View from Washington
By Robert J. Butler and Anne E. Hoge, Wiley, Rein & Fielding

More frightening, perhaps, are the dim prospects for a comprehensive solution before the Millennium. There are about 100 weeks left to fix the problem and, according to at least one commentator, the average Year 2000 conversion project takes 112 weeks.¹ While less than 35% of North American businesses had begun to address their Year 2000 Problems by mid-1997,² those businesses that have embarked on remedial programs have reported them to be among the most complex and costly projects they have ever undertaken.³ Not surprisingly, there is no one computer software program (no "silver bullet") that can fix all Year 2000 Problems.⁴ This chaotic environment provides fertile ground for a storm of legal claims of all types.

Defining the Year 2000 Problem
Source of the Problem
The Year 2000 Problem is the legacy of the fact that, as a result of the wholly reasonable decision to conserve what was then scarce and expensive memory storage capacity, most computers historically were programmed to operate with date fields reading "mmddyy," where "yy" represents the last two digits of a given year. Computers programmed in this manner will recognize "00" as the year 1900, not the year 2000,⁵ with sometimes unpredictable and frequently troublesome-or worse-consequences. Moreover, the fact that the year 2000 is the first turn-of-the-century leap year since the year 1600 may both exacerbate these problems and complicate their resolution.

Impact of the Problem
The consequences of the Year 2000 Problem are predicted to be both wide-ranging and expensive. Massive computer systems, including those of the Federal government as well as private companies, could crash. All uncorrected billing systems will malfunction. Ordering systems could ship either the wrong products or incorrect quantities, or even fail to ship orders at all believing that the shipping date has already passed.⁶ All such failures will have ripple effects throughout the economy.

Initially, it is important to recognize that Year 2000 Problems will not simply appear on January 1, 2000. Rather, they, along with their attendant legal liabilities, are already here. For example, in 1997, American Express began issuing credit cards with 1999expiration dates rather than its standard three-year expiration (to the year 2000) because of a concern about the capabilities of at least some systems to deal with the later date.⁷ Other companies have experienced product rejection due to faulty inventory readings. Computerized records for goods on one- or two-year buying cycles may experience Year 2000-related problems in 1998 or 1999.⁸ In short, any computer that must deal with future time periods in its operations may malfunction now.

Another early-arriving difficulty for some computer systems is the so-called "Year 1999 Problem." This arises out of the practice of some computer programmers to utilize "99" in a date field as a code for another operation, making the year 1999 unintelligible to such systems. Businesses facing the Year 1999 Problem will not only experience the same types of early challenges as Year 2000 Problem sufferers, they will also run the risk of total system failure twelve months earlier.

The Year 2000 Problem is expected to affect 95% of all U.S. companies, and the cost of repair, or failure to repair, could result in a bankruptcy rate of 1-5%.⁹ Between 40% and 80% of all existing computer programs are believed to be infected.¹⁰ Unfortunately, there is no magic date after which all computer software and embedded microchips can be declared problem-free. Moreover, although most name-brand computer software and microchips developed within the last few years are not infected, some microwave ovens, fax machines, and programmable thermostats are still being produced with the inadequate two-digit date fields.¹¹

Even more daunting than the prevalence of Year 2000 Problems is their cost. Globally, the price of fixing the Problem has been estimated at up to $600 billion,¹² but Lloyds of London reportedly has been told that litigation costs in the United States alone may total $1 trillion.¹³ The United States government will pay an estimated $3.9 billion dollars to correct the Problem,¹⁴ and over half of all federal agencies, including the Departments of Defense and Treasury, will miss the deadline for fixing their systems.¹⁵ Chubb Insurance reportedly has paid $180 million to date to fix its Year 2000 Problems.¹⁶ Federal Express is believed to have paid $500 million.¹⁷ Current cost estimates for correcting date codes range from $1 to $1.25 per line of code or more.¹⁸ A medium-sized company with 8000 computers is estimated to have to pay between $3.7 and $4.2 million to correct its problems.¹⁹

It is, therefore, probably not surprising that preliminary reports suggest that Year 2000 Problems remain largely uncorrected. For example, a 1997 survey of 128 information technology officers at Fortune 500 companies revealed that only 25% of the companies surveyed had a detailed Year 2000 conversion plan in place.²⁰ Mexico, the U.S.' third largest trading partner, only recently appointed a Year 2000 task force to "look into the problem."²¹ Further, even those companies that have attempted to address the problem have run into difficulties because of a paucity of qualified programmers.²² This shortage will only worsen as the critical date approaches.

Practical Approaches to Solving the Problem
While a solution can be costly, early detection and initiation of corrective measures likely will avoid greater costs in the long run. A number of organizations have developed basic Year 2000 Problem conversion programs which typically lay out the following steps:

1. Gain executive and organizational support.

2. Establish a Year 2000 program budget.

3. Evaluate the legal impact of the Year 2000 Problem on the business.

4. Assess the company's Year 2000 Problem risks including the resources required to perform the work, the amount time available to fix the problem, and the computer systems' complexity.

5. Identify and convert all two-digit date references in all computer applications.

6. Implement a tracking system to ensure all computer applications are fixed.

7. Test all systems after the conversion process to ensure Year 2000 Problems are resolved.²³

While this list is somewhat over-simplified, it does illustrate the multi-faceted approach required for implementing an effective remedial strategy.

Currently, there is only one U.S. Year 2000 Problem certification program in operation. The Information Technology Association of America ("ITAA") has developed the "ITAA*2000 Certification Program" along with the Software Productivity Consortium ("SPC"). This program allows all software products, services, and information systems to be certified as Year 2000 Problem-free.²⁴ Products and organizations that are certified receive a stamp of approval anda certification mark to use in advertising. In addition, these products and organizations are listed on ITAA's World Wide Web database of certification holders and are identified as certification holders in the ITAA Directory of Year 2000 Solution Providers.²⁵

In order to become certified, companies must as a minimum respond to a technical questionnaire that is submitted to ITAA and reviewed by SPC,²⁶ and may be required to submit additional information to SPC on a confidential basis in order to complete the process.²⁷ The program costs $250 to receive the questionnaire and $8200 for processing and technical review.²⁸ This covers certification of the organization and up to three products or services.²⁹ Thus far, 40 companies have received certification including Bellcore, IBM, and Unisys.³⁰

Legal Issues and Liabilities Arising from the Year 2000 Problem
Companies will face a number of types of liabilities arising from the Year 2000 Problem. First, companies will be responsible for repairing their own computer systems. Second, companies could be liable for any damages to third parties resulting from any system failures caused by uncorrected Year 2000 Problems in their systems. In turn, companies could suffer damages as a result of their own trading partners' failure to become Year 2000 compliant.

In addition to these and other legal issues and potential areas of liability, which are addressed in more detail below, there are a number of further considerations that may affect either the existence or the magnitude of a company's Year 2000 exposure. For example, statutes of limitations may come into play because of the relatively advanced age of much of the deficient programming. As a result, certain claims for liability may no longer be viable. The potential for recovery may likewise be defeated by sovereign immunity or by the prior insolvency or demise of the responsible entity. Such uncertainties notwithstanding, it is indisputable that early identification of all potential areas of Year 2000 impact can help mitigate future legal liabilities. In contrast, failure to mitigate the Problem in advance may affect ultimate recovery for damages.

Copyright
A threshold legal issue raised by the Year 2000 Problem is whether a licensee of computer software that is not Year 2000 compliant can itself fix the defective software or whether the original programmer or manufacturer must be employed to accomplish any necessary modifications. Typically, programmers or manufacturers hold the copyright to the software they license or sell. Under U.S. copyright laws, software is a literary work, and authors typically retain the exclusive right to prepare derivative works based on their copyrighted original.³¹ Thus, arguably only the programmer or manufacturer holding the copyright can remedy a program's Year 2000 Problem.³² Although some courts have refused to interpret the copyright laws to foreclose Year 2000 fixes by the user of a copyrighted program,³³ no consistent trend in this direction is yet evident.

For this reason, experts suggest that a corporation should initially avoid using its own employees or third-party programmers to fix Year 2000 software problems.³⁴ Rather, it should first contact the original software developer to determine whether Year 2000 upgrades are available.³⁵ If upgrades are not available, a corporation should obtain the copyright holder's permission before attempting a software "patch" or rewrite on its own.

Contract Liability
Contract law presents another fertile area for potential Year 2000 liabilities. First, software and computer programmers, manufacturers, and vendors may be liable to software owners for a Year 2000 Problem under the express terms of software and computer licenses or software maintenance agreements.³⁶ That is, if the license provided that the software would be free of errors or if the manufacturer or vendor agreed to fix any "programming errors" or "bugs" in a maintenance agreement, he or she could be responsible for necessary Year 2000 upgrades.³⁷

Second, a software or computer vendor may be liable for a Year 2000 Problem under the Uniform Commercial Code ("UCC"), which is a uniform system of state laws that governs the sale of goods including computers. As noted above, if the sales contract between the vendor and the purchaser contained an "express warranty" that a computer system would perform without "significant problems," or specifically guaranteed against any Year 2000 Problems, the vendor would be clearly liable to repair the system.³⁸ But, under the UCC, vendors may be liable to fix computers with a Year 2000 Problem even in the absence of such an express undertaking.

The UCC "implies" two rights of recovery for consumers into all contracts. First, under the "implied warranty of merchantability," a vendor may be liable to fix a computer system with a Year 2000 Problem because the computer is unable to be used for the "ordinary purpose" for which the computer is normally intended.³⁹ Second, under the "implied warranty of fitness for a particular purpose," a vendor may be liable to fix such a computer if the vendor knew at the time of contracting that the buyer needed the computer for a particular purpose, and the buyer relied upon the seller's expertise to select suitable hardware.⁴⁰

The risks of contractual liability for Year 2000 Problems do not lie solely with computer vendors. Any user of software containing a Year 2000 Problem that is providing services to a third party could be liable for a breach of contract caused by the defect. For example, a retailer could be liable to a customer for an order that is never placed because the retailer's computer system malfunctions.⁴¹ However, an entity that is sued under such circumstances may itself have a claim for indemnification against the software or computer manufacturer or vendor who supplied it with the non-compliant product.

Tort Liability
As in contract law, a number of legal issues involving Year 2000 Problems may arise in the context of tort law. Some software and computer programmers and manufacturers could be found negligent for designing or selling software and computers with Year 2000 Problems.⁴² Others could be held strictly liable where the programming flaw creates software or hardware that is "in a defective condition unreasonably dangerous…[to the] consumer."⁴³ Similarly, vendors or computer consultants could be liable in an action for fraud predicated upon intentional or reckless misrepresentations that a computer system does not contain a Year 2000 Problem, when it in fact does.⁴⁴

Perhaps most threatening is the fact that tort claims could be brought as class actions, allowing many plaintiffs to join together in a single suit against a common defendant. Moreover, a losing defendant may be liable for more than the mere cost of correcting the Year 2000 Problem. Rather, in tort, a party may be found accountable for "consequential" damages as well, i.e., all damages that foreseeably result from the Year 2000 Problem giving rise to the liability.⁴⁵

State and Federal Legislation
There are recent developments at both the state and federal levels regarding Year 2000 Problem legislation. Nevada has enacted a law that prohibits private entities from suing the state-as well as its officers, employees, and contractors-for injuries caused by the state's Year 2000 Problems.⁴⁶

A proposed bill in California would limit individuals' and organizations' recovery, for Year 2000 Problem-related injuries caused by private corporations, to damages for bodily injury and the cost of correcting their Year 2000 Problem⁴⁷. In addition, a myriad of state laws exist that could create Year 2000 Problem liabilities. For example, consumer protection statutes may expand common law notions of liability for manufacturers or vendors under theories of "false, misleading, and deceptive business practices; unconscionable actions; and breaches of warranty."⁴⁸ Such laws generating potential Year 2000 liabilities will likely vary widely from state to state.

At the Federal level, Sen. Bennett (R-UT) has introduced a bill (S.1518) that would amend the Securities Exchange Act of 1934, to require a publicly traded company to disclose its: (i) progress in addressing its Year 2000 Problem; (ii) cost of any Year 2000 Problem remediation efforts; (iii) cost of defending lawsuits against the corporation and its officers caused by its Year 2000 Problem; (iv) existing insurance coverage for any Year 2000-related problems; and (v) contingency plans for computer system failure caused by a Year 2000 Problem.⁴⁹

Not waiting for legislation, the Securities Exchange Commission (SEC) has already stated that publicly-traded companies must disclose anticipated costs and other liabilities in connection with a corporation's Year 2000 activities.⁵⁰ Such disclosures must be made on Forms 10-K and 10-Q as part of corporations' normal SEC disclosure requirements.⁵¹ In addition, if a corporation anticipates a significant financial loss as a result of its Year 2000 problems, it will need to file an 8-K Form.⁵² The SEC has also announced that investment companies, such as mutual funds, and investment advisors face similar Year 2000 Problem reporting requirements under the Investment Advisors Act of 1940 and Investment Company Act of 1940.⁵³ Sen. Bennett just announced that he will seek additional hearings and hopes to move his bill even though the SEC has already implemented these requirements.⁵⁴

In addition, a bill is expected in the House that will direct federal banking agencies to hold seminars for their institutions on Year 2000 issues and require regulators to provide model approaches to assist financial institutions in addressing the Problem.⁵⁵ This proposed bill will also reportedly address the question of financial institutions' liability to software makers for modification of bank computer software where copyright consent is difficult to obtain.⁵⁶ Most importantly, the bill would authorize federal regulators to waive civil monetary penalties and to reduce damages assessed by courts for inadvertent legal violations caused by Year 2000 Problems.⁵⁷

Corporate Officer and Director Liability
Corporate officers and directors may be personally liable to the corporation's shareholders, and others, for the consequences of Year 2000 Problems. First, corporate officers and directors may be liable for breach of their "duty of care" for failing to address or disclose adequately the corporation's Year 2000 Problems.⁵⁸ This liability could include both the costs of compliance and any damages suffered as a result of malfunctioning systems. Second, they could be held liable for breach of their "fiduciary duty of loyalty" to the company if they take actions, such as trading in the company's stock, on the basis of nonpublic information regarding the company's Year 2000 Problems.⁵⁹

Due Diligence--Merger and Acquisition
Identification of latent Year 2000 Problems is likely to be considered a fundamental aspect of any due diligence review in the corporate transactional arena.⁶⁰ Such a review is especially important in the context of mergers and acquisitions, as no buyer should unknowingly inherit an acquired company's Year 2000 Problems.⁶¹ Clearly, inadequate identification and disclosure of such potential liabilities can materially distort a corporation's true financial condition and, thereby, undermine any proposed deal.⁶²

Tax and Accounting
The Internal Revenue Service (IRS) has recently issued IRS Revenue Procedure 97-50, in which it confirmed that Year 2000 Problem costs should be deducted according to IRS Revenue Procedure 69-21, rather than amortized.⁶³ The IRS further concluded that Year 2000 costs do not qualify for a tax "research credit." Multinational corporations may face additional complex tax issues concerning the deductibility of their Year 2000 Problem costs in both the United States and foreign countries.⁶⁴

It has also been suggested that the Statement on Auditing Standards No. 53 ("SAS No. 53") may require accountants to consider whether a company will become Year 2000 compliant as an element of their audit reports. ⁶⁵ The Statement of Financial Accounting Standards No. 5 ("SFAS No. 5") in addition appears to require accountants to disclose the fact that a company will not correct its Year 2000 Problems by January 1, 2000, in a note attached to its audited financial statements.⁶⁶ The Securities Act of 1993 may likewise be read to impose Year 2000 Problem auditing and reporting requirements on accountants.⁶⁷

Conclusion
The legal and financial ramifications of the Year 2000 Problem are wide-spread and potentially devastating. Moreover, as the Millennium draws near, time is running out to take corrective action. Although no silver bullet solution exists, the steps detailed herein can be taken by any organization to mitigate potential Year 2000-related costs and legal liabilities.

Footnotes

1. The Global Dimensions of the Millennium Bug: Hearings Before the House Comm. on Science, 105th Cong. (Nov. 4, 1997) (statement of Tony Keyes, President of the Y2K Investor) ("Keyes Testimony").

2. Unjustified Optimism: Hearings Before the House Comm. on Science, 104th Cong. (May 14, 1996) (statement of Peter de Jager).

3. Id.

4. Peter de Jager, Biting the Silver Bullet (visited Nov. 13, 1997) < http://www.year2000.com/archive/NFbullet.html>.

5. Robert G. Gerber, Comment, Computers and the Year 2000: Are You Ready?; 30 J. Marshall L. Rev. 837, 839-40 (1997).

6. National Retail Federation, Year 2000: A Report on Retail Industry Preparedness, 1 (1997).

7. Mark Grossman, Year 2000 Crisis: No Time to Lose, Legal Times, Sept. 1, 1997, at 30.

8. National Retail Federation, supra note 6.

9. William S. Galkin, Negotiating the End of the Millennium (visited Nov. 13, 1997) <http://www.comlinks.com/legal/galk1.htm>.

10. Gerber, supra note 5, at 3.

11. David Kaut, Lawmakers Underscore Health, Safety Issues Arising from Y2K 'Embedded Chip' Problem, 2 BNA Electronic Information Policy & Law Report 368, 369 (1997).

12. Andrew M. Pegalis, For Risk Managers, the Year 2000 is Now! (visited Nov. 14, 1997) <http://www.comlinks.com/legal/peg1.htm>.

13. Grossman, supra note 7.

14. Steven Barr and Rajiv Chandrasekaran, Administration Intensifies Effort to Fix Year 2000 Computer Glitches, Washington Post, Dec. 17, 1997.

15. Half of Federal Agencies to Miss Deadline For Year 2000 Computer Fix, Horn Says, 2 BNA Electronic Information Policy & Law Report 1311 (1997).

16. Galkin, supra note 9.

17. Id.

18. Joanne Wojcik, Clock Running on Year 2000 Programming, Business Insurance, Oct. 20, 1997, at 6.

19. Pegalis, supra note 12.

20. Wojcik, supra note 18, at 1.

21. Keyes Testimony, supra note 1.

22. Wojcik, supra note 18, at 1.

23. National Retail Federation, supra note 6, at 4-8.

24. About the ITAA*2000 Certification Problem (visited Nov. 17, 1997) <http://www.itaa.org/certabt.htm>.

25. Id.

26. Id.

27. Id.

28. Id.

29. Id.

30. Id.

31. INPUT, Vendor Liability and the Y2000 Crisis (visited Nov. 13, 1997) <http://www.year2000.com/archive/liability.html>.

32. Gary E. Clayton et al., The Year 2000 Headache "Two Thousand Zero-Zero Party's Over. Oops, out of Time.", 28 Tex. Tech. L. Rev. 753, 771 (1997).

33. Id. at 771-74.

34. Daniel B. Hassett, Legal FAQ: Frequently Asked Questions about the Year 2000 Problem (visited Nov. 7, 1997) <http://www.y2k.com/legalfaq.htm>.

35. INPUT, supra note 31, at 2.

36. Clayton et al., supra note 32, at 764.

37. Id.

38. Id. at 777.

39. Id. at 778.

40. Id.

41. Dan Steinberg and Andrew M. Pegalis, 10 Litigation Battlegrounds (visited Nov. 11, 1997) <http://www.comlinks.com/legal/ste1.htm>.

42. Clayton et al., supra note 32, at 777.

43. John F. Cooney, Who Will Pay for the Year 2000?, The Computer Lawyer, Sept. 1997, at 6.

44. Clayton et al., supra note 32, at 788.

45. Donald A. Cohn, How To Avoid the Crash of 2000, Corporate Counsel Institute, Georgetown University School of Law, Mar. 13, 1997 at 10. Such damages may or may not be recoverable in contract depending upon the express terms of individual agreements.

46. Nevada Bill No. 180, Sect. 1 (1997).

47. California Assembly Bill No. 1710 (1998).

48. Clayton et al., supra note 32, at 782.

49. Separate Bills Addressing Y2K Problem Planned by House and Senate Lawmakers, 2 BNA Electronic Information Policy & Law Report 1180 (1997). Separately, the Federal Reserve Board has recently entered a Cease and Desist Order with the consent of a bank holding company requiring that entity to take specific corrective actions to ensure that its computer systems are Year 2000 compliant.

50. Securities and Exchange Commission, Staff Legal Bulletin No. 5 (CF/IM) (last modified Oct. 8, 1997) <http://www.sec.gov/rules/othern/slbcf5.htm>.

51. Year 2000 Disclosures (visited Nov. 14, 1997) <http://www.y2k.com/disclosu.htm>.

52. Securities and Exchange Commission, supra note 49.

53. Id.

54. Jeffrey Goldfarb, More Hearings Seen for Disclosure Bill Despite SEC Bulletin, Industry Protests, 15 Bureau of National Affairs Daily Report for Executives A-17 (Jan. 23, 1998).

55. Id.

56. Id.

57. Id.

58. Cohn, supra note 45, at 13; Who is Responsible? (visited Nov. 14, 1997) <http://www.y2k.com/whosresp.htm>.

59. Who is Responsible, id.

60. Cohn, supra note 45, at 15.

61. Id.

62. Id.

63. Rev. Proc. 97-50; See also Steve Burkholder, Practitioners Praise Revenue Procedure on Year 2000 Computer Conversion Costs, 2 BNA Electronic Information Policy & Law Report 1145 (1997).

64. See Joan Paul, International Tax Consequences of Year 2000 Fix Costs (visited Nov. 12, 1997) <http://www.year2000.com/archive/NFtaxes.html>.

65. Jeff Jinnett, Legal Issues Concerning the Year 2000 "Millennium Bug" (updated Aug. 21, 1996) <http://www.year2000.com/archive/NFlegalissues.html>.

66. Id.

67. Id.