by Si Biles, co-host of the Forensic Focus Podcast
The British Government has opened a “call for evidence” in a re-evaluation of the presumption of accuracy of computer-generated records. The call, titled “Use of evidence generated by software in criminal proceedings: Call for Evidence”[1], was published on the 21st January, 2025 and is seeking responses by 11:59pm on the 15th April, 2025.
The matter has come to the fore after the significant publicity regarding what is known in the UK as “The Post Office Scandal”,[2] where a system called ‘Horizon’, produced by Fujitsu,[3] was central to the controversy. The failures in the system appear to have been responsible for in excess of 700 prosecutions for crimes such as theft and false accounting. Hundreds of people were sent to prison, were assigned community service, had to wear monitoring bracelets and were given criminal records. Yet it seems that the discrepancies within the accounting systems were down to computer error and not human actions. The presumption of the “computer being right” was a contributing factor in these prosecutions.[4]
This presumption wasn’t always the status quo. Historically in the UK, the 1984 Police and Criminal Evidence Act put the onus on the prosecution to show:
… that at all material times the computer was operating properly …
However, this was replaced in a complete about face in 2000 with the presumption that the computer was operating correctly unless it could be shown (by the Defence) that it wasn’t operating correctly.
It’s now a quarter of a century since the last review of the presumptions that should be made regarding computer-generated material, and the technological landscape has changed beyond recognition. The prevalence and proliferation of computer-based evidence in a majority of criminal cases, along with the advent of machine learning software where the internal workings are unknown, makes a continued presumption of correctness a dangerous threat to a fair and functional justice system.
If you are based in the UK, then you are able to contribute to the call directly. Alternatively, if you are unable to complete the full survey or have concerns about sharing your input openly, then Dr Angus Marshal[5] of the University of York and the Digital Evidence Virtual Centre of Excellent (DEVCE)[6] is anonymously collating responses for submission. You can fill out that form here.
It is crucial that as many viewpoints as possible, particularly those of practitioners at the forefront of digital forensics in the UK, are submitted. This will help establish a consensus to guide us forward, especially as, at this rate, it may well not be reviewed again until 2050!
[1] https://www.gov.uk/government/calls-for-evidence/use-of-evidence-generated-by-software-in-criminal-proceedings/use-of-evidence-generated-by-software-in-criminal-proceedings-call-for-evidence
[2] https://www.computerweekly.com/feature/Post-Office-Horizon-scandal-explained-everything-you-need-to-know
[3] Originally created by ICL, which was acquired by Fujitsu in 1998
[4] It should be noted that there is also a raft of non-technical problems in the scandal to do with some appallingly unethical behaviour by those involved in the prosecution of alleged crimes.
[5] https://www.linkedin.com/in/angusmarshall/
[6] https://www.linkedin.com/company/digital-evidence-virtual-centre-of-excellence-cic/
I would suggest it’s worthwhile that anyone in the UK who operates in this field uses this opportunity to call for reform of ISO17025. Particularly to address two key giant wastes of money that place an unnecessary burden on smaller departments/companies:
– Have software testing performed at a national level whose remit is to test a new tool from the main forensics providers within 24 hours
– Properly consider whether the requirements of ISO17025 are feasible for small companies or individual experts (they should not be prevented from working due to these requirements). It’s a far bigger loss to the field than any miniscule improves ISO actually brings. Does an individual expert really need a quality manager just to comment on a case? I’d say there’s more harm than good by preventing them from doing so because they need to have a quality manager, UKAS visits, all the testing overhead, and everything that comes with ISO.
I couldn’t agree more that the ISO17025 concepts espoused by the FSR are horribly misplaced in the field of digital forensics, the intent to improve the quality of evidence is not well served by overheads that don’t deliver at the crux of the matter.
Unfortunately, I don’t think that either is the FSR willing to listen, nor do I think that this particular call for evidence will address the matter – although, I do think that it might lend itself to being a wedge in future that opens a crack to initiate change in the right direction.