The year 2000 bomb: is it hype?

The millennium computer "time bomb" could cause mayhem in everything from laptop computers to air traffic control. Robert Fenner considers the scale of the problem and whether it has been exaggerated by those who could benefit.
August 19, 1997

Many years ago, an engineer explained to me the difference between human and computer behaviour. "If you give ?1 to young John and ask him to go and buy a loaf of bread, he will go to the shop, buy the loaf and bring it back to you with the change. If you could ask a computer to do the same thing, it would go to the shop, buy the loaf and wait there."

Sadly, artificial intelligence has not progressed a great deal since then. It is true that many software programmes can now draw inferences from context and act accordingly; but when there is no context, we should not be surprised if the system cannot cope. And it is this lack of context-in this case, the failure to inform computers of a basic assumption about the date-that lies behind what is known as the year 2000 problem, or the millennium bomb.

out of dates

When we refer to last year as '96, we assume that everyone will understand this to mean 1996. Computers, however, cannot deduce this. They only recognise years as having two digits-the last two-and so when the century changes, there is a high probability that the systems will be confused. It is not the computers' fault. They are used to regarding dates as numerical values, a string of six digits-two each for year, month and day, and in that order. They are used to seeing these numerical values increasing with the passing of each day, and can perform calculations on this basis. For example, the value of 970628 (28th June 1997) is greater than 940708 (8th July 1994).

But that logic breaks down when the first two digits of the year can no longer be assumed. The last day of 1999-991231-has a higher numerical value than the day that follows it-000101. Unless the programme knows that there is a 20 implicit in those first two zeroes, and that a 19 was implicit in the 99, it is highly likely to fail-either by subtracting in the wrong direction, or by giving a completely arbitrary answer, or by giving up completely. I have seen a laptop PC, with its system clock reset to 31st December 1999, jump into April 1984 as it reached midnight.

This has important implications. At the personal level, all kinds of files held by us or about us are date-dependent: pay, pensions, bills. At the business level there are many more: cheque-runs, invoices, purchase orders, delivery advice notes. It is easy to paint pictures of complete mayhem on 1st January 2000, especially when you remember that date-dependent processors do not just reside in computers. They can be found in everything from the world's air traffic control system to the traffic lights at the end of the road.

The date-based calculations are buried deep inside programmes, many of which were written in the 1960s and 1970s for mainframe computers that were expected to have working lives of only a few years. In many cases this assumption was correct; but when the machines were replaced, the software was transferred to the new systems, updated and translated into new computer languages. As time passed, and these machines were in their turn replaced by network-based computer systems, the software (or parts of it) was moved once again.

The result is that we have software systems which are ostensibly new, but which in fact have at their kernel routines written 20 or 30 years ago. The programmers who wrote these routines have long since moved on, or retired, or died, and much of their work is poorly understood. Very few people, especially in larger companies or public sector organisations, have a clear idea of exactly what software they have, or how it works. It was described to me once as stiffware-arthritic but vital old software that is no longer as flexible as it needs to be. This aspect of the problem is perhaps the most worrying. No one can be sure how big an issue the century date change is, nor how simple or difficult it will be to fix.

This uncertainty is to the advantage of many organisations. Two years ago people began to realise that something needed to be done; since then the amount of information and advice available has risen exponentially. For many information technology management consultants the millennium is potentially worth-well, a bomb. It is in their interests to talk it up. That does not mean there is no problem. But it does mean that its scale, both in the individual company and the entire country (or world), can be exaggerated.

how much hype?

Most consultancies providing help on the year 2000 problem address the uncertainty question by offering a systems audit so that organisations can gauge the size of the risk. Such help does not come cheap. And audits only go so far: they do not address other problem areas. For example, it is not just bespoke software that is affected. Standard applications packages may not be ready for the date change either, and many software houses, mindful of the lawsuits to which they may fall liable if things go wrong, are proving extremely cagey when confronted.

The PC problem alone is sizeable. (There are up to 400m PCs in the world.) One of the PC's basic "housekeeping" processors is called a Bios chip. Greenwich Mean Time, a company specialising in this, tested 500 different types of Bios chips and found that, of those built before this year, 93 per cent failed a year 2000 test; for those built this year the failure rate was 47 per cent. "It is simple to fix," says Karl Feilder, the chief executive. "You load a little piece of software. But it is virtually impossible to discover which PCs need fixing and which do not."

PC packaged software is yet another matter; Feilder says that there is "a huge range of grey areas" here. His consultancy tested 4,000 of the most popular packages and found that 64.2 per cent of them are capable of producing what he guardedly calls "non-compliant results": programmes either do not run beyond the year 2000; or they will not allow dates beyond 1999 to be entered; or they make the odd mistake; or-this is particularly annoying-they give every indication of accepting a four-digit year, but deal with it in the background as only two digits.

Many big British businesses are now taking the problem seriously. "Hype is an old storyline," says Paul Harborne, BT's Year2000 programme manager. "The truth is somewhere between Doomsday and 'it's all a con.' If the issue is left untreated, there will be big problems. But if it is dealt with appropriately, it holds no fear." BT has set aside a budget of between ?200m and ?300m for it.

When BT started to tackle the problem late in 1995 it recognised that this was not just a computer problem, but one which affected anything with built-in hardware and software. The company aims to resolve the issue by the end of 1998, so that accounting and other software with a 12 month lifecycle can be tested and signed off. To achieve this, BT recognises that it must not merely get its own house in order. The company has to think of its suppliers, too: if these fall behind, they could undo all BT's good work.

Harborne has written to hundreds of BT suppliers, offering them help. "We have to deal not only with commercial third parties, but with other UK telecoms carriers and with other PTTs abroad. Our work with UK carriers is going well, but with other PTTs it is going less well." In fact, he adds, international telephone lines cannot be guaranteed on 1st January 2000.

Sainsbury's, the supermarket chain, estimates that the total cost for fixing its own year 2000 problem is around ?40m. It has 135 people currently working on it-both permanent and contract staff-as well as those employed by the external suppliers it is using both here and in India. Bob Hammersley, the company's business systems manager, says that they have 14,000 programmes to check, amounting to 21m lines of code. The work-which includes liaison with 8,000 suppliers-began two years ago; the plan, like BT, is to complete it by September 1998.

All the managers concerned with the problem emphasise that it must not be regarded merely as a matter for the information technology department. "Many board directors don't understand it," says Robin Guenier, head of Taskforce 2000, created at the last government's prompting to raise awareness of the issue (and sponsored by the Confederation of British Industry). Guenier says awareness of the problem has been largely achieved. The aim now is to stress the urgency of the situation. "Boards do nothing because they think it is hype. They regard their information technology people as plumbers-while at the same time being in awe of them. This prevents them from looking rationally at the problem. The information technology people cannot decide things, the boards have got to do that," says Guenier. Like his counterparts in industry, he believes that organisations should be ready by the end of 1998, in order to give themselves a full year in which to test their accounting systems and other longterm applications. Given this deadline, he says, for many companies the problem can no longer be fixed in time.

how much will it cost?

This is not just an operational issue, but a legal and financial one, too. Board directors, Guenier says, could be liable to their shareholders if parts of the business fail and share prices plummet as a result. Suing information technology suppliers in their turn would not necessarily be successful. Some of them may argue that it was not the software itself that was to blame, but the users' own data.

Lawyers will certainly make a lot of money; but for the information technology industry as a whole, it is not the money- spinner people assume. Much of the money set aside by companies for their year 2000 programme is drawn from existing information technology budgets. As the willingness to tackle the problem grows, so the budgets to invest in other areas of new technology will certainly diminish.

How big is the year 2000 budget overall? Some costs will only be discovered as the job is done. Oil companies, for example, have monitoring equipment inside pipelines on the North Sea bed. Some companies estimate that it will cost them ?50,000 to check the processor in each monitor-and they have thousands of them.

Guenier has estimated the total budget for Britain at about ?31 billion. This is based on an average cost per year of about ?45,000 for each employee needed to sort out the problem. The ?45,000 figure balances highly paid information technology consultants and low cost offshore programmers from Poland or India. This extrapolates to a worldwide figure of ?1.5 trillion which, Guenier says, is in line with US estimates.

The Bank of England and the British Bankers Association are monitoring banks' progress on the issue. The banks, in turn, are probably the most sophisticated users of support available. But Guenier worries about what is happening (or not happening) in the public sector. Who is going to help, say, the NHS? Will it be the government?

Not according to Hugh Kearns, information technology director of the financial data group Datastream, who is disappointed by the "rather lethargic" attitude of the new Labour government. Kearns' real fear is the destruction the problem could cause in small businesses; he proposes tax breaks for small companies to make it easier for them to sort it out. "My real anxiety is what is going to happen to unemployment when every other small business in the country suddenly has a system crash," says Kearns.

Nevertheless, most people agree that Britain is better prepared than most of the rest of the world. Taskforce 2000 says that 90 per cent of British businesses have not properly calculated the size of the problem; but that still means Britain is doing better than most countries. Even the US may be lagging. A recent report for the Office of Management and Budget in Washington DC estimated that of the 4,500 "mission critical" computers that the US government needs to repair, only 6 per cent have been dealt with. "We do understand the problem better than most," says Guenier. "If we had the will, we could develop our own 'software factories' to take on the work for other countries."

So will hospitals black out and planes fall from the sky-or will the boffins sort it all out in time? Clearly there is a problem. It is going to cost a lot of time and money. It is probably manageable. But, as the Guardian's Victor Keegan recently pointed out, the cost of defusing the millennium bomb will negate years of wealth creation that computers are supposed to have generated.