Because to admit otherwise would be to admit that the project itself was a failure, right? That so much money was gone that it was wasted. Or as Patrick McKenzie puts it, risk rolls downhill. If a ledger goes wrong, the people with the least power end up holding the bag because they can't prove who's at fault. That's the interesting thing to me. When Scott picked up the phone line for help, he didn't reach the people who actually built Horizon. He got the post office support. And their real job wasn't to escalate bugs. Their job was to keep things from ever reaching Fujitsu because of contracts and processes, right? Because sending things up to Fujitsu had a cost and it had all the overhead and painful machinery of a Giant government vendor relationship. So the defaults were simple, right? If Verizon glitched, that was Scott's problem. If the till didn't balance, he had to make it good. Small issues never became system bugs, they became debts. Because nobody else wants to admit there's a problem. Fujitsu wasn't gonna eat the risk, the post office wasn't gonna eat the risk. So all the risk just rolled down onto Scott. And that's why things did not go well for Scott. Right? He ended up in handcuffs and he was put in front of a judge in court.

B (42:57)

Yeah, I naively thought, well, I haven't taken any money, I haven't stolen anything, I haven't done anything wrong. Really, if I go to court, the legal system will back me up. But it turns out it's not quite like that. So I had to plead guilty to false accounting, otherwise I would be going to prison because the judge would have just said, well, you did leave false accounting, you know. Oh, no, you know, so another lesson there. Bit naive. I really did think that it would come to my aid in the end, but it didn't. So if you plead not guilty, when you are guilty, you don't get a suspended sentence. So I would have been going. So I had to plead guilty to keep myself out of prison. So off to court. I get prosecuted, I get a prison sentence. I didn't actually go to prison, but I had a suspended prison sentence, which meant I couldn't travel, I couldn't say I couldn't come to Toronto.

A (43:48)

And also because his store is in a small village, his arrest was front page news.

B (43:52)

I'm on the newspaper, I'm in the newspapers as, like, this crooked postmaster, dishonest postmaster, you know, so what, what are people going to think about that? You know, luckily, the people that knew me, they knew something wasn't right. But the wider public that knew me, that, you know, from having this post Office, they didn't know, did they? Presumed I'd been up to no good.

A (44:15)

Then the next problem, Scott can't operate his store anymore. He doesn't have a license to operate as a postmaster.

B (44:21)

Yeah, well, that's right. I own the business. We had a loan taken out against our home, which was. Everything was working fine up until this point and suddenly now the business has been closed, but I've still got the loan against it to pay. The shop's closed down now and the post office closed down. I avoided bankruptcy somehow. It's a long story, but I managed to avoid bankruptcy, which can get you out of debt. But it means decade, well, a decade of, you know, trouble. You can't even get a bank account and things like that if you've been made bankrupt. But anyway, I avoided that and somehow I managed to hang on to our home and, and get rid of the lease from the shop and everything. But it was just disaster, you know, I was in debt, had county court judgments against me for suppliers that I couldn't pay, not large amounts, but it was just embarrassing, you know, I'd had a great relationship with all these suppliers for years, you know, now I can't pay them, you know, and they're having to take me to court and everything. It's just so embarrassing.

A (45:22)

And was this hard for you, like mentally, emotionally?

B (45:25)

Yeah, it was, yeah, yeah, it really was. I mean you just felt down, you felt when you walked around your hometown that people were going to that guy there, we read about him, you know, even if they weren't, he felt, he felt like that. And so wandering around, going any socializing, you're always wary of how people looking at me. This goes on for quite a long time. It's probably irrational because as you know, you're in the news for a day and people generally forget, I think, but I don't know if they forget about that kind of thing. So, you know, it's irrational. But this is what, this is the kind of anxiety that it causes in you that goes on for quite a long time. Actually many years I couldn't get a job because, you know, I don't know what it's like where you are, but you have to. On job applications you have to say if you've got any criminal convictions and if you say no, you're committing another offence, you know, so you have to say yes. And come on, it's human nature on job applications, if people have got a current criminal offence, they're going to be able to stand a much less chance, aren't they, of being employed? So that was the position I was in. So I'd gone from earning pretty good money doing this business to state benefits, unable to find a job for three and a half years. And I got an eight year old daughter at this time, didn't it?

A (46:40)

For years the Post Office blamed Scott for all those losses. But the full story only came out much later, 20 years on, when a public inquiry finally made all the details public. Everyone finally saw that people like Scott were broken by the very organization they wanted to serve. For most people in the uk, Scott and the other sub postmasters were the face of the Post Office. They were the friendly person helping you with your pension statement, selling you your stamps, weighing your Christmas parcel. Those were the people you trust. They're the last ones the organization should turn against because they're the heart and the face of your business.

B (47:13)

I don't know how they could sleep at night. I don't know how they could go on holiday with their families and knowing that this is going on and they would say nothing about it. But in big corporations, it appears that there's this kind of group think mindset, you know, that people just do not. They just don't rock the boat, you know, they just keep their head down and carry on despite knowing what's going on.

A (47:37)

It's true. I have worked on similar software projects before. I worked on something that was not unlike Horizon, but for a big Canadian government project, it didn't go well. It. It didn't go as badly as this. But that's not really saying much because, I mean, this went incredibly bad. But that's what makes this so interesting for me, because I can understand what it's like to be the people at Fujitsu, or, you know, what it's like to be the support person. But I want to say, I think we all have a duty to be good citizens to the world. Even in our commercial endeavors, we need to sometimes take the corporate blinders off and see what's going on in a wider context. It's easy in an organization to feel compartmentalized and that you don't have a role and the things that you're doing, but you do, right? And there was in fact a whistleblower from within Fujitsu, and he was helpful to unraveling this whole thing. But there should have been more people coming forward. There should have been more people trying to resolve things, and there should be more in the future. If your rideshare company is quietly shorting drivers on their pay and you know about it, you know, speak up. Tell somebody. Tell me. When you notice something at work that feels off, when you realize your organization might be in the wrong, don't just ignore it. Take a closer look. See if there's a way that you can do the right thing. Even if it's not your job description, it's hard to do. I get it, you're busy. But if someone is going to jail because of a software bug, or losing their health coverage or not getting paid for their work, when they really need to get paid, then that matters because these risks often roll downhill. Gig workers are hit the hardest, and they're the least able to shoulder these burdens. So if you see something, say something. That's why I wanted to share this episode. Doing the right thing isn't easy, but it is possible. Thankfully, though, the uk, I think they may have learned their lesson.

B (49:18)

I think that's one thing that's going to come out of it, which will help future. It'll stop the people just saying, the computer says this, you're on it, and people go into prison. So it will stop that thing. But as for software companies, there has to be a duty of Canada somehow. They can't load the risk of their systems onto other people, which is what they did. Every system's got faults. I mean, so what? But if they flagged up on your screen that there's been a fault, there's been a bit of a discrepancy in your branch for putting it right. You just have faith in the fact that this system's constantly being, you know, looked after. But instead there was none of that and off to prison we went, you know, that kind of thing. It all seems so Victorian now already, you know, that that's how they treated people. So I don't know how it's going to work for the ordinary people in the future, but, yeah, things are going to change. Let's see if it changes for better protection.

A (50:15)

For Scott, things still haven't worked out. Between 2017 and 2019, 555 sub postmasters, of which Scott was one, sued the Post Office and they won. But after legal fees which ate like half the money, they each got about 20,000 pounds and Scott, along with 62 others, didn't get anything at all because they had Horizon related convictions. They were excluded from the payout because they had pled guilty. You plead guilty, you get nothing. But then in 2024, a TV drama scandal caught the attention of the Prime Minister and now new legislation is probably going to overturn Scott's conviction and it's probably going to help him get compensated. But it hasn't happened yet. Right. These things move slowly and it's been over 20 years. Right. We started back in 2005 with Scott sitting in a parking lot counting customers. Back then he was excited about the Post Office, but now he feels completely different.

B (51:07)

Oh, yeah, I don't go. I don't even like the vans going fast with the sign on the side, you know, I can't even stand to see that. I turn away from that, you know, so, no, I'll try my best not to go in one. I can't remember the last time I went in one, Actually, I think I did have to go in one at some point in the last 10 years, but it's been a long time. I won't go in if I can help it. I hate. I hate the thought of it, really.

A (51:42)

That was the show. Thank you to Scott Darlington for sharing something that I hope most of us will never have to live through. His book, Signed, Sealed, Destroyed, tells more of that story. It's a self published book and I loved it. I don't know if you can tell, but I can't say which specific Horizon defects affected him. What you heard here is kind of my reconstruction based on looking through all the documents because of the inquiry. There was a giant trove of documents released and I found it interesting to dig through them and to try to imagine what this was all like and what it was like to be an engineer or support person at Fujitsu or at the Post Office. If you want to see the story from another angle, check out Mr. Bates versus the post office. It's a dramatization of some of the key events in the scandal. I have not watched it at all because I heard about the story and I kind of wanted to pursue my own path. I wanted to talk to a victim and I wanted to dig through the documents, which is something I like doing. Maybe I'm a bit of a weirdo, but I'll probably watch it now and it'll probably make me think of all the things I should have done to make this episode better. Also, a huge credit to Computer Weekly. They are a long running online publication for IT professionals and they broke the story. For years, they covered the failures of the Horizon system in more depth than any mainstream outlet could ever get away with. And because of that, and because of postmasters who refused to give up, there was this inquiry and things did get resolved. But yeah, thanks the team at Computer Weekly. That is incredible work. And because Scott is more than just, you know, a downtrodden victim of the Post Office, here's some music. I found Scott performing with some rowdy people yelling in the background. Don't know who owns this music. Please don't sue me. And until next time, thank you so much for listening.

B (53:36)

Old sister.

C (53:39)

The older I get time for Ring out the bell. I said time for ring out the bells.

A (53:55)

Ring out the bell.

C (53:57)

Ring out the bells. Ring out the bells. Ring out the bells. If I have time to explain it all it'll be time to ring out. It's time to ring out the bell Ring out the mouth yeah, bring out the mouth. We fucking win.