Y2K and Legal Issues

There has been a lot of fuss in the IT media in the last couple of months about legal issues arising from Y2K problems. Most insurance companies are specifically excluding any problems that arise because of Y2K rollovers in their policies, and a few lawsuits have already been launched in the US about costs required to fix Y2K problems. The issue of legal liability and who's responsible for any costs is likely to accelerate this year, and next year should see all kinds of stupid suits introduced. What are you responsible for as a VAR? Are you on the hook for a system you sold your clients ten years ago? What if software you supplied to a client is a problem: are you or the software vendor responsible?

First consider software: most software packages come with a license (usually the "break the shrink-wrap and you've agreed to everything we want" kind). These licenses tend to state that the manufacturer or vendor of the software has no responsibility for the software. All you're doing is buying either a CD-ROM or a diskette with stuff on it, which the vendor isn't responsible for. Despite several cases in the US about whether these licenses are valid or not, the current understanding is that the vendors have no responsibility for damages that may arise from using their software. So, for example, if an earlier version of Microsoft Excel can't handle the year changes (most versions before Office 97 had problems), Microsoft has no responsibility for screwed up calculations, spreadsheets, and reports. If you lose money because you trusted the numbers the spreadsheet generated, it's your fault. This has nothing to do with Y2K of course, as these license agreements have been around for years. However, it is unlikely you'll be able to pursue any software vendor because of crashes caused by Y2K issues that are not specifically addressed by the vendor.

Which brings up another side issue. Many vendors are releasing "Y2K compliant" versions of their software. The documentation and packaging all trumpet that the software is Y2K safe. What if it isn't? The issue arose for me recently with a customer's accounting package. They had upgraded their accounting software to the vendor's latest version, prominently called "Y2K compliant" on the box. When we advanced the dates on their system a few months ago to test this claim, we found that while most of the package was indeed able to handle the Y2K roll-over without problem, one module didn't work right. Invoices were being generated for 100 years plus a few hours of labor if the time tracking system ran over the new year. The vendor promised a fix, but the question remains: are they liable for their claims of compatibility? My customer's legal counsel feels that the generic shrink-wrap "we aren't responsible for anything" contracts takes precedence over the box's claims of compatibility. This would eventually end up in court, and who knows how it would end up. The moral is don't trust software claims: test everything yourself (see the last column and start testing now!).

OK, so any software you've bought for your own or your client's use is probably going to provide no legal relief for you. What about your company's responsibility if you did sell those packages to the customer, assuring them that it was Y2K safe? Again, no definitive answer seems available. Some legal counsel feel that you as the company that assured the client the software was safe are responsible. Others feel that you're just a reseller and hence not responsible for what's in the packages you sell. If push comes to shove in a court room, who knows which way it will go? How do you protect yourself? Make sure you don't make unwarranted claims about your solutions being Y2K safe without checking them out yourself. Even better, use a disclaimer that indicates the software is the responsibility of the software vendor, not you.

Hardware is a different ballpark. I had a customer who had to replace a considerable number of routers and gateways because they were not capable of performing the roll-over properly. These hardware systems are not new: they were bought five or more years ago. Should the manufacturer be responsible for replacing them? The manufacturer's response was that the hardware should have been upgraded to the latest versions every time a new release was made, and they bear no responsibility for older hardware that isn't supported any more. But is it fair to ask a client to spend thousands of dollars every year to upgrade hardware that was working just fine? Again, legal opinions differ: in the US there are several cases against hardware manufacturers working their way through the courts right now over this issue. If the hardware manufacturer knew there was a problem when the year roll-over happens, shouldn't they have told the customers that? Should they provide free updates? Do they have any responsibilities at all when the package leaves their loading dock? What about you, again, who sold the hardware to the customer?

In preparing this column I spoke to several independent lawyers as well as a number of corporate legal departments. The corporations, of course, feel that it's the vendors who are responsible for problems (and whoever sold the systems as the VAR - meaning you - are also liable). The independent counsels were not sure. With licensing agreements worded the way they are, there is no clear-cut answer about whether the VAR and the original vendor is responsible or not. Is this an issue for you? Most definitely. There are many VARs that are going to be hit with megabuck lawsuits over Y2K upgrade costs, as well as damages. Custom software costs for fixing Y2K problems are already being disputed, notably against companies like IBM. Can you protect yourself properly? I don't have a clue, and neither does anyone else I spoke to. Great news, huh?