Summary: The UK Post Office scandal involving the Horizon system by Fujitsu stands out as a significant failure with catastrophic consequences to people’s lives. On the surface, it looks like an IT system (“buggy”) or UX issue (“clunky”). However, lurking below the surface is a failure of policy. Policy Design is a framework for mitigating against repercussions that come back to bite you.
Background on the scandal
In 1999, the UK government paid Fujitsu £1B ($1.3B) for an accounting system deployed at Post Offices around the UK. The system had bugs, but hey, it was 1999, right? And Fujitsu is hardly a software go-to for advanced software– that’s not what they do. Since then, the system has generated miscalculations of takings for Post Office managers (franchised and run by a semi-private company, “The Post Office”, with UK government oversight). Since 2000, the Post Office has been privately prosecuting, taking back money that wasn’t owed, and jailing sub-postmasters (local people, many pillars of their community). Some took their own lives. Many more franchise employees’ lives were destroyed by humiliation, blame, condemnation, and more.
See Design for Real Life to really appreciate why this is so important
Suicide as a result of incorrect calculations
It isn’t the first time users have died by suicide from looking at misleading screens. It’s also why ChatGPT and others say, “ChatGPT can make mistakes. Consider checking important information”.
In 2020, the Fintech app Robinhood showed a 20-year-old trader a negative account balance of $730,000, which led him to death by suicide.
Repercussion to the Robinhood app miscalculation: “In 2021, the US Financial Regulatory Authority (FINRA) ordered Robinhood to pay about $70 million in fines and restitution to harmed customers, the largest penalty ever handed down by the regulator. Robinhood neither admitted nor denied the charges”. (Source: CNN)
Computers make mistakes, but the scandal part of the Post Office story is they blamed users (“stupid users,” anyone?) and covered up what amounted to a disaster in Policy Design. Let me explain…
The Core Issue: Policy Failure
At its heart, this debacle is a failure of policy design.
The Horizon system, used for transactions and record-keeping, inaccurately reported financial discrepancies. This led to wrongful accusations of theft and fraud against sub-postmasters: 700 were prosecuted, with 93 overturned and only 27 settlements to date (BBC Jan 10th, 2024). Until: An Independent Television (ITV) mini-series, “Mr. Bates vs the Post Office,” aired last week in the UK. And everyone saw it…
The ITV drama has caused emergency priority around this issue and triggered a call for radical policy change. One thing is clear: the Post Office and Fujitsu will never abuse their users again after this…
Why is this not an IT failure-only story?
The Post Office’s inadequate response highlights a systemic oversight problem. Despite numerous complaints, the issues were attributed to user errors or dishonesty rather than acknowledging potential flaws in the system. Yes, IT was involved, but bug fixes and technical failures are a regular part of software engineering. That’s why Agile software development is standard these days- releases every few weeks fix bugs. But they don’t fix policies…
A host of policy failures
The scandal underscores a flawed accountability structure. The Post Office’s unwavering trust in the Horizon system and disregard for the concerns raised by sub-postmasters led to unjust prosecutions. The policy failures all happened “Back Stage“, an essential area of design in Service Design and where Policy Design targets.
Failure 1: According to the factual narrative in the ITV drama that woke the media and government up on this story, Fujitsu developers were amending records on a live production server. If this happened, it was a fundamental failure to adhere to standard security policy: never play around with live data, primarily financial. That’s what sandbox environments are for.
Failure 2: The Post Office response to hundreds of customers reporting the same issue was to assume fault and criminalize their users. The Post Office adopted a blame-and-shame approach, including jail time, while simultaneously covering up the issue. Perhaps this policy originated 300 years ago with the institution’s creation.
Look: the Georgian (1700s) and Victorian (1800s) ages were about punishment in Britain: you could go to jail for stealing an apple in a market. Instead of listening to users, they assumed theft. Could that be due to the fact that sub-postmasters (franchise managers of local branches employed by the Post Office) are in a power imbalance with social class? Social class is still a significant factor of discrimination in the UK, a legacy of the past. The ITV miniseries shows a stark contrast in social power between corporations and the community. BBC interviews with the actual sub-postmasters show the same.
So, Post Office corporate staff operated out of low literacy of their power position when making policy decisions.
See the Power Literacy Field Guide for why it’s so important to curb your power when designing especially for communities not like you.
Failure 3: The UK government, which subsidizes the Post Office, knew for years this was happening. Boris Johnson even provided a CBE to the CEO, which she handed back the other day due to pressure. The policy failure here is that instead of delivering just finance to its “state-owned private companies” (Wikipedia), they should provide their Goverment Design Principles alongside user-centered policies, for dealing with “stupid thieving users”.
The UK government is no stranger to User-Centered Design and Policy Design– they have some of the best practices in the world. But does their ecosystem of semi-private companies use it? Probably not. When vendors like Fujitsu receive free rein and political protection for over 20 years, demanding an audit, transparency, and fixes from them becomes essential to policies on vendor management of backend systems.
Bottom Line
The UK Post Office scandal is a stark reminder of the importance of robust policy design and responsive management. It’s a lesson in how policy failures can have devastating impacts beyond the realms of IT glitches.
Want to learn Policy Design?
Apply to Join my Inner Circle and get access to the recording and 220 more video assets. Pricing starts at $49 (discount pricing) per month ($99 standard).