Law Commission misrepresented experts when it changed rule on computer evidence

I had never heard of the presumption that computer systems operate correctly until the Post Office Horizon scandal brought it to my attention. During my career I have worked as a developer, IT auditor, test manager, security manager and development team leader building complex financial systems with tough targets for accuracy. I therefore have no illusions about the difficulties of producing reliable software, and managing it so that it remains reliable.

With all this experience I knew the presumption was absurdly unrealistic and would inevitably lead to miscarriages of justice. Criminal cases and litigation typically involve unusual, even freakish events, rather than smooth, everyday routine. How can defendants or their legal teams, who are uninformed outsiders, possibly know what is happening within a complex software system and challenge the evidence?

While researching a 2020 article about the presumption and the Post Office scandal I read the Law Commission’s 1995 consultation paper and 1997 final report in which they recommended the repeal of section 69 of the Police and Criminal Evidence Act 1984 and the resulting presumption of computer reliability. I was surprised at the weakness of the Law Commission’s arguments to justify this dramatic legal reform.

Rather than citing technical experts who argued for the repeal of section 69, the Law Commission repeatedly quoted vague, arm-waving, un-evidenced comments by judges who offered no insight into anything beyond their own technical ignorance. Where the Commission did cite experts, the quotes did not offer any support: they were ambiguous. If anything they undermined the case for repeal.

This year I followed up my concern and delved into the detail of the Law Commission’s evidence and arguments. I was shocked by what I found and wrote a further article about how the Law Commission brought about the presumption.

The Law Commission consulted only three sources. These were Dr Stephen Castell, an eminent IT consultant, Alistair Kelman (a barrister with an engineering background) jointly with Richard Sizer (Chairman of the Professional Advisory Board of the British Computer Society), authors of a book, ‘The Computer in Court’, and Professor Colin Tapper, a distinguished legal academic who specialized in the treatment of legal evidence.

I read all the articles and books cited by the Law Commission. I was astonished by what I found. The consultation paper and final report show a consistent pattern of sources that were misunderstood or misrepresented.

Stephen Castell, Alistair Kelman and Richard Sizer argued for the opposite of a presumption that computers are reliable. They stressed the importance of evidence to show that systems are developed and managed responsibly. The Law Commission cherry picked quotes out of context to support the conclusion they obviously always wanted to reach.

All these experts warned of the danger of confusing reliable hardware with software, which is of enormously varying quality. The Commission ignored these warnings and pretended that massive, complex, distributed systems, like Horizon, were simple mechanical objects that either worked correctly, or were obviously broken. Both Stephen Castell and Alistair Kelman have confirmed to me that my analysis and conclusions are correct.

Professor Tapper, the expert on legal evidence, was also treated disgracefully. His articles argued for the opposite of a presumption that computer evidence should be considered reliable. The Law Commission quoted a casual remark, of no particular importance, in one of his articles and presented it in a way that implied Tapper supported the presumption, despite the explicit arguments to the contrary elsewhere in the article.

The Law Commission's work would have been inadequate for an undergraduate essay. When I worked as an IT auditor my reports were scrutinized closely by senior management before they were released. I had to defend all my evidence and arguments. Recommendations had to be practical and based on findings, which were supported by evidence I could produce if challenged.

Instead of receiving similar stringent scrutiny the Law Commission’s recommendation was taken at face value by Parliament, which nodded through the change without serious consideration or debate. This was a political and structural failing that must surely be addressed in future.

Any internal audit report as shoddy as the Law Commission’s efforts would have seriously damaged the credibility, and the career, of the culprit. No respectable internal audit department would have allowed it to be issued.

The Law Commission arrived at the conclusion it wanted to reach at the start of the exercise, and it willfully misinterpreted the evidence so that it aligned with the desired outcome. The Commission feared that challenges to computer evidence would waste time in court so it pretended that such evidence would invariably be reliable.

This was my verdict on the Law Commission in the conclusion to my article: "The Law Commission had an inadequate understanding of a complex technical subject and provided no credible justification for the presumption. Its 1997 report was incompetent, with conclusions and recommendations only loosely connected to findings, and findings that had no basis in fact.”

The report shows a consistent pattern of sources that were misunderstood or misrepresented, and a woefully inadequate understanding of the nature of computers and software.

The Law Commission’s priority was clearly the administrative convenience of the courts. Justice was sacrificed. The victims of the Post Office scandal have paid a tragically heavy price for this convenience. The change to the law brought about by the Law Commission’s recommendation has had devastating consequences for thousands of people. It is shocking that this was brought about by a report of such abysmal quality.

How can the government justify retaining this presumption?

James Christie is an independent consultant, an IT expert with extensive experience of software development, IT audit, testing and security management in the IT outsourcing industry going back to the 1980s.