LEGAL AND ECONOMIC ISSUES ASSOCIATED WITH THE MILLENNIUM BUG

Christopher Green

Law & Valuation
Professor Palmiter
Spring, 1999

Abstract


Abstract

 

As computers will recognize the year 2000 as being the year 1900, both the public and private sector must take actions that will make their computer systems Y2K compliant.  However, no one is sure what the results will be.  Businesses must take precautions to insulate themselves from liability should there be Y2K related computer failure.
 

ISSUES

1.  What are the possible forms of litigation that may occur should there be Y2K related problems?

2.  What can businesses do to shelter themselves from such litigation?
RULES

1.  There may be numerous types of claims, such as personal injury, suit by shareholders for negligence, and suits by businesses of manufacturers and distributors of non-compliant machinery and computer systems.

2.  Businesses can take precautions that there software and hardware is Y2K compliant, expending money now to prevent greater losses later, or they can get insurance that may cover certain types of claims.
ANALYSIS

 
The cost of making all of the United States’ computer systems compliant is enormous, with approximately $543 billion in 1999 dollars having already been spent on this effort. However, there may be benefits that have offset this cost, such as efficiency gains caused by the upgrades to software and hardware that will increase corporate productivity.  Therefore, the costs of compliance may be offset by increases in profitability. The cost of being non-compliant will be significantly greater than the cost of becoming compliant, in terms of decreased productivity, system failure, and possible litigation for problems caused by Y2K non-compliance.

Computer failures have already occurred, leading to litigation. One example is Produce Palace International v. Tec-America Corp., where a grocery store sued a distributor for the failure of a computer point of sale system which refused to process credit cards that expired after 01/01/2000.  The case was settled out of court, with the grocery store receiving a sum of money.  This is just one example of possible types of litigation.  Personal injury lawsuits are also possible, such as if a machine fails, causing injury to the operator or a bystander.  Most defendants will try to avoid liability by disclaiming it or placing responsibility elsewhere.  However, there will be economic losses, and it is probable that defendants will look to place these on their insurance carrier.

There are three potential forms of insurance coverage for Y2K problems.  First is the Comprehensive General Liability Policy.  This will most likely cover those sued for personal injury claims.  However, one possible type of injury that may be claimed to fall under this policy is that of loss of electronic data.  Thus, courts may be called upon to determine whether this policy includes electronic data in its definition of property.  The second form of insurance is Directors and Officers Liability Insurance.  This will be used by directors and officers of a corporation who are sued by shareholders for Y2K losses to the company.  This form of insurance should protect such directors and officers who are accused of neglecting or omitting to take precautions to prevent Y2K problems. Finally, the third form of insurance is Errors and Omissions Liability Insurance.  This may arise in cases of negligence in failing to detect or correct Y2K problems.  Technology professionals will be the most common users of this type of policy in Y2K litigation.

However, insurance companies are not going to be willing to pay all claims for Y2K related losses.  They may claim that Y2K related problems were known losses and thus barred, if the insurer can prove that the insured had reason to know, at the time of the purchase of the policy, that there was a substantial probability of loss.

Thus, there are numerous issues that will need to be addressed once January 1, 2000 has come and gone.


Text

Introduction

As the year 2000 approaches, speculation abounds as to whether efforts to make industrial, commercial and government computer systems year 2000 compliant will be successful.  Although the problem was typically know only to computer programmers until recent years, by now most Americans understand that many computer systems confuse the year '2000' for the year '1900.'
 

Both the private and public sector continue to spend billions of dollars to combat the problem, but neither has completely insulated itself from the Y2K glitch that permeates computer legacy systems worldwide.  While no one is sure just how great the ramifications of the so called "millennium bug" will be, one thing that is virtually certain is that some litigation will result.
As the cloud of Y2K liability appears on the horizon, defense attorneys are scrambling to find ways to insulate clients from a potentially crushing blow.  Meanwhile, plaintiff's attorneys continue to refine theories to support claims for damages that may result from a Y2K related computer failure, and have already begun to file class action suits.  This paper will briefly examine the existing and potential economic effects of the millennium bug, potential claims that may result from a year 2000 related computer shutdown, and the availability of insurance to Y2K defendants.

The Cost of Compliance and Non-Compliance

As the pages on the calendar continue to turn, the cost estimates of making the worlds computer systems immune to the impending date changeover continue to increase.  The table below lists cost estimates associated with achieving Y2K compliance, as reported by major U. S. industries and government agencies.

Estimated Cost of Y2K
Compliance Effort

 

INDUSTRY

 

COST (in billions)

 
U. S. Government Agencies
 

$7.5[1]

 
Securities 
 

$5.0[2]

 
All U. S. Companies Combined
 

$520.00[3]

As eye catching as the $520 billion dollar figure is, it still does not represent the true cost of Y2K compliance because it is merely a sum of money spent in previous years.  If the all moneys spent on Y2K compliance are adjusted to 1999 dollars, the cost becomes worse still.  Consider the following table.

Estimated Cost of Y2K Compliance Effort
In 1999 Dollars*

 

Year

 

Cost That Year (billions)

 

Future Value in 1999 (billions)

 

1996

 

$70

 

$98.34

 

1997

 

$100

 

$125.44

 

1998

 

$130

 

$145.60

 

1999

 

$220

 

$220.00

 
 
 
 
 
Total:  $542.93
*Assumptions

1. I = 12%, chosen to estimate the average return of the market since 1996

2. The allocations of dollars spent each year are estimated to reflect the trend of increased spending on Y2K compliance as the critical date approaches
The above table illustrates that the cost of Y2K compliance increases by 4.25% from $520 billion to $542.93 billion once the time value of money is considered.  However, it may be unfair to consider the cost of Y2K compliance as purely expense.  It is entirely possible that the upgrades to software and hardware may have produced efficiency gains that increased corporate productivity.  For example, replacing an old non-compliant chip with a new chip likely achieves more than just eliminating the Y2K glitch. The new chip should be faster and more reliable than the chip it replaced, and may be installed in a piece of equipment that is a capital asset. Thus, the money spent on the upgrade could now be considered as spent on acquiring an asset rather than just being an operating expense.  Using this view, the expense of achieving Y2K compliance would have to be balanced against any increases in profitability that occurred as a result of the upgrades.

As for the cost of being non-compliant, no one can make a remotely accurate guess.  Estimates abound from $100 billion to $1 trillion[4], but a firm basis for these estimates is sorely lacking.  Although a precise measure of losses due to non-compliance can not be foretold at present, it is possible to get a glimpse of how plaintiffs will seek to recover their losses.

Sneak Previews of Coming Attractions

It is not necessary to wait until midnight of December 31, 1999 to observe an actual Y2K related computer shutdown and its effects.  Such failures have already occurred during both testing and normal use of existing hardware and software legacy systems.  For example, a 1998 test by the Chrysler Corporation to simulate the millennial date change at one of its assemble plants affected the plant's security system and prevented anyone from leaving the building.[5]

Actual Y2K failures have spawned lawsuits that may provide a glimpse of the theories of recovery and damages that will be used in Y2K litigation.  One such Y2K related lawsuit was Produce Palace International v. Tec-America Corp.[6]  In the Produce Palace case, a grocery store filed suit against the manufacturer and distributor of a computer point of sale system used to network cash registers, process credit cards, and expedite accounting.  The plaintiff asserted that the system would intermittently shut down because it was unable to process credit cards with an expiration date on or after January 1, 2000.  The plaintiff further alleged that this defect caused the system to be inoperable for 100 of 500 days following its installation.[7]  Among the many theories of recovery advanced by the plaintiff were breach of express or implied warranty, breach of warranty of fitness for particular purpose, breach of duty of good faith, misrepresentation, breach of contract, and violation of the state Consumer Protection Act.[8]  As damages for the intermittent shutdown, the plaintiff claimed loss of income and customer base, damage to customer good will, damages for employee down time, damages for the loss of use and value of the computer system, and repair costs.[9]
The manufacturer of the computer system defended on the basis of lack of privity between it and the Produce Palace and claimed that the problems were the result of the plaintiff's improper operation of the system, the plaintiff's credit card processing company and/or the distributor of the computer system.[10]  The manufacturer also asserted that it had made available a software upgrade to correct the problem but that the plaintiff and the distributor either failed to install the upgrade properly or failed to install the upgrade altogether.  Subsequently, the manufacturer of the system brought a cross claim against the distributor for breach of the distribution agreement and indemnification.[11]
The distributor responded to the plaintiff by alleging that the contract for purchase excluded all warranties and precluded claims of consequential damages.  Additionally, the distributor asserted that the problems associated with the system were the result of actions by the plaintiff or other third parties.[12]  And finally, the distributor brought a cross claim against the manufacturer for any damages suffered by the distributor as a result of the suit, claiming that the problems were design related.[13]

Ultimately, the case was settled before trial and Produce Palace was paid $260,000.  While the no court passed on the merits of the claims and defenses asserted by the parties, the case is nonetheless illustrative of the type of litigation that will likely ensue after a Y2K related computer failure.  Personal injury lawsuits are also a possibility if a faulty computer chip embedded in machinery causes a malfunction that injures the machine operator or a bystander.  Regardless, each case will find defendants scrambling to eschew liability by disclaiming it completely or by placing responsibility on entities that reside at some other point in the stream of commerce.  However, economic losses that result from a computer system failure will have to be borne by someone, and the someone defendants will look to first is their insurance carrier.

The Buck Stops - Where?

Year 2000 Compliance based lawsuits will likely fit into three general categories: [14]

 
1.  Suits against hardware and software service providers, for selling equipment that is not Y2K compliant, or for not providing free Y2K upgrades to non-compliant software.

2.  Suits against corporate directors and officers for failing to adequately address the Y2K problem, filed by shareholders who have suffered a loss due to a Y2K related interruption in the company's operations.

3.  Suits against insurance companies, who will be asked by the above listed entities to cover Y2K litigation costs under professional malpractice, Directors & Officers, or some other form of insurance policy.
 

Any suit brought against the defendants described in classes (1) and (2) will inevitably spawn an attempt to pass some of the losses to insurance companies. The idea of insurance picking up the tab for Y2K litigation is a pleasant thought for corporations and corporate officers.  However, predicting whether insurance companies will pay for Y2K related claims may be an even more speculative process than predicting the actual effects of the millennium bug itself.[15]

Potential Forms of Insurance Coverage

1. Comprehensive General Liability Policy

The CGL policy is the most common means of insuring commercial liability loss exposures.  A typical CGL policy will pay "those sums the insured becomes legally obligated to pay as damages because of 'bodily injury' or 'property damage'."[16] The term "property damage" is broadly defined as including "loss of use of tangible property."[17]  Clearly, the policy would cover a computer hardware vendor against a personal injury claim caused by a malfunctioning computer chip in a machine.  But, the most likely victims of a Y2K "injury" are electronic databases.  Whether the term 'property damage' will extend to cover electronic databases that are lost or corrupted as a result of a vendor's malfunctioning product is not clear.  The question hinges on whether the courts will deem computer data to be "tangible property."[18]  If not, insurance companies have an escape route and the loss will remain with the insured.

2. Directors & Officers Liability Insurance

Directors and officers of a corporation will seek indemnification for suits brought against them personally under their respective D&O policies.  A standard D&O policy pays for losses of every corporate director or officer arising from claims for any "actual or alleged Wrongful Act in their respective capacities."[19]  The term "Wrongful Act" is often defined in policies to include any neglect or omission by the directors or officers.[20]  Failure to properly address a company's need to be Y2K compliant should easily qualify as an act of "neglect" or "omission."  Therefore, corporate directors and officers may be insulated from liability.

3. Errors and Omissions Liability Insurance

Errors and omissions coverage, more commonly known as professional liability insurance, varies with the type of professional activity being insured.[21]  Still, one common provision of an E&O policy is to pay claims arising from "a negligent act, error or omission in the performance of the insured's professional services."[22]  Claims against information technology professionals for failing to detect or correct Y2K problems will almost certainly fall squarely within the definition above.  Thus, technology professionals will likely look to their E&O policies for protection.

A Potential Silver Bullet for Insurance Companies

Despite the existence of seemingly applicable policies, insurance companies will certainly not willingly pay all claims for Y2K related losses.  With the potential litigation costs estimated as high as $1 trillion, who can blame them? One anticipated defense that insurance companies will likely raise to ward off claims is that Y2K related problems were not "unexpected" events but instead were "known losses" or "losses in progress."  As such, the Y2K claims would be barred under the known loss doctrine.[23]   The known loss doctrine may be invoked if the insurers demonstrate that the insured knew or has reason to know, at the time it purchased the policy, that there was a substantial probability that loss or liability would ensue.[24] Efforts by insurance companies to establish the requisite level of knowledge on the part of insureds will require extensive and expense discovery efforts that will push the cost of litigation even higher.

Conversely, the claimant will seek to demonstrate that it made sufficient Y2K compliance efforts to believe that no problem would occur at the date changeover, in which case a Y2K related failure was indeed an "unexpected" event and thus covered by insurance.

Summary and Conclusion

Estimating the true cost of the Y2K bug will be virtually impossible even after the January 1, 2000 has come and gone.  A single glitch has the potential to propagate itself into a multitude of unquantifiable economic losses.  Assigning liability for those losses will prove equally frustrating for the judicial system, as litigants file cross-claims on top of counter-claims.  Furthermore, it is exceedingly difficult to measure a company's potential losses without knowing the extent of its exposure (i.e. what is going to happen on Jan. 1, 2000), or whether it may seek shelter under the umbrella of insurance.

Despite the doomsayers, it is quite possible (and most likely) that new millennium will pass unnoticed by the majority of computer systems.  Consider that during a recent six week span of simulated trading by Securities Industry Association, Y2K related problems resulted in in only .02 percent of 260,000 transactions.[25]  But, assuming the large majority of U. S. companies do in fact achieve Y2K compliance, it is possible that consumers (and juries) will probably be unsympathetic to the unlucky few that aren't and will place their wrath upon them.  Even if Y2K problems are pervasive, it is unlikely that the insurance industry will be forced to soak up all of the losses, else there would probably not be much of an insurance industry left.  Furthermore, the passage of federal legislation limiting liability is imminent, making it unlikely that many companies will suffer such crushing litigation expenses as to render them insolvent.  Fantastic as prognostications of near limitless Y2K liability might be, they will likely never come true.


[1]  <www.detmews.com/1999/technology/9905/05/05050154> visited May 5, 1999.
[2]  <www.detmews..com/1999/technology/9904/30/04300231> visited May 5, 1999.
[3]  73-JAN Fl. B.J. 14, 17
[4]  146 DEC Pittsburgh Legal J. 7
[5]  Frances Cairncross, Survey: The Millennium Bug, Economist, Sept. 19, 1998 at 1.
[6]  See Produce Palace International v. Tec-America Corp.  This lawsuit was filed on June 12, 1997, in Michigan.
[7]  73-JAN Fl. B.J. 14, 16
[8] Id.
[9] Id.
[10] Id.
[11] Id.
[12] Id.
[13] Id.
[14]  146 DEC Pittsburgh Legal J. 7
[15]  16 NO. 1 Computer Law. 25
[16] Language from CG 00 01 96, Copyright, Insurance Services Office, Inc., 1994.
[17] 16 NO. 1 Computer Law. 25
[18] Id.
[19]  The CPCU Handbook of Insurance Policies, Second Edition, 1996.
[20] Id.
[21]  16 NO. 1 Computer Law. 25, 27.
[22]  Liability and Insurance Coverage Issues for the Year 2000 Computer Crisis, 506 PLI/Pat 419 (1998).
[23] 16 NO. 1 Computer Law. 25
[24] Outboard Marine Corp. v. Liberty Mut. Ins. Co., 607 N.E.2d 1204, 1212 (1992).
[25]   <www.detmews..com/1999/technology/9904/30/04300231> visited May 5, 1999.