John F.Cooney*

Efforts to prevent the Year 2000 computer crisis demonstrate how the litigation process can adversely affect cooperative efforts to serve the greater public interest.

Consultants estimate that U.S. institutions will spend $300 billion to address the Year 2000 problem, but that Year 2000 litigation may involve claims of $1 trillion. Faced with such staggering litigation risks, companies naturally have pursed their self-interest and structured their remediation programs to minimize liability. What is rational for each company, however, has proved counter-productive for society as a whole. Companies typically protect themselves from litigation by minimizing the amount of Year 2000-related information they give to customers and business partners. This information vacuum increases the risk that more Year 2000 failures will occur, and that life will be disrupted in January 2000. This threat has become so apparent that Congress in October adopted a statute intended to offset these adverse information effects. The statute is a step in the right direction but probably will not have the full effects Congress intended, due to its inability to counteract the economic calculus plaintiffs’ lawyers perform.

Litigation Risks

Institutions face a two-pronged litigation risk for Year 2000 problems: liability for the installed based of products and services they sold in the past; and exposure for products they will sell today and in the future.

For the installed based of products, there is little a company can do today to increase or decrease its liability. Prior to 1997, few Year 2000-specific warranties were demanded or issued. The supplier’s liability therefore will depend on whether its standard warranty language insulates it from a Year 2000 claim. High-tech companies have long maintained warranties disclaiming or limiting liability for hardware and software defects. For example, Microsoft’s standard language disclaims any implied warranties; limits the time period covered (90 days); and limits any remedy to repair and replacement of the software. In prior cases, courts generally have upheld these warranties. High-tech companies are holding their collective breath, in the hope that courts will continue to interpret and apply these clauses in the same manner.

While the installed base contains more than 90% of the Year 2000 failure risk, the anticipatory legal maneuvering has focused on current and future sales - the tail of the dog. For products being delivered today, the litigation risks are substantial. Customers are now demanding specific Year 2000 warranties. Any vendor that issues a performance guarantee and experiences a Year 2000 failure will be exposed to substantial damage claims. The entities that bear the greatest litigation risk are the entities most directly involved in curing the Year 2000 problem - remediation contractors and software maintenance firms, which routinely are asked to make enforceable commitments that upgraded computers will function in January 2000.

Owners of computer systems and products that contain embedded computers chips naturally want to know whether the manufacturer believes the product will work on January 1, 2000. Further, computers constitute the heart of all major networked industries (financial services, telecommunications, utilities). Each entity connected to the network runs a risk that its remediation efforts will be frustrated if a business partner with which it is networked fails to remediate its computers. Accordingly, many companies have contacted their suppliers and their business partners, asking for information and demanding formal commitments that their products will work and that their data systems will not propagate Year 2000 defects throughout the network.

Counter-productive Responses to Litigation Risk

Most lawyers entered the Year 2000 field in response to a phone call from a wary client, who was confident that his product would work but did not want to issue customers a guarantee. High-tech companies understood that the risks involved in a massive, simultaneous technology transition are unknowable, because no one has ever lived through such a process before. Their lawyers recognized that any assurance the company issued in response to a customer inquiry could be argued to constitute an enforceable representation. Thus, in unconscious parallelism, most companies responded to this litigation risk by deciding to give out as little information as possible while still maintaining the underlying business relationship. Companies also decided that when forced to disclose information, they would release it only to their largest customers, slowly, and in a form that would be impossible to enforce in court.

1998 has been marked by a paper blizzard, in which companies demand information and commitments from their upstream suppliers, of a kind that the company refuses to make in response to similar demands by its downstream business partners. The high-tech food chain has been swamped with carefully lawyered form letters and web-site notices, in which suppliers make comforting sounds about Year 2000 readiness without making binding commitments.

The lawyer’s concern that technical compliance statements will be used against the maker in litigation has been validated by the first Year 2000 cases to be filed. One software company has been sued on the theory that it made an enforceable commitment that its product was Year 2000 compliant by using a general corporate motto "Software You’ll Never Outgrow." Similarly, Intuit was sued on the ground that a statement in its user guide, that if online payment system could tell a financial institution to make the same payment "For as long as you like", constituted an enforceable warranty that the product was Year 2000 compliant.

The logical response to these pressures has been the "non-representation representation," which has developed into an art form. This approach is best illustrated by Bell Atlantic’s public representation that its telephone network is 99.9% reliable, "and we don’t plan for that to change when the Year 2000 arrives." This is one Year 2000 representation that will stand up in litigation. But it gives customers no actual information about the risk that their telecommunications will fail

The fear of litigation is producing perverse effects across the board, as entities take steps to insulate themselves from damage suits. Four states have passed statutes that raise the barrier of sovereign immunity against all Year 2000 lawsuits against them. Further, the Veterans Administration has declined to test the medical devices in its hospitals, after threats from suppliers that any modifications of the software code during testing would void their warranties.

However rational this narrow self-interested approach is from the perspective of any one technology supplier, the world would be better off, in absolute terms, if technology suppliers could freely inform customers about Year 2000 related risks and thereby reduce the number of Year 2000 failures that will occur. But all institutions have incentives to withhold information. Companies that respected the public interest, and gave their customers detailed technological information at an early stage, face disproportionately risks compared to their counterparts that stonewalled.

Attempts to Cure Information Disincentives

By mid-1998, both Congress and the Administration agreed that the threat of litigation was complicating society’s problems in responding to the Year 2000 threat, by chilling the exchange of information. In October, the President signed the Year 2000 Readiness Disclosure Act, which passed unanimously in both Houses of Congress. The statute attempts to offset the disincentives to disclosing data about the Year 2000 readiness of products and services, but does not address liability for failures in the installed base.

The Readiness Disclosure law generally will ban the admission into evidence, in any Federal or State lawsuit, of a properly marked statement about a company’s Year 2000 readiness that is later alleged to be erroneous. To obtain its introduction, the plaintiff must prove that the company knew the statement was false or made it with an intent to mislead. Further, the law would allow companies that have already disclosed such information, despite the litigation risk, to retroactively mark their Year 2000 statements as covered disclosures, at least with respect to everyone except customers who notify the company that they already have relied on the statement.

Trial lawyers raised only nominal objections to the legislation, which likely reflects their predictive judgment that the statute will not significantly inhibit their ability to sue. The law simply prohibits a plaintiff from introducing a properly marked Year 2000 statement into evidence. It does not preclude the plaintiff from proving in a different way that a company’s products or services were infected by Year 2000 defects, or that its other inadvertent misstatements mislead customers.

By issuing a public statement under the new law that its products are defective, a company will put itself in the litigation crosshairs. A plaintiff’s lawyer, seeking to determine where to invest his resources, will understand from the Readiness Disclosure that there is a case for liability that can be made in the event of failure. The situation is analogous to an oil driller who can be guaranteed that if he drills at a site, he will hit oil. Although he does not know if he will have to drill to 5000 feet or 8000 feet, he knows he will be rewarded, and is likely to invest. Thus, although well intentioned, the new law by itself likely would stimulate relatively few unguarded corporate statements about Year 2000 vulnerabilities, because the risk of liability for substantive failure is unabated.

The government, however, is trying to force disclosures through other means. In early August, the Securities and Exchange Commission issued Guidance defining how it would apply the term "material" for purposes of exercising its enforcement authority for Year 2000 disclosures. The Guidance requires companies to disclose their Year 2000 vulnerabilities on a "gross" basis, without regard to the remediation efforts the company has underway. Further, with respect to material third party relationships (business partners, electricity suppliers), the Guidance requires the registrant to disclose its Year 2000 exposure on a "reasonable worst case" basis, unless the company has "clear evidence" that the third party will be compliant. If third parties continue to follow their own incentives and refuse to issue enforceable certifications, the next round of quarterly SEC filings may start to include hair-raising descriptions of possible millennium disasters, drawn on a worst case basis, and without regard to the likelihood that failures actually will occur.

The legal system will have done society a signal disservice if the litigation/regulatory process ends up panicking the public by inaccurately conveying the fear that risks on the order of magnitude of the biblical plagues are likely to occur.

*John F. Cooney is an attorney with Venable, Baetjer, Howard & Civiletti.