Here is Ed Yourdon's testimony to the U.S. Senate Commitee on the Year 2000 Problem. It's a must read for anyone wanting to make sense of y2k. Who's Ed Yourdon? Check out his site at www.yourdon.com
transcript:
www.senate.gov/~y2k/hearings/052599/yourdon.html
Testimony of Edward Yourdon
Before the U.S. Senate Special Committee on
the Year 2000 Technology Problem United
States Senate
"Community Y2K Preparedness: Is There News
They Can Use?"
May 25, 1999, 216 Senate Hart Office Building
Thank you, Mr. Chairman, for the opportunity to
present my views on Y2K preparedness to this
committee. My thanks also to Senator Dodd,
and to the other distinguished members of this
committee.
My name is Ed Yourdon. I've worked in the
computer software industry for 35 years, and
I'm currently the Director of Y2K Advisory
Services for a research organization known as
the Cutter Consortium. I've written 25 books on
computer technology, including two recent
books that focus on the Y2K problem: Time
Bomb 2000, which I co-authored with my
daughter Jennifer; and The Complete Y2K Home
Preparation Guide, co-authored with Robert
Roskind.
In addition to my work in the computer field, I
have a second "career" - one that I share with
everyone here today. I am a father of three
children; I am a husband; I am a son; and I am a
brother to five sisters. I'm also a member of a
community - a small town in northern New
Mexico to which I have grown quite attached.
And while my background in computers may
have given me a greater-than-average
understanding of the technological aspects of
the Y2K problem, it's my role as a family
member and a community member that have
shaped my opinions about the issue of
preparedness.
Y2K preparedness, whether at the personal
level or the community level, is based on two
fundamental issues: the "stakes," and the
"risks." All of us need to examine our own lives,
the lives of our family members, and the
day-to-day activities of our community, and
then ask, "What's at stake here? What have we
got to lose? What's the worst that can happen if
a Y2K problem occurs?" And then, as a related
but nevertheless distinct question, we need to
ask, "What's the risk of such a Y2K problem
occurring?"
It's important to differentiate stakes from risks,
for otherwise, we're likely to make poor
decisions about appropriate preparations. For
example, I sometimes get e-mail questions from
people asking how they can determine the risk
of a Y2K-related malfunction in their automatic
coffee-maker. It's an interesting question, but
my response is usually, "Who cares?" Much as
we all like a good cup of coffee in the morning,
the malfunctioning of such a machine is unlikely
to be a serious tragedy.
I believe that the vast majority of Americans
can determine, for themselves, what's at stake
when it comes to Y2K. We can all understand
that our very lives are at stake if there's a
Y2K-related nuclear mishap or a Y2K-related
malfunction in a nearby toxic chemical plant.
Some of us will conclude that our health and
safety are at stake because we depend on
prescription medicines or significant hospital
care. Our prosperity may be at stake if our
employer is bankrupted by Y2K problems, or if
our investments are susceptible to a
Y2K-related stock market crash. It's important
to recognize that the stakes are different for
everyone: a young, healthy, unmarried individual
living in Florida has an entirely different set of
things to worry about than does a middle-aged
husband or wife living in northern Minnesota
with three sickly children.
Those who forget that the stakes are different
are likely to fall into the trap of offering a
one-size-fits-all recommendation about Y2K
preparedness. As you know, the most prevalent
advice from government officials today is to
treat Y2K as a "winter snowstorm," and to
ensure that we have two or three days of food,
water, and other essentials. By contrast,
several of my friends and colleagues want this
committee to make a formal recommendation
that everyone should prepare for at least a
one-month Y2K disruption. But while I
personally believe that preparing for a
one-month disruption makes far more sense
than a 3-day disruption, I believe even more
strongly that the choice and decision must be a
personal one, based on our own assessment of
our own unique set of stakes.
It may not be pleasant to identify and
contemplate the stakes, and some citizens
would prefer not to do so. It's all the easier to
ignore the stakes if we believe that the
associated risks are low - after all, why worry
about a potentially life-threatening Y2K
problem if it's unlikely to occur? Unfortunately,
in most of the situations we face, it's
impossible to prove conclusively that the risks
are zero. In some areas, the risks may be small,
just as the risk of a fatal automobile accident is
small; but since the stakes are so high, most of
us believe that it's prudent to wear a seat belt.
Calibrating the degree of Y2K risks is thus
crucial for both individuals and communities as
they grapple with the issue of preparedness. But
as this committee well knows, it's extremely
difficult to do so in an accurate, credible
fashion. This is no great surprise to me, because
it has always been difficult to predict accurately
whether a large, complex computer project
would be finished on time, or to predict how
many defects would remain undetected
throughout the software testing effort. With
Y2K, the problem has been further exacerbated
because almost all of the progress reports and
compliance statements have been
self-reported, without the benefit of an
independent, third-party audit or review. Also,
without meaning to sound too accusatory, the
progress reports and compliance statements
have sometimes been issued by companies,
industry associations, government agencies,
and entire countries that have a vested interest
in persuading their customers that they are in
good shape.
As a result, we are likely to continue discussing
and debating the question of Y2K risks right up
until midnight on New Year's Eve. In a few
cases, we may be able to calibrate the risks
accurately, and we may be able to publish the
results of a third-party audit in order to provide
the credibility that will justify our believing in
the accuracy of those calibrated risks. But for
the most part, the picture will remain cloudy,
and the risks will remain unknown and
unknowable. And that means all of us -
individuals, businesses, communities, and
governments - will be forced to make
contingency plans and preparedness decisions
in the absence of complete, accurate, detailed,
credible information. This is going to be
frustrating - indeed, for many of us, it already is
frustrating - because the decisions involve
large expenditures of money, and potentially
even life-and-death decisions. But it can't be
helped; the reality is that the debates and
discussions will continue until we finally
discover what Y2K is really all about.
Obviously, the media will play a large role in
these discussions, for they provide the most
accessible form of reports, debates,
recommendations, and information. It should be
noted that many of us in the Y2K field have
come to depend on the Internet far more heavily
than newspapers, magazines, or television; but
it seems likely that the general public will
continue depending on the more traditional
media sources for their information about Y2K.
Thus, one can't help talking about the issue of
Y2K preparedness without also talking about
the role and responsibility of the media. Since
members of the media will be offering their own
opinion and perspective during today's hearings,
I'll limit my remarks to just a few brief points:
The media has sometimes been guilty of
regurgitating press releases from
government officials, corporate
spokespeople, and industry associations
without even bother to check the
material for basic accuracy. If a press
release says, "There are 40 billion
embedded systems worldwide, and if
one percent of them have Y2K
problems, we will have 40 million
failures.", the reporter should at least
confirm that the arithmetic is correct.
(One percent of 40 billion is 400 million,
not 40 million.)
It's obviously important to report on the
speeches and announcements of key
public figures and corporate leaders,
regardless of whether the statements
uttered by those individuals ultimately
turn out to be right or wrong. But at the
same time, I believe that the media
should devote at least some of its
resources to good old-fashioned
investigative journalism; that does not
seem to be present when it comes to
Y2K. For example, Congressman
Horn's subcommittee reported in 1997
that there were approximately 9,000
mission-critical systems in the major
federal agencies; by early 1999, that
figure had mysteriously shrunk to
approximately 6,000. What happened to
the other 3,000 systems? Why hasn't
some reporter done some research to
identify at least a few of the systems
that were once considered
mission-critical, but have now been
demoted to a lower level?
While columnists and editorial-page
writers are obviously free to express
whatever opinions they might have
about Y2K, it's important for the
"news" articles to avoid hype,
extremism, and emotional rhetoric. This
is still a common tendency, especially
when it comes to newspaper headlines.
Last summer, for example, I was
interviewed for two hours by a
professional, responsible reporter who
wanted to know my opinions about Y2K;
the article that she wrote was objective
and well-balanced, but the headline
read, "Y2K Expert Heads For The
Hills." Another newspaper interviewed
me on the phone, and then instructed a
local freelance photographer to come
take a picture of my "bunker" so that
they would have a dramatic photo to
accompany the article.
Of course, the media is not the only source of
information about Y2K, nor should we depend
exclusively on the media for recommendations
about Y2K preparedness. Most of us will find
that we need to talk to others - our family
members, our friends, our business colleagues,
our neighbors, and our local government officials
- in order to have a better understanding of
what's at stake, and what the risks are. To
make those discussions as effective and
productive as possible, there are two things we
must do:
Avoid the emotional rhetoric and social
stigma that has been attached to much
of the dialogue about Y2K preparedness
up to this point
Strive for "full Monty" disclosure about
Y2K risks, so that citizens can be as
well-informed as possible when they
make their decisions.
The emotional rhetoric that has characterized
many speeches and articles about Y2K
preparedness has unfortunately polarized the
country into two groups of extremists, when
most of us would prefer to find a "middle
ground" where we are comfortable. Those who
have an optimistic outlook about Y2K are often
characterized as naïve, foolish, irresponsible
"pollyannas" who refuse to make any
preparations at all for Y2K disruptions. And
those who have a pessimistic outlook about
Y2K are often characterized as hysterical,
gullible "doom-and-gloomers" who threaten the
nation's economy by attempting to corner the
market in Spam and tuna fish.
It should be possible to discuss Y2K personal
preparedness as calmly and objectively as we
discuss, say, appropriate levels of life insurance
and medical insurance. If I were to ask everyone
attending this hearing how much life insurance
he or she had, the most likely answer would be
"Enough." If I pressed further, I would probably
discover that some people had ten times as
much insurance as others - because their
circumstances are different, and because their
perception of the need for insurance is different.
But it's unlikely that the discussion would be
distorted by angry rhetoric; it would simply be
an exchange of information that might help some
of us re-think the rationale that we used for
determining how much insurance we needed.
When it comes to Y2K preparedness, though,
we citizens are often subjected to ambiguous,
undefined, emotional rhetoric - not only by the
media, but also by government spokespeople,
whose remarks are duly recorded by the media -
that makes it far more difficult to have the kind
of thoughtful discourse that we need, in order to
make prudent decisions. As an example, you
may recall that in early February, this committee
listened to testimony from representatives of
the food industry about the possibility of
Y2K-related disruptions in food supplies.
During the hearing Mr. C. Manly Molpus,
president of the Grocery Manufacturers of
America, cited a report produced by the Gartner
Group that concluded ''consumer behavior,
fueled by misconceptions, could actually
present the greatest threat'' through ''needless
and frivolous stockpiling."
Think about that phrase for a moment: frivolous
stockpiling. When is the last time you heard
someone say, "I'm feeling very frivolous today,
so I think I'll go down to the grocery store and
do some stockpiling."? Could you distinguish
between a frivolous stockpiler and a
non-frivolous stockpiler if you saw them
wheeling their grocery carts down the aisle
containing tunafish and rice? I understand the
concern about "needless" stockpiling, and I'm
well aware of the concerns that large amounts
of stockpiling could create shortages, but when
the pejorative term "frivolous" is introduced into
the sentence, it subtly implies that any
stockpiling is silly and childish, or politically
incorrect, socially unacceptable, and downright
unpatriotic.
None of us wants to be unpatriotic, and none of
us wants to be the cause of a national food
shortage. But warnings about such behaviors
don't help us answer the practical questions
that we all have to answer for ourselves: how
much stockpiling is prudent? How much is
enough? What kind of guidelines should we use
to make our own determination of when we've
gone too far?
A superficial sound-bite answer - e.g., "three
days of food is enough" - doesn't help either,
for it doesn't acknowledge that different people
have different circumstances. What if I'm
sincerely concerned about the combined impact
of disruptions in food delivery to the grocery
stores and disruptions in fuel delivery to the gas
stations, which I need in order to drive to the
grocery store and disruptions in my ability to
obtain cash from my ATM machine? What if I
have good reason to believe that Y2K will cause
my employer to shut down for a month, leaving
me without any income? Perhaps a three-day
food stockpile is sufficient for the average
family - but some will be comfortable with only
a one-day supply, while others may feel they
need and want a month's supply.
As another example of unfortunate rhetoric,
consider the remarks made by Federal Reserve
Chairman Alan Greenspan on May 6th of this
year, at a Chicago Fed conference, after
delivering a speech about the economy: "I'm
increasingly less concerned about whether there
will be true systemic problems. What I am
concerned about are peoples' reactions to the
fear that something momentous is going to
happen on January 1st 2000.'' He went on to
say, "I'm sure that people will get very wise
soon and recognize that the last thing you want
to do is to draw inordinate amounts of currency
out of the banks."
It's comforting to know that Mr. Greenspan is
"increasingly less concerned" than he
presumably was at some point in the past,
though it would be nice to know what he means
by "true systemic problems" and why he's less
concerned. But if I'm a typical middle-class
citizen, I'm probably less concerned about such
cosmic issues as "systemic problems" than I
am about the question of whether I should take
some of my money out of the bank. And it's the
last sentence of the excerpt quoted above that
addresses that question.
Most of us understand that Mr. Greenspan is
advising us not to do anything extreme or rash.
But how are we supposed to translate that into
specific action? In particular, how are we
supposed to interpret the word "inordinate" in
the context of Mr. Greenspan's sentence? Is
$100 inordinate? A thousand dollars? A week's
income? A month's income? Does "inordinate"
mean the same thing for all of us, or does it
mean something different for married people
with children than it does for single people?
Take a look at Mr. Greenspan's sentence again
- "I'm sure that people will get very wise soon
and recognize that the last thing you want to do
is to draw inordinate amounts of currency out of
the banks" - and you'll see that it raises a
number of other questions, such as:
Does Mr. Greenspan mean that
"people" are not very wise today? All of
the people? Some of the people? Am I
one of those people? Is he one of those
people? How would we know one of
those unwise people if we bump into
them?
Just how "unwise" are we? How long
have we been unwise? What made us
unwise? Is our unwiseness dangerous to
our health? To someone else's health?
What credentials are required to declare
that someone is wise or unwise?
Just how "soon" we all become "very
wise"? Tomorrow? Next week? Next
month? How will we know when it has
happened? By what miraculous means
will this occur? How much wiser will we
be when we have become very wise?
Twice as wise?
What is the basis - i.e., "I am sure" -
for Mr. Greenspan's confidence that
this sudden increase of wisdom will
occur soon? Is there some
pronouncement we should be waiting
for, e.g., where the GAO and the
President hold a joint conference in
which they provide both scientific proof
that there won't be any major
breakdowns?
Why is drawing "inordinate amounts"
(whatever that means) the "last thing
you want to do"? What are all the things
that would precede this last thing - i.e.,
is there a subtle implication that there
might be other "socially acceptable"
forms of Y2K preparation that would
okay, just so long as the "last thing" we
contemplate is drawing out inordinate
amounts of currency?
If the drawing out of "currency" is being
described as a not-very- wise act of
not-very-wise people, is there some
other form in which it could be
withdrawn that would meet the approval
of the very-wise-ones? What about
T-bills? What about gold? What about
writing a check that empties your bank
account, for the purchase of a zillion
cases of Spam?
With all due respect to Mr. Greenspan, I don't
think that speeches like this one contribute to
the kind of thoughtful discourse that we need to
have if we hope to make an informed decision
about what we plan to do with our money that
currently resides in the nation's banks. On the
contrary, the speech consists of a number of
ambiguous, undefined terms strung together in
such a way as to provide an emotional appeal
against panicking.
Along with thoughtful, unemotional discourse
about Y2K preparedness, we also need detailed
information about the extent of Y2K risks. Most
of what we citizens know about those risks has
come from this committee, and from
Congressman Horn's committee in the House -
and we are immensely grateful for the effort
you've made to disclose this information for all
to see. But we need even more information, and
we want the government to continue applying
whatever pressure it can on the nation's
utilities, banks, telephone companies, hospitals,
and other critical industries to disclose their
true state of Y2K readiness.
Unfortunately, this is an area where government
is sometimes part of the problem, rather than
part of the solution. It's quite understandable
that the Defense Department is unwilling to risk
the nation's security by disclosing the Y2K
readiness of its various weapons systems. But
it's extremely frustrating to learn, for example,
that the study of Y2K airport readiness
conducted by IATA will be completed in late
June, but won't be released to the public until
January 1, 2000. And it's even more frustrating
to learn that we are not allowed to see the
results of FDIC examinations that would help us
assess the Y2K readiness of our own banks.
This restriction was posted on the FDIC web
site on July 8, 1998 and it was still there as of
May 16, 1999:
"Information from Year 2000 assessments are
governed by the same rules of confidentiality
that apply to FDIC examinations for safety and
soundness, compliance, information systems,
and trust activities. Under Part 309 of the
FDIC?s rules and regulations, disclosure of
reports of examination, or any information
contained in them, is strictly prohibited.
Accordingly, institutions may not disclose results
from Year 2000 assessments just as they may
not disclose other types of examination
information.
"Moreover, disclosure of such information to
third parties such as financial ratings firms or
fidelity bond carriers is likewise prohibited.
Requests from such entities are not authorized
by the FDIC or any other banking regulator. In
light of the blanket prohibition on disclosing
ratings, compilations of Year 2000 ratings by
such firms are necessarily
incomplete and unreliable?.
"The FDIC, in conjunction with the other
federal banking agencies, also assesses the Year
2000 readiness of the majority of service
providers and selected software vendors. The
FDIC and the other federal banking agencies
disclose the assessment information of such
service providers, and those software vendors
who consent to disclosure, to their insured
financial institution customers. However, under
the same disclosure rules that apply to financial
institutions, service providers and software
vendors are not authorized to disclose their Year
2000 assessment information. Likewise, insured
financial institution customers may not disclose
the assessment information of their service
providers or software vendors?"
I realize that some of these restrictions and
prohibitions against full disclosure are intended
to prevent "scaremongering" (to use the term
IATA used to explain its decision not to publish
the airport status report), and to prevent
unnecessary panic on the part of the public. But
I'd like to remind the committee that the media
is filled with news every day on a variety of
topics that could make people panic just as
easily as they might about Y2K. There are
people panicking today about the possibility that
the Kosovo crisis will escalate into nuclear
warfare with Russia. There are people panicking
over the possibility that global warming and
pollution will make the planet uninhabitable for
their children. And, yes, there are people
panicking about Y2K - and only time will tell
whether their panic was justified or not.
As responsible adults in this free society called
America, we have both the privilege and the
responsibility to digest and respond to a
massive flood of information each day - and to
decide for ourselves what's worth panicking
about, and what's not. If the government
decides, in its infinite wisdom, to restrict
access to that information, then it has not only
usurped our freedom, but has also taken upon
itself a God-like responsibility for our lives and
safety. Perhaps there are some Y2K risks that,
if presented to the public, would cause a
panic-stricken over-reaction. But we won't
know that for certain until January 1st, and
unless someone can provide an absolute,
independently-certified proof that a perceived
Y2K risk has been completely eliminated, there
is always the chance that the optimists may be
wrong. If it does turn out that the optimists are
wrong - even in a few aspects of Y2K - and if
it turns out that the government deliberately
withheld information that would have allowed
citizens to ma ke their own decisions about
prudent preparations, then I fear that whatever
shred of faith our citizens have in their
government may be lost forever. (In that
context, by the way, I hardly need remind the
committee that 2000 is an election year.)
The great irony is that if we collectively
participated in an "organized panic" now, we
would still have time to equip each family with
at least a modest supply of food, water, and
other essentials. Indeed, the arithmetic is rather
compelling: a month's food supply represents
one-twelfth, or 8 percent, of a full year's
supply. If this nation had decided at the
beginning of 1999, under the leadership of the
President or the Congress, that a "prudent
panic" over Y2K meant stockpiling a month's
food for every family, we would have been faced
with the relatively modest task of increasing
agricultural output by a mere 8 percent. If we
had begun such a task in January 1998, we
would only have had to increase agricultural
production by 4 percent each year. Indeed, we
might not even had needed that much; our
agricultural industry is already suffering from
low prices and over-production, and one would
imagine that every farmer in the land would be
thrilled at the prospect of helping people fill up
their pantrie s.
Obviously, we did not have such a national
consensus, and it's doubtful that we will
manage to do so in the short amount of time
remaining. Our situation today is much like
Aesop's fable of the ants and the grasshoppers:
there are only a few ants who feel that Y2K
requires non-trivial preparations, while a vastly
larger number of grasshoppers continue going
about their day-to-day affairs without any
concern at all about Y2K. What this means, of
course, is that if Y2K does turn out to be a
serious problem - involving disruptions in food
distribution, fuel, utilities, banking, medicine, or
a number of other critical industries - then we
will see a real panic on the part of the
grasshoppers that will make the modest panic of
today's ants pale in comparison.
The ultimate irony is that the ants have already
made their decision, and are wrapping up their
preparations even now; and the vast majority of
the grasshoppers would continue frolicking even
if we disclosed every gruesome detail about
Y2K risks. But with full disclosure, it's possible
that a few grasshoppers might be motivated to
join their fellow ants; and it's also possible that
a few ants would decide that additional
preparations were no longer necessary, in which
case they would be happy to join the
grasshoppers' party. The ants might even have
to admit, 230 days from now, that they made a
mistake about Y2K; but most of them would tell
you that it was an edible mistake.
Preaching to the grasshoppers is one of the
reasons there is so much interest in community
preparedness today; it does little good for an
individual to be prepared for Y2K disruptions if
he is surrounded by neighbors who are not. But
conversely, it's unrealistic to believe that we
can accomplish effective community-level
preparedness if a reasonable percentage of the
individuals completely ignore the topic. My
colleagues on today's panel will, no doubt, share
some very encouraging ideas and developments
in the community-preparedness area, and I have
also been fortunate that my own community has
an active Y2K group. On the other hand, the
average turnout for community Y2K groups in
several different states that I have visited is
usually about one percent of the population. For
the most part, that one percent represents the
"ants" who are already knowledgeable about
Y2K, and simply want more specific information
about the status of their community's electric,
water, and gas utilities in order to d etermine the
extent of their own preparations. And the 99%
who fail to appear at these meetings are, for the
most part, the "grasshoppers" who have
apparently decided, consciously or
unconsciously, that the Y2K problem doesn't
merit any serious concern.
In any case, I can only tell you that I do want
the full, unvarnished truth about Y2K risks so
that I can exercise the responsibility that I have
for my family and my community. I may not
represent a majority, but from the massive
amount of e-mail that I receive every day, I
know that there are several thousands of
concerned citizens across the land who share
my feelings. We learn that some 90% of the
large companies in the U.S. are planning Y2K
"control centers" for the millennium rollover, and
that many companies are stockpiling a month of
parts and raw materials - and we wonder
whether we should be doing the same thing. We
learn, from a variety of sources, that roughly
half of the small businesses, small towns, and
small countries outside the U.S. have not even
begun their Y2K preparations - and we wonder
what impact this will have on the global
economy, and why so many economists
continue telling us that it won't have any impact
at all. We read story after story about the good
progress that large companies and major
Federal agencies are making - but then we read
in the May 17th issue of the New York Times
that large companies are falling behind
schedule, and that 22% don't think they will
finish even their mission-critical systems.
Some of us work in the computer software
industry, and we know, from our own experience
as well as the statistical data from metrics
experts such as Capers Jones and Howard
Rubin, that 15% of all software projects are late
(by an average of 6-7 months), and 25% of all
projects are cancelled before completion - and
we wonder what kind of special information or
knowledge allows our nation's leaders to
realistically expect that things will be
substantially different for the thousands of Y2K
projects underway today. Those who are
determined to be optimists about Y2K can pluck
from this hodge-podge of information the good
news that they want to read; and those who are
determined to be pessimists can find the bad
news that they need to confirm their fears. But
those who seek a middle road are merely
confused; they don't know what to believe.
History will tell us, in a mere 230 days, whether
Y2K really was a mere bump in the road, or
whether it was something far worse. If indeed it
does turn out to be worse, it won't be the first
time our nation has faced such a crisis. Indeed,
the very creation of this country two hundred
years ago was a crisis - a crisis in which we
obviously prevailed. And my plea for full
disclosure of Y2K risks, no matter how bad they
may be, is echoed by the words of a famous
patriot, speaking before the Virginia Convention
on March 23, 1775:
" It is natural for man to indulge in the illusions
of hope. We are apt to shut our eyes against a
painful truth, and listen to the song of that siren
till she transforms us into beasts? For my part,
whatever anguish of spirit it may cost, I am
willing to know the whole truth; to know the
worst, and to provide for it."
-- Patrick Henry
Home Page:
Future, Doomsday, Year2000