Who to blame for the Y2K problem?

The following question is one I raised at a recent conference: The federal government is spending billions of dollars to fix the Year 2000 problem. The only reason for this problem is the fact that computer programmers routinely truncated the common four-digit representation of years to a two-digit date code to save memory in early computer development. The entire Year 2000 mess would have been avoided if the government had adopted a four-digit date code as a standard once it became practical. Who is responsible for the failure to adopt a four-digit date code?

Not surprisingly, no one was willing to assume responsibility when I raised this question.

Indeed, no one even wanted to talk about possible fault. Comments ranged from "Finger-pointing is not productive" to "We're all responsible."

I found these answers unsatisfying, especially the last one. I know that I'm not responsible, so we "all" cannot be responsible. I decided to look a little further into the issue to see whether I might be able to point a finger. Doing so turned out to be easier than I expected.

Since 1987, one specific government office has been charged with the explicit statutory responsibility for promulgating such standards. According to Section 4 of the Computer Security Act of 1987 (Public Law No. 100-235, 101 Stat. 1724, 1728), "The Secretary of Commerce shall...promulgate standards and guidelines pertaining to federal computer systems making such standards compulsory and binding to the extent to which the secretary determines necessary to improve the efficiency of operation or security and privacy of federal computer systems."

Pursuant to this authority, the secretary of Commerce has issued dozens of Federal Information Processing Standard (FIPS) Publications through the National Institute of Standards and Technology.

Indeed, FIPS Pub 4-1 (Jan. 27, 1988), called "Representation for Calendar Date and Ordinal Date for Information Interchange," was one of the first standards issued under the 1987 statute. According to the standard, "For purposes of electronic data interchange among U.S. government agencies, NIST highly recommends that four-digit year elements be used. The year should encompass a two-digit century that precedes, and is contiguous with, a two-digit year of century (for example, 1999, 2000, etc.)."

However, this standard has two problems. First, its applicability was limited to data exchanged between federal agencies. Second, unlike the practice with most of the other FIPS Pubs, the secretary of Commerce did not make this mandatory but only "highly recommended."

The second issue is more important, given the extent to which computers are interconnected. The failure to make this standard mandatory was a missed opportunity of gigantic proportions.

Recently, the secretary of Commerce issued FIPS Pub B 4-2 (Nov. 15, 1998), called "Representation of Calendar Date for Information Interchange," to provide "editorial changes, updated references to documents and organizations and other minor changes to FIPS Pub 4-1." Inexplicably, even at this late date, the secretary of Commerce failed to identify the revised standard as mandatory. FIPS Pub 4-2 states that federal agencies "should use" the specified date format but provides no guidance on when it is not required. Regardless, NIST's efforts have been too little and too late to be of much help to those struggling with the Year 2000 problem.

It is not clear what made the secretaries of Commerce so reluctant to exercise authority in this area. It could not have been a concern over usurping another agency's authority. In a memorandum dated Nov. 15, 1989, the secretary of Commerce delegated to agency heads the authority to waive any FIPS Pubs when compliance with a standard would adversely affect the accomplishment of the agency's mission or cause a major adverse financial impact on the operator that would not be offset by governmentwide savings. Although the memorandum post-dated the FIPS Pub, a similar waiver authority could have been included in it. This waiver authority would have been sufficient to cover any relevant exigencies if the date standard had been made mandatory.

Whatever the reason for the secretary's hesitancy to act, one thing is certain: The failure to establish a clear, timely and mandatory governmentwide, four-digit date standard has resulted in an immense waste of taxpayer resources.

Section 5131 of the Information Technology Management Reform Act of 1996 (Public Law No. 104-106, 110 Stat. 186, 687) recodified in almost identical words the authority of the secretary of Commerce to promulgate standards. (See 40 U.S.C. & Sect; 1441.) The secretary has confirmed the continued applicability of the earlier grant of waiver authority. However, little has been done to promulgate a better standard or to assure compliance with the old one.

With many issues it is appropriate to let different agencies experiment with alternative approaches without the restrictions of centralized management dictates. In some cases, however, an active and engaged centralized authority is the only way to assure economy and efficiency in government management. The Year 2000 problem is just the most obvious example of that fact.

--Peckinpaugh is a member of the government contracts section of the law firm Winston & Strawn, Washington, D.C.