Between 2021 and 2024, UK courts quashed the convictions of many subpostmasters — people accused of theft on the strength of shortfalls that the Horizon software reported. The Court of Appeal quashed 39 convictions in 2021, and 2024 legislation quashed many more. The source of the shortfalls was not theft. It was software.
The part a software expert must dwell on is not the “bug” itself but the assumption around it: that computer output is correct until proven otherwise. Horizon had known bugs that generated phantom shortfalls, and it had the capability to alter branch data remotely — without the branch manager’s knowledge. Yet as long as no one demanded the audit logs and the access history, the output looked like a fact.
This is exactly where the legal instinct stumbles. The natural tendency — in the UK as in Israel — is to treat computer output or an electronic record as reliable by default. But reliability is not a property of the system; it is a claim that has to be tested:
- Are there known bugs that affect precisely this kind of record?
- Who could change the figure, from where, and when — and is that logged?
- Are the audit logs themselves complete, or do they have gaps?
- What version of the system was running at the time of the event — not at the time the report was generated?
The question that decides cases like this is not “what does the system show,” but “how far can we trust what the system shows, and how do we test it?” Answering that is software-expert work: reliability analysis, reading logs, and probing the ability to change data behind the scenes.