Copyright 1999 Federal Document Clearing House, Inc.
Federal Document Clearing House Congressional Testimony
April 13, 1999
SECTION: CAPITOL HILL HEARING TESTIMONY
LENGTH: 2977 words
HEADLINE:
TESTIMONY April 13, 1999 LEON A. KAPPELMAN, PH.D. CO-CHAIR
HOUSE JUDICIARY YEAR 2000 COMPUTER PROBLEMS, LAWSUITS AND
LIABILITY
BODY:
Committee on the Judiciary, House
of Representatives, Congress of the United States Prepared Statement by Leon A.
Kappelman, Ph.D. (April 13, 1999) Prepared Statement for the Committee on the
Judiciary House of Representatives, Congress of the United States Hearing
Scheduled for April 13, 1999, 10:00 AM EST Hearing concerning H.R. 775 the "Year
2000 Readiness and Responsibility Act." Prepared by Leon A. Kappelman, Ph.D.
Associate Professor, Business Computer Information Systems Associate Director,
Center for Quality & Productivity College of Business Administration,
University of North Texas Co-chair, Society for Information Management (SIM)
Year 2000 Working Group Senior Advisor for Issues Advocacy, Society for
Information Management Steering Committee, YES Corps, International Y2K
Cooperation Center Thank you for this opportunity to testify before the esteemed
membership of the Judiciary Committee concerning H.R. 775, the "Year 2000
Readiness and Responsibility Act." I am here today to offer you the perspective
of someone who has been involved with information technology (I/T) since the mid
1960s and who has been helping government and industry solve their Y2K problems
since early 1995. I have conducted several Y2K-related research projects,
including a study that since 1996 has tracked the Y2K progress and practices of
a sample of enterprises representing more than one-tenth of U.S. GDP (Gross
Domestic Product); worked first hand with scores Y2K program directors from the
public and private sectors; written several books, monographs, and dozens of
articles; and made countless presentations all over the world. Since its
inception in 1996, I have co-chaired the Society for Information Management's
(SIM) Year 2000 Working Group, with members from major I/T consumer, I/T vendor,
federal agency, state government, academic, religious, and legal organizations.
Moreover, I am currently involved in the actual solving of Y2K problems at the
corporate, city, state, and national levels through my participation in a Y2K
community preparedness project with the 84 cities in Los Angeles County, a
project that is also sharing its best practices with cities all over the world;
my participation in the monthly conference call of state Y2K coordinators; as a
participant in the Information Technology Association of America's (ITAA)
monthly Y2K Task Group meetings as well as their legal/legislative task group
meetings; and as one of the founding members of the 3-person steering committee
of the UN and World Bank sponsored YES (Y2K Expert Service) Volunteer Corps of
the International Y2K Cooperation Center. Unintended Consequences of H.R. 775
Although there are positive roles that legislation can play, legislation can not
provide a simple solution or a quick fix to this complex set of interrelated
problems we call "Y2K." I am here today because I am convinced that some of the
provisions in this "Year 2000 Readiness and Responsibility Act" currently under
your consideration will have dreadful unintended consequences. These unintended
consequences will result in more Y2K damages to your constituents and to our
national economy because there are provisions in this bill that will greatly
reduce the incentives to responsibly address Y2K, and will thereby promote less
Y2K readiness and less Y2K responsibility. Possibly even worse because of the
long-term and far-reaching unintentional effects, these anti-readiness and
anti-responsibility provisions will fundamentally damage the future development
of the reliable information-based society that the United States is pioneering.
Civil society is based on trust and accountability, and the purpose of law is to
ensure it. The purpose of H.R. 775 seems largely to grant accountability
exemptions for those special interests who created and sustained the Y2K problem
for the sake of their own short-term profitability. Eighty-one percent (81%) of
commercial packaged software is NOT Y2K compliant according to a Gartner Group
study released last month (March 1999)! Is there any good public policy reason
to reward such behavior on the part of software manufacturers? Nothing Special
about Y2K or I/T Products to Merit Special Laws A primary objective of H.R. 775
appears to be to take I/T and related high-technology products out of the realm
of established legal precedents that have so far governed our society's ability
to adapt to new technologies such as steam engines, railroads, automobiles,
airplanes, electric power, pharmaceuticals, and so on. It is my understanding
that in each of these cases, warranties and liabilities were enforced,
exemptions were not granted before damages were incurred, and insurance coverage
was sought as a way of transferring the risks. There is nothing special about
I/T products, or Y2K for that matter, that in any way suggests that they deserve
special treatment under the law. The "software is an art form" theory is just an
excuse for poor quality workmanship and shoddy goods. Software is no more an art
form than good architecture, or good medicine, or good scientific research are
art forms -- They all have their creative side, but they're also rigorously
disciplined endeavors. So too is good software development. If this were any
other product you would be considering recalls and lemon laws -- But I/T IS just
another product. Please, don't be fooled in to believing otherwise. I am
reminded of a quote attributed to Thomas Paine, patriot, political philosopher
of the American Revolution, and author of Common Sense, "A long habit of not
thinking a thing wrong gives it a superficial appearance of being right." If
software is an art form, then we have bet our future economic well being,
perhaps our very survival, on this art form - Certainly we are not that foolish
or frivolous. H.R. 775 offers to I/T and related high-tech products a wide-
ranging set of exemptions and legal "dispensations" from full economic
accountability for damages they caused to others. Since the consequences of what
could be damages arising from Y2K- related faulty dates could continue for
decades, H.R. 775 offers relief from the usual accountability we have so far
held for those who develop, deliver, and use technological innovations. It is as
if legislators would have passed a bill in 1914 placing wide-ranging limitations
on the accountability for unspecified damages, a priori, that may someday be
caused by automobile manufacturers and by automobile drivers. Would you have
supported such a bill? I think not. Cause, Effect, and Human Nature Crafting
laws is not my expertise. I do, however, know a bit about human motivation, have
studied it in organizations, have developed instruments to measure it and some
of the things that contribute to it, and have published several refereed journal
articles about it. My concerns regarding H.R. 775 are largely related to
provisions that will seriously reduce the incentives that enterprises have to
reduce Y2K risks, get Y2K work done, and be prepared for Y2K contingencies. I do
not believe that the U.S. Congress would seriously consider legislation that
would tie the hands of the FDIC (Federal Deposit Insurance Corporation) or the
SEC (Security and Exchange Commission) in keeping the pressure to reduce Y2K
risks on the enterprises they regulate. It seems that the plaintiff's bar and
the threat of litigation essentially provides that same external motivation to
do the right thing, especially in less-regulated industries. Certainly Congress
does not want to tie the hands of these pseudo-regulators by reducing the
potential penalties on those who fail to do the right thing about reducing and
managing Y2K risks? It's just basic human motivation, granted a negative
incentive, but it works -- Look how good the banks regulated by the FDIC are
doing with reducing their Y2K risks; and how poorly the largely unregulated
chemical processing industry is doing, or small businesses. And negative
motivations (i.e., deterrents) are why we have laws against robbery, murder,
assault, and things like that too. Ask yourself why U.S. banks are in such good
shape (e.g., less that 5% on the FDIC's unsatisfactory list, based on clearly
define and published criteria, verified by external FDIC audits) when compared
with U.S. electric utilities (e.g., 28% did not even have plans as of the
January 11, 1999 North Electric Reliability Council/Department of Energy report,
based on self- reported answers to vaguely worded question) or small businesses
(e.g., 40% plan to do nothing according to a National Federation of Independent
Business/Gallup study)? A big part of the answer is the pressure of external
regulation, and the threat of externally imposed pain by the FDIC versus nothing
whatsoever (in most every case) by state utility regulators. To risk reducing
the present motivations to do the right thing about imminent Y2K risks, that we
all agree are real although we may disagree as to their degree, in the name of
preventing or controlling or reducing some possible future litigation that may
or may not be frivolous and that may or may not ever even happen, especially if
people do the right thing, seems callously reckless. If Congress were advised
that the flow of illegal drugs into the U.S. was going to increase ten fold next
year, would you pass a bill reducing the penalties on drug dealing? Of course
not, it's ridiculous to consider such nonsense. Would you consider protective
legislation if any legal industry came to Congress and pleaded for relief from
future damages caused by their defective products? No, because that is equally
ridiculous. Why then would you consider reducing the penalties on hurting U.S.
citizens and businesses with defective I/T products? Is it any less ridiculous?
I think not. And consider the long-term unintended dire consequences that would
come from legislatively protecting the poor quality practices of most software
developers. In physics we have the law of cause and effect, action and reaction.
Remove the law of gravity and things float away. In the economics of this
information age, if you remove the gravity of the consequences for manufacturing
shoddy I/T goods, then quality will further deteriorate and you will get more
shoddy I/T goods. It really wasn't any different in the industrial age, and that
is why we did not exempt industries or technologies from accountability for
their actions. Why would we choose to do so now? Can we can build a sound
economic future on a poor quality art form? Certainly we are not that foolish or
frivolous either. Anti-Readiness & Anti-Responsibility Provisions Among the
provisions that seem to run the greatest risk of unintended negative
consequences by inadvertently creating disincentives to get Y2K work done are
the following three: (1) Eliminating or reducing officers and directors
liability in Y2K cases: For too many Y2K projects it's just been too hard
getting the attention of these executives and the resources they control
allocated to Y2K work. The threat of litigation is a threat to their productive
time (in depositions, court, and so on). There's is no good public policy reason
to take the pressure off executives to do the right thing, in fact the SEC and
FDIC and stepping up their pressures. Remove the gravity of the consequences if
you fail to properly act in dealing with Y2K and spending for Y2K work will
float away. Do your really want to promote, even reward, negligent behavior with
these perpetrator protection provisions of H.R. 775? (2) Creating a cooling-off
period: At first it sounded like a wonderful idea, but what it will do is
artificially extend the deadline for vendors and others to get their Y2K work
done while customers (i.e., your neighbors, constituents, and voters) sit there
in financial meltdown, hopelessly helpless, and going out of business. Seems the
only thing it cools off is the pressure on vendors to get their Y2K repairs done
in time while those who were depending on them to be done on time will be left
to suffer. Picture this unintended consequence of H.R. 775: A small business
person in your community, one of your supporters, buys a software product
tomorrow and is told that it is "year 2000 compliant" by the manufacturer. On
January 1, 2000 the software locks up, corrupts their data, and refuses to work.
Your constituent cannot do business and yet, thanks to H.R. 775, cannot take any
legal action either to remedy their plight. They can not afford to hold out,
their business fails, jobs are lost, and the software vendor gets to keep
selling shoddy products and providing erroneous information about them. Is this
really the outcome you want - Protecting the guilty at the expense of the
innocent? This is likely to be the outcome we will get with H.R. 775's
cooling-off periods. (3) Anything else that would reduce the penalties on
harming others, like limits on punitive damages. Is there any good public policy
reason to make murder or robbery or fraud legal if one commits such crimes with
a computer? Of course not, but that is exactly what you are being asked to do in
supporting these kinds of provisions in H.R. 775. Further, if enacted, such
provisions would punish consumers and business owners of all sizes by making
them financially responsible for the Y2K repairs caused by the poor programming
and poor planning of those they depended upon in I/T and other high-tech
companies. Moreover, these liability limits would unintentionally serve as
"disincentives" to corporate America to fix their Y2K problems; now. After all,
what's worse, the specter of a lawsuit with a $250,000 cap and other favorable
legislated litigation biases, or developing a multimillion dollar fix for a
systemic Y2K problem? And perhaps the potentially most devastating unintended
consequence to the long-term economic well being of the our country, and the
information economy, is the provision that excludes damages to data entirely,
since "actual damages" in H.R. 775 appear to include only injury to "tangible
property" and data are often not considered tangible property. Think of it, the
destruction or corruption of data, a principal asset of the information age
economy, second only in importance to people and their knowledge (which is
sometimes embodied in software products), is protected if you do it with
non-Y2K-ready I/T products. Destroy data with a match or a scissors and you're
headed for jail, but do it with software and you're off free and clear. Is that
the intended consequence of this legislation? Of course not, but that will be
the unintended outcome if such provisions become law. Conclusions The sad
reality of the year 2000 problem is that this is the first time our
information-based society is confronted with paying a demonstrable bill for the
shoddy practices of information systems management and software development that
have been with us for more than four decades. The fortuitous opportunity of the
Y2K problem is that it provides us the motivation to change these enormously
wasteful and unsustainable practices. In fact we are starting to see some
positive trends in this regard already, and there are provisions in H.R. 775
that threaten to destroy the incentives for such improvements, and thereby
unintentionally threaten the productivity, quality, and sustainability of U.S.
economic well being. U.S. economic well being, as well as national security,
rely on a dependable and fully accountable information infrastructure. Congress
is being asked via H.R. 775 and similar bills to place elaborate limitations on
the recourse any injured parties would have in the case of I/T created economic
damages. The passage of H.R. 775 will have the unintended consequence of
injuring technology progress by giving a special and unique set of exemptions
from accountability that no prior technologies have ever received. There are
possible positive roles for Y2K legislation, like encouraging alternative
dispute resolution, achieving more fairness in proportionate liability, or
somehow extending statutes of limitations so that the current focus can be on
mitigation instead of litigation. Even corporate welfare provisions of
questionable desirability like Y2K tax incentives can have positive motivational
outcomes, assuming one can ensure that the dollars are spent on actually
mitigating Y2K risks. But H.R. 775 is a bill with provisions that will have some
very detrimental and damaging unintended consequences. Dire consequences that
will hurt many American consumers, small business owners, and investors. Even
worse, are the dreadful unintended consequences that could compromise the
ability of the U.S. to succeed in this age of information. If these
anti-Y2K-responsibility and anti-Y2K-readiness provisions prevail, when history
books are written our descendants will look at this as the time when the U.S.
decided to yield our technological and economic progress to special interests
seeking absolution from accountability for the consequences of their actions. If
you happen to be a reader of Toynbee's history, you will recall that he singles
out the institutionalization of special interest exemptions from taxes, legal
obligations, and accountability for crimes as one of the contributors to the
break down of once adventurous and vigorous civilizations. Software and other
I/T products should be treated like any other products. Please, do not legalize
hurting others or committing crimes with high technology in the name of trying
to help with Y2K problems or in the hopes of furthering general tort
reforms. Y2K places far too much at risk already and we have neither
time nor resources to waste on such diversions. If I can answer any of your
questions or provide you with any additional information, I am at your service.
LOAD-DATE: April 14, 1999