a glitch in time____ THE "MILLENNIUM BUG" ISN'T JUST A PROBLEM FOR PROGRAMMERS.

AN
EXPERT WARNS IT COULD SERIOUSLY SCREW UP OUR ECONOMY AND OUR LIVES. BY SCOTT
ROSENBERG | It could be the electricity that goes first -- the national power
grid brought down by confused microchips. It could be the banks, brought to their
knees by befuddled bookkeeping programs that think they've been flung backwards in
time by a century. Or maybe it will be the telephone system. Or the stock markets.
Government agencies like the IRS. Trains, planes, even some automobiles. Whatever
the order of our going, when the clocks on millions upon millions of computers and
digital systems click over to "2000" at midnight on Dec. 31, 1999, we all may go
down together. That, at least, is the pessimistic warning from software management
expert Edward Yourdon. There are lots of opinions out there about the so-called
"millennium bug" or year 2000 crisis; no one knows for sure what will happen when
parts of our vast electronic grid wake up on the morning of New Year's Day, 2000,
and can't remember what day it is. But the warning voices are getting louder: Last
week, Federal Reserve Chairman Alan Greenspan told Congress, "Inevitable
difficulties are going to emerge. You could end up with ... a very large problem."
In the face of such uncertainty, Yourdon's new book, "Time Bomb 2000" (Prentice
Hall, 416 pages), argues for caution -- and prescribes some doses of healthy fear.
Don't relax and think, "They'll have it fixed in time," and don't trust the
executives and functionaries out there who blandly reassure you that they have the
situation under control, Yourdon warns: Unless they can provide written assurances
that their systems are "Year 2000 compliant," they are probably simply crossing
their fingers. Most companies and institutions got a slow start on the mammoth
project of updating all their old software and systems to think of years in four
digits rather than two -- and in many cases it's already too late to finish in
time. Software projects are notorious for running overtime -- but the calendar
won't wait. And throwing hordes of programmers at the problem at the last minute is
likely to be worse than useless. Rushing a software project, the saying goes, is
like rushing a pregnancy -- you can't make a baby in one month by putting nine
women on the job. But the real kicker of Yourdon's argument lies in his notion of
"ripple effects." Even if your employer, bank, insurance company and electric
utility all have their acts together, significant numbers of companies and
institutions won't. It will do you no good to shop at a "year 2000 compliant"
supermarket if its distributors' computers have gone kaput and the shelves are
bare. A company may fix every line of software code on its mainframe computer
systems, only to be hobbled by bad code in "embedded systems" -- chips that control
mundane stuff like elevators and security systems and factory machinery. Even if
only a small percentage of companies get into trouble, in today's economy we're all
connected -- and just a few percentage points of year 2000 trouble could spell
recession or worse. Yourdon's previous books -- like "The Decline and Fall of the
American Programmer" and "Death March" -- were aimed at professional programmers.
But "Time Bomb 2000," which Yourdon co-authored with his daughter Jennifer, is
written for the general public. It provides the reader with exhaustive scenario-
planning and survival advice based on the prospects of a "two-day failure," "one-
month failure," "one-year failure" and "10-year failure." While the book doesn't
outright predict "a moderate, serious or devastating collapse of the nation's
socio-economic system," it's chilling that it even brings up the possibility. Even
if the worst-case scenarios never come to pass, Yourdon argues, "It's better to be
terrified now." He has acted on his own advice, trading in a New York City home for
one in New Mexico -- on the theory that Manhattan will be the worst place in the
world to be in the event that our economic infrastructure collapses. Yourdon -- a
congenial and methodical man who seems genuinely distressed about the bad news he's
bearing -- spoke to me last week at the Salon offices. We've all grown jaded about
books that tell us the sky is falling, but given the range of Yourdon's experience
and the persuasiveness of his arguments, he may be one Jeremiah worth heeding. What
made you write "Time Bomb 2000"? I've been a consultant for 30-odd years, and I'm
accustomed to seeing large projects that have collapsed. You walk in, you see an
organization that's launching this Mongolian horde project and, as an outsider, you
can smell death in the air right away. You know they're doomed -- they won't admit
it, they may not even know it, but it's obvious. And I'd say, well, that's OK, I'll
collect my consulting fee, I'll make sure that I'm not standing anywhere near this
thing when it goes under. And you move on. But about a year and a half ago I woke
up one morning and thought, uh-oh, this one is different. Because it's everything
-- it's every insurance company and every utility company. And if they all go down,
and they're all interconnected, then my family goes down with it. That's what got
me going. Typically, I would come home from a lot of work assignments and say to my
wife, "You won't believe what those guys at company X did!" And my wife is actually
very computer literate, so she would understand technically what I was saying. But
her answer always was, "Who cares? What's this got to do with me?" Nothing
whatsoever. Here, it does matter. That was kind of an epiphany for me. Is the
situation really as bad as you make it out in "Time Bomb 2000"? We took a pretty
neutral position, relatively speaking. Personally, I think it's worse than what we
laid out, writing last summer. Things have gotten worse in the last six months. If
you see any of the informal surveys on any of the newsgroups -- like
comp.software.year2000 -- they're pretty pessimistic. The last one I saw asked for
your assessment of how bad it could be on a scale of 1 to 5, where 1 is no big deal
and 5 is, you know, the end of Western civilization. And they're usually in the
range of 3 and a half to 4. Serious stuff is going to happen. These are people who
are directly involved in year 2000 projects and are beginning to see that, gee,
this stuff is taking forever, and they're not really getting the support from
senior management that they desperately need. There are two groups of computer-
literate people: people that are directly involved in year 2000 projects and
everybody else -- including the Internet people, and the Java people, and the
client-server people. And people in the latter category are often oblivious. "Oh,
it's a few COBOL programs, who cares?" Or they'll say, "Well, my Macintosh is
compliant, nyah nyah nyah." - - - - - - - - - - - - - - - - - Are we all
vulnerable? Is anyone safe? Even if you work in a purely manual mechanical world
with no computers within 20 miles of your office, if you've got customers and
suppliers and any kind of interaction with society, or if you find electricity
convenient, if you use a telephone, if you've got a bank account, then you're
vulnerable, period. There's no doubt about that at all. It's just much more obvious
if you work in a high-tech environment. You can brush aside lots of secondary
things and you've got this so-called "iron triangle": utilities, banks and
telephone companies. Since the book came out we've gotten more and more information
about the utilities. There are 9,000 electric utilities in this country. One
hundred and eight nuclear plants, and none of them are compliant -- not a one.
Recent surveys indicate that a third of them still haven't started. The thing I
find scary is that a lot of the utility companies that are working on year 2000 are
working on their mainframe systems -- they want to make sure their billing systems
are OK -- and they haven't thought about their embedded systems. It really is very
frightening. I've started getting e-mail correspondence from some Deep Throat-style
informants about a couple of the bigger telephone companies that are way far
behind. AT&T, MCI and Sprint are all dealing with portfolios of 300 million or 400
million lines of code. That's a big job. Why didn't companies start sooner? Is it
because they don't see any short-term benefit in spending lots of money now to
avert a disaster that no one can say for sure will happen? I think we're past that
stage. That was the big problem in the '93-'95 period: trying to persuade senior
managements that they ought to do something when there was no return on investment.
Now I think it's gotten to the point where senior management, if nothing else, is
aware of the legal risk. They may still think that it's a financial pain in the
neck, but their lawyers are saying, "You know what? If we don't get our stuff fixed
we're gonna get sued right out of business." So now the problem is that senior
management says, "Yes! Do it! I hereby decree that it will be done." But they don't
follow through, or they don't provide the funds or the active leadership to keep
the troops in line. And they don't seem to acknowledge that traditionally all of
their projects have been six months or a year late, and this one's going to be no
better. The thing that's scaring a lot of us now is that some of them are not even
doing triage to concentrate on the mission-critical stuff -- and virtually none of
them are doing contingency planning for what happens if they don't get it done. The
reality is that we're not going to get it all fixed, and if you don't have backup,
fall-back plans, then the business is
going to go right under. Can you point to companies or organizations that have
gone about this the right way? Two that you'll hear about most often are Bank of
Boston and Prudential Insurance in New Jersey. In both cases they got started
relatively early -- you know, '95 or '96 -- but far more important, they organized
it almost like a war. I've been talking a lot to the V.P. at Prudential who's in
charge of the whole thing. She's got a pipeline to the CEO who says, this is life
or death -- anybody who doesn't want to play by the rules, court-martial them.
You'd certainly hope that a business like an insurance company would be doing good
long-term planning -- its business depends on people's faith in them. The whole
financial community -- insurance companies, banks, Wall Street -- as you say, it's
a confidence game. The ones who really understand the significance of this stuff
realize that they cannot afford to lose the confidence of their client base. And
even aside from that, if they don't get this under control, they're not gonna be
open for business. It's very straightforward. But it's not often that you see the
fear of God at the CEO level. What are some of the worst examples -- the year 2000
basket cases? I got on the Net this morning, and apparently the airport in Atlanta
is thinking about whether they should do a year 2000 assessment this year or next
year! Now, that's Step 1. And an airport's like a small city unto itself. Forget
about the airplanes and the air traffic control; you've got this massive
infrastructure. So Atlanta is still thinking about whether they're going to do an
assessment. And it's irrelevant -- it's too late at this point. If you started
assessing next year, you'd be finished just in time to learn whether your
assessment was accurate or not. You tend to get this stuff through the grapevine
from the programmers in the trenches, because the public posture in most of these
companies is: We're doing fine, everything's OK, we're highly confident, blah blah
blah. A good example is: Each of the major federal government agencies is supposed
to report on its progress with the year 2000 stuff every three months. The
congressional oversight committee took the reported progress from these agencies
and extrapolated forward, saying, OK, if they continue on at the same rate, when
can we reasonably expect that they'll finish? The numbers were staggering. The
Department of Energy will finish in the year 2019. Defense'll finish in 2012. It's
just mind-boggling. At the IRS, the year 2000 stuff has been bundled together with
this massive modernization program they're trying to do. They decided to outsource
it, and the contract award is scheduled for October '98. This is all the brainchild
of the chief information officer of the IRS, a guy by the name of Arthur Gross --
who resigned. He's gone -- left a week ago. So I think that's dead in the water at
this point. You ask yourself, what's really going on in these companies and
government agencies where you have to assume that the leaders are not stupid
people? Some of them maybe are stupid -- they're just saying, I don't want to hear
about it. But somebody at the IRS has gotta know that they're hosed. You don't have
to be a rocket scientist to just see, oh shit, we don't have enough people. You'd
think that somebody would have gone to the president and said, "Ahem, Mr.
President, can I get your attention for a minute? Uh, the federal government's not
gonna be able to collect, whatever it is, $1.8 trillion, and you might want to come
up with a backup plan." What's the IRS gonna do? Put in a flat tax? Put in a
national sales tax? Insist that all transactions take place through the Internet?
What's the backup for IRS? What's the backup for FAA? When air traffic goes down,
what're they gonna do? Get people out on the runway waving semaphore flags? I don't
think they've got a plan yet. In the U.S. our approach is always to wait for a
crisis to develop, then mobilize the public. That's how our political system works,
and maybe it's part of our national character. But mobilizing after the fact
doesn't seem like it will help much in this case. Something else I've become more
aware of is that we now have trained a whole generation of clerical and
administrative people to turn their brains off -- they don't have to do any
thinking. All their instructions and day-to-day activities are guided by computers.
If you go into a restaurant and the cash register is broken, the waitresses can't
add up your bill anymore -- they've forgotten their third-grade arithmetic. We've
already seen a couple of year 2000 versions of this. The classic one is the
disaster at Marks & Spencer [a British retailer]. Some corned beef hash came in. It
had a bar code on the side of the boxes with an expiration date that happened to be
2002. So the clerk waved his bar-code reader on it and the computer rejected it,
thinking it had expired in 1902. Well, the clerk thought, that's cool -- the
computer said reject it, what do I care? And he can't read the bar-code anyway. So
he puts it back in the loading dock and sends the stuff back. A day or two later it
arrives back at the corned-beef hash company, and that clerk types in a transaction
saying, six cases of corned-beef hash rejected by our good client Marks & Spencer.
Fine, no problem, what does he care? Meanwhile, Marks & Spencer wanted the corned-
beef hash, so they put in another order. A week later, another six cases show up.
Rejected the same way. It went back and forth apparently four times before they ran
out of inventory up at the store. Now the shelves are empty. Somebody comes down to
the purchasing department and says, "What's going on? You guys can't manage your
inventory!" After a lot of angry phone calls and finger-pointing, finally it
percolated up to the point where somebody had his brain in the "on" position. I'm
concerned that there's gonna be a lot of this. There've been some stories about
this in the last couple weeks about the whole "00" credit card problem, which began
in '96 when some of the banks began issuing renewal cards with a four-year
expiration date. It turns out Visa had to recall 12 million cards. So they got
their stuff fixed, and they got all the banks to fix their stuff. Then of course
they had the problem of getting 14 million merchants to fix their credit card
swiping machines. And when they got to the 99 percent level they said, OK, now we
can start issuing 00 cards. So 1 percent of the restaurants and stores and so on
still haven't upgraded their terminals, which means that when you swipe your credit
card it gets rejected. And half the time, the clerks don't know what to do with
that. How did we get into this mess? Is it just sheer coincidence? What if the
computer industry had evolved, say, in the 1920s -- would we have had more time and
more generations of technology to get past this crisis? I think the problem is that
many of us put a lot of our sociological or anthropomorphic experiences into the
code that we write. And even today our normal human conversation tends to
abbreviate years down to two digits. That's a part of American society in the 20th
century, at least for the next couple of years. So there were lots of programs that
were written in the '70s and the '80s and the '90s that were non-compliant. You can
kind of excuse the guys in the '50s and '60s, because it was still a lifetime away.
But there's no excuse for any program written in this decade. How will the Internet
fare? A lot of Internet people are going to be really surprised. There was a
section in our book that we had to take out: I got an e-mail from a sys-op from an
Internet site in Chicago who said, in addition to everything else, the Internet's
gonna die -- because the routers and switches are noncompliant in many cases. And
he named a particular vendor, one of the more popular ones. Well, we included this
e-mail in the first draft of the book, which we put up on our Web site -- that
meant everybody saw it. After we went into production I got a grumpy letter from
the vendor saying it's not true. Then a lawyer called the publisher and said we
should take it out. So we went to the vendor's Web site. And to their credit they
have a year 2000 page, and we found the particular product -- and it said, if
you're using release such-and-such it's OK, but previous versions have not been
tested. There's got to be a percentage of people out there who haven't bothered
upgrading, or didn't think about it, or thought year 2000 didn't apply to them. But
the Net's supposed to be able to survive the failure of some routers -- though it
could be hurt if enough fail at once. Or if the backbones go down. You've got a
couple of key trunk lines. Still, as long as a reasonable percentage of the
Internet stays up, that's true. That's one of the ironies -- it's built to survive
nuclear war and year 2000 problems! - - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - A GLITCH IN TIME | PAGE 3 OF 3 - - - - - - - - - - - - - - - - - Your
book draws a lot of analogies with the crash of 1929, the bank holidays and the
Great Depression that followed. How do you think the financial markets are going to
handle the year 2000 problem over the next couple of years? The thing that boggles
my mind is that for the most part the Wall Street investment community does not
have this on their radar screen. So they're busily buying and selling General
Motors and IBM and everything and not saying, gee, I wonder if these companies are
actually gonna be around? How much are they spending on year 2000? What kind of
risk do they face? It's possible that may pick up later in the year. Edward
Yardeni, for instance, the chief economist at
Deutsche Morgan Grenfell, argues that the SEC and NASDAQ are putting enough
pressure on publicly traded companies that they're going to have to start
disclosing their year 2000 expenditures. The savvy investors and Wall Street guys
might start thinking, jeez, this could be a problem. The Warren Buffets of the
world might start pulling out, and so on. I don't think the general public is going
to start to panic till much later. But Yardeni argues that you're going to see a 20
percent drop in the stock market in the second half of this year, in anticipatory
reaction to year 2000 problems. Now the interesting thing about this as far as
American psychology is, if I buy a bunch of emergency food today, I'm stockpiling
-- but if I do it next year, I'm hoarding. In times of plenty no one seems to
object to your buying extra supplies. If I want to take my money out of the bank
this year, hey, it's not a problem. The thing that I'm watching for is whether the
government will make some anticipatory decisions to prevent a run. I wouldn't be at
all surprised to see a bunch of regulations put in at the end of this calendar year
to say, you're absolutely prevented from taking out your IRAs and Keoghs. I
wouldn't be surprised if the withdrawal penalty goes up from 10 to 50 percent next
year. "Time Bomb 2000" advises readers to consider taking steps like withdrawing
money from the bank, moving away from big cities and stockpiling food. How are
people reacting to that? Six months ago, when we wrote the book, I had members of
my extended family who said, oh, piffle, this is all ridiculous. But now fewer and
fewer people are shrugging it off entirely, particularly as the story begins to
enter the mainstream media. The thing that's most frustrating to me is to see
reasonably intelligent people who will focus on it for a short period of time -- a
few minutes, or for the extent of a half-hour TV show, and they say, wow, this is
serious! And then they go on to the next crisis of the day: El Ni�o! Iraq! Monica
Lewinsky! Or whatever. And by now they've forgotten. If you think, well, my ATM
card may not work for a couple of days, ehhh, big deal, I'll get $100 of cash.
That's trivial. Planning for a one-month disruption requires some effort: You've
got to save some money, you've got to stockpile some stuff, but you don't have to
really change your lifestyle. Where it really gets serious is when you say, you
know, this could be really bad for a year -- and if I want to survive I'm going to
have to change my lifestyle in a non-trivial way. Most people aren't willing to do
that easily. And I put myself in that category. If I told you that San Francisco is
going to burn to the ground, and for the safety of your family and yourself you're
going to have to quit this job, find a job somewhere else, move to a different part
of the country -- you can't just casually make that decision. But I did get to that
point about a year ago, on several different levels. We've sold our house in New
York, bought a house in New Mexico. I'm out of the stock market. The thing I keep
trying to repeat to people who are willing to listen to this at all is that you've
got options today: It's not pleasant to consider moving to a different town, but
you can work that into a plan. But doing that in panic mode in '99 is going to be a
whole different kettle of fish. Then it'll be a lot tougher -- because then you're
part of the stampede. And unfortunately I think that's what's going to happen to
the great majority of people. SALON | March 2, 1998