[Congressional Record Volume 142, Number 129 (Wednesday, September 18, 1996)]
[Senate]
[Pages S10871-S10873]
From the Congressional Record Online through the Government Publishing Office [www.gpo.gov]




                      ``COUNTDOWN TO A MELTDOWN''

 Mr. MOYNIHAN. Mr. President, this past Sunday, September 15, 
1996, the Outlook section of the Washington Post contained an excellent 
article, ``Countdown to a Meltdown,'' by Lanny J. Davis, an attorney 
with the firm of Patton Boggs, L.L.P. The article concerns the Y2K 
problem, as the computer literate refer to it. What happens to the 
internal clocks and software of the Nation's--indeed, the world's--
government, business, and personal computers at 12:01 a.m. on January 
1, 2000, when they need date code space for four digits, rather than 
two? Will the computers crash? Will they assume the year is 1900? Mr. 
Davis quotes one industry expert as calling the Y2K defect ``the most 
devastating virus ever to infect the world's business and information 
technology systems.'' Estimates of the cost of fixing this defect range 
as high as $75 billion--if we act expeditiously. The longer we delay, 
the more costly the solution.
  On July 31, I wrote to the President concerning this problem. I 
offered the following suggestion:

       A presidential aide should be appointed to take 
     responsibility for assuring that all Federal agencies 
     including the military be Y2K date compliant by January 1, 
     1999 and that all commercial and industrial firms doing 
     business with the Federal government also be compliant by 
     that date. I am advised that the Pentagon is further ahead on 
     the curve here than any of the Federal agencies. You may wish 
     to turn to the military to take command of dealing with the 
     problem.

  A general--given the national security implications--to take charge, 
to determine what the Federal government must do to respond to this 
looming menace, and how it ought to go about doing it. I put a copy of 
this letter, along with the summary of a Congressional Research Service 
(CRS) report I requested on the subject, in the September 5 
Congressional Record.
  I will introduce legislation shortly to establish a commission to 
investigate the problem and suggest remedies. There is not much time 
left to resolve it. The consequences of procrastination, as the 
attached article indicates, are grave indeed.
  I ask that the article, ``Countdown to a Meltdown,'' appear in the 
Record at this point.
  The article follows:

[[Page S10872]]

                 [The Washington Post, Sept. 15, 1996]

                        Countdown to a Meltdown


 Before the Year 2000, We Have to Spend Billions to Fix a Very Strange 
                                 Glitch

                          (By Lanny J. Davis)

       In the classic '50s science fiction film ``The Day the 
     Earth Stood Still,'' an alien lands his flying saucer in 
     front of the Washington Monument and demands that the 
     earthlings destroy their nuclear weapons. When they doubt his 
     powers, the alien gives them a demonstration. At noon on a 
     designated day, he eliminates all sources of energy on the 
     planet, from electricity to water power to gasoline. Cars 
     stop. Trains stop. Telephones stop. The lights go out.
       At 12:01 a.m., Jan. 1, year 2000--or the ``Y2K,'' as 
     computer aficionados refer to it--the world won't exactly 
     ``stand still.'' But it could come close unless the world's 
     major governments and businesses start to fix their computer 
     systems right away.
       The general public knows Y2K (for Year Two Kilo--the Greek 
     prefix kilo meaning 1,000) as the ``Year 200 Problem.'' 
     Although it's finally beginning to get some attention, there 
     is still little sense of urgency because it is seen as three 
     years away. But the fact is that for some institutions, 
     including parts of the federal government, it will very soon 
     be too late. We could end up with a real catastrophe that 
     could affect many people's lives around the globe in annoying 
     and profound ways.
       The reason is simple: Virtually all computers used by 
     business and government won't know what to do when their 
     internal clocks try to switch from 1999 to 2000. They'll go 
     haywire. (Most newer personal computers for home use will be 
     unaffected.)
       The problem is that computers (and the software inside that 
     tells them what to do) are programmed with only the last two 
     digits in the year being variable, i.e., 19XX. But when the 
     clock moves to 12:01 a.m. on Jan 1, 2000, the computer's 
     program will need code space for four digits. One of two 
     things will happen: The computer will cease functioning 
     (``crash''); or more likely, it will change the last two 
     digits from ``99'' to ``00,'' thus causing the computer's 
     internal calendar to register as if the current date is Jan. 
     1, 1900.
       There is a solution, but it is time consuming and costly.
       Current estimates for business and government range from 
     $50 billion to $75 billion--and will only increase as 2000 
     draws closer. Unfortunately, the alternative is unthinkable. 
     One industry expert has called the Y2K defect ``the most 
     devastating virus ever to infect the world's business and 
     information technology systems.'' If the problem isn't fixed, 
     here are just some of the things that will happen:
       Vital military and defense systems will shut down.
       Taxpayers will receive notices from the IRS saying that 
     they owe millions of dollars in back taxes.
       Banks will shut off credit and send foreclosure notices to 
     millions.
       Social Security, Medicare and other government benefit 
     programs based on age will not function, as the computer 
     determines, for instance, that retirees are minus 35 years 
     old, instead of 65 (take the year 1900 and subtract their 
     birth year of 1935). Millions of workers will not receive 
     their pension checks.
       Thousands of airplanes all over the world will be grounded 
     when records show that maintenance has not been done for 100 
     years.
       For the same reason, prison records will show criminals 
     overdue for release.
       The economic and political ramifications of this issue are 
     immense. Kevin Shick, research director of the Gartner Group, 
     a consulting firm that developed early expertise on this 
     issue, told the House Information and Technology subcommittee 
     in April that it is highly probable that 90 percent of all 
     computer program applications in the world are dependent on 
     the correct date being recorded.
       The questions are: How'd we get into this mess? Who's to 
     blame? What do we do about it? Who's going to pay to fix it?
       A major sub-industry has arisen in the last few years to 
     correct the problems. There are many small software houses 
     and consulting companies that have developed ``software 
     for the calendrically challenged'' and other ``tools'' to 
     address the problem. And such giants as Oracle, Computer 
     Associates, IBM and Arthur Anderson have shown interest in 
     assisting companies to solve the Y2K problems, often at 
     costs in the tens of millions of dollars or more.
       Experts differ on the extent of corporate America's state 
     of readiness for the Y2K: The computer magazine Datamation 
     estimated that, as of last year, more than two-thirds of the 
     companies that use mainframe computers at least has a team in 
     place to consider how to deal with the problem. However the 
     Gartner Group's Schick says that only 17 percent of the 
     companies have sought the necessary outside help.
       Governments are waking up, but slowly. At a recent Y2K 
     conference in Austin, an industry expert warned that fewer 
     than 25 percent of state government systems will be ready. 
     One of the first public officials to take notice of the 
     problem, Sen. Daniel Patrick Moynihan (D-N.Y.), is just now 
     planning to ask President Clinton to appoint a blue ribbon 
     commission to study and make recommendations on this issue. 
     They're going to need to work fast. Recently, the Securities 
     and Exchange Commission announced that it may promulgate 
     rules requiring public companies to detail their readiness 
     for the Y2K.
       One reason for the urgency is that this is not a simple 
     problem to fix. There are three options: replace all old 
     software, which would likely be prohibitively expensive; 
     modify the software's two-digit year code to a four-digit 
     code, with instructions that 2000 follows 1999, which would 
     require the location and correction of every ``time field'' 
     in millions of lines of code in every software and hardware 
     system; or program the computer so that, when faced with two 
     double-zero dates, it chooses the more logical of them. 
     For example, a computer can be told that a 1996 driver's 
     license with a five-year term has expired in the year 
     2001, even though the internal clock reads 1901. This last 
     solution seems on its face the simplest, and cheapest. 
     Unfortunately, it doesn't do the job in most instances. 
     For example, if the issue is knowing the person's age, the 
     computer has no way of knowing whether someone born in the 
     year 2002 is 2 years old or 102 years old.
       Finding a solution that identifies and corrects all Y2K 
     defects may well prove impossible. Certain programs were 
     deliberately written in obscure programming languages. In the 
     Pentagon, for example, many of the codes were uniquely 
     written by one or two individuals using top-secret technology 
     and cannot be addressed by off-the-shelf software.
       Even for the best technicians, the nightmare is finding all 
     the Y2K defects in a computer system. For instance, the dates 
     themselves have been expressed in a variety of ways by 
     programmers--December 12, 1945, 12 December 1945, 12-12-45, 
     etc. All conceivable methods of expressing those date fields 
     must be located and corrections made. If only a few have been 
     missed, it can cause a ripple effect through a computer 
     network, leading to a crash.
       The solution is time and money.
       But why should those who bought computer products be left 
     with the tab for cleaning this mess up? Wasn't it obvious 
     when software was being written that at some point the year 
     2000 would come? Why didn't programmers anticipate the 
     problem and deal with it?
       As one leading Y2K commentator, Warren Reid, notes: ``The 
     Year 2000 problem was caused by shortsightedness and human 
     error.'' One thing is certain--there is plenty of blame to go 
     around.
       Programmers and software houses say the main reason was 
     cost. George Munoz, chief financial officer of the Treasury 
     Department, testified recently that in the early 1980s, when 
     most of these systems were being developed, memory was 
     expensive and the cost of adding another two digits to every 
     date field would have been considerable. Thus, he and other 
     industry experts explain, programmers decided to save the 
     money and make the fix when 2000 got closer.
       For this reason, many in the industry suggest that 
     responsibility for the Y2K problem is not assignable. As 
     Munoz testified in April: ``Did this problem arise because of 
     someone's negligence? To this, we emphatically respond: No.''
       But if that is the ``no fault'' explanation, why weren't 
     the purchasers and licensees of these software programs and 
     computer systems at least informed about the coming problem? 
     Why weren't they allowed to decide for themselves whether 
     they wanted to pay then or pay later? And what about hardware 
     and software sold in the recent years, when memory is much 
     less of a problem (with today's PCs having more storage space 
     and processing capacity than many mainframes 30 years ago)?
       These questions may get answered in court as businesses go 
     looking to recover their costs from the vendors who sold them 
     these products, though no major Y2K lawsuits have yet been 
     filed.
       On the other hand, vendors (and their attorneys) are likely 
     to remind any customers pressing these theories that they 
     should have known that when the year 2000 tolled, the problem 
     would arise. For the most part, the buyers of these big 
     systems are sophisticated information managers.
       Ultimately, the verdict is likely to be that everyone 
     shares a piece of the blame--both vendors who failed to 
     inform and buyers who chose to ignore, figuring someone else 
     would fix it. Perhaps it's human nature: Governments, and 
     people, are more likely to respond to a crisis than 
     anticipate it.
       Though costs are hard to estimate, they can be 
     approximated, based on the amount of computer code within a 
     particular company or government agency. Coopers & Lybrand 
     has found that on average one of every 50 lines of code 
     contains a date reference. Each individual application may 
     contain thousands of lines of code. All software must be 
     searched line by line; for every million lines of code, nine 
     to 16 staff years will be needed to correct the problem.
       It costs about $1-$2 per line of code, most industry 
     analysts say. The Information Technology Association of 
     America, representing the software and information services 
     industry, estimates the total U.S. cost in the range of 
     $50 billion to $75 billion. The Social Security 
     Administration says it will take between $30 million and 
     $60 million to fix its programs, the Defense Department 
     over $1 billion. For the state of Maryland, current 
     estimates for the fix exceed $25 million. Recent hearings 
     by the House Information Technology Subcommittee found 
     that when state and local government costs are taken into 
     account, as well as the various indirect costs of lost 
     productivity and diversion of personnel and resources, the 
     public

[[Page S10873]]

     sector costs of the Y2K crisis reaches tens of billions of 
     dollars in the United States alone.
       Private sector costs are likely to be as high. The Gartner 
     Group estimates that a mid-sized company with 8,000 computer 
     programs will spend between $3.6 million and $4.2 million to 
     repair ``date challenged'' software.
       Who's left paying the bill? Surprise: first and foremost, 
     the taxpayer. Then, either in the courts or by negotiation, 
     the rest of the pain of solving the problem is likely to be 
     shared by vendors, users and consumers. And the longer a 
     company or an agency waits, the more it will cost. At the 
     start of 1999, the cost will be three times that of starting 
     today, because the supply of trained programmers able to fix 
     the problem will not keep up with demand.
       Once the alien in the movie made the Earth stand still, he 
     convened the leaders of the world to a meeting in front of 
     his space ship. The Earth's leaders told him they now 
     believed in his powers and promised to destroy all the 
     planet's nuclear weapons forthwith. But as soon as the alien 
     left, they went back to their old habits of building more.
       The real-life inhabitants of a planet that is so dependent 
     on computers might take a lesson from that. Having let the 
     technology experts put one past us this time, we shouldn't 
     let them do it again.

                          ____________________