Yes, every software will have bugs but accounting software is probably the easiest kind of software that can be formally verified: https://en.wikipedia.org/wiki/Formal_verification https://github.com/magmide/magmide
Formal verification of software through model checking was not a thing back then beyond aviation and semiconductor industry, but going ahead this should be mandated for critical government software.
I've worked on several finance systems for several major banks. Every single one of them has reconciliation.
You never have one 'stream' of data.
You have (In this instance):
- The User (Postmaster, Sub-Postmaster, Office Staff, Post Office Staff, Admins)
- The Customer (Person using the Post Office Service)
- The Physical Post Office
- The Post Office (Company)
- Banks and other Financial Institutions
Reconciliation should be performed with daily batch-runs confirming that the totals tally across all the actors. Discrepancies should be produced via reporting which is saved for the mandatory UK term of 7 years. All the figures across all the actors should tally at all times. Those exceptions should be red flagged and raised as incidents.
If someone was hacking the database then yeah, you can change the data, but you can't change the audit trails. Each record on each database is timestamped and an audit trail produced. Any competent investigator could review the timestamps on dated records. For instance, if records were written on the 1st Jan 1985 then the Timestamps should match the creation date. It's simple enough to crosscheck against the audit trails with the timestamps on the database. The hacked records would stand out like a sore thumb.
The major problem here seems to be that Fujitsu were given the contract and self-audited themselves. If they haven't got audit logs or reconciliation reporting set up as standard (As any financial system of the time always did) then that is the biggest flag that it wasn't 'fit for purpose' - in that it's self-auditing ability wasn't set. But I don't accept that. This wouldn't have passed standards in even a tin-pot establishment.
The mostly likely thing here, I would guess, would be that all the data was available but ignored by the 'experts' doing the hacking which are likely the same people that investigated the hacking.
It's never a good idea to allow a company to audit themselves - if this is what happened.
From Nobby's post above - "Post Office commissioned independent investigative firm Second Sight to review the system"
I am struggling to see how the fuck they couldn't find actual doctoring of data. What were they doing?
EDIT: Looking into it - they did a good job, but were only hired in 2013. This is a report of what they were doing. Apologies Second Sight - seems you did a good job:
https://www.postofficetrial.com/2019/12/second-sights-ron-warmington-breaks-his.htmlEDIT EDIT: There is a book on this whole thing, which I'll be giving a read:
https://bathpublishing.com/products/the-great-post-office-scandal-paperback / Kindle:
https://www.amazon.co.uk/Great-Post-Office-Scandal-multimillion-ebook/dp/B098GGKMW7/ref=sr_1_1?crid=2J5TPP3XD3AGF&keywords=the+great+post+office+scandal+by+nick+wallis&qid=1704879887&s=digital-text&sprefix=The+great+post%2Cdigital-text%2C85&sr=1-1