By Peter Sommer
In his blog The Use of the Word Robust to Describe Software Code (June 25, 2019) (https://ials.blogs.sas.ac.uk/2019/06/25/the-use-of-the-word-robust-to-describe-software-code/), Stephen Mason draws attention to the oddness of the use of the word “robust” in the context of the ongoing extensive litigation around the Post Office Horizon system (Alan Bates & others v Post Office Limited (ongoing)). He cites a number of experts to show that “robust” has no generally agreed precise meaning.
If there is a meaning it seems to be something rather less than “reliable” which in turn implies, at least in terms of the output of a computer system, predictability of outcome to the extent that important decisions can safely be made. We seem to be left with a morass of ideas about levels of software bug and the implications for conclusions that a court may have to reach. The experts consulted by Stephen Mason all seem to agree that this is unhelpful to resolving the aims of a litigation. The fact that a system is generally reliable and robust does not mean that there won’t be bugs, that the nature of those bugs can’t be predicted, and neither can the consequences of those bugs.
English law has long had to grapple with issues of the reliability of computer-generated documents. In the 1960s the issue was dealt with as a matter of admissibility rather than weight. Among other things there was a requirement that a suitably qualified person should provide a certificate of normal working. This was reflected in s 5 of the Civil Evidence Act 1968 and s 69 of the Police and Criminal Evidence Act 1984 (PACE).
It is worth quoting at length from the Civil Evidence Act:
Section 5.
(1) In any civil proceedings a statement contained in an admissibility document produced by a computer shall, subject to rules of statements court, be admissible as evidence of any fact stated therein of produced by which direct oral evidence would be admissible, if it is shown that the conditions mentioned in subsection (2) below are satisfied in relation to the statement and computer in question.
(2) The said conditions are-
(a) that the document containing the statement was produced by the computer during a period over which the computer was used regularly to store or process information for the purposes of any activities regularly carried on over that period, whether for profit or not, by any body, whether corporate or not, or by any individual;
(b) that over that period there was regularly supplied to the computer in the ordinary course of those activities information of the kind contained in the statement or of the kind from which the information so contained is derived;
(c) that throughout the material part of that period the computer was operating properly or, if not, that any respect in which it was not operating properly or was out of operation during that part of that period was not such as to affect the production of the document or the accuracy of its contents; and
(d) that the information contained in the statement reproduces or is derived from information supplied to the computer in the ordinary course of those activities.
(3) Where over a period the function of storing or processing information for the purposes of any activities regularly carried on over that period as mentioned in subsection (2)(a) above was regularly performed by computers, whether-
(a) by a combination of computers operating over that period; or
(b) by different computers operating in succession over that period; or
(c) by different combinations of computers operating in succession over that period; or
(d) in any other manner involving the successive operation over that period, in whatever order, of one or more computers and one or more combinations of computers, all the computers used for that purpose during that period shall be treated for the purposes of this Part of this Act as constituting a single computer ; and references in this Part of this Act to a computer shall be construed accordingly.
(4) In any civil proceedings where it is desired to give a statement in evidence by virtue of this section, a certificate doing any of the following things, that is to say-
(a) identifying the document containing the statement and describing the manner in which it was produced;
(b) giving such particulars of any device involved in the production of that document as may be appropriate for the purpose of showing that the document was produced by a compute ;
(c) dealing with any of the matters to which the conditions mentioned in subsection (2) above relate,
and purporting to be signed by a person occupying a responsible position in relation to the operation of the relevant device or the management of the relevant activities (whichever is appropriate) shall be evidence of any matter stated in the certificate; and for the purposes of this subsection it shall be sufficient for a matter to be stated to the best of the knowledge and belief of the person stating it.
(5) For the purposes of this Part of this Act-
(a) information shall be taken to be supplied to a computer if it is supplied thereto in any appropriate form and whether it is so supplied directly or (with or without human intervention) by means of any appropriate equipment;
(b) where, in the course of activities carried on by any individual or body, information is supplied with a view to its being stored or processed for the purposes of those activities by a computer operated otherwise than in the course of those activities, that information, if duly supplied to that computer, shall be taken to be supplied to it in the course of those activities;
(c) a document shall be taken to have been produced by a computer whether it was produced by it directly or (with or without human intervention) by means of any appropriate equipment.
(6) Subject to subsection (3) above, in this Part of this Act ” computer ” means any device for storing and processing information, and any reference to information being derived from other information is a reference to its being derived therefrom by calculation, comparison or any other process.
As can be seen even in the 1960s some thought had been given to how one would establish reliability; essentially this was by reference to the length of period during which a computer system had been functioning normally and properly, plus indications of circumstances in which it had not.
The certification provision for civil proceedings was dropped in the Civil Evidence Act 1995 s 15, pointing to a schedule, and for criminal proceedings in the Youth Justice and Criminal Evidence Act 1999, s 60. After these repeals the issue of computer evidence became one largely of weight as opposed to admissibility. However in criminal proceedings there remains the possibility of exclusion on the grounds of “unfairness” under s 78 PACE 1984:
(1) In any proceedings the court may refuse to allow evidence on which the prosecution proposes to rely to be given if it appears to the court that, having regard to all the circumstances, including the circumstances in which the evidence was obtained, the admission of the evidence would have such an adverse effect on the fairness of the proceedings that the court ought not to admit it.
(2) Nothing in this section shall prejudice any rule of law requiring a court to exclude evidence.
But this is a matter for judicial discretion. (It can give defence counsel two bites at the cherry – to seek to have evidence excluded for unfairness and if that fails, to argue in front of a jury that the evidence is unreliable).
The comments made by the experts consulted by Stephen Mason take these admissibility tests a little further, no doubt because they reflect the experience up to 2019 as opposed to what was thought in the 1960s. The salient conclusion, with which I concur, seems to be that the percentage degree to which a system can be said to be free from bugs (if such a figure can actually be determined for a complex system with a long history of development and modification) does not indicate whether important bugs may still linger and be important in particular circumstances. In other words, “robustness” as it appears to test is not helpful both because there is no clear definition and because a finding of general robustness does not necessarily address specific flaws.
The current position seems to be that evidence from a computer is routinely admitted and there is a rebuttable presumption of reliability. In other words a court will accept the output of a computer without looking for specific reassurance unless it is challenged, at which point it is up to the party producing the specific output to persuade that in the particular circumstances that the evidence should be accepted for weight. Stephen Mason points to the Criminal Justice Act 2003 s 129.
He also says: “no judge has ever determined what ‘reliability’ is…” I wonder how far we will ever get a definition, or even a series of explicit tests, and if so how helpful they would be. Computer technology is in a state of constant evolution so that one of the problems faced by designers of security standards is that it can be possible to achieve a certificate of compliance with a standard such as the ISO 27000 series even though the system itself is vulnerable because the checklist used has become obsolete. We might yet some “good practice” type of guidance which would help. We could also look to some of the questionnaires generated to assist those seeking compliance with GDPR and need to show they have been through the necessary processes (e.g https://gdpr.eu/checklist/; https://ico.org.uk/for-organisations/data-protection-self-assessment/) but these do not give direct support to “reliability” or “robustness” assessments.
In the end the only test will be specific investigation of an alleged flaw which is material to particular circumstances which is the subject of a litigation process. Analysing those circumstances is not a matter of generalised tests of robustness or reliability but a function of adequacy of disclosure. The principles of disclosure are well enough known: the parties have a mutual obligation to disclose and provide for inspection of documents which might support a counter-party’s case or undermine a party’s case. In English law the detail is given in Civil Procedure Rule 31. An associated Practice Direction deals with the disclosure of electronic documents and sets out a questionnaire but this largely addresses agreements on the technical measures involved in electronic disclosure – “reasonable search”, keyword and other automated searches, metadata, formats for delivery and so on. It does not assist in deciding what should be disclosed.
How then did Mr Justice Fraser in the Post Office Horizon trials get himself into the position where he seems to be asking for guidance on a test for “robustness”? The case is a complex one with getting on for 600 claimants. They are sub-postmasters who usually have a Post Office counter complete with computer terminal in the corner of a shop also selling other things such as groceries and stationery. The system in question not only has a long history and many functions but it also interfaces with other services including the National Lottery and to computers handling entitlements to state benefits. The judge decided that in order to manage events he wanted to divide the case into several trials. So far three have been declared: the first was called Common Issues and concerned the relationship between the sub- postmaster claimants and their contractual relationship with the Post Office. This trial has now taken place. The second, for which judgement is awaited as this blog is being written, is concerned with robustness. A third stage will deal with the individual claims of specific sub- postmasters. The judge has indicated that there may be a further fourth stage.
Although one must have sympathy with the judge it now seems reasonably clear that the second stage – robustness – is unhelpful to any outcome from the dispute. It will not be until the third stage when individual sub- postmasters describe in detail what has happened to them that any useful conclusions can be reached. What is already clear is that a key issue is lack of adequate disclosure on the parts of the Post Office.
The very helpful blog by Nick Wallis www.postofficetrial.com and the news website www.computerweekly.com publish much detail and some of the key documents. I was briefly consulted by the Justice for SubPostmasters Alliance to see if I could contribute; in the end we decided against any full involvement as my fees would have had to come from the sums already allocated to the Claimants’ expert and that that might reduce his effectiveness. But I did get to see the Claimants’ and Defence expert reports as well as an earlier report by the consultants Second Sight. It was these that persuade me that the Post Office is very likely to face heavy criticism over failure to meet disclosure obligations.
Perhaps we don’t need a definition of robustness or a credit sheet to test for reliability – the real issue is adequacy of disclosure and the availability of independent expertise to see that this takes place and the results properly assessed.
See related post: The use of the word ‘robust’ to describe software code by Stephen Mason
This guest post was written by Peter Sommer. This post therefore reflects the views of the author, and not those of the IALS.
Peter Sommer provides expert witness and digital forensics services. He is a part-time Professor of Digital Forensics at Birmingham City University and a Visiting Professor at De Montfort University.
