John F.Cooney*
Efforts to prevent the Year 2000 computer crisis demonstrate how
the litigation process can adversely affect cooperative efforts
to serve the greater public interest.
Consultants estimate that U.S. institutions will spend $300 billion
to address the Year 2000 problem, but that Year 2000 litigation
may involve claims of $1 trillion. Faced with such staggering litigation
risks, companies naturally have pursed their self-interest and structured
their remediation programs to minimize liability. What is rational
for each company, however, has proved counter-productive for society
as a whole. Companies typically protect themselves from litigation
by minimizing the amount of Year 2000-related information they give
to customers and business partners. This information vacuum increases
the risk that more Year 2000 failures will occur, and that life
will be disrupted in January 2000. This threat has become so apparent
that Congress in October adopted a statute intended to offset these
adverse information effects. The statute is a step in the right
direction but probably will not have the full effects Congress intended,
due to its inability to counteract the economic calculus plaintiffs
lawyers perform.
Litigation Risks
Institutions face a two-pronged litigation risk for Year 2000 problems:
liability for the installed based of products and services they
sold in the past; and exposure for products they will sell today
and in the future.
For the installed based of products, there is little a company
can do today to increase or decrease its liability. Prior to 1997,
few Year 2000-specific warranties were demanded or issued. The suppliers
liability therefore will depend on whether its standard warranty
language insulates it from a Year 2000 claim. High-tech companies
have long maintained warranties disclaiming or limiting liability
for hardware and software defects. For example, Microsofts
standard language disclaims any implied warranties; limits the time
period covered (90 days); and limits any remedy to repair and replacement
of the software. In prior cases, courts generally have upheld these
warranties. High-tech companies are holding their collective breath,
in the hope that courts will continue to interpret and apply these
clauses in the same manner.
While the installed base contains more than 90% of the Year 2000
failure risk, the anticipatory legal maneuvering has focused on
current and future sales - the tail of the dog. For products being
delivered today, the litigation risks are substantial. Customers
are now demanding specific Year 2000 warranties. Any vendor that
issues a performance guarantee and experiences a Year 2000 failure
will be exposed to substantial damage claims. The entities that
bear the greatest litigation risk are the entities most directly
involved in curing the Year 2000 problem - remediation contractors
and software maintenance firms, which routinely are asked to make
enforceable commitments that upgraded computers will function in
January 2000.
Owners of computer systems and products that contain embedded computers
chips naturally want to know whether the manufacturer believes the
product will work on January 1, 2000. Further, computers constitute
the heart of all major networked industries (financial services,
telecommunications, utilities). Each entity connected to the network
runs a risk that its remediation efforts will be frustrated if a
business partner with which it is networked fails to remediate its
computers. Accordingly, many companies have contacted their suppliers
and their business partners, asking for information and demanding
formal commitments that their products will work and that their
data systems will not propagate Year 2000 defects throughout the
network.
Counter-productive Responses to Litigation
Risk
Most lawyers entered the Year 2000 field in response to a phone
call from a wary client, who was confident that his product would
work but did not want to issue customers a guarantee. High-tech
companies understood that the risks involved in a massive, simultaneous
technology transition are unknowable, because no one has ever lived
through such a process before. Their lawyers recognized that any
assurance the company issued in response to a customer inquiry could
be argued to constitute an enforceable representation. Thus, in
unconscious parallelism, most companies responded to this litigation
risk by deciding to give out as little information as possible while
still maintaining the underlying business relationship. Companies
also decided that when forced to disclose information, they would
release it only to their largest customers, slowly, and in a form
that would be impossible to enforce in court.
1998 has been marked by a paper blizzard, in which companies demand
information and commitments from their upstream suppliers, of a
kind that the company refuses to make in response to similar demands
by its downstream business partners. The high-tech food chain has
been swamped with carefully lawyered form letters and web-site notices,
in which suppliers make comforting sounds about Year 2000 readiness
without making binding commitments.
The lawyers concern that technical compliance statements
will be used against the maker in litigation has been validated
by the first Year 2000 cases to be filed. One software company has
been sued on the theory that it made an enforceable commitment that
its product was Year 2000 compliant by using a general corporate
motto "Software Youll Never Outgrow." Similarly,
Intuit was sued on the ground that a statement in its user guide,
that if online payment system could tell a financial institution
to make the same payment "For as long as you like", constituted
an enforceable warranty that the product was Year 2000 compliant.
The logical response to these pressures has been the "non-representation
representation," which has developed into an art form. This
approach is best illustrated by Bell Atlantics public representation
that its telephone network is 99.9% reliable, "and we dont
plan for that to change when the Year 2000 arrives." This is
one Year 2000 representation that will stand up in litigation. But
it gives customers no actual information about the risk that their
telecommunications will fail
The fear of litigation is producing perverse effects across the
board, as entities take steps to insulate themselves from damage
suits. Four states have passed statutes that raise the barrier of
sovereign immunity against all Year 2000 lawsuits against them.
Further, the Veterans Administration has declined to test the medical
devices in its hospitals, after threats from suppliers that any
modifications of the software code during testing would void their
warranties.
However rational this narrow self-interested approach is from the
perspective of any one technology supplier, the world would be better
off, in absolute terms, if technology suppliers could freely inform
customers about Year 2000 related risks and thereby reduce the number
of Year 2000 failures that will occur. But all institutions have
incentives to withhold information. Companies that respected the
public interest, and gave their customers detailed technological
information at an early stage, face disproportionately risks compared
to their counterparts that stonewalled.
Attempts to Cure Information Disincentives
By mid-1998, both Congress and the Administration agreed that the
threat of litigation was complicating societys problems in
responding to the Year 2000 threat, by chilling the exchange of
information. In October, the President signed the Year 2000 Readiness
Disclosure Act, which passed unanimously in both Houses of Congress.
The statute attempts to offset the disincentives to disclosing data
about the Year 2000 readiness of products and services, but does
not address liability for failures in the installed base.
The Readiness Disclosure law generally will ban the admission into
evidence, in any Federal or State lawsuit, of a properly marked
statement about a companys Year 2000 readiness that is later
alleged to be erroneous. To obtain its introduction, the plaintiff
must prove that the company knew the statement was false or made
it with an intent to mislead. Further, the law would allow companies
that have already disclosed such information, despite the litigation
risk, to retroactively mark their Year 2000 statements as covered
disclosures, at least with respect to everyone except customers
who notify the company that they already have relied on the statement.
Trial lawyers raised only nominal objections to the legislation,
which likely reflects their predictive judgment that the statute
will not significantly inhibit their ability to sue. The law simply
prohibits a plaintiff from introducing a properly marked Year 2000
statement into evidence. It does not preclude the plaintiff from
proving in a different way that a companys products or services
were infected by Year 2000 defects, or that its other inadvertent
misstatements mislead customers.
By issuing a public statement under the new law that its products
are defective, a company will put itself in the litigation crosshairs.
A plaintiffs lawyer, seeking to determine where to invest
his resources, will understand from the Readiness Disclosure that
there is a case for liability that can be made in the event of failure.
The situation is analogous to an oil driller who can be guaranteed
that if he drills at a site, he will hit oil. Although he does not
know if he will have to drill to 5000 feet or 8000 feet, he knows
he will be rewarded, and is likely to invest. Thus, although well
intentioned, the new law by itself likely would stimulate relatively
few unguarded corporate statements about Year 2000 vulnerabilities,
because the risk of liability for substantive failure is unabated.
The government, however, is trying to force disclosures through
other means. In early August, the Securities and Exchange Commission
issued Guidance defining how it would apply the term "material"
for purposes of exercising its enforcement authority for Year 2000
disclosures. The Guidance requires companies to disclose their Year
2000 vulnerabilities on a "gross" basis, without regard
to the remediation efforts the company has underway. Further, with
respect to material third party relationships (business partners,
electricity suppliers), the Guidance requires the registrant to
disclose its Year 2000 exposure on a "reasonable worst case"
basis, unless the company has "clear evidence" that the
third party will be compliant. If third parties continue to follow
their own incentives and refuse to issue enforceable certifications,
the next round of quarterly SEC filings may start to include hair-raising
descriptions of possible millennium disasters, drawn on a worst
case basis, and without regard to the likelihood that failures actually
will occur.
The legal system will have done society a signal disservice if
the litigation/regulatory process ends up panicking the public by
inaccurately conveying the fear that risks on the order of magnitude
of the biblical plagues are likely to occur.
*John F. Cooney is an attorney with Venable, Baetjer, Howard &
Civiletti.
|