Jonathan G. Katz


Mail Stop 0609

Securities and Exchange Commission

450 Fifth Street, N.W.

Washington, D.C. 20549-0609

Mr. Katz,

June 26, 1999

Mr. Arthur Levitt, Chairman

Ms. Laura Unger, Commissioner

Securities and Exchange Commission

Dear Sir and Madame,

I am writing to warn about the contemplated rule changes (temporary

Rules 15b7-3T, 17Ad-21T) to require directors of brokerage firms to

certify their firms are ready for Y2K by August 31, 1999 or be shut

down, and to rules changes 15b7-2 and 17Ad-20. I recognize the SEC has

many responsibilities to balance and one very important one is to assure

the trading and investing public that the stock market exchange system

is now, and will remain, reliable. The last thing anyone wants is for a

jittery public to pull their money out of the stock market in an

irrational manner. That could be more damaging than effects of Y2K

itself. On the other hand, there are technical realities that cannot be

overlooked if the goal is to get through the Y2K period with our economy

and quality of life intact. Unfortunately, the proposed rule changes

serve neither goal.

My name is Dale W. Way and I am the chairman of a special committee of

the Institute of Electrical and Electronics Engineers (IEEE) set up by

the Technical Activities Board the Institute to research the full scope

of the Y2K problem. The IEEE is the oldest and largest international

non-profit association of engineers and computer scientists in the

world, and my committee, the Technical Information Focus Group, is

composed of professionals from industry, government and academia. We

have been studying the Y2K problem intensely for years seeking a

comprehensive understanding independent of any particular technological

perspective or commercial interest. For reasons of speed I am writing

this letter to you on a personal basis; to speak officially for my

committee or the Institute would require a significant amount of time.

It was my committee that submitted the memorandum concerning the

technical realities underlying the issue of legal liability limitations

recently praised on the floor of the Senate (enclosed). I am the author

of that letter.

The technical realities I refereed to are spelled out in the enclosed

liability memorandum, although some are specific only to liability. I

will highlight the crucial points for specific SEC purposes:

1. The proposed rule changes assume, is founded upon, the principal

that directors can know the status of their organizations regarding

Y2K. There is no basis for this assumption. There are many aspects of

Y2K, spelled out in the memorandum below, that render such knowledge

impossible to gain with certainty.

2. Making some systems ‘Y2K compliant’ can render others to which that

system is connected nonfunctional, either within or between member

firms. Any notion of ‘compliance,’ although a common one in normal SEC

terminology, is insufficient in a Y2K context to predict "operational


3. Many inputs to systems, critical for the functioning of those

systems, come from outside the control of the organization in question.

The future status of those inputs cannot be certain.

4. Complete testing and verification of the totality of the securities

trading ‘system of systems’ is not possible. Due to the number of

atomic elements involved: electronic devices, software program

statements (lines of code), data elements, etc.; and their complexity

(the number of possible relationships among them), determining all of

the impacts, expected and unexpected, of the wholesale changes that have

already been forced upon the various subsystems as if they were

independent (which they are not) will take too many test/detect/repair

loops through the entire ‘system of systems’ for the time available.

Consequently the proposed rule will put brokerage directors in an

untenable position. They will either have to tell the truth and be

forced to shut down trading by their organization, something that will

not serve the interests of their customers, the trading system in

general or the public; if enough tell the truth it will likely force the

very panic we are all trying to avoid. Or they will be forced, or

fooled, into lying. This may buy a few months of false comfort,

assuming enough of the firms take this path. But in the end reality

will out and what will happen will happen. At that point the

credibility of the system and the SEC will be in serious jeopardy;

something that serves no one.

We must recognize there will be system failures due to Y2K. We must

have the courage to face that certainty. (Although helpful, recent

tests were too narrow in scope to be a trustworthy predictor.) These

failures do not have to be fatal to the functions and viability of

organizations. The ultimate outcome of Y2K will be determined by the

adaptability of the organizations involved in the face of "potentially

numerous, rapid and unexpected events." It is there we must place our

efforts, actions and faith. We cannot know the outcome ahead of time;

we must go through it. For this reason rule change 17a-9T regarding

record keeping is to be supported, as should the SEC’s earlier support

of comprehensive contingency planning. It is time, I believe, to stop

hoping or pretending that the prevention phase will be totally

successful, that there will not be system failures. It is a self

delusion that does not serve the public interest. And we must stop

demanding that responsible people certify there will be none, even if it

means well-meaning people who have unknowingly taken that path must

courageously change their positions.

I stand ready to aid you in any way I can. Thank you for your



Dale W. Way


The Institute of Electrical and Electronics Engineers (IEEE)

Technical Activities Board

Year 2000 Technical Information Focus Group

650.574.2317 voice

650.571.7662 fax

176 Flying Cloud Isle

Foster CIty, CA 94404 alt. email



From Thomas’ Congressional Record:


Mr. GORTON. [Senator Slade Gorton, (R) Washington] Mr. President,

earlier this week the Senate passed a bill that tries to bring some

reason to the legal chaos that could result from Y2K failures and

Wednesday evening the Senate appointed conferees to reconcile the

differences between the House and Senate bills. I rise today to commend

the Senate for doing this, and to read from an excellent memorandum

underscoring the need for a quick resolution and final passage of a

conference report.

A memorandum prepared by the Year 2000 Technical Information Focus Group

of the Institute for Electrical and Electronics Engineers, the `I triple

E,' provides the best analyses and explanations I have seen of the

complexity of Y2K litigation; of why the argument we heard during floor

debate that the bill is designed to protect `bad actors' and that it

fails to provide sufficient incentives for remediation is generally

hollow; and of why it is so important that we do what we can to minimize

the economically paralyzing effects of a predictable and utterly

overwhelming legal snarl.

The memorandum, sent to various members of Congress, is particularly

compelling because its authors do not represent businesses that may be

sued, but are members of an international non-profit association of

engineers and computer scientists.

The memorandum is so good that rather than simply have it printed in the

Record, I will read it:



Piscataway, NJ, June 9, 1999.

To: Members, Senate Commerce, Science And Transportation Committee;

Members, Special Senate Committee On The Year 2000 Technology Problem;

Members, House of Representatives Committee on Science, Subcommittee on


Members, Committee on Government Reform, Subcommittee on Government

Management Information, and Technology;

Sponsors, House Bill `Year 2000 Readiness and Responsibility Act of

1999,' H.R. 775.

Re: Year 2000 Liability Legislation.

From: The Institute of Electrical and Electronics Engineers (IEEE)

Technical Activities Board

Year 2000 Technical Information Focus Group.

Dear Honorable Senators, Congressmen and Congresswomen:

As leaders of the Y2K effort of the Institute of Electrical and

Electronics Engineers (IEEE), the oldest and largest international

non-profit association of engineers and computer scientists in the

world, we would like to offer some thoughts on the pending legislation

involving Y2K liability obtained from our years of work and collective

wisdom spent studying Y2K. The IEEE has drafted an Institute position on

Y2K Legal Liability regarding United States federal law, to which our

committee greatly contributed. We offer these additional thoughts in

hopes that they may further assist your understanding as you attempt to

reconcile two very valid but conflicting underlying public policy goals

in structuring and passing the Year 2000 Liability Legislation currently

under consideration:

Minimize Damage to the Economy and Quality of Life: minimize the overall

damage to the nation's economy and quality of life by reducing the need

of organizations to redirect their limited resources away from the task

of maintaining their operations in the face of Y2K in order to defend

themselves from lawsuits arising from alleged Y2K failures.

Maximize Incentive for Y2K Failure Prevention: maximize the incentive of

every organization to prevent Y2K failures as well as preserve the legal

rights and remedies available for those seeking legitimate redress for

wrongs they may suffer resulting from Y2K failures.

In addressing public policy issues we have no more expertise than the

literate public. However, we do possess expertise in the technical

issues underlying the situation that should be considered as you weigh

the conflicting public policy goals in formulating appropriate Year 2000

Liability Legislation. In particular, for your consideration we offer

the following points pertaining to the technical realities of Y2K.

1. Prevention of all Y2K Failures Was Never Possible. For many large and

important organizations, technical prevention of all Y2K failures has

never been possible in any practical way for these reasons:

1.1 `Y2K Compliant' Does Not Equal `No Y2K Failures.' If an organization

makes all of its systems `Y2K compliant', it does not mean that that

same organization will not experience Y2K failures causing harm to

itself and other organizations. In fact, efforts to become `Y2K

compliant' in one place could be the direct cause of such failures in

others. If interconnected systems are made compliant in different ways,

they will be incompatible with each other. Many systems in government

and industry are mistakenly being treated as if they were independent

and fixed in the most expedient way for each of them. When this `Humpty

Dumpty' is put back together again, it will not work as expected without

complete testing, which is unlikely (see Complexity Kills below).

1.2 All Problems Are Not Visible or Controllable. In the best case

organizations can only address those things they can see and those

things they have control over. Given this reality, many Y2K failures are

inevitable because some technical problems will not be discernible prior

to a failure, and others, while discernible, may not be within an

organizations' jurisdictional control to correct. This is especially

true in large complex organizations with large amounts of richly

interconnected software involved in long and complex information chains

and in systems containing a high degree of embedded devices or systems

purchased in whole from external parties. (The temporary lifting of

certain copyright and reverse engineering restrictions for specific Y2K

protection efforts should also be considered as long as copyright

holders are not unduly harmed.)

1.3 Incoming Data May Be Bad or Missing. To maintain their operations

many organizations require data imported from other organizations over

which they have no control. Such data may have unknowingly been

corrupted, made incompatible by misguided compliance efforts or simply

missing due to the upstream organizations lawful business decisions.

1.4 Complexity Kills. The internal complexity of large systems, the

further complexity due to the rich interconnections between systems, the

diversity of the technical environments in type and vintage of most

large organizations and the need to make even small changes in most

systems will overwhelm the testing infrastructure that was never

designed to test `everything at once.' Hence, much software will have to

be put back into use without complete testing, a recipe, almost a

commandment, for widespread failures.

2. Determining Legal Liability Will Be Very Difficult. Traditionally the

makers of products that underlie customer operations are liable if those

products are `defective' enough to unreasonably interfere with those

operations resulting in damage. Y2K is different in that those customers

themselves are also at risk for legal action if they fail to fulfill

contractual obligations or fail to maintain their stock values and their

failure to `fix' their Y2K problems can be shown as the cause. This

customer base of technology producers cannot be overlooked in this

issue. As it constitutes most of the organizations in the world, its

needs and the implications of legislative actions on it considered now

should not be overshadowed by undue focus on the much smaller technology

producer sector. Nonetheless, even there liability is not as clear as

tradition might indicate. Several factors make liability determination

difficult, expensive, time consuming and not at all certain.

2.1 There Is a Shared Responsibility Between Buyers, Sellers and Users

of Technology. Computer products themselves have only clocks that have

dates in them. Application software products usually offer optional ways

of handling dates. The customer/user organizations, especially larger,

older ones, have created much of their application software in-house.

When new products are introduced into the buying organization, the

customer/user usually has vast amounts of data already in place that

have date formats and meaning already established. These formats and

meanings cannot be changed as a practical matter. The majority of, and

the longest-lasting, potential system problems lay in application

software and the data they process, not in clock functions. (Clock-based

failures, those likely to happen early in January 2000, while

potentially troublesome, will be for the most part localized and of

short duration.) Various service providers can be optionally called in

to help plan and apply technology for business purposes. But it is only

when these are all merged together and put to actual use that failures

can emerge. It is very rare that one of them alone can cause a failure

that carries legal consequences.

2.2 Many Things Are Outside the Control of Any Defendant. Incoming data

from external sources outside its control may be corrupted, incompatible

or missing. Devices and systems embedded in critical purchased equipment

may be beyond the defendant's knowledge or legal access. Non-technical

goods and services the defendant depends upon may not be available due

to Y2K problems within their source organizations or distribution


2.3 There Will Be a Strong Defense of Impracticability. Existing

large-scale systems were not made safe from Y2K long ago for good

reasons. Many systems resist large-scale modernization (e.g., IRS, FAA

Air Traffic Control, Medicare) for the same reasons. Wide-spread,

coordinated modifications across entrenched, diverse, interconnected

systems is technically difficult if not impossible at the current level

of transformational technology. New products must be made to operate

within the established environment, especially date data formats.

Technology producers will claim, with reason, that the determining

factor in any Y2K failures lay in the way the customer chose to

integrate their products into its environment. It will be asserted,

perhaps successfully, by user organizations that economic

impracticability prevented the prevention of Y2K failures. Regardless of

the judicial outcome, it will take a long time and many resources to

finally resolve. And that resolution may have to come in thousands of

separate cases.

3. Complexity and Time Negates Any Legal Liability Incentive. Even if

making all of an organization's systems `Y2K compliant' would render an

organization immune from Y2K failures (it will not), the size and

complexity of the undertaking is such that if any but the smallest

organization is not already well into the work, there is not enough time

for the incentive of legal liability to have any discernible positive

effect on the outcome. As an analogy, providing any kind of incentive to

land a man on Mars within one year would have no effect on anyone's

efforts to achieve that unless they had been already working to that end

for many years. A negative effect will result from management diverting

resources from prevention into legal protection.

4. The Threat of Legal Action Is a Dangerous Distraction at a Critical

Time. There will be system failures, especially in large, old, richly

interconnected `systems of systems' as exist in the financial services

and government sector. The question is how to keep such technical

failures from becoming business or organization failures. We should be

asking ourselves how we as a society can best keep the flow of goods and

services going until the technical problems and failures can be

overcome. The following points bear on these questions.

4.1 Y2K Is a Long Term, Not Short Term, Problem. Irrespective of the

notion of Y2K being about time, a point in time, or the fixation on the

rollover event at midnight December 31, 1999, or even the name `Year

2000' itself, Y2K computer problems will be causing computer system

malfunctions and failures for years into the next decade. Y2K is much

more about the dates that can span the century boundary represented in

data that must be processed by software than it is about any calendar

time or clock issues. Because of the vast amounts of these, the complex

intertwining among them and our less than complete understanding of the

whole, it will take years for the infrastructure to `calm down' after

Y2K impacts themselves AND the impacts of the sometimes frantic and

misguided changes we have made to it. The current prevention phase is

only the beginning.

4.2 Rapid and Effective Organizational Adaptability Will Be a Prime

Necessity. They key to an organization's ability to continue to provide

the goods and services other organizations and individuals need to

continue their operations will be determined by an organization's

ability to adapt its practices and policies quickly and effectively in

the face of potentially numerous, rapid and unexpected events.

4.3 Lawsuits, Actual or Threatened, Will Divert Requisite Resources.

Preventing and minimizing harm to society from Y2K disruption is

different than, and at times opposed to, protecting one's organization

from legal liability. Addressing lawsuits, and even the threat of a

lawsuit, will divert requisite resources, particularly management

attention, from an organization's rapid and effective adaptation. This

is already happening regarding technical prevention and will get worse

the longer such legal threats remain. Organizational management has much

more experience dealing with legal threats than they do addressing

something as unique and unprecedented as Y2K. Their tendency is to

address the familiar at the expense of the novel. They must be allowed

to focus on the greater good.

4.4 Judicial System Overload Is Another Danger. Given the great

interactive and interdependent complexity of Y2K's impact on the

operations of our institutions on a national and global scale, the

effort to determine exactly what happened, why it happened and who is

legally responsible for each micro-event is itself a huge undertaking

requiring the resolution of many questions. For the legal and judicial

system to attempt to resolve the legal rights and remedies of affected

parties while Y2K impacts are still unfolding will, in any case,

threaten to overwhelm the legal and judicial system's capacity to assure

justice in the matter, let alone its ability to continue to do its other

necessary work.

For all of the reasons discussed above, we support limitations on

Y2K-related legal liability. Minimizing harm and assessing blame are

each formidable and important tasks, but they cannot be done

simultaneously without sacrificing one for the other. Minimizing harm is

more important and there is an increased threat to our welfare if

assessing blame adversely interferes with our ability to minimize harm.

The value of incentives at this late date is very small. We trust that

the collective wisdom of Congress will find ways to reduce these

threats. We have additional background material available. Please

contact IEEE staff contact Paula Dunne if you are interested in this

material. We have other ideas beyond the scope of this legislation of

what the U.S. federal government can do to help minimize harm throughout

this crisis. We are ready to help in any way you may deem appropriate.


The Institute of Electrical and Electronics Engineers (IEEE)

Technical Activities Board

Year 2000 Technical Information Focus Group.


Mr. President, the bill we passed earlier this week is modest. It may

very well not meet all the concerns expressed by the IEEE. The

legislation may, however, at least reduce these threats. As a

consequence, we must enact meaningful legislation and we must enact it