Thursday, March 14, 2019

Horizon trial: day 4 transcript

This is the unperfected transcript of the fourth day of the Horizon trial, held on 14 March 2019 in court 26 of the High Court's Rolls Building.
                                        Thursday, 14 March 2019
   (10.30 am)
   MR JUSTICE FRASER:  I am not going to deal with this now but
       just to ask you both to remind me, at the end of the day
       can you remind me to deal with 8 and 9 May.
   MR DE GARR ROBINSON:  My Lord, yes.
   MR JUSTICE FRASER:  I have written a note for myself so
       I should --
   MR DE GARR ROBINSON:  Between us I'm sure we will ...
                   MR RICHARD ROLL (continued)
       Cross-examination by MR DE GARR ROBINSON (continued)
   MR DE GARR ROBINSON:  Mr Roll, just a brief recap on what we
       were discussing yesterday.  In your various witness
       statements you use the phrase "software errors" and just
       so that I can confirm my own understanding, when you say
       "software errors" you don't mean coding errors, you mean
       a much wider category of errors, including data
       problems, yes?
   A.  Generally, yes, including coding errors as well though.
   Q.  But sometimes you use the phrase -- perhaps it is unfair
       of me to ask it, but sometimes when you say "software
       errors" you actually mean data problems in the context
       in which you use it?
   A.  Yes.
   Q.  But given that I'm not putting anything to you, I will
       take that as read.
           And when you say data errors or data problems you
       generally mean operational type data, don't you?  You
       don't mean things like configuration data, things like
       that?
   A.  I generally mean the data that's been written to the
       message store, so transaction data.
   Q.  Well, you say -- if I may say so, generally speaking
       transaction data -- well, let me ask you actually.
       Let's agree some terminology so that we don't get
       confused going forward.  Could I go to the defendant's
       witness statement bundles to tab 14 please {E2/14}.
       Paragraph 3, Mr Roll, perhaps you could briefly read it.
       I'm not interested in the first sentence, it is the rest
       of the paragraph.
   A.  This is Mr Godeseth's statement, yes.
   MR JUSTICE FRASER:  Which paragraph, sorry?
   MR DE GARR ROBINSON:  Paragraph 3, my Lord.
           When you get to the end perhaps we could ask and
       then the page can be turned for you.
           (Pause).
   A.  Can you turn the page please, yes.  {E2/14/2}.
           (Pause).
           So, sorry, what was your question again?
   Q.  So if you go back to page 1 you see that Mr Godeseth is
       drawing a distinction between transaction data on the
       one hand and data in the background, operational parts
       of Horizon on the other.  Are you aware of that
       distinction, does that have any resonance for you?
   A.  It does.  I was -- in my mind it is very similar.  The
       data that postmasters -- that's going into the message
       store when you are doing a transaction, how it is
       replicated up to the server and then how it is
       processed, that's the sort of information I was talking
       about.
   Q.  But when you talk about data corruption often you're
       talking about things like for example a bit being a zero
       instead of a 1 --
   A.  Yes.
   Q.  -- you described that in your witness statement.  That's
       not transaction data of that sort, is it, it's different
       kinds of data?
   A.  It could be transaction data that's been corrupted.
   Q.  I will take you to the relevant passage of your witness
       statement later but for present purposes can we please
       agree that when I say transaction data I mean a record
       of a transaction undertaken in a branch, or a branch
       activity that causes a change in the branch's cash or
       stock, I don't mean the wider collection of data, for
       example all sorts of data have fields that are allocated
       to all sorts of tables throughout the database, correct?
   A.  Right, yes.
   Q.  That kind of data, even if it is attached, if it's
       relevant to a transaction, that kind of data isn't seen
       by the subpostmaster, is it?
   A.  No.
   Q.  And it won't affect his branch accounts at all, will it?
   A.  I don't know.
   Q.  Well, often it won't.  Do you know that often it won't?
   A.  Often it won't.
   Q.  It is to do with things like harvesting.  That data will
       be harvested by the system for other purposes?
   A.  Yes.
   Q.  For example to monitor what transactions are being done,
       what products are being sold by Post Office, that kind
       of -- and many many other things.  You do recognise
       that?
   A.  Yes.
   Q.  So that kind of data, which I think you may previously
       have been referring to as transaction data, that's not
       what I mean when I say transaction data, I mean data
       relating to transactions that actually has an impact
       that the postmaster sees in his branch accounts?
   A.  Right.
   Q.  Okay, thank you.
   MR JUSTICE FRASER:  And are you going to adopt a similarly
       precise term for the other sort of --
   MR DE GARR ROBINSON:  Yes, I'm going to call that
       operational data.
   MR JUSTICE FRASER:  So, Mr Roll, just so we're all using the
       same terms and we all understand --
   A.  I will try and stick to --
   MR JUSTICE FRASER:  Do you now understand the
       differentiation as far as today is concerned?
   A.  Yes.
   MR JUSTICE FRASER:  There's transaction data and operational
       data, is that --
   MR DE GARR ROBINSON:  My Lord, yes.  I'm sure there are
       better terms but those are the terms I'm going to use.
   MR JUSTICE FRASER:  All right.
   MR DE GARR ROBINSON:  Now, having established points of
       nomenclature, could I ask you, Mr Roll, to go to your
       second witness statement.  It is E1, tab 10 and it is
       paragraph 14 of that witness statement which starts at
       page 9 {E1/10/9}.  You have it in hard copy I think with
       you.  It may be more easy to use that.
           Now, what I'm interested in is some -- I will let
       you find it.  You will see that it is under the heading
       "Transaction corrections and patterns of software
       errors", so in this section you are talking about TCs
       and software errors and paragraph 14 you then start
       talking about software errors and what I'm interested in
       is the text that's in red over the page at page 10
       {E1/10/10}.
   MR JUSTICE FRASER:  Which I don't think will come up on the
       common screen but it doesn't matter because you are
       using the hard copy.  Have you got your amended one,
       Mr Roll?  Have you got your amended one with the red
       text?
   A.  Yes I have mine.
   MR DE GARR ROBINSON:  Now, I only saw this shortly before
       you started giving evidence yesterday -- well, I saw it
       shortly before court sat at 10.30 yesterday morning.
       The first thing I would like to ask you is why was this
       text added to your witness statement here?
   A.  I was trying to clarify something that had come to mind
       after re-reading this a few days ago.  It is possible
       that if a postmaster is doing a transaction and as he --
       between pressing "enter" and the data being written
       there could be a corruption or an error that would cause
       that data to change.
   Q.  And why did you include it in this particular paragraph?
   A.  I had specifically said "bugs" before that, in the line
       above it, and I wanted to clarify that there were other
       things that could have caused problems.
   Q.  Oh, so you're not talking about bugs here, you're
       talking about other causes?
   A.  Yes.
   Q.  And you say:
           "As well as being caused by bugs, software errors
       could also be caused by data corruption."
           Stopping there, when you say "software errors" --
   A.  Transaction data errors.
   Q.  -- you mean data errors?
   A.  Yes.
   Q.  So when you say "data errors could also be caused by
       data corruption", is that circular, or are you -- could
       you explain what you mean?  It looks like you are saying
       data corruption could be caused by data corruption --
   A.  Sorry, I see what you mean.
   Q.  -- and I would like to give you the opportunity to
       explain what you mean?
   A.  There could be some corruption of data at that point
       that might cause the postmaster to -- for the account to
       say he has a certain amount of money perhaps that he may
       not have.
   Q.  You are talking about hardware errors causing data
       corruption, aren't you?
   A.  It needn't necessarily be the hardware that caused the
       problem, it could be the software that's become corrupt,
       the transaction --
   Q.  Well you have just told me you weren't talking about
       software bugs, you were talking about --
   A.  No, sorry, the transaction data could be corrupt at that
       point.  Just one of those spurious things that happens.
   MR JUSTICE FRASER:  Just pausing there, you said software
       bugs, I think yesterday we worked out that's coding.
   MR DE GARR ROBINSON:  Coding.
   MR JUSTICE FRASER:  Can we keep to that.
   MR DE GARR ROBINSON:  So you're not saying these kind of
       things are caused by coding?
   A.  Sometimes it is caused by coding bug, or it could be
       a potential bug, other times it could have been
       something else.  It could just be data corruption that
       just happened at the moment.
   Q.  I'm struggling to understand this, Mr Roll, because you
       say "as well as being caused by bugs" and you just told
       me about a minute ago that you put this in here because
       you were distinguishing between issues that are caused
       by bugs and issues that are caused by other things.  Now
       you are saying these things are caused by bugs after
       all.  Which is it?
   A.  Sorry, what I'm trying to say in this added bit is it's
       not caused by bugs, it's data that has become corrupted
       at a specific moment in time just because it has become
       corrupted.
   Q.  And I'm suggesting to you, Mr Roll, that in that
       scenario it will generally be because of some hardware
       error in the counter in which the transaction is being
       entered.  Would you accept that?
   A.  No.
   Q.  Well, let's proceed.  You then say:
           "If the corruption happened just as a transaction
       was being written to disc, it could have altered the
       value of a transaction and the subpostmaster may not
       have realised."
           So what you are suggesting is the subpostmaster
       types in a number on the screen and actually the number
       that comes up is different from the number that he or
       she has typed?
   A.  No, the number that he or she has typed would be
       correct, but in-between pressing the "enter" key and it
       going off you've got milliseconds between it going
       between there and being written to the disc.  If the
       data corruption occurs in that instant ...
   Q.  I see.
           You then say:
           "This would not be detected by the system as there
       would not be a mismatch in the figures."
           Is that your evidence?
   A.  That's what I'm suggesting there, yes.
   Q.  Well, could I suggest to you, Mr Roll, that where that
       happens there are cyclic redundancy checks being
       constantly done which check to see whether the amount
       typed in is the same as the amount that goes into the
       system.  It is something that's continually done within
       the Horizon system, isn't it?
   A.  You are probably right there.
   Q.  It is done at both levels.  We're talking about
       Legacy Horizon.  It is done at the Riposte level which
       operates the message store, as it were, and it is done
       at the operating system level, the NT which operates --
       sorry, the NT, the Windows that operates the counter
       itself.  There are cyclic redundancy checks that are
       applied as these processes are being done at both of
       those levels, aren't there?
   A.  I don't remember that precise detail.
   Q.  But I suggest to you that that is the case and are you
       in a position to dispute that?
   A.  I'm not in a position to dispute that, no.
   MR JUSTICE FRASER:  Are you saying six on Legacy Horizon?
   MR DE GARR ROBINSON:  I'm talking about Legacy Horizon, the
       counters that were used in branch at that time and
       your Lordship will remember that --
   MR JUSTICE FRASER:  No, you don't need to go into any more
       explanation, I just wanted to check.
   MR DE GARR ROBINSON:  And those checks will automatically
       and immediately tell if there is a difference between
       what the application is attempting to write, what's
       actually being typed in, and what is actually being
       written into the system; that's right, isn't it?
   A.  Usually, yes.
   Q.  I would suggest to you, Mr Roll, it always happens, it's
       a constant feature of the Legacy Horizon system.  It's
       one of the fundamental consistency checks that is always
       applied in the operation of the system.  Do you accept
       that?
   A.  I accept that's how it is supposed to work, yes.  I'm
       still not sure that it would be 100%, but --
   Q.  Well, let me ask you about your experience.  In your
       44 months at the SSC did you ever encounter a situation
       where a cyclic redundancy check missed an error of this
       sort?
   A.  I can't remember that.
   Q.  I suggest to you didn't, Mr Roll.
           Could I also ask you whether you were ever aware of
       this -- in your experience you ever actually saw this
       problem happening with a subpostmaster?
   A.  I don't think I did, no.
   Q.  You said --
   A.  I don't think I did.
   Q.  You don't think you did?
   A.  No.
   Q.  So what you're saying in red text here in paragraph 14,
       it's really largely a -- and I don't mean to be rude
       when I say this -- it's an armchair theoretical exercise
       that you are discussing, it's not something that
       actually reflected your experience when working at the
       SSC, is it?
   A.  No, it was something I was thinking of hypothetically.
   Q.  I'm grateful.
           Then just to complete this point -- and this may be
       beyond your experience because it appears that you
       didn't actually see any of this happening while you were
       there, but just to complete, would you accept that if
       and when the cyclic redundancy check spotted there was
       the mismatch of figures being typed in and figures going
       into the system, as well as sending an event straight
       away to the SSC which would be picked up by the SSC's
       automatic systems, it would also prevent the counter
       actually undertaking the transaction.  Do you accept
       that?
   A.  Yes.
   Q.  I'm grateful.  Now, I would like to go to paragraph 8 of
       your first witness statement please and that's at
       {E1/7/2}.  I would like to pick it up at the third
       sentence where you say:
           "Any errors made by subpostmasters would be
       relatively easy to identify, and would normally be
       picked up by 1st or 2nd line support.  If an error was
       referred to us then it was extremely unlikely to be due
       to a mistake made by a postmaster ..."
           Do you see that?
   A.  Yes.
   Q.  Having read that could we then move please to what
       Mr Parker says about this and I would like to go to
       bundle E2, tab 11 and it is at page 6 {E2/11/6} and it
       is the text just underneath the numbered
       paragraph 26.1.3.  Mr Parker says:
           "If a branch required assistance to attempt to
       determine the cause of a discrepancy they would contact
       NBSC in the first instance.  Discrepancies are not
       unusual in a retail system."
           I imagine you would accept that, Mr Roll.
           "They indicate a difference between the operator's
       declaration of cash and stock on hand and the system's
       calculation and as such are a business operation issue.
       However ..."
           He says and this is the point I'm going to ask you
       about:
           "... it was not always possible for NBSC to identify
       the cause of a discrepancy.  For example, a user may
       enter a deposit of £100 into a customer's bank account
       on Horizon but rather than taking £100 from the
       customer, they may make a mistake and give the customer
       £100 as if it had been a withdrawal.  In that scenario,
       NBSC would not have been able to identify the cause of
       a discrepancy.  Clearly, NBSC is also unable to assist
       when losses have been caused by theft."
           Now, do you accept what Mr Parker says in the
       paragraph I have just read out?
   A.  Yes.
   MR JUSTICE FRASER:  NBSC is the helpline, isn't it?
   MR DE GARR ROBINSON:  My Lord, yes.  It's the first line
       of support.
   MR JUSTICE FRASER:  And is that Fujitsu or Post Office?
   MR DE GARR ROBINSON:  The NBSC is run by Post Office.  It
       then goes through to the second line.
   MR JUSTICE FRASER:  Mr De Garr Robinson, I just wanted to
       check that.
   MR DE GARR ROBINSON:  Yes.
   MR JUSTICE FRASER:  Because in other statements it is
       referred to as the helpline.  I just wanted --
   MR DE GARR ROBINSON:  My Lord, it is sometimes referred to
       as the helpline.  It is confusing because there is the
       HSD as well as the NBSC and they are both elements of
       the first line of support.
           So where you say, Mr Roll, in paragraph 8 of your
       statement that any errors made by subpostmasters would
       be easy to identify and would normally be picked up,
       that's not right, is it?  There are all sorts of errors
       that are made by the postmaster that will not be picked
       up.  Would you accept that?
   A.  From my memory of when we were working there, no, but
       from reading this ... yes.
   Q.  You would accept that.  So, for example, if an irate
       subpostmaster phones into the NBSC and says "These
       figures aren't right, there's a glitch in the system,
       there's a glitch in the system", keeps insisting there's
       a glitch, it would not be easy -- in fact in many cases
       it would be impossible for the first or the second line
       of support to say categorically "That's definitely
       a user error" and close the matter down.  In that kind
       of situation wouldn't what would happen be that the
       second line of support would refer on to SSC for
       investigation; do you accept that?
   A.  Yes.
   Q.  Then I would like to go back to your witness
       statement -- it is quicker to do it in hard copy,
       Mr Roll -- paragraph 10 of your first witness statement
       {E1/7/2} you must have in front of you.  You say, second
       sentence -- so we have a problem like that, it gets
       passed to the SSC and I think you would accept that the
       SSC would always investigate to see if it could be
       attributed to a bug or other fault within Horizon --
   A.  Yes.
   Q.  -- yes?  So you then say:
           "If we were unable to find the cause of the
       discrepancy then this was reported up the chain and it
       was assumed that the postmaster was to blame."
           That's your claim.  I would like now to compare it
       to what Mr Parker says about this.  It is in his first
       witness statement again, this time at page 13
       {E2/11/13}.  Paragraph 46, Mr Parker says:
           "In paragraph 14 Mr Roll states, 'I would reiterate
       that the main recurring issues were software issues'.
       It is a symptom of working within a software support
       team that the majority of issues that come in have been
       attributed to a software issue by, for example, a lower
       line of support.  This can lead to a mindset of 'look at
       all these Horizon errors' but what this indicates to me
       is that the previous levels of support are functioning
       correctly, removing the majority of other causes
       (user/hardware problems).  It does not indicate that the
       majority of Horizon errors could be attributed to
       software."
           By "software" he means coding.  Would you accept
       that, Mr Roll?
   A.  Yes.
   Q.  Thank you.  And then if we could move on over the page
       to page 14, paragraph 49 {E2/11/14}, he says:
           "Mr Roll further states that if SSC was 'unable to
       find the cause of the discrepancy then this was reported
       up the chain and it was assumed that the postmaster was
       to blame' (paragraph 10).  That is not my experience: it
       is a simple truth of support that the majority of issues
       reported in the system are attributable to user action
       or user misunderstanding much system functionality."
           Stopping there, Mr Roll, would you accept that?
   A.  I would accept that -- and as he says, those issues
       would have been picked up at first or second line
       support.  The way I remember it is that we were dealing
       with issues not necessarily the majority of issues
       caused by the user, but that's how I remember it.
   Q.  I think I'm seeking to suggest to you, Mr Roll, that as
       a matter of just common sense the majority of issues
       reported in a system, whether it goes to first, second
       or third line of support, the majority of issues
       reported in the system are attributable to user action
       or user misunderstanding of system functionality?
   A.  Yes.
   Q.  As a matter of common sense you would accept that?
   A.  Yes.
   Q.  So "Hence", Mr Parker says:
           "... someone working in a support environment
       analysing a new issue would examine the possibilities of
       user error as a first hypothesis but any final
       conclusion is only generated based on the evidence.
       Where the evidence does not support a conclusion that
       there's a problem with Horizon, the SSC feeds the
       existent factual data back to Post Office and might say
       something along the lines of 'all indications are that
       the branch has made a mistake' but Fujitsu neither
       attributes 'blame' or agrees the final conclusion ..."
           What I would like to suggest to you, Mr Roll, is
       that when a problem was, when you were there, reported
       into the third line of support and the problem would
       then be allocated to a member of the SSC, that SSC
       member would look for ways in which the symptom that's
       complained about could be attributed to a coding error
       or other problem within Horizon; that's right, isn't it?
   A.  Yes.
   Q.  And they worked quite hard to try and figure -- they
       would look at all the data, the system log, the event
       log, transaction data; all the data, vast array of data
       that's available to Fujitsu, and they would work very
       carefully through to try and see whether there's
       a credible explanation that's based upon a coding bug or
       some other systemic problem with Horizon, yes?
   A.  Usually.
   Q.  Usually.
   A.  There were instances which I can't remember but I know
       that at the time I felt uncomfortable with what was
       going on because of the pressure that was put on us to
       find -- to either find a problem or to say that we
       couldn't find a problem.  So there were time constraints
       and we weren't given -- this is my recollection, but
       I can't give you specific details.  And this is why --
   Q.  So --
   MR JUSTICE FRASER:  Can you just let him finish.
   A.  This is why I first spoke to people about this, because
       there are instances that I remember being unhappy with
       it.
   MR DE GARR ROBINSON:  But you can't give any specifics --
   A.  No.
   Q.  -- and we can't look at the documents to see what you
       are talking about?
   A.  No.
   Q.  And it's not that -- I think we discussed this
       yesterday.  You are not suggesting that there was any
       pressure put upon you to put it down to human error,
       it's simply that you are saying that not enough time was
       given to do the job to your satisfaction, is that right?
   A.  Yes.
   Q.  I challenge that, Mr Roll.  I formally suggest to you
       that that didn't happen.
   A.  All I can say is that is how I remember feeling, but it
       was a long time ago.
   Q.  But from the SSC's perspective your job was to
       investigate a problem as thoroughly as it needed to be
       investigated?
   A.  Our job in the team; it wasn't always me who was doing
       the work that I was worried about.
   Q.  Well, quite often it was -- looking for these kind of
       problems, quite often it was someone more senior in the
       team that was looking at these kinds of problems --
   A.  Yes.
   Q.  -- isn't it?  And you can't speak to the amount of
       pressure that they were under, can you?
   A.  Not from direct memory, no.  It's just, as I said, the
       impression I took away with me.
   Q.  So you would accept, wouldn't you, that everyone in the
       SSC including you did a professional, rigorous and
       thorough job?
   A.  We tried to, yes.
   Q.  If we could go to your second witness statement please
       now which is at E1, tab 10 and I would like to ask you
       about paragraph 14 {E1/10/4}.  You say:
           "I do not believe that it is realistic to say that
       all software errors would have been picked up by the
       processes which were in place, or that the likelihood of
       software errors staying disguised as human errors was
       very small ... I believe there were likely many cases
       where subpostmasters would have been held responsible
       for problems which had not at the time been identified
       as software errors, either because they could not
       identify the problem and did not pursue these with
       Post Office or Fujitsu, or because when they were raised
       we ... were ultimately unable to identify the problem at
       the time."
           Now, I would like to ask you about your belief that
       there were "likely many cases".  Mr Roll, that's
       speculation, isn't it, that's not a statement of fact?
   A.  That is how I felt, yes, that's --
   Q.  You felt it?  What was the basis of your feeling?
   A.  Going back to what I have said a moment ago about
       feeling that at times we were under pressure and we
       couldn't do the job properly.
   Q.  How often -- do you have a recollection as to how often
       you were under pressure?
   A.  No.
   Q.  My sense of the evidence you have given -- and I want to
       tell you this so that you can tell me whether you agree
       or not -- is that it didn't happen very often?
   A.  Not very often, no.
   Q.  Okay.  So can you say how many times --
   A.  No.
   Q.  -- you had a sense when faced with a problem that it was
       likely to be a bug but you hadn't --
   A.  I wouldn't be able to say.
   Q.  You couldn't say how many times --
   MR JUSTICE FRASER:  Keep your voice up, Mr Roll.
   A.  Sorry.  I have no idea.
   MR DE GARR ROBINSON:  It is just your language.  You say
       "I believe" -- that's your present state of mind --
       "there were likely many cases where subpostmasters would
       have been held responsible for problems which had not at
       the time been identified".  How can you say "many"?
       When I ask you about the problem you say it is because
       "Sometimes I was busy and wasn't given enough time to
       investigate".  You very fairly say -- although you
       cannot be categorical, you can't identify particular
       incidences but you don't believe that happened very
       often.
   A.  First of all --
   Q.  On that basis how can you say that you believe there
       were likely many cases where it happened?
   A.  First of all, it wasn't necessarily me that was busy, it
       was comments from other people in the team about how
       busy they were trying to find a solution and I heard
       that infrequently, but that led me to the belief --
       that's the way I think I feel it, that if I was aware of
       a few then there must have been more.  So it's
       speculation, yes.
   Q.  You accept that it is speculation.  You are talking
       about something that happened between 15 and --
   A.  19 years ago.
   Q.  -- 18 years ago.  It would be fair to say, wouldn't it,
       that your recollection is very hazy about these kind of
       things?
   A.  Certainly some of it, yes.
   Q.  Would you accept that your recollection of this kind of
       thing is hazy?
   A.  It is quite hazy, but the feeling persists that
       sometimes things could have slipped through.
   Q.  Sometimes things could have slipped through.  One last
       question before I move on.  When you were under time
       pressure and you didn't feel that you were being given
       as long as you needed to do your job, is it that you
       were given ten minutes and told to do something else, or
       is it that you needed four hours and that you were only
       given three?  I would like a sense of what you mean when
       you say that you didn't have the time that you wanted?
   A.  You might have had eight or ten hours.  From my
       recollection -- I may be getting different things mixed
       up here, but we had so many days to come to
       a resolution, to resolve a problem, so if we didn't get
       the problem for a couple of days then our window had
       closed.  It was shorter than it should have been.
   Q.  And did you communicate concerns about this to anyone
       else -- to Mr Peach, your superior?
   A.  I believe that was -- it was mentioned at times, yes.
   Q.  You mentioned it to Mr Peach.  And did you mention it to
       Mr Parker?
   A.  I don't think so, no.  Mr Peach was the manager.
   Q.  But Mr Parker was your deputy manager, wasn't he?  He
       had authority over you, didn't he?
   A.  I never saw it as that, no.
   Q.  So it's not something you discussed with Mr Parker, it's
       just something you discussed with Mr Peach who isn't
       giving evidence, is that right?
   A.  Yes.
   Q.  I see.
           Then there's one phrase I would like to ask you
       about.  It is where you say:
           "I believe there were likely many cases where
       subpostmasters would have been held responsible for
       problems which ... we (Fujitsu) were ultimately unable
       to identify the problem at the time."
           Are you suggesting that problems reported to the SSC
       would not be resolved at that time, but then at some
       later time when a further problem arose it would then be
       identified?  Are you suggesting --
   A.  I wasn't trying to suggest that, no.
   Q.  It is just your use of the words "at the time"?
   A.  I'm sorry, that is misleading, yes.
   MR JUSTICE FRASER:  I'm sorry, Mr De Garr Robinson, I have
       lost where -- the passage you were asking about.
   MR DE GARR ROBINSON:  It is the sentence beginning
       "I believe there were likely many cases".
   MR JUSTICE FRASER:  Can you maybe give me a paragraph and
       page number?
   MR DE GARR ROBINSON:  Paragraph 14 of Mr Roll's second
       statement.
   MR JUSTICE FRASER:  It is just the screen had moved, that
       was all.  So we are still on paragraph 14.
   MR DE GARR ROBINSON:  Well, the sentence starts on page 4
       and then goes over to page 5.
           So you are not suggesting that you are aware of
       a problem that was identified at some later stage but
       manifested itself at some earlier stage and was not
       corrected at that stage and therefore was left there,
       you're not suggesting that that happened in your
       knowledge?
   A.  Sorry, could you say that again.
   Q.  I'm not being very clear, I'm so sorry.
           I'm trying to investigate with you whether you are
       seeking to allude to the following scenario and
       I suspect that you are not, so I will be quick.  At time
       T zero someone phones in with a problem, gets through
       the two lines of support, gets through to the SSC, it is
       investigated.  The investigator tries very hard to find
       a coding problem or some other problem in Horizon that's
       responsible for it, can't, puts it to one side, closes
       it down and then the problem reappears through some
       other postmaster at some later stage, gets through the
       first and second lines of support, gets to the SSC and
       a coding problem is then identified, but that leaves the
       poor first subpostmaster in the cold.  I was just
       seeking to investigate with you whether you are seeking
       to suggest in that sentence that that ever happened?
   A.  No.
   Q.  I'm grateful.  Because the truth is that in that kind of
       scenario, when the second problem is identified and the
       root cause determined then all occasions on which this
       problem has manifested itself in the past would then be
       investigated and identified, would they not?
   A.  Yes.
   Q.  So in that scenario information would be provided to
       Post Office to allow the earlier subpostmaster to be
       made whole -- I don't know if I'm allowed to use that
       expression, my Lord.
   A.  Yes, I would --
   Q.  Thank you.  Then I would like to go to Mr Parker's
       second witness statement now please, which is {E2/12/5}.
       I would like to ask you about paragraph 15 of
       Mr Parker's witness statement which is about recovery
       processes.  He says:
           "Mr Roll states that 'Fujitsu's stance was generally
       that if there was a problem with transactions following
       a recovery process and if SSC could not identify the
       cause, then the problem must have been caused by the
       subpostmaster not following the recovery process
       properly'."
           And then Mr Parker says:
           "I agree that if Fujitsu was unable to identify the
       cause of a discrepancy that was said to relate to
       a recovery issue, having investigated the matter, the
       likely conclusion would be that the discrepancy
       (if there was one following the recovery process) was
       probably the result of human error.  The key point
       here ..."
           And this is what I'm seeking to discuss with you,
       Mr Roll:
           "The key point here is that the SSC would thoroughly
       review all of the available evidence.  I am confident
       that if there had been a software issue in relation to
       the recovery process, the SSC would have identified it
       or in the very unlikely case that we could not determine
       root cause, would have at least documented its
       symptoms."
           Full stop.  Would you accept that, Mr Roll?
   A.  Yes, if we couldn't determine the root cause then it
       would have been documented.  But I should say, if we
       couldn't determine the root cause then that would have
       been passed on to the Post Office and the assumption
       would have been that the postmaster had made a mistake.
   Q.  I would like to suggest to you that Mr Parker here is
       saying that if there had been a software issue -- he
       means coding issue --
   MR JUSTICE FRASER:  That means coding, does it, there?
   MR DE GARR ROBINSON:  My Lord, I believe so.
           "... if there had been a [coding issue] in relation
       to the recovery process, the SSC would have identified
       it ..."
           Stopping there, do you accept that?
   A.  No.
   Q.  And why do you not accept that?
   A.  We may have passed it -- if we may have suspected --
       sometimes it would have been identified as a coding
       issue.  Sometimes if we couldn't identify it and
       suspected it as a potential one, it would have gone to
       development.  But we may not have detected the software
       issue -- the coding issues ourselves.
   Q.  He goes on to say:
           "... in the very unlikely case that we could not
       determine root cause ..."
           Would you accept that the situation you have just
       described would be a very unlikely one?
   A.  Terminology I suppose.  Unlikely.
   Q.  Very unlikely, Mr Roll.
   A.  I wouldn't agree with that.
   Q.  But you would agree unlikely?
   A.  Unlikely, yes.
   Q.  Then he says:
           "... [we] would have at least documented its
       symptoms."
           Would you agree with that?
   A.  They would have been recorded.
   Q.  They would be recorded in a what, in a KEL?
   A.  I don't know.
   Q.  In a PEAK?
   A.  I can't remember.
   Q.  The system would maintain knowledge of the symptoms and
       would be aware of or would be looking out for any
       recurrences?
   A.  Yes.
   Q.  And you said I think that this would then be passed on
       to the fourth line of support, is that right?
   A.  From my recollection of it, yes.
   Q.  And what would the fourth line support then do with it?
   A.  I think they would look at the code and see if they
       could find a problem with it.
   Q.  So in most cases, save in the unlikely case, the third
       line of support would have spotted the problem.  If they
       didn't spot the problem they would document the symptoms
       so that the system would be alive to the possibility of
       recurrences and at the same time they would pass the
       problem over to fourth line support who would give the
       problem an even more thorough investigation, is that
       right?
   A.  Usually, except if we were under pressure, as I said
       before --
   Q.  Well, if you were under pressure, Mr --
   A.  -- to provide an answer to our manager who was probably
       under pressure himself to provide an answer to --
   Q.  It is very hard to discuss the pressure you were under,
       Mr Roll, because you are talking in such generalities.
   A.  I'm sorry.
   Q.  I don't criticise you for that because it is a long time
       ago, you are doing what you can do.  But can I suggest
       to you that in circumstances where there's a problem
       that's been encountered and it is suspected that it may
       be the result of some kind of bug or other problem in
       Horizon, the matter is not going to be closed by anyone
       at the SSC.  One way or another, either at third line or
       at fourth line, the people are going to keep going until
       the suspicion has been fully exhausted; would you accept
       that?
   A.  No.  If we couldn't find a problem, then it may have
       been closed.  The information could have been passed
       back to Post Office saying "We can't find any problems"
       and from then on it would have been -- I assume it would
       have been put down as a postmaster's error or whatever.
   Q.  So you don't know what it would have been put down as in
       relation to the postmaster?
   A.  No.
   Q.  What I'm asking you is not just about the situation
       where you haven't been able to attribute a problem to
       a coding issue or some other problem in Horizon.  You
       try and attribute and you fail.  If you had been given
       proper time, which I think you say happened in most
       cases, then you would be satisfied that it wouldn't be
       the result of a coding problem or some other problem in
       Horizon, is that right?
   A.  Yes.
   Q.  But you say sometimes -- not very often, but sometimes
       you didn't get the chance to spend as much time on it as
       you would have liked; is that what you are saying?
   A.  Yes.
   Q.  I have already challenged you on that evidence.  But
       here is my suggestion to you, Mr Roll.  In circumstances
       where having got as far as you've got you actually
       suspect that a coding issue or some other problem in
       Horizon is responsible, you would not stop, you would
       not close down the PEAK --
   A.  No, you would pass it on.
   Q.  You would, wouldn't you?
   A.  Yes.
   Q.  So in any case where you have a lingering suspicion that
       there's a problem in Horizon of some sort causing this
       symptom, you would never close it down but you would
       always pass it on for further investigation?
   A.  If you thought it was a coding issue, yes.
   Q.  If you suspected it was a coding issue?
   A.  Yes.
   Q.  Or other problem in Horizon?
   A.  I'm not sure whether we would have closed some of them
       down or not at that point.
   Q.  What, with other problems?  Why would other problems in
       Horizon be dealt with differently?
   A.  Some of the areas we had a lot of control over --
       I don't really know how to explain this, I can't really
       remember much about it, but there were times when we
       couldn't find a problem with the message store and the
       data -- it was passed back to the Post Office as closed
       because we couldn't find any supporting evidence for
       what the postmaster was saying.
   Q.  Yes.  But how does that answer my question?
   A.  I think I'm getting side-tracked here, I'm sorry.
   Q.  My suggestion to you is that on any occasion when you or
       anyone else at the SSC had a lingering suspicion that
       a problem that had been identified --
   A.  Yes.
   Q.  -- was the result of the Horizon system --
   A.  If we had a suspicion then it would be passed on.
   Q.  -- it would absolutely not be closed down and blamed on
       the subpostmaster, would it?
   A.  No.
   Q.  Thank you.  But however, if having done your
       investigation and having formed the view that you don't
       have a suspicion of a problem in Horizon, does the last
       sentence of paragraph 15 of Mr Parker's statement
       {E2/12/6} apply?  He says:
           "Having conducted a careful investigation which did
       not reveal any software issues, human error would be by
       far the most likely explanation."
           Would you accept that as a matter of common sense?
   A.  I need to backtrack a bit here because sometimes, going
       back to the pressure, we would not suspect a software
       coding issue, a bug, a coding bug, there might be
       something else, but if we were under pressure then we
       wouldn't necessarily have the time to fully look at that
       to understand what was going on, so then we would close
       the KEL.
   Q.  Are you suggesting to me that in your situation as
       an SSC team member there would be checks that would need
       to be done in order to answer the question whether there
       was a problem in Horizon causing this situation and you
       would deliberately close a PEAK and close down the
       problem even though the check had not been done?
   A.  As far as I can remember, on occasion that did happen.
   Q.  Mr Roll, I suggest that's extraordinary and it's
       unprofessional and it's not what any member of the SSC
       should ever have done?
   A.  I know.
   Q.  Are you saying it's what you did?
   A.  On occasion I was instructed to close a particular call
       which was not software related or anything, basically to
       quieten it down.
   Q.  Well, that's quite remarkable, Mr Roll.  Why is none of
       that in your witness statement?
   A.  It is.
   Q.  You are telling me there was a specific occasion when
       someone with authority over you told you to close down
       a call when you hadn't finished your investigation,
       are you?
   A.  I'm not putting that very well, but yes.
   Q.  Who was the person who told you that?
   A.  Mik Peach.
   Q.  So Mr Peach told you -- what was the nature of the
       problem?
   A.  The nature of the problem was that a postmaster was
       reporting that a system was rebooting unexpectedly.  We
       looked -- or I looked at it and I found that the -- she
       was actually powering the system off and she insisted
       she wasn't.  It was a mobile system and she was -- as
       I said, we could see from the message store that the
       system was being rebooted and she insisted she wasn't
       rebooting it.  So I did some tests on the test rigs in
       the testing area at the end of floor 6 where we were and
       I found that on one of the test rigs I could simulate
       the same problem.  If I turned the screen off, it
       actually turned the whole computer off.  And when
       I dismantled the equipment I found that the screen
       button had been miswired and it had been wired into the
       motherboard so that it actually cut the power off and
       not the power to the screen, so it rebooted the system.
       That's documented in the PINICLs.
           I asked for the base unit to be brought back but in
       the meantime -- we then found out that this was a known
       build error but somebody in the hardware department had
       built a batch of computers and wired them up
       incorrectly.  They had sent them out to the estate but
       they -- they had realised they had done it and they knew
       about it but they hadn't informed anyone else.
           So I pinpointed the problem, spoke to Mik Peach.
       Mik Peach got back to me later and said "Yeah they know
       about this".  When the system came back and I confirmed
       it, I was asked not to put any more information on this
       on the PINICL and it was being dealt with internally.
   Q.  Let's talk about -- I was going to ask you about that
       later.  So that's not an occasion where Mr Peach told
       you to stop investigating something that needed to be
       investigated?
   A.  Not to stop investigating, no, he told me --
   MR JUSTICE FRASER:  Both of you, if you talk over each other
       we can't transcribe it.  So you wait for
       Mr De Garr Robinson to finish.  He will, I can assure
       you, wait for you to finish.
   A.  Sorry, your Honour.
   MR JUSTICE FRASER:  Right, Mr De Garr Robinson.
   MR DE GARR ROBINSON:  The answer you have just given me was
       the result of a question which I asked which is are you
       seriously -- I now can't reformulate my question.
           My question was based upon a claim that you have
       just made to the effect that there was a problem which
       required further investigation.  You said this didn't
       happen with coding bugs but sometimes with other issues
       that were less the SSC's purview, sometimes it did,
       where more investigation was needed and you said
       Mr Peach told you not to do that investigation but to
       close it down.  Now, do you remember giving that
       evidence?
   A.  That's ...
   Q.  We could go back to the transcript, if you like,
       Mr Roll.
   A.  What was it you said exactly before that part?
   Q.  Page 35 of the transcript.
   MR JUSTICE FRASER:  Line 17 I think.  Well, the passage goes
       from line 3 to about line 13.
           Can we go higher on the common screen -- that's it,
       just stop there.  Page 35.
   MR DE GARR ROBINSON:  You say:
           "Answer: On occasion I was instructed to close
       a particular call which was not software related or
       anything, basically to quieten it down."
           And if we could go actually further up, it is at
       line 16 on page 34:
           "Question: Are you suggesting to me that in your
       situation as an SSC team member there would be checks
       that would need to be done in order to answer the
       question whether there was a problem in Horizon causing
       this situation and you would deliberately close a PEAK
       and close down the problem even though the check had not
       been done?"
           That was my question to you.  So I was asking you
       whether there were occasions when you needed to do
       further sessions and you were told not to.  And you
       said:
           "Answer: As far as I can remember, on occasion that
       did happen."
           So that's quite a bold claim.  And then I say:
           "Question: ... I suggest that's extraordinary and
       it's unprofessional and it's not what any member of the
       SSC should ever have done?"
               And you say "I know" and I say:
           "Question: Are you saying it's what you did?"
           And you say:
           "Answer: On occasion I was instructed to close
       a particular call which was not software related or
       anything, basically to quieten it down."
           Now, I took you, Mr Roll, to be saying "Yes, I was
       told not to perform investigations that I felt I needed
       to perform", but the example you have just given, which
       I will be coming to, is not an example of that at all,
       is it?
   A.  No, it's not.  The line on 16 and my response at 22,
       I -- the way I remember that happening in the SSC is
       that not myself but other people were under a lot of
       pressure to come up with a "can you find anything, we
       have to know by lunchtime if you can find anything in
       this message store" and then they would come back and
       say "No, we can't find anything".
   Q.  Mr Roll, first of all that's not addressing the point
       that I'm suggesting to you.  You are not suggesting,
       are you, that people in the SSC were told not to perform
       checks that they felt they needed to perform in order to
       do their job properly?
   A.  Oh, I see.  No.
   Q.  And can I suggest to you that no one in authority at the
       SSC would ever have wanted a team member not to perform
       a check that needed to be done in order to satisfy that
       team member whether there was or wasn't a problem in
       Horizon?
   A.  The feeling I still have is that on occasion we could
       have done more if we had had more time but that
       occasionally due to time pressures we didn't have the
       time.  That's -- it's just my feeling from 19 years ago.
   Q.  Your feeling from 19 years ago and could I suggest to
       you, Mr Roll -- it may be wrong, but my understanding of
       your evidence is that that feeling is that it only
       happened on relatively rare occasions, it wasn't
       something that was frequent.
   A.  Rare occasions, but that was the feeling I had then and
       it has persisted.
   Q.  Very good.
           If we could move to page 6 of Mr Parker's second
       statement {E2/12/6} and look at paragraph 19 at the
       bottom of the page.  He says:
           "Fujitsu has mechanisms in place for detecting
       potential issues.  In ... my first statement I briefly
       explained that the system management centre monitors
       system events and I briefly described the work of the
       communications management team in paragraph 26.1.2.
       Each of these teams would generate support actions based
       on system generated event information."
           That's true, isn't it?
   A.  Horizon was an evolving system, it probably still is.
       In the early days a lot of the processes weren't in
       place and we had to find them, we had to find the
       problems and develop the processes to -- so that by the
       end of by the time I left then yes, this was true.
   Q.  I suggest to you that this sentence is true of the
       entire time that you were working at SSC, Mr Roll.
   A.  My recollection is that we improved the systems
       tremendously over the years.
   Q.  But from the word go these teams did exist and they
       would generate support actions based on systems
       generated event information from the first day that you
       were there?
   A.  Yes, if the system was able to generate the event.
   Q.  But you're not, I presume, in a position to tell me what
       events it was able to generate when you arrived --
   A.  No.
   Q.  -- and what events it was able to generate when you
       left?
   A.  No, but as we put more processes in, the system is much
       more able to detect errors.
   Q.  Well, it's difficult for me to ask you questions about
       that kind of claim.
           Then he says:
           "It is also the case that the sheer number of
       subpostmasters using the service and reporting issues
       via the help desks make it very unlikely that there is
       any significant number of hidden errors."
           Would you accept that?
   A.  A significant number, yes.  There may have been the
       occasional one.
   Q.  Yes, but can we say the vast majority of problems that
       were caused by the system would have manifested
       themselves in some kind of reporting --
   A.  Yes.
   Q.  Thank you.  And he says:
           "These mechanisms are so effective at identifying
       when bugs are a cause of problems that it would be very
       rare for a bug to not be detected."
           Would you accept that?
   A.  If it was a known bug, yes.
   Q.  What do you mean by that?
   MR JUSTICE FRASER:  We are talking coding, yes?  Coding.
   A.  Coding, yes.
   MR DE GARR ROBINSON:  Yes.
   A.  If a coding bug was detected then we could put in place
       mechanisms to detect when that was -- when that bug had
       had an effect.
   Q.  I think Mr -- I'm grateful for that answer, but I think
       Mr Parker is making a slightly different point.  He has
       described the mechanisms in place and you generally
       agreed them.
   A.  Right.
   Q.  And he says:
           "These mechanisms are so effective at identifying
       when bugs are a cause of problems that it would be very
       rare for a bug to not be detected."
           That's true, isn't it?  Sometimes the bug could get
       through --
   A.  Yes.
   Q.  -- but it would be very rare for that to happen, would
       you accept that?
   A.  Yes.
   Q.  Thank you.  Then on to paragraph 20 {E2/12/7}:
           "Once an issue has been raised, Fujitsu is
       experienced in providing support and will go to great
       lengths to investigate the root cause."
           Stopping there, would you accept that?  That that
       was true of your time when you were at the SSC?
   A.  Yes.
   Q.  "In paragraph 61 of my first statement I explained that
       Fujitsu use a custom solution, developed and
       administered by the SSC, which allows us to record
       support knowledge into a known error log ... KELs record
       support knowledge which is intended to assist staff in
       the support and understanding of the Horizon system."
           I apprehend you won't disagree with any of that?
   A.  No.
   Q.  He then says:
           "Mr Roll's statement that 'subpostmasters would have
       been held responsible for problems which had not at any
       time been identified as software errors ... because when
       they were raised we (Fujitsu) were ultimately unable to
       identify the problem at the time' assumes that if
       Fujitsu was not able to get to the root cause of an
       issue, it must have been a software error rather than
       a human error.  But as I explain ... above, if Fujitsu
       was unable to identify any software issues after
       carrying out a careful investigation, human error would
       be by far the most likely explanation."
           Now, would you accept that, Mr Roll?
   A.  I would accept that it is the most likely explanation,
       yes.
   Q.  Thank you.
           Then if we can move on to paragraph 23 {E2/12/7} --
       I'm reading this to you to give you an opportunity to
       disclaim any intention of what Parker thinks you might
       be doing.  He says:
           "I think that Mr Roll may be trying to suggest that
       Fujitsu were quite happy to assume that issues were the
       responsibility of subpostmasters.  That is not the case.
       We investigated matters thoroughly and if we identified
       an error in Horizon, we dealt with it appropriately.
       Our investigative and analytical procedures have always
       been thorough in my view and while I obviously cannot
       say that in each and every case our diagnosis was
       correct, I am confident that that was the case in the
       overwhelming majority of cases."
           Now, Mr Roll, a couple of questions, perhaps three
       or four.  Given the discussion we have just had, could
       I invite you to indicate whether you are or are not
       trying to suggest that Fujitsu were quite happy to
       assume that issues were the responsibility of
       subpostmasters?
   A.  I don't know what the management's position was on how
       protective they were of their system, the directors
       et cetera at that level.  At our level certainly we
       would -- I would certainly agree with what Mr Parker has
       put in the second part there --
   Q.  What, you mean "we investigated matters" --
   A.  -- "in the overwhelming majority of cases".
   MR JUSTICE FRASER:  You said the second part, which part do
       you mean?
   A.  Sorry --
   MR DE GARR ROBINSON:  Do you agree then that "We
       investigated matters thoroughly and if we identified an
       error in Horizon we dealt with it appropriately"?
   A.  Yes.
   Q.  You agree with that.  Do you agree that:
           "Our investigative and analytical procedures have
       always been thorough in my view ..."
           Do you agree with that?  Is that your view too?
   A.  Generally speaking, yes.
   Q.  "... and while I obviously cannot say that in each and
       every case our diagnosis was correct, I am confident
       that that was the case in the overwhelming majority of
       cases."
           Is that your view?
   A.  In the majority of cases, yes.
   Q.  Thank you.
   A.  I wouldn't want to suggest that Fujitsu were happy to
       assume.
   Q.  Very good.  I'm very grateful for that, Mr Roll, and
       that means I don't need to ask you any more questions.
           Could we now move on to your second witness
       statement please.  I would like to ask you about
       paragraph 9, it is {E1/10/3}.  It is under the heading
       "Transactional integrity", and here you are taking
       Dr Worden to task about something he said in his expert
       report and you say:
           "At paragraph 156, Dr Worden describes zero sum
       baskets, other branch actions being zero sum, and
       transactional integrity.  I agree that the system was
       designed with these intentions in mind but there were
       limitations and errors in the system.  Data corruption
       and glitches sometimes meant that transactions were not
       zero sum.  I recall on more than one occasion where
       subpostmasters had problems with a deficit showing in
       their accounts, and then as a result of working through
       a process to try to resolve it, the deficit doubled."
           Let's just break that down, if we can.  You refer in
       that paragraph to three concepts.  Transaction baskets
       and accounts.  I think you will accept, won't you, that
       when you are doing business at a counter, several
       transactions can go into a basket, yes?
   A.  Yes.
   Q.  And then many baskets, once they are entered into the
       accounts, make up the accounts, yes?
   A.  Yes.
   Q.  The zero sum point only relates to baskets, doesn't it?
   A.  I can't remember.  I'm not sure.
   Q.  So I'm just trying to understand what you mean when you
       say:
           "Data corruption and glitches sometimes meant that
       transactions were not zero sum."
           A transaction is never zero sum, is it, it's the
       basket that's zero sum having summed up all the
       transactions that are in the basket?
   A.  I think you're correct there, yes.
   Q.  Then if I could ask you to go to what Dr Worden says
       about transactional integrity.  That's at {D3/1/39}.
       Could I ask you to read -- it is quite long so I won't
       read it out, you will be pleased to know.  Could I ask
       you to read paragraph 156.3.  This is the paragraph that
       you take issue with.
           (Pause).
   A.  Okay, I have read that now, yes.
   Q.  Now, you say -- we have just read the relevant paragraph
       from your witness statement.  You said you agree that
       the system was designed with these intentions in mind
       but you say there were limitations and you go on to say
       that data corruption and glitches sometimes meant the
       transactions were not zero sum and we have discussed the
       difficulty I have with your use of the phrase
       "transactions".
           You then go on to give an example.  You say in
       paragraph 9 of your witness statement {E1/10/3}:
           "I recall on more than one occasion where
       subpostmasters had problems with a deficit showing in
       their accounts, and then as a result of working through
       a process to try to resolve it, the deficit doubled.
       Sometimes we found the source of the problem as a known
       bug ... and we could resolve the problem, but we were
       not always able to find or understand the cause."
           Mr Roll, I'm slightly bemused by that because the
       example you have just given there is not an example of
       a limitation or error in transactional integrity, is it?
   A.  No, it's not, I ... I must have misunderstood or misread
       what Dr Worden was saying in paragraph 156.3.
   Q.  Well, could I suggest to you, Mr Roll, that what
       Dr Worden is saying in paragraph 156.3 is true and that
       you don't have any contrary examples to offer to suggest
       that it didn't always happen?
   A.  No, I misunderstood his -- what he put.
   Q.  Were you asked to -- did someone invite you to disagree
       with this paragraph?
   A.  No.
   Q.  That's not what happened?
   A.  No.
   Q.  I see.
           Then the example you give is discussed by Mr Parker
       at paragraph 8 of his second witness statement, which is
       {E2/12/4}.  If I could ask you to read paragraphs 8 and
       9, is that the example that you have in mind?
   A.  I can't remember exactly.
   Q.  Have you looked at the KEL that Mr Parker refers to in
       paragraph 8?
   A.  No.
   Q.  So you haven't looked at any of the underlying
       documents?
   A.  No.
   Q.  Or the PEAKs?
   A.  No.
   Q.  Mr Parker says at paragraph 10:
           "I am not aware of any case in which baskets were
       not zero sum (ie any case in which a non-zero sum basket
       was accepted into Horizon), although given the lack of
       detail in Mr Roll's statement on this point it is
       difficult for me to state definitively that such an
       issue never arose."
           Would I be right in thinking that you can't think of
       an example of that happening either?
   A.  Yes, I think I got my terminology wrong in the zero sum
       basket.
   Q.  So would the answer to my question be right: you can't
       think of an example of that happening --
   A.  No.  You are right, yes.
   MR JUSTICE FRASER:  So what terminology should I read it as
       saying?
   A.  I'm afraid I can't remember the full terminology that
       I should be using for the Horizon system, my Lord.
   MR JUSTICE FRASER:  I'm not asking about that.  Is there any
       other word that I should change to reflect what your
       evidence is on this, or not?
   A.  No, your Honour.  I was trying to point out in this that
       due to errors sometimes when a postmaster tried to
       correct it actually doubled the error.
   MR JUSTICE FRASER:  All right.
           Back to you, Mr De Garr Robinson.
   MR DE GARR ROBINSON:  Then if we could continue with
       paragraph 10 of Mr Parker's statement, halfway down he
       says:
           "I would expect any such issue ..."
           This is a true transaction integrity issue:
           "I would expect any such issue to result in
       a receipts and payments mismatch which would be (1)
       picked up by Fujitsu's reconciliation reporting ..."
           Stopping there, that's right, isn't it?
   A.  Yes.
   Q.  And secondly be:
           "... visible to the branch when they balanced at the
       end of the trading period."
           That's true also, isn't it?
   A.  I don't know.
   Q.  Fair enough, Mr Roll.  But you accept, do you, that when
       you were there it would have been picked up in
       reconciliation reporting?
   A.  I believe so, yes.
   Q.  And it would have resulted, as he says in the last
       sentence, in investigation and resolution by the SSC?
   A.  We would investigate it, yes.
   Q.  I'm very grateful, thank you.
           Then if we could go back to your second statement,
       paragraph 10 {E1/10/3}.  It's a very long paragraph and
       I'm not going as quickly as I expected.  If I could ask
       you just to have a quick look at paragraph 10 so you can
       remind yourself what you're talking about.
           Have you --
   A.  Yes.
   Q.  Now, I would like to ask you, Mr Roll, how good is your
       recollection of this particular instance?
   A.  It's a bit hazy but I can remember the sort of basics.
   Q.  And I'm interested in your suggestion that it was
       "impossible to fix".  Was it really impossible to fix?
   A.  From my understanding of the problem, yes.  To fix the
       software, to recode the amount of software that would
       have needed to be recoded would have meant, from my
       understanding, a basic rebuild, so it would have taken
       too much effort.
   Q.  You refer to your understanding; was this a problem that
       you yourself worked on?
   A.  I can't remember.  It's certainly one I was aware of,
       because we discussed it.
   Q.  So it might have been something that you picked up in
       discussions with other people?
   A.  Yes.
   Q.  And you say you have a recollection of something you
       can't actually remember -- it is not clear enough for
       you to know whether you actually worked on it or not, it
       might just be what other people told you, is that right?
   A.  It was a fairly common problem this.
   Q.  A fairly common problem?
   A.  From what I remember.
   Q.  So this is a problem that you suggest happened a lot of
       times, did it?
   A.  Periodically.  We were aware -- we kept an eye out for
       it because we knew it would happen.
   Q.  And then you refer to a workaround.  You say at the top
       of page 4 {E1/10/4}:
           "Eventually the problem would be escalated to SSC
       and a workaround established."
           Again, are you speaking from your experience, or are
       you speaking from your recollection of what people may
       have said when you were at work?
   A.  I can't remember if I worked on that or not.  It was
       something we all kept an eye out for.
   Q.  So it is something you kept an eye out for.  Is it
       something you ever actually saw in your own experience?
   A.  I think so but I can't be certain.
   Q.  Very good.  And you say a workaround established.  What
       was the workaround?
   A.  You basically had -- the net result of this would be
       that because the system wasn't able to differentiate
       which organisation the money would go to, it could have
       gone to the wrong one.  So we could monitor the systems
       processing this data, pick it up and then by examining
       the actual reference data we could see which
       organisation it should go to and then we could make sure
       it went to the right one.
   Q.  So is that what happened, the SSC set up a system --
   A.  Yes.
   Q.  -- to monitor where these problems might be occurring?
   A.  Yes.
   Q.  And fix them when they did?
   A.  Yes.
   Q.  I'm grateful.  And presumably you would go back and look
       in the past to see if it happened in the past, to deal
       with it in that situation as well?
   A.  Yes.
   Q.  But even before that had happened though, this wouldn't
       have an effect on any branch accounts, would it?  It
       wouldn't affect the net position on any branch accounts?
   A.  No.
   MR DE GARR ROBINSON:  My Lord, I see the time.
   MR JUSTICE FRASER:  Do you want a break?
   MR DE GARR ROBINSON:  I'm not going as quickly as I expected
       and I need to tighten up.
   MR JUSTICE FRASER:  Sure.  So we will come back at 5 to.
       Are you going to go into the afternoon with Mr Roll?
   MR DE GARR ROBINSON:  Most certainly.
   MR JUSTICE FRASER:  And then you have just got Mr Henderson.
   MR DE GARR ROBINSON:  Yes, and we are not allowed more than
       an hour with him anyway.
   MR JUSTICE FRASER:  No, I rechecked my transcript of that.
       I said that I was imposing that limit to make it clear
       you didn't need to put everything to him but you could
       have longer than that if you wanted.
   MR DE GARR ROBINSON:  I wish I hadn't said it, my Lord,
       because you are quite right and I really ought to be
       careful about my mouth.
   MR JUSTICE FRASER:  No -- I have just been asked for the
       short break for the shorthand writers but we were
       I think 30 seconds ahead of that.
           Same form as yesterday: don't chat to anyone about
       your evidence.
   (11.46 am)
                          (Short Break)
   (11.58 am)
   MR DE GARR ROBINSON:  Mr Roll, I'm going to try to deal with
       some evidence that you give about the recovery process
       as quickly as I can.  If I could ask you to go to
       paragraph 11 of your second statement {E1/10/4}.  We are
       in the same section of your witness statement that we
       were in before, so this is all under the heading
       "Transactional integrity" and you say:
           "I do recall that problems sometimes arose after
       subpostmasters used the recovery process and that this
       was a not uncommon problem which affected even
       experienced subpostmasters.  This might suggest that
       there was a problem with the recovery process itself, or
       at least that it was not as straightforward as it should
       have been."
           "Might suggest": I don't mean to be discourteous,
       Mr Roll, but that's a mealy-mouthed phrase.  Are you
       positively claiming that in your judgment there was
       a problem with the recovery process?
   A.  No.  There was a possibility but that's all.  It's
       a long time ago and I can't remember what the process
       was now.
   Q.  So you are not suggesting there was a coding bug in the
       software dealing with recovery --
   A.  No.
   Q.  -- which affected branch accounts, are you?
   A.  No.
   Q.  So would it be fair to say -- I use this term
       advisedly -- that in that sentence what you are doing is
       speculating as to the possibility of a problem, you're
       not suggesting that there is likely to be one?
   A.  Yes.
   Q.  Are you suggesting that there were investigations that
       should have been undertaken by the SSC that weren't
       undertaken?
   A.  No, I'm not suggesting that.
   Q.  So why are you even mentioning it, Mr Roll?  I'm
       slightly puzzled.
   A.  It sticks in my memory that there were problems with the
       recovery process that we got involved with that we had
       to try and fix.  At times there were the -- I suppose it
       was either the number that came in or something that
       stuck in my mind about this that made me feel there was
       something that could have been not quite right with it.
   Q.  Are you suggesting -- let me take it in stages.  First
       of all, you are saying problems were reported to the SSC
       by subpostmasters in relation to the recovery process,
       is that right?
   A.  Yes.
   Q.  And you will accept, would you, that whenever those
       problems came in they were investigated?
   A.  Yes.
   Q.  And you will accept, would you, that when they were
       investigating they were investigated thoroughly?
   A.  Yes.
   Q.  And that thorough process, I think you have already
       accepted very helpfully in a prior discussion with me
       that generally speaking, when there is a thorough
       investigation of that sort if there is a problem it's
       likely to be identified?
   A.  Yes.
   Q.  And I infer that it is your evidence that all of those
       investigations you are referring to were unable to find
       any problem with Horizon itself, is that right?
   A.  I don't know if it was ever considered there was
       a problem with Horizon itself.
   Q.  But, Mr Roll, let's just be clear.  When an investigate
       is carried out -- it's a bit like philosophers trying to
       test a theory, you try and find something that disproves
       the theory that you're trying to establish.  In the same
       way, your job at the SSC, when you get a problem in is
       you are looking for something in Horizon that could have
       caused it; that's where you are starting, is that right?
   A.  Yes.
   Q.  Thank you.  And that process was followed whenever there
       were these problems reported into the SSC about the
       reconciliation process, yes?
   A.  Yes.
   Q.  And on each occasion when these investigations were done
       the investigators were unable to find a problem with
       Horizon that was responsible for it, yes?
   A.  Yes.
   Q.  So why do you now suggest that despite all of that,
       there could have been a problem with the recovery
       process in Horizon when you worked there?
   A.  I'm not sure what it is, but I was not happy with the
       way that some of these were dealt with.  But I can't --
       I can't remember why, but I know that at the time there
       was something that made me uneasy about it.
   Q.  So are you suggesting that on every occasion that
       a problem came in, something was reported in in relation
       to reconciliation, you were the one that investigated
       them all?
   A.  Oh, no, I wasn't -- everybody -- it would have been
       farmed out.
   Q.  So are you saying that you knew enough about everybody
       else's investigations to be uncomfortable about the
       investigations your colleagues were doing?
   A.  No.
   Q.  Right, so are you saying that you were uncomfortable
       with the investigations that you did?
   A.  No.
   Q.  So what were you uncomfortable with?
   A.  Sometimes the pressure we were under, the timescales.
       I think that's what it must have been.  Again --
   Q.  So are you suggesting that there was a particular
       timescale issue with respect to reconciliation processes
       that had a particular application to reconciliation
       problems that didn't apply to other problems that you
       were investigating in Horizon?
   A.  All I can remember is that I felt uneasy about
       something, about this process, but I can't tell you why,
       so ...
   Q.  My attention has been drawn to the fact that on a number
       of occasions I have talked about reconciliation when
       I should have been talking about recovery, I do
       apologise, but I think we have understood what I'm
       talking about.
   A.  Yes.
   Q.  I apologise.
           Well, let's just go quickly.  In principle, when
       a system goes down when a transaction is being done at
       the counter, either because the system itself has gone
       down or there is a power outage at the branch or
       whatever the reason might be, there's always going to be
       a possibility that some transactions being undertaken at
       the counter may not have reached the Horizon accounts of
       that branch when the system goes down, is that right?
   A.  Yes.
   Q.  Because, for example, there's an outage before the stack
       has actually been settled by pressing the button that
       enters the stack into the branch's accounts, yes?
   A.  Yes.
   Q.  And that's inevitable.  You can't design a system which
       doesn't have that problem, it's an inevitable part of
       a system design where there's a possibility that crashes
       may happen mid-transaction, yes?
   A.  Yes.
   Q.  So in that situation what do you do to build resilience
       into the system?  Could I suggest to you, Mr Roll, that
       what you do is you build into the system a facility
       which identifies the transactions that were mid-way but
       that didn't actually reach the accounts, that have not
       recovered, yes?
   A.  Yes.
   Q.  And that is the recovery process that we're discussing?
   A.  There is -- I seem to remember there being far more to
       it than that, but ...
   Q.  If you want to elucidate then I don't want to stop you,
       Mr Roll, but I really don't know what you mean.
   A.  I ... I would have included -- there was a lady giving
       evidence yesterday about having to go and find --
       a transaction hadn't gone through, it hadn't been
       recovered.  She was able to find the customer.  I don't
       remember the full story about it.  But she went to the
       bank and she found that -- she was able to find the
       money or to find a paperwork trail to get the money put
       back into her account.  That's all part of the recovery
       process for me, it's not just ... I'm not making myself
       very clear, I'm sorry about this.
   Q.  Well, you are talking about Mrs Burke and in Mrs Burke's
       case what happened, in short, was that the system went
       down before she had entered the transaction into her
       accounts, then when the system came back up again the
       system identified the transactions in relation to which
       there was a problem.  Later on the system identified the
       transactions that had gone through, so there was
       a physical piece of paper identifying the transaction
       that hadn't gone through and she was able to look at
       that physical paper and look at her transaction log and
       see that indeed it had not gone through.
           Now, I would suggest -- I will be suggesting to the
       judge in due course that that's an example of the
       Horizon system doing what it is supposed to do, namely
       to produce some evidence identifying the transaction
       that hasn't actually reached the Horizon accounts.
       Isn't that what the recovery process is designed to do?
   A.  That's I think what it is designed to do, but I think
       what she was trying to point out was that the
       paperwork -- some of the paperwork that she had wasn't
       produced by the Horizon system and --
   Q.  Well, I'm not sure that this is very helpful.
   MR JUSTICE FRASER:  That's just what I was about to say
       actually.  Whatever the Mrs Burke situation was or
       wasn't --
   A.  Sorry.
   MR JUSTICE FRASER:  -- I'm not sure you are necessarily
       going to be able to help me with and I'm not sure,
       Mr De Garr Robinson, that it's necessarily a correct
       question for this witness, other than to say: when you
       were asked about the recovery process and you said that
       you thought there was more to it than that -- do you
       remember that?
   A.  Yes, your Honour.
   MR JUSTICE FRASER:  And then there was a phrase I think
       where you said "I would have included ..." and then it
       appeared to me, if I may say so, that you then got
       distracted talking about Mrs Burke.
           So far as your recollection is when you worked for
       Fujitsu, Mr De Garr Robinson is now going to suggest to
       you I think again, or reput the question, about what the
       recovery process involved and if you think there are
       other steps or other examples of what the recovery
       process either did or ought to have included then you
       can tell me what they are.
   A.  Right.
   MR JUSTICE FRASER:  So, Mr De Garr Robinson, do you want to
       do that.
   MR DE GARR ROBINSON:  I rather think you have actually asked
       the question already --
   MR JUSTICE FRASER:  I would rather you put it, if that's all
       right.
   MR DE GARR ROBINSON:  Mr Roll, as I have explained, the
       recovery process is a form of resiliance designed into
       the system to ensure that if a transaction doesn't reach
       the system, which is always possible because of timing
       issues in the nanoseconds before you press "enter" to
       push the stack into your accounts and so on, the purpose
       of the system is to ensure that the missing transaction,
       the transaction that hasn't reached the branch accounts,
       has been identified, both to the postmaster and indeed
       to Fujitsu, because Fujitsu can see this material in
       their own log.
           Are you saying from your own experience that there
       were any occasions where that did not happen?
   A.  I can't remember.
   Q.  Thank you.
           Then going back to paragraph 11 of your witness
       statement {E1/10/4}, this is a sentence we have already
       been discussing the first part.  You say:
           "This might suggest that there was a problem with
       the recovery process itself ..."
           Then you say:
           "... or at least that it was not as straightforward
       as it should have been."
           Let me repeat my question.  Are you saying from your
       own experience you can recall examples of where the
       recovery process was not as straightforward as it should
       have been?
   A.  No.  My understanding of the recovery process is that it
       should have been -- it should have been able to be dealt
       with at first or second line and if we got involved then
       there was a problem with it.
   Q.  So it's simply the fact that if a subpostmaster was
       insisting there was a glitch or something and in
       circumstances where the first and second line couldn't
       categorically say that it wasn't the result of a glitch,
       it would go to the SSC and you're saying the mere fact
       that that would on occasion go to the SSC is a basis for
       suggesting there's something wrong with the system, is
       that right?
   A.  No.  What I'm saying there is that some of them came
       through to us and then my recollection is that the
       majority of them we would have dealt with and we would
       have found a problem, but that on some times we couldn't
       find a problem and we couldn't identify where there had
       been a problem.
   Q.  Well, could I suggest that another way of putting that
       is that you looked at the symptoms that were complained
       about and you checked -- there was a very thorough
       investigation as to whether Horizon might be responsible
       and as a result of that thorough investigation you
       couldn't figure out a way in which Horizon could have
       been responsible; would that be another way of putting
       what you have just said?
   A.  Yes.
   Q.  Thank you.  Then let's move on to paragraph 12 of your
       statement {E1/10/4}.  You refer to paragraph 167 of
       Dr Worden's report {D3/1/43} where he deals with what he
       calls TCs, that's transaction corrections, that "Post
       Office would soon suspect a software error" and so on
       and you then say:
           "I do not recall Fujitsu carrying out any analysis
       of transaction corrections to try to identify if there
       may be an underlying software error."
           Now, I only want to ask you a couple of questions
       about this, Mr Roll, but why are you talking about
       transaction corrections?  When you worked at Fujitsu
       there was no such thing as a transaction correction, was
       there?
   A.  I don't know, wasn't there?  I ...
   Q.  Do you honestly not remember?
           (Pause).
   A.  No I don't.  There were corrections made ... we made
       corrections to transactions.
   Q.  "Transaction corrections" is a term which refers to
       a message that's sent by Post Office to
       a subpostmaster's branch suggesting that there ought to
       be a change, a transaction entered into their branch to
       change the accounts in some way, that the subpostmaster
       then gets to accept or if he disputes it not to accept
       into his branch accounts.  It's an electronic message
       that goes from Post Office to the branch and it is
       generated usually as a result of quite sophisticated
       reconciliation processes undertaken both by Post Office
       and Fujitsu.
           At the time that you worked for Fujitsu TCs didn't
       exist.  What they had instead were what were called
       error notices and error notices would be sent from
       Post Office to the branch but a similar practice was
       followed.  That's what Dr Worden is talking about.
   A.  Right.
   Q.  Were you not aware of that?
   A.  I wasn't aware that he was talking about those.
   Q.  So you thought he was talking about something different?
   A.  Something completely different.
   Q.  Did you not -- I don't wish to probe into privileged
       matters, but was it not explained to you what he was --
       perhaps I am probing into privileged matters.
   MR JUSTICE FRASER:  Well, you are if you put the question
       that way.
   MR DE GARR ROBINSON:  Yes.
   MR JUSTICE FRASER:  You could say "Did you know 'transaction
       corrections' was a specific term that had a specific
       meaning in Horizon?"
   A.  I didn't know they had that specific term -- meaning.
   MR DE GARR ROBINSON:  Well, here Dr Worden is talking about
       TCs.  Was it not necessary for you to be told what TCs
       were?
   A.  I misinterpreted the term "transaction corrections".
   Q.  TCs were actually identified, they were defined in
       Dr Worden's report.  Did you read the definition?
   A.  No.
   Q.  It does look as if you are making quite a convenient
       claim on the basis of -- well, I don't understand the
       basis upon which you are making it.  What did you think
       Dr Worden was talking about when he talked about TCs?
   A.  We corrected transactions -- it was part of our job, if
       you like -- on the message stores at times.
   Q.  Oh, you are talking about transaction insertions that
       were undertaken by -- that's what you thought --
   A.  That's what I --
   Q.  -- Dr Worden was talking about?
   A.  That's what I misinterpreted there, yes.
   MR JUSTICE FRASER:  I wonder if you could possibly finish
       your sentences.  Mr De Garr Robinson isn't interrupting
       you but you will often start a sentence, stop it, and
       then start another one.  If you could just answer in
       complete sentences it would help enormously.
           Right, Mr De Garr Robinson.
   MR DE GARR ROBINSON:  I'm sorry, would your Lordship give me
       a moment.
           (Pause).
           My Lord, I will move on.  I don't think this is
       going to be a productive line of cross-examination
       bearing in mind I hadn't prepared for it in that way.
           Let's stay with your second statement, Mr Roll, and
       go to paragraph 19 {E1/10/6}.  Perhaps I could ask you
       to simply read the paragraph to save time.
           (Pause).
   A.  Yes.
   Q.  You say at the end of the paragraph:
           "... generally this was a developing area, so
       generally if the SSC found something that should have
       been picked up by the system we notified the developers
       so they could fix the software, so it did incrementally
       improve over time.  However, sometimes the decision was
       taken that the chances of the unexpected error happening
       again were too remote to merit a development/fix.  In
       this case the developers would be instructed not to work
       on a fix."
           Were you involved in these cases?  So do you have
       personal experience of these cases?
   A.  I think I had experience in one or two where we found
       a problem but it was deemed -- it was one that could be
       easily monitored and checked out for by writing a small
       bit of code and that was -- it was easier to do the
       workaround than it was to do the software fix, so that's
       what we did.  There is a bit of a syntax error where it
       should have read instead of "instructed not to" it would
       be "not be instructed" to work on the fix.  They
       wouldn't be told not to do it.
   Q.  I see.  First of all, you are not talking about
       a decision not to do a software fix or a coding fix for
       bugs causing an impact in branch accounts; we're not
       talking about that kind of problem at all, are we?
   A.  It would be a ... no, it's not an error that the
       postmaster would have been aware of.  It wouldn't have
       affected his accounts.
   Q.  So you are talking about problems that didn't affect
       branch accounts.  You have said one or two cases.  Could
       you describe either of them or both of them?
   A.  No, I couldn't, just the recollection --
   Q.  Could you give some indication of the nature of the
       problem?
   A.  I can't even give you that, I'm afraid.
   Q.  Well, could you give some indication of the process that
       was gone through to decide what the appropriate response
       was, whether there should be a workaround or a fix?
   A.  Well, the -- we would find out what the problem was,
       what the impact was, how easy it was to find the problem
       and then that information would be passed on up the
       management chain for them to decide whether it warranted
       a software fix to be developed and released, or whether
       it would be faster and as reliable to put a workaround
       in place rather than a fix.
   Q.  And what's the nature of the workaround you're talking
       about?  You're talking about some facility built into
       the system which would pick up when this thing
       happened --
   A.  Yes.
   Q.  -- and made sure it was made good?
   A.  Yes, it could be corrected at -- when it was picked up
       rather than writing software to make sure it didn't
       happen in the first place.
   Q.  But you're talking about something within the system, so
       the system would automatically monitor for these
       occasions --
   A.  Yes.
   Q.  -- and make sure that they were fixed more or less
       automatically, is that what you mean?
   A.  Yes.
   Q.  Thank you.  So really what you're talking about is
       a debate between how best to fix a problem, do you do it
       by way of some kind of change of coding so that the
       problem never arises, or do you do it by way of change
       of coding to ensure that when the problem does arise it
       is immediately fixed; would that be fair?
   A.  Yes.
   Q.  Thank you.
   MR JUSTICE FRASER:  And in either situation is the code
       changed?
   A.  The underlying code -- in the first situation where you
       directly change the code so that the problem doesn't
       arise, that is when the code would be changed for -- on
       the Horizon system, but in the second scenario then no,
       the code for the Horizon system need not necessarily be
       changed, but something running on one of the servers --
       you could write a small batch programme that would be
       supplementary to the code.
   MR JUSTICE FRASER:  All right.
           Mr De Garr Robinson.
   MR DE GARR ROBINSON:  Thank you.
           I would like to move on to paragraph 16 of your
       statement {E1/10/5}.  You say:
           "In my first statement, I refer to the pressure that
       the SSC team and Fujitsu were under generally due to an
       awareness of the financial penalties imposed by the
       service level agreements between Post Office and
       Fujitsu ... I believe that although individual penalties
       were quite modest, when applied across multiple
       counters/post offices the cumulative figures involved
       were very high, potentially amounting to tens of
       millions or more.  I disagree with Stephen Parker's
       statement that these potential financial penalties were
       not a factor for the SSC ... as we were aware of them
       and often commented on them, eg 'That's saved Fujitsu
       another 25 million'."
           So I'm now going to ask you some questions about
       this general issue.  Could we first of all go to
       Mr Parker's first witness statement, that's at
       {E2/11/12}.  He starts by saying in paragraph 43:
           "Mr Roll refers to a 'perception … that the Service
       Level Agreements between Post Office Ltd and Fujitsu
       involved financial penalties payable by Fujitsu to Post
       Office' (paragraph 12).  I am aware that there were
       Service Level Agreements for issues such as stuck
       transactions (Fujitsu had 10 days to retrieve
       transactions that had not replicated from a counter)."
           Stopping there, Mr Roll, did you know that?
   A.  I couldn't remember the timescale for that.  But I knew
       there was a timescale to get them off and sent across.
   Q.  He then says:
           "It is quite normal for contracts such as the one
       between Fujitsu and Post Office relating to Horizon to
       have such agreements."
   A.  Yes.
   Q.  Would you agree with that?
   A.  Yes.
   Q.  "The same level of diligence was (and is) applied to all
       incidents, whether an SLA was relevant or not."
           That's Mr Parker's evidence.  Do you disagree with
       it?
   A.  No.
   Q.  And then he says:
           "The possibility of financial penalties was never
       a factor for the SSC."
           Would you accept that?
   A.  I don't see that as a yes or no answer I'm afraid.
       There were SLAs for the harvesting of batch transactions
       from the correspondence servers which I think it was
       supposed to get from the correspondence server to the
       bank within three days or something.  Now, we were aware
       that if the harvesters failed for a couple of nights in
       a row then you would have a huge backlog of transactions
       which you were then -- we were aware that Fujitsu was
       facing or could potentially have faced penalties for not
       getting those transactions through in time.
   Q.  Right.
   A.  So there was perhaps -- we were aware -- I wasn't
       involved in the work of getting those transactions
       through, that was not my area of technical ability, or
       whatever.  So -- but there was the awareness that
       certainly if we managed to get them through in time then
       we would save Fujitsu a lot of money.
   Q.  So that's the £25 million reference --
   A.  That was an example, yes.
   Q.  -- that you give.
           So let me get this straight, because there's
       a danger of a false impression being given by your
       evidence, both in paragraph 12 of your first statement
       {E1/7/2} and indeed in the paragraph of your second
       statement we have just read out.  You are not talking,
       are you, about pressures on the process by which
       problems being reported in to the third line of support
       would be investigated, that could affect branch
       accounts; you're not talking about those things at all?
   A.  They -- they were also -- we were aware of the penalties
       for those but not to -- the pressure wasn't as great for
       those.
   Q.  What penalties were you aware of in relation to problems
       coming into the SSC?
   A.  The problems regarding the counters coming into the SSC
       you're thinking of now, or ...?  Because these other
       problems for the servers, the harvesters, they would
       come into the SSC as well.
   Q.  But those problems won't have any impact -- I'm sorry,
       I'm being slightly unfair to you, Mr Roll.  This entire
       extraordinary trial process that we're engaging in --
   A.  Sorry, yes.
   Q.  -- is about whether branch accounts generated by Horizon
       were accurate or not, or reliable or not.
   MR JUSTICE FRASER:  Why is it an extraordinary trial
       process?
   MR DE GARR ROBINSON:  Because it's so large and I don't mean
       that in any critical way.  I probably shouldn't have
       used that word.
   MR JUSTICE FRASER:  The group litigation.
   MR DE GARR ROBINSON:  Yes.  In my experience it is unusual.
       This is my first GLO, your Lordship may have noticed.
           So my concern is the process by which the work that
       was done in the SSC to investigate problems with Horizon
       that might have had an impact on branch accounts.
   A.  Mm-hm.
   Q.  And it's fair to say that's the concern of most of the
       people sitting in this court today.  And so when one
       reads your witness statement, one's natural reaction --
       and I don't mean this as a criticism, but one's natural
       reaction is to think that that's what you are talking
       about.  The impression that I'm getting from what you
       are saying now though is that you are not saying that
       the service level agreements, which may have had targets
       for harvesting data for banks and so on and so forth,
       you're not saying that those service level agreements
       created a perception within the SSC which caused people
       in the SSC to think that when they were investigating
       problems that might have an impact on branch accounts,
       they would have to do a quick job and not do a proper
       job?
           That's an extraordinarily long question and if you
       would like me to make it shorter I'm happy to do so but
       if you've got my point then I would invite you to answer
       it.
   A.  From my recollection there was pressure if you
       weren't -- if you couldn't pinpoint the fault in the
       counter, the problem with the data, whatever, then there
       was -- you know, there was the -- there was pressure put
       on you, you were asked "How was it going?  We need
       an answer", which was a degree of pressure.
   Q.  Well, you use the phrase "there was a perception", you
       use the impersonal.  One often sees that phrase used.
       Are you saying that you, Mr Roll, physically were aware
       that there was an SLA that had the effect that the SSC
       couldn't or shouldn't properly investigate any bugs that
       might affect branch accounts?
   A.  We were aware that there was an SLA and that we had to
       investigate within the timescale.
   Q.  And was there a perception -- because I'm going to
       suggest to you that there wasn't, Mr Roll -- was there
       a perception that this SLA of which you were aware meant
       that you couldn't do your job properly?
   A.  I felt that that might be the case in some areas.
   Q.  You felt that it might -- this is -- how strong and
       accurate is your recollection of all of this?
   A.  Vague.
   Q.  I see.  Well, let's --
   A.  And this is another -- sorry.
   Q.  No, I think it was me talking over you, Mr Roll.
   A.  This is another one of those things where I had
       a feeling that things weren't right, but --
   Q.  But it's difficult at this remove in time to put your
       finger on it?
   A.  Yes.
   Q.  Well, let me continue with paragraph 44 of Mr Parker's
       statement {E2/11/12}:
           "I do not understand what Mr Roll means when he says
       that 'any discrepancy in the Post Office accounts had to
       be resolved speedily' ... there was (and is) a process
       run by the management support unit ..."
           Do you remember the MSU?
   A.  Now you mention the term, I do remember the term.
   Q.  But nothing else?
   A.  No.
   Q.  "... which involves examination of various system
       reporting and may result in business incident management
       service ... entries going to Post Office."
           Was that true?  Is that in your recollection?
   A.  I don't remember.
   Q.  "An incident may also be raised by MSU with the SSC to
       provide support to the MSU in resolution of the BIMS."
           But you probably can't comment on that either.
           What he is talking about here is various systems
       reporting.  It may be consistent with what you were
       talking about before about harvesting.  He is not
       talking though about the identification and fixing of
       coding issues in Horizon that might impact on branch
       accounts.
   A.  Mm-hm.
   Q.  Are you aware of any case where there was a contractual
       pressure on Fujitsu to speed up that process or to deal
       with that process in a given space of time?
   A.  I don't remember any specific details, no.  I don't, no.
   Q.  Then he says:
           "These are subject to service level agreements and
       Mr Roll may be referring to this process.  However, if
       Mr Roll is suggesting that Fujitsu routinely rushed out
       fixes or work-arounds due to SLA time pressure, that is
       not the case."
           Mr Roll, I would like to give you an opportunity to
       say that you are not suggesting that.
   A.  Which paragraph are we looking at now?
   Q.  Paragraph 44, last three sentences.  It's the sentence
       beginning:
           "However, if Mr Roll is suggesting that Fujitsu
       routinely rushed out fixes or work-arounds due to SLA
       time pressure, that is not the case."
           I'm inviting to you say that you are not suggesting
       that this is the case.
   A.  I would agree with what Mr Parker has put here, yes, and
       it is wrong to suggest that they were not done properly
       because of SLAs.
   Q.  Thank you.
           Then would you also agree with what he says in the
       next sentence, "fixes would be expedited based on
       service impact"?
   A.  Yes.
   Q.  And would you agree that "it would be quite wrong to
       suggest that they were not done properly because of any
       SLAs"?
   A.  No, the fixes would be done properly.
   Q.  Thank you.
           Then if we could go back to your second statement,
       paragraph 15, it's {E1/10/5}.  To save time could I ask
       you simply to read paragraph 15 please.
           (Pause).
   A.  Yes.
   Q.  First of all, you say:
           "The test team felt they were under enormous
       pressure to complete the testing within certain
       timescales which negatively affected the test regime."
           That's quite a bold claim.  The testing wasn't your
       team, was it?
   A.  No, they were on the same floor as us, some of them.
   Q.  So you're talking about your recollection of -- would it
       be fair to say office gossip?
   A.  Yes.
   Q.  From 15 or 19 years ago?
   A.  Yes.
   Q.  How many conversations of this sort did you have during
       your time at Fujitsu?
   A.  I don't recall.
   Q.  Was it a view that was expressed by the entire test team
       on a regular basis, or was it something that was said to
       you by one or two people a couple of times?
   A.  My recollection is that the majority of the team felt
       pressured.
   Q.  The majority of the team felt pressure.  What did they
       say about this pressure?  What did it make them do?
   A.  I can't remember.
   Q.  Budget restrictions, you refer to them in paragraph 15.
       What did you know about Fujitsu's budgets, Mr Roll?
   A.  ICL were bought out or taken over by Fujitsu and at the
       same time an American company was taken over as well.
       ICL were not, from my recollection, were not very
       profitable at the time and nor were the American
       company, so shortly afterwards when Fujitsu couldn't
       turn them around they were merged into Fujitsu.  There
       were lots of redundancies.  My recollection is that the
       Horizon project, which I seem to remember had originally
       been a joint DSS project but they had backed out, the
       Post Office went with it on their own, my recollection
       is that Horizon was the only profitable part of Fujitsu
       at the time.
   Q.  And consistently with Horizon being profitable, there
       were no redundancies in the SSC when the takeover
       happened, were there?
   A.  No.  I think one or two people were a bit worried there
       might have been, but there weren't.  There were
       redundancies in the test team from what I remember.
   Q.  There were redundancies in the test team?  I'm not in
       a position to deal with that point now.
   MR JUSTICE FRASER:  What year are we talking?
   A.  2002 maybe.
   MR DE GARR ROBINSON:  Could I just advance some general
       propositions and see if you will agree with me.
           Isn't it the case that Fujitsu had every incentive
       to make the support operation work, to minimise the
       problems requiring changes and to minimise the problems
       requiring fixes down the line; wouldn't that be right?
   A.  Yes.
   Q.  It would be more expensive in the long-run for a company
       such as Fujitsu to do the support work badly than it
       would be to do it properly, wouldn't it?
   A.  Yes.
   Q.  That's a statement of the obvious.
           And the £25 million that you referred to, that
       was -- bearing in mind the focus that this trial has,
       that has no bearing on the kind of transactions that
       we're talking about, does it?
   A.  No, that was the servers and the batch transactions.
   Q.  Okay.  If we could just move on to Mr Parker's second
       witness statement at paragraph 24 at page 7 {E2/12/7}.
       I would like to suggest to you -- I'm going to read out
       passages and invite you to agree or disagree, Mr Roll.
       At paragraph 25 {E2/12/8} he refers to paragraph 16
       {E1/10/5} which we have been looking at from your
       statement:
           "At paragraph 43 of my first witness statement
       I explained that the possibility of financial penalties
       or service level agreement breach was never a factor
       which affected the diligence with which SSC would
       investigate an issue."
           I have already put that to you:
           "By way of further explanation ..."
           Then he talks about schedule 15 to the service level
       targets for Horizon services and perhaps I could invite
       you to read paragraph 25.1 to yourself.
           (Pause).
   A.  Yes.
   Q.  At the time had you ever seen this document?
   A.  No.
   Q.  Were you aware of what was in it?
   A.  Not directly, no.
   Q.  Then he says:
           "There were no specific financial penalties relating
       to the SSC processing of incidents."
           And then he quotes some text from the service
       description.
           Did you know that at the time?
   A.  No.  This is the 2005 version, is it, 30 November 2005.
       Is this -- was this -- is this the same as when I was
       there in 2004?
   Q.  I believe so, yes.  Mr Parker is nodding at me.
   A.  Right.  My recollection is that incident processing,
       some incidents weren't subject to SLAs but the ones
       I have already mentioned, the harvesters, were, and that
       some of the financial data from the counters --
   Q.  But not incidents of the sort that this trial is
       concerned with, perhaps I could ask you that.  You
       weren't aware that there were any --
   A.  No.
   Q.  -- SLA targets which related to the incidents with which
       we are concerned in this trial?
   A.  No.
   Q.  Thank you.  Then I can skip over paragraph 25.  Let me
       finish with 25.4 {E2/12/9}:
           "The SSC had operational targets to turn incidents
       around based on an order of priority.  As explained in
       paragraph 22 above, if an issue was causing a financial
       impact in a branch's accounts, it would be treated as
       high priority ..."
           Stopping there, Mr Roll, would you agree with that?
   A.  Yes.
   Q.  "... and high impact by SSC."
           Would you agree with that, it would be treated as
       high impact?
   A.  Yes.
   Q.  "However, any increase in priority would not adversely
       impact the diligence with which work was done."
           Do you agree with that?
   A.  I still feel that some work was rushed.  I can't tell
       you why, but I feel that.
   Q.  Very good and I won't -- I don't wish to discuss your
       feelings on the point any more than we have already.
           Let's just talk briefly about getting fixes out.
       If I could go to paragraph 13 of your first statement
       please {E1/7/2} and again to save time let me just ask
       you to read that paragraph.
   A.  Sorry, which paragraph is that?
   Q.  Paragraph 13 at the bottom of the page.
   A.  13, thank you very much.
           (Pause).
           Yes.
   Q.  First of all, the need for multiple upgrades, that's
       normal in any IT infrastructure of this sort, isn't it?
   A.  Yes.
   Q.  The fact that there were a limited number of time
       windows, that's also normal for any large IT
       infrastructure of this sort?
   A.  Yes.
   Q.  These things are unavoidable given the scale of the
       Horizon system, aren't they?
   A.  Yes.
   Q.  Then you say:
           "... there could be six weeks delay before a fix
       could go out, and during that period Post Office
       branches could continue to be affected by the coding
       issue."
           But you would accept, wouldn't you, that if there
       was an urgent fix dealing with a high priority, high
       impact problem, that would generally be treated as an
       urgent matter requiring a hot fix; would you agree with
       that?
   A.  Yes.
   Q.  Urgent fixes were expedited, weren't they?
   A.  Probably within two or three days from what I remember.
   Q.  And that's just normal -- what you are describing
       here -- the impression might not be coming through from
       paragraph 13, but actually what you are describing is
       the normal operation of proper risk management process
       in a commercial business, isn't it?
   A.  Yes.
   Q.  Thank you.  And then you say:
           "... there could be six weeks delay before a fix
       could go out, and during that period Post Office
       branches could continue to be affected by the coding
       issue."
           Let me just make it clear, Mr Roll, if you had
       identified a coding issue that was affecting branches
       and if there was a period of time between identifying
       the problem and getting it fixed, however long that time
       was, Fujitsu had in place a mechanism by which all the
       branches that would pop up being affected by that
       problem would be identified; that's right, isn't it?
   A.  Over time, yes.
   Q.  So the fact that there was a gulf in time, however big
       or small the gulf might be, between spotting the problem
       and getting a fix released onto the entire network,
       regardless of how long that period of time was, the
       postmasters that would be affected by the problem in the
       meantime would be identified so that they could be
       sorted out; would you agree with that?
   A.  Yes.
   Q.  Thank you.  Then you say:
           "I also recall situations where software developers
       worked on a coding fix which was then sent out, however
       the bug reappeared several weeks later because, it
       seemed, the IT team responsible for developing upgrades
       had been working on an older version of the
       software ..."
           Mr Roll, I don't know what you are referring to.
       Are you seriously suggesting that there were times when
       the development team would actually be looking at
       a historical version of the Horizon software?
   A.  Yes.
   Q.  Really?
   A.  Yes.
   Q.  How is it that happened, can you explain?
   A.  My understanding of this was that the development team
       had the current version of software and they were
       working on that, a bug -- a coding bug was then
       identified, a hot fix was written and sent out, but it
       wasn't implemented onto the code that the developers
       were using, so six months later when this new batch of
       code went out it overwrote the hot fix that had been
       sent out, so then the hot fix had to be re-applied.
   Q.  Oh, I see, so you are not suggesting that the team would
       be working on an already historical version of Horizon,
       what you're talking about is regression, you're talking
       about a later update undoing the good things that was
       done by an earlier update?
   A.  Yes.
   Q.  I see, thank you.  That did happen but it was very rare,
       wasn't it?
   A.  It was rare but it did happen.
   Q.  Very good.
           I would like to ask you now about hardware failures.
       Could we go back to your first witness statement please,
       paragraph 14 {E1/7/3}.  I'm sorry, you haven't got there
       yet.
   A.  Paragraph?
   Q.  Paragraph 14, page 3.  It is only a sentence:
           "As well as software issues, I can also recall that
       there were regular IT hardware issues at branch level."
           What kind of issues are we talking about, Mr Roll?
   A.  I'm sorry, I still haven't found the page.
       Paragraph 14?
   Q.  Paragraph 14.
   MR JUSTICE FRASER:  You are in the wrong statement.  We're
       in your first statement.
   MR DE GARR ROBINSON:  It is your first witness statement,
       Mr Roll.
   MR JUSTICE FRASER:  It doesn't have any red on it.
   A.  I'm sorry.
           (Pause).
           Yes.
   MR DE GARR ROBINSON:  What kind of issues are you talking
       about?
   A.  Hardware issues could have been keyboard failure, or
       a hard drive failure.  "Software" here I mean --
   Q.  I don't need to ask you about that otherwise we will be
       here forever and it is not your fault, I just ...
           So you're talking about those kind of issues and you
       say "regular".  Later on in your second statement you
       say that you personally received one of these about once
       a month, yes?
   A.  That's what I was thinking, yes, when I ...
   Q.  And would that be reflective of what other people at
       your level of seniority in the SSC team were also
       receiving?
   A.  I don't know.
   Q.  You don't know.  I was going to take you to numbers, but
       I won't.  Let me move on instead to your second witness
       statement, the one with red in it.  It is E1, tab 10 and
       I would like to ask you a couple of questions about
       paragraph 6 {E1/10/2}.  This is all under the heading
       "Hardware failure".  It is on page 7.
           You talk about hardware failures in paragraph 5 and
       you say:
           "I would estimate that I was involved with
       a hardware failure on average at least once a month.
       These problems could and did affect branch accounts."
           How would they affect branch accounts?
   A.  I can't remember.
   Q.  Then you give an example:
           "The most extreme case that I can recall was
       a complete failure of a counter to communicate with the
       server, which required the server to be removed to the
       SSC so that the data could be recovered, and
       a replacement counter installed in the sub-post office.
       Prior to the problem being identified, data could be
       accumulating on the counter without it being replicated
       to other counters or the correspondence server."
           This is something you experienced personally, is it?
   A.  Yes.
   Q.  And do I infer from your use of language that this
       happened to you once?
   A.  I remember one specific instance fairly clearly when it
       happened.
   Q.  Do you remember any other instances?  Can you say for
       sure that there were any other instances?
   A.  No.
   Q.  So it may well be that this happened only once in your
       four years at the SSC, is that right?
   A.  For me, yes.
   Q.  You are talking about stuck transactions, aren't you,
       what we saw on a PEAK yesterday, marooned transactions,
       yes?
   A.  In this instance because the counter couldn't
       communicate at all, well, yes, they were marooned
       transactions.  It was just very difficult to get them
       off.
   Q.  And the way to get them out was to move the machine from
       the branch to the SSC so that it could be downloaded, is
       that right?
   A.  Very briefly, yes.
   Q.  You say -- it is a phrase in paragraph 6 I would just
       like to ask about.  You say:
           "Prior to the problem being identified, data could
       be accumulating ..."
           Why do you say could be rather than was?  Was it not
       clear whether that was happening or not?
   A.  Sometimes you may not have been aware -- if the counter
       hadn't been switched on for a while then data might not
       be actually accumulating, there might not be any stuck
       transactions on it.
   Q.  When there is a stuck transaction on a machine, that is
       something that's going to get identified as night
       follows day, isn't it, and spotted?
   A.  Eventually, yes.
   Q.  It's not something that's going to be missed and just
       allowed to lie there?  Fujitsu itself --
   A.  It would be spotted.
   Q.  Fujitsu itself would spot that this was happening?
   A.  Eventually, yes.
   Q.  From its own monitoring, yes?
   A.  Yes.
   Q.  So that's one example of a hardware failure that could
       affect branch accounts because a transaction is stuck on
       a machine and isn't getting through to the system and
       the truth of the matter is that was in an extreme case
       that was very rare, yes?
   A.  Yes.
   Q.  And when it did happen it would be spotted and it would
       be fixed in the way that you described, yes?
   A.  Yes.
   Q.  Then in paragraph 7 you say:
           "I recall there were also PIN pad problems which
       caused issues in branches, and problems with other
       peripheral devices such as keyboards which only occurred
       intermittently, although I cannot recall the specific
       detail of these now."
           Can I just get this out of the way quickly now.
       PIN pad problems, those are not problems which could
       affect branch accounts, are they?
   A.  I don't recall what the problems were with them or how
       they affected the system.
   Q.  And problems with other peripheral devices such as
       keyboards, they wouldn't affect the branch accounts,
       would they?
   A.  Probably not, no.
   Q.  And then you come to paragraph 8 which I think is the
       example that you tried to give earlier when we were
       discussing -- and let's see if we can finish this off
       before lunchtime.  Could I ask you to read paragraph 8
       please, Mr Roll.
           (Pause).
   A.  Yes.
   Q.  So you are describing there a problem that was
       spotted -- it's the kind of problem that's always
       ultimately going to be spotted, isn't it?
   A.  This particular problem, no, it -- I don't think any of
       the other counters that were affected had the problem,
       because most postmasters don't bother turning the screen
       off, to save the screen, it's ... so ...
   Q.  So you're saying it's very rare?
   A.  It's very rare that it would have been spotted.
   Q.  And it's to do with a mobile post office which makes it
       even rarer --
   A.  Yes.
   Q.  -- because they are a tiny proportion of the branch
       network, yes?
   A.  Yes.
   Q.  So we're talking about a tiny, tiny incidence, a tiny
       problem, but my question wasn't about how frequent it
       was, my question was it's a problem when it does arise
       that's always going to be spotted?
   A.  I don't know if it would always be spotted.  If it
       was -- caused a problem at one point then it might be
       that it would be 24 hours before the system fixed
       itself, in which case it might not actually --
   Q.  I see.  So if the problem caused a persistent failure to
       replicate, that is a problem that --
   A.  Yes.
   Q.  -- was always going to be spotted?
   A.  Yes.
   Q.  So when you say it wouldn't necessarily be spotted,
       that's because the system itself might deal with it
       appropriately?
   A.  Yes.
   Q.  But if it didn't, it was always going to be spotted?
   A.  Yes.
   Q.  Very good.  And in this particular case the problem was
       spotted and the data was replicated, yes?
   A.  Yes.
   Q.  And again, that would always be the position,
       wouldn't it: once the problem is spotted this is very
       easy to deal with?
   A.  In this case, yes.
   Q.  Well, in all cases of this sort, yes?
   A.  Yes.
   Q.  Thank you.
           Then Mr Parker deals with that in paragraph 7 of his
       second statement, that's {E2/12/3}.  Could I ask you to
       read paragraph 7 to yourself.  It is quite long.
           (Pause).
   A.  Yes.
   Q.  Have you read that paragraph before?
   A.  Yes.
   Q.  And have you looked at the PEAKs that Mr Parker refers
       to?
   A.  Yes.
   Q.  And are those the PEAKs that actually describe the case
       that you are talking about?
   A.  Yes.
   Q.  Very good.  The well, let's have a quick look at those
       PEAKs.  The first one is at {F/197}.  So this is
       PC0100174.  It happened on 4 March 2014 and the summary
       says "Kit rebooting itself for no apparent ..."
           And I think it must mean "reason".  And you will see
       from the bottom of the first large paragraph:
           "Information: contacted SSC and spoke to
       Richard Roll."
           So you are the contact man for this and later on
       down the page, three boxes up from the bottom,
       1 March 2014 at 16.56 and 40 seconds, Barbara Longley
       assigns this to you.
           If we go over the page {F/197/2} there's
       a description of the problem.  Perhaps we can pick it up
       at 5 March at 10.50, about nearly halfway down the page:
           "Evidence (from event logs) shows that the power is
       being switched off every morning shortly (ie 5 or 6
       minutes) before the [postmaster] logs on."
           So that was the problem?
   A.  Yes.
   Q.  Then if we go three boxes down, 5 March at 12.09, this
       is you:
           "After carrying out tests on our rigs ..."
           Stopping there, what rigs are you talking about?
   A.  I think we had three mobile test rigs in the -- on our
       floor.
   Q.  So you are not testing the postmaster's equipment, you
       are testing your own equipment, the sample equipment?
   A.  Yes, this was in Scotland I think.
   Q.  So very properly you go and look at the rigs and you
       test them, and you say:
           "I have been able to duplicate the problem here on
       one of our rigs."
           So did you say there were three --
   A.  I tested all three and it only happened on one.
   Q.  "It seems that the screen power button is incorrectly
       connected to the motherboard, operating the power switch
       turns off power to the entire unit, not just the screen.
       We have now identified two instances of this, one in
       live.  This is a hardware build quality issue."
           So you clearly flag this as a hardware issue.
   A.  Yes.
   Q.  And then in the next box it says:
           "Responded to call type L as category 70 - Avoidance
       Action Supplied."
           What did that mean?
   A.  I don't know.
   Q.  Then you say a little further down:
           "Defect cause updated to 42:Gen - Outside Pathway
       Control."
   A.  I don't know.
   Q.  Doesn't it mean that it's a hardware issue that's the
       responsibility of another --
   A.  Probably, yes.
   Q.  -- institution that deals with hardware?
   A.  Probably, yes.
   Q.  If we could then move on there's a second associated
       PEAK, Mr Roll, that's at {F/201/1} --
   MR JUSTICE FRASER:  Is this just a two-page document, this
       one?
   MR DE GARR ROBINSON:  It is four pages.  The last one was
       a two-page document, my Lord, yes.
   MR JUSTICE FRASER:  The last one was.
   MR DE GARR ROBINSON:  I'm so sorry, I didn't understand your
       question.
           Right, this is PC0100899.  This one is dated
       21 March.  The summary refers to the branch and it is
       the same -- you can take it from me, it's the same
       branch number, FAD number.
           The first big box, about four lines down,
       17 March 2004, so that's 12 days after you had spotted
       the problem on one of your three test rigs:
           "SSC request base unit is removed and sent to
       Bracknell for investigation."
           So you asked for the postmaster's mobile laptop to
       be physically removed and brought to you?
   A.  Yes.
   Q.  Then if we move down to the next box, 18 March, 15.55,
       about four lines down:
           "Recommend: base unit (node 1) to be swapped for
       investigation purposes."
           What did that mean?
   A.  Bring it back to Bracknell so we could look at it.
   Q.  Very good.  And about halfway down that same box, if you
       could look at the screen, it says "Recommend" and in
       capitals:
           "PLEASE SWAP MOBILE UNIT AND RETURN TO SANDIE
       BOTHICK FOR PROGRESSION TO SSC."
           Who was Sandie Bothick?
   A.  I can't remember.
   Q.  Then over the page {F/201/2}, on the first big box it
       says, you can take it from me, that the engineer has
       arrived at the site and the unit will not arrive in
       Bracknell until later in the week.  Towards the bottom
       of the page, page 2, 18 March 16.04 Barbara Longley
       assigned it to you.
           Then on page 3 {F/201/3}, 24 March at 2.15 and
       25 seconds it is recorded that you record that the base
       unit is received, do you see that?  It is the
       penultimate box, Mr Roll?
   A.  Yes.
   Q.  And then I would like to then go to the last box on that
       page:
           "Tests carried out on screen power switch - working
       correctly, no further action required."
           So does that -- I mean the impression I get from
       reading this is that although you had found this problem
       on a test rig, in fact it wasn't a problem that was
       affecting the laptop that was used in the
       subpostmaster's branch.  Would that be right or wrong?
   A.  No, it was affecting it.  You didn't necessarily put
       these in, enter the data as it happened, if you like.
       So the base unit would have arrived, I worked on it and
       then I went and -- so I changed the switchover so it
       worked properly and then we put it back into stock and
       then I filled the data in on that.
   Q.  I see.  So we have a batch of faulty laptops and then if
       we go back to paragraph 8 of your witness statement, at
       the bottom of page 7 that's E1, tab 10, page 7, you say:
           "When I raised this with my manager, Mik Peach, he
       initially told me not to do anything until he had spoken
       to someone about this."
           Who would he have spoken to about it?
   A.  I don't know.
   Q.  It would have been the people who were responsible for
       hardware issues, wouldn't it?
   A.  Probably.
   Q.  So you raised the problem with him and he said "Hang on,
       I will just speak to the responsible people", would that
       be a fair way of describing what you are saying?
   A.  Yes.
   Q.  And then you say:
           "Mick did subsequently talk to the hardware team.
       They were responsible for ensuring that ..."
   A.  I'm certain it was them that he spoke to.
   Q.  And then you say:
           "At which point I found out that this was a known
       problem."
           Is that what Mr Peach told you?
   A.  At some point I found out that there were several units
       out there that had been changed.  I'm not sure if it was
       Mik Peach that told me or if somebody else told me from
       the hardware team, I can't remember.
   Q.  Well, it is quite important, bearing in mind the
       impression given at the end of this witness statement.
       Can you really not remember whether Mr Peach was aware
       of this?
   A.  Mr Peach was aware of it at some point, that he knew.
   Q.  And would it be fair to infer that he probably knew
       because he had spoken -- if this is true he would have
       spoken to the hardware team about it?
   A.  Yes.
   Q.  And then you say:
           "No one outside the team responsible for building
       the laptops had been informed of this, which meant that
       I had spent several days investigating the problem."
           Is this why you remember, because you were cross?
   A.  Yes.
   Q.  "Whereas the subpostmistress in this case was provided
       with a replacement laptop, knowledge of this problem was
       kept within the departments concerned and the batch of
       faulty laptops was not recalled."
           Are you saying that there was prior knowledge in the
       hardware team of the problem and the hardware team had
       not recalled the faulty laptops?
   A.  Yes.
   Q.  Is that what you are saying?  And what was your source
       of knowledge for that?
   A.  I was told there were several laptops that had the
       problem on them that had actually gone out into live --
       into the estate.
   Q.  How did the hardware team know that the laptops had
       problems with them given that they had already been
       distributed out?  You're not suggesting that the
       hardware team identified a problem with a laptop and
       then sent it out to branches, are you?
   A.  No, I think what happened is that they suddenly realised
       they made a mistake at some point but by that time
       several had already gone out, so then they were able to
       fix the ones they had ...
   Q.  And you're saying they didn't recall the others.  And do
       you know how many we're talking about?
   A.  No.
   Q.  Could it be two, could it be one?
   A.  It could have been two, it could have been half a dozen.
   Q.  So that's the period leading up to the point when the
       SSC gets involved and you write two PEAKs saying "There
       is faulty hardware here".  Are you in a position to
       say -- or are you claiming that once Mr Peach had spoken
       to the hardware team, that remained the position, that
       the hardware team continued to not recall these units?
   A.  I don't know what happened after that.
   Q.  Isn't it fairly obvious that once someone quite senior
       like Mr Peach from the SSC had spoken to the hardware
       team, the people involved would very quickly have
       thought "Good gracious me, I had better recall these
       outstanding laptops"; would that not be a fair inference
       as to what happened?
   A.  My inference from this was that it was kept in-house and
       as a favour and that: okay, we know it happened, it's
       not going to happen again, it was very limited impact,
       it's having probably no impact on the estate, so it's
       not worth recalling the laptops.
   Q.  You say "inference" and that's a fair word to use
       because it's a word I think I put to you, but you are
       not saying, are you, that you were told by anyone that
       after Mr Peach had told the hardware team of the problem
       that was being encountered, you're not saying that you
       know that the hardware team continued to sit on their
       hands and not call the laptops back?
   A.  Something at the time made me certain that was what was
       going on.
   Q.  Something at the time made you certain?
   A.  Yes.  I don't know why I've got that certainty in my
       mind, but -- and then I was told to put minimal details
       on that last -- the last PINICL.
   MR DE GARR ROBINSON:  My Lord, two more minutes and then we
       break, would your Lordship give me some indulgence?
   MR JUSTICE FRASER:  I will on this occasion give you the two
       minutes.
   MR DE GARR ROBINSON:  I'm grateful.
           This looks as if it might be quite a serious
       allegation.  It is one you have just made by this
       amendment that I received at 10.30 yesterday morning.
   A.  Yes.
   Q.  You say:
           "I was told by Mik Peach not to include any details
       of this when I closed the PINICL."
           Which is the predecessor of PEAKs.  That's
       an extraordinary -- are you suggesting, Mr Roll, that
       the manager of the SSC -- which that's a senior
       position, isn't it?
   A.  Yes.
   Q.  It's a senior management position?
   A.  Yes.
   Q.  That he took the view that the hardware team having done
       this thing that was bad, having allowed bad laptops to
       remain in circulation, he also took the view that the
       hardware team should be protected from any criticism and
       they should be allowed to continue the process under
       which those laptops remained in circulation?
   A.  I've got no idea what view he took, but I was asked --
       or told rather not to put -- not to include too much
       detail in that PINICL.
   Q.  Why?  Did he tell you why?
   A.  I can't remember.
   Q.  What conceivable motive would someone like Mr Peach have
       to affect the record in this extraordinary way?
   A.  The only motive I can think is that if he was friends --
       close friends with another manager on the same level and
       that manager had covered up something in his department
       then Mik Peach out of friendship and as a favour might
       have decided that it wasn't worth -- having passed the
       information on to his manager -- the other manager, it
       was then his responsibility what to do with it.  I got
       the impression nothing was going to be done with it
       because of what I was told, but I might be wrong.
   Q.  Well, Mr Roll, I had thought that when I asked you
       questions about this you would rather retreat from the
       allegation that Mr Peach -- who obviously isn't here to
       defend himself -- did this thing.  Are you saying that
       it is within your knowledge that Mr Peach was a friend
       of the person who was in charge of the hardware team?
   A.  No.
   Q.  So that's speculation?
   A.  That's speculation.
   MR JUSTICE FRASER:  But to be fair to the witness,
       Mr De Garr Robinson, you did put the question what
       conceivable motive might Mr Peach have, which is in any
       case inviting speculation I think.
   MR DE GARR ROBINSON:  That's true.
           But that's all you have, you have no basis for --
   A.  No.
   Q.  No other basis for thinking that Mr Peach would --
   A.  No.
   Q.  The extraordinary thing about this, Mr Roll, is you
       accept, don't you -- and these are my last questions --
       you accept, don't you, that it is not in anyone's
       interests, it's not in the SSC's interests for these
       faulty laptops to remain in circulation; you accept
       that, don't you?
   A.  The only people who would have an interest in this would
       be the person who might be sacked for trying to cover it
       up in the first place.
   Q.  So it is not in the interests of the SSC team that they
       remain in circulation?
   A.  No.
   Q.  It's not in the interests of Fujitsu that they remain in
       circulation?
   A.  No.
   Q.  You say it could be in the interests of the person who
       was responsible for not having pulled them back, but if
       the machines remain out there in circulation, that just
       increases the likelihood of that person ending up being
       sacked, doesn't it?  Isn't it in that person's interests
       to get these damn machines back as quickly as he or she
       can?
   A.  Yes, then that would -- yes, it would be.
   Q.  But you do maintain, do you, that you think that person,
       whoever it was, didn't do that?
   A.  That was the impression I got at the time, yes.
   Q.  The impression from whom?
   A.  I can't remember, but that is how I -- that is what
       I think happened.  You might be right though, you could
       be right there that -- I was I suppose basing my
       presumption, which is what it was basically, on the
       thought that to have to recall the laptops would expose
       the person to, you know, "Why were you recalling them?",
       but as you have just pointed out it would probably have
       been better to recall them and then not have to worry
       about them sitting out there and potentially causing
       a problem later.
   MR JUSTICE FRASER:  Right.  If you are going to pursue this
       any further you can do it at 2.15.  We really have to
       try and finish at 1 for the shorthand writers, really.
       It's not for any personal convenience.
           Right, we are going to come back at quarter past 2.
       You are still in the witness box.  You mustn't talk to
       anyone about your evidence.  And I will see everyone at
       2.15.
   (1.15 pm)
                    (The luncheon adjournment)
   (2.15 pm)
   MR DE GARR ROBINSON:  My Lord, good afternoon.
   MR JUSTICE FRASER:  We have to stop at 4.30.
   MR DE GARR ROBINSON:  I'm conscious of the need to speed.
       I'm going to move on to remote access now, Mr Roll.
           Could I ask you to go to paragraph 15 of your first
       statement which is at {E1/7/3}.  You said:
           "During the course of resolving software issues ..."
           And I asked about software issues.  You said:
           "... we would frequently access a Post Office
       counter IT system remotely.  An example of a relatively
       common problem that arose was when a binary bit would
       'flip' thus a '1' became a '0'."
           I want to ask you what you are talking about when
       you describe that phenomenon and I want to ask you
       whether you are talking about what Mr Parker talks about
       in paragraph 55 of his witness statement, so could we go
       to bundle E2 behind divider 11 please.  It is at page 15
       {E2/11/15} and perhaps I could ask you to read
       paragraph 55 through and stop at the end of 55.4.
           (Pause).
   A.  I have read that page.
   Q.  Very good.  When you are describing what you describe in
       paragraph 15 are you referring to the condition known as
       CRC errors?
   A.  This problem would probably cause -- would cause a CRC
       error.
   Q.  And would Mr Parker be right when he says at the end of
       paragraph 55.1:
           "To clarify, this process did not involve changing
       any transaction data."
           In accordance with the definition we have discussed.
   A.  This error would occur in a line of transaction data.
       Now, every digit, every character in that transaction
       data is made up of bits, binary bits.  So an A --
       I don't remember the full binary code for it, but it
       might be 101010 for instance.  Now, times that could
       flip so it would become 110 or whatever, one of the
       digits would change.  That character would then cease
       becoming an A and might become a non-principal character
       or an ampersand or something.  That would then cause
       a CRC fail because the data wouldn't be -- it wouldn't
       add up.
           To correct that when we detected that what would
       happen at that point is that that message store would
       then stop replicating.  So transactions would then start
       accumulating on the message store after that point.
           We could copy the data that had been -- we could
       copy the message store off that counter intact, from
       what I remember, so we would get all of it off.
   Q.  Yes.
   A.  You could then identify the line that was broken, for
       want after better word, and by looking at it, it was
       quite obvious then which character was wrong, if it
       was -- if it should have been an angle bracket, it was
       something else, so you could then correct that in a text
       editor.  And basically you could then put that
       transaction back in to the message store and then copy
       the rest of the data back on top of it that you had
       taken off, so you have corrected that particular line of
       code.  So in this instance we have rewritten a line of
       code into the message store to correct it.
   Q.  Mr Roll, I want to distinguish now between inserting
       individual transactions into a message store -- which
       you could do and you have read the witness statement so
       you know it is accepted that you could do that.  I want
       to talk though about the process that you appear to have
       describing here.  It's not possible, is it -- if there's
       data on the message store, it's not possible for you to
       gain access to the message store in Riposte and alter
       any line of transaction data?  It's physically
       impossible to do that, isn't it?
   A.  The way I understand it and what I believe is that if
       that data hadn't been replicated, if it was on a single
       server -- sorry, a single counter, if we took that data
       off and deleted some of it, we could possibly then have
       created something else and put it on and then by
       importing it into Riposte it would then have rewritten
       the cyclic redundancy check correctly so it wouldn't
       have flagged an error.
   Q.  Mr Roll, you started by explaining a situation where
       transactions are stuck on a particular counter and they
       are not replicating.
   A.  Yes.
   Q.  The moving of the bit from 1 to 0 is what you could do
       remotely in order to unlock the counter so that the
       replication process would occur as normal?
   A.  Yes, but to do that we would have to delete -- from what
       I remember, we would have to delete the existing data,
       including the broken line of data, and then import the
       data back into the counter, so we were writing code into
       the message store remotely.
   Q.  Mr Roll, I'm asking you about the process by which you
       unlock a counter so that it is able to replicate onto
       other counters.
   A.  Yes.
   Q.  And what I'm suggesting to you is that the process of
       doing that does not involve changing/editing any actual
       transaction data, any -- as we have discussed -- data
       that shows up in the accounts.  That doesn't involve in
       he changing of transaction data at all, does it?
   A.  I'm sorry, I'm -- I think we're talking -- I'm obviously
       not understanding what you're getting at because to me
       what I'm discussing is changing the transaction data.
       I'm at a bit of a loss here.
   MR JUSTICE FRASER:  Well, you are explaining that that's the
       change which happens.
   A.  Yes.
   MR JUSTICE FRASER:  Mr De Garr Robinson is either putting to
       you that that physically can't happen, which I think is
       one of the questions he put, or he is putting questions
       in relation to something else.  So he is just going to
       explore that with you.
   MR DE GARR ROBINSON:  Could you go please to Mr Godeseth's
       witness statement which is in E2 behind divider 1 and
       I would like to go to page 11 please {E2/1/11}.  Perhaps
       we could pick it up at paragraph 35, Mr Roll.  Could you
       read paragraph 35 very quickly and then indicate whether
       you agree with it or not.
           (Pause).
   A.  Yes.
   Q.  And you agree with it?
   A.  Normally that's what was happening, yes, unless
       something had broken.
   Q.  Then if we go to paragraph 37:
           "All accounting at the counter was carried out based
       on the data held in the message store."
           That's right, isn't it?
   A.  I'm just reading it.
   MR JUSTICE FRASER:  Mr De Garr Robinson, I know that you
       have slightly run out of time but you can't really rush
       him too much.
   MR DE GARR ROBINSON:  You are right.
   MR JUSTICE FRASER:  You are putting 12 or 14 lines of text.
       Right, have you read it now?
   A.  Yes.
   MR DE GARR ROBINSON:  So the first sentence is right,
       isn't it?
   A.  I believe so, yes.
   Q.  And the second sentence:
           "The Riposte product managed the message store and
       it did not allow any message to be updated or deleted,
       although it did allow for data to be archived once it
       had reached a sufficient age ..."
   A.  Yes.
   Q.  It is correct, isn't it, that Riposte didn't allow any
       transaction line in the message store to be individually
       deleted or changed or edited in any way?
   A.  You couldn't do it through Riposte, no.  You had to hack
       the system to do it.
   Q.  So would this be right then, that it wouldn't be
       possible to remotely access a counter and change the
       data on the message store of that counter remotely?
   A.  I believe that theoretically it would.
   Q.  How would that be possible?  Riposte wouldn't allow you
       to do it, would it?
   A.  By doing the system that I have just said.  If you
       could -- without the message store replicating, so
       there's no other copies of it, if you could get that
       message store off, alter the data in some of the lines
       of code, to do that you would need to strip out all of
       the preamble and the post-amble, so you're just then
       left with the basic data as if it had been on the stack
       or whatever -- forgive me, I'm very rusty on this -- but
       then by -- I think it was the Riposte import but it
       might have been something else, you could then reinject
       that data which is the process we would have used to
       rebuild a counter.  But if you had changed some of that
       data, I think that it would then have rewritten the CRC
       when it imported it so that then when it replicated, the
       data could theoretically have been changed.
   Q.  I'm finding it difficult to follow you and it may be my
       fault.
   MR JUSTICE FRASER:  I follow what the witness is saying but
       keep exploring it.
   MR DE GARR ROBINSON:  I would like to distinguish though
       between transactions insertions -- the process of
       injecting particular transactions into the message
       store, which could be done, with the process of actually
       manually changing a transaction line that is in the
       message store and you could insert new transactions,
       couldn't you, but what you couldn't do is you couldn't
       edit or indeed individually delete lines that were in
       the message store itself?
   A.  You would have to delete all of the message -- from what
       I remember, delete all of the messages down to a certain
       point to the one you wanted to amend and then inject
       a load more text, or insert more transactions in to make
       the message store and Riposte think that it had been put
       in by Riposte and by the postmaster.
   MR JUSTICE FRASER:  I think you can probably explore this
       with the experts.
   MR DE GARR ROBINSON:  I think I probably should.
           So if we go back to Mr Parker's witness statement
       {E2/11/16}, the process that's described in
       paragraph 55.4, would you agree that -- you have already
       read this paragraph, would you agree with what Mr Parker
       says in --
   MR JUSTICE FRASER:  Wait, it is not on the screen yet.
   MR DE GARR ROBINSON:  E2/11/16.
   MR JUSTICE FRASER:  Page 1 is up but 16 isn't.
           (Pause).
   MR DE GARR ROBINSON:  Paragraph 55.4, you have read this
       already.  Is what Mr Parker says there true?
   A.  In that case, yes, no new data is added, what we have
       done is correct data and put it back in.
   Q.  And paragraph 55, Mr Parker -- you will recall how 55 is
       structured.  Mr Parker is trying to figure out what you
       are talking about and he suggests first of all you might
       be talking about the process that's described in
       paragraphs 55.1 to 55.4 and then he says:
           "Alternatively, Mr Roll's reference to a binary code
       flipping may relate to a configuration item ..."
           And then he goes on, he gives an example of:
           "... a stock unit lock which, in the wrong state,
       would prevent updates to stock units within a branch.
       This issue was corrected by a member of the SSC
       accessing Horizon remotely, but it did not involve
       accessing or editing transaction data in any way or
       re-creating databases."
           Is that true?
   A.  I can't remember that.  I was not referring to that
       process.
   Q.  Very good.  And then Mr Parker says:
           "I cannot think of any other examples of incidents
       that Mr Roll may be referring to in paragraph 15."
           And you are suggesting there is another way, the one
       that you have just described, are you?
   A.  That's the way I remember doing it.
   Q.  Okay.  And you continue -- if we go back to paragraph 15
       of your original statement {E1/7/3} -- would you excuse
       me a moment.
           It is suggested to me that you may be describing
       a process that Mr Parker describes in his second witness
       statement; let me go to that very briefly just to see if
       you are.  {E2/12/12} paragraph 38.2.  Let's read the
       whole of 38 together.  He says:
           "For completeness, in the rare circumstances where
       it was necessary for Fujitsu to rebuild transaction data
       in Legacy Horizon, there were three possible scenarios:
           "[1] when a counter failed and there was a complete
       replication of that counter's transactions elsewhere,
       Fujitsu simply deleted the message (transaction) store
       on the faulty counter and used the standard facilities
       of the Riposte software to rebuild the data from the
       replicated copy.  In this scenario, the branch would be
       unable to use the counter while this process was carried
       out ..."
           Is that correct?
   A.  I think so.
   Q.  You don't have a clear recollection?
   A.  I don't have a clear recollection of that.
   Q.  38.2:
           "Where no replicated copies of the transactions
       existed on the network, Fujitsu would physically
       retrieve the disc from the faulty counter.  The disc
       should hold all of the transactions that had taken place
       on the counter.  At its own office, the SSC would
       extract the transaction data and deliver it to the
       replacement counter without amending that data."
           Stopping there, is that true?
   A.  In some instances, yes.
   Q.  "The SSC would need the subpostmaster's memory card ...
       to decrypt the data.  This was a physical card
       (a subpostmaster had two) and Fujitsu would have to
       borrow one - so the subpostmaster would know what was
       happening."
           Is that true?
   A.  I don't remember the memory cards.  I don't remember
       that process of it.
   MR JUSTICE FRASER:  You might be able to save time by
       jumping to the penultimate sentence of that paragraph.
   MR DE GARR ROBINSON:  If I could do the intermediate ones.
       Next sentence:
           "If Fujitsu were to change anything, it would be to
       remove the envelope around the transaction data.  The
       envelope contains the system admin data ie the sequence
       number of the data and its ID."
   A.  That's what I remember doing, yes.
   Q.  That's what you are talking about?
   A.  That's one of -- yes.
   Q.  And just now when you were describing the process that
       I'm afraid rather confused me, that's what you are
       talking about here?
   A.  Yes, that was one of the steps in it.
   Q.  Thank you.  And then it says:
           "Fujitsu would not change the transaction data
       itself and in removing the envelope data, they would
       simply be allowing the system to automatically renumber
       the transactions when they were reinserted."
           Is that what you are talking about?
   A.  Effectively, yes, but this is where -- if it was that
       transaction data that had the corruption in it then all
       we would do is correct it to put it back to what it
       should have been, so in that instance -- in that effect
       we're not changing the data, we're merely correcting it.
   Q.  Well, my suggestion to you will be that you never and
       would never manually change a transaction line of data
       that a postmaster had keyed in.  That's just not
       something SSC would ever do.
   A.  The process I have just described is something we did,
       as far as I remember it.
           The process of actually changing a line of code to
       change it from £100 to £10, we would never have done
       that.
   Q.  So -- I mean Mr Parker says -- let's go back to this
       sentence:
           "Fujitsu would not change the transaction data
       itself and in removing the envelope data, they would
       simply be allowing the system to automatically renumber
       the transactions when they were reinserted."
           I'm suggesting to you, Mr Roll, that that's the most
       that anyone at the SSC would ever do in terms of
       changing transaction data?
   A.  That's not my recollection of it.  It was a long time
       ago though.
   Q.  And then he says:
           "Ultimately, when the counter was replaced at the
       branch the subpostmaster would be able to see what
       Fujitsu had done."
           Is that true?
   A.  Again, my understanding is that in certain circumstances
       the data would be indistig ... sorry.
   MR JUSTICE FRASER:  Indistinguishable, is that what you are
       trying to say?
   A.  Yes.  Yes, my Lord.
   MR JUSTICE FRASER:  You couldn't tell the difference?
   A.  You couldn't tell the difference.  The postmaster
       wouldn't be able to tell the difference from data that
       he had entered as he was scanning a stamp or whatever
       and to what we had put in.  That's my understanding --
       my recollection.
   MR DE GARR ROBINSON:  Well, I suggest to you, Mr Roll, that
       no one at SSC would ever manually change a line of
       transaction data and then reinsert that transaction data
       into the message store of any branch.  There might be
       occasions when new transactions were inserted, but it
       was more than the job of an SSC member was worth to
       actually start mucking about with lines of existing
       transaction data.
   A.  Can I say that we were not "mucking about" with lines of
       transaction data.  We were trying to rebuild counters.
       If I can take the instance after single-counter
       post office where one of the lines of data had been
       corrupted.  Without correcting that corruption and then
       reinserting it, if the corruption remained then that
       line of data would have continued to cause problems.
   Q.  Well, you have heard the case I have put to you.  Could
       I ask you this -- well, actually, can I please ask you
       to go to E2/13/4, which is the third witness statement
       of Mr Godeseth.  Page 4, paragraph 17.  Perhaps I could
       ask you to read that.
   A.  Sorry, paragraph 17 was this?
   Q.  This is where Mr Godeseth is referring -- I don't have
       time to take you to the underlying PEAKs --
   MR JUSTICE FRASER:  We are in Parker 3.
   MR DE GARR ROBINSON:  We should be in Godeseth 3, E2,
       tab 13.  I'm so sorry, it should be {E2/14/5}.  Could
       I ask you to read paragraph 17 please.
           (Pause).
   A.  I have read that, yes.
   Q.  Might that be what you are talking about?
   A.  No, I don't recognise this.
   Q.  So are you in a position to confirm what Mr Godeseth
       says or not?
   A.  No, because the data that -- I'm unsure what BRDB refers
       to --
   Q.  I'm so sorry, that's Horizon Online.
   A.  -- but the data would have been transaction data that we
       could have been changing, from my recollection of it.
   Q.  Then the process you are describing in your witness
       statement -- you say that you would -- I'm looking now
       at paragraph 15 of your first statement {E1/7/3}, you
       say that you would contact the branch and arrange for
       them to stop using the computer for a limited period of
       time.  You would then log on to the branch's system,
       download all the data from the relevant computer.  Now,
       stopping there, when you say "log on to the branch's
       system", which system are you logging on to?
   A.  Sorry, we would log into the counter that was faulty.
   Q.  When you say log into it, you wouldn't physically log
       into the counters, you wouldn't be in control of the
       counters, would you?
   A.  The counter had to be switched on -- my recollection is
       that if the postmaster hadn't logged on then we could
       log on with our ID to access the message store and the
       Riposte system.  In that instance there would be an
       audit trail because our user ID would be in the message
       store not the postmaster's.
           In certain circumstances we could do that.  In other
       instances, the way I remember it is that for the system
       to operate correctly for the accounting, it had to be
       the same user ID logged on, so that postmaster, or that
       clerk or whatever would have to be logged in with their
       ID and password so that any data we changed, or put back
       on, would then go in with their ID, which is why they
       couldn't use it, then that data would then be picked up
       correctly by Riposte, Riposte would assume that the
       postmaster had been operating as normal and would accept
       the data into the message store and process it
       correctly.
   Q.  Could you tell me what were the circumstances in which
       you had to use the same user ID as the original user?
   A.  I can't remember what the differences were for the
       different errors, but it depended on what error was
       coming up and what bit of data was corrupt -- where the
       corruption lay in the message store.
   Q.  So you can't think of a specific reason why it would
       have to be the same person, but you're saying that it
       did sometimes?
   A.  Yes, it -- sorry.
   Q.  I didn't let you finish.
   A.  I have lost my train of thought now, sorry.  It often
       made it much cleaner for accounting reasons, from what
       I remember, if it was the same user ID.  All of this --
       all of these actions would be detailed in the PINICL and
       if -- from what I remember, if you were accessing
       a counter in this way, two people had to be there, one
       as an independent witness to make sure that everything
       was going correctly.
   Q.  So there would have to be what we now call PEAKs and
       there would have to be two pairs of eyes --
   A.  That was what --
   Q.  -- it would never be left to one particular member of
       the SSC team to do it on his own?
   A.  It was never supposed to be and I don't think it ever
       was but I'm not sure.
   Q.  So this is a formal process then, is it --
   A.  Yes.
   Q.  -- which the SSC took very seriously?
   A.  It was developed and taken very seriously, yes.
   Q.  And is it also the case that Post Office consent was
       always needed for this kind of process?
   A.  When I was there we were supposed to speak to the
       postmaster to get his consent.  So from Post Office
       consent, that's what I believe you mean by that.  Formal
       consent from the Post Office itself, maybe not.
   Q.  Do you remember the phrase OCPs?  The operational change
       process --
   A.  No.
   Q.  -- does that ring a bell?  Do you remember that a form
       needed to be filled in in which Post Office consent was
       obtained for alterations to data that could affect
       branch accounts?
   A.  No.
   Q.  You don't remember?  Can I suggest to you that that was
       the process and that did have to be complied with.
   A.  Right.  It may have been, yes.
   Q.  And you are also saying that it was also required that
       postmaster consent had to be obtained for this kind of
       change, yes?
   A.  That was my understanding of the consent that was
       obtained.  It was just one of those things that if you
       were going to log on to a counter remotely for whatever
       reason then you spoke to the -- you should speak to the
       postmaster first and get his consent.
   Q.  And it stands to reason, doesn't it, that if you
       started -- forgive me for the loose form of language,
       but if you start fiddling with data on his machines that
       could have an impact on his branch accounts, he or she
       could hit the roof, couldn't he?  He or she would need
       to know what was happening so as to avoid any upset?
   A.  Yes.
   Q.  And is it the case that when you engaged in this process
       you ensured that proper protocols were followed that you
       have just described?
   A.  Yes.
           Excuse me, I have just got cramp in my leg, sorry
       about that.
   Q.  Mr Roll, we have discussed what you say you could do and
       I have put my case to you.  The controls, the permission
       controls, the change controls that we have just
       discussed, that is having another colleague in the SSC
       review what changes you are making, obtaining
       Post Office consent and obtaining subpostmaster consent
       to anything that could have an impact on branch
       accounts, you followed those processes both for the
       process that you're describing, with which I have
       certain reservations, but also with the process of
       transaction insertions that we're coming to in a few
       minutes, yes?
   A.  Yes, as far as I'm aware.
   Q.  If you did anything that could have an impact on branch
       accounts, those processes had to be followed,
       didn't they?
   A.  Yes.
   Q.  Thank you.  So in paragraph 16 of your first witness
       statement {E1/7/3}, you say:
           "Still on the subject of remote access to branch
       systems, as I recall some errors were corrected remotely
       without the subpostmaster being aware."
           Those errors are not errors -- or rather those
       corrections were not corrections which changed branch
       accounts in the way that we discussed?
   A.  No.
   Q.  You're talking about other errors, aren't you?
   A.  Yes.
   Q.  Could you give some examples of the kind of errors you
       are talking about?
   A.  I can't remember I'm afraid.
   Q.  But would it be things like changing configuration
       items?
   A.  Probably, yes.
   Q.  That sort of thing, which would not have an impact on
       the branch accounts in the way that we have previously
       discussed?
   A.  I think so, yes.
   Q.  Now, the process that you describe in paragraph 15, you
       say "We would frequently access a post office counter IT
       system remotely".  The occasions on which you would
       access a post office counter remotely in order to change
       lines of transaction data, whether by inserting
       something or engaging in the other process that we have
       discussed and I have queried, these changes would only
       arise in circumstances where the cyclic redundancy check
       had been triggered where there had been some problem
       which the CRC system had identified as requiring
       attention, would that be right?
   A.  I'm not sure.  I think so.
   Q.  Very good.  Then could I ask you just to look back to
       Mr Parker's first witness statement at paragraph 55.3
       {E2/11/15} and the top of page 16.  He is talking about
       the CRC process and he says:
           "If one of the sets of data on a branch counter
       became corrupted it would generate an event that would
       be picked up by the SMC and/or reported to HSD by the
       branch (an incident reporting a 'CRC error').  There
       were a total of 629 CRC errors over the life of
       Legacy Horizon ..."
           Would you be in a position to challenge that
       calculation?
   A.  That's not my recollection of it.  My recollection is
       that some of these errors that I'm describing we would
       detect because a counter perhaps hadn't replicated for
       two or three days, so we would then look to see why it
       had not replicated and that's when we would find out
       that the postmaster was still using it, transactions
       were accumulating on the counter and a corruption at
       some level had stopped the counter replicating after
       that point, so we would -- from my recollection it
       wasn't an error that we were receiving, it was something
       we were monitoring on an ongoing basis.
   Q.  Could I just ask you about that, Mr Roll.  It's always
       dangerous to ask a question to which you don't think you
       know the answer, but I can understand that something may
       happen to a counter which means it stops replicating to
       its fellow systems within the branch; what I don't
       understand is why it would stop replicating because of
       a problem with a particular line of -- with a particular
       transaction message.  Why would a particular transaction
       message stop the unit communicating with its fellow
       units?
   A.  A corrupt line of code in the message store would, from
       my recollection, stop that message store replicating.
       I can't remember why, but the messages, as I say,
       including that corrupt one wouldn't get replicated.
       That's how you could find out which one was broken, you
       could look at the message store and see that up to
       line 9,004 had come through, so you would know, if the
       postmaster had carried on using it, that 9,005 was the
       bad message.
   Q.  And would I be right in thinking that the problem with
       9,005, there would be a problem in the envelope, the
       data in the envelope around the transaction?
   A.  Not necessarily, it could be in the data itself.
   Q.  Why would that be?
   A.  Because of data corruption.
   Q.  But why would that -- why, for example, if there was
       a problem in the amount that was recorded in the
       relevant transaction, why would that stop the counter
       replicating --
   A.  I don't know, but it did.  That's the way I remember it.
   Q.  Let's move on to transaction insertions.  Paragraph 18
       of your first witness statement, that's page 3 {E1/7/3},
       you say:
           "The ability to remotely access the Horizon system
       at branch level was extensive, in that we were able to
       change not only data and transaction information, but we
       also had the ability to insert transactions and transfer
       money remotely ..."
           I'm not going to ask you about transferring money
       remotely, the evidence has been explored in a series of
       witness statements, but what I'm seeking to ascertain
       from you is that you are talking about two different
       forms of changing data, are you: firstly, the form of
       data that you have just discussed, data changing that we
       have just discussed; and secondly, the form of
       transaction insertions?  Are they entirely separate, or
       are they the same thing?
   A.  Separate.
   Q.  They're separate, are they?
           During the course of your time at the SSC did you
       ever insert a transaction using that facility?
   A.  I don't think so.
   Q.  You don't think you did?
   A.  No.  I believe there were instances where corrections
       had to be made because data hadn't been written in and
       some members of staff were able to add lines in to
       correct the problems that were coming up, but I can't
       remember -- I think -- I can't remember which ones they
       were.
   Q.  So when you say in paragraph 18 "we were able to change
       not only data and transaction information, but we also
       had the ability to insert transactions", when you say in
       the next sentence "obviously this was not done by me",
       are you referring to the ability to insert transactions
       and the ability to transfer money?
   A.  Yes.
   Q.  So you couldn't do either of those things?
   A.  I could have done.  From my recollection.
   Q.  I'm so sorry, you didn't do either of those things?
   A.  No.  What I'm referring to here is somebody -- if you
       want to be dishonest -- if the postmaster was using the
       counter then my recollection was that you could have
       logged onto the counter without the postmaster
       knowing --
   Q.  I don't need to ask you any questions about that,
       Mr Roll, but I understand why you want to tell me.
           Going back to the form of access you refer to in
       paragraph 15, this is the situation you're referring
       to: the counter would stop replicating, you would be
       aware that the counter would stop replicating.  Would
       that come up in the automatic checks?
   A.  Yes, I think it was something that certainly in the
       early days we were looking for, was counters that hadn't
       communicated for three days or so.
   Q.  And then you would gain reading access to that counter
       and see what had happened?
   A.  You would just log in.
   Q.  And you would see that the transactions had stopped
       replicating at a particular point, is that right?
   A.  Basically, yes.  Quite often the postmaster would have
       gone on holiday, so the counter was turned off or
       something and that's why it wasn't replicating.  In that
       case there was no need to do anything.  In other
       instances you would see that the postmaster was still
       using the counter and that's when you would realise
       there was a problem.
   Q.  And what would the nature of the problem be?  What would
       be wrong with the line of data that would make the
       machine stop replicating?
   A.  As I have previously said, one of the lines of --
       a digit or a bit somewhere, from what I remember, would
       have been flipped.
   Q.  And are you suggesting that that wrongly flipped bit
       could also have the effect of, I don't know, making the
       transaction wrong, making it for £100 rather than £10,
       something like that?
   A.  Originally I thought that, but I don't think it would,
       because merely flicking one bit wouldn't alter the data
       that much.  It would make one of the digits wrong but
       not to the extent that it ...
   Q.  So the basic features of the transaction, whether it was
       a purchase of stamps, or a sale of insurance or whatever
       the transaction was, and the amount involved, the sort
       of basic features of the transaction that end up having
       an impact on the branch accounts, the problem you're
       talking about requiring fixing wouldn't involve any
       corruption of those features, would it?
   A.  It could be that if it was £100 then one of the zeros
       would get flipped to a non-numerical value.
   Q.  And that error might itself, what, prevent -- might it
       also prevent the machine from replicating?
   A.  That might then prevent the message store from
       replicating.
   Q.  This is a voyage of discovery for both of us.
           In that situation you say that you would correct the
       data in the way that you have described?
   A.  Yes.
   Q.  And we have already discussed whether you could or not,
       but how would you know what change to make to the data?
       How would you know, for example, that it should be £100
       or £105 or £10, what investigations would you carry out?
   A.  You would -- by looking at the value, for example if it
       was 100, or should have been, then it would be 1 and
       maybe a backspace character and a zero.  Now, if you
       change any one of those bits, from my recollection only
       one of them would result in a numerical value.  If you
       wanted a different numerical value to the original one
       you would have to change two bits and the chances of two
       bits becoming corrupted at once were astronomically
       small.
           It would also then if you corrected it -- if you
       changed to put the wrong value in then there would be
       probably an accounts or a cash balance mismatch, so you
       knew that by changing one of the bits you would then get
       a numerical value and that should -- when it is run
       through the books properly, it wouldn't affect -- there
       would be no errors.
   Q.  So are you saying that when you did this there was
       a means by which you could be absolutely sure what the
       right figure should be?
   A.  Yes.
   Q.  And how often -- I'm inferring, but it may be optimism
       bias on my part, but I'm inferring that of the problems
       that caused counters to stop replicating there were many
       many problems that didn't involve the basic features of
       the transaction data being wrong and I'm thinking that
       the cases in which that problem was caused by the
       transaction features itself being wrong was a very, very
       small proportion.  Would that be right?
   A.  Unfortunately this is one of the things where the
       mundane solutions, which are very easily fixed, you tend
       to forget about and this, which is a very complex
       solution, tends to make more of a -- more of a memorable
       impact.  So my perception is that it was frequent, or it
       certainly sticks in my mind more, but I wouldn't --
       I would say it was only a small -- a --
   Q.  Would you be able to give an estimate --
   A.  No.
   Q.  -- as to how many times you did it in the four years?
   A.  No.
   Q.  Would it be -- it would be less than a handful?
   A.  I would think every couple of months, but I could be
       wrong.
   Q.  You could be wrong.
           It is right, isn't it, that Fujitsu generally, the
       SSC, was extremely reluctant to make any changes to the
       basic features of transaction data that we have been
       discussing?
   A.  Yes.
   Q.  That's not something they regarded as their job,
       correct?
   A.  Sorry, the changes to the transaction data?
   Q.  The basic features of the transaction data?
   A.  How do you mean by ..?
   Q.  Well, changing a figure in the -- the discussion that we
       have just been having?
   A.  Right.  That would have been our job because it was
       trying to fix a corruption in the data.
   Q.  All right.  And let me suggest to you that it is
       something you only did when you absolutely had to do it?
   A.  Yes.
   Q.  So I would like now to ask you to go to your second
       statement, paragraph 20 please {E1/10/6}.  You say about
       halfway down that paragraph -- we may have discussed
       this already, but here you are describing transaction
       insertions and there's a discussion about whether you
       could use the correspondence server to piggy-back
       through the gateway.  And then you say:
           "The nature of many problems meant that we had to
       implement a fix in this way rather than going to the
       correspondence server, and we frequently did use this
       method in practice."
           Could you explain the nature of the problems which
       meant it was necessary to use that mechanism?
   A.  No.
   Q.  Can you identify a single problem that requires you to
       do it that way?
   A.  I can't remember any specific examples, but it was --
       I do remember that quite often we went to the counter as
       opposed to the correspondence server.
   Q.  And then you say:
           "If we injected transactions in this way, at the
       counter position, then the counter position would be
       shown in the branch records and reports as the relevant
       counter position used in the branch ..."
           Then going to the next sentence:
           "Sometimes we had to ask for a specific person to
       log in to the counter before injecting transactions so
       that the software would not detect any discrepancies."
           Could you explain why that was?
   A.  The way that I remember it, if you -- if the system --
       if Riposte was looking at a batch of transactions going
       through, so you had a certain user ID logged in, if it
       then suddenly saw right in the middle a different user
       ID, it would reject that transaction, it wouldn't
       process it, it would --
   Q.  When you say transaction, we are obviously not talking
       about transactions undertaken at the branch, we're not
       talking about sale -- we have already established --
   A.  I am in this instance, sorry.
   Q.  Wasn't your previous evidence, Mr Roll, that you have
       never used transaction insertions so as to insert
       transactions into --
   A.  I'm sorry, we're ... I misunderstood your question in
       that case.  Yes, I did insert transaction data on
       occasion into the counter servers under the processes
       that we have discussed where we would correct data,
       log into the server -- sorry, into the counter and then
       put the corrected data back in.  I wouldn't insert
       data -- or I don't recall inserting data to correct the
       system when data had not been written by Riposte.
       I believe that on occasion lines of transaction data
       were not written into the message store when they should
       have been and that there was a way of correcting that
       and inserting new lines into the message store, perhaps
       not with accounting data in it, but with ancillary data
       to -- so that the message store would continue
       processing and running properly and I believe that
       certain members of SSC did that.
   Q.  You didn't though?
   A.  I don't recall ever having to do that myself, no.
   Q.  If we could look at the transcript at the bottom of
       page 134.  My question to you at the top of the page
       was:
           "Question: ... during the course of your time at the
       SSC did you ever insert a transaction using that
       facility."
           And you said:
           "Answer: I don't think so."
   A.  Could we scroll up a little bit further please.
   Q.  Yes, if we could just go up the page.
   A.  Thank you.
   Q.  So I say at line 5:
           "Question: Let's move on to transaction insertions.
       Paragraph 18 ..."
               You refer to them and I quote -- I read out
           what paragraph 18 says.
   A.  Right.
   Q.  And I say:
           "Question: I'm not going to ask you about
       transferring money remotely ... what I'm seeking to
       ascertain from you is that you are talking about two
       different forms of changing data, are you: firstly, the
       form of data that you have just discussed, data changing
       that we have just discussed; and secondly, the form of
       transaction insertions?  Are they entirely separate, or
       are they the same thing?
           "Answer: Separate.
           "Question: During the course of your time at the SSC
       did you ever insert a transaction using that facility?"
           "Answer: I don't think so."
   A.  I'm sorry, you've got two types of data here which we
       were discussing.  The first one yes, the second one no.
   Q.  Sorry, and what are the two types of data?
   A.  So the first one is where we have had the bit that's
       been corrected, as I have described, and where we have
       corrected the bit, created a text file which we then
       log on to the counter via the server with the postmaster
       logged on but not using the machine.  We then ran
       I think it was an import tool to rebuild the message
       store on the counter.  That's the way that I recall it.
   Q.  Yes.
   A.  So that is the process I was involved in.
   Q.  I see.  I think there may be a very large penny
       dropping, Mr Roll.  So the process that we discussed
       perhaps 40 minutes ago that threw me somewhat, I will be
       frank, was a process -- I think what you're saying --
       involving two different actions.  The first one was the
       action to get hold of the data that hadn't replicated
       and make sure it did get onto the system, but the second
       was to deal with the problem of a line of transaction
       data that was stopping the counter from operating?
   A.  By -- sorry, if I can just stop you there.  Getting that
       data copied, it meant we had to correct that line of
       data first to get the data to replicate properly.
   Q.  Right.  But are you saying that the line of data that
       you corrected was actually a new transaction that you
       inserted using the transaction insertion facility?
   A.  It was -- in this instance no it wasn't a new
       transaction, it was an existing transaction that was put
       in, but there was the facility to create -- from what
       I remember, to create a new line of code.  Not
       a transaction in the terms of selling a stamp or
       something, but in the process of creating -- processing
       a sale to a customer there would be numerous lines of
       code, lines of data written to the message store.  Now,
       sometimes one of those might not have got written.  The
       data regarding the sale, the value, et cetera, would
       have been and maybe one of the other lines wasn't.
   Q.  Yes.
   A.  So there was also the facility to correct that, which
       I believe involved putting a new line into the message
       store as a correction and that's what I wasn't --
       I didn't -- I don't remember ever doing that.
   Q.  So the process that we spent some time discussing
       earlier on this afternoon, did that process -- I had
       understood you a couple of minutes ago to be saying that
       as part of that process you did do transaction
       insertions and those transaction insertions were the
       kind of transaction insertions that involved putting
       lines of transaction data in in the way that we have
       defined?
   A.  Yes, reinserting existing ...
   Q.  And that was part and parcel of the process you
       described at say 10 past 2 this afternoon --
   A.  Yes.
   Q.  -- when we started talking about paragraph 15 of your
       first statement, is that right?
   A.  Yes.
   Q.  I see.  And that's the only kind of transaction
       insertion that you say you ever did --
   A.  As far as I can remember, yes.
   Q.  -- that involved actually inserting transactions?
   A.  Yes.
   Q.  And you say it is correcting data, but the truth of the
       matter is it is just putting in a new transaction line
       that you yourself have formulated, is that right?
   A.  Yes.
   Q.  I see.  Now that makes more sense to me.  And what you
       say is that's the only time you ever did use the
       transaction insertion facility in a way that would have
       had an impact on a set of branch accounts?
   A.  Yes.
   Q.  And what you say is you can't remember how often you did
       it, but it could have been once every couple of months?
   A.  Yes.
   Q.  And how clear are you in your memory as to how often you
       did it?  Might it have been much less frequent than
       that?
   A.  It might have been.
   Q.  And might it have a bigger impact on your memory because
       of the -- frankly the palava you had to go through --
   A.  Yes.
   Q.  -- before you had sufficient permissions to do that?
   A.  Yes.
   Q.  Thank you, Mr Roll.
           Now, one thing I want to ask you about, Mr Roll, is
       that on those occasions when you inserted transactions
       piggy-backing off the correspondence server, you don't
       remember why you had to do it but you do say you had to
       do it.
   A.  Yes.
   Q.  Would I be right in saying though that the default
       process of doing it was doing it through the front door?
   A.  Yes.  It was always safer to do it from the
       correspondence server.  The further you got away from
       it, if you like, the more risks and --
   Q.  And as a general rule the SSC didn't like taking risks
       of that sort, that's not what they were there for?
   A.  That's not what we were there for.
   Q.  I'm grateful for that.
           And could I suggest to you that in those situations
       when it was necessary to use the piggy-back procedure
       and indeed perhaps even more widely, that care was taken
       to insert something in the message that was sent through
       to make it clear it did come from the SSC?
   A.  I don't remember that in the message.  In some instances
       from what I recall, you couldn't do that.  I could be
       wrong, but the way I remember it is that it was -- when
       we did this it was documented in the paperwork, so there
       was a record of it on that side of things.
   Q.  Well, let's look at an example.  It's an example when
       you weren't there, but could we go to {F/485} please.
       This is a PEAK that took place in 2009 so it's a long
       time after you left, Mr Roll, and you will see that the
       summary indicates there is a harvester exception and
       I think we have already discussed -- or could you
       perhaps explain what a harvester exception is?
   A.  I think a harvester exception was when the servers --
       the correspondence servers overnight -- they were, from
       what I remember, UNIX servers handling huge amounts of
       data from all of the Post Offices and the harvesters
       would run sequentially from sort of 2 o'clock in the
       morning or something, one would run for 15 minutes, it
       would allow 15 minutes to run and then the next one
       would run and then the next one would run.  So they were
       not directly related to the counters at all.
   Q.  Then if we go to page 2 {F/485/2} just to see what the
       problem was in that case.  Someone called
       Garrett Simpson -- I don't know whether you know who
       Garrett Simpson was?
   A.  He was probably the one who knew most about UNIX
       servers.
   Q.  And he says at the bottom of the page:
           "After discussion with Cheryl and David I think the
       situation was this:-
           "1) The session ... had four Mode:SC transactions
       for different currencies. Each one of these messages was
       missing mandatory fields so the harvester rejected
       them."
           Stopping there, could you explain to the court what
       these mandatory fields would have been?
   A.  I can't remember.  I think -- well, no, I can't
       remember.
   MR JUSTICE FRASER:  Mr De Garr Robinson, this is an example
       from five years after he has stopped working there
       I think, is it?  2009?
   A.  It is, yes, my Lord.
   MR JUSTICE FRASER:  Well, just hold on one second.
           Am I right it is a 2009 incident?
   MR DE GARR ROBINSON:  Yes.
   MR JUSTICE FRASER:  I question how much help any of
       Mr Roll's evidence might be about something in 2009.
   MR DE GARR ROBINSON:  All right.  Let me do this very
       quickly in that case.
           As a result of this PEAK a transaction was inserted
       into the message store of the relevant branch and
       there's a copy of the transaction that was -- of what
       was done at {F/416.1} and perhaps we could look at that.
           (Pause).
           This may be a convenient moment.
   MR JUSTICE FRASER:  All right.  We will have five minutes.
       I do draw your attention to time.
   MR DE GARR ROBINSON:  Yes, I'm well aware of that.
   MR JUSTICE FRASER:  Good.
           All right, we will have a five minute break for the
       shorthand writers, Mr Roll.  Same form as before, back
       for 20 past 3 please, don't talk to anyone about your
       evidence.
   (3.15 pm)
                          (Short Break)
   (3.24 pm)
   MR DE GARR ROBINSON:  Mr Roll, you will be pleased to know
       that we are going to have some expedited
       cross-examination now.  Could you please go to
       bundle E2, tab 12.  This is Mr Parker's second witness
       statement and I would like to ask you to read at page 9
       paragraphs 27 and 28 please {E2/12/9}.
           (Pause).
   A.  Yes.
   Q.  Have you looked at the PEAK to which Mr Parker refers in
       paragraph 28?
   A.  I can't remember if I saw that one or not.
   Q.  Okay.  Well, we actually looked at it just before the
       break -- I didn't give you the number so there's no
       reason why you should know that.  But you will see what
       Mr Parker says in paragraph 28.4 and that is a point
       I would like to put to you {E2/12/10} he says:
           "The messages were inserted with the additional
       property <Comment:PC0175821> ..."
           Which was the name of the PEAK.
           "... to allow them to be identified ..."
   MR JUSTICE FRASER:  Hold on one second something has gone
       wrong.  Can we jump back a page to page 10 please
       {E2/12/10}.
   MR DE GARR ROBINSON:  Yes, paragraph 28.4:
           "The messages ..."
           This is the transaction insertions and this is in
       Legacy Horizon that you worked on, although it is
       five years after your time.  He says:
           "The messages were inserted with the additional
       property <Comment:PC0175821> to allow them to be
       identified in the audit trail ..."
           Now, what I would like to suggest to you, Mr Roll,
       is that when steps were taken to insert transactions
       into branch accounts, that was the practice that was
       followed: you would do something in order to enable the
       source of the transaction to be identified from the log.
   A.  This, as you pointed out, is Legacy Horizon from 2009.
       I would not say that was the same version as the
       software that I worked on.  There were constant changes
       and upgrades going out all the time.  I can't remember
       if we had the facility to insert comments into the
       version that I was working on.  It may be that we did,
       but my recollection first of all is that when we were
       doing it it was documented in the PINICL and also this
       is for the creation of a new item, a new transaction,
       that I was not involved -- I do not think I actually got
       involved in that side of things.  It was the correction
       of the corrupted ones that I was working in.
           So it's possible, yes, that there was, but, briefly,
       I don't know, I can't remember.
   Q.  If we go down to paragraph 31 {E2/12/10}, Mr Parker
       says:
           "Transactions injected into a counter would appear
       on the transaction logs available on Horizon as if it
       had been carried out by the user that was logged into
       the counter at the time (if nobody was logged on, the
       user ID would be missing)."
           Is that right?
   A.  Yes.
   Q.  "However, when injecting such a transaction, the SSC
       user would ensure that it was clearly identified in the
       audit trail as having been inserted by SSC.  Examples of
       such identification I am aware of are the use of an SSC
       user as the clerk ID and/or details of the incident
       number as an additional property."
           You could put additional properties into the
       transactions you inserted, couldn't you?
   A.  I don't recall that -- I don't recall.  I didn't think
       we could, or I didn't think we did at that point when
       I was working on it.  There's a point here where it says
       that "Examples of such identification I am aware of are
       the use of an SSC user as the clerk ID".  That is where
       if the SSC user had logged into the counter and was
       inserting a new transaction, rather than getting the
       clerk to log in and then injecting a transaction as if
       it were the clerk who were logged on, so that would --
       in this instance if you were creating a new transaction
       to balance the accounts then you probably won't need to
       log in as that clerk who had done the original
       transactions, in which case it would make sense to log
       in as yourself because then from the user ID it would be
       clearly identifiable that it wasn't a Post Office
       employee doing it, it was someone from the SSC.
   Q.  What I'm suggesting to you, Mr Roll, was that when you
       worked at the SSC, first of all there was the ability,
       when using transaction insertions, to include additional
       properties which made it possible for it to be
       identified that you were the one inserting the
       transaction and I want to suggest to you, Mr Roll, that
       it was the practice to use that facility so as to be
       clear as to the state of affairs where the transaction
       came from.
   A.  I would disagree, to put it briefly, bluntly.  If it was
       a new transaction of the type we are discussing here
       which I didn't do then yes, it's possible it was, but my
       recollection is that if we were rebuilding the message
       store and correcting a piece of data then -- effectively
       creating a new item to go in to replace the broken item,
       then it wouldn't have any comment put into it, but that
       is my recollection.
   Q.  And how clear is that recollection?  I will give you an
       opportunity to indicate whether you --
   A.  It is 15 or 19 years ago, so ...
   Q.  Say again?
   A.  I might be mistaken.
   Q.  You fairly accept that you might have just overlooked or
       forgotten?
   A.  Yes.
   Q.  That's very kind of you, Mr -- and very fair of you, if
       I may say so.
           Then in the last few minutes let's go to
       paragraph 23 of your second statement {E1/10/7}.  We are
       now talking about rebuilding branch transaction data
       where a particular counter becomes corrupted.  You will
       recall that before the break I read you paragraph 38 of
       Mr Parker's second witness statement where he went
       through those stages?
   A.  Yes.
   Q.  And my recollection is that you essentially accepted the
       processes that Mr Parker described?
   A.  Yes.
   Q.  You say:
           "As part of my role in the SSC, I was involved in
       rebuilding branch transaction data ... whilst in general
       terms I agree with Dr Worden's summary ... his
       description is very much a simplification ... when data
       on a counter became corrupt, the effect was that data
       transmitted after that corruption could become
       stuck ..."
           Then moving on, you say halfway down:
           "There was clearly room for error in this process,
       where data could be lost, or mistakes made when
       replicating data."
           Now, I would like to ask you first of all what room
       for error was there in the process where data could be
       lost?
   A.  When you are copying the data from a counter, in my
       recollection, if it's a remote counter, you're copying
       across the network and then editing it yourself on
       a computer, you might make a mistake and you might
       delete something that you shouldn't have deleted.  And
       that is the error -- the room for error that I'm talking
       about.  There were processes -- I have to admit there
       were processes in place to minimise this risk, such as
       having two people checking it and so on.
   Q.  Well, that was going to be my next question, Mr Roll.
       Why didn't you mention the fact that there were these
       protections that were specifically designed to reduce
       that risk to a really infinitesimally small level?
   A.  It didn't seem necessary to put that in.
   Q.  It does give a rather unfortunate impression which is
       rather different from the fact of the matter, would you
       accept that?
   A.  To my mind, no, but I will accept that it -- to other
       people it could perhaps.
   Q.  Well, could I suggest this to you, Mr Roll.  You
       download this data, you get the line that you think
       needs correcting and you correct it and this is all with
       someone else formally sitting there watching what you
       are doing, is that right?
   A.  Not at that point necessarily, no.
   Q.  When would they be watching?
   A.  When you're about to insert the data.
   Q.  So let's imagine a situation where that's happening.
       The person comes along.  What does that person -- he
       obviously have has to check that the data you are
       inserting is going to be right --
   A.  They check the data that you've got and then make sure
       the process is followed correctly to insert the data.
   Q.  So that person would, for example, make sure that no
       data has been lost?
   A.  Yes.
   Q.  He or she would make sure that the change being made is
       the correct change?
   A.  Yes.
   Q.  And only when both he or she and you are satisfied that
       it is all correct would be possible for you to press the
       button and insert the transaction, is that right?
   A.  Yes.
   Q.  Now, doesn't that suggest that the chances of an error
       being made such that a wrong transaction being entered
       into a branch accounts really is infinitesimally small?
   A.  It is quite small, yes.
   Q.  Thank you.  Then in paragraph 24 of your statement
       {E1/10/7} you say:
           "The process that I describe at paragraph [23] above
       could be carried out without the subpostmaster's
       knowledge ... and in my recollection it sometimes was
       done without the subpostmaster's prior knowledge, for
       example if the subpostmaster was away from the branch on
       a lunch break and had not logged out of the system."
           And then you say at the end of that paragraph:
           "... there were times where the job needed to be
       done quickly to prevent potentially catastrophic failure
       and we were unable to contact the subpostmaster
       beforehand."
           Were those the only occasions in which you would
       have inserted a transaction without informing the
       subpostmaster beforehand?
   A.  That is the only time we would have got onto a counter
       without --
   Q.  Right, so I would just like to ask you: in relation to
       the particular transactions we're talking about, in what
       situations would that potential catastrophe arise?
   A.  I can't recollect exact scenarios.  I can't remember.
   Q.  Can you not give me an idea of what you're talking
       about?
   A.  No.
   Q.  So let us assume there was a situation of potential
       catastrophe, you would never allow a subpostmaster to
       have his or her accounts changed without them knowing
       about it, would you?  It might be that you might not
       have told them beforehand, you would certainly tell them
       afterwards?
   A.  You would tell them afterwards.
   Q.  So it is absolutely standard SSC practice, isn't it,
       when you are dealing with a branch and correcting
       problems that the branch has got that the branch will
       see, it is absolutely standard that you will communicate
       with the subpostmaster to ensure that the subpostmaster
       knows what changes you are making?
   A.  Yes.
   Q.  Thank you.
           My Lord, I have rather hurriedly come to the end of
       my cross-examination.
   MR JUSTICE FRASER:  Thank you very much.  Mr Green.
                    Re-examination by MR GREEN
   MR GREEN:  A few points if I may.
           Mr Roll, could you please be shown {F/1839}.  I will
       tell you what's coming up.  It's the spreadsheet you
       were shown -- a whole load of figures were put to you
       and you were challenged on your recollection on the
       basis of various statistics.  Do you remember?
   A.  Yes.
   Q.  Just a couple of quick points.  First of all, can we
       just look at the RRP live PEAKs into SSC.  And scroll up
       please.  Sorry, I thought it was that tab, apologies.
       Can we try by category, sorry, "RRP live PEAKs by
       category".  That's better, apologies.  Can we scroll up
       just to the top very kindly.
           So you've got the closure category codes down the
       left-hand side: 0, 8, 9, 12, 14, 15, 40, 42 and so
       forth.
   A.  Yes.
   Q.  And you have the legend or the description against them
       and if we look, for example, at number 63, "Programme
       approved - no fix required", 115 of those.
   A.  Yes.
   Q.  At this distance in time can you remember what was
       encompassed in those descriptions?
   A.  I've got no recollection at all I'm afraid.
   Q.  Okay.  And we see another one "Administrative response"
       at line 21.
   A.  Again, I can't remember that.  I can't remember any of
       them.
   Q.  But that one seems to have quite a lot: 5,358, so about
       a fifth of the overall total.  Do you see that?
   A.  Yes.
   Q.  Okay.  You weren't shown it, but the court was told
       there was a document which was broadly consistent with
       what those codes meant and if we can look please at that
       document, it is at {F/823/23}.  Mr Roll, I'm only going
       to give a couple of examples of this.  If we look at 63,
       which is the line we looked at first.  If you come down
       the left-hand code side to 63.  Do you see this table
       actually only starts at 60, it doesn't have any of the
       earlier codes?
   A.  Yes.
   Q.  But it does have 63 and you look across and it says
       "Programme approved no fix required" which on the face
       of it sounds quite chirpy and positive and then we look
       and it says:
           "Rarely used.  Covers the case where there IS
       a fault in the product and this is acknowledged by both
       Fujitsu and [Post Office Limited], but the fault is
       there as a result of an agreed design specification and
       Fujitsu would require POL to fund any correction.  MUST
       NOT be used without approval from HNGX Programme Manager
       or authorised representative."
           At this distance of time can you remember seeing any
       examples of those that you dealt with?
   A.  No, I'm afraid I can't.
   Q.  Just one other one if I may.  Can we please see
       {F/16/2}.  This is PEAK PC0027887 and you will see it
       comes in on 21 July 1999.  Can you see the narrative
       there, for FAD code in the third line of the light green
       box, for FAD code O011523 on week, 9 receipts and
       payments misbalance of £1,337.05, week 10 misbalance of
       £24,000, week 11 misbalance of £12,000, week 12
       1,051,111.48; do you see that?
   A.  Yes.
   Q.  And if we could go forward please to page 3 {F/16/3} and
       look in the bottom yellow box, 27 July at 10.09, do you
       see "CAP12" on the left-hand side?
   A.  Yes.
   Q.  It says:
           "Balance brought forward was multiplied twice due
       [to] known software error.  The initial balance brought
       forward for this CAP was 1,196,622.72.  This was
       multiplied twice to give a total of BBF of 2,279,189.04.
       The discrepancy was therefore 1,082,540.28.  This was
       due [to] a known software error which has [now] been
       resolved."
           Do you see that?
   A.  Yes.
   Q.  So that would have been quite a bad one, is that fair?
   A.  Yes.
   Q.  If that had come across your desk?
   MR JUSTICE FRASER:  Mr Green, on the basis you still have
       another witness ...
   MR GREEN:  I'm really rushing, it is the last page.
   MR JUSTICE FRASER:  Well, you are almost getting to the
       outer envelope of arising out of cross-examination, so
       put one more or two more questions.
   MR GREEN:  I will, my Lord.  It was just on those codes.
           If you look please at -- there are two last places
       to look in the document.  One is on page 11 {F/16/11},
       where it has been given a categorisation "Fix for first
       maintenance release".  Can you just tell the court what
       that would normally mean as far as you remember?
   A.  I can't remember.
   Q.  And then at the end it is closed, on page 13 {F/16/13},
       as "Administrative response".  Can you see that?
   A.  Yes.
   Q.  And just above it says "Insufficient evidence".
   A.  Yes.
   Q.  Can you remember how frequent it was for PEAKs to be
       closed with insufficient evidence while you were there,
       or ..?
   A.  I can't give you an accurate -- I can't say how often
       I'm afraid.  I can't remember.  I know it was used but
       I can't remember how often.
   Q.  Last point if I may.  Can you please be shown {F/99.2}.
       You were asked about pressure in relation to service
       level agreements and if we look at {F/99.2} -- sorry, on
       my copy --
   MR JUSTICE FRASER:  Do you want 99?  We are on 16/13 at the
       moment.
   MR GREEN:  I've got printed out on mine F/99.2.
   MR JUSTICE FRASER:  It might not be wrong, we just might not
       have got there yet.
   MR GREEN:  Well, my Lord, I can probably deal with it with
       another witness.
   MR JUSTICE FRASER:  I think you probably --
   MR GREEN:  It was a point of fairness to this witness.  He
       was challenged on something and there was evidence about
       it, but I will deal with it with Mr Parker.
   MR JUSTICE FRASER:  Mr Roll, no questions from me.  Your
       evidence is at an end now, you can now leave the witness
       box and you can chat to people about the case if you
       would like to.  Thank you very much.
   A.  Thank you, my Lord.
   MR JUSTICE FRASER:  Thank you very much.
           Right, next witness.
   MR GREEN:  My Lord, it is Mr Henderson if I may.
                     MR IAN HENDERSON (sworn)
   MR JUSTICE FRASER:  Thank you, Mr Henderson, do have a seat.
   A.  I would prefer to stand if I may.
   MR JUSTICE FRASER:  Yes, of course you may.
                 Examination-in-chief by MR GREEN
   MR GREEN:  Mr Henderson, in front of you there is a file and
       if you turn to tab 5 you will see an "Amended witness
       statement of Ian Henderson" {E1/5/1} and if you turn to
       the back of that witness statement on page 7 {E1/5/7}
       you will see a signature.  Is that your signature?
   A.  Yes, it is.
   Q.  And is that statement true to the best of your knowledge
       and belief?
   A.  It is, subject to two points.  Firstly, I originally
       prepared a much longer witness statement but I was told
       that because this is a time limited trial it was not
       appropriate to submit one of that length, so this is
       substantially shorter.
           Secondly, I think the court is aware that I'm
       a party to an agreement between sort of Post Office and
       the claimants that restrict the matters on which I can
       give evidence, so that is a further limitation in my
       evidence today.
   MR JUSTICE FRASER:  Understood.
           Have you any questions in-chief?
   MR GREEN:  No questions in-chief, my Lord.
                  Cross-examination by MR DRAPER
   MR DRAPER:  Good afternoon, Mr Henderson.
   A.  Good afternoon.
   Q.  You make very clear from your witness statement that you
       don't propose to give opinion evidence and I'm not going
       to ask you any questions about the opinions set out in
       Second Sight's reports.
           What it may be helpful to do is to take you through
       some of the background to Second Sight's involvement and
       some of the chronology as to what happened at various
       stages and your involvement in the mediation scheme.
   A.  Fine.
   Q.  With that said, there's one very general point about the
       scope of Second Sight's work that I would like to
       confirm with you.  As you are aware, the issues to be
       determined in this trial and to which you refer in your
       statement are purely technical issues about the Horizon
       system as to its functions, reliability, robustness.
       You are aware of that, aren't you?
   A.  Yes, I am.
   Q.  It is fair to say, isn't it, that the scope of
       Second Sight's work was substantially broader than that?
       You also considered, for example, issues as to training
       and support?
   A.  Sorry, was there a question there?
   Q.  Yes: that's right, isn't it?
   A.  That our scope was much wider?
   Q.  Yes.
   A.  Well, our scope changed quite substantially during the
       terms of our appointment.  We issued an interim report
       and it was that that gave rise to Post Office deciding
       to offer a mediation scheme.  Our role at that point
       changed from being an in-depth investigation to being
       one of supporting the mediation scheme primarily and
       dealing with the 150 or so applicants to the scheme.
           We adopted the definition of Horizon that
       Post Office itself adopted, so it was much more than the
       coding or the software, it also included the way that
       processes operated, the impact of Horizon on
       subpostmasters and the various sort of remediation
       procedures that were available.
   Q.  Yes, thank you.  So just to -- I'm going to run you
       through the chronology if I may and at the end of my
       doing so there will be an opportunity for you to comment
       on that but I think everything I'm about to say to you
       ought to be uncontroversial.
           You were engaged first in July 2012, so the total
       time span of your involvement is 2012 to 2015.  You have
       just mentioned the CRRs we're going to come on to and,
       as you have you have said, the interim report was
       produced in July 2013, the mediation scheme was set up
       around then in the latter half of 2013 and it is right
       I think to say that the applications to enter the
       mediation scheme had to be in by November 2013, so
       roughly towards the end of that year?
   A.  My recollection is actually slightly different to that.
       We were first appointed around about July 2012.  Towards
       the end of 2012 we were in active discussions with
       Post Office and JFSA who invited applications for us to
       consider various matters.  After we issued our interim
       report, that was the point at which Post Office decided
       that we should move to the mediation scheme phase.
   MR JUSTICE FRASER:  I don't think the witness did mention
       a CRR.
   A.  No, I didn't, my Lord.  Case review report.
   MR DRAPER:  He may not have used the words but I think you
       said "individual reports in the mediation scheme",
       didn't you?  I may have misheard you.
   MR JUSTICE FRASER:  Rather than be combative, Mr Draper,
       when you put a question to the witness that says "You
       mentioned the CRRs" and he didn't, I just wanted to
       check you weren't at cross-purposes.
   MR DRAPER:  No, I had understood him to be referring to what
       I would call a CRR, but we shall come back to those in
       more detail.
           It is right to say, isn't it, that there were
       initially 150 applicants to the scheme --
   A.  Of which 136 were finally admitted into the scheme.
   Q.  Thank you, you finished my question.
           Once the mediation scheme started -- and again you
       have already said something of this -- it is fair to say
       that you had essentially two roles at Second Sight.  The
       first was the production of thematic reports, which are
       the reports you describe in your witness statement;
       that's right, isn't it?
   A.  Correct.
   Q.  And the second was the production of what I have called
       CRRs which are individual reports relating to
       a particular complainant's case?
   A.  Correct.
   Q.  Now, with that background can we turn please to the
       Second Sight engagement letter which is at {F/1228.1}.
       Do that you have on the screen there, Mr Henderson?
   A.  Dated 1 July 2014?
   Q.  That's the one, yes.  It says in "Background" there that
       this letter sets out the arrangements for your
       engagement on behalf of the working group in relation to
       your role in the scheme.  And we can read further just
       under 2 --
   A.  Can I just make a point, I'm sorry to interrupt, it is
       dated July 2014.  I mean that is a long time after the
       mediation scheme started, so I'm not sure that that is
       the first letter, or was the letter that was relevant at
       the time that we started our work in relation to the
       mediation scheme.
   Q.  I'm sure if it is going to be said that there was
       a different arrangement that had materially different
       terms, that can be suggested by the claimants.  So
       I just wanted to take you to some key elements of this.
       Obviously if you have that concern, you can raise it.
           If we could skip down quickly please to clause 4.1,
       which appears on page 3 {F/1228.1/3}, that's the
       provision allowing for termination on notice and that's
       the provision that was relied on the following year,
       isn't it?
   A.  That's correct.
   Q.  4.2 refers to the services being provided exclusively by
       Second Sight directors.  That's you and one other
       director, isn't it?
   A.  Correct.
   Q.  Go forward to page 5 please {F/1228.1/5}, just the
       signature page, to orientate everyone.  Then over the
       page {F/1228.1/6}, "Scope of services", is where this
       agreement describes what you are actually intended to
       do.  If you could just remind yourself please of 1.1
       down to 1.4.
           (Pause).
   A.  Yes, I have read that.
   Q.  Does that accord with your recollection of what your
       role was?
   A.  I remember this letter, but as I said earlier, this
       letter arrived probably at least halfway through the
       mediation scheme so we had already done a great deal of
       work, possibly on terms different than the ones
       described in this letter.
   Q.  Understood.  If you could turn then to look at 3
       {F/1228.1/3} please, towards the bottom:
           "It is recognised that Second Sight is not required
       to definitively determine every issue raised by
       a subpostmaster but rather is required to reasonably
       investigate and, where appropriate, offer an opinion on
       the key issues in dispute between a subpostmaster and
       Post Office."
           So it was recognised, wasn't it, from an early stage
       that it might not be suitable for Second Sight to be
       required to determine each and every issue that arose?
   A.  I take dispute with "at an early stage".  As I said,
       this letter is dated at least halfway through the period
       of us supporting the mediation scheme.
   Q.  Putting to one side whether the situation may have been
       different, you can confirm I think that it was certainly
       the position from the date of this agreement, that that
       was recognised?
   A.  Yes, I can.
   Q.  If we look please at 5 which starts at the bottom of the
       page but really the meat of it is over the page please
       {F/1228.1/7}, 5.1 refers to your expertise and the scope
       of that expertise.  5.2, just remind yourself of that.
       And 5.3 Second Sight shall:
           "... use its reasonable endeavours to comply with
       any deadlines or timeframes set by the working group."
           I just want to see whether you will agree with this
       in relation to timeframes: is it fair to say that the
       anticipation at the outset was that the working group
       would set relatively demanding timeframes and hope to
       move forward quite quickly?
   A.  I think that's a reasonable sort of expectation.  It's
       got to be measured by reality though and we had regular
       meetings of the working group and timetable was always
       on the agenda.
           Can I come back to 5.1, which you started to draw my
       attention to.  That was substantially varying the
       previous scope of our engagement which was that the
       scope of our work was to be set solely by Second Sight.
       We believed, as we said in our part 2 report, that
       issues relating to criminal law and so on were relevant
       to the mediation scheme, so this was inserted fairly
       late in the day.
   Q.  I'm not going to ask you about what you said or didn't
       say in the Second Sight report, but I think you will
       acknowledge that this isn't something that was inserted,
       this was something that you agreed in July 2014?
   A.  Halfway through the mediation scheme, yes.
   Q.  Just to get the timeline right, the briefing report
       part 1 was produced in July 2014; that's right,
       isn't it?
   A.  Yes, I think that's right.
   Q.  And I'm not going to ask you about any opinions
       expressed in that report, but purely as a matter of
       getting some understanding of how it all fits together,
       I think you will agree with me that the part 1 report
       was intended to be a largely uncontroversial account of
       Horizon's functions, Post Office's operations, things
       like that, with the part 2 report being intended to
       contain your opinions on issues?
   A.  Part 1 was intended to be, yes, uncontroversial, to
       reflect the permanent information relevant to the
       matters that we were looking at.  The part 2 report was
       dealing with the thematic issues that we had identified
       from our previous work.
   Q.  And it is right, isn't it, that there were two versions
       of the part 2 report, the first of those being published
       in August 2014, so really not long after the part 1
       report?
   A.  That's correct, which was very shortly followed up by
       a very substantive response by Post Office.
   Q.  Yes.  If we could turn to the CRRs that we have already
       discussed briefly.  It is fair to say, isn't it, that
       they were intended to be one of three key documents that
       would go before the working group: there would be the
       written complaint from the subpostmaster, there would be
       Post Office's written response and there would be your
       CRR?
   A.  My recollection is slightly different to that.  There
       would be the application to the scheme which I think was
       known as the CQR, the questionnaire.  At that point we
       would request such files that were available from
       Post Office together with a report.  As a result of
       reviewing all of that information, Second Sight would
       then produce its consolidated report.
   Q.  And that suite of documents was intended to go before
       the working group and inform the decision it would then
       take on whether or not to recommend mediation?
   A.  That's correct.
   Q.  And without attributing blame to anyone -- not
       Second Sight, not the subpostmaster, not Post Office --
       but looking purely at a factual level as to what
       happened, would it be fair to say that the progress in
       the scheme, in the production of those three documents,
       and in obtaining a decision from the working group, went
       somewhat slower than had been hoped at the outset?
   A.  That's correct.
   Q.  Can I show you briefly a couple of documents relevant to
       that.  The first is at {F/1325/137}.  I think,
       Mr Henderson, you may or may not have seen this before.
       It is a letter from Sir Anthony Hooper to Ms Swinson,
       who is an MP, in fact Minister for Employment Relations
       and Consumer Affairs.  This was in mid-December 2014.
       Have you seen this before?
   A.  I can't see a date on that letter, I may be missing it.
   Q.  You can take it from me for now that we can tell from
       other documents that it is mid-December.
   MR JUSTICE FRASER:  Mid-December which year?
   MR DRAPER:  2014.
           If we look at the second paragraph,
       Sir Anthony Hooper is saying here the thing that you
       have just agreed, Mr Henderson:
           "The progress of cases at every stage of the scheme
       has taken longer than the working group would have
       wanted."
           He then sets out those various stages.  He then
       says:
           "In addition disagreements within the working group
       as to whether individual cases should proceed to
       mediation has led to further delays because such
       disagreements can only, for reasons of fairness, be
       resolved at face-to-face meetings."
           He then gives some further detail and over the page
       please {F/1325/138}.  Do you recall seeing this update
       on progress at the time, Mr Henderson?
   A.  I don't recall seeing this letter or this appendix, but
       those numbers do look broadly familiar and we may well
       have discussed them in a mediation working group
       meeting.
   Q.  So by this time in mid-December, if we look down to
       roughly two-thirds of the way down the table, we see the
       cases that had been mediated to date, there were seven
       of those; that's right, isn't it?  And we see from the
       very bottom that there were 110 left in the scheme.
   A.  I see that.
   Q.  If we could go forward please then -- I should just say
       for completeness there's a document I won't go to which
       is a later letter from Sir Anthony Hooper which is at
       {F/1325/165}.  That just provides an update a couple of
       months later.
           Moving on then to March 2015, so a few months after,
       there's a report from CEDR on progress and that's at
       {F/1325/186}.
   A.  Can I make an observation on this appendix and the
       apparent slow progress.  I can't remember precisely at
       what point CEDR was selected but it took some time to
       make the decision that CEDR was going to be the
       nominated body to administer the actual mediation
       process and I think that more than anything else
       reflects the relatively sort of small number of cases
       that were listed on that schedule.
   Q.  It is fair for you to add that consideration.
           If we look now at the document we have on screen
       here from CEDR, CEDR explains that by this date -- which
       you can see from the top is 6 March -- if you look at
       the second paragraph:
           "As you know, since July 2014, CEDR has been
       referred 31 cases for mediation under the scheme.  So
       far 12 mediations have been taken up by the parties,
       using six different mediators, and 2 are currently being
       scheduled for mediation this month."
           So this is coming up to a year and a half since the
       scheme closed to applicants and by this stage there has
       been 12 mediations.  Does that accord with your
       recollection of the kind of progress that was being
       made?
   A.  Well, perhaps I can make another point before I answer
       that.  I mean this letter is to Post Office general
       counsel.  I would not have necessarily seen this letter.
       I certainly don't recall this letter.  Those numbers are
       broadly sort of consistent with my sort of recollection.
   Q.  Is it fair to say that by this stage in March 2015 there
       was a desire within the working group to make somewhat
       faster progress?
   A.  Well, I think we had already made faster progress.  You
       will also recall that it was in March 2015 that our
       appointment under the previous letter that you showed
       the court was terminated.  I think at that point we had
       reviewed and produced reports for something like 116
       sort of cases, so the vast majority of our work was
       actually complete by that point.
   Q.  Yes, that's a very fair point for you to make.
           If we could just look at it very briefly, the
       termination letter to which you have just referred is at
       {F/13/24.1}.  That's the termination letter I think to
       which you at least indirectly referred.
   A.  That's correct.
   Q.  If we could look then to {F/1324.2}.  This is a much
       longer letter from Post Office that came to you on the
       same day.  Do you recall this longer letter?  If I maybe
       tell you broadly what it is to do with.  It's a letter
       in which Post Office sets out a plan for how
       Second Sight could finish its outstanding work.  Do you
       remember that letter?
   A.  Yes, I do.
   Q.  And the second paragraph makes clear that Second Sight
       was expected to continue working during the notice
       period and that even beyond the notice period there
       would be a proposed future role for Second Sight.
       That's what this document dealt with, isn't it?  It's
       a fairly long document.
   A.  It is, but there's another document of that date or very
       close to that date which you haven't mentioned which was
       the press release from Post Office announcing the
       winding up with immediate effect of the mediation scheme
       itself.  That I understand was the primary decision and
       our termination was a consequence of that not a separate
       issue.
   Q.  Well, I think when you say mediation scheme it's fair to
       say, isn't it, that this winding up process, as you
       describe it, did not put an end to mediations; in
       fact --
   A.  It put an end to the mediation working group with, as
       I understand it, no consultation and the announcement
       was made I think the day immediately before the next
       planned meeting of the working group, so it was
       a considerable sort of shock to everybody.
           The rationale from Post Office -- because
       Post Office general counsel was kind enough to explain
       this to me in a meeting I had with her when I was handed
       this letter, that Post Office felt that we had reached
       the point of -- it might be unfair to say sort of
       diminishing returns, but we were at the point where the
       mediation process using CEDR could continue without any
       further input from the mediation working group and that
       alternative arrangements would be made for Second Sight
       to complete the I think it was 20 outstanding reports at
       that point.
   Q.  And in fact although there was not much time required
       for this, but also to complete your version 2 of the
       briefing report?
   A.  Yes.  That was already substantially complete.  Within
       the letter I seem to recall was the requirement to
       complete that by 10 April which we were happy to agree
       to and I think it was signed off on 9 April or
       thereabouts.
   Q.  And it is right to say, isn't it, that that version 2 of
       the briefing report part 2 was in fact -- Second Sight
       had told the working group that at least the first draft
       of that report would be produced on the 11th, so the day
       after this letter, and you in fact did produce a draft
       very shortly afterwards?
   A.  Yes, that's my recollection and we invited comments from
       Post Office to enable us to complete the report and we
       issued it I think early May -- early April.
   Q.  And I'm not going to take you through all of them merely
       because of the time so please do tell me if anything
       I say here is unfair, but there is then an exchange of
       letters between Second Sight and Post Office and indeed
       at least one meeting of which I'm aware in which the
       terms of Second Sight's ongoing engagement were
       discussed and agreed over the next couple of weeks.
   A.  There was a certain amount of to and fro-ing.  I do
       recall that one element of the proposal that was not
       acceptable to Second Sight was that we were going to be
       instructed directly by claimants.  We felt that that
       potentially compromised our independence and objectivity
       and we suggested an alternative, which I seem to recall
       Post Office readily agreed to.
   Q.  Yes.  Just so we have the full detail on that,
       Post Office proposed to pay to applicants the amount
       that it would otherwise pay to you and for them to pay
       you directly.  You said, for the reason you have given,
       you weren't comfortable with that and Post Office agreed
       to essentially continue the existing arrangement which
       was direct payment from Post Office to Second Sight?
   A.  Correct.
   Q.  And is it fair to say that that was the main point of
       difficulty between you in reaching agreement?
   A.  That's the main point that I recall but I haven't
       revisited the documents recently.
   Q.  That's fair.
           Last point just to confirm -- I think this is
       probably implicit in what you have already said to me,
       Mr Henderson, but it is right, isn't it, to say that
       looking at both the CRRs and the briefing report part 2,
       version 2, each of those was ultimately produced
       slightly -- I make no criticism -- slightly later than
       had been anticipated by the working group, but in
       relatively short order nonetheless?
   A.  I think that's a fair comment.
   Q.  Thank you very much.
           I have no further questions, my Lord.
   MR JUSTICE FRASER:  Re-examination?
   MR GREEN:  My Lord, no.
   MR JUSTICE FRASER:  I have some questions.
                 Questions from MR JUSTICE FRASER
   MR JUSTICE FRASER:  The first is the two points that you
       made at the beginning of your evidence-in-chief
       effectively qualifying your evidence.  You don't need to
       tell me what you were told by whom, but your
       understanding was that there was some restriction in
       length on your written witness statement because this
       was a time limited trial, is that correct?
   A.  I was told that the draft -- or my first witness
       statement that I prepared stood the risk of being
       rejected by the court as going into too much detail and
       being too long and that I should prepare a much shorter
       version, which I ultimately did.
   MR JUSTICE FRASER:  All right, well, just to be clear, no
       such restriction has ever been imposed by the court on
       your witness statement.
           The second one, I understand and you have identified
       this in your witness statement and it leads into a point
       I'm going to ask you in a moment, that you remain
       subject to a confidentiality agreement that you entered
       into with the Post Office, is that right?
   A.  Modified by a protocol agreement that released us in
       some respects so that we could work with the solicitors
       to the claimants and give the evidence that I have
       given.  We refer to it as the protocol agreement but it
       was quite clear that there were certain matters that
       I am not allowed to discuss.
   MR JUSTICE FRASER:  Right, well, that sort of answers my
       next question, but I just want to be clear: is it your
       evidence therefore that because of that protocol
       agreement your evidence of fact to this court is
       narrower in scope than it would be absent the protocol
       agreement?
   A.  Yes, it is.
   MR JUSTICE FRASER:  Thank you.
           Next document please -- or the first document I'm
       going to show you, which Mr Draper took you to:
       {F/1228.1/1} please.  Now, that's the letter that you
       were shown which you point out is July 2014.  As
       I understand your evidence you were engaged in
       July 2012, which is two years before that; is that
       right?
   A.  Correct.
   MR JUSTICE FRASER:  Was there a letter in similar terms sent
       to you for July 2012?
   A.  I think not because the scope was still evolving over
       that initial sort of six to 12 months.  I mean there was
       certainly correspondence; I don't recall a formal
       engagement letter in this sort of style at that point.
   MR JUSTICE FRASER:  All right.  Can we go please to page 3
       of that letter {F/1228.1/3}.  There's a clause at the
       bottom of that letter, 6.2, which runs over to the next
       page which says that:
           "Second Sight will not, and will ensure that the SS
       directors and any SS personnel will not, act directly or
       indirectly in any capacity ... against Post Office or
       any of its officers, directors or employees save to the
       extent (a) that it is expressly agreed in writing ...
       that the work proposed to be undertaken will not have
       a material adverse effect on Post Office's commercial or
       financial interests or reputation ..."
           And then there are some other exceptions which
       effectively relate to court orders.
           Do you know if there was a similar provision in
       respect of your work between July 2012 and July 2014 to
       that provision?
   A.  I don't recall that, I'm sorry.
   MR JUSTICE FRASER:  You can't recall.
           When you received this letter in July 2014 did you
       form the view that it made any material impact or
       difference to the terms upon which you had been engaged
       for the two years earlier than that?
   A.  I think we anticipated that it was certainly possible
       that at some point we could be asked either to give
       factual evidence or support in some other way to
       claimants in an action against the Post Office.  We were
       quite upfront about that.  There is another document
       where I seem to recall that there was originally
       a clause referring to 12 months' gap between the
       completion of any work for Post Office and us working
       for in this case sort of claimants.  I recall
       a handwritten amendment that I made where we agreed to
       extend that 12-month period to 15 months and I notice
       that in paragraph 6.3, 15 months is the date mentioned
       there.  So at an early point in all of this I think
       there was a mutual recognition that as experts
       independently appointed to look into these matters, we
       could end up acting for either the Post Office or
       claimants and that was envisaged in the documentation.
   MR JUSTICE FRASER:  All right, thank you very much.
           Mr Draper, any questions arising?
                   Re-examination by MR DRAPER
   MR DRAPER:  If I may, just one point of clarification
       arising out of your Lordship's first question.
           You have mentioned the confidentiality restrictions
       that were relaxed to enable you to speak to the
       claimants for the purposes of these proceedings.  You
       didn't feel, did you, inhibited in answering any of the
       questions that I asked you?
   A.  I had at the back of my mind that protocol agreement and
       I tried to make sure that my answers did not infringe
       that agreement.
   Q.  It is fair to say they didn't risk doing so, did they,
       because of the nature of the questions that I asked you?
   A.  I would have to refresh my mind as to the questions, I'm
       sorry.
   MR JUSTICE FRASER:  I think that's probably a point for me
       actually.  Thank you, Mr Draper.
           Mr Green?
   MR GREEN:  My Lord, no.
   MR JUSTICE FRASER:  Thank you very much for coming,
       Mr Henderson.  That's the end of your evidence, you are
       now free to leave the witness box.
           Mr Green, that's your factual case I think.
   MR GREEN:  My Lord indeed.
                           Housekeeping
   MR GREEN:  My Lord, there is one housekeeping thing --
   MR JUSTICE FRASER:  Well, there are about five but let's
       start with yours first.
   MR GREEN:  -- upon which I think Post Office might be
       assisted by an indication from your Lordship, because
       the --
   MR JUSTICE FRASER:  An indication?
   MR GREEN:  It might have to go further than that but we hope
       the help might sort it out.  The Ernst & Young reports
       in relation to the Horizon system, we have reports --
   MR JUSTICE FRASER:  Which you dealt with in opening I think.
   MR GREEN:  Yes.  We've got the ones from 2011.  As far as
       I can tell we seem to have most of them from 2011 going
       forwards, it may be we have all, but the position on the
       earlier ones which we have been asking about for
       a little while is that the latest position I think is
       that Royal Mail -- from whom Post Office split on
       1 April 2012 -- have said, according to my learned
       friend's solicitors, that they are concerned -- is the
       word that's used in the letter -- about providing them
       without a third party disclosure order from the court.
       We are a little surprised.
   MR JUSTICE FRASER:  Would they be coming from the
       Post Office or would they be coming from the Royal Mail?
   MR GREEN:  Post Office say that apparently they don't have
       them and that only Royal Mail has them and Royal Mail is
       saying that they are concerned about providing them
       without a third party disclosure order, notwithstanding
       that Post Office was part of Royal Mail and normally
       when these organisations are split there are transfer
       orders in the usual way.  So it's a surprising position
       which we hope might be lightly resolved initially.
   MR JUSTICE FRASER:  All right, well I will hear what
       Mr De Garr Robinson has to say.  I'm effectively being
       invited I think to make a third party disclosure order
       but against Royal Mail who you probably aren't
       instructed for.
   MR DE GARR ROBINSON:  I have no brief for Royal Mail.
           My Lord, last year my instructing solicitors --
       I think actually Post Office contacted Royal Mail and
       said "Could we have these documents, they are being
       requested in these proceedings" and Royal Mail said
       "We're not going to give them voluntarily, if you want
       them you will need a court order".
   MR JUSTICE FRASER:  And this was last year, was it?
   MR DE GARR ROBINSON:  This was towards the end of last year,
       yes, in the late part of last year.  I'm looking around
       to --
   MR JUSTICE FRASER:  All right, if that's the situation
       then -- do you need them for Monday, Mr Green?
   MR GREEN:  It would be quite helpful.
   MR JUSTICE FRASER:  But how is -- I don't see how I can make
       an order against Royal Mail if they are not here.
   MR GREEN:  I'm not inviting your Lordship to make a order.
       The issue that concerned us -- the letter is at
       {H/227/1} from Wombles dated 27 February where they
       explain --
   MR JUSTICE FRASER:  Give me a second while it is pulled up
       on the screen if you're going to ask me to look at it.
       H what?
   MR GREEN:  H/227/1.  What they say is they don't say they
       are refusing -- it's the letter of 22 February -- they
       say:
           "... Royal Mail Group are concerned about providing
       these documents without a formal order from the court
       for third party disclosure."
           So it is pitched at the level of concern rather than
       anything more.
   MR JUSTICE FRASER:  The problem is, just purely in terms of
       logistics ... well, it's a fundamental principle that
       I can't make an order in these circumstances against
       Royal Mail.
   MR GREEN:  Of course.
   MR JUSTICE FRASER:  I can express my views on the transcript
       and I can also make an order, which I'm going to do, you
       just have to give me a moment to consider what it is
       going to be.
           (Pause).
           Right, your juniors are going to have to take a note
       when I get to the order.  First of all I will say what
       I'm going to do on the transcript and why I'm going to
       do it.
                              Order
   MR JUSTICE FRASER:  Royal Mail are not here today so
       I cannot make, as it has been expressed in the letter of
       the Post Office's solicitors on 27 February 2019,
       a third party disclosure order against the Royal Mail.
       However, what I am going to do is make the following
       order.
           I am going to order the claimants to issue an
       application for third party disclosure of the
       Ernst & Young reports prior to 2011, to be supported by
       a witness statement and that should be issued by
       1 o'clock tomorrow.  I am going to give permission for
       short service.  It is to be served on the Royal Mail if
       at all possible tomorrow and no later than 12 noon on
       Monday.
           In the event that the Royal Mail still decline to
       produce these documents voluntarily they can come at
       10 o'clock on Tuesday and I will hear the application
       then and if I do make an order against them in respect
       of third party disclosure, the necessary order and the
       relevant timings of that can be dealt with on Tuesday.
           Hopefully, considering the transcript, which I'm
       sure you will provide to them, they will realise there
       is little to be gained by doing anything other than
       being cooperative but I am not going to pre-judge the
       outcome of the application.
           All right?
   MR GREEN:  I'm most grateful.
   MR JUSTICE FRASER:  So that's that done.  Is that the only
       housekeeping from your point of view?
   MR GREEN:  My Lord, the only one from me.
   MR JUSTICE FRASER:  Mr De Garr Robinson, do you have any?
   MR DE GARR ROBINSON:  My Lord, I have your housekeeping
       points.  You asked me to remind you to discuss
       8 and 9 May.
   MR JUSTICE FRASER:  Yes, I have that on my sticker, we will
       come to that at the end.
   MR DE GARR ROBINSON:  I have a file of claimants' witness
       statements, my Lord.
   MR JUSTICE FRASER:  Excellent, thank you very much.
   MR DE GARR ROBINSON:  If I can hand that up.  That includes
       some sheets of corrections to the extent that any
       witnesses have minor corrections to make to their
       witness statements.  I have also a document which
       contains all the corrections in one place if
       your Lordship is interested to see that.
   MR JUSTICE FRASER:  Yes please, thank you very much.
   MR DE GARR ROBINSON:  The corrections will of course be
       provided straight away.  We have copies for my learned
       friend.
   MR JUSTICE FRASER:  Yes.
   MR DE GARR ROBINSON:  My Lord, yesterday you asked for
       a Word version of opening submissions.  Your clerk
       should now have that.
   MR JUSTICE FRASER:  Yes.
   MR DE GARR ROBINSON:  You wanted me to address your Lordship
       on the question of redactions.
   MR JUSTICE FRASER:  I wanted you to tell me how many
       documents had been disclosed as a function of the review
       that you have told me about.
   MR DE GARR ROBINSON:  My Lord, the figures are as follows.
       There was a request to review 31 documents.
   MR JUSTICE FRASER:  And that was a request from ..?
   MR DE GARR ROBINSON:  From Freeths.  Pursuant to that
       request, WBD and junior counsel, Mr Draper, reviewed
       31 documents.  The redactions were maintained on 16 of
       those documents on the basis of privilege.
   MR JUSTICE FRASER:  Yes.
   MR DE GARR ROBINSON:  Redactions were maintained on four of
       those documents on the basis that redacted information
       was both confidential and irrelevant.
   MR JUSTICE FRASER:  Four of the 16, or another four?
   MR DE GARR ROBINSON:  Four of the 31.  So we are up to 20
       now.
   MR JUSTICE FRASER:  On privilege, did you say?
   MR DE GARR ROBINSON:  And four was confidential and
       irrelevant.
   MR JUSTICE FRASER:  Confidential and irrelevant.
   MR DE GARR ROBINSON:  My Lord, redactions for privilege were
       narrowed or removed on seven documents.
   MR JUSTICE FRASER:  Yes.
   MR DE GARR ROBINSON:  On the basis that the redactions had
       been applied too widely for privilege.  And, my Lord,
       I can give your Lordship an example of one of those so
       your Lordship will see the kind of error that was made.
       If I could ask your Lordship to look at {F/1251.1}.
       Your Lordship will see an email.  This is a Second Sight
       email involving Post Office.  Indeed Mr Henderson I see
       is one of the recipients.  If you go down to the bottom
       of this page your Lordship will see a script "Privileged
       and confidential - created for the purpose of obtaining
       legal advice".  That was inserted by Mr Henderson in his
       email and that resulted in that email, or large portions
       of that email being redacted.  A similar phenomenon
       occurred on I think four of the seven occasions.  That's
       what led to that judgment call, which on reflection it
       was decided was incorrect.
   MR JUSTICE FRASER:  Yes.
   MR DE GARR ROBINSON:  And, my Lord, in relation to
       redactions for confidential and irrelevant documents,
       they were narrowed or removed in four documents,
       essentially for pragmatic reasons.
   MR JUSTICE FRASER:  So of the 31, 16 maintained on
       privilege, four maintained confidential/irrelevant,
       seven led to a narrowing and four were handed over, is
       that right?  Or have I got the last four wrong?
   MR DE GARR ROBINSON:  Four was confidential or irrelevant,
       so it led to either a narrowing or a withdrawal.
   MR JUSTICE FRASER:  Right.  Which led to some material being
       disclosed that hadn't been disclosed already?
   MR DE GARR ROBINSON:  My Lord, yes.  If I give your Lordship
       an example.  If we look at {F/619.1}.  Your Lordship
       will see this is a document where the tracking summary
       and the executive summary were previously redacted on
       the grounds that they were both confidential and
       irrelevant.  One may well think that they are completely
       irrelevant, but on a pragmatic view --
   MR JUSTICE FRASER:  Well, redaction on the grounds of
       relevance is a potential two-edged sword, isn't it?  But
       this is the version that has now been disclosed?
   MR DE GARR ROBINSON:  This is the version that's been -- the
       original version is at --
   MR JUSTICE FRASER:  I don't need to see the original one.
       But it is the tracking summary and the executive
       summary.
   MR DE GARR ROBINSON:  Yes.
   MR JUSTICE FRASER:  Okay.
   MR DE GARR ROBINSON:  So that gives your Lordship an idea of
       the scale.
   MR JUSTICE FRASER:  Thank you very much.
   MR DE GARR ROBINSON:  My Lord, I had thought there was
       something else.  Oh, your Lordship during the course of
       Tuesday asked for memo views that were talked about in
       the evidence of Mr Latif.
   MR JUSTICE FRASER:  Yes.
   MR DE GARR ROBINSON:  Post Office has acquired what it
       thinks are the memo views for January.  There's nothing
       relevant in there that they have found so far, but they
       want to ensure that they've got all of them so
       your Lordship may have to bear with us for a while.
   MR JUSTICE FRASER:  Well, that's all right.  When they've
       got them all -- I don't necessarily want them but you
       ought to give them to the claimants.
   MR DE GARR ROBINSON:  My Lord, yes.
   MR JUSTICE FRASER:  Right, so is that all the outstanding
       points?
   MR DE GARR ROBINSON:  Would your Lordship give me one
       moment?
   MR JUSTICE FRASER:  Yes.
           (Pause).
   MR DE GARR ROBINSON:  The only outstanding question is
       something that actually it's really outside my job
       description but it's judgment on the common issues
       trial.  I don't know whether your Lordship has any
       thoughts as to --
   MR JUSTICE FRASER:  I'm going to come on to that now, but as
       far as housekeeping for this trial, I think that's dealt
       with all the currently loose ends except for --
   MR DE GARR ROBINSON:  8 and 9 May.
   MR JUSTICE FRASER:  -- 8 and 9 May.
           In the time from telling you I was keeping those
       first two weeks of May clear to you saying when you
       wanted, I'm afraid the Thursday 9 May is no longer
       available.  It would have to be the 7th and the 8th.
       Now, I'm not going to mess around too much about this.
       I don't want -- because we're moving it I'm going to be
       relatively flexible.  I would like you please both to
       see if you can do the 7th and 8th rather than the
       8th and 9th.
   MR DE GARR ROBINSON:  My Lord, yes, we will.
   MR JUSTICE FRASER:  If there is an insuperable problem we
       will revisit it on Monday morning first thing.  The
       trouble is there are so many cogs going behind the
       scenes --
   MR DE GARR ROBINSON:  I can imagine.
   MR JUSTICE FRASER:  -- that despite the fact that one wants
       to and has a certain degree of autonomy, it is just not
       possible to keep dates open for the length of time that
       counsel might expect.
           So unless you tell me on Monday morning first thing
       that the Tuesday and Wednesday of that week, so the 7th
       and the 8th, are simply not possible for good and proper
       reasons, that's when it is going to be.  If you say it
       has to be the Wednesday and Thursday then I'm afraid
       there's going to have to be yet more to-ing and fro-ing
       about it.  So I need to tell you about that straight
       away.  I only found out yesterday.
   MR GREEN:  My Lord, if we can give you a completely sure
       indication by tomorrow lunchtime, would that help?
   MR JUSTICE FRASER:  Yes.
   MR GREEN:  Bearing in mind on the --
   MR JUSTICE FRASER:  Yes.  You can do it tomorrow if you
       want.
   MR GREEN:  Most grateful.  I'm just trying to help in case
       there is --
   MR JUSTICE FRASER:  By all means.  But given the general
       level of judicial business across all the divisions it's
       not possible to keep everybody happy all the time.
           So that then leads me on to the only other thing,
       which is the common issues judgment.  I am going to hand
       it down at 12 o'clock tomorrow.  I have had
       typographical and other suggestions from both parties.
       They are relatively reasonable in scope.  I'm fairly
       confident that although I haven't incorporated all of
       them now, I will have done either by the end of today or
       first thing tomorrow and I think we will keep with
       12 o'clock tomorrow.  I don't intend to deal with any
       consequential applications at all, but I will be making
       the relevant order in the relevant terms to extend time
       as I identified at the beginning of last week and you
       will be expected to draw it up.
   MR GREEN:  My Lord, we have already done a draft which
       I think --
   MR JUSTICE FRASER:  I don't need it in advance and it
       depends what it says, but you will be the one doing it
       so I suggest you bring it with you tomorrow.
   MR GREEN:  Very grateful.
   MR JUSTICE FRASER:  Anything from the Post Office about
       that?
   MR DE GARR ROBINSON:  My Lord, I have nothing to say.
       I think my learned friend's order has been shared with
       my instructing solicitors and if we have any issues with
       it we will communicate them.
   MR JUSTICE FRASER:  Can I make it clear, for the purposes of
       assisting in terms of cost, I don't require -- and
       I will read nothing into -- either party turning up in
       any numbers at all.  I will expect one person from the
       claimant to be here just because of the order.  It will
       be open to the public.  There will be printed copies.
       There are unlikely to be as many printed copies as
       people might want them but it will be instantly posted
       on the relevant websites and all those details will be
       given tomorrow, so please -- particularly for the
       Post Office team, Mr De Garr Robinson, because I know
       you have two different teams, please nobody should think
       that there will be any discourtesy assumed if nobody
       decides to come.
   MR DE GARR ROBINSON:  My Lord, thank you.
   MR JUSTICE FRASER:  Finally, I have something for Opus which
       is a hardly used envelope, compliments slip and plastic
       folder which can be reused.
           Thank you all very much.  10.30 -- well, 12 o'clock
       tomorrow and then 10.30 Monday.
   (4.34 pm)
         (The court adjourned until 10.30 am on Monday,
                          18 March 2019)