Click here to load reader
Upload
robert-a-prentice
View
215
Download
1
Embed Size (px)
Citation preview
Information Systems Frontiers 1:2, 141±153 (1999)# 1999 Kluwer Academic Publishers, Boston. Manufactured in The Netherlands.
Y2K: Legal Implications and Future Repercussions
Robert A. Prentice, Ed & Molly Smith CentennialProfessor of Business LawGraduate School of Business, CBA 5.202, Dept of MSIS,
University of Texas at Austin, Austin, TX 78712, E-mail:
Abstract. The legal system will ultimately determine wheremuch of the huge losses that will be occasioned by theMillennium Bug will land. Seemingly minor glitches, such as acomputerized inventory control system's wrongfully rejectingan order of chemicals as expired since 1900 (when the realexpiration date is in the year 2000) can create a myriad oflawsuits among manufacturers, suppliers, customers, softwarevendors and consultants, and insurance companies. No majorproducers or consumers of software will escape unscathed.Although software producers have grounds for optimismregarding the early rounds of litigation, it is likely thatpersistent plaintiffs' attorneys and concerned legislatorsultimately will threaten a ``litigation crisis'' of unprecedentedproportions. The software industry can fruitfully draw strategiclessons from the accounting profession's similar litigation crisisof the late 1980s and early 1990s in terms of litigation strategies,lobbying efforts, and funding of useful academic research.
Key Words.
Introduction
No one truly knows whether the Y2K problem will be
the predicted (by some) cause of death, chaos, and
worldwide recession, or constitute nothing more than
the cyber-equivalent of the end-of-the-world predic-
tions of fruitcake millennialists. What does seem
passably certain is that corporations and governments
around the world will spend enormous sums
attempting to achieve Y2K compatibility. Citicorp
alone will spend $600 million, [26] and General
Motors around a $1 billion. Furthermore, at least some
companies and governmental agencies will not solve
their Y2K problems in time and this will cause
additional economic losses to them and to their
customers and constituencies.
Losses of the scale that Y2K will cause are
inevitably followed by intervention of the legal
system. Those suffering the losses will contact
lawyers in an attempt to shift their losses. Just ask
the tobacco companies. Indeed, at least 28 Y2K class
action suits have already been ®led [40]. There are
reports of more than 180 other Y2K disputes already
settled out of court [21] and more than 200 Y2K-
related coverage disputes between companies and
their insurers [45]. The widely publicized estimates
that Y2K legal liability could exceed $3.6 trillion [47]
and Y2K litigation costs could exceed $1 trillion
worldwide [38] may be exaggerated, but if one looks
at tobacco, asbestos, and Superfund litigation, it is
certainly plausible that Y2K could ultimately cost
more in the way of litigation expenses than in actual
judgments rendered.
This article attempts to do two things. The ®rst part
of the article sets out a common scenario that will give
rise to Y2K litigation. It then examines the possible
theories upon which lawsuits might be based and
evaluates potential defenses. Ultimately, this analysis
will indicate my belief that consumers of software will
likely bear the greatest part of the losses caused by
Y2K problems. Software vendors and insurance
companies will not escape unscathed, for they incur
at least substantial litigation costs and expensive
nuisance settlements.
Part II of the article addresses the rami®cations of
the huge amount of expected Y2K litigation. It posits
the theory that software producers are currently in
much the same position as was the accounting
profession before its ``litigation explosion'' in the
late 1980s and early 1990s. That explosion created a
crisis of major proportions that bankrupted some
major accounting ®rms and threatened the very
141
existence of the accounting profession. Part II
examines the accounting profession's largely suc-
cessful efforts to combat that crisis, seeking to draw
lessons that may be useful to the software industry.
I. Legal Implications
To frame the discussion, consider the following
scenario, based loosely on an actual situation:
Widget Corporation's operations are largelycomputerized. Its software is a melange of (a)software it designed itself, (b) software it acquired``off the shelf'' from Mass Software Co.,
and (c) software it hired Software Firm to producespeci®cally for Widget. Widget's board of directorsrealized, perhaps a little bit tardily, that Widget mighthave a Y2K problem. Widget's own employees workedsteadily on the problem, beginning in late 1996. Bymid-1998, Widget had hired Y2K Consultants, anindependent consulting ®rm, to assist with the Y2K``®x.'' By mid-1999, Widget's board had spent tens ofmillions of dollars on the Y2K repair and hoped thatall Widget's software was Y2K-compliant. It wasn't.In October of 1999, Widget received a shipment ofchemicals necessary for its manufacturing operations.These chemicals have a shelf life of one year, andcarried an expiration date of July 1, 2000. Widget'scomputerized inventory system recorded the expira-
Speci®c Cases
� Grocer Produce Palace sued its point-of-sale systems provider Tec America for business disruptions occurring when customers' credit
cards with expiration dates after Jan. 1, 2000 were rejected. Result: Tec America settled case for $250,000.
� Atlaz International sued Software Business Technologies (SBT) over non-compliant software. Result: SBT promised to provide free year
2000 compliance patch and to pay Atlaz's attorneys' fees up to $500,000.
� Pineville Hospital Association sued Keane Inc. and Source Data Systems (SDS) because Keane, after acquiring SDS, stopped Y2K-
upgrading Pineville's old SDS system, offering instead its own Keane Y2K-compliant system that was much more expensive. The suit
is still pending. SDS's insurance company, Cincinnatti Insurance Co., has ®led a lawsuit seeking a declaration that it need not cover
the cost of remediation. That suit is also still pending.
� Andersen Consulting sued asking a court to declare that it had no duty to reimburse a software customer J. Baker, Inc.'s $3 million cost
incurred in making Y2K-compliant a seven-year-old computer system designed by Andersen. A mediator ruled for Andersen on
grounds that the contract did not include ®xing Y2K problems.
� Several class actions were ®led against Intuit on grounds that versions ®ve and six of its Quicken ®nancial software will not process dates
starting in 2000. Result: Three suits in New York and one in California were dismissed, largely because they were premature because
plaintiffs have not yet sustained injury. The California suit has been revived.
� INCO Alloys sued ASE Ltd., claiming it had violated its contract by not remediating software's Y2K problem. A federally-appointed
arbitrator ruled that ASE had no legal obligation to solve Y2K problem because the contract contained no such provision.
� Medical Manager Corp. settled a Y2K suit by agreeing to provide $30.5 million in free Y2K-compliant upgrades of a software package
used by doctors and to pay $825,000 in attorneys' fees.
� Macola Software was sued for breach of warranty and fraud in a class action representing 16,000 users of its non Y2K-compliant
software. The suit was dismissed by a judge holding that Macola had met all the obligations of its contracts.
� Microsoft has been sued over its FoxPro software and IBM has been sued over its RS/6000 AIX 4.1 and Medic 7.0 software. Both suits
are still pending.
General Numbers
� At least 28 national class actions have been ®led based on Y2K liability theories
� At least 180 Y2K disputes already settled out of court
� At least 200 Y2K coverage disputes between insureds and their insurance companies
� More than a dozen major companies have pledged to negotiate or mediate, rather than litigate, Y2K disputes
Predictions
� 4,000 Y2K cases will be ®led before Jan. 1, 2000.
� Total Y2K liability could exceed $3.6 trillion worldwide.
� Total Y2K litigation expenses could exceed $1 trillion worldwide.
Fig. 1. Y2K Litigation Summary.
142 Prentice
tion date as July 1, 1900, and judged the chemicals 99years past their expiration date. It therefore rejectedthe shipment of chemicals, which was promptlyreturned to the supplier, Chemical Co. Lackingthese chemicals, Widget's assembly line closeddown. Several of Widget's customers did not receivethe widgets they had contracted for and wereeconomically damaged as a consequence. In light ofthe potential litigation, Widget's stock price droppedsharply.
This scenario could easily spawn at least seven
lawsuits (as illustrated in Fig. 2), which I shall now
proceed to analyze, keeping in mind that litigation in
the Y2K area is in its nascent stages and that
reasonable minds are already vigorously disagreeing
regarding the proper outcome of such suits. Both
Chemical Co., the supplier and Widget's customers
sued Widget for Breach of Contract.
Assuming that Chemical Co. had a valid, binding
contract to sell chemicals to Widget, it should win this
breach of contract lawsuit. It performed properly,
tendering chemicals that conformed to contract
speci®cations. It was only the software error that
caused Widget wrongfully to reject the chemical
shipment.
Widget's customers should also win their breach of
contract suit, assuming the existence of valid, binding
contracts. Widget was supposed to deliver widgets on
time and failed to do so because its assembly line shut
down. Widget might try to raise the common law
defense of ``impossibility,'' but will likely fail. The
impossibility defense applies, for example, when an
``act of God'' such as a tornado renders contract
performance truly impossible. Nothing in known
religious writings indicates that God lives on JOLT
Cola and Slim Jims, so it is unlikely that (S)He is a
programmer. For impossibility to apply, the causative
factor must have been essentially unforeseeable and
beyond the control of the party seeking to have its
performance excused. The Y2K problem is hardly
unforeseeable, having been well-publicized for the
past few years. Modern versions of the impossibility
defense called ``commercial impracticability'' and
``frustration of purpose'' soften the requirements of the
common law impossibility defense, but they have not
been extended so far as to excuse Widget in this setting.
Fig. 2. Scenario of Possible Lawsuits. Both Chemical Co, the supplier, and Widget's customers sued Widget for breach of contract.
Legal Implications and Future Repercussions 143
So, both Chemical Co. and Widget's customers
will probably recover from Widget. Chemical's Co.'s
damages will likely be modestÐprimarily the
difference between the price Widget had contracted
to pay and the amount that Chemical Co. was able to
obtain from another purchaser of the chemicals. If
Chemical Co.'s diligent efforts to ®nd another buyer
fail before the chemicals' one-year shelf life expires,
Chemical Co. might recover the entire purchase price.
Widget's greater liability exposure will likely be to
its customers. Widget is liable for damages it can
reasonably foresee that its breach of contract will
cause its customers. Those damages may well include
both the pro®ts they lost and the damages they had to
pay when a lack of widgets caused them to breach
their contracts with their own customers.
2. Widget Sued Mass Software Co. Because of Y2KProblems in its Prepackaged SoftwareWidget will not be pleased that it has not only lost
pro®ts it planned to make on contracts with its
customers, but also sustained additional losses in the
form breach of contract damages to both its supplier
and its customers. It is also unhappy that it expended
substantial funds in an only partially successful attempt
to make its software Y2K-compliant. Therefore,
Widget may well sue Mass Software Co., maker of
the mass-marketed software that Widget purchased and
installed, hoping to palm some of its losses off onto
Mass Software. This attempt will likely fail.
Prepackaged software is clearly a ``good'' in the
eyes of the law and, as such, governed by Article 2 of
the Uniform Commercial Code (UCC) (at least until
proposed legislation governing licensing is ®nally
promulgated and widely adopted), rather than the
common law of contracts. This means that Widget
will be able to argue plausibly that Mass Software's
product (a) breached an express warranty, (b)
breached an implied warranty of merchantability, (c)
breached an implied warranty of ®tness for a
particular purpose, and (d) created a (non-UCC)
strict products liability claim.
To win a breach of express warranty claim,
Widget must prove that Mass Software's software did
not ful®ll promises made about it in advertising
literature or package inserts and the like. Assuming
Widget bought this software before the Y2K problem
surfaced prominently, it is unlikely that Mass
Software claimed anywhere in explicit terms: ``This
software has no Y2K problems.'' However, it is
certainly possible that somewhere in written literature
Mass Software claimed: ``This software providesef®cient assistance for your inventory controlmechanisms.'' The hypothetical software did not
provide ``ef®cient assistance'' as promised. Widget
therefore would have a colorable claim for breach of
express warranty. However, that claim will likely
¯ounder in an avalanche of defenses that Mass
Software can raise.
First, and perhaps most important, is the statute of
limitations. The UCC's statute of limitations is four
years and it usually begins to run when the product is
delivered. Therefore, if Widget bought the software
before October 1995, its cause of action is probably
barred by the statute of limitations. Second, Widget
will have a problem proving causation. Mass
Software's product was installed as part of a system
that contained both software that Widget's own
employees had devised and software produced by
Software Firm. How is Widget to prove that the
problem was caused by Mass Software's part of the
system? Third, the UCC places upon Widget a duty to
mitigate (minimize) its damages. Widget should
certainly have known about the Y2K problem at
least as early as 1993 and arguably by 1990 if not
much earlier [7,36]. Yet, according to the assumed
facts, Widget did nothing to solve the problem until
sometime in late 1996. Fourth, Mass Software's sales
literature probably contains a provision disclaiming
liability in the event that its software is altered by
others. It is likely that during its attempted Y2K ``®x''
that Widget or Software Consultants did so alter the
software, giving rise to yet another defense.
What of Widget's claim for breach of the impliedwarranty of merchantability claim? Widget must
®rst prove that it bought new goods from a merchant
of such goods. Clearly those criteria are met here. In
such cases, the law implies into the sales contract a
promise by the seller that its software is ``merchan-
table,'' that is, ®t for the ordinary purposes for which
such software is used. If Mass Software made its
product at a time when virtually all mass-produced
software contained the limited date ®eld causing the
Y2K problem, then it will be dif®cult for Widget to
prove that the software was unmerchantable. How
could it not ``pass in the trade'' (another way to de®ne
merchantable) if it was just like all other software
produced at the time? Widget's best argument in this
regard will probably be that software is not
merchantable unless it carries free upgrades to solve
144 Prentice
the Y2K problem. Because several software producers
have provided such free upgrades, it is reasonable to
argue that this is an element of merchantability.
Even if Widget can establish that the software was
``unmerchantable,'' its implied warranty of mer-
chantability claim would be subject not only to every
defense noted above regarding express warranty
claims (most importantly the statute of limitations
defense), but also a disclaimer defense. For many
years, sellers of mass-marketed software have been
suf®ciently astute to include disclaimers along the
lines of ``The seller disclaims all warranties of
merchantability and ®tness.'' If conspicuously dis-
played in the contract, such disclaimers are almost
always effective against sophisticated buyers. Widget
is foiled again, although Mass Software might, as
real companies have, settle the case by agreeing to
do what a customer-friendly software company
might reasonably do anywayÐprovide free Y2K
upgrades [41].
A sale of goods may also give rise to an impliedwarranty of ®tness for a particular purpose if the
seller knows of a particular purpose for which the
goods are required and the buyer is relying on the
seller's skill or judgment to select or furnish suitable
goods. It is unlikely that a large company such as
Widget can show that it was relying on Mass
Software's skill or judgment in the context of a
purchase of prepackaged software. Even if it could,
Widget's implied warranty of ®tness claim will
probably be stymied by the statute of limitations
defense, the warranty disclaimer, and the other
defenses just discussed.
Any strict products liability claim by Widget
against Mass Software is likely a nonstarter because
(a) in most jurisdictions the theory is available to
remedy only personal injuries (broken bones, dead
bodies, etc.), and (b) the theory is not applicable if the
software has been substantially altered after leaving
the hands of the seller (which may have happened
during Widget's attempted Y2K ``®x''). In short,
Widget has no truly strong theory of recovery, but it
does have enough plausible theories to be able to
bargain for a settlement.
3. Widget Sued Software Firm for ProvidingSoftware with Y2K ProblemsIf a software ®rm is hired to design a ``turn key''
software system, most courts will ®nd the sale of a
``good'' governed by the UCC. However, if Widget
commissioned Software Firm to provide tailor-made
software for a particular project, Widget could color-
ably claim that it had purchased a ``service'' rather
than a ``good.'' If a court accepts this argument, then
Widget can advance three theories against Software
Firm: (a) breach of a contract to provide services, (b)
negligence, and (c) computer malpractice.
To win a breach of contract claim, Widget must
prove that Software Firm contracted to provide a
service and then breached its promise, causing
Widget damages. Widget's initial problem will be
that Software Firm most likely did not speci®cally
promise to produce software that was Y2K-
compliant. Still, Widget could claim that Software
Firm promised to produce software that would help
run the inventory system ef®ciently and has
breached that promise. Software Firm's counter
argument is, of course, that perfection is not
required and that it produced a product that was
perfectly acceptable under the contract at the time of
its performance.
Widget's problem, in addition to the pervasive one
of causation, is that the statute of limitations may well
have run for it has now known for a long time that
Software Firm's program was not Y2K-compliant.
This depends in part upon when a court would
conclude that the statute should begin to run (when the
defective software is delivered? when Widget realizes
the defect exists? when damage is ®rst caused?), and
the outcome on that issue is unclear. What is clearer is
that Widget had a duty to mitigate its damages when it
learned of the Y2K problem. Software Firm has a very
strong argument that Widget failed in that duty and
therefore should be denied recovery on a breach of
contract theory.
To prevail in a negligence claim, Widget must
show that (a) Software Firm owed Widget a duty of
due care, (b) Software Firm breached that duty, (c)
Widget sustained damages, and (d) those damages
were proximately caused by the breach. Widget has
suffered damages and it may be possible (though
dif®cult) for Widget to show that it was the Y2K
problem with Software Firm's product (rather than the
other software in the system) that caused the particular
problem with the chemicals. And surely, since
Software Firm contracted to provide services to
Widget, it therefore owes Widget a duty of due care.
So, three of the four elements are present.
Nonetheless, Widget's chances of recovering are
problematic
Legal Implications and Future Repercussions 145
First, in many jurisdictions the ``economic loss''
rule denies recovery for mere pecuniary loss in
negligence cases. This rule relegates claims of mere
economic loss to breach of contract suits (where
Widget has already been unsuccessful), and preserves
the negligence theory for personal injury cases.
Second, even if Widget can evade this roadblock, it
will have dif®culty showing that Software ®rm
breached its duty of due care. This duty is not a
duty to produce perfect software, only to act as a
reasonable software ®rm would under the circum-
stances. The original decision to use a restricted date
®eld was sensible given the lack of memory capacity
of most computers at the time and the assumption that
software being written back then would probably not
still be in use when the millennium arrived. Because
at the time Software Firm produced its software
virtually all software had the restricted six-digit date
®eld, Widget will have dif®culty showing that
Software Firm was more careless than it should
have been under all the circumstances. Third, Widget
may again have statute of limitations problems,
especially because the limitations period is usually
only two years in negligence cases. Fourth, Software
Firm can raise a comparative negligence defense. If
Software Firm was careless in designing non Y2K-
compliant software, then Widget was also arguably
careless in ordering software without specifying that it
should be Y2K-compliant, in not remedying the
problem earlier, and in merging Software Firm's
software with its own and with Mass Software's,
which also were not Y2K-compliant. Finally, Widget
will face the ubiquitous ``failure to mitigate'' defense.
It will be dif®cult for Widget to recover on a
negligence theory.
Nor will Widget fare any better on a computermalpractice theory. Such a theory is essentially a
negligence theory, but because it is patterned after
doctor and lawyer malpractice, arguably imposes a
higher standard of care upon the defendantÐthe
duty to act as a professional. This theory will not
avail Widget for two simple reasons: (a) virtually
no jurisdiction recognizes it as a separate theory
apart from negligence, and (b) Software Firm has
a good argument that it met even an enhanced
standard of care in light of the fact that virtually
all software produced at the time it worked for
Widget, even that produced by the most reputable
software groups, contained the six-digit date
®elds.
4. Software Firm Counter-Claimed (in lawsuit #3)Against Widget for Breach of Contract andCopyright Infringement Arising from Widget'sAttempted Y2K FixAlthough Software Firm probably would not have
brought this lawsuit absent provocation, once it was
sued by Widget, it ®led a counterclaim noting that
under its license agreement with Widget, Widget was
to refrain from either (a) disclosing or providing a
copy of the software to any third party without
Software Firm's consent, or (b) reverse engineering
the software provided under the license. In making its
attempted Y2K ®x, Widget had provided a copy of
Software Firm's software to Y2K Consulting, and its
own software engineers had done some reverse
engineering in their attempt to diagnose and repair
the software's Y2K problems. Although legislation to
create an exception to the law of copyright infringe-
ment for such Y2K remediation efforts would be a
good idea, no such law has passed yet. A suit claiming
that signi®cant modi®cations to software can con-
stitute infringement of the copyright holder's
exclusive right to create derivative works has a
strong chance of succeeding, although some experts
believe that Widget might well have some potent
defenses, including ``fair use'' [8].
5. Widget Sued Y2K Consultants for not SolvingWidget's Y2K ProblemsHaving failed to recover from the parties who
originally produced its ``defective'' software,
Widget may sue Y2K Consultants for having failed
to cure the problem. Again, Widget's chances for
recovery are problematic. Widget's two best theories
are breach of contract and negligence, although some
jurisdictions have begun recognizing an implied
warranty theory even in service cases.
Widget would obviously have a strong breach ofcontract case if Y2K Consultants expressly promised
to make all of Widget's software Y2K-compliant. It is
unlikely that it did so, however. Fearing liability suits,
many software consulting ®rms have simply stayed
away from Y2K work altogether. Others have agreed
to do limited work for long-time customers. Those
who have been daring enough to do the work have
generally not been so reckless as to make any speci®c
promises about the results they would produce.
Rather, they have contracted in terms of the expertise
they would bring to bear and the time they would
146 Prentice
spend on the project, but not as to the results they
would produce.
Widget's negligence suit will not be strong either.
First, the economic loss rule will bar suit on this
theory in many jurisdictions. Even in other jurisdic-
tions, Widget may have trouble convincing a jury that
Y2K Consultants was unduly careless given the
extremely complex nature and large scope of the
Y2K problem and the great dif®culty in bringing a
company's entire computerized operations into com-plete compliance with Y2K standards.
6. Widget Sued its Insurance Company forRefusing to provide any Coverage for its Y2K LossesHaving failed to shift its losses to its software vendors
and consultants, Widget will no doubt scan its
insurance policies, hoping to ®nd coverage there.
There are at least seven different types of insurance
policies that might provide some protection to Widget
or to other ®rms with Y2K problems. Widget's rights
will depend exclusively upon which types of policies
it has and their speci®c wording. The insurance
industry believes strongly that its existing exposure
for Y2K damage is minimal. Attorneys for insureds,
however, have written lengthy tomes setting forth
arguments in favor of requiring coverage under
certain types of policies. About the only thing that
seems clear is that both insureds and insurance
companies will expend tremendous amounts of
energy and money in litigating these issues.
There are two strong reasons to be pessimistic
about Widget's chances. First, many policies exclude
from coverage business losses of the type sustained by
Widget in this case. Second, most policies are ``claims
made'' policies in that they cover only claims made
during the policy period. Widget will have dif®culty
making a claim for much of its losses until some time
after October 1999 when the software erroneously
rejects the shipment of chemicals. For at least a few
years insurance companies have been inserting into
their policiesÐthe ones that will be in effect in 1999,
2000, 2001, etc.Ðexclusions for losses caused by the
Y2K problem. So unless Widget has purchased one of
the special, limited policies designed to cover the
Y2K problem that have recently become available, it
may ®nd little solace in its insurance coverage.
7. Widget's Shareholders Sued Widget's Board ofDirectors for not Solving the Y2K ProblemHaving been unable to shift its losses to other parties,
Widget must now bear them alone, meaning that its
stock price will not recover from the dip it took
following the October 1999 incident. This loss in
stock price will not please Widget's shareholders who
may well hire a class action plaintiffs' attorney to ®le
suit against Widget and its board of directors. Two
theories (at least) will be asserted: (a) securities fraud,
and (b) breach of the duty of care.
A federal securities fraud claim must be based on
false statements of fact. Perhaps Widget's of®cers,
wishing to calm investors', customers', and suppliers'
fears, issued a press release claiming that Widget's
Y2K repairs were going well and Widget would be
totally Y2K complaint by July 1, 1999. Or perhaps,
pursuant to SEC disclosure rules requiring that the
subject be addressed, Widget's board authorized the
making of similar statements. Those statements, it
turns out, were unduly optimistic. To recover,
plaintiffs must show that defendants intentionally, or
at least recklessly, misstated the facts. Statements
regarding future events are generally protected by
``safe harbors'' so long as there was some reasonable
basis for believing them at the time they were made,
or they are clearly quali®ed by a detailed discussion of
factors that might prevent the predictions from
coming to pass. Hindsight being 20/20, it is certainly
possible that a jury juxtaposing Widget's predictions
of success with the reality of its failure might
conclude that Widget's board acted at least recklessly
(without any substantial basis in fact) in making its
statements and projections and that securities law
liability should therefore ensue. Such a result would
de®nitely be consistent with the ``double whammy''
of federal securities law class actions in which a board
of directors sees the company's errors that cause real-
life losses compounded by federal securities law suits.
For example, Union Carbide was hit with such a suit
after Bhopal, as was Exxon after the Exxon Valdezshipwreck. Fortunately for the Widget board, the
Private Securities Litigation Reform Act of 1995
(PSLRA), a product of heavy lobbying by the
accounting and high-tech industries, created several
procedural roadblocks for such class action securities
fraud suits. Unfortunately for the board, surveys show
that plaintiffs' attorneys have not been deterred and
after a couple of slower years are now ®ling suits in
numbers above pre-PSLRA levels.
The shareholders' state common law suit for
breach of the duty of care may also be viable.
Boards of directors do not have to be perfect, but they
Legal Implications and Future Repercussions 147
must direct. Boards that ignore the Y2K problem are
inviting a jury to hold that they abdicated their
responsibilities. Widget, which has attacked the
problem unsuccessfully might still be held to have
been careless. After all, other corporations solved
their Y2K problems, why didn't Widget? The
business judgment rule prevents a court from
second-guessing a board of directors when it does
its homework, but simply makes some mistakes.
Similarly, Widget likely has a provision in its articles
of incorporation absolving directors for liability for
losses caused by simple carelessness. However,
neither the business judgment rule nor the articles of
incorporation will protect the directors if a jury ®nds
them to have been ``grossly negligent.'' What does
that mean? Well, there is a continuum of defendants'
scienter that runs from simple negligence to gross
negligence to recklessness, ®nally bleeding into real
intent to do harm. It has been stated that the difference
between simple negligence, gross negligence, and
recklessness is the difference between being a fool, a
damned fool, and a goddamned fool. Could a jury ®nd
that Widget's directors, in starting late and ultimately
being unsuccessful in effecting a Y2K ®x, were
damned fools? If so, liability could follow. This is
especially so in light of a recent, in¯uential Delaware
case [14] in which a judge seemingly greatly
increased the duty of directors to ensure that they
are obtaining the timely, accurate information they
need to make informed decisions. The only good news
for Widget in all of this is that the directors' D&O
insurance policies are more likely than Widget's other
insurance policies to provide some protection,
although some insurance companies have taken the
position that Y2K damages are not covered under
existing D&O policies.
II. Future Repercussions
The Y2K problem is sui generis, yet its legacy of
litigation will have important rami®cations for the
economic future of both software consumers and
software producers. If the analysis in Part I of this
article is anywhere near correct, software consumers
are going to suffer substantial losses because of the
Millennium Bug. One obvious lesson to be learned by
companies such as Widget Corporation is that
technology issues are managerial and legal issues as
well as technical issues. During the next couple of
years, hundreds of millions of dollars of Y2K losses
will either fall on software consumers, or be shifted to
software vendors, consultants, and insurance compa-
nies, based largely on the wording of contracts.
Among the most important strategic decisions that
high-tech companies will have made in the past few
years are legal decisions, because companies that will
fare the best are those whose attorneys have been most
aggressive in negotiating favorable contractual provi-
sions, the importance of which might not have been
apparent at the time the contracts were signed. There
may never be another software problem of the size
and scope of the Millennium Bug, but similar
unforeseen problems will occasionally arise in the
future and all software and insurance contracts must
be negotiated with that realization.
That said, I want to spend most of Part II discussing
future repercussions of Y2K litigation for software
vendors. Many legal experts do not share my
opinions, and if software vendors are found generally
liable for Y2K problems, then obviously a litigation
crisis of major proportions may exist for them by the
time this article is published. Even if my analysis in
Part I is correct and these vendors generally avoid
liability (but not litigation expenses), a major crisis
will still likely occur. Consider an analogy to the
accounting profession.
Software producers now ®nd themselves in much
the same position as accounting ®rms in the late
1980s. Accountants at that point in time were facing
an increasing amount of litigation after historically
being largely sheltered from liability by favorable
court decisions and the lack of an organized plaintiffs'
bar. By the mid-1980s, however, the con¯uence of
several legal streams quickly and dramatically
disrupted the accountants' peaceful world. First,
there was a rapidly growing amount of federal class
action securities litigation in which auditors were
frequently the only solvent defendants in sight and
could, under joint and several liability, end up holding
the entire liability bag. Second, the Racketeer
In¯uenced Corrupt Organizations Act (RICO) of
1970, after having lain dormant on the books for
more than 15 years, was coming into its own as an
attractive means of suing professionals. Third, the
state courts were in the middle of a general liberal
expansion in the concept of ``duty'' in negligence
cases, laying the groundwork for greater auditor
liability to nonclient plaintiffs following careless
148 Prentice
audits. Suddenly, and for the ®rst time, lawyers began
holding seminars in ``Accountants' Liability.'' A few
big judgments made the headlines and the snowball
began rolling down the hill. In just a few years, the
accounting profession had more lawsuits ®led against
it than had been ®led in the entire history of the
profession up until that time. Pending lawsuits against
just the then-Big Six claimed $30 billion in damages.
Before the Y2K problem reared its ugly head, there
had been surprisingly little litigation against software
vendors arising from defects in software. There was
no sizable, organized plaintiffs' bar, and the law was
pro-defendant. The Y2K crisis changes the landscape.
Numerous continuing legal education seminars
focusing on Y2K litigation are currently drawing
over¯ow crowds. By the year 2001, there will
have been substantial litigation against software
vendors.
Whether or not the bulk of that litigation will have
been successful from a plaintiff 's point of view, there
will be a large and experienced plaintiffs' bar, with an
installed base of knowledge about software, which did
not exist before. Scores of law ®rms around the
country are trying to develop reputations for Y2K
expertise will attempt to exploit that expertise even
after Y2K fades away. Furthermore, the law may no
longer be so pro-defendant. Losses caused by Y2K
will create pressure for holding software creators
more accountable for their product. As Watts
Humphrey recently noted:
Sadly, software suppliers do not generally take
responsibility for the defect content of their products.
They often even ship products that contain known
defects, and they commonly charge customers for a
signi®cant part of the cost of ®xing these defective
products. The public is increasingly aware of and
unhappy with these practices. Software is routinely
blamed for common problems in almost any industry
that serves the public, and the public expects software
to perform badly.
When an industry gets a reputation for poor-quality
products, it is in a risky position. Almost any serious
problem could trigger a severe political reaction [24].
This problem has never been greater than during the
Y2K crisis. Some have predicted that the poor
performance of some software vendors regarding the
year 2000 problem may well create a backlash,
possibly leading to government regulation and
standardized acceptance testing [12]. Indeed, the
Gartner Group recently prognosticated a 70 per cent
probability that the Y2K debacle will lead to
introduction of legislation requiring certi®cation of
software developers [5].
One need only look at the tobacco industry to ®nd
an industry that had the law stacked in its favor and
enjoyed a decades-long winning streak in litigation,
but, once a major plaintiffs' bar developed, began to
face and will face well into the future an untold
number of lawsuits costing incredible sums to defend.
Sooner or later the barbarians are likely to breach the
gates of software castles as well, as evidenced by the
fact that some states are considering ®ling Y2K
litigation patterned after the tobacco litigation they
®led earlier against tobacco companies. I do not mean
to place the threat of a ``litigation crisis'' for the
software industry entirely on the backs of plaintiffs'
attorneys, although it has been suggested that
plaintiffs' attorney are ®ling even premature Y2K
suits to establish their reputations as litigators in the
area so that when Y2K problems really start cropping
up, they will be in a good position to gain substantial
business [40]. While the U.S. software industry leads
the world by about any measure, its record is far from
spotless. There are numerous horror stories of
accidents or near-accidents caused by software
glitches, of programming errors that caused economic
loss, and of software packages that shipped with
literally hundreds of known bugs [25]. Yet, software
producers have typically avoided liability liable
because the law has generally allowed them to
funnel all litigation into breach of contract or warranty
claims that could be defeated by contractual dis-
claimers.
But just as many academics in the 1980s argued for
increasing the liability of accountants so that there
would be some consequences stemming from careless
auditing, the magnitude of the Y2K problem will
prompt proposals for additional regulation of the
software industry. Already there have been calls for
(I) certi®cation and regulation of programmers and
other arguable ``professionals'' in the software
industry, [18,31,33,35] (ii) judicial recognition of a
``computer malpractice'' tort, [30] and (iii) other
changes in the substantive law of existing theories to
make it easier for consumers of software to sue when
they are victimized by defective software [4,22,43].
Just as the failure of businesses led politicians to call
for more liability for auditors, the Y2K problem is
likely to prompt politicians to demand a more hands-
on regulatory approach to the computer industry. The
Legal Implications and Future Repercussions 149
software industry needs a strategic response, and it
can learn from the accounting profession.
When the accountants' liability crisis bloomed, the
profession funded and otherwise encouraged sub-
stantial empirical research by academics. That
research produced support for several pro-auditor
conclusions, including (a) that even weak securities
fraud claims carried substantial settlement value, [15]
(b) that audit quality was unlikely to improve if a
negligence standard of liability were replaced with a
strict standard of liability, [19] and (c) that a system of
proportionate liability is preferable to a system of
liability that might place all losses on the shoulders of
the auditor who is only partially to blame [20]. These
articles, coupled with industry ``position papers,'' [2]
provided a drumbeat of support for the accounting
profession's efforts to mitigate the ``litigation crisis.''
Those efforts had an impact. The profession's
policy arguments were adopted nearly lock, stock,
and barrel by the California Supreme Court in the
critically-important Bily case, [9] which by itself did
much to roll back a tide toward greater common law
negligence liability. These arguments, coupled with
massive lobbying efforts, also prompted Congress to
pass the most important pro-defendant legislation in
the history of the federal securities lawsÐthe Private
Securities Litigation Reform Act of 1995 (PSLRA),
and induced several states to pass statutes limiting
the scope of common law negligence liability that the
courts had established. When the PSLRA did not
produce all its desired effects, renewed lobbying
efforts prompted passage another piece of pro-
defendant legislation, the Securities Litigation
Uniform Standards Act of 1998, which prevents
plaintiffs' class action attorneys from evading the
PSLRA's restrictions by ®lings lawsuits in state
court.
The software industry can learn lessons from the
accounting profession in this regard. Non-lawyer
academics and industry professionals have thus far
written only a relatively small amount about potential
legal liability [1,11,13,32]; academic research most
de®nitely has a greater role to play. Consider one
parallel to the accounting profession. Audits are
neither designed to nor expected to produce perfectly
accurate ®nancial statements. Client companies
produce the statements. Auditors, via sampling and
other techniques, determine whether there is good and
suf®cient reason to believe that the statements are
generally accurate. The auditors do not and generally
cannot guarantee that the clients' ®nancial statements
are perfectly accurate.
But when companies fail and litigation follows,
jurors tend to equate errors in the ®nancial statements
with negligence by the auditors, giving rise to the
infamous ``expectations gap.'' There is evidence that
it is the hindsight bias that frequently leads juries (and
even judges) to conclude that the auditors should be
held liable [3]. Whatever the reason, the accounting
profession tried for years to close the expectations
gap. The profession produced and distributed thou-
sands of pamphlets concerning the proper role of an
audit. Attorneys for accounting ®rm defendants
attempted during trials to educate jurors to take a
more realistic approach. All these efforts failed.
Ultimately, the accountants changed their tack.
Instead of trying to educate jurors and the consumers
of audit reports, they took their case to Congress with
what was termed ``one of the best ®nanced and most
powerful [lobbies] in Washington'' [39]. By raising
the bar on the plaintiffs' pleading requirements and
suspending discovery upon the ®ling of a motion to
dismiss by defendants, Congress intended the PSLRA
to drastically reduce the settlement value of non-
meritorious securities fraud suits by making it much
harder for class action plaintiffs to surmount initial
procedural hurdles or to impose discovery costs on
defendants. The expectations gap cannot harm an
accounting ®rm if a jury never hears the case.
There are obvious parallels in the software
industry. Even the best American software makers
often ship ``buggy'' software. Macintosh System 7.0
reportedly shipped with thousands of known bugs, and
Microsoft Windows 3.1 shipped with around 5,000.
One study indicates that commercial software vendors
answered 200 million tech support phone calls in
1996, 38% of which were generated by bugs [44]. As
with most other things in life, software development
requires trade-offs. With especially complicated
systems, it may be nearly impossible to ship totally
bug-free software. Additional commitments of time
and effort can help the software vendor come closer to
perfection, but this requires consumers to wait longer
and pay more for the software. Ed Yourdon, among
others, has touted as one of the American software
industry's competitive advantages the fact that it tends
to ship ``good enough'' software, rather than ``zero
defect'' software [46].
The software industry should take a lesson from the
accountants. Convincing a jury that software con-
150 Prentice
taining a bug that caused an economic or physical loss
was not ``defective'' or ``unmerchantable'' or the
product of ``negligent'' programming may not be
easy, even if it is true. [16] Trade-offs in terms of
expense and/or delay that seemed to make sense when
the software was shipped may not look so wise in
hindsight. Many fear that jurors may believe that
computer companies should be able to solve all
problems that confront them, creating another
expectations gap [42]. So, as the software industry
comes under greater attack from a large, hungry
plaintiffs' bar and perhaps less-than-understanding
legislatures, it must have a strategic response.
Education of the public and judges is certainly one
approach, but the accounting profession found it less
than effective.
Lobbying must be a point of emphasis, as it was
for the accounting profession. Recent antitrust
activity has awakened a sleeping giant, prompting
software companies (most prominently Microsoft,
and its competitors) to rediscover where
Washington, D.C. is located. The high-tech industry
has just recently put together sophisticated lobbying
campaigns to gain legislation to stop software
piracy and to roll back bans on export of encryption
software, as well as to advance both sides of the
Microsoft antitrust controversy. More than forty
industry groups helped push through Congress the
Year 2000 Information Readiness and DisclosureAct that provided limited legal protection for
companies making good faith disclosures regarding
how Y2K affects them, although it currently
appears that not as many companies took advantage
of the act's limited window for protecting past
statements retroactively as should have. The
Association of Publicly Traded Companies
(APTC), composed of more than 1,000 ®rms
(many of them high-tech), is already lobbying for
legislation to grant immunity to companies who
make good faith efforts to avoid Y2K problems,
and on January 6, 1999, a bill was introduced into
the House of Representatives that would, among
other things, require plaintiffs in Y2K cases to
prove by a preponderance of the evidence that
defendants acted unreasonably and caused a loss
that was foreseeable. In the next few years,
additional lobbying may be needed to fend off
onerous legislative proposals to regulate the
industry. Academic research could provide credible
support for software lobbyists' positions.
Another potential response that deserves serious
consideration is additional self-regulation. Several
members of the software industry have already called
for creation of a true professional organization,
comparable to the AMA, ABA, and AICPA, to lend
status to various areas of the software profession [34].
Such a move toward self-regulation often has the
happy effect of also delaying or even discouraging
altogether governmental regulation. At a minimum, it
may assist in the courtroom. For example, the AICPA
has formulated GAAS and GAAP and other widely-
accepted technical accounting rules. Compliance with
those standards is extremely strong evidence in court
that the relevant standard of care was met in a given
case. If the software industry could decide whether
ISO-9000 certi®cation is important, or SEI-CMM
certi®cation should be the standard, or what are the
``best practices'' for software design, testing, quality
assurance, con®guration management, etc., it might
prevent these decisions from being made by a lay jury
at some point in the future.
Because the statistics regarding failed software
projects are somewhat frightening (a recent study
®nds that the average company completes only 37%
of big information technology projects on time and
only 42% within budget) [17], this could be a fruitful
area of research as well. Accounting research helped
determine that certain client risk-factors precipitate
litigation [10,29] that auditors can isolate those risk
factors before undertaking audit engagements [37],
and that auditors can adjust the fees they charge and
the structure and amount of the audit work they do to
account for these risk factors [23]. There has been
research to determine what factors lead most often to
the failure of software projects [6], but little additional
attention paid to what factors tend to generate
litigation (although the two may turn out to be
coextensive). With such research, software consul-
tants, who have already been suf®ciently aware of
litigation potential to often choose to stay away from
true hot spots . . . including Y2K consulting, could
manage risk equally as well.
Relevant accountants' research was directed, in
part, by a helpful overview article by Professor
Kinney of the University of Texas, urging the
collaboration of scholars in accounting, economics,
the behavioral sciences and law [27,28]. Academics
interested in the implications of litigation for software
development need a similar overarching vision to
direct their future efforts.
Legal Implications and Future Repercussions 151
Conclusion
Even high-tech companies do not live in a purely
technical world. Managerial and legal decisions are as
integrally important as technical decisions for such
companies, as Y2K vividly illustrates. Although I
have tried to do so in this article, it is as yet dif®cult to
predict the outcome of speci®c types of lawsuits that
the Y2K problem will generate. What may be more
con®dently projected is that Y2K litigation will
unleash repercussions that will be felt well beyond
the year 2000. Over the next few years, Y2K litigation
will set the precedents that will help shape the
software industry for the foreseeable future.
References
1. Aeh, Richard K. Is IS Ripe for Malpractice Suits? Journal ofSystems Management 1990;41:23.
2. Arthur Andersen & Co., Coopers & Lybrand, Deloitte &
Touche, Ernst & Young, KPMG Peat Marwick, and Price
Waterhouse, THE LIABILITY CRISIS IN THE UNITEDSTATES: IMPACT ON THE ACCOUNTING PROFESSIONAug. 6, 1992.
3. Anderson John C, Jennings Marianne M, Reckers Philip MJ.
The Presence of Hindsight Bias in Peer and Judicial Evaluation
in Public Accounting Litigation. Torts & Insurance LawJournal 1993;28:461.
4. Ballman Donald R. Software Tort: Evaluating Software Harm
by Duty of Function and Form. Connecticut Insurance LawJournal 1996/1997;3:417.
5. Barker Colin. Y2K Bug May Prompt New US Laws for
Developers. November 1998. Available at http://webserv.vnu-net.com/www user/plsql/pkg vnu news.right frame?pstory� 68395
6. Barki Henri, Rivard Suzanne, Talbot, Jean. Toward an
Assessment of Software Development Risk. Journal ofManagement Information Systems 1993;10:203.
7. Bemer, Bob. Time and the Computer. Interface Age Feb. 1979.
8. Bender, David. Self-Help Options for Making Third-Party
Software Y2K Compliant. The Computer Lawyer 1998;15:25.
9. Bily v. Arthur Young & Co., 3 Cal.4th 370, Cal.Rptr.2D 51, 834
P.2d 745 (1992).
10. Bonner, Sarah, Palmrose, Zoe-Vonna, Young, Susan. The
Effects of Frequent and Fictitious Frauds on Auditor
Litigation: An Analysis of SEC Accounting and Auditing
Enforcement Releases. Accounting Review Oct. 1998 (forth-
coming).
11. Bordoloi, Bijoy, Mykytyn, Kathleen, Mykytyn, Peter P, Jr. A
Framework to Limit Systems Developers' Legal Liabilities.
Journal of Management Information Systems 1996;12:161.
12. Caldwell, Bruce. The Year 2000 Double Take. InformationWeek May 18, 1998;171.
13. Cappel, James J, Kappelman, Leon A. The Year 2000 Problem
and Ethical Responsibility,: A Call to Action. The InformationSociety 1998;14:187.
14. In re Caremark Int'I, Inc. Derivative Litigation, 698 A.2d 959,
970 (Del.Ch. 1996).
15. Cloyd C Bryan, Frederickson, James R, Hill, John W.
``Motivating Factors in Attorneys' Recommendations to Sue
Auditors: How Important is Causality?'' Journal of Accountingand Public Policy 1996;15:185±218.
16. Collins W Robert, Miller, Keith W, Spielman Bethany J,
Wherry, Phillip. How Good is Good Enough?: An Ethical
Analysis of Software Construction and Use. Communications ofthe ACM 1994;37:81.
17. A Day Late and (Many) Dollars Short. Business Week Sept. 7,
1998;8.
18. DiRuggiero, Patricia Haney. The Professionalism of Computer
Practitioners: A Case for Certi®cation. Suffolk University LawReview 1991;25:1139.
19. Dopuch, Nicholas, King, Ronald R. Negligence Versus Strict
Liability Regimes in Auditing: An Experimental Investigation.
Accounting Review 1992;7:117.
20. Dopuch, Nicholas, King, Ronald R, Schatzberg, Jeffrey W. An
Experimental Investigation of Alternative Damage-Sharing
Liability Regimes with an Auditing Perspective. Journal ofAccounting Research 1994;32 (Suppl.):103.
21. Gunn, Eileen P. A New Legal Target: The Millennium Bug.
Fortune Apr. 27, 1998;438.
22. Hanson, Daniel J. Easing Plaintiffs' Burden of Proving
Negligence for Computer Malpractice. Iowa Law Review1983;69:241.
23. Hill, John W, Ramsay, Robert J, Simon, Daniel T. Audit Fees
and Client Business Risk During the S&L Crisis: Empirical
Evidence and Directions for Future Research. Journal ofAccounting and Public Policy 1994;13:185.
24. Humphrey, Watts. Software Industry Must Follow Same
Quality Principles as Other Technological Industries. SoftwareQuality Matters 1997;5(4):1.
25. Huntress, John. Computer Problems Similar to the Millennium
Bug That Have Already Happened. Available at http://www.year2000.com/archive/similar.html.
26. Kim, Jane J. Citicorp, Chase To Spend Millions On Millennium
Bug. Wall St. J. Apr. 27, 1998;B11A.
27. Kinney, William R. Auditors' Liability: Opportunities for
Research. Journal of Economic & Management Strategy1993;2:349.
28. Kinney, William R. Audit Litigation Research: Professional
Help is Needed. Accounting Horizons 1994;8:80.
29. Lys, Thomas, Watts, Ross L. Lawsuits Against Auditors.
Journal of Accounting Research 1994;32(Suppl.):65±93.
30. MacKinnon, Kevin S. Computer Malpractice: Are Computer
Manufacturers, Service Bureaus, and Programmers Really the
Professionals They Claim to Be? Santa Clara Law Review1983;23:1065.
31. Neumann, Peter G. Inside Risks: Certifying Professionals.
Communications of the ACM 1991;34:130.
32. Mykytyn, Kathleen, Mykytyn, Peter P, Jr., Slinkman, Craig W.
Expert Systems: A Question of Liability. MIS Quarterly1990;27.
152 Prentice
33. O'Connor, James E. Computer Professionals: The Need for
State Licensing. Jurimetrics J 1978;18:256.
34. Oz, Effy. Ethical Standards for Information Systems
Professionals: A Case for a Uni®ed Code. MIS Quarterly1992;16:423±433.
35. Perlman, Daniel T. Who Pays the Price of Computer Software
Failure? Rutgers Computer & Tech Law Journal 1998;24:383.
36. Pieptea, Dan R. What Will the Change of the Millenium Do to
Our data Processing Systems? MIS Q 1986;103.
37. Pratt Jamie, Stice, James D. The Effects of Client
Characteristics on Auditor Litigation Risk Judgments,
Required Audit Evidence, and Recommended Audit Fees.
Accounting Review 1994;69:639.
38. Radosevich, Lynda. Y2K Legal Games Begin: Companies
Scramble to Shield Themselves From Costly Lawsuits.
InfoWorld May 11, 1998;103.
39. Roberts, Ed. Big Six Firms Branch Out to Create Lobby,
Making Liability Reform Top 1993 Priority. Thomson'sInternational Bank Accountant May 10, 1993;5.
40. Sandberg, Brenda. Heading to Court With Cases of the
Millennium. Cal Law Oct. 19, 1998. Available at http://www.ljx.com/topstories/101998new2.htm.
41. Sandberg, Brenda. Y2K Software Class Action Settles. TheRecorder Oct. 14, 1998. Available at http://www.ljx.com/topstories/101498new1.htm. [Sandberg II]
42. Stahura, Barbara. Jurors and Y2K. Y2K Today Oct. 28, 1998.
Available at <http://www.y2ktoday.com/modles/news/
newsdetail.asp?id=473&feature=true&type�443. Tiano, Joseph R, Jr. The Liability of Computerized Information
Providers: A Look Back and a Proposed Analysis for the
Future. Univ. of Pittsburgh Law Review 1995;56:655.
44. Williamson, Miryam. Poor Quality Software Costs a Bundle in
Memory, Lost Opportunities, and Irritation, But it Costs Less to
Fix Than You Think. COMPUTERWORLD Aug. 18, 1997;78.
45. Wojcik, Joanne. Y2K Claims May Yield Reinsurance Disputes.
Business Insurance Sept. 21, 1998;12.
46. Yourdon, Edward, THE RISE AND RESURRECTION OF
THE AMERICAN PROGRAMMER, 1996;157±179.
47. Zajac, Andrew, ``As the Clock Ticks, Lawyers Spring Forth,''
Chicago Trib Oct. 4, 1998;12.
Robert Prentice is a University Distinguished
Teaching Professor and the Ed & Molly Smith
Centennial Professor of Business Law at the
University of Texas at Austin. Professor Prentice's
research interests lie primarily in the ®eld of securities
law and he has recently written several articles
analyzing how the Internet and related technological
developments will impact the law of insider trading
and corporate disclosure.
Legal Implications and Future Repercussions 153