On March 9, 1999, ATLA member Howard Nations again testified on the Y2K defect, this time before the U.S. House of Representatives Science Committee's Subcommittee on Technology and the Government Reform's Subcommittee on Government Management, Information and Technology.

Mr. Nations stressed that there is no need for federal legislation regarding Y2K liability because the common law principles, state statutes and the Uniform Commercial Code of all 50 states provide all the business rules and guidelines needed to measure business conduct, provide motivation for immediate remedial action, and provide remedies for wrongdoing.

The following is a transcript of Mr. Nation's testimony.

***

Distinguished House members, thank you for the opportunity to address your committees on this very important issue. The inquiry which we are asked to address is how the potential of liability will affect an entity's ability to timely repair and remediate its year 2000 problems.

Examination of the rules of business law, by which the conduct of business entities is measured, reveals that the law, as it exists in all fifty states, encourages business leaders to immediately address their Y2K problems. Business leaders are held to a standard to take honest, informed, good faith efforts to seek immediate Y2K solutions in order to avoid causing damage, both to their own company and to those with whom they do business. Through avoiding the causation of Y2K damage, entities can avoid liability. It seems reasonable to assume that the desire to avoid causing damage and the fear of liability arising from such damage should provide sufficient motivation to reasonable business leaders to immediately address Y2K solutions.

America's time honored common law principles and the statutory laws of all fifty states have been promulgated by the best legal minds of the past two centuries, carefully honed in court on a case by case basis, applied in jury trials with sworn testimony and rules of evidence, fine tuned by trial judges and honed into strong legal principles by the appellate courts of this land. The resulting business principles which have emerged from the cauldron of American justice are time tested and tempered and should be applied to resolve the business problems arising out of Y2K just as they have been applied to business problems in America since its inception.

There is no need for federal legislation regarding Y2K liability because the common law principles, state statutes and the Uniform Commercial Code, which has been passed by the legislatures of all fifty states, provide all of the business rules and guidelines needed to measure the conduct of business entities, provide motivation for immediate remedial action, and provide remedies for wrongdoing. The business law in question provides both rules and remedies. Responsible business leaders and consumers who have followed these business rules in matters relating to Y2K are now entitled to rely upon the remedies which business law provides in order to recover from those who ignore the rules and cause damage. It is inherently unfair to change the Y2K rules with two minutes left in the fourth quarter in order to alter the outcome to the detriment of those who have acted responsibly, and followed the rules but will be damaged because of the failure of others to act reasonably.

To focus on the issue of how liability will affect an entity's ability to fix its Y2K problems, we need only understand the function of the business judgment rule, the duty of due care, the Uniform Commercial Code, and the concept of joint and several liability which have controlled business transactions of this type for several decades.

The directors of a corporation owe a fiduciary duty of care to the corporation and its shareholders in carrying out their managerial roles. That is, they must exercise the same degree of care and prudence that ordinary persons in a like position under the same or similar circumstances would use.

The business judgment rule requires that business persons take informed, honest, good faith actions in the best interest of the company which they presume to lead. Corporate directors who investigate, evaluate, deliberate and document as required by the business judgment rule and the duty of due care will be immunized in their efforts to remediate their Y2K problems. Absent an abuse of discretion, the judgment of directors in making a business decision will be respected by the courts. Aronson v. Lewis, 473 A.2d 805, 812 (Del. 1984). This does not seem to be an unduly harsh burden to place upon corporate directors. These rules certainly should motivate officers and directors to act promptly and reasonably to remedy Y2K problems.

Federal legislation in this area of business law is unnecessary because the Uniform Commercial Code has been adopted by the legislatures of all fifty states, thus providing uniformity to Y2K business law. Under the terms of the Uniform Commercial Code the manufacturers of the defective systems and devices which are at the base of the Y2K problem are subject to liability for breach of implied warranty of fitness for a particular purpose, implied warranty of merchantability, express warranties, and breach of contract. The Uniform Commercial Code was originally formulated through the joint efforts of the best business law minds in the country. The UCC has been effective enough to gain the confidence of fifty state legislatures and the rules, once adopted, have been finely honed by appellate courts over the past three decades. The rules of the UCC have also been taught in business schools and used in business practice over the past three decades. Y2K presents precisely the type of legal disputes which the UCC was designed to resolve. Most of the Y2K business litigation will hinge on breaches of implied warranties or written contracts. The UCC implied warranties rules should provide a great impetus to business leaders to make every effort to become Y2K compliant before damage occurs.

Additionally, party who reasonably fears that the other party will not be able to perform is given protection by the U.C.C. in that the party may demand assurances that performance will be forthcoming at the proper time. If these assurances are not received within a reasonable time, the party seeking assurances can treat the contract as repudiated and suspend its performance. Thus, the U.C.C. clearly provides adequate remedies for buyers and sellers of all goods, including any good covered by proposed Y2K legislation. To remove the provisions of the UCC from the law controlling Y2K can only serve to remove motivation for timely compliance of those who have already procrastinated in addressing Y2K solutions.

In light of such protections which currently exist in the laws of all fifty states, liability will attach only to those corporate officers and directors who fail or refuse to act with due care and do not follow the business judgment rule. Hence it is incredibly disingenuous for a business leader to claim the inability to repair Y2K problems because such repair may, in some mysterious way, predicate liability. It is respectfully submitted that these business leaders should be concentrating on limiting the damage which they are about to cause instead of seeking limitations on the damages which they fear they will have to pay. The best way to avoid paying damages is not to cause damage. This can be accomplished by focusing, in the limited time remaining, on the remediation process, which they should have undertaken years ago.

Currently, the law in most states provides for joint and several liability of parties in the chain of distribution of a defective product, with the accompanying right of indemnification of downstream defendants by upstream parties until the costs of the damage is ultimately placed on the original tortfeasor. There are sound business and legal principles which predicated the development of this rule and its acceptance by the courts. There has seldom been a greater need in American jurisprudence for maintaining the rules of joint and several liability than in the Y2K litigation field. The reason is that many of the defective products and business systems in America are manufactured by foreign vendors. As reported in the Senate Year 2000 Committee Report, there is grave concern about the level of Y2K remediation outside of the United States and among many of our most frequent trading partners:

The Committee is greatly concerned about the international Y2K picture . . . Several U.S. trading partners are severely behind in their Y2K remediation efforts. S. Prt. No. 105-106-10 at 6 (1999).

The biggest Y2K impact may occur internationally. While the U.S. should have started its Y2K preparations earlier, worldwide preparations generally lag even further behind. S. Prt. No. 105-106-10 at 1 (1999).

The Y2K problem confronting responsible business leaders in America who have followed the U.C.C. and sound business rules is that they are now facing losses generated by non-compliant vendors, many of whom are foreign.

Possibly, examination of the application of existing laws to real life Y2K situations will serve to illustrate how effectively current law functions in the Y2K world and why there is no need to reject the U.C.C. and change the law.

As of today, March 9, 1999, there have been fifty-six law suits related to Y2K filed in the United States. Many of those cases have been consolidated into class actions so that the total number of actual lawsuits is closer to thirty. Most of the lawsuits are class actions by small businessmen or consumers against vendors who are seeking excessive prices for Y2K upgrades on products which should have been Y2K compliant at the time they were sold. For example, Dr. Robert Courtney is an OB/GYN solo-practitioner in New Jersey. In 1987, Dr. Courtney purchased a computer medical system from Medical Manager, Inc. for tracking surgery, scheduling due dates and billing. In 1996, the computer crashed from lack of sufficient memory. At that time, Dr. Courtney replaced his old system with a new state of the art Pentium system from Medical Manager for $13,000, a sizeable investment for a small town solo-practitioner. The salesman assured Dr. Courtney that the new computer system would last at least ten years. One year later, Dr. Courtney received a letter from Medical Manager telling him that the system which he had purchased was not Y2K compliant and it would not be useful to him as of January 1, 1999. In order to solve the Y2K problem which Medical Manager had built into their 1996 model system, Dr. Courtney would have to pay an additional $25,000 for an upgrade.

After the company ignored Dr. Courtney's request for a free upgrade of his 1996 system, he retained an attorney and sued Medical Manager seeking to have them either repair or replace his computer system at their cost. Dr. Courtney was designated as a class representative and it developed that Medical Manager had 17,000 other small businessmen-medical practitioners from whom they were demanding $25,000 for Y2K upgrades. Not surprisingly, within two months after filing the class action Medical Manager offered to settle by providing all 17,000 customers who bought a non-Y2K-compliant system after 1990 with a free "patch" that would make their old systems Y2K compliant. The sudden appearance of the software "patch" rendered it unnecessary for 17,000 doctors to buy a new upgraded system at the cost of $25,000 each. Application of current law not only saved $425,000,000 in unnecessary costs to small businesses but also avoided $425,000,000 in profiteering by Medical Manager through the sale of unnecessary Y2K upgrade systems when a software patch was obviously always available.

This is typical of the type of profiteering which currently confronts small businesses, even prior to January 1, 2000. Small businesses will be a large segment of the plaintiffs in Y2K litigation. For many small businesses, an outlay of $25,000 or a delay of ninety days during which they are out of business as a result of a non-Y2K-compliant product will be fatal to the business and lead to bankruptcy. This will be particularly true if the damages which they can recover from the provider of the non-Y2K-compliant device or product are limited. Courtney is an excellent example of how well the current civil justice system works. Within sixty days of filing the lawsuit, the profiteering by the defendant ceased, the demand for $25,000 from 17,000 small businessmen was withdrawn and shortly thereafter, a free patch was distributed to 17,000 doctors which magically made their old systems Y2K compliant.

Another type of damage which will arise out of Y2K will be the result of negligence by the creators of the system software or programmers of the embedded chips. It is possible that we have seen a preview of coming attractions in New Zealand. At 12:01 a.m. on February 29, 1996, in the largest industrial plant in New Zealand, all of the steel manufacturing machinery which was controlled by computers ceased to operate. The problem was that the computer system manufacturer had failed to program 1996 as a leap year. As a result of this negligence, millions of dollars in machinery was ruined and the plant was out of business until new machinery could be obtained. This may be typical of the type of failures which we will see after January 1, 2000 across America. Serious consideration should be given to where the financial losses arising out of such negligence should be placed, on the negligent system software provider or on the business which purchased the software in the good-faith belief that it would function properly. If a situation such as the New Zealand steel mill occurs in the United States and currently pending federal legislation is past, a limitation of damages in the amount of $250,000 would pay only a fraction of the cost of the losses of the steel mill. These damages limitations would result in millions of dollars in losses to the innocent party. A ninety day notice period would add insult to injury. These changes in the law would be particularly devastating since the insurance industry has indicated that they will deny coverage across the board on Y2K related losses.

Over centuries of well-reasoned law, it has been determined that losses of this type are better placed on the tortfeasor whose negligence caused the damage than on the party which suffers the loss. This is the current law in America which would control Y2K situations such as this one and it is respectfully submitted that such law should not be changed in order to protect the wrongdoer at the expense of the innocent business victim. Retention of this law should provide motivation to business leaders to seek immediate Y2K repairs.

Thus, it is respectfully submitted that the law as it currently exists is far better suited to the resolution of Y2K claims than a complete overhaul of these time-honored principles, created without adequate time for reflection, amid a morass of misinformation and under the pressure of special interest groups who seek to protect themselves from the consequences of their own actions.

The Senate Year 2000 Committee has acknowledged the level of misinformation as follows:

The Committee has found that the most frustrating aspect of addressing the Year 2000 (Y2K) problem is sorting fact from fiction. . . . The internet surges with rumors of massive Y2K failures that turn out to be gross misstatements, while image sensitive corporations downplay real Y2K problems. S. Prt. No. 105-106-10 at 1 (1999).

Thus, in this atmosphere of misinformation, a short time-line and the pressures of special interest groups, it seems appropriate to inquire as to whether this is the proper time, place and forum in which to change 200 years of well-established common law and override the Uniform Commercial Code.

A further inquiry worthy of examination before changing the well-established rules by which business is conducted in America is what is the nature of the "crisis" with which we are dealing, what is the cause of the "crisis," and does it warrant the pre-emption of state laws and the Uniform Commercial Code.

Y2K is a computer problem which has been known to exist for decades. The business community has had decades of notice and an equal amount of time to address the solution to Y2K.

The Y2K crisis is not a computer crisis but rather a crisis of corporate leadership which irresponsible business leaders seek to compound with a crisis of corporate accountability. We are in this situation because business leaders have made the conscious decision to ignore the Y2K problem and to procrastinate in implementing solutions until what began as a business problem has now become a business crisis. Consider the findings of the Senate Special Committee on the Year 2000 regarding procrastination:

Leadership at the highest levels is lacking. A misconception pervades corporate boardrooms that Y2K is strictly a technical problem that does not warrant executive attention . . . . S. Prt. No. 105-106-10 at 3 (1999).

Many organizations critical to Americans' safety and well-being are still not fully engaged in finding a solution. . . . Id at 1.

Most affected industries and organizations started Y2K remediation too late. . . . Id at 2.

Y2K competes poorly against issues such as . . . market share and product development. It lacks familiarity, and in a results-driven economy, Y2K remediation costs are difficult to justify to . . . shareholders. Additionally, few wished to be associated with the potential repercussions of a failed Y2K remediation attempt. Id at 7.

There is no acceptable excuse for businesses not being Y2K compliant other than their own procrastination in addressing the problem. A brief examination of the Y2K time-line indicates that the Y2K problem has been well known and steadily approaching for decades. In the late 1950's when magnetic tape format allowed greater memory capacity and less concern with space problems, programmers who were aware of the distant Y2K problem assumed that technical advances would eliminate the problem prior to 1/1/2000.

In 1960 Robert Bemer, a pioneering computer scientist, advocated use of the four-digit rather than the two-digit date format which is the basis of the Y2K problem. He was joined by forty-seven other industry specialists in an effort to devise computer programming standards that would use a four-digit rather than a two-digit date field. In 1964, IBM had the opportunity to correct the problem when the revolutionary system/360 mainframe came on line and set standards for mainframes for years to come. However, IBM chose to maintain the two-digit date field.

In 1970, Robert Bemer and eighty-six technical societies urged the Bureau of Standards to adopt the four-digit rather than the two-digit date field in order to avoid Y2K problems. The Bureau of Standards, at the urging of the same entities who now face the Y2K problem, adopted the two-digit standard.

In 1979, Robert Bemer, writing in Interface Age, again reminded the computer world that the inevitable Y2K problems would occur on 1/1/2000 unless the defect was remedied. Mr. Bemer's warnings were again ignored.

Notice again went out to the industry in 1984 when Jerome and Marilyn Murray published Computers in Crisis: How to Avoid the Coming Worldwide Computer Collapse. The Murrays recognized the problem when they attempted to calculate annuities beyond the year 2000 and were unable to do so because of the Y2K date field problem. This notice by the Murrays put the entire manufacturing and computer industry on notice that this was a problem which needed to be addressed and timely remediated.

In 1986 a South African programmer, Chris Anderson, placed a magazine ad decrying "the time bomb in your IBM mainframe system" in reference to the two-digit date field. This occurred thirteen years ago at a time when responsible business leaders should have been seriously considering the remediation of impending Y2K problems. Instead, IBM responded to the magazine ad in 1986 by stating, "IBM and other vendors have known about this for many years. This problem is fully understood by IBM's software developers, who anticipate no difficulty in programming around it."

In 1989, the Social Security Administration computer experts found that overpayment recoupment systems did not work for dates after 2000 and realized that thirty-five million lines of code had to be reviewed. In 1994, the Social Security Administration timely began a three-year review of their software and today the Social Security Administration is the leader among government agencies in software remediation, having timely undertaken the management of the problem. In doing so, they set the standard of responsible conduct against which to measure those confronted with Y2K remediation problems.

In 1993, two events occurred which placed both the federal government and the business world on notice that the Y2K problem needed to be addressed immediately. The first event was the testing by engineers at North Amer ican Aerospace Defense Command of the NORAD Early Warning System. As the engineers set computer clocks forward to simulate 12:01 a.m. on 1/1/2000, every NORAD Early Warning computer screen froze. Additionally, in 1993, Peter De Jager wrote "Doomsday 2000," which was published in Computerworld concerning the Y2K defect. In this article, Mr. De Jager stated, "We and our computers were supposed to make life easier. This was our promise. What we have delivered is a catastrophe."

Responsible business leaders followed the lead of the Social Security Administration and heeded the warnings of Robert Bemer, the technical scientific community, and authors such as the Murrays and Peter De Jager. They timely undertook remediation of their Y2K problems in the early 1990's when there was sufficient time and talent available to solve the problems. Unfortunately, a large contingent of corporate leaders procrastinated, and failed and refused to follow the business judgment rule and to act with due care for the best interests of their corporation and are now to be found in the halls of Congress lobbying for Congressional forgiveness for the breach of contracts and the consequences of the negligent manner in which they have approached the Y2K problem. Such Congressional seal of approval on procrastination and corporate irresponsibility would send the wrong message to the voters, the wrong message to the public, and the wrong message to those who will soon be victimized by such corporate irresponsibility.

It is respectfully submitted that rather pre-empting the law of the fifty states controlling business activities, this Honorable House of Representatives may effectively help businesses who are actively seeking remediation and who have already undergone the cost of remediation and repair by considering the following types of legislation:

1. Legislation to aid in remediation and repair.

a. Create a federal repository for Y2K remediation solutions which could be traded across industries. There are more than five hundred programming languages and thirty-six million programs to be remediated. Offer a tax benefit to a company which achieves a remediation solution and places the solution in a repository for use by others with similar problems. The tax credit may be based upon the number of users who are aided by the remediation solution.

b. Suspend application of ?482 of the Internal Revenue Code which requires that Y2K repairs by one division of a company be treated as a taxable asset if used by other divisions of the same company. This would promote the use of repair tools or software packages between divisions without such transfer between divisions being a taxable event;

c. Suspend the enforcement of the portion of the antitrust laws which would prevent the sharing of Year 2000 repairs and technologies within vertical industries because of the impact on competition. Currently, the impact on competition which may result from sharing Y2K technologies and repairs may constitute a technical violation of the anti-trust laws. Any action which promotes the more expeditious repair of Y2K problems without adverse impact on other companies, should be encouraged without regard to the impact on competition.

2. Tax Relief.

a. Allow the option to amortize the cost of Y2K repairs over several years or be treated as expenses in the year incurred;

b. Issue a directive to the Internal Revenue Service that they are to minimize the risk to taxpayers from punitive IRS actions in the event that their withholding information or interest information is incorrectly recorded due to the Year 2000 errors;

c. Provide additional corporate tax relief for businesses to compensate, to some extent, for the cost of the Y2K repairs;

3. Relief for Governmental Agencies. There is a basis for concern about the impact of Y2K on governmental bodies ranging from small cities to larger cities and states. Governments at every level are confronted with a double impact on solvency. First, each government has to budget its own costs for remediation of governmental Y2K problems. Secondly, the financial impact on taxpaying citizens and businesses will adversely affect the bottom line of taxes collected by governmental bodies. Thus, each governmental body will be confronted with more bills to pay and less tax revenue with which to pay them. In order to avoid interruption of vital infrastructure services to our citizens, it is respectfully suggested that an emergency financial relief system be established for aiding governments which find themselves unable to deliver vital services as a result of this double financial impact.

4. Y2K Compliance. It is respectfully suggested that a considerable amount of confusion and possibly even litigation may be avoided in the future by the adoption of a standard definition for "Y2K Compliant." At the present time the term is used very loosely without precise definition and businesses who are seeking to ascertain whether their vendors or those with whom they do business are "Y2K Compliant" should be cautious to ascertain that they and their vendors are defining the term in the same manner. It is respectfully suggested that the best definition for the term "Y2K Compliant" is found in the Federal Acquisition Regulation {FAR), part 39.002, published in Federal Acquisition Circular (FAC) 90-45:

"Year 2000 compliant means information technology that accurately processes date/time data (including, but not limited to, calculating, comparing, and sequencing) from, into, and between the twentieth and twenty-first centuries, and the years 1999 and 2000 and leap year calculations. Furthermore, Year 2000-compliant information technology, when used in combination with other information technology, shall accurately process date/time data if the other information technology properly exchanges date/time date with it."

The law of all fifty states, the Uniform Commercial Code, the business judgment rule, the duty of due care and the concept of joint and several liability have been finely honed for decades to handle precisely the type of litigation which will be the hallmark of year 2000 lawsuits, business versus business. To set aside decades of law in order to protect those who brought about this crisis of corporate leadership would be unfair to the responsible business entities which are entitled to rely on the remedies which those well-established business rules provide. There is no need for federal legislation regarding Y2K liability.

Thank you for the opportunity to be heard on this important issue.