Facing Your Year 2000 Liability
Fears that Year 2000 bugs will interrupt vital state and local government services are daunting enough for most information technology professionals working on the datechange problem.
Fears that Year 2000 bugs will interrupt vital state and local government services are daunting enough for most information technology professionals working on the date-change problem. Now a second wave of concern is settling on their shoulders: that government agencies will be hit by lawsuits from citizens seeking damages.
The worst-case scenario? That an onslaught of class-action suits against state and local governments will follow Year 2000-based systems failures. In fact, so daunting is the scenario that many IT managers are including attorneys in every aspect of their Year 2000 plans.
"You have to assume that you are going to get sued," said Cathleen Judge, a Pennsylvania attorney who has counseled government agencies and businesses on their Year 2000 liability. "It is only prudent to recognize how very difficult a problem of this size and scale is. You have to admit to yourself that someone somewhere is going to screw up and that somewhere along the line you might even drop a ball yourself."
Legal experts and technology officials agree that preparing for the worst is only prudent. Those same experts, however, are quick to say that legal planning is no substitute for serious programming work. "This is less about shielding yourself from litigation than it is about protecting a good effort to prepare for Y2K programming problems," said Steve Kolodney, director of Washington's Department of Information Services. "No one is trying to hide from responsibility. Most of the work that is being done in this area involves building an appropriate defense against lawsuits that are more nuisance than substance."
Indeed, most are urging government agencies to think realistically about the potential for legal problems. Marc Pearl, an attorney with the Information Technology Association of America (ITAA), said: "If something goes wrong and somebody gets hurt or, God forbid, someone dies, a state or local government is not going to get full immunity. That simply doesn't pass the straight-face test.
"But what we're talking about here is business operations and the glitches that are going to happen. Should local governments or state government entities begin thinking about how they will demonstrate that they took all the reasonable or prudent steps they could?" he asked. "The answer is yes."
Municipalities Most Unaware
If the worst of the liability problems materialize, the smallest jurisdictions may suffer the most. "I sure hope municipalities get moving on this," said Greg Cirillo, a partner with the Washington, D.C., firm Williams, Mullen, Christian & Dobbins, who was hired by the National League of Cities (NLC) almost a year ago to help raise awareness of the Year 2000 problem among cities. "It was an uphill battle. Municipalities have just not been that focused or concerned about this issue. They are just starting to take it seriously."
Indeed, jaws dropped earlier this year when a survey for NLC and the National Association of Counties (NACo) revealed that two-thirds of local governments were unaware of the dangers of the Year 2000 problem. The associations now are well into a campaign to heighten Year 2000 awareness among smaller governments.
"We're working to make local governments aware that they may be liable for doing nothing to address the problem," said NACo president Randy Johnson, who is chairman of the Hennepin County, Minn., board of commissioners. "Cities and towns are going to need to demonstrate that they took reasonable and prudent steps to bring their governments into compliance."
In San Diego, Year 2000 project manager Rod Moyer more than 18 months ago started his campaign to make date changes to city systems. But he still felt the systems were vulnerable, and he hired a lawyer. "We need him to tell us what plans to prepare and how," said Moyer, who indicated that the city's new attorney will serve in an advisory role on all Year 2000 matters.
Moyer knows he's not alone in his fears that even the best-laid Year 2000 plans could fall apart in court. At the four or five IT conferences he attends each year, he's gotten into the habit of polling colleagues on the liability issue. "It's a common concern that is just rising to the surface, but no one has any real concrete plans yet," he concluded.
Attorneys General at Work
Things have been sparking a little longer at the state level. Many state IT departments have been working for some time with their attorneys general and have been requiring warranties from vendors to make sure costly Year 2000 remediation efforts will stand up in court.
Most state IT managers certainly aren't counting out the possibility of litigation. In Michigan, a liaison from the state attorney general's office is copied on all Year 2000 work, and lawyers sift through two thick binders that document all Year 2000 work that has been done, including methodologies, project management and communications plans.
"I think we are in great shape," said state chief information officer George Boersma. "We have put this plan together. We're monitoring it, and we're working with agencies to ensure they are protected. With every month that goes by, I feel more confident about this."
Still, he knows his work is not foolproof, even the state's practice of insisting on Year 2000 compliance clauses in every new contract it signs (see sidebar, Page 17). "The reality of the situation is that all this doesn't ensure compliance," he said. "But it certainly protects us."
For jurisdictions that have a Year 2000 program in place, documentation is the heart of a legal defense, according to Year 2000 legal specialists. "Officials ought to have clear documentation on how a Year 2000 program was structured managementwise-what the command chain and reporting chain was," Cirillo said. "There also ought to be a summary of whatever standards were applied, what a government did to inventory and how they decided whether a product or piece of software was compliant or not. There should also be clear proof as to why a government did or did not do something. In other words, the record should reflect that all decisions were informed decisions."
Remediation Is Best Defense
But most stress that the best defense against legal damages is the most thorough remediation program. In Massachusetts, "the state has an ambitious remediation program under way," said Ray Campbell, general counsel of Massachusetts' Information Technology Division. "In my mind, that is the most important thing we can do to cap legal liability. And while we know that there are legal issues, we don't have a clear sense of the legal liabilities that are likely to result."
To help develop its Year 2000 legal program, the state has formed a group of 10 high-level attorneys from different branches of the government to identify legal concerns and the steps that can be taken to limit the state's liability. Campbell expects the group will develop guidance materials that lawyers will distribute to state agencies, perhaps during an upcoming "road show."
But like many managers working to finish programming, Campbell doesn't want to become driven by the potential for litigation. "While it is likely that there will be problems that we will want to be prepared for, we are not expecting a crisis," he said. Nor does he want to appear too aggressive in developing a legal defense. "We think it sends the wrong message to taxpayers and businesses, and to our agencies: 'Don't bother fixing your systems; we've got immunity,' " Campbell said. "If we expect everyone else to solve this problem, why shouldn't the state?"
In fact, most states are exploring passing legislation to immunize their agencies from Year 2000 lawsuits. But most IT executives agree that they can't hold entirely with such measures. "We have looked at some legislation," said Charles Gerhards, director of Pennsylvania's Central Management Information Center. "In essence, the theme of those was holding everyone-including the contractor-harmless from litigation. We were not supportive of that. We thought that the message should be that folks should be held accountable for the quality of their work."
Many argue, however, that seeking immunizing legislation is a responsible tack. "It is only reasonable and prudent to provide some sort of safe harbor for government agencies and businesses to complete their Year 2000 work," Pearl said. "We are not suggesting states seek to shield themselves from liability for actual consequences of Year 2000 failures but from liability from punitive damages."
Pearl compared such measures to a prenuptial agreement. "If you decide to get married to someone but first think about what the two of you will do if there is a divorce, you of course wonder what that does to the relationship. But in this case we know there will be problems, and we know exactly when they will take place," he said.
Indeed, with a lot to lose in court, many state governments appear willing to take the risk of losing public goodwill. There are now more than 34 pieces of legislation in 14 states (see chart and story at www.civic.com) that address state Year 2000 liability. Nevada and Georgia have passed legislation that all but blocks civil litigation from being filed after Year 2000 failures. Several other states are thought to be close to passing similar legislation.
Despite the number of states moving to pass Year 2000 legislation, experts said it is vital that state and local government leaders start working on achieving a balance between protecting citizens and preserving government services.
"It is important that legislatures and government administrators of the country begin to debate the issues of litigation and a means of ensuring that recipients of government services are somehow made whole after the fact-but not to the extent that there is incredible damage done to the coffers of a state because of litigation that really doesn't resolve any real injury," Kolodney said.
******************
The Y2K Legal Scare:
Vendor-Government Relations may Never be the Same
Few warm, fuzzy feelings remain between agencies and their vendors as both look to each other for reassurance on the Year 2000 problem.
"The whole threat of litigation and the efforts now to understand the rights different folks have here is causing enormous problems," said Charles Gerhards, director of Pennsylvania's Central Management Information Center. "Internally, we rely on our vendors to tell us that they are compliant and that the services they provide are compliant."
But by now, Gerhards knows the tell-tale signs of a vendor becoming anxious about compliance. "The effect is that none of us can have warm-and-fuzzy feelings because there is always a caveat after the word 'yes.' "
This close to 2000, there may not be guarantees to be found anywhere. "Any agency that thinks it can have a piece of paper that guarantees it won't have problems could well end up with a piece of paper that means nothing-particularly if it is from a small company that has no capital. Most agencies, at least the ones we work with, recognize that reality and aren't seeking those guarantees," one industry source said.
That is good news and bad news for most agencies. A year ago, some vendors were willing to guarantee that their products and services would be compliant. At the same time, there were an equal number of vendors staying away from government work because of requests for such guarantees. "Agencies were asking for way too much in the way of assurances and certification, and that scared off some contractors," said attorney Greg Cirillo. "My sense now is that there is a quality of thinking that has gotten much better in terms of the level of certification and warranties governments are seeking. It is much more reasonable."
Barry Ingram, chief technology officer for EDS Government Services, agreed. "Initially, there was a lot of concentration on getting contractors to sign up to some fairly onerous language of liability, and so we as an industry were very reluctant to sign contracts," he said. "The focus is shifting to solving the problem. It is a slow shift, but it's beginning to happen."
EDS and other companies active in state and local markets are now offering contracts that contain a limited warranty. They are moving away from contracts that guarantee compliance or assign liability. "The language in our contracts addresses warranty issues rather than guarantees," said Mary Kurjian, vice president and practice director for Unisys Corp.'s Public Sector. "We don't use the word guarantee. I don't think anyone uses that word."
Ingram said that many of the contracts EDS is signing includes language close to the U.S. General Services Administration's recommended Year 2000 contract language. GSA suggests governments insist that their vendors agree to repair or replace any products, should noncompliance be discovered and detailed in writing within 90 days.
GSA contract language is detailed at www.itpolicy.gsa.gov/mks/yr2000/contlang.htm.