Order Code IB97036
CRS Issue Brief for Congress
Received through the CRS Web
The Year 2000 Computer Problem:
Congressional Issues
Updated April 22, 1999
Richard M. Nunno
Resources, Science, and Industry Division
Congressional Research Service ˜ The Library of Congress
CONTENTS
SUMMARY
MOST RECENT DEVELOPMENTS
BACKGROUND AND ANALYSIS
Federal Efforts
State and Local Efforts
Private Sector Efforts
International Efforts
Activity in Previous Congresses
Activity in the 106 Congress
th
Issues for Congress
LEGISLATION
IB97036
04-22-99
The Year 2000 Computer Problem: Congressional Issues
SUMMARY
Many computers were designed to store
2000 Information and Readiness Disclosure
a two-digit number for the year, which makes
Act (P.L. 105-271) encourages companies to
the year 2000 indistinguishable from 1900.
disclose information on the year 2000 readi-
Unless they are corrected, many computers
ness of their products and services; and the
will not be able to process dates beyond the
Omnibus Appropriations Act (P.L. 105-277)
year 2000, and may cause many costly prob-
includes $3.35 billion of emergency funds for
lems in commerce and government.
year 2000 conversions of federal systems.
Although Congress did not give federal agen-
Although some may still doubt the seri-
cies increased autonomy to reprogram appro-
ousness of the year 2000 (Y2K) problem, most
priated funds, agencies may use the emergency
business managers and government officials
appropriations, with White House approval, to
are now convinced that it proving to be diffi-
supplement their year 2000 conversion pro-
cult and time-consuming to correct. Federal
grams.
agencies have established year 2000 (Y2K)
program offices, and an interagency committee
In February 1998, the President estab-
has overseen several government-wide actions.
lished a Year 2000 Conversion Council and
State and local governments, private sector
appointed a director for year 2000 conversion
businesses, and foreign organizations also face
efforts in the federal government. The Council
the year 2000 problem for their computer
is working with federal agencies and private
systems.
sector groups to address year 2000 problems
at a national level.
Since 1996, many congressional hearings
have helped raise awareness of the year 2000
In the 106th Congress, hearings are being
problem in both government and the private
held and will continue to provide the public
sector. Several provisions were enacted in the
with the most accurate information available
104th and 105 Congresses. In FY1998
th
,
on the status of Y2K remediations at federal
funds were reprogrammed to perform year
agencies, state and local agencies, private
2000 work, and supplemental appropriations
sector entities, and international organizations.
were provided for year 2000 efforts at federal
Congress may also consider additional legisla-
agencies. In the 105 Congress, the Defens
th
e
tion to ensure that private sector systems are
Authorization Act (P.L. 105-261) directs the
year 2000 compliant, to establish emergency
Defense Department on its year 2000 conver-
preparedness measures to address problems
sion program; P.L. 105-164 enables all finan-
that might occur, and to limit liability associ-
cial regulatory agencies to examine year 2000
ated with Y2K failures for manufacturers and
efforts of institutions they oversee; the Year
industry groups.
Congressional Research Service ˜ The Library of Congress
IB97036
04-22-99
MOST RECENT DEVELOPMENTS
Recent year 2000 hearings include the following: on April 13 the House Subcommittees
on Technology and on Government Management, Information, and Technology hearing on
the Y2K readiness of critical programs of the federal government; on April 13, the House
Banking Committee hearing on finalizing the preparedness of banks and other financial
institutions, including testing, credit risk, contingency planning and liquidity, and customer
confidence; on April 14 the Senate Y2K Committee hearing on federal government Y2K
preparedness, focusing on those agencies that missed OMB’s March 31 target deadline for
reaching 100% Y2K compliance; on April 15 the House Veterans Affairs Committee,
Subcommittee on Oversight and Investigations hearing on Department of Veterans Affairs
Y2K readiness. Planned hearings include: Senate Y2K Committee hearings on April 22
(international oil industry), April 29 (911 emergency services), and May 10 (chemical
manufacturing and processing industry). Y2K liability legislation (S. 96 amended,
[http://www.senate.gov/~commerce/legis/legis.htm]) is expected to go to the Senate floor on
April 26.
Other recent events include: on March 30, the Federal Communications Commission
released a comprehensive assessment of the telecommunications industries Y2K
preparedness, concluding that the Commission is “guardedly optimistic” that disruptions
in telecommunications services will be minimal. On March 31, the American Hospital
Association released its survey of the Y2K readiness of hospitals, stating that most hospitals
and pharmaceutical companies expect to be Y2K compliant by January 2000. On April 2,
the Office of Management and Budget released an additional $199 million from the federal
Emergency Y2K Conversion Account for Y2K efforts of federal agencies, leaving $491
million in the Emergency Y2K Account for non-defense agencies and $135 million for
defense agencies. On April 21, the President’s Y2K Council released it second Quarterly
Summary of Assessment Information, providing a mixed review for Y2K status the various
service sectors and industrial components of the U.S. economy.
BACKGROUND AND ANALYSIS
For over three years, Members and committees of Congress have helped focus national
attention on the year 2000 (Y2K) computer problem, the inability of many computer systems
to process dates correctly beyond December 31, 1999. The problem results from a common
design scheme for computers in which dates are stored and processed using only the last two
digits for the year field (e.g., 98 for 1998). The two-digit year field is very common among
older systems designed when memory storage was more expensive, but it is also used in many
systems built recently. With this format the year 2000 is indistinguishable from 1900. The
year data-field in computer programs can perform various functions such as calculating age,
sorting information by date, and comparing dates. When years beyond 1999 are entered in
the two-digit format, those functions will often fail to operate properly.
While correcting a single year field is technically simple, the process of analyzing,
correcting, testing, and integrating software and hardware among all computer systems that
must interact is a very complex management task. In most cases, it is too expensive to
CRS-1
IB97036
04-22-99
purchase a completely new system, and the software must be modified to accommodate
four-digit years or to incorporate some other interim solution. To determine whether a
computer system needs to be modified, all of its software must be reviewed, which in some
cases entails reading millions of lines of code. The process of reading and interpreting the
code is made more difficult by the many computer languages in use and the shortage of
programmers with skills in older languages. In addition, many older programs no longer have
the accompanying documentation, such as source code (text-files of computer language
instructions written by programmers). Source code cannot be directly executed, but must be
compiled into object code that cannot be translated back into source code.
A further complication is that there is no single solution to correct computer systems of
the Y2K problem. Rather, there are dozens of standards, public and proprietary, for storing
and processing dates in computers. Also, the year 2000 is a special leap year that only occurs
every 400 years to keep the calendar accurate. (Leap years occur every 4 years except years
divisible by 100. However, century years are leap years if they are divisible by 400, such as
2000.) Products that are designed incorrectly will not account for the extra day needed in the
year 2000. As analysts investigated the Y2K problem, other date-related problems have been
identified that must be corrected to prevent computer system failures. Other dates expected
to be vulnerable to computer failures include the beginning of fiscal year 2000 for many states
and foreign countries, and September 9, 1999 (read 9999), which was commonly used by
software programmers to indicate the termination of a function.
Many managers initially doubted the seriousness of this problem, assuming that an easy
technical solution would be developed. Despite concerns that industry was exaggerating the
situation, the vast majority of research has refuted this view, concluding that inspecting all
computer systems, converting date fields where necessary, and then testing modified software
will be very time-consuming and costly. Research firms predict that, due to a lack of time and
resources, the majority of U.S. businesses and government agencies will not be able to fix all
of their computer systems by January 1, 2000. The Gartner Group, an information
technology research firm, estimated a cost of $30 billion to correct the problem in federal
agencies and up to $600 billion worldwide. Most agencies and businesses have come to
understand the difficulties involved, but some smaller firms have not yet started implementing
changes. Many companies offer Y2K conversion services, and software analysis products are
readily available to assist with finding and converting flawed software. While software tools
can assist in solving the problem, however, most of the work must be done by humans. Some
are concerned over a possible shortage of skilled programmers to perform the work, although
that situation has not been widely reported.
The widespread reliance on computer systems by federal, state, and local governments,
and by the private sector, raises the level of urgency for solving the problem for all systems
in use. Even if the problem is corrected for a given computer system, interactions with other
systems that are not Y2K compliant could result in false information corrupting the corrected
database. Flawed data can enter from the private sector into government agencies’ databases,
and from foreign countries into U.S. computer systems. Testing is particularly laborious
because the modified software must be tested in conjunction with all possible combinations
of other software programs with which it interacts, to ensure that functioning has not
changed. As a result of difficulty convincing executive management that this problem needed
to be addressed, many companies and agencies may not be able to complete their software
conversion and testing by January 1, 2000. For systems that process dates into the future,
CRS-2
IB97036
04-22-99
there is even less time. Many Y2K computer errors have already occurred. For additional
information on media coverage of the Y2K problem see CRS Report 98-781, Year 2000
Computer Problem: Selected Internet Addresses; and CRS Report 98-994, Year 2000
Computer Problem: Selected References.
The Y2K problem exists in computer software as well as hardware components called
integrated circuits (ICs), or chips, store or process data. ICs are sometimes pre-programmed
or “hard-wired” by the manufacturer to store or process year data using only two digits,
producing the same errors as the software that controls large computer systems when
processing dates beyond 1999. ICs are used in all computer hardware (PCs, minis, and
mainframes) and in many electronic devices that are not typically considered computers.
Some of these “embedded chips,” such as the read-only-memory (ROM), are used to store
data. Other embedded chips, called microprocessors, are used to control many different types
of systems such as industrial machinery, thermostats, lighting, sprinklers, medical equipment
and devices, building security systems, telephone services, electric power grids, public transit
systems, and other utility distribution systems.
Although most ICs do not store or process dates, those that do must be inspected and
replaced, if necessary, to avoid malfunctions from Y2K incompatibility. (For the case of
ROMs, some can be reprogrammed by the user to handle four digit years, but others must be
physically removed and replaced with Y2K compliant ROMs.) Billions of ICs are produced
and sold globally each year, leading to the possibility that great damage could result even if
only a tiny fraction of them malfunction. Furthermore, ICs are produced by hundreds of
different companies, some of which are located overseas. Even some ICs being produced
today and embedded in other systems, may not be Y2K compliant.
Federal Efforts
Federal agencies maintain many computer systems that manage large databases, conduct
electronic monetary transactions, and control numerous interactions with other computer
systems. For well over a year (and in some cases for many years) federal agencies have been
converting their systems to achieve Y2K compliance. Time constraints have forced agencies
to focus on fixing only the highest priority, or “mission critical” systems, and to shift
resources from other projects to work on Y2K efforts. In 1995, the Office of Management
and Budget (OMB) established an interagency committee, led by the Social Security
Administration, to facilitate federal efforts. These include the General Services Administration
(GSA) requirement that vendor software listed in federal procurement schedules be Y2K
compliant, and the National Institute of Standards and Technology (NIST) recommendation
that four-digit year fields be used for any federal electronic data exchange (Federal
Information Processing Standard 4-1). NIST has also developed specifications for use in
testing date and time functions of computer systems for Y2K compliance.
The interagency committee developed a world-wide web site to provide information on
Y2K conversion activities [http://www.itpolicy.gsa.gov/mks/yr2000/y201toc1.htm]. This
web site, managed by GSA, is linked to other federal agency Y2K web sites and those of non-
federal organizations that discuss activities and available resources on Y2K conversion. The
committee also developed a “best practices” report, describing how agencies can best
implement a solution. The report includes a comprehensive conversion plan, setting
CRS-3
IB97036
04-22-99
milestones for federal agency progress up to January 1, 2000, and provides a method for
dividing Y2K conversion activities into five phases: 1) awareness — gaining executive level
support and sponsorship; 2) assessment—conducting an inventory of core business areas and
processes that could be affected by the problem and prioritizing their conversion or
replacement; 3) renovation—converting, replacing, or eliminating systems, applications,
databases, and interfaces; 4) validation—testing converted systems applications or databases
for performance and functionality; and 5) implementation—testing for interoperability and
formal acceptance, and developing contingency plans. These five phases were adopted by
federal agencies and the General Accounting Office as a way of measuring progress toward
correcting the problem. Much of the private sector has adopted the five phase terminology,
as well as other information disseminated by the interagency committee.
In December 1996, OMB designated the interagency committee as an official
subcommittee of the newly established Council of Chief Information Officers (CIOs).
Through that subcommittee, the Federal Acquisitions Regulation (FAR) was amended to
increase awareness of Y2K procurement issues and to ensure that solicitations and contracts
address Y2K issues. The amendment has helped federal agencies to purchase Y2K compliant
products by providing a uniform approach toward solutions and a single definition for
compliance. In August 1997, the Federal Acquisition Regulation council adopted a final rule
for Y2K purchases, requiring federal agencies to purchase systems that process all dates
correctly. Noncompliant products must be upgraded by vendors before the earliest date at
which they will fail to process dates correctly. However, systems will not be expected to
produce correct results if corrupted data is used as the input.
The Department of Defense (DOD) has a particularly difficult challenge in inspecting,
correcting, and testing all of its systems. With each military service and defense agency
maintaining its own computer systems for military operations, acquisitions, and personnel
functions, DOD originally took a decentralized approach to managing the Y2K problem. In
1998, however, a single individual was appointed to manage all DOD Y2K conversion efforts.
DOD has several unique concerns apart from other federal agencies, such as its weapon
systems that contain embedded chips that store two-digit dates, and its huge volume of
computer-driven systems. With over one third of all computers in the federal government,
DOD has identified 2,581 mission critical systems, 48% of which were not yet Y2K compliant
as of November 15, 1998. Another problem caused by the inability of a DOD system to
process dates has been found in its Global Positioning System (GPS), a satellite system that
provides position and velocity information for many military and civilian aircraft (including
missiles), and ground vehicles. Malfunctioning of GPS (which could occur on August 22,
1999, when the system clock resets) could cause a loss of control of these vehicles and
systems.
In March 1997, at the prompting of the President’s National Security
Telecommunications Advisory Committee (NSTAC), the National Communications System
(NCS) initiated a study of the impact of the Y2K problem on the nation’s telecommunications
infrastructure. NCS is a cooperative effort made up of 23 federal agencies, led by the Defense
Information Systems Agency. Its mission is to coordinate national security and emergency
preparedness telecommunications during any crisis or disaster. NCS is working with the
telephone industry in studying the Y2K problem for public communications networks. NCS
is working with the intelligence community to address these concerns and has not released
further findings to the public.
CRS-4
IB97036
04-22-99
As a result of increasing attention on the embedded chip problem, in May 1997, the Y2K
Subcommittee formed a subgroup on medical devices and scientific equipment. The subgroup
is chaired by the Department of Health and Human Services and has representatives from
DOD, Food and Drug Administration, Centers for Disease Control, National Institutes of
Health, Departments of Veterans Affairs, Agriculture, Justice, and the Nuclear Regulatory
Commission. Their goal is to ensure that government-sponsored research and patient care
are uninterrupted by Y2K problems. In January 1998, the subgroup sent a letter to over
16,000 manufacturers of medical and scientific products used by the government, to collect
data on the Y2K compliance of their products. Over 1900 of those companies are
manufacturers of equipment with computer components. Many of those companies still have
not provided information on their products. The subgroup continues to collect additional
information on medical devices and scientific equipment, and maintains a database of Y2K
c o m p l i a n c e status of products on its web site
([http://www.fda.gov/cdrh/yr2000/year2000.html]).
In February 1998, the President issued a directive requiring federal agencies to assure
that critical federal programs are not disrupted by the Y2K problem. The directive established
a Council on Y2K Conversion, led by a presidential appointee, John Koskinen (former Deputy
Director of OMB), to oversee activities of all federal agencies, act as chief spokesman for the
executive branch, coordinate with state, local, and tribal governments, international groups,
and the private sector, and identify resources needed for agencies’ Y2K conversion efforts.
This appointment of a “Y2K Czar” represented a shift in Administration policy from a
decentralized approach for the Y2K effort, to a more centralized management approach, as
recommended by Members of Congress.
On July 14, 1998, President Clinton and Vice President Gore addressed the nation on
the Y2K problem, citing several Administration initiatives underway to address the problem.
These included a campaign by the Small business Administration to raise awareness among
small businesses, the so-called “good Samaritan” legislation to promote information sharing
in the private sector, a Department of Labor job bank for Y2K workers, a $12 million
contribution to the World Bank’s Y2K program, and a national campaign by the President’s
Y2K Council. The legislation, amended and later named the Year 2000 Information and
Readiness Disclosure Act, was enacted as P.L.105-271 on October 19, 1998.
The Administration has taken several actions this year, including introducing a new toll-
free telephone number (888-USA-4-Y2K) to provide Y2K information to consumers, and
creating a Senior Advisors Group of chief executive officers of major companies and trade
associations to provide Y2K information to the public. With requests from several Members
of Congress, on January 19 President Clinton discussed the seriousness of the Y2K problem
in his State of the Union address, urging all businesses and government agencies at federal,
state, and local levels to work diligently toward resolving it. The President’s budget request,
submitted February 2, included a total of $433 million for Y2K remediations at federal
agencies for FY 2000. The President’s Y2K Council has identified individuals to represent
each of 24 sectors of the Senior Advisors Group, which will provide updates to the
Administration on the Y2K preparedness of their respective industries. The Y2K Council also
established an International Y2K Cooperation Center to coordinate regional and sectoral
efforts to address the Y2K problem.
CRS-5
IB97036
04-22-99
Recent Administration activities include considering using some of the emergency Y2K
funds from the appropriated $3.35 billion to provide assistance to resolve Y2K problems at
nuclear reactor facilities in Russia and other former Soviet countries; meeting with Canada
and Mexico on February 23-24 to discuss cross-border Y2K issues; conducting its second
national small business action week for March 29-April 2; establishing a Y2K Help Center at
the National Institute of Standards and Technology to provide technical support to small
business; planning an emergency coordination center to collect, analyze and disseminate
information on problems occurring in January 2000; and developing a “toolkit” of information
for local community use. On March 18, the Office of Management and Budget released its
eighth Quarterly Report on federal agency progress on Y2K conversion. The report states
that 79% of federal mission critical systems are now Y2K compliant, and that three agencies
(down from five) are not making adequate progress in their Y2K conversion efforts. The
updated total cost for Y2K conversion is estimated at $6.8 billion.
State and Local Efforts
The status of Y2K remediations of state, county, and municipal governments varies
widely, with many having made estimates of the costs anticipated to correct the Y2K problem
for their own systems, and others not yet having completed inventories of their computer
systems. In December 1996, the National Association of State Information Resource
Executives (NASIRE) held a Y2K symposium, at which only 28 states were represented.
Since then, awareness and information sharing on the Y2K problem by state governments has
increased markedly. NASIRE continues to monitor Y2K conversion efforts of state
governments, and provides detailed information on its web site (www.nasire.org/year2000).
A November 1998 report by the General Accounting Office (GAO) stated that failure by
states to complete Y2K conversions could result in billions of dollars of federal benefits
payments not being delivered. Some states (e.g. Nevada, Virginia, Georgia, Hawaii) have
enacted laws providing full or limited immunity to the state from liability for date related
computer errors, and other states are considering similar legislation.
Many city and county government Y2K efforts lag behind state and federal agencies.
Federal agencies are concerned because they often receive data directly from city and county
offices. For example, local police forces regularly provide information to the Department of
Justice, and local health departments send information to the Department of Health and
Human Services. If city or county computer systems are not Y2K compliant, they could send
corrupted data to federal databases. If solutions implemented for a local computer system are
incompatible with solutions implemented for a given federal system, the data transmission may
fail. Cities and counties also share electronic information among themselves and with states.
Incompatibility between any of these systems can lead to system failures. A survey by the
National Association of Counties, released December 8, 1998, stated that half of the nation’s
counties do not have Y2K strategic plans, and estimated that America’s counties (not
including cities or towns) will spend $1.7 billion to achieve Y2K compliance. Many local
groups are conducting “town hall” meetings to discuss potential problems and contingency
plans at the city and community levels.
CRS-6
IB97036
04-22-99
Private Sector Efforts
Major industry sectors must coordinate their efforts to correct their computer systems
to insure that these sectors continue to function smoothly. The finance industry is particularly
critical because it relies on many daily transactions across geographic and political boundaries.
Banks, thrift savings institutions, credit unions, and stock markets must be sure that their
transactions can interoperate accurately. Other industries that must coordinate their Y2K
efforts include insurance companies, telecommunications providers (Federal Communications
Commission web site at [http://www.fcc.gov/year2000]), utilities companies (web site on
electric utilities industry at [http://www.euy2k.com]), computer manufacturers, and airlines.
Many of those groups have been reluctant to discuss the Y2K status of their computer
systems because of concerns over potential liability and a loss of trust by consumers. This
situation may change with the recently enacted Year 2000 Information Readiness and
Disclosure Act (P.L. 105-271).
According to estimates, companies are spending a significant portion of their information
technology budgets on Y2K conversion. Scores of companies have emerged offering
software tools or services to work on the Y2K problem. Some are new consulting firms
specializing in Y2K conversion, while others are established software firms that have entered
this potentially lucrative business. Nevertheless, a potential shortage of available, skilled
software programmers could raise the cost for Y2K conversion services as the year 2000
approaches. The Information Technology Association of America, representing the
information services industry, has a Y2K certification program to evaluate the processes and
methods of companies developing products and services or performing Y2K conversions. No
organization has offered to evaluate the Y2K compliance of specific software or hardware
products. Industry analysts are particularly concerned about small and medium-sized
businesses, many of which do not have enough staff to renovate and test all internal
computers and develop contingency plans for alternate suppliers and business partners.
International Efforts
Researchers agree that most foreign companies and governments lag behind those in the
United States in addressing the Y2K problem. Except perhaps in Canada, the United
Kingdom, Australia, and a few other countries, the issue has not received as much attention
as it has in this country. With the international economy increasingly reliant on electronic
commerce, U.S. businesses and government agencies have an interest in ensuring that their
foreign counterparts are addressing the problem. Concern is mounting that some foreign
banks are not preparing adequately to correct their systems. The European Union’s decision
to introduce its common currency, the euro, beginning in 1999 required financial institutions
to upgrade their computer systems to handle the new currency, causing additional delay in
their Y2K conversion efforts. A thorough assessment is lacking on the status of the Y2K
problem in foreign countries and the potential risks for U.S. citizens and organizations,
although some private sector studies are available.
In June 1997, NIST sponsored an International Symposium on the Y2K problem,
intended to bring together industries and governments to discuss strategies for managing the
problem, and areas of possible international coordination. Representatives from only four
CRS-7
IB97036
04-22-99
other countries attended the conference (Britain, Canada, Australia, and Sweden). Later in
1997, GSA attempted to raise international awareness of the problem by conducting a survey
of countries to determine their level of preparedness and identify common concerns. Only
two countries responded to the survey. In 1998 GSA sponsored an international Y2K “virtual
conference” in which GSA received analyses and status reports of some countries, and posted
reports on its web site.
Several international organizations are now involved in raising awareness of the Y2K
problem. These include the United Nations (UN), the Organization for Economic
Cooperation and Development, the Bank for International Settlements, the World Bank, and
the European Commission, whose Y2K web sites are all linked to GSA’s web site. In May
1998, the Summit of eight industrialized nations (Britain, France, Germany, Italy, Japan,
Canada, United States, and Russia), discussed the Y2K problem in the context of promoting
sustainable growth and political stability in the global economy. The group agreed to work
with businesses and international organizations to assist developing countries in addressing
the problem. On December 11, 1998, Y2K coordinators representing over 120 nations met
at the UN to discuss ways to work together on common problems.
Activity in Previous Congresses
The 104 and 105th Congresses focused
th
on prompting federal agencies, state, local and
foreign governments, and businesses to work on correcting the problem for their computer
systems. (For a detailed chronology of congressional hearings and legislation, see CRS
Report 98-377, Year 2000 Problem: Chronology of Hearings and Legislation, updated
regularly.) These hearings, speeches, reports, and legislation have helped to increase media
coverage of the Y2K issue and encourage action toward remediation.
The first congressional hearing on the Y2K problem was held in April 1996 by the House
Government Oversight and Reform Committee, Subcommittee on Government Management,
Information and Technology. The hearing focused on Y2K conversion issues for federal
agencies. In May 1996 the House Science Committee, Subcommittee on Technology,
conducted a hearing on potential technical solutions and possible roles for government in
addressing the problem. These hearings revealed that major federal departments were still in
initial planning stages, many agencies did not yet have cost estimates, and most agencies had
not completed inventories of their code or developed plans to solve the problem. The two
subcommittees began conducting joint hearing to investigate various aspects of the Y2K
problem.
The 104th Congress enacted three legislative provisions regarding the Y2K problem.
The FY1997 Defense Authorization Act (P.L. 104-201) directed DOD to assess risks caused
by the Y2K problem, and urged DOD to purchase only Y2K compliant products. To avoid
contract delays, DOD could purchase noncompliant products if vendors made them compliant
at reasonable cost. The FY1997 Omnibus Appropriations Act (P.L. 104-208) gave DOD $5
million to validate tools and methodologies for Y2K conversion. The FY1997 Treasury,
Postal Service, and General Government Appropriations bill (P.L. 104-208) directed OMB
to provide a cost estimate for Y2K work, a strategy to ensure that computer systems will
operate in the year 2000, and a timetable for implementing the strategy.
CRS-8
IB97036
04-22-99
Early in the 105 Congress, OMB submitted a report to Congress, to fulfill th
th
e
requirements of P.L. 104-208, with $2.3 billion as its first estimate of the cost to convert the
software of all federal computer systems to enable the processing of dates beyond 1999. The
estimate did not include upgrades or replacements of systems that would otherwise occur as
part of the normal systems life cycle, or the federal share of the costs for state information
systems that support federal programs. Federal agencies focused on systems they considered
“mission critical” rather than all systems. The Administration’s strategy was for the CIO of
each agency to address the problem for their respective organizations, noting that no single
approach can be taken for all systems. Attention the Y2K problem increased, however, with
GAO’s February 1997 report identifying the Y2K problem as a “high risk” for federal
agencies, and recommending a process for agencies to achieve Y2K compliance.
In February 1997, the Senate Committee on Banking, Housing and Urban Affairs
requested status information on the finance industry from the six financial regulatory agencies:
the Federal Reserve Board (FRB), the Federal Deposit Insurance Corp. (FDIC), the Office
of Thrift Supervision (OTS), the National Credit Union Administration (NCUA), the Office
of the Comptroller of Currency (OCC), and the Securities and Exchange Commission (SEC).
The Committee obtained information on the supervisory efforts of these agencies to ensure
the Y2K readiness of the financial industry. Shortly after the Committee inquiry, the Federal
Financial Institutions Examination Council, an interagency body made up of the FRB, FDIC,
OTS, NCUA, and OCC, issued guidelines for financial institutions and federal examiners to
address to avoid major service disruptions. As a result of efforts of the House and Senate
Banking Committees, the six financial regulatory agencies began providing quarterly briefings
to Congress on the status of the finance industry. In March 1998, the Examination Parity and
Year 2000 Readiness for Financial Institutions Act (P.L. 105-164) was enacted to extend the
authority of the Office of Thrift Supervision and the National Credit Union Administration
to examine the operations of service corporations or other entities that perform services under
contract for thrifts and credit unions, thereby giving those agencies statutory parity with the
other financial regulatory agencies.
In March 1997 the House Subcommittee on Government Management, Information and
Technology and Subcommittee on Technology conducted an inquiry on the Y2K vulnerability
of chips used in electronic devices that are either owned, used by, or regulated by federal
departments and agencies. Based on agency responses, the CIO Council agreed to form a
Biomedical Subgroup of the Y2K subcommittee to study embedded chip issues in federal
agencies. The CIO Council also agreed to have agencies submit quarterly reports on the
status of their Y2K efforts, with updated cost estimates.
In April 1998, the Senate established a “Special Committee on the Year 2000
Technology Problem” to study the impact of the Y2K problem on the executive and judicial
branches of the federal government, state governments, and private sector in the United
States and abroad. In June, the House established a Year 2000 Task Force, co-chaired by
Representatives Horn and Morella, to coordinate House efforts.
The Treasury, Postal Service, and General Government Appropriations Act for FY1998
(P.L. 105-61) directed OMB to report to Congress on a quarterly basis, on federal agency
progress toward Y2K conversion. To date, OMB has sent eight quarterly reports to Congress
on the progress of federal agency Y2K conversion efforts. OMB’s cost estimate for federal
agency Y2K conversion has increased steadily and is currently $6.4 billion. OMB has targeted
CRS-9
IB97036
04-22-99
March 31, 1999, for federal agencies to have completed the renovation, validation, and
implementation phases of all Y2K conversions. The latest report (released March 18, based
on data received February 12) categorizes the 24 largest agencies into one of three tiers based
on evidence of progress in their reports: three agencies are in tier 1 for not making adequate
progress; eight agencies are in tier 2 for having evidence of progress, but with concerns; and
13 agencies are in tier 3 for making satisfactory progress. Tier 1 agencies include the
Departments of Health and Human Services, Transportation (in particular the Federal
Aviation Administration), and the Agency for International Development. Of the 6,399
mission critical systems in the 24 largest agencies, 79% are Y2K compliant. Of the remaining
mission critical systems, 71% are being repaired, 20% are being replaced, and 9% will be
retired. Government-wide issues OMB identified include, lack of independent verification and
validation of Y2K compliance, contingency planning, and data exchanges with states and
other entities.
In the final days of the 105 Congre
th
ss, three additional legislative measures on the Y2K
problem were enacted. The Defense Authorization Act (P.L. 105-261), enacted October 17,
prohibits DOD from purchasing for systems that are not Y2K compliant; requires DOD to
report on its Y2K compliance strategy, including contingency plans; requires DOD to develop
Y2K simulations for training exercises; requires DOD and CIA to report on plans for ensuring
continuity of operations, and to outline agreements with foreign countries to ensure that
problems with strategic systems in those countries do not pose a threat. The Y2K
Information and Readiness Disclosure Act (P.L. 105-271), enacted October 19, is intended
to encourage companies to disclose information on the Y2K readiness of their products and
services. On October 21, the Omnibus Appropriations Act (P.L. 105-277) was enacted,
which included emergency Y2K funding for federal agency conversion efforts totaling $3.35
billion. On December 18, the Senate Special Committee on the Y2K Problem held a field
hearing on potential disruption of water services.
Activity in the 106 Congress
th
The Y2K problem continues to receive attention in hearings and legislation of the 106th
Congress. On January 15, the Senate Appropriations Committee reviewed the status of
federal agencies and other issues with the Chair of the President’s Y2K Council. On January
20, a hearing by the House Government Management, Information and Technology
Subcommittee and House Technology Subcommittee investigated the Y2K status of federal,
state, local, and foreign governments. The Senate Commerce Committee held a hearing on
February 9 to discuss whether to limit lawsuits resulting from product or system failures
associated with the Y2K problem. The Senate Commerce Committee held a hearing on
February 9 to discuss whether to limit lawsuits resulting from product or system failures
associated with the Y2K problem. Several Y2K-related bills have also been introduced (see
legislation section).
On February 24, the Senate Armed Services Committee, Readiness and Management
Support Subcommittee hearing on the national security ramifications of the Y2K problem; on
March 1, the Senate Judiciary Committee hearing on S. 461, Y2K Fairness and Responsibility
Act; on March 2, the Senate Y2K Committee hearing on the Y2K preparedness of the food
industry, March 5 on international Y2K issues, and March 11 on litigation issues associated
with the Y2K problem; on February 19, the House Committee on Government Reform and
CRS-10
IB97036
04-22-99
Oversight, Subcommittee on the District of Columbia hearing on the District’s Y2K
preparedness; on February 23, the Subcommittee on Postal Service and the Government
Management, Information and Technology Subcommittee joint hearing on the Y2K
preparedness of the U.S. Postal Service; on February 24, the House Ways and Means
Committee hearing on selected federal agency Y2K conversion efforts and implications for
beneficiaries and taxpayers; on March 2, the House Science Committee, Technology
Subcommittee and the Government Management, Information and Technology Subcommittee
joint hearing on Y2K issues for the Defense Department and national security systems; March
9, the two House Subcommittee’s joint hearing on Y2K liability issues. The House
Government Management, Information, and Technology held hearings on March 15 on the
Federal Aviation Administration’s Y2K preparedness, and on March 22, on Y2K emergency
management preparations; the Senate Y2K Committee canceled its March 25 hearing on
Russian nuclear issues and U.S. plans for early warning system cooperation.
Representative Horn has released several sets of grades to federal agencies, on their Y2K
conversion status. The first grades, issued in July 1996, were based on reports by federal
agencies on the status of their Y2K conversion programs. Subsequent grades have been
based on progress made by the agencies. The most recent grades, released February 22, 1999,
gave the Administration an overall grade of C+ (his highest grade to date). On February 24,
the Senate Y2K Committee released a report summarizing the Committee’s findings to date,
detailing concerns with industry and service sectors that might be of greatest risk, and
ranking foreign countries in terms of their Y2K preparedness. On March 8, Representative
Markey and Senator Harkin sponsored a nuclear Y2K symposium to investigate Y2K issues
for U.S. and foreign nuclear weapons and reactors.
Issues for Congress
Despite extensive media coverage and many congressional hearings, some businesses and
individuals still doubt the seriousness of the Y2K problem. Numerous reports by GAO,
however, identify problems with systems at every federal agency reviewed, and other non-
federal systems. The vast majority of private sector studies reach similar conclusions. Some
economists predict a worldwide recession caused by the Y2K problem. Virtually everyone
agrees that the hearings held by Congress, along with letters to agencies, press conferences,
reports, and legislation, have been effective in raising awareness. Yet many also feel that
federal, state, and local agencies, and businesses have not made enough progress. The 106th
Congress continues the oversight of efforts through hearings, public fora, and press releases.
In an attempt to mitigate the negative consequences of the Y2K problem, Congress has
used several strategies. One was to provide additional funding to federal agencies beyond
their usual information technology budgets to work on the Y2K problem. The FY1998
Supplemental Appropriations Act (P.L. 105-174, enacted May 1, 1998) added $86 million
for Y2K conversion work in the Federal Aviation Administration, the Treasury Department,
and the Health Care Finance Administration. In addition, the President’s FY1999 budget
request included a $3.25 billion discretionary allowance for emergencies including unforeseen
defense and non-defense costs, natural disasters, and expenses of the Y2K conversion. The
budget request did not specify what portion of that allowance would be used for Y2K
conversion, or which agencies would use it. The Omnibus Appropriations Act for FY1999
(P.L. 105-277, enacted October 21) included $3.35 billion of emergency funds for federal
CRS-11
IB97036
04-22-99
agency Y2K conversion efforts ($1.1 billion for DOD and $2.25 billion for all other federal
agencies), to remain available until September 30, 2001. Because they were designated as
emergency funds, they did not require offsetting receipts from other appropriations. OMB
controls all funds for federal agencies other than DOD and legislative branch agencies, and
has already allocated most of those funds. Some speculate that additional FY1999 federal
funding for Y2K conversion may become necessary.
Another approach used by Congress was to reprogram funds for Y2K work for specific
agencies determined to need additional funds. For example, the FY1998 Treasury and
General Government Appropriations Act (P.L. 105-61), directed the Internal Revenue
Service (IRS) to use $376.7 million from its information systems development account for
century date change efforts, and reprogrammed $87 million from other IRS programs to Y2K
conversion efforts. The Departments of Veterans Affairs, Housing and Urban Development,
and Independent Agencies Appropriations Act for FY1998 (P.L. 105-65) reprogrammed $8
million from existing appropriations for the Veterans Benefits Administration to work on Y2K
problems. The Departments of Labor Health and Human Services, and Education, and
Related Agencies Appropriations Act for FY1998 (P.L. 105-78) made $183 million available
from existing appropriations for the Labor Department’s Labor Unemployment Insurance
program to assist states to convert their automated state employment agency systems to be
Y2K compliant.
Some observers called for the more extreme measure of mandating a four digit standard
for all federal electronic data exchange, modeled after the IRS policy requiring a four-digit
standard for all of its transactions. Computer industry representatives, however, argued that
any standard should be developed by the private sector rather than government. They also
argued that there is no time for industry to develop a consensus standard, and furthermore,
that a single standard would not be appropriate for all cases. Some Members suggested that
Congress should do more to ensure that information technology products are Y2K compliant.
Requiring Y2K compliance in products might be unrealistic, however, because it is impossible
to test all of the components in a product with every possible interface to insure Y2K
compliance in all applications. To help federal purchasers, as well as consumers, GSA
maintains a list on its web site of commercial off-the-shelf (COTS) products for which the
manufacturer has stated are Y2K compliant (using the FAR definition for Y2K compliance).
Congress is also concerned about liability issues. Some want Congress to require that
companies disclose their Y2K status. Conversely, others want Congress to set limits on the
liability that a company can face if it discloses Y2K vulnerabilities of its products. Several
bills have already been introduced in the 106 Con
th
gress addressing these concerns (See CRS
report RL30088, Year 2000 Liability Legislation: A Legal Analysis). The Administration
does not have a policy to determine whether federal agencies or their contractors are
responsible for damages resulting from Y2K errors, arguing that it is more important to focus
on fixing the problem.
Some Members urged the SEC to require all publicly traded companies to submit Y2K
compliance disclosures for new stock offerings. Many opposed such a policy, however,
arguing that whether or not to require disclosure should be decided by private sector groups
rather than the SEC. In May 1997, the SEC posted a statement for public discussion on the
nature of disclosure made by publicly traded companies, stating that if the Y2K problem could
cause “material adverse consequences,” companies should provide their projected
CRS-12
IB97036
04-22-99
expenditures and associated uncertainties as part of their quarterly report to the SEC. In June
1997, the SEC reported to Congress that most self-regulatory organizations (such as the
stock exchanges) are making adequate progress on the Y2K problem. The SEC continued
to monitor efforts of regulated entities (brokers, dealers, agents, and investment companies)
and the Securities Industry Association. SEC rules require public companies to report
in-house Y2K conversion costs as an expense, rather than capitalized over a period of years.
In January 1998, the SEC issued additional guidance to strengthen the requirements for
public companies to disclose the status of their Y2K conversion efforts. After receiving the
second quarterly reports with little increase in Y2K reporting, the SEC started unequivocally
requiring Y2K readiness reporting, and prosecuting companies that failed to report their Y2K
readiness. For further discussion, see CRS Report 98-966, The Year 2000 Computer
Problem: Legal Issues.
Many Members are concerned about the efforts of foreign and international
organizations to address the Y2K problem. Unless the problem is corrected within every
country, both in government and the private sector, international commerce could be
adversely affected. Research indicates that most of the rest of the world lags behind the
United States in addressing the problem, although there is a lack of information or analysis
on efforts in some countries. Some are concerned over whether foreign air traffic control
systems will interoperate with U.S. systems after Y2K renovations are performed. Potential
risks to safety systems of foreign nuclear energy reactors has also come into question.
Some countries, however, have strong Y2K programs in place. The British government’s
Action 2000 program in 1998 received £17 million for outreach and publicity, £70 million
to help small and medium sized businesses address the Y2K problem, and £10 million to the
World Bank to assist the Y2K conversion efforts of lesser developed countries. In FY1999
appropriations, the United States provided $12 million to the World Bank’s outreach effort
to lesser developed countries.
Many have become concerned over the national security implications of the Y2K
problem. The possibility of a weakened command, control, communications, and intelligence
(C4I) infrastructure due to potential system failures, the diversion of resources away from
information security efforts, and the possible sabotage of defense systems by individuals
performing Y2K remediation, are all potential risks faced by military and intelligence
operations. In addition, there is concern over the continued interoperability of U.S. systems
with those of NATO allies and the proper functioning Russia's early warning systems. DOD
officials are discussing these issues with NATO and Russian counterparts for collaborative
operations and the sharing of data. The intelligence community is also investigating the
potential impact of non-compliant systems in foreign countries on U.S. systems. Reports of
the Administration's activities in this area, however, are not open to the public.
Congress has become increasingly concerned over potential risks posed by the Y2K
problem to critical national infrastructures, such as utilities, telecommunications,
transportation, financial services, and health care. For further discussion of this issue, see
CRS Report 98-967, Year 2000 Problem: Potential Impacts on National Infrastructures. The
President’s Y2K Council has been working with the federal agencies that regulate sectors of
the economy to help the critical infrastructures in achieving Y2K compliance. Legislation was
introduced in the 105 Congress
th
requiring the Y2K Council to produce an assessment of the
CRS-13
IB97036
04-22-99
Y2K problem and a strategy to ensure that critical services will remain intact. On January 7,
1999, the Y2K Council issued its First Quarterly Summary of Assessment Information
compiled by federal agencies. The report concludes that there will not be large-scale
disruptions in key infrastructures, that the financial industry is especially well prepared, but
that international failures are likely. Most of the data in the report, however, was compiled
by industry groups and may not provide enough independent observation or analysis to
evaluate the risks to the nation’s critical services and infrastructures.
Some argue that if larger systems are not already close to becoming Y2K compliant, the
companies or agencies responsible for those systems should shift their focus from compliance
efforts to developing contingency plans. Only a small number of federal agencies, and very
few private sector entities, have released contingency plans to the public. The Small Business
Administration is implementing an outreach program to distribute Y2K informational
materials to small businesses through its web page and with partners in the banking and
insurance industries. Some have called for a leader from the private sector to act as a national
spokesman in prompting all of the economic sectors to work together to correct and test
critical infrastructures and develop contingency plans.
The Administration is also developing an emergency preparedness plan, to be
implemented by several federal agencies and led by the Federal Emergency Management
Agency (FEMA). The Administration has not yet released any details, however, and some
observers question whether FEMA currently has the resources to respond to a potentially
large number of demands for assistance that could arise in January.
In the past, although other computer-related problems have received national attention,
Congress did not become deeply involved in their solutions. Two examples are computer
viruses and the information systems security. The private sector was able to address these
problems with virus detection software and encryption systems to provide information
security, privacy, and authenticity. It is unclear, however, whether the market alone will
provide the incentive for industry and government to eradicate the Y2K problem. In the
future, other systemic computer problems might arise that would elicit a response from
Congress, such as adapting to a new European monetary unit (EMU) or expanding the
number of digits in social security numbers or telephone area codes. To lay the groundwork
for addressing future computer-related problems, Congress may consider focusing more
federal research on computer reliability.
LEGISLATION
H.J.Res. 14 (Linder)
Joint Resolution to designate Monday, January 3, 2000, as the day of the observance of
the New Year’s Day holiday in that year. The intention was to provide an extra day for
government agencies to resolve Y2K problems before commencing normal operations in the
new year. Several groups, however, including the Administration, have opposed this idea,
arguing that the additional software changes necessary to implement the change in holiday
observance would further complicate Y2K renovations and testing. Introduced January 6,
1999; referred to Committee on Government Reform.
CRS-14
IB97036
04-22-99
H.R. 179 (Thurman)
Businesses Undergoing the Glitch Act, would allow small businesses to deduct Y2K
conversion costs from their gross income for federal income tax reporting. Introduced
January 6, 1999; referred to Committee on Ways and Means.
H.R. 192 (Manzullo)
Year 2000 Consumer Protection Plan Act of 1999, would establish judicial and
administrative proceedings, a standard of proof, and damage limitations for legal actions
brought in cases of Y2K processing failures. Introduced January 6, 1999; referred to
Committee on the Judiciary.
H.R. 775 (Davis)
Year 2000 Readiness and Responsibility Act, to establish procedures and limitations for
civil actions brought for damages relating to the Y2K failure of any device or system.
Introduced February 23, 1999; referred to Judiciary Committee.
H.R. 1319 (Eshoo)
Y2K Fairness in Litigation Act, to foster incentives to settle year 2000 lawsuits that may
disrupt significant sectors of the American economy. Introduced March 25, 1999; referred
to the Committee on the Judiciary.
H. R. 1447 (Ford)
National Y2K Test Day Act, to provide for the coordinated end-to-end testing and
disclosure of the readiness of certain Federal and non-Federal computer systems for the year
2000 computer problem. Introduced April 15, 1999; referred to the Committee on Science.
S. 96 (McCain)
Y2K Act, would limit liability and damages for defendants in suits involving Y2K
failures. Introduced January 19; referred to Committee on Commerce, Science and
Transportation. Reported to Senate from Committee on Commerce, Science, and
Transportation, with amendment in the nature of a substitute, S.Rept. 106-10 (CR S2503),
March 10; further amended April 22, sponsored by Senators McCain, Wyden, Gorton,
Abraham, Lott, Frist, and Burns [http://www.senate.gov/~commerce/legis/legis.htm].
S. 174 (Moynihan)
Y2K State and Local GAP (Government Assistance Programs) Act of 1999, would
provide funding for states to correct Y2K problems in computers used to administer state and
local programs. Introduced January 19, 1999; referred to Committee on Finance.
S. 314 (Bond)
Small Business Year 2000 Readiness Act, to direct the Small Business Administration
(SBA) to establish a loan guarantee program to address Y2K problems of small businesses
at slightly higher amounts than SBA’s existing 7(a) general business loan program. Introduced
January 27, 1999; referred to Committee on Small Business; reported to Senate February 23
S.Rept. 106-5); passed Senate without amendment March 2; introduced in House (H.R.
1056) and referred to Small Business Committee March 3; hearing March 12; passed House
under suspension of the rules March 23; signed by the President (P.L. 106-8) March 25.
CRS-15
IB97036
04-22-99
S. 461 (Hatch)
Year 2000 Fairness and Responsibility Act, to foster an incentive to settle Y2K lawsuits
that may disrupt significant sectors of the American economy by requiring procedures to be
followed before and during Y2K civil actions and class actions. Introduced February 24,
1999; referred to Judiciary Committee; hearing March 1.
S. 738 (Dodd)
Y2K Fairness in Litigation Act, to foster incentives to settle year 2000 lawsuits that may
disrupt significant sectors of the American economy. Introduced March 25, 1999; referred
to the Committee on the Judiciary.
S. 544 (Stevens)
FY1999 Emergency Supplemental Appropriations bill. Contains provision (section
3002) that would reduce the non-defense Y2K emergency fund by $973 million, eliminating
the remaining balance in that fund. Reported by Committee on Appropriations March 4, 1999
(No. 106-8); passed Senate March 23 (with amendments).
CRS-16