The Honorable John McCain Dear Mr. Chairman: As the Senate considers S. 96, on liability limits for Year 2000 computer failures, we would like to offer for your consideration our position on Y2K liability that is now pending approval before the IEEE-USA Board of Directors. Our statement focuses on organizations that use technology, not those that create and market it. In particular, we assert that there never has been a technical way for any large organization to assure they would never experience some kind of business failure due to Y2K. We therefore reiterate the statement originally made by the Securities and Exchange Commission that "Efforts to solve the Year 2000 problem are best described as 'risk mitigation.' Success in the effort will have been achieved if the number and seriousness of any technical failures are minimized and they are quickly identified and repaired if they do occur." We believe it is important that Y2K-liability legislation supports the productive work of organizations and individuals trying to prevent and prepare for Y2K-related problems under these complex and imperfect conditions. It should not allow parties to be put at greater risk because they chose to act or communicate with their partners in good faith to minimize Y2K risks and find the best ways to minimize damages. On behalf of the 225,000 electrical, electronics, and computer engineers who are U.S. members of the IEEE, we applaud your efforts to grapple with the complex issues surrounding Y2K. If you have any further questions for us, please contact Deborah Rudolph at (202) 785-0017. Sincerely, Paul J. Kostek cc: all Members of the Senate Commerce, Science & Transportation Committee D R A F T, 05/17/99 Position Statement Y2K LIABILITY The Institute of Electrical and Electronics Engineers - United States of America (IEEE-USA) recommends that the U.S. should implement Y2K legislation to ensure that ways and means exist for communicating about the technical aspects of the problem in a manner which enhances the likelihood that damage and disruption can be minimized and facilitates the prompt recovery from failures that do occur. It should encourage and protect those who take appropriate responses to analyze and repair at-risk systems and to minimize harm to society from the problem. Regarding recent concerns over liability for Y2K-related problems (i.e., computer/system failures caused by date interpretation problems), the IEEE-USA asserts that, given the history of the growth of computer technology, there has never been a technical way for any large organization to assure they would never experience some kind of business failure due to Y2K. There are just too many variables and connections (internal and external to any organization) for most organizations to assuredly prevent failures by test/find/repair/retesting all possible sources of risk regardless of the level of resources committed to the effort. At this point in time (April, 1999), the die is already cast for most organizations' Y2K-readiness activities, and their direction will not be significantly influenced over the next year by any decisions on liability or other legal concerns. IEEE-USA recommends that any U.S. legislation concerning Y2K-related liability begin with the recognition, as stated by the Securities and Exchange Commission, that "It is not, and will not, be possible for any single entity or collective enterprise to represent that it has achieved complete year 2000 compliance and thus to guarantee its remediation efforts... Efforts to solve the Year 2000 problem are best described as 'risk mitigation.' Success in the effort will have been achieved if the number and seriousness of any technical failures are minimized and they are quickly identified and repaired if they do occur." Any U.S. Y2K-liability legislation should be constructed in such a way that it does not unreasonably impair the productive work of organizations and individuals trying to prevent and prepare for Y2K-related problems. It should not put these parties at greater risk because they chose to act or communicate with their partners in good faith to minimize Y2K risks and find the best ways to minimize damages. Y2K-liability legislation should not weaken existing legal doctrines that might be applicable, specifically: a) parties' contractual rights for redress and b) tort rules that bar causes of action based purely on economic loss. However, IEEE-USA believes that it would be in the best interest of society as a whole for the U.S. to carve out as much as constitutionally possible an immunity for end users and consultants (i.e., those who do not manufacture and distribute software) that use reverse engineering or decompilation of software/firmware in order to examine it for Y2K vulnerability. The party performing reverse engineering or their client must be validly in possession of the software/firmware with a right to use the same in some manner. In no case should the party be allowed to reproduce the software. If the party wishes to publish the results of their findings where such publication would go beyond fair use, permission to publish should be obtained from the copyright holder of record. This statement was developed by the IEEE TAB Y2K Information Focus Group and the IEEE-USA Committee on Communications Policy, and represents the considered judgment of a group of U.S. IEEE members with expertise in the subject field. IEEE-USA promotes the career and technology-policy interests of the nearly 225,000 electrical, electronics, and computer engineers who are U.S. members of the IEEE.
The Institute of
Electrical and Electronics Engineers - United States of America | Top of Page | Policy Log | Public Policy Forum | IEEE-USA | Last Update: May 17, 1999 Permission to copy IEEE-USA policy communications is granted for non-commercial uses with appropriate attribution, unless otherwise indicated. |
