Jonathan G. Katz
Secretary
Mail Stop 0609
Securities and Exchange Commission
450 Fifth Street, N.W.
Washington, D.C. 20549-0609
Mr. Katz,
June 26, 1999
Mr. Arthur Levitt, Chairman
Ms. Laura Unger, Commissioner
Securities and Exchange Commission
Dear Sir and Madame,
I am writing to warn about the contemplated rule changes (temporary
Rules 15b7-3T, 17Ad-21T) to require directors of brokerage firms to
certify their firms are ready for Y2K by August 31, 1999 or be shut
down, and to rules changes 15b7-2 and 17Ad-20. I recognize the SEC has
many responsibilities to balance and one very important one is to assure
the trading and investing public that the stock market exchange system
is now, and will remain, reliable. The last thing anyone wants is for a
jittery public to pull their money out of the stock market in an
irrational manner. That could be more damaging than effects of Y2K
itself. On the other hand, there are technical realities that cannot be
overlooked if the goal is to get through the Y2K period with our economy
and quality of life intact. Unfortunately, the proposed rule changes
serve neither goal.
My name is Dale W. Way and I am the chairman of a special committee of
the Institute of Electrical and Electronics Engineers (IEEE) set up by
the Technical Activities Board the Institute to research the full scope
of the Y2K problem. The IEEE is the oldest and largest international
non-profit association of engineers and computer scientists in the
world, and my committee, the Technical Information Focus Group, is
composed of professionals from industry, government and academia. We
have been studying the Y2K problem intensely for years seeking a
comprehensive understanding independent of any particular technological
perspective or commercial interest. For reasons of speed I am writing
this letter to you on a personal basis; to speak officially for my
committee or the Institute would require a significant amount of time.
It was my committee that submitted the memorandum concerning the
technical realities underlying the issue of legal liability limitations
recently praised on the floor of the Senate (enclosed). I am the author
of that letter.
The technical realities I refereed to are spelled out in the enclosed
liability memorandum, although some are specific only to liability. I
will highlight the crucial points for specific SEC purposes:
1. The proposed rule changes assume, is founded upon, the principal
that directors can know the status of their organizations regarding
Y2K. There is no basis for this assumption. There are many aspects of
Y2K, spelled out in the memorandum below, that render such knowledge
impossible to gain with certainty.
2. Making some systems ‘Y2K compliant’ can render others to which that
system is connected nonfunctional, either within or between member
firms. Any notion of ‘compliance,’ although a common one in normal SEC
terminology, is insufficient in a Y2K context to predict "operational
capacity."
3. Many inputs to systems, critical for the functioning of those
systems, come from outside the control of the organization in question.
The future status of those inputs cannot be certain.
4. Complete testing and verification of the totality of the securities
trading ‘system of systems’ is not possible. Due to the number of
atomic elements involved: electronic devices, software program
statements (lines of code), data elements, etc.; and their complexity
(the number of possible relationships among them), determining all of
the impacts, expected and unexpected, of the wholesale changes that have
already been forced upon the various subsystems as if they were
independent (which they are not) will take too many test/detect/repair
loops through the entire ‘system of systems’ for the time available.
Consequently the proposed rule will put brokerage directors in an
untenable position. They will either have to tell the truth and be
forced to shut down trading by their organization, something that will
not serve the interests of their customers, the trading system in
general or the public; if enough tell the truth it will likely force the
very panic we are all trying to avoid. Or they will be forced, or
fooled, into lying. This may buy a few months of false comfort,
assuming enough of the firms take this path. But in the end reality
will out and what will happen will happen. At that point the
credibility of the system and the SEC will be in serious jeopardy;
something that serves no one.
We must recognize there will be system failures due to Y2K. We must
have the courage to face that certainty. (Although helpful, recent
tests were too narrow in scope to be a trustworthy predictor.) These
failures do not have to be fatal to the functions and viability of
organizations. The ultimate outcome of Y2K will be determined by the
adaptability of the organizations involved in the face of "potentially
numerous, rapid and unexpected events." It is there we must place our
efforts, actions and faith. We cannot know the outcome ahead of time;
we must go through it. For this reason rule change 17a-9T regarding
record keeping is to be supported, as should the SEC’s earlier support
of comprehensive contingency planning. It is time, I believe, to stop
hoping or pretending that the prevention phase will be totally
successful, that there will not be system failures. It is a self
delusion that does not serve the public interest. And we must stop
demanding that responsible people certify there will be none, even if it
means well-meaning people who have unknowingly taken that path must
courageously change their positions.
I stand ready to aid you in any way I can. Thank you for your
attention.
Respectfully,
Dale W. Way
Chairman
The Institute of Electrical and Electronics Engineers (IEEE)
Technical Activities Board
Year 2000 Technical Information Focus Group
650.574.2317 voice
650.571.7662 fax
176 Flying Cloud Isle
Foster CIty, CA 94404
d.way@ieee.org alt. email
Enclosure:
******************************
From Thomas’ Congressional Record:
TECHNICAL REALITIES OF THE Y2K ACT (Senate - June 18, 1999)
Mr. GORTON. [Senator Slade Gorton, (R) Washington] Mr. President,
earlier this week the Senate passed a bill that tries to bring some
reason to the legal chaos that could result from Y2K failures and
Wednesday evening the Senate appointed conferees to reconcile the
differences between the House and Senate bills. I rise today to commend
the Senate for doing this, and to read from an excellent memorandum
underscoring the need for a quick resolution and final passage of a
conference report.
A memorandum prepared by the Year 2000 Technical Information Focus Group
of the Institute for Electrical and Electronics Engineers, the `I triple
E,' provides the best analyses and explanations I have seen of the
complexity of Y2K litigation; of why the argument we heard during floor
debate that the bill is designed to protect `bad actors' and that it
fails to provide sufficient incentives for remediation is generally
hollow; and of why it is so important that we do what we can to minimize
the economically paralyzing effects of a predictable and utterly
overwhelming legal snarl.
The memorandum, sent to various members of Congress, is particularly
compelling because its authors do not represent businesses that may be
sued, but are members of an international non-profit association of
engineers and computer scientists.
The memorandum is so good that rather than simply have it printed in the
Record, I will read it:
-----------------------
TAB YEAR 2000 TECHNICAL INFORMATION FOCUS GROUP
Piscataway, NJ, June 9, 1999.
To: Members, Senate Commerce, Science And Transportation Committee;
Members, Special Senate Committee On The Year 2000 Technology Problem;
Members, House of Representatives Committee on Science, Subcommittee on
Technology;
Members, Committee on Government Reform, Subcommittee on Government
Management Information, and Technology;
Sponsors, House Bill `Year 2000 Readiness and Responsibility Act of
1999,' H.R. 775.
Re: Year 2000 Liability Legislation.
From: The Institute of Electrical and Electronics Engineers (IEEE)
Technical Activities Board
Year 2000 Technical Information Focus Group.
Dear Honorable Senators, Congressmen and Congresswomen:
As leaders of the Y2K effort of the Institute of Electrical and
Electronics Engineers (IEEE), the oldest and largest international
non-profit association of engineers and computer scientists in the
world, we would like to offer some thoughts on the pending legislation
involving Y2K liability obtained from our years of work and collective
wisdom spent studying Y2K. The IEEE has drafted an Institute position on
Y2K Legal Liability regarding United States federal law, to which our
committee greatly contributed. We offer these additional thoughts in
hopes that they may further assist your understanding as you attempt to
reconcile two very valid but conflicting underlying public policy goals
in structuring and passing the Year 2000 Liability Legislation currently
under consideration:
Minimize Damage to the Economy and Quality of Life: minimize the overall
damage to the nation's economy and quality of life by reducing the need
of organizations to redirect their limited resources away from the task
of maintaining their operations in the face of Y2K in order to defend
themselves from lawsuits arising from alleged Y2K failures.
Maximize Incentive for Y2K Failure Prevention: maximize the incentive of
every organization to prevent Y2K failures as well as preserve the legal
rights and remedies available for those seeking legitimate redress for
wrongs they may suffer resulting from Y2K failures.
In addressing public policy issues we have no more expertise than the
literate public. However, we do possess expertise in the technical
issues underlying the situation that should be considered as you weigh
the conflicting public policy goals in formulating appropriate Year 2000
Liability Legislation. In particular, for your consideration we offer
the following points pertaining to the technical realities of Y2K.
1. Prevention of all Y2K Failures Was Never Possible. For many large and
important organizations, technical prevention of all Y2K failures has
never been possible in any practical way for these reasons:
1.1 `Y2K Compliant' Does Not Equal `No Y2K Failures.' If an organization
makes all of its systems `Y2K compliant', it does not mean that that
same organization will not experience Y2K failures causing harm to
itself and other organizations. In fact, efforts to become `Y2K
compliant' in one place could be the direct cause of such failures in
others. If interconnected systems are made compliant in different ways,
they will be incompatible with each other. Many systems in government
and industry are mistakenly being treated as if they were independent
and fixed in the most expedient way for each of them. When this `Humpty
Dumpty' is put back together again, it will not work as expected without
complete testing, which is unlikely (see Complexity Kills below).
1.2 All Problems Are Not Visible or Controllable. In the best case
organizations can only address those things they can see and those
things they have control over. Given this reality, many Y2K failures are
inevitable because some technical problems will not be discernible prior
to a failure, and others, while discernible, may not be within an
organizations' jurisdictional control to correct. This is especially
true in large complex organizations with large amounts of richly
interconnected software involved in long and complex information chains
and in systems containing a high degree of embedded devices or systems
purchased in whole from external parties. (The temporary lifting of
certain copyright and reverse engineering restrictions for specific Y2K
protection efforts should also be considered as long as copyright
holders are not unduly harmed.)
1.3 Incoming Data May Be Bad or Missing. To maintain their operations
many organizations require data imported from other organizations over
which they have no control. Such data may have unknowingly been
corrupted, made incompatible by misguided compliance efforts or simply
missing due to the upstream organizations lawful business decisions.
1.4 Complexity Kills. The internal complexity of large systems, the
further complexity due to the rich interconnections between systems, the
diversity of the technical environments in type and vintage of most
large organizations and the need to make even small changes in most
systems will overwhelm the testing infrastructure that was never
designed to test `everything at once.' Hence, much software will have to
be put back into use without complete testing, a recipe, almost a
commandment, for widespread failures.
2. Determining Legal Liability Will Be Very Difficult. Traditionally the
makers of products that underlie customer operations are liable if those
products are `defective' enough to unreasonably interfere with those
operations resulting in damage. Y2K is different in that those customers
themselves are also at risk for legal action if they fail to fulfill
contractual obligations or fail to maintain their stock values and their
failure to `fix' their Y2K problems can be shown as the cause. This
customer base of technology producers cannot be overlooked in this
issue. As it constitutes most of the organizations in the world, its
needs and the implications of legislative actions on it considered now
should not be overshadowed by undue focus on the much smaller technology
producer sector. Nonetheless, even there liability is not as clear as
tradition might indicate. Several factors make liability determination
difficult, expensive, time consuming and not at all certain.
2.1 There Is a Shared Responsibility Between Buyers, Sellers and Users
of Technology. Computer products themselves have only clocks that have
dates in them. Application software products usually offer optional ways
of handling dates. The customer/user organizations, especially larger,
older ones, have created much of their application software in-house.
When new products are introduced into the buying organization, the
customer/user usually has vast amounts of data already in place that
have date formats and meaning already established. These formats and
meanings cannot be changed as a practical matter. The majority of, and
the longest-lasting, potential system problems lay in application
software and the data they process, not in clock functions. (Clock-based
failures, those likely to happen early in January 2000, while
potentially troublesome, will be for the most part localized and of
short duration.) Various service providers can be optionally called in
to help plan and apply technology for business purposes. But it is only
when these are all merged together and put to actual use that failures
can emerge. It is very rare that one of them alone can cause a failure
that carries legal consequences.
2.2 Many Things Are Outside the Control of Any Defendant. Incoming data
from external sources outside its control may be corrupted, incompatible
or missing. Devices and systems embedded in critical purchased equipment
may be beyond the defendant's knowledge or legal access. Non-technical
goods and services the defendant depends upon may not be available due
to Y2K problems within their source organizations or distribution
channel.
2.3 There Will Be a Strong Defense of Impracticability. Existing
large-scale systems were not made safe from Y2K long ago for good
reasons. Many systems resist large-scale modernization (e.g., IRS, FAA
Air Traffic Control, Medicare) for the same reasons. Wide-spread,
coordinated modifications across entrenched, diverse, interconnected
systems is technically difficult if not impossible at the current level
of transformational technology. New products must be made to operate
within the established environment, especially date data formats.
Technology producers will claim, with reason, that the determining
factor in any Y2K failures lay in the way the customer chose to
integrate their products into its environment. It will be asserted,
perhaps successfully, by user organizations that economic
impracticability prevented the prevention of Y2K failures. Regardless of
the judicial outcome, it will take a long time and many resources to
finally resolve. And that resolution may have to come in thousands of
separate cases.
3. Complexity and Time Negates Any Legal Liability Incentive. Even if
making all of an organization's systems `Y2K compliant' would render an
organization immune from Y2K failures (it will not), the size and
complexity of the undertaking is such that if any but the smallest
organization is not already well into the work, there is not enough time
for the incentive of legal liability to have any discernible positive
effect on the outcome. As an analogy, providing any kind of incentive to
land a man on Mars within one year would have no effect on anyone's
efforts to achieve that unless they had been already working to that end
for many years. A negative effect will result from management diverting
resources from prevention into legal protection.
4. The Threat of Legal Action Is a Dangerous Distraction at a Critical
Time. There will be system failures, especially in large, old, richly
interconnected `systems of systems' as exist in the financial services
and government sector. The question is how to keep such technical
failures from becoming business or organization failures. We should be
asking ourselves how we as a society can best keep the flow of goods and
services going until the technical problems and failures can be
overcome. The following points bear on these questions.
4.1 Y2K Is a Long Term, Not Short Term, Problem. Irrespective of the
notion of Y2K being about time, a point in time, or the fixation on the
rollover event at midnight December 31, 1999, or even the name `Year
2000' itself, Y2K computer problems will be causing computer system
malfunctions and failures for years into the next decade. Y2K is much
more about the dates that can span the century boundary represented in
data that must be processed by software than it is about any calendar
time or clock issues. Because of the vast amounts of these, the complex
intertwining among them and our less than complete understanding of the
whole, it will take years for the infrastructure to `calm down' after
Y2K impacts themselves AND the impacts of the sometimes frantic and
misguided changes we have made to it. The current prevention phase is
only the beginning.
4.2 Rapid and Effective Organizational Adaptability Will Be a Prime
Necessity. They key to an organization's ability to continue to provide
the goods and services other organizations and individuals need to
continue their operations will be determined by an organization's
ability to adapt its practices and policies quickly and effectively in
the face of potentially numerous, rapid and unexpected events.
4.3 Lawsuits, Actual or Threatened, Will Divert Requisite Resources.
Preventing and minimizing harm to society from Y2K disruption is
different than, and at times opposed to, protecting one's organization
from legal liability. Addressing lawsuits, and even the threat of a
lawsuit, will divert requisite resources, particularly management
attention, from an organization's rapid and effective adaptation. This
is already happening regarding technical prevention and will get worse
the longer such legal threats remain. Organizational management has much
more experience dealing with legal threats than they do addressing
something as unique and unprecedented as Y2K. Their tendency is to
address the familiar at the expense of the novel. They must be allowed
to focus on the greater good.
4.4 Judicial System Overload Is Another Danger. Given the great
interactive and interdependent complexity of Y2K's impact on the
operations of our institutions on a national and global scale, the
effort to determine exactly what happened, why it happened and who is
legally responsible for each micro-event is itself a huge undertaking
requiring the resolution of many questions. For the legal and judicial
system to attempt to resolve the legal rights and remedies of affected
parties while Y2K impacts are still unfolding will, in any case,
threaten to overwhelm the legal and judicial system's capacity to assure
justice in the matter, let alone its ability to continue to do its other
necessary work.
For all of the reasons discussed above, we support limitations on
Y2K-related legal liability. Minimizing harm and assessing blame are
each formidable and important tasks, but they cannot be done
simultaneously without sacrificing one for the other. Minimizing harm is
more important and there is an increased threat to our welfare if
assessing blame adversely interferes with our ability to minimize harm.
The value of incentives at this late date is very small. We trust that
the collective wisdom of Congress will find ways to reduce these
threats. We have additional background material available. Please
contact IEEE staff contact Paula Dunne if you are interested in this
material. We have other ideas beyond the scope of this legislation of
what the U.S. federal government can do to help minimize harm throughout
this crisis. We are ready to help in any way you may deem appropriate.
Respectfully,
The Institute of Electrical and Electronics Engineers (IEEE)
Technical Activities Board
Year 2000 Technical Information Focus Group.
------------------------------------
Mr. President, the bill we passed earlier this week is modest. It may
very well not meet all the concerns expressed by the IEEE. The
legislation may, however, at least reduce these threats. As a
consequence, we must enact meaningful legislation and we must enact it
quickly.
END