http://www.salonmagazine.com/21st/books/ a glitch in time THE "MILLENNIUM BUG" ISN'T JUST A PROBLEM FOR PROGRAMMERS. AN EXPERT WARNS IT COULD SERIOUSLY SCREW UP OUR ECONOMY AND OUR LIVES. BY SCOTT ROSENBERG | It could be the electricity that goes first -- the national power grid brought down by confused microchips. It could be the banks, brought to their knees by befuddled bookkeeping programs that think they've been flung backwards in time by a century. Or maybe it will be the telephone system. Or the stock markets. Government agencies like the IRS. Trains, planes, even some automobiles. Whatever the order of our going, when the clocks on millions upon millions of computers and digital systems click over to "2000" at midnight on Dec. 31, 1999, we all may go down together. That, at least, is the pessimistic warning from software management expert Edward Yourdon. There are lots of opinions out there about the so-called "millennium bug" or year 2000 crisis; no one knows for sure what will happen when parts of our vast electronic grid wake up on the morning of New Year's Day, 2000, and can't remember what day it is. But the warning voices are getting louder: Last week, Federal Reserve Chairman Alan Greenspan told Congress, "Inevitable difficulties are going to emerge. You could end up with ... a very large problem." In the face of such uncertainty, Yourdon's new book, "Time Bomb 2000" (Prentice Hall, 416 pages), argues for caution -- and prescribes some doses of healthy fear. Don't relax and think, "They'll have it fixed in time," and don't trust the executives and functionaries out there who blandly reassure you that they have the situation under control, Yourdon warns: Unless they can provide written assurances that their systems are "Year 2000 compliant," they are probably simply crossing their fingers. Most companies and institutions got a slow start on the mammoth project of updating all their old software and systems to think of years in four digits rather than two -- and in many cases it's already too late to finish in time. Software projects are notorious for running overtime -- but the calendar won't wait. And throwing hordes of programmers at the problem at the last minute is likely to be worse than useless. Rushing a software project, the saying goes, is like rushing a pregnancy -- you can't make a baby in one month by putting nine women on the job. But the real kicker of Yourdon's argument lies in his notion of "ripple effects." Even if your employer, bank, insurance company and electric utility all have their acts together, significant numbers of companies and institutions won't. It will do you no good to shop at a "year 2000 compliant" supermarket if its distributors' computers have gone kaput and the shelves are bare. A company may fix every line of software code on its mainframe computer systems, only to be hobbled by bad code in "embedded systems" -- chips that control mundane stuff like elevators and security systems and factory machinery. Even if only a small percentage of companies get into trouble, in today's economy we're all connected -- and just a few percentage points of year 2000 trouble could spell recession or worse. Yourdon's previous books -- like "The Decline and Fall of the American Programmer" and "Death March" -- were aimed at professional programmers. But "Time Bomb 2000," which Yourdon co-authored with his daughter Jennifer, is written for the general public. It provides the reader with exhaustive scenario-planning and survival advice based on the prospects of a "two-day failure," "one-month failure," "one-year failure" and "10-year failure." While the book doesn't outright predict "a moderate, serious or devastating collapse of the nation's socio-economic system," it's chilling that it even brings up the possibility. Even if the worst-case scenarios never come to pass, Yourdon argues, "It's better to be terrified now." He has acted on his own advice, trading in a New York City home for one in New Mexico -- on the theory that Manhattan will be the worst place in the world to be in the event that our economic infrastructure collapses. Yourdon -- a congenial and methodical man who seems genuinely distressed about the bad news he's bearing -- spoke to me last week at the Salon offices. We've all grown jaded about books that tell us the sky is falling, but given the range of Yourdon's experience and the persuasiveness of his arguments, he may be one Jeremiah worth heeding. What made you write "Time Bomb 2000"? I've been a consultant for 30-odd years, and I'm accustomed to seeing large projects that have collapsed. You walk in, you see an organization that's launching this Mongolian horde project and, as an outsider, you can smell death in the air right away. You know they're doomed -- they won't admit it, they may not even know it, but it's obvious. And I'd say, well, that's OK, I'll collect my consulting fee, I'll make sure that I'm not standing anywhere near this thing when it goes under. And you move on. But about a year and a half ago I woke up one morning and thought, uh-oh, this one is different. Because it's everything -- it's every insurance company and every utility company. And if they all go down, and they're all interconnected, then my family goes down with it. That's what got me going. Typically, I would come home from a lot of work assignments and say to my wife, "You won't believe what those guys at company X did!" And my wife is actually very computer literate, so she would understand technically what I was saying. But her answer always was, "Who cares? What's this got to do with me?" Nothing whatsoever. Here, it does matter. That was kind of an epiphany for me. Is the situation really as bad as you make it out in "Time Bomb 2000"? We took a pretty neutral position, relatively speaking. Personally, I think it's worse than what we laid out, writing last summer. Things have gotten worse in the last six months. If you see any of the informal surveys on any of the newsgroups -- like comp.software.year2000 -- they're pretty pessimistic. The last one I saw asked for your assessment of how bad it could be on a scale of 1 to 5, where 1 is no big deal and 5 is, you know, the end of Western civilization. And they're usually in the range of 3 and a half to 4. Serious stuff is going to happen. These are people who are directly involved in year 2000 projects and are beginning to see that, gee, this stuff is taking forever, and they're not really getting the support from senior management that they desperately need. There are two groups of computer-literate people: people that are directly involved in year 2000 projects and everybody else -- including the Internet people, and the Java people, and the client-server people. And people in the latter category are often oblivious. "Oh, it's a few COBOL programs, who cares?" Or they'll say, "Well, my Macintosh is compliant, nyah nyah nyah." Are we all vulnerable? Is anyone safe? Even if you work in a purely manual mechanical world with no computers within 20 miles of your office, if you've got customers and suppliers and any kind of interaction with society, or if you find electricity convenient, if you use a telephone, if you've got a bank account, then you're vulnerable, period. There's no doubt about that at all. It's just much more obvious if you work in a high-tech environment. You can brush aside lots of secondary things and you've got this so-called "iron triangle": utilities, banks and telephone companies. Since the book came out we've gotten more and more information about the utilities. There are 9,000 electric utilities in this country. One hundred and eight nuclear plants, and none of them are compliant -- not a one. Recent surveys indicate that a third of them still haven't started. The thing I find scary is that a lot of the utility companies that are working on year 2000 are working on their mainframe systems -- they want to make sure their billing systems are OK -- and they haven't thought about their embedded systems. It really is very frightening. I've started getting e-mail correspondence from some Deep Throat-style informants about a couple of the bigger telephone companies that are way far behind. AT&T, MCI and Sprint are all dealing with portfolios of 300 million or 400 million lines of code. That's a big job. Why didn't companies start sooner? Is it because they don't see any short-term benefit in spending lots of money now to avert a disaster that no one can say for sure will happen? I think we're past that stage. That was the big problem in the '93-'95 period: trying to persuade senior managements that they ought to do something when there was no return on investment. Now I think it's gotten to the point where senior management, if nothing else, is aware of the legal risk. They may still think that it's a financial pain in the neck, but their lawyers are saying, "You know what? If we don't get our stuff fixed we're gonna get sued right out of business." So now the problem is that senior management says, "Yes! Do it! I hereby decree that it will be done." But they don't follow through, or they don't provide the funds or the active leadership to keep the troops in line. And they don't seem to acknowledge that traditionally all of their projects have been six months or a year late, and this one's going to be no better. The thing that's scaring a lot of us now is that some of them are not even doing triage to concentrate on the mission-critical stuff -- and virtually none of them are doing contingency planning for what happens if they don't get it done. The reality is that we're not going to get it all fixed, and if you don't have backup, fall-back plans, then the business is going to go right under. Can you point to companies or organizations that have gone about this the right way? Two that you'll hear about most often are Bank of Boston and Prudential Insurance in New Jersey. In both cases they got started relatively early -- you know, '95 or '96 -- but far more important, they organized it almost like a war. I've been talking a lot to the V.P. at Prudential who's in charge of the whole thing. She's got a pipeline to the CEO who says, this is life or death -- anybody who doesn't want to play by the rules, court-martial them. You'd certainly hope that a business like an insurance company would be doing good long-term planning -- its business depends on people's faith in them. The whole financial community -- insurance companies, banks, Wall Street -- as you say, it's a confidence game. The ones who really understand the significance of this stuff realize that they cannot afford to lose the confidence of their client base. And even aside from that, if they don't get this under control, they're not gonna be open for business. It's very straightforward. But it's not often that you see the fear of God at the CEO level. What are some of the worst examples -- the year 2000 basket cases? I got on the Net this morning, and apparently the airport in Atlanta is thinking about whether they should do a year 2000 assessment this year or next year! Now, that's Step 1. And an airport's like a small city unto itself. Forget about the airplanes and the air traffic control; you've got this massive infrastructure. So Atlanta is still thinking about whether they're going to do an assessment. And it's irrelevant -- it's too late at this point. If you started assessing next year, you'd be finished just in time to learn whether your assessment was accurate or not. You tend to get this stuff through the grapevine from the programmers in the trenches, because the public posture in most of these companies is: We're doing fine, everything's OK, we're highly confident, blah blah blah. A good example is: Each of the major federal government agencies is supposed to report on its progress with the year 2000 stuff every three months. The congressional oversight committee took the reported progress from these agencies and extrapolated forward, saying, OK, if they continue on at the same rate, when can we reasonably expect that they'll finish? The numbers were staggering. The Department of Energy will finish in the year 2019. Defense'll finish in 2012. It's just mind-boggling. At the IRS, the year 2000 stuff has been bundled together with this massive modernization program they're trying to do. They decided to outsource it, and the contract award is scheduled for October '98. This is all the brainchild of the chief information officer of the IRS, a guy by the name of Arthur Gross -- who resigned. He's gone -- left a week ago. So I think that's dead in the water at this point. You ask yourself, what's really going on in these companies and government agencies where you have to assume that the leaders are not stupid people? Some of them maybe are stupid -- they're just saying, I don't want to hear about it. But somebody at the IRS has gotta know that they're hosed. You don't have to be a rocket scientist to just see, oh shit, we don't have enough people. You'd think that somebody would have gone to the president and said, "Ahem, Mr. President, can I get your attention for a minute? Uh, the federal government's not gonna be able to collect, whatever it is, $1.8 trillion, and you might want to come up with a backup plan." What's the IRS gonna do? Put in a flat tax? Put in a national sales tax? Insist that all transactions take place through the Internet? What's the backup for IRS? What's the backup for FAA? When air traffic goes down, what're they gonna do? Get people out on the runway waving semaphore flags? I don't think they've got a plan yet. In the U.S. our approach is always to wait for a crisis to develop, then mobilize the public. That's how our political system works, and maybe it's part of our national character. But mobilizing after the fact doesn't seem like it will help much in this case. Something else I've become more aware of is that we now have trained a whole generation of clerical and administrative people to turn their brains off -- they don't have to do any thinking. All their instructions and day-to-day activities are guided by computers. If you go into a restaurant and the cash register is broken, the waitresses can't add up your bill anymore -- they've forgotten their third-grade arithmetic. We've already seen a couple of year 2000 versions of this. The classic one is the disaster at Marks & Spencer [a British retailer]. Some corned beef hash came in. It had a bar code on the side of the boxes with an expiration date that happened to be 2002. So the clerk waved his bar-code reader on it and the computer rejected it, thinking it had expired in 1902. Well, the clerk thought, that's cool -- the computer said reject it, what do I care? And he can't read the bar-code anyway. So he puts it back in the loading dock and sends the stuff back. A day or two later it arrives back at the corned-beef hash company, and that clerk types in a transaction saying, six cases of corned-beef hash rejected by our good client Marks & Spencer. Fine, no problem, what does he care? Meanwhile, Marks & Spencer wanted the corned-beef hash, so they put in another order. A week later, another six cases show up. Rejected the same way. It went back and forth apparently four times before they ran out of inventory up at the store. Now the shelves are empty. Somebody comes down to the purchasing department and says, "What's going on? You guys can't manage your inventory!" After a lot of angry phone calls and finger-pointing, finally it percolated up to the point where somebody had his brain in the "on" position. I'm concerned that there's gonna be a lot of this. There've been some stories about this in the last couple weeks about the whole "00" credit card problem, which began in '96 when some of the banks began issuing renewal cards with a four-year expiration date. It turns out Visa had to recall 12 million cards. So they got their stuff fixed, and they got all the banks to fix their stuff. Then of course they had the problem of getting 14 million merchants to fix their credit card swiping machines. And when they got to the 99 percent level they said, OK, now we can start issuing 00 cards. So 1 percent of the restaurants and stores and so on still haven't upgraded their terminals, which means that when you swipe your credit card it gets rejected. And half the time, the clerks don't know what to do with that. How did we get into this mess? Is it just sheer coincidence? What if the computer industry had evolved, say, in the 1920s -- would we have had more time and more generations of technology to get past this crisis? I think the problem is that many of us put a lot of our sociological or anthropomorphic experiences into the code that we write. And even today our normal human conversation tends to abbreviate years down to two digits. That's a part of American society in the 20th century, at least for the next couple of years. So there were lots of programs that were written in the '70s and the '80s and the '90s that were non-compliant. You can kind of excuse the guys in the '50s and '60s, because it was still a lifetime away. But there's no excuse for any program written in this decade. How will the Internet fare? A lot of Internet people are going to be really surprised. There was a section in our book that we had to take out: I got an e-mail from a sys-op from an Internet site in Chicago who said, in addition to everything else, the Internet's gonna die -- because the routers and switches are noncompliant in many cases. And he named a particular vendor, one of the more popular ones. Well, we included this e-mail in the first draft of the book, which we put up on our Web site -- that meant everybody saw it. After we went into production I got a grumpy letter from the vendor saying it's not true. Then a lawyer called the publisher and said we should take it out. So we went to the vendor's Web site. And to their credit they have a year 2000 page, and we found the particular product -- and it said, if you're using release such-and-such it's OK, but previous versions have not been tested. There's got to be a percentage of people out there who haven't bothered upgrading, or didn't think about it, or thought year 2000 didn't apply to them. But the Net's supposed to be able to survive the failure of some routers -- though it could be hurt if enough fail at once. Or if the backbones go down. You've got a couple of key trunk lines. Still, as long as a reasonable percentage of the Internet stays up, that's true. That's one of the ironies -- it's built to survive nuclear war and year 2000 problems! Your book draws a lot of analogies with the crash of 1929, the bank holidays and the Great Depression that followed. How do you think the financial markets are going to handle the year 2000 problem over the next couple of years? The thing that boggles my mind is that for the most part the Wall Street investment community does not have this on their radar screen. So they're busily buying and selling General Motors and IBM and everything and not saying, gee, I wonder if these companies are actually gonna be around? How much are they spending on year 2000? What kind of risk do they face? It's possible that may pick up later in the year. Edward Yardeni, for instance, the chief economist at Deutsche Morgan Grenfell, argues that the SEC and NASDAQ are putting enough pressure on publicly traded companies that they're going to have to start disclosing their year 2000 expenditures. The savvy investors and Wall Street guys might start thinking, jeez, this could be a problem. The Warren Buffets of the world might start pulling out, and so on. I don't think the general public is going to start to panic till much later. But Yardeni argues that you're going to see a 20 percent drop in the stock market in the second half of this year, in anticipatory reaction to year 2000 problems. Now the interesting thing about this as far as American psychology is, if I buy a bunch of emergency food today, I'm stockpiling -- but if I do it next year, I'm hoarding. In times of plenty no one seems to object to your buying extra supplies. If I want to take my money out of the bank this year, hey, it's not a problem. The thing that I'm watching for is whether the government will make some anticipatory decisions to prevent a run. I wouldn't be at all surprised to see a bunch of regulations put in at the end of this calendar year to say, you're absolutely prevented from taking out your IRAs and Keoghs. I wouldn't be surprised if the withdrawal penalty goes up from 10 to 50 percent next year. "Time Bomb 2000" advises readers to consider taking steps like withdrawing money from the bank, moving away from big cities and stockpiling food. How are people reacting to that? Six months ago, when we wrote the book, I had members of my extended family who said, oh, piffle, this is all ridiculous. But now fewer and fewer people are shrugging it off entirely, particularly as the story begins to enter the mainstream media. The thing that's most frustrating to me is to see reasonably intelligent people who will focus on it for a short period of time -- a few minutes, or for the extent of a half-hour TV show, and they say, wow, this is serious! And then they go on to the next crisis of the day: El Nio! Iraq! Monica Lewinsky! Or whatever. And by now they've forgotten. If you think, well, my ATM card may not work for a couple of days, ehhh, big deal, I'll get $100 of cash. That's trivial. Planning for a one-month disruption requires some effort: You've got to save some money, you've got to stockpile some stuff, but you don't have to really change your lifestyle. Where it really gets serious is when you say, you know, this could be really bad for a year -- and if I want to survive I'm going to have to change my lifestyle in a non-trivial way. Most people aren't willing to do that easily. And I put myself in that category. If I told you that San Francisco is going to burn to the ground, and for the safety of your family and yourself you're going to have to quit this job, find a job somewhere else, move to a different part of the country -- you can't just casually make that decision. But I did get to that point about a year ago, on several different levels. We've sold our house in New York, bought a house in New Mexico. I'm out of the stock market. The thing I keep trying to repeat to people who are willing to listen to this at all is that you've got options today: It's not pleasant to consider moving to a different town, but you can work that into a plan. But doing that in panic mode in '99 is going to be a whole different kettle of fish. Then it'll be a lot tougher -- because then you're part of the stampede. And unfortunately I think that's what's going to happen to the great majority of people. SALON | March 2, 1998
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:06:08 PDT