Hacker News new | past | comments | ask | show | jobs | submit login

This is a tricky one, because you could just claim that the system wrote audit trails that show you did something due to a bug. How do you prove it either way?



I think any (financial crime) case built solely on computer evidence is too weak to be prosecuted, even if that means you end up accepting some non-zero amount of financial crime. "it is better a hundred guilty persons should escape than one innocent person should suffer" as someone once said.

In the case of the sub-postmasters the Post Office, as far as I'm aware, never proved where these stolen sums supposedly went. The computer evidence was thought terminating and was the only thing (except false confessions under duress) used to secure these convictions, rather than proper investigative work.


Yeah, it seems crazy to me that they didn't have to prove where this money went. I suspect the majority of people caught stealing money in any other capacity are probably caught by the changes to their lifestyle being noticed before the financial irregularities are ever spotted.


The amounts people were prosecuted over supposedly stealing were in the tens of thousands of pounds (some made up the alleged discrepancy by paying back some of their own salary). Not something likely to radically alter the lifestyle of a small business owner (if they had been stealing they'd probably have spent it on cash payments to staff and family, gambling habits and boring stuff like mortgage repayments and savings)

It's crazy auditors didn't spot discrepancies especially with the high base rate of reported frauds and errors, but if finding the receipts for stolen money was the threshold for prosecution any remotely competent thief would be in the clear


It's hard to say exactly how much a sub-postmaster makes but from a brief search it seems to be in the range of £30k-£35k. It's not like the kind of money these people had down the back of their couch.

If there is absolutely nothing to corroborate the money going missing, no evidence presented for where or how the money was stolen then there shouldn't be enough to send someone to prison.


As the sibling comment says (max reply depth reached) the sub-postmasters in general were just about getting by. Part of why this scandal is so egregious is that these people were often just-about-managing under terms of an incredibly unfair contract with the PO.

The amounts of money involved may be small to business owners in other domains but for SPMs many were almost bankrupted by trying to replace the sums out of their own earnings as you say. This wouldn't have been a rounding error to their lifestyle, it should have been provable to any halfway decent investigator. And if not? Then they get away with it and it's the price we pay not to live in tyranny.


Blackstone’s ratio is ten to one, not a hundred to one.


> This is a tricky one, because you could just claim that the system wrote audit trails that show you did something due to a bug.

Well, yeah. A defendant should be able to argue that because that can (and did) happen and it's bad to routinely wrongly convict people.


That's not the point I'm making. Obviously it's bad to wrongly convict people.


I guess I don't know what your point is.

I thought when you called it a "tricky one" you were expressing that it might be a bad thing if it were difficult to convict someone based primarily on audit logs.

But if you don't want people to be wrongly convicted, then surely that's a good thing, right? As we know, there's no guarantee a particular audit log is correct.


> But if you don't want people to be wrongly convicted, then surely that's a good thing, right?

Think of it like a diagnostic test, like covid tests. That sort of test has 2 measures, not one (anyone who just says "Test X is 95% accurate!" is selling you something) - specificity and sensitivity. Sensitivity is the percentage of true positives it generates out of all positives, and specificity is the percentage of true negatives it generates out of all negatives.

I don't want people to be wrongly convicted, no, so I want legal tests to have a very high specificity. But I could do that easily, by just throwing every case out as not guilty. The hard bit is raising sensitivity at the same time. You can't just say "if you don't want people to be wrongly convicted", because that justifies far too many things.

> As we know, there's no guarantee a particular audit log is correct.

There's no guarantee anything is correct. Three witnesses could have colluded and someone might go to jail for it, but unless there's a reason to think they colluded, we don't assume that. That's the problem I'm talking about: how do we get a feel for software systems without assuming like the Post Office that they work, or like you that they don't work?




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: