Blame for Year 2000 hysteria starts at GAO

Perhaps it is not too early to begin the finger-pointing over the real Year 2000 catastrophe.

When the grand anti-climax to the Year 2000 problem occurs Jan. 1, the media likely will be full of "experts" who knew all along that the dire predictions were gross exaggerations and that the supposed cure was many times worse than the disease. If anyone is to be heard above that coming din, it is best to speak up now.

An insightful opinion piece by professor Paul Kedrosky in the Dec. 8 issue of The Wall Street Journal has pointed the first finger: "While there was a date-related problem in many computer programs, the panic outdistanced the likelihood of calamity so much that we reached absurdity in record time."

As he points out, very few of the trillions of dollars attributed to Year 2000 remediation is related to any actual technical fixes of the problem. The Gartner Group Inc., for example, is cited as estimating that 80 percent of the total Year 2000 cost is related to public relations. Kedrosky blames the media and economists such as Edward Yardeni, Ed Yourdon and Peter de Jaeger for creating Year 2000 alarmism.

I believe that Kedrosky is a bit off in his assessment of underlying responsibility. By and large, the media and the economists he cited have nontechnical backgrounds and were not capable of making any personal assessments of the risk. In general, they served merely to transmit what they were told by people with more technical expertise. The same is true of members of Congress, the Clinton administration, the legal profession, corporate boards, regulatory agencies and others who took up the cry, motivated either by genuine concern or by vested interest.

Ultimately, I believe the technical community must shoulder the major blame for originating and stoking the panic. They should have known better. Elements within the technical community benefited directly from the alarm. The prestige and influence in of techies were enhanced. Money became freely available for any long-desired project that could be even remotely tied to the Year 2000 issue.

The real question here is: Is there a small number of people who could reasonably have been expected to behave in a way and to a degree that would have made a significant difference? I believe that the answer is yes, and the responsible organization is one of my alma maters: the General Accounting Office.

It is my view that the key abdication of responsibility in the Year 2000 issue was GAO's uncritical adoption of its "triple negative" standard that held that if an agency could not provide positive and convincing evidence that none of the functions of an information system would be affected by Year 2000, that system would thereby be rendered "noncompliant."

Let me trace my "for the want of a nail" reasoning that caused me to settle on this particular element. It should be obvious that this standard is difficult — and expensive — to meet, even for those systems without the remotest connection to critical data functions. For the most part, exhaustive code searches and/or elaborate detailed emulations would be required to meet the defined standard.

GAO's adoption of this stringent standard as federal "good practice" regarding Year 2000 lit the oversight fires in Congress. Congressional opportunism, supported by repeated testimony and reports from a group of "experts" in GAO, turned the GAO standard into a mandated requirement, which triggered several hundred billion dollars of federal expenditures. The federal regulatory agencies fell in line and in turn imposed this requirement on their corporate constituents such as banks, brokerage firms and power companies.

The legal profession mobilized for Year 2000 lawsuits. The media was stirred into action and flooded households with assurances that assumed catastrophe was likely unless heroic measures were undertaken. From that point on, the fear fed on itself.

Let me suggest that in each of the steps outlined above, the negative effect would have been dampened considerably had the underlying GAO standard been defined more reasonably. One also should note that in the rest of the developed world, absent the initial prod of something like this GAO standard, the Year 2000 concern was far more restrained — at least until the concern of the United States and its associated triple-negative standard propagated there through the ties of international commerce.

Was the GAO's standard responsible? Even given what was known about the Year 2000 problem at the time the standard was first promulgated, the answer is "no."

GAO's own risk analysis and mitigation guidance requires a thorough study of the likelihood of the potential risks and the magnitude of the consequences vs. the costs of various mitigation strategies. Given the extreme stringency of its resulting standard, one should expect the evidence to be overwhelming that GAO expected risks that were high and significant and that it had convincing proof that the triple-negative standard was the most cost-effective approach. GAO has never published such a study, and one must doubt that it ever was made.

Even if GAO had somehow decided that its ignorance of the problem at the time justified a triple-negative standard as an interim measure, it had ample time and evidence to reverse that decision. One would think that the multitude of Year 2000 assessments would furnish sufficient data for a realistic GAO analysis of the probable risks and consequences. Regardless of any bias GAO may have held, they should have been alerted by the scarcity of even anecdotal negative results on the scale that might have justified the standard.

— Giammo retired from government service in 1993 when he was assistant commissioner of the Patent and Trademark Office. Prior to that, he had been an associate director at GAO, with responsibility for government information technology issues.