by Dan Steinberg and Andrew M. Pegalis, Esq.

Since we originally published this article over a year ago, there have been four private Year 2000 lawsuits filed, increased litigation estimates, (one as high as three trillion dollars ), one threatened state law suit, numerous immunity bills introduced or passed, as well as insurance exclusions adopted. All of which make this article more important and timely. We have endeavored to update the material while keeping it straight forward and functional.

There is a great deal of interest in the potential for Year 2000 litigation. One of the reasons for the interest is uncertainty. No one knows for sure what form Y2K litigation will take and what it will cost. Only the cost recovery component of Year 2000 litigation is directly related to the cost of repair. Estimating the cost of other forms of litigation such as those stemming from inter-company, Directors and Officers (D&O) and Errors and Omission (E&O) liability requires a difficult study in the myriad of possibilities of Y2K events and their consequential effects. It is important to understand sources of liability and forms of litigation to engage in effective risk management, establish litigation funds and posture organizations accordi ngly.

To promote discussion and understanding, the authors have prepared a brief list outlining the possible avenues of litigation. The list is divided by platform and potential parties. This is just a working taxonomy until the flood of litigation allows a true classification system. These are meant to be generalizations and each case will depend on its unique set of facts and jurisdiction.

1. Mainframe Customers vs. Manufacturers:

Theories:

1. BREACH OF CONTRACT –

Limitation of Liability – typically warranties also limit the scope of liability to the purchase price, and prohibits suits for consequential business losses. This will be a significant area of debate

Disclaimers – typically warranties disclaim express warranties of merchantability. Such disclaimers are generally upheld. However, while disclaimers have generally been held to be wholly applicable to off the shelf products it is more questionable if they would apply to larger computer systems. This is true due to the fact that in the contracting to build large computer systems and many of the promises made by the builder may be non-stan dard. Because of this it is necessary to carefully examine these contracts for any language warranting performance beyond the year 2000. Disclaimers are also limited by judicial imposed reasonableness standards.

Unclean Hands – In some licenses or purchase agreements involving software, a modification of source code violates certain intellectual property rights and voids any otherwise applicable warranty provisions.

Mere "Puffery" – No warranty was created, language or conduct being examined was only boast meant to sell product and not warrant item was year 2000 compliant.

Statute of Limitations – argument that no cause of action can arise because statute of limitations has tolled.

D. TORT OF FRAUD – Plaintiffs must prove that the mainframe manufacturer had actual knowledge of Y2K and intended to deceive the plaintiff in order to receive the benefit of the sale. These claims may turn on the existence and proof of intentionall y false or misleading responses to compliance inquiries.

E. TORT OF MISREPRESENTATION Similar to fraud, some jurisdictions distinguish between misrepresentation by degree of intent. The most likely defense to both Fraud and Misrepresentation is lack of intent. As well defendants may allege that no repre sentation was made to the effect that the mainframe system could or should be used beyond 2000. In other words, any misrepresentations made at the time of purchase are irrelevant for post-2000 use of the mainframe.

F. TORT OF NEGLIGENT MISREPRESENTATION - Need only show manufacturer should have known the product (mainframe in this case, others further down) would reasonably have been used after the year 2000 and that Y2K problems existed. Some U.S. jurisdictio ns do not recognize this as a valid cause of action.

G. PROFESSIONAL LIABILITY – Apply negligence theory, this tort is particularly relevant to custom made mainframe systems. Plaintiffs would allege that the manufacturer owed a duty to the plaintiff to use reasonable care in the production and sale o f their goods.

H. PRODUCT LIABILITY - while strictly a personal injury tort, the possibilities exist. For example, a RR crossing fails to warn motorists because of an embedded controller that cannot handle dates after December 31, 1999. Plaintiffs must prove that a design or manufacturing defect existed in the system. Interestingly enough, "00" was a design protocol and might not be deemed a defect.

2. Network & PC Customers v. Manufacturers:

Theories:

BREACH OF CONTRACT - LATENT DEFECT - There is an inherent "defect" in the BIOS chip and/or RTC of many PCs causing them to give invalid dates and in some rare cases to cease booting up anymore. A latent defect is relevant where PC purchasers seek to cancel the contract or claim none existed (Rejection or Revocation of Acceptance). If the purchaser could not adequately test the PC in order t o accept it, until January 1^st, 2000, it could be argued that the contract was never fully formed (if purchased shortly before) or that the contract be cancelled after formation.

On the network side, damages can be considerably greater. PC users may successfully avert significant problems by shutting down the system on December 31^st, 1999 and reboot on January 1, 2000. Network servers often don't have that luxury a nd some servers are running mission-critical applications 24 hours a day and cannot be shut down.

Defenses:

No Defect – Defendants may argue that in the PC market, products become obsolete relatively quickly, and therefore the PC became obsolete rather than contained a defect. Alternatively, Defendants may argue that the BIOS/RTC design was an industry standard over which they had no control.

"Defect" Reasonably Discoverable – Plaintiffs cannot ignore their responsibility to inspect goods purchased and later claim latent defect. A defendant may argue that a simple bios checker was readily available on the Internet and that the plaintiff failed to timely inspect the PC.

Statute of Limitations – While most statutes of limitations prevent suits to be filed after a certain number of years, many are tolled until a latent defect (if the basis of the lawsuit) is reasonably discoverable. A purchaser of a PC with a non-Y2K-compliant BIOS chip may or may not have reason to suspect and test its compliant status when the issue surfaced in 1995, was in the popular press in 1997, or perhaps when they read this article in 1998.

3. Customers vs. Software Manufacturers:

This one can be split up between "commercial off-the-shelf" (COTS) software and "custom" software.

Commercial off-the-shelf

Litigation related to COTS will most likely come in the form of class action lawsuits, because individual damages will unlikely warrant litigation. It is not hard to imagine a long line of end users suing software manufacturers for problems resulting from Y2K related problems. At the time this paper was published there are three pending class action lawsuits:

1. Atlaz Intl. Inc. v. Software Business Technologies –complaint alleging breach of warranty, fraud, deceit, fraudulent and unfair trade practices. The compliant also clams that Atlaz is unfairly forcing those who have copies of their software to purchase the year 2000 compliant software at additional cost.
2. Capellan v. Symantec- Complaint alleges Breach of Implied Warranties, Violation of Maugson-Moss Warranty Act, Fraud and Deceit, Fraudulent and Unfair Business Practices, Violation of Consumer Legal Remedies Act. The basis of these claim center around Symantec's charging customers for year 2000 upgrades.

There is currently only one outstanding law suit against a custom software manufacturer.

Produce Palace International vs. TEC-America. At time of writing, settlement offers have been made, but not accepted. The plaintiff alleges, inter alia, that year 2000 defects prevent use of credit and debit cards with expiration dates of "00". The Y2K reference is the allegation "that the computer system was installed in 1995 without the ability of the system to process credit cards that expire on or after the year 2000." The rest of the claim reads like a standard develo pment project gone bad.

The complaint alleges breach of warranty, violation of the Magnusson-Moss Warranty Act, breach of warranty of fitness, revocation, breach of duty of good faith, negligent repair, misrepresentation, breach of contract, and violation of the Mic higan Consumer Protection Act.

Successful law suits against Software manufactures will most like occur in this area based upon the following theories:

PROFESSIONAL LIABILITY –

Custom software developers are held to a higher standard than COTS producers and customers have a greater expectation of conformity to specifications. Programmers that fail to adhere to best practice standards, deviate from specifications and incorpor ate non-compliant code may be professionally liable.

BREACH OF WARRANTY OF MERCHANTABILITY –

Purchasers of custom software have perhaps greater expectation that the programs will continue to meet specifications beyond 2000 than purchasers of COTS software.

BREACH OF WARRANTY OF FITNESS

Custom software producers and systems integrators are often asked to collaborate or solely develop product specifications. This is because customers of custom software often approach the marketplace with a task to perform or a problem to solve, bu t not detailed specifications. In these instances, a purchaser of custom software may rely to their detriment on the expertise of the vendor. These type of purchasers may be entitled to recover for breach of warranty of fitness of fitness if the product fails to accomplish the task or solve the problem that was the basis of the bargain.

Systems Integrator's Defense – Systems integrators are likely to point the finger of blame to the component part manufacturers. If the Y2K event occurred within a component part of a larger complex system, two issues arise: modification by the systems integrator, and the duty of the systems integrator to select compliant components (or to identify non-compliant components and correct prior to incorporation).

4. Company vs. Company (Inter-company Liability)

Perhaps the most under reported potential for litigation is inter-company liability. Because Y2K is universal it impacts upstream and downstream supply chains. Breaks in the chain can cause upstream liability, particularly for just-in-time contractu al relationships. Most often these claims will be brought as breach of contract actions. The merit and defenses of these cases will vary by contract. Plaintiff corporations will seek to bring additional causes of action in hopes of reaching insurance p olicies that exclude "purely economic damages" and hence breach of contract actions. Most likely these additional claims will be forms of professional liability.

5. End Users vs. Contract Service Agents

Computer maintenance companies may be under contracts to repair "all problems" for $x.xx per month. They could find the scope of the contract suddenly becomes larger than expected. Customers could argue that under current maintenance contracts they ar e entitled to have their Year 2000 repairs performed. Under fee for service contracts, maintenance companies may be able to argue that the year 2000 problem is exclusively their responsibility and they are entitled to market rates for code conversion. I n other words maintenance agreements can be used a shield or a sword depending upon how it is constructed.

6. Stockholders vs. Directors & Officers

The SEC has informed the business community that Y2K issues are material to the financial stability of a company. Thus, Directors & Officers (D&O) have a duty to properly investigate their problem in time. If the company loses money when they c an't process invoices or orders, etc., the D&O's may be subject to derivative suits. This could become more important in view of the recent Caremark decision, but the full extent of the implications of the Caremark decision is not known at this time.

7. Customer vs. Retailer

Endless scenarios can be imagined where a customer's order is never placed because the computer system thinks it won't occur for 99 years (or has already occurred, etc.), and the customer suffers a financial loss. Another major possibility is litigatio n filed by clients whose finances or investments have been damaged in some way. The possibilities are too numerous to mention, but everyone who purchases goods/services from someone who uses a computer or embedded controller in the course of their busines s is a potential plaintiff. This may well be the bread and butter litigation for Y2K attorneys if the dollar amounts are large enough. If not, class-action possibilities exist.

If a customer sues a retailer, the retailer may feel it is necessary to file a claim against their own suppliers of good/services that caused the customer's loss.

8. Citizen vs. Government

Failure to provide governmental services can give rise to liability for the local, state or federal government. These cases are easy to identify in the area of tort litigation, such as personal injuries suffered as a result of traffic light outages. Sovereign immunity protects the Government, except where waived. In the US there are numerous federal and state tort claims acts that expressly grant private citizens the right to sue the government for specified instances of tortious behavior. Breaches of private contracts between the government and private companies can also cause liability. For example, the US Department of Treasury recently received a "D-" from Representative Horn for its Y2K progress. If the DOT, the largest distributor of checks in the world, cannot process check payments timely and accurately, many contracts may be breached.

9. Government vs. Corporation

There are two primary issues, government as plaintiff and government as regulator.

Government as Plaintiff

North Carolina issued a press release on January 29, 1998 that it was considering bringing a remediation-cost-recovery class action suit against numerous IT vendors that developed, installed, sold, and/or maintained the government's IT systems. The ba sis of the suit is expected to be fraud or misrepresentation and other states are considering joining the suit. Critics maintain that the primary motivation is retribution against those states that have sued the tobacco industry in similar class actions. Other states may consider similar actions, in part because of their constitutional requirement for balanced budgets.

Government as Regulator

There is a growing body of regulations pertaining to year 2000. Below are some new as well as pre-existing regulations that are thought to apply to private citizens and corporations.

Negligent Repair

If "repaired" systems fail, the consultants are the first targets of litigation. The first line of defense will be the contract itself if any indemnification or hold harmless agreements were made. The pivotal question in software work i s what is the standard of care? While that question can be answered simply as "best practice," what that means in Y2K is difficult to determine. We know that errors occur in programming generally. That is why bugs are commonplace and patches are a routine part of the IT business. In Y2K code conversion error rates as high as 15% have been reported. As well most Y2K projects are not "turnkey." In other words consultants are hired for a discrete project with definite parameters, wh ich allows a consultants to point the finger of blame back at the plaintiff.

About the authors:

Andrew M. Pegalis, Esq. is President of Next Millennium Consulting, Inc, He has given numerous presentations on Risk Analysis and the Year 2000. Other publications include: For Risk Managers the Year 2000 is Now, Business Insurance, Dec. 23/30, 1996; r eprinted in The Bottom Line, April 1997, at 32-34, and Year 2000 Problem - Strategies and Solutions from the Fortune 100 (Leon A. Kappelman ed., 1997). He can be reached at: info@consult2000.com or (301) 986-8500.

Dan Steinberg is involved in issues of convergence between technology and law. Dan is counsel to a number of organizations on Year 2000 legal issues and speaks on this topic to both public and private sector audiences. Other publications include: Risk Management: Why Compliance Agreements Aren't Enough; reprinted in Year 2000 Problem - Strategies and Solutions from the Fortune 100 (Leon A. Kappelman ed., 1997). He formed SYNTHESIS: Law & Technology as a loose association of multidisciplinary talent in the Ottawa area. Dan's education includes an LLB from Université de Montréal, an MBA from McGill University and a BSc from Concordia University. He can be reached at synthesis @travel-net.com or (613) 794-5356.