Y2K

National Y2K Challenges: The Year 2000 Computer Challenge & the States

by Victor Porlier

The American Legislative Exchange Council (ALEC) is a membership organization for some 3000 state legislators. They commissioned me to prepare a white paper on Y2K and the states for presentation at their annual conference which was held August 18-22, 1998 in Chicago.

I. Introduction

For the past 40 years, nations of the world, and especially the United States, have automated virtually every aspect of life from finance and government, to utilities, health care, and food delivery systems. Computers, microchips, and satellites have not only multiplied, but have developed intricate interdependencies that are poorly understood even by the experts. Together they constitute an invisible web over which data, voice, and video flow—a global bitstream of vast reach and power, but of stunning fragility. Failure in one sector of the bitstream has the potential of spreading to all the rest in a manner that gives fresh meaning to Donne’s, "No man is an island.... "

This paper is intended to assist state legislators and staffers in grasping the problem, its implications, and the actions that should be taken to deal with what the Director of the National Security Agency has called, "The El Niño of the Digital Age."

The Y2K computer problem is multifaceted: we must consider current awareness; the origins of the problem; the impact on technology; social interdependencies; economics and the business cycle; the legal aspects; public perceptions; and what state legislators can do on the road ahead.

II. Current Awareness & the Media

Does anyone know for sure how Y2K issues will play out on January 1, 2000? No, of course not. But we have had a spectacular demonstration of the disruptive powers of just a few little microchips. When the Galaxy 4 satellite acted up in May 1998, America’s 50-million pagers and other telecommunications couldn’t function. This skip in our technological heartbeat gave us a warning and a preview of things to come. As noted in the June 8, 1998 issue of U.S. News and World Report, "one uncorrected module is like a burned-out bulb in a string of cheap Christmas lights: The whole string goes down."

The point is, Y2K issues are not abstractions, exercises of interest only to computer professionals. The Y2K acronym covers a host of technological functions from the workings of traffic lights and ATMs to the availability of emergency ambulance services and clean drinking water. What we are discussing here is the whole, elaborate, interconnected, wired worlds of local, state, and federal government, as well as our international connections. We know that some parts of these many computer networks will become inoperative on January 1, 2000, because some date-sensitive microchips and software codes will crash or malfunction. Deliberate and particular measures must be taken to forestall widespread systems failure. And some things individual citizens need to know for their own protection. As of December 1, we will have just 13 months left to get the word out and to act.

Unfortunately, most business and news weeklies, as well as the dailies, have provided only disconnected bits and pieces about Y2K, often trivializing or sensationalizing the issue. And network TV coverage has been almost nonexistent except for a few reports on ABC, CSPAN, CBN, and CNN. Only after President Clinton’s long overdue speech on July 14 to the National Academy of Sciences, and the New York Times front page coverage of Wall Street’s initial Y2K tests, did the issue get brief coverage by both the Today Show and Dan Rather. This is both amazing and irresponsible. Amazing because a tremendous story is in the making. Irresponsible because the public and its political leadership trusts the media to deliver news of importance.

People have come to expect that the media will broadcast warnings of hurricanes, floods, tornadoes, or forest fires. Well, if there are no warnings about Y2K issues, there’s no problem—right? Too few warnings have seen the light of print or been heard on the airwaves. If anything, the public and its elected representatives have been lulled into believing that everything is under control. The common assumption is that "they," the experts, the government, and/or Bill Gates will take care of everything.

This dereliction on the part of the media stems in part from the monolithic nature of news organizations. A few leading newspapers and TV networks located in New York City call the shots for the whole country. They haven’t taken Y2K seriously, so no one else does either, and the story just isn’t getting out with sufficient vigor.

How do we account for the media’s incredible resistance to opening up and examining Y2K issues? Some reporters, after talking with a cutting-edge computer genius, may believe that they have checked out the story. But since people who are in the vanguard of computer development seldom concern themselves with anything in the past, they were likely talking to the wrong person. If media complacency is an indicator, reporters appear not to have been in touch with the people who are actually doing the fixing, because the remediators in the trenches are definitely not offering glowing reassurances.

Besides, remediation lacks sex appeal.

Perhaps some reporters have been talking with the CEOs, CIOs, and Y2K managers of major corporations about the Y2K status of their companies. If so, nine will get you ten, they got a very rosy picture. Corporate executives and public relations folk are skilled at papering over corporate problems. Again, this would be a case of reporters talking to the wrong people. The same thing is happening throughout the levels of government in the more than 85,000 political jurisdictions in our country.

What was, until last summer, the apparently unstoppable bull market may be another factor that lulled our media to sleep. Good news fuels optimism, not just in the general population, but among pundits as well. It plays into our national penchant for optimism and happy endings. Why rock the boat with predictions of a Y2K disaster? Publishers, editors, and advertisers prefer a rosy view of the future, just like the rest of us.

Then, too, the media apparently doesn’t have a very high opinion of the intelligence of its readers, listeners, or viewers. And the Y2K story is complicated. It doesn’t lend itself to the kind of glitzy journalism we have been exposed to in recent months. Y2K can’t compete with OJ, Diana, or Monica for headlines. But Y2K issues are as real as the rent, and they will have a direct, personal effect on everyone in this country and abroad. So, it behooves the media to set aside its preference for the trivial and the garish and get on with genuine reporting of vital Y2K information. Instead of washing its hands of Y2K because it is hard to tackle, the media should use its skills to help our citizens and their elected representatives understand what’s involved.

III. The Roots of Y2K

It is hard for the average citizen in the 1990s to appreciate the world into which the computer was born. Back in 1967, at the age of 29, I was Chief of Information Systems Development in the State Department’s Agency for International Development. I can tell you that we were in awe of the capability of the new IBM 360/50s. We were focused on the nearly miraculous accomplishments of those massive mainframes. We gave only the most fleeting thought to what computers would do beyond 2000, much less that our use of two digits to designate a year would mean that someday "00" would be read as 1900, not 2000. Certainly, we implicitly surmised, the systems we were developing would no longer be in use.

"But," you may say, "it’s just a date. It can’t be that critical." A moment’s reflection reminds us that, yes, dates are critical. They trigger a multitude of events—startups, shutdowns, deliveries, billing, inventory replacement, and so on. Dates are essential in determining age eligibilities, and in financial dealings. Interest rates are entirely date-sensitive. Embedded dates for comparisons and calculations are found in and flowing through computers, telecoms, microwave transmitters, satellites, and all manner of embedded systems in the electro-mechanical devices upon which our lives and economy depend. Date-sensitive microchips are everywhere. It has been estimated that the average person’s life is affected by more than 70 microchips daily.

Didn’t anyone foresee this problem when the decision was made to express the year in only two digits? A good question. Yes, a few did, but back in the 60s, there were no inexpensive mass storage devices. Data was stored on punched paper cards and magnetic tape, with the core memory stored in the mainframe. Thirty years ago, when one megabyte of internal computer memory cost $3,200,000 (that’s right, 3.2 million dollars per megabyte, as contrasted with today’s cost of about 10 cents on a disk), it made sense to economize in any way possible. Saving just two bytes, by leaving out the "19" in the year entry field seemed a reasonable trade-off at the time.

But the two-digit date was never fixed. As hardware improved, access to data in existing applications and data bases was essential, but no one wanted to incur the major costs that deep renovations—such as changing all the dates and related logic—would require. So, to ensure compatibility, the two-digit-year-date format was carried forward year after year. Emerging improvements in hardware and software could be implemented at less cost, faster, and with fewer coding errors by leaving the date fields unchanged. After more than 30 years of this, we now have uncountable numbers of very different computer platforms and software languages around the world, with billions upon billions of lines of code with the two-digit-year fields embedded in them, as well as in microchips in hundreds of millions of systems.

The obvious solution is to replace all the two-digit codes and chips with ones that express the year in four digits. The problem is finding them. Many major institutions have "legacy" systems which are unique in language and codes to an individual company or institution. The logic behind the systems [Victor, please check for accuracy in the previous phrase.] is frequently undocumented; the original source codes have often been lost; and many early computer languages and coding techniques are undecipherable today. Exacerbating these problems: most of the original programmers are retired or dead.

[Incidentally, the lack of foresight in failing to correct the 2-digit dates in computers is not without present-day parallels. We have known for years that very soon we will run out of 3-digit area code numbers and that we will have to go to 4-digits. Have you heard anything about making that change? Likewise, the 9-digit Social Security number must soon go to 10 digits. Nobody wants to think about that, either.]

IV. The Technology Problem Today

Like the old fable of the blind men touching different parts of an elephant (and describing it variously as a tree, a wall, a rope, etc.), Y2K discussions must include all aspects of this multi-faceted problem if a sound understanding is to be reached and meaningful action plans developed. Five separate, yet interacting aspects must be considered: 1) mainframe legacy systems, 2) desktop PCs and distributed networks, 3)telecom systems, 4) microchips in embedded systems, and 5) electronic data interchanges (EDI). Unless you are aware of how each of these components act and interact, you cannot manage the challenges and problems of Y2K.

First: Legacy software applications on mainframes. In the 60s and 70s, software was written mainly in some 40 dialects of COBOL and in another 400-plus computer languages. Over time, as computer mainframe platforms improved in speed, storage capacity, and other features, new software languages were developed. Changes in software were put in piecemeal, with old and new computer languages patched together. The result: computer systems that have millions of lines of code often in a mix of computer languages. It takes an average of two to three years to assess, remediate, test, and successfully implement the overhaul of a major computer system. The bigger the system, or cluster of systems, the longer it takes to fix. The Social Security Administration started its remediation in 1991 back in the Bush administration and has been at it for seven years. It is only now on the verge of completion. There is still cause for concern because, as seasoned programmers point out, "When you are 90 percent done, the remaining 10 percent usually takes twice to three times as long to finish as planned. And sometimes even longer."

Historically speaking, 30 years of experience shows that more than 15 percent of all such major efforts are late by 12 to 24 months. Over 25 per cent become so problematic that they are canceled. Given the fact that only slightly more than a year remains, major corporations and large government agencies that have not finished the inventory and assessment phases and begun recoding any large legacy systems are unlikely to make the deadline, even if finances and skilled technicians can be found to do the job. Remediation is a laborious, step-by-step effort that requires milestones be met in sequence. This kind of work resists acceleration, even if extra hands can be found to be put on the job. Nine women can not make a baby in one month.

Second: Desktop PCs. The challenge of Y2K remediation is somewhat less daunting for desktops than for mainframe computers. While desktop Macs have no hardware problem, their applications may. Desktop PCs purchased before 1997 almost certainly have hardware problems in the BIOS and RTC chips. A sizeable percentage of those purchased since then have problems as well. Vendors of such computers, as well as sellers of commercial off-the-shelf operating systems and software applications, have not been sufficiently forthcoming about the Y2K compliance of their products. After a long period of denying it has problems, in the spring of 1998, Microsoft finally acknowledged Y2K glitches in more than 20 of their various software products. Newer networked PCs, mini computers, and varied client server systems may not be as vulnerable as the older mainframe legacy systems, but they do have problems and require careful assessment. The hardware, software, and data files all need to be reviewed. Customized applications require very careful analysis; many will need upgrades, repairs, or replacements.

Third: Embedded systems microchips. There are an estimated 25 to 40 billion microchips (firmware) in use worldwide. Microchips control all manner of military, commercial, governmental, and personal electro-mechanical devices. Of the total, about one to five percent are likely to have date-sensitive functions that will cause Y2K problems. This means up to 500 million of these date-sensitive chips must be found, tested, reprogrammed, or replaced—a daunting process as it turns out. While there are many commonalities in the microchip issues in buildings (HVAC, sprinkler systems, security, etc.), and office equipment (faxes, postage meters, etc.), every industrial and government sector has its own unique equipment and processes that need to be analyzed. The health care industry, for example, has serious embedded systems issues, where the percentage of faulty chips is proving to be much higher than average. The security systems in jails and prisons present a set of special problems.

Fourth: Telecom systems. Whether they are in-house PBX, Local Area Networks, or external Wide Area Networks, the Internet, satellites, etc., all are dependent on the functioning of a wide array of microchips embedded in switches, routers, and other gear, as well as in their related administrative and maintenance software systems. Dates are super-critical to the operation of such systems, as well as to the records and billings that result.

Fifth: Electronic data interchanges(EDIs). Even if the entire computer systems of an organization are internally Y2K compliant in its hardware, software, and firmware, it is vulnerable whenever it interfaces with an outside system. Just as the cells of a human body share a common bloodstream, so computer systems share a common bitstream. Non-Y2K compliant data is like a virus moving in the electronic bitstream. It can corrupt every system it is able to enter. Such untested, unprotected data interchanges can be destructive, if not deadly. An organization must insure that all data exchanges, whether electronically or by tape or disk, have been fully assessed and made compliant. Otherwise, the compliant system may become infected and crash. All remediation efforts and expenses will then come to nothing. In the area of federal-state EDIs alone, inventories suggest there are 25,000 or more that must be made mutually compliant. Electronic fund and benefit transfers are examples of these exchange issues—social security, disability, unemployment, and health care checks (including Medicare and Medicaid) being prominent examples.

Given the variety and extent of all the technologies involved and deployed around the globe, (expert Capers Jones estimates that more than 55 percent of current software applications are impacted by Y2K—over 36 million), it should be clear that there can be no one-size-fits-all solution. Nether Bill Gates nor anyone else will be able to develop "the fix." The fantasy of a Silver Bullet must be put aside. Nor are sufficient numbers of programmers and systems engineers with relevant expertise available to hire, even if the financial resources were available to hire them. Perhaps as many as 8 to 10 million systems—mission critical, important, and supportive—will not be fixed on time. Embedded systems, that we don’t always know about and can’t always find, only magnify the challenge.

V. Social Interdependencies: Infrastructure, Business, and Government

We trust lights to come on when we flick the switch, drinkable water to flow when we turn on the faucet, a dial tone to sound when we pick up the phone, and the ATM to give us cash when we enter our password. Further, we expect that all the checks we send and receive will arrive on time and be promptly recorded, and that all our investments and pension funds will function properly. We assume that we can pump gasoline into our vehicles and go to the supermarket and find the food that we want. All these assumptions are in jeopardy if the automated systems upon which they depend are not made Y2K compliant.

Of these, no dependency is more crucial to our national and economic survival than the availability of electricity. The nation is presently served by an interdependent grid of public and private enterprises: over 7000 that generate and/or distribute electricity. Some have been working on remediation for a long time, others are still in the process of writing requests for proposals. Yet I know of not one electric utility that has so far achieved Y2K compliance.

Independent audits and certification of Y2K compliance would mean that all of the utilities’ automated systems have been deep-tested for their ability to generate, transmit, and distribute electricity. This is their main mission. It is important not to get sidetracked by seeming success, as for example bringing administrative systems up to form (billing and payroll). While important, this level of remediation is not the heart of the task.

Independent certification is also needed for corporate suppliers to the utilities that produce, refine, and transport the essential fuels (coal, petroleum, natural gas, etc.), and replacement parts. In addition, because failure in one part of the grid can quickly ripple through to other parts, a fully compliant utility system must have electronic "fire walls" or other procedures to protect it from any Y2K failures in neighboring utilities on the common grid.

While such certification would be desirable on several counts, many in the industry tell me that it just isn’t possible. Utility lawyers are saying that no one dare guarantee Y2K readiness—there are just too many factors that could go wrong. If this proves to be the case, the resulting public uncertainty and anxiety may become explosive before the end of 1999.

There are comparable concerns about telecommunications, transportation, natural gas, water, and sewage treatment. To date, most State Utility Commissions across the country have yet to query their utilities in depth. Voluntary surveys are in wide use, but these self-reports are not persuasive. The public health and safety infrastructures are also lagging in Y2K remediation: hospitals and health care financial systems; police, parole, prison, and court systems; fire and emergency rescue systems; and even our national systems for defense. So far, they are all non-compliant. The International City/County Management Association has found that over half of America’s 36,000 cities have done nothing to address their systems. Nor have over 60 percent of small and medium-sized businesses. School systems are seriously behind. In Washington state this could mean loss of academic records, failure in heating and security systems, sluggish food supplies, etc.

In his Computerworld Y2K column, Ed Yourdon states: "Everything is connected to everything else in a complex set of interdependencies. A relatively simple failure in system A could render database X inaccessible; that could make it impossible to run system B, which transmits a file of transactions to system C via a vendor-supported network, which updates database Z— and it may be the failure with the database Z, two weeks later, that renders the order-entry system inoperable.... The typical organization has hundreds, if not thousands, of systems, with complex interfaces and dependencies. In the ideal case, every one of these systems is undergoing its own Y2K remediation, and in the best of cases, they’ll all be finished well in advance of the ultimate deadline of December 31,1999. But what if one of the projects is late? What if a key vendor fails to provide the Y2K-compliant upgrade they promised? Where is the weak link in the chain, and what are the consequences of a failure?"

The vulnerability of businesses to their supply chains for critical goods can be illustrated by the GM strike in the summer of 1998 at a metal stamping plant. The strike wreaked havoc at GM car dealerships nationwide by reducing truck and car production. A similar GM strike in 1996, at Dayton, Ohio brake plants very nearly closed down all GM manufacturing in the United States. The example to be understood: Small and medium sized businesses are often the suppliers of critical parts to larger corporations. Vulnerability is interrelated and intertwined.

Industry Week magazine says, " With today’s just-in-time mind set, the impact of Year 2000-caused interruptions to business would be catastrophic. Should a shop floor systems snafu be allowed to go undetected until it’s too late, not only is the company that caused the trouble at risk, but so are its dependent business partners." Our food system relies on just-in-time inventories in the supermarkets; consequently, they rarely have more than four days of food supply on-hand.

VI. Economics and the Business Cycle

The Year 2000 Menace, as Fortune magazine calls it, is coinciding with several compounding factors, the most evident of which is the conclusion of an overripe bull market that started in 1982. Add to this the impact on the US economy of the Asian liquidity crisis, which began on July 2, 1997 when Thailand devalued the baht, and the Russian and Latin American contractions. While interest rates remain low, and housing starts and consumer confidence (while beginning to erode), remain high, a large number of other contrary indicators suggest that an economic contraction is becoming more likely over the next several months. [Victor, please check for accuracy the merging of what was previously two sentences.] The stock and bond markets are beginning to reflect the growing uncertainty.

Y2K concerns are likely to accelerate and compound such a contraction. Dr. Edward Yardeni, Chief Economist at Deutsche Morgan Grenfell, an award-winning economic forecaster, is now predicting that a 1973-1974 type recession, or worse, is 70 percent probable, based on the Y2K complications of the current business cycle. Most Wall Street and mutual fund salesmen, on the other hand, would have us believe that what looks like a serious credit bubble collapse to many, is only another dip like 1987 and 1990.

But unlike the brief market corrections in 1987 and 1990, the current collapse of Asian, Russian and Latin American economies makes the present liquidity crisis much more threatening.

Readers of this paper know that our banking system has less than 2 percent of its depositor’s money available in currency and coin. Estimates are that 70 percent of all US currency is actually in use abroad. As Y2K problems are spelled out (with their predictions of serious systems failures), how many depositors—especially Depression-seared seniors over 70 years of age—will decide that it might be prudent to withdraw cash, forego interest, preserve principal, and see what happens from mid-1999 into early 2000? Unless the current uncertainties are reduced significantly, such a response is quite possible.

A contracting economy means a contracting tax base; current revenue surpluses would evaporate in such an event. Already many local governments and some states are hard pressed to raise revenues sufficient for their varied programs. The costs of Y2K remediation come on top of present demands. The answer is not to incur further bonded indebtedness. Such a course is risky and should be done only when absolutely necessary.

VII. Legal Aspects of Y2K

American society has an implicit reliance on our legal system and general civil stability. Y2K poses a threat not only to society at large, but to our legal system in particular. More than 200 law firms nationally are developing Y2K expertise to handle the estimated trillion dollars’ worth of Y2K lawsuits to come. Such a load of tort and contract cases will flood the courts. Year 2000 lawsuits have already been filed in Michigan and California.

The operations of the courts are themselves extensively computerized; typically they are connected to other computerized entities that deal with matters of civil and criminal justice (police, prisons, and the like). These systems, which are already overworked, will take a double punch—first, having to be upgraded while working flat out, and second, handling a greatly increased caseload. A sudden boom in litigation of this magnitude could quite possibly destabilize our legal system.

Contract and tort disputes will make up the bulk of this caseload. But if there is any serious social disorder in our high-density metropolitan areas, the criminal prosecution caseload will also grow. Some suits will involve more than one state, so jurisdictional conflicts may arise. This workload and its financial costs will fall to the state and local court systems.

Once court computer systems have been made compliant, the question arises: will the county courts have sufficient courtrooms, judges, support staff, court dates, file space, and docket space to survive such an onslaught of lawsuits? (We know we will have enough lawyers.)

Product liability suits loom large. Companies that mass produce hardware, software, and embedded systems equipment will be vulnerable to class action suits alleging breach of warranty, fraud, and other claims. Microchips are prevalent in embedded systems in everything from medical devices and airplanes to traffic lights and security systems.

In-house attempts by IT [Victor, I never remember what IT stands for.] personnel to correct licensed software to meet Y2K deadlines may violate warranties, thus exposing firms to legal and operational vulnerability. If the license agreement does not give permission to modify the software, such permission must first be obtained.

Hopefully, legal counsel in the many private sector enterprises will have addressed these concerns well before 2000. A thorough review of all current contracts for goods, services, and insurance is essential. Potential business litigants should be identified and contacted. Pre-crisis negotiation will save time and money and will go a long way to preserving relationships. Such pre-crisis conversations will aid in the development of mutually beneficial contingency plans to limit business failures, injuries, and lawsuits. Open disclosure of current progress will also add to public confidence by reducing uncertainty.

All new contracts should take Y2K explicitly into account. Clear and specific contract terms will minimize litigation. They should cover timetables, milestones, expectations, testing, warranties, copyrights, and mutual remedies.

Alternative Dispute Resolution (ADR) should be considered. This approach is widely available across the country. Some ADR groups are already beginning to incorporate Y2K concerns into their methodologies.

Ignorance of theYear 2000 Problem and its potential impact will not be accepted as a legal defense. The Securities and Exchange Commission (SEC) has asked all publicly traded corporations to disclose in their quarterly reports their Y2K efforts and material impacts. If this is not done, or is done in a misleading manner, director and senior officer liability suits are likely when failures occur. If a company’s business suffers due to its failure to address its Y2K issues vigorously, thereby causing a decline in share values, officers will be liable to shareholder suits.

State governments are considering legal immunity shields for themselves and their political subdivisions. Last year, Nevada declared that, "no cause of action, including, without limitation, any civil action or action for declaratory or injunctive relief may be brought...on the basis that a computer or other information system produced, calculated, or generated an incorrect date, regardless of the cause of error." Other states are considering such "sovereign immunity" legislation.

Most states accept only limited liability already. Many legal experts believe that such legislation is hollow at best because it probably won’t stand up under appeal. In any case, what legislator will want to face angry constituents who claim that a family member was harmed or killed by the failure of a government automated system? Who would be willing to say, "There is no remedy for you because I voted away any chance for recourse"? That is unlikely to have great voter appeal.

States are also being asked to modify the rights and responsibilities of private entities and to limit recovery for damages for business impacts and bodily harm due toY2K failures. If legislation limiting excessive legal liability is not carefully drawn, some companies may choose to defer Y2K remediation and plan to fix their systems only after failure. A balance needs to be struck between creating incentives for compliance and public disclosure, while discouraging or capping runaway damage awards.

Clearly, the states have tremendous tasks before them as they work through these and other legal issues generated by Y2K.

VIII. Public Perception of Y2K

The public’s knowledge of Y2K and its implications is mostly superficial. Soothing assurances from the media, the government, and industry have persuaded many people that there is nothing to fear. That is, until the week of August 2nd, when the major print media belatedly began to treat the problem seriously. Editorials and articles appeared in The New York Times, The Washington Post, The Los Angeles Times, and The Chicago Tribune that addressed Y2K for the challenge it is. Now that summer vacations and elections are over, press coverage will increase to satisfy growing public demand to understand the situation and how it might impact lives, businesses, and communities.

The issue has been complicated by the novelty of the situation—Y2K is historically unprecedented—and by conflicting expert opinion as to its severity. However, when the electorate finally does realize the seriousness of the situation—and that, effectively, they have been lied to about Y2K—there is a danger that they will lose confidence in government, industry, the media...the whole enchilada. As an economic downturn looms, social tensions can be expected to rise, especially in high-density metropolitan areas. Belated revelations may produce a corrosive uncertainty and cynicism in the populace. Thus, by their own hands, the media, industrial leaders, and the government unnecessarily have been sowing the seeds of civil disrespect. It is only a short distance from civil disrespect to civil disorder. The antidote to this threatening situation—which is truly a full-blown national emergency—is for governments at every level to take hold, do the necessary inventories, and set to work repairing their systems. When the public demands facts and action, government officials must be ready to respond honestly. Nothing less is going to fly.

Business is hampered in its communications with the public by a tangle of legal disclosure restrictions imposed by in-house legal counsel. These must be lifted, possibly by protective statute, in order to open up the lines of communication, not just with the public, but within industries and the public sector.

IX. Political Responses

Anyone holding elective office after November 3, 1998 elections needs to be aware of the scope of Y2K issues because, very shortly, the electorate is going to be asking pointed questions. In spite of the widespread somnolence of much of the media, word of Y2K is getting out. Increasing numbers of people are beginning to be alarmed at the prospect of systems failures, and even civil chaos. It is up to government at every level, and particularly state and local governments, to get a clear picture of their Y2K exposure and compliance efforts. They need to formulate explicit remedies on realistic timetables and develop continency plans. Legislators need to provide progress reports to the electorate regularly, until we have all landed as safely and as fully functioning as possible in the year 2000. State legislators might consider these points:

1. As legislators, party leaders, chairs of committees, can you say with certainty that government programs for which you have legislative oversight are on target for timely Y2K compliance?
2. State regulatory commissions with oversight of utilities, insurance, banking, etc. should rigorously pursue fact finding. What is the true situation in each industry? The regulators should encourage cooperation among the various sectors, including sharing of information about power, water, contingency and recovery plans, and particularly the level of emergency supplies. Surveys with no penalty for failure to respond are to be avoided. They waste valuable time and money. An important reminder: Administrative compliance (the ability to keep records and process bills) should not be confused with the ability to deliver essential products and services.
3. It is essential to develop standardized criteria for measuring progress; political jurisdictions should come up with a common plan for reports from each department, agency, and commission. At a minimum, detailed monthly updates should be required.
4. The state emergency management networks should be directed to add Y2K scenarios to their disaster recovery plans. These networks include 911, police, fire, emergency medical services, national guard, and so forth. The Y2K vulnerabilities from maximum security prisons down to city jails should receive closest scrutiny. There will be few issues of greater public concern. People will want assurances that contingency plans have been worked out and that personnel have been trained for emergencies.
5. Each state should have a full-time person or staff working on outreach to all of the state’s political subdivisions—counties, cities, schools, and special districts—to build awareness, provide guidance, share success stories, and urge action. It is essential that the tensions which often exist among levels of government be overcome. For example, New York City has 687 major systems in 43 agencies. The cost of fixing them will approach $200 million. While the city claims that 234 of these have already been fixed, when the NY State Controller sought to do an independent audit of the city’s Y2K efforts, the mayor refused to allow it. One can only assume that the mayor is unaware of how valuable an independent audit may be. Indeed, independent audits offer the best hope of forestalling breakdowns in service and generating public confidence.
6. To retain skilled programmers in government service, it will be necessary to reexamine pay schedules, making them as competitive as possible with industry. Otherwise, government remediation efforts will be crippled by the loss of skilled personnel. Retention bonuses should also be considered. Request for Proposal (RFP) processes, which are notoriously cumbersome, should be summarily streamlined and the time periods shortened.
7. The Y2K emergency should not be used as an excuse for lavish spending. Controls will be needed to make sure that everyone has a firm hold on the first priority: That is, to bring existing systems and equipment into compliance. Some will argue that we might as well "buy the best and fix everything else while we’re at it." The answer to that is, "Not now." As Peter de Jager, "No new toys until your room is clean." Spend wisely and conserve your funds. True, there may be instances where new equipment is the only way to upgrade, but generally, new systems take an egregiously long time to function effectively. Therefore, they may not answer our most urgent need — to keep essential systems going now. New equipment should not be approved unless a very strong case can be made for such a purchase.
8. All new legislation should require a "Computer Systems Impact Statement" comparable to environmental impact statements. Where possible a broad-based moratorium should be imposed on any new legislation that will require significant computer work prior to 2000.
9. What will the state’s legal liabilities be for Y2K failures? Hearings held before the fact can lay down guidelines that will help public officials and other state employees assess the legal climate in the state and [or to] minimize specious and unnecessary litigation.
10. State and municipal bonds may be in jeopardy, depending on the impact of Y2K on both general revenue and fee-based bonds (whether insured or not). Hearings should be held to determine appropriate action in these matters. The SEC is now requiring all public bond issuing authorities to report on Y2K efforts. States could piggyback on this requirement and create uniform reporting formats statewide in order to more accurately gauge Y2K progress.
11. It is essential that the state money management systems, such as equity investments for pension funds, be scrutinized for vulnerabilities not only in the computer systems themselves, but in the underlying stock holdings. If a particular corporation in the portfolio is far behind in Y2K remediation, and will be clearly damaged by Y2K, divestiture of that asset may be prudent.
12. Y2K is going to cost a great deal to fix. Too often, this is an expense for which adequate budgetary allowances have not been made. State policy makers may wish to consider earmarking any "surplus" state revenues currently on hand to help pick up the tab. A centrally managed contingency fund should be created to deal with priority problems as they emerge. Given the time lag of budget and bond approval cycles, special Y2K grants to financially strapped local jurisdictions should be considered.
13. Each state should establish and fund a three-tiered website—one for Y2K teams; another to keep the press and public informed of progress about remediation, department by department; and a third to report on the progress being made by each of the state’s regulated public and private utilities. Funding should include a webmaster to keep the website current. Websites are an excellent forum for the exchange of shop talk and the reporting of best practices, success stories, and the like, and they should be updated frequently. New York, Minnesota, Washington, and California are among the better current sites. (Visit NASIRE.org for a rundown of each state’s Y2K readiness.)
14. On this Y2K issue, the political parties must cooperate. If they make Y2K an arena for point-scoring, partisan politics, we shall all pay dearly. Spending time fixing the blame, rather than the problem, is a temptation that must be overcome.

It is a political fact of life: contemporary politics is media-driven, and so far, the media has failed to serve the electorate with regard to Y2K. The problem is strangely invisible and at the same time devilishly complex—not something that lends itself to sound bites, one-page summaries, or five-minute explanations. In their defense, it should be said that legislators have a great deal on their plates. Not only do they have to deal with multifarious public policy issues, but they have committee assignments and the heavy mechanisms of re-election campaigns. It is difficult to spend time thinking about an event many months ahead when one is constantly faced with the competing demands of reelection, responding to constituent needs, drafting and studying legislation, meeting with party leaders, committee chairmen, lobbyists and staffers, fundraising, etc. It’s little wonder that so many legislators have not taken time to think through the issues and implications of Y2K. Now, however, we are running out of time. Y2K issues must be faced squarely, and at once.

In the intense competition for government funding, the inevitable escalation of Y2K remediation costs will bring howls of protest from all manner of single-issue groups whose pet concerns might suffer reduced funding. But pay we must because modern civilization rests on functioning computers. A recent example at the federal level occurred when someone proposed diverting excess funds from the homeless program to Y2K remediation. The Federal Department of Health and Human Services was attacked for "choosing computers over people." They caved, and are still looking for Y2K funds elsewhere. More of this pandering to special interests is to be expected—from both left and right—but it must be overcome.

X. The Road Ahead

As readers go beyond the overview of the problem outlined in this paper, here are some essential points that should be considered:

First, any effort at Y2K remediation must address all of the technology dimensions discussed earlier (mainframe legacy systems, desktop PCs and distributed systems, microchips in embedded systems, telecom systems, and electronic data interchanges.) Beware the "progress" that is concerned mainly with secondary issues. For example, full remediation of financial and personnel systems is fine, but it will be irrelevant if the agency can’t do the main job, whether that be generating electricity, delivering water, disbursing pension checks, securing prisons, or recording tax collections.

Second, contingency plans and disaster recovery scenarios must be in place for both in-house system failures as well as for failures of an area’s critical infrastructures upon which those in-house systems rely, such as electricity, telecommunications, and banking. Are these contingency plans credible? When do they plan dry runs? Will they require special training? If there are no manual options, what is to be expected?

Third, distinctions are being made, often subjectively, as to which of a department’s systems are "mission critical" and which are only important or supportive. Whatever the number of mission critical systems being worked on, it is important to be clear as to what criteria were used to make the decision. Also, you will want to know what impact the failure of non-mission critical systems might have on the continuity of government operations. The federal government is working on some 7300 mission critical systems, while 66,000 of their other systems are continuing to run at present. Few of the 66,000 non-mission critical systems are being fixed given scarce resources, though some of them are very important. Remediation for this group is unlikely until after 1999, when many of them will have failed.

Fourth, be very clear of the phases of a remediation and the portion of time they take in a typical project. Some agencies are reporting that their systems are compliant, even if they haven’t finished testing. For mainframe legacy systems, the average time to install or upgrade is 18-36 months. (Social Security has been working on it for 7 years.) The percentage of time required for typical Y2K remediation project phases are: Inventory and Assessment— 5 % to 10 %; Renovation—repair, replace, upgrade—25% to 40 %; Testing—depending on the size of the system, its relationship to other systems, internal and external, and the variety and depth of testing planned—40 % to 70%.

A Y2K compliant system is one that has been remediated, tested, and operationally installed. Estimates of what percentage of a system has been completed is guesswork at best, inasmuch as the process of recoding and replacing typically introduces new errors. Only deep testing can give a clear reading. Independent audits of compliant operability are highly desirable. Always remember: A system is not compliant until it has been fully tested and made operational, and preferably audited independently. Fifth, it is essential to get past the jargon that has built up around Y2K and get to the facts. Even the concept of "compliance" has many divergent definitions. One government Y2K manager recently said to me, "It’s like Humpty Dumpty who used words to mean whatever he wanted them to mean. When you hear terms such as ready, compliant, percent completed, tested, audited, certified, or contingency plans, you still don’t have a clue as to what is really meant nor what the facts really are." Loose definitions in unaudited self-reports from public and private enterprises can be very misleading.

Sixth, the challenge to legislators and managers is to become sufficiently educated about Y2K to be able to make positive contributions to the solutions. Fortunately, there are a growing number of excellent tools for understanding and dealing with the Century Date Change; books, government publications, websites, and a cottage industry of Y2K remediation firms.

At this point we know that because of the time left before the immovable deadline, the amount of time and resources characteristically required for such projects and the large number of enterprises-foreign and domestic- that have done little or nothing, that the Year 2000 will bring a degree of nasty turbulence technologically, economically, socially, and politically. How intense that turbulence will be, how widespread, and how long it will last depend on the steps we are taking now.

On the eve of World War II, Winston Churchill told the British House of Commons,

"Owing to past neglect, in the face of the plainest warnings, we have now entered upon a period of danger. The era of procrastination, of half measures, ... of delays, is coming to its close. In its place we are entering a period of consequences...We cannot avoid this period; we are in it now."

As for Y2K, we are all in it now, with 13 months to go...and counting.

Evergreen Freedom Foundation P.O. Box 552, Olympia, WA 98507 Phone: (360) 956-3482, Fax: (360) 352-1874 Email: effwa@effwa.org