|
|
|
|
|
The Year 2000 Crisis: Conducting a Legal Auditby Michael D. Scott* Table of Contents
IV. Conclusion I. Introduction In conjunction with a technical audit for Year 2000 problems, legal counsel should be conducting a simultaneous legal audit. There will be similarities between the legal audit conducted for a vendor of computer goods and/or services and a legal audit conducted for a user of such goods or services, but there are important differences as well. For a vendor,[1] such an audit would consist of a review of all of the following:
From a legal perspective, a vendor is concerned with two matters.[6] First, whether the vendor has potential liability for Year 2000 problems which exist in its own products or third party products for which the vendor is responsible (as a maintenance provider, outsourcer or otherwise), as well as its services. And, second, whether it may have rights against third parties (such as component suppliers, master software licensors or trading partners) for (i) indemnification against claims made by third parties, or (ii) direct claims for damages to its own business. For a user, relevant documents to be reviewed include: · Purchase agreements for hardware and computer systems · License agreements for software or databases · Development agreements for software or databases · Maintenance and support agreements · Computer service agreements · Third party agreements with trading partners · Manuals and other documentation for vendor products[7] · Vendor advertising and promotional materials[8] · Merger and Acquisition Agreements · Publicly available disclosure documents filed with public agencies by vendors, which relate to a vendor’s products or services[9] and · Insurance contracts.[10] The user will seek to determine whether it has (i) direct claims against vendors of goods or services for any damages or disruption to the business it may suffer, or (ii) potential liability to third parties (e.g., customers, trading partners) for any system failures it may encounter. A. Documentation Documentation distributed in connection with products or services may contain warranties or representations concerning the quality and/or functionality of those products or services. Product documentation will seldom (if ever) mention Year 2000 compliance directly, it may indirectly make representations that a trier of fact could relate to the Year 2000 situation. For example, the documentation could state: "This software will properly deal with leap year and other date-related data." Or the documentation might state: "Data entry verification procedures insure that no incorrect dates are entered into the database." Sometimes, the license agreement itself is printed in the software documentation. Documentation distributed with any updates, upgrades or new versions of the products should also be reviewed, since they may be different from the documentation for the original version of the product. B. Advertising/Promotional Materials Advertising, including sales sheets, display advertising, and press releases, should be reviewed for any representations that could be troublesome. Often, marketing personnel, in the heat of competition, may make exaggerated claims for their products or services. Such popular terms as "fool-proof," "the last accounting package you will ever need to buy," "error-free, and so on, could be construed as implying that the products are Year 2000 compliant. While most contracts contain integration clauses,[11] under which the vendor will seek to have promotional materials deemed to be express warranties and representations, depending on the application of the parol evidence rule, such documents may be admissible in litigation. C. Disclosure Documents There are various governmental agencies, most notably the Securities and Exchange Commission, which require publicly traded companies to file certain documents which are generally available to the public. These documents, called "disclosure documents," must disclose information that might have a negative impact on the company, its business, and its financial well-being. An existing or looming Year 2000 problem is just the kind of information that must be disclosed. A careful review of the company’s disclosure documents may provide important information on the type and extent of Year 2000 problems the company is facing, what it intends to do about them, and whether the company expects all of the Year 2000 problems to be rectified before they begin causing difficulties for customers and third parties. II. Insurance Contracts While there were predictions of extensive changes in the insurance industry to cope with the Year 2000 crisis, little has happened. The reasons for this are clear: (i) there is a very soft market now for insurance, and companies are looking for revenue wherever they can find it; (ii) the Year 2000 risks and liabilities are difficult to determine, and (iii) there is no statistical history of the frequency and significance of Y2K claims. Currently, there are only two companies that offer specific Year 2000 liability insurance, and each one has significant downsides. In addition, virtually all insurance companies are excluding Director and Officer (D&O) coverage[12] for Year 2000 problems as D&O policies come up for renewal. Even though the insurance industry is somewhat soft, and the insurers would like to not disturb the current D&O policies, the re-insurers are insisting that the items be excluded.[13] It has been reported that these exclusions may not hold up in court, but that is currently unclear. In addition, some underwriters are considering or have begun excluding Year 2000 coverage from their policies, particularly those covering business interruption, error and omissions, product liability, and professional liability. While only a handful of such exclusions exist today, such as in professional liability policies for computer services companies, the number is expected to increase in the future.[14] The Year 2000 exclusions may become a larger issue during year-end renewals, particularly because U.S. and U.K. accountants may begin to issue qualified opinions for clients that lack a comprehensive plan to achieve Year 2000 compliance, are not Year 2000 compliant, have not estimated, or are not willing to report material costs to correct the problem. In addition, vendors may be sued for errors and omissions[15] or on product liability claims.[16] Insurance is also available for those occurrences. No matter what type of insurance is chosen, there are common exclusions that may affect coverage for a Year 2000 dispute. These common exclusions include: · intentional acts · fraudulent or dishonest acts · unauthorized use, access or tampering with data or systems, and · breach of contract.
A. Commercial General Liability A Commercial General Liability ("CGL") policy provides coverage for specific named perils, such as bodily injury, property damage, advertising injury or personal injury to a third party caused by the insured actions or failure to act. A CGL policy may provide coverage for the corruption or loss of data due to a Year 2000 problem.[17] B. Business Interruption Business interruption insurance is a type of insurance that a company can obtain to protect itself against loss of business income and costs to the company of placing itself back in its original position after a catastrophe, such as fires, floods, hurricanes, and mudslides, or other "fortuitous event."[18] Generally, this insurance was not intended to cover business interruptions caused by computer or other equipment failures due to vendor negligence, and such problems may be specifically excluded. An insurance carrier would argue that since the Y2K problem has been known in the computer industry for many years, and in American industry in general for at least a couple of years,[19] and is totally within the control of the vendor to correct, it is not a "fortuitous event." It is important to review existing business interruption policies to determine whether Year 2000 problems would be deemed excluded by the language of the policy. It is likely that if insurance carriers have not already done so, they may issue riders or give notice to clients at the time the insurance policies are renewed that Year 2000 problems are specifically not covered by the business interruption insurance. C. Errors and Omissions/Professional Liability Another coverage available to vendors is Errors and Omissions (E&O) insurance, sometimes called "computer malpractice" insurance. E&O insurance typically covers defined "damages" and associated "defense costs" that a vendor may be obligated to pay because of an error or omission in provided certain defined "insured services" to others. Claims can arise as a result of actual and affirmative performance (these are considered "errors") or through the lack of performance (these are considered "omissions"). Assuming that a vendor’s software development and maintenance services are defined as "insured services" under the E&O policy, the insurer will have to respond to a third party claim involving an error or omission committed by the company in the course of a covered transaction. Not surprisingly, the Year 2000 problem is receiving substantial scrutiny from underwriters of E&O coverage. Existing policyholders may find restrictive endorsements imposed at renewal, and new applicants may find that they cannot obtain this insurance at all, if they are deemed to be high risk. Where the defendant is a lawyer or accountant, coverage may be available under a general malpractice insurance policy. D. Product Liability These policies typically cover defined damages and defense costs arising out of claims that the insured’s products (as opposed to services) gave rise to damages. Insurance companies are scrutinizing product liability policies carefully and may impose restrictive endorsements at renewal of existing policies and limit or refuse to write such policies for new clients. E. Directors and Officers (D&O) After the big scare to Board members and the cover articles in magazines like Time and Newsweek magazines about the potential lawsuits and liabilities of members of publicly-held boards in the early 1990s, Directors and Officers (D&O) liability insurance became a critical issue. D&O liability insurance protects members of a Board of Directors and corporate officers from personal liability as long as they carry out their duties following the "Business Judgment Rule," make informed decisions, stay independent (do not have a conflict of interest with the company), and make decisions that are for the benefit of the company. Without such insurance, it would be very difficult to attract successful and experienced individuals to serve as board members. If a company does not have the financial wherewithal or is otherwise unable to cover certain actions made by Board members, the D&O insurance comes into play. To know whether or not a person is covered by Directors and Officers (D&O) insurance , ask for and review a copy of the D&O insurance policy. A person may be a statutory officer, per the articles of incorporation, or though other means. However, just because his or her title includes the word "Officer" does not mean that person is covered by the D&O insurance (i.e., one’s title doesn’t necessarily make one an officer for D&O coverage). Ask the company’s insurance broker for industry-wide D&O survey information and compare that to the existing corporate policy. Ask questions and know the coverage and obligations. D&O policies typically have an attachment of the "Positions and Titles of Covered Insureds." Most "good" companies have this list -- it should be review to eliminate any concerns. New positions and report titles are being created all of the time. If a particular position is not specifically listed, but the omission appears to be more of a semantic "title" discrepancy, an insurance company may still defend. However, if it looks like the person will lose the case with a large judgment against him/her, the insurance company might at that point take the position that even though it defended the person, such person was not an officer of the company under the law and/or insurance contract, and thus the insurance company is not responsible for any liability assessed against that individual -- even though the company would still be liable for such employee’s conduct -- unless criminal. If, for example, the CIO is not considered an officer and not covered under the D&O policy, then he/she is almost certainly covered under the normal company employee liability policy, and usually is not to subject to suit by third parties for failures that may have happened while the individual was performing in the normal course of his/her duties. In rare cases where employees are sued, it is unlikely that judgments will be awarded against the individual, since such suits almost always name the officers and directors as well and the damages are paid at that level (i.e., you don’t sue the engineers who designed the Pinto or the quality assurance manager who approved the design, or even the General Manager of the Ford plant that manufactured the cars -- because they were acting at the direction of others who made the decisions to market the defective automobiles. Even if an non-officer employee were sued, the plaintiff would receive its damages from the higher levels officers and directors before the lower level employee would have to pay anything.) Exclusions from D&O policies generally include claims based upon criminal conduct, fraudulent or dishonest conduct or intentional acts. While insureds have generally not be required to provide detailed information for renewals or even initial policies, some carriers are requiring specific information on the insured Year 2000 compliance program, any material changes in its financial statements or audit committee procedures, or any claims or potential claims made against the company’s directors or officers. F. Specific Year 2000 Policies While many companies believe that Year 2000 risks are essentially uninsurable because of their size, they do believe that insurance for smaller companies may be possible. Two companies have announced that they will offer Year 2000 insurance coverage -- American International Group (AIG), and J&H Marsh McLennan (hereinafter J&H/MM). The two offer different policies. As of this writing neither company has actually issued insurance to any clients/customers, even though the intended insurance was announced in February 1997. AIG offers three kinds of coverage. Taken from AIG’s Millennium Policy -- Basic Policy Characteristics:
Each potential insured must undergo a technical assessment of their conversion plans and processes by the underwriters and a Year 2000 conversion "expert." Minet (the designated broker) and AIG have retained the services of Anderson Worldwide's Year 2000 consulting group (and it appears some other firms may be used as needed) to review the Year 2000 conversion plans of potential insureds who apply for the coverage. If the insured "passes" the technical review, premiums will be determined on a risk-rated basis (i.e., based upon the insured’s specific environment, plans, resources, schedule) and collected in installments over the policy period. The policy term is from inception until January 1, 2001 for losses occurring during the policy period. The Policy continues:
Interested parties will be required to fill out an application that will identify the environment and status of the applicant. It will include information regarding to Year 2000 awareness, Year 2000 project plan, Year 2000 progress against the project plan, Year 2000 inventory, Year 2000 budget, and additional documentation to allow the applicant to discuss the tools being used, the project organization and staffing, and other kinds of information that will allow the insurer to understand the sophistication, progress, status, and risks associated with the applicants insurance requests. These applications will be reviewed by independent third-party accounting/consulting for accuracy and risk with on-site visits and audits. If the application is accepted, the cost of the audit will be offset against the initial premium. Of specific interest in the AIG policy is an exclusion, whereby the policy does not insure against Loss "arising out of any intentional interference with the entities’ Millennium Conversion" and/or computer systems "by the insured, or vendor with the knowledge of, or at the direction of any insured." The "Millennium Conversion" is "the process whereby a company remediates, rewrites, renovates or replaces its Computer Systems to obtain Year 2000 compliance, including but not limiting to:
In addition, "under coverage A or B," (that is, the direct business interruption or the contingent business interruption insurance provided) if the insured does not resume operation or the insured does not resume operations as quickly as possible, "the insurer will pay Loss based on the length of time that the insurer, at its sole discretion, determines it would have taken the insured operations as quickly as possible." Here, the insurance company gets to second guess the company’s progress, and, at its sole discretion (although this must be done in good faith), decides how much the insured will be reimbursed. While that may be typical with other policies, it could be particularly troublesome here, especially if the insured’s failure is dependent upon problems with the systems of its trading partners, which is specifically what module B insurance coverage is supposed to cover. Lastly, if in the insurer's sole opinion there has been "a material change to the conversion plan which might increase or otherwise expand the liability of the insurer not contemplated when the policy was originally issued," then essentially, the policy will continue in full force and effect for covered areas occurring prior to the effected dated material change, and there is additional discussion in the policy regarding how this will effect the different modules, i.e., Coverage A, Coverage B and/or Coverage C. If there was a potential billion dollar liability to an applicant insured, the insured will pay up to $85 million for $100 million of coverage (there also appears to be a $1 million deductible per claim). Thus, if the applicant actually experiences $600 million in losses, the applicant will effectively pay the million dollar deductible, the next $85 million of the $100 million covered, with the insurer picking up the next $14 million tier, and the insured again picking up the next additional $500 million. For big companies, it would appear that the money is better spent on fixing the problem than paying for insurance. However, each company must decide on its on. The J&H/Marsh McLennan (J&H/MM) insurance, which will be underwritten by Lloyd's of London among others, will be similar in coverage to AIG’s policies, but will be a more traditional risk-transfer policy, whereby the insured pays premiums, and there are no refunds based upon experience (as provided by AIG). The J&H/MM insurance is titled "2000 Secure Liability, Business Interruption, And Hot Site Expense Policy." Based on the 5/23/97 draft policy wording, the policy also provides for the use of "a qualified service bureau" to process Back Office functions after 1/1/2000 as a result of Year 2000 problems of the insured affecting the insured's ability to process back functions, with some limitations. Like AIG, J&H/MM's policy also will be initially independently audited, with on-going audits performed quarterly. If there is a change in the applicant's plan, unspecified changes in the policy and the coverage may result. Each applicant will have to determine what this means in his or own situation before proceeding. The auditors will review
The audits will be provided by the 2000 Secure Audit Company, LLC, a joint venture of systems engineer Assent Logic Corp. of San Jose, CA and LeBoeff Computing Technologies of New York (a unit of the LeBoeff Lamb law firm). Depending upon the size and complexity of the audits required, such audits will cost between $40,000 and several hundred thousand dollars or more. J&H/M&M believes that, in addition to preventing a crisis, the audits would "serve to provide a strong defense for management against subsequent allegations of failure to act with due diligence." At the present time, it does not appear that such audits would be covered under attorney/client privilege and thus, such audits, if negative, could end up being a smoking gun in court against the officers and directors if they did not prudently and quickly implement and perform the processes required to address the Year 2000 problem using good business judgment. Coverage for legal liability and business interruption of up to 100 million British pounds (approximately $170 million at this time), is being arranged by J&H/M&M. Note however, this will be subject to "a substantial self-insured retention" relevant to the magnitude of the risk and its exposure concern. Representatives of Marsh McLennan indicate that much of the details regarding how the new product will actually be offered and under what circumstances has yet to be finalized. They seem to be taking a reasonable approach, but there has been nothing definitive in writing as of April 1997 -- although they hoped to have a sample policy soon. And while they are using consultants up-front and throughout the Year 2000 project to assist the underwriters in determining initial and ongoing risk, it is still unclear what will happen if the insured starts off well on its Year 2000 plan, but falters, thereby precipitating some kind of catastrophe. Minet’s policy takes a different approach that is akin to self-funding. It appears to work this way: They will insure a company for up to $200,000,000 for Year 2000 failures. This will cost the insured $100,000,000 or more in four premiums to be paid before Jan. 1, 2000 -- depending on the risks assessed by the underwriter (and perhaps a consultant). Up to a $100,000,000 loss comes out of the premiums. Between $100 and $200 million, Minet picks up the damages and defense costs. If no loss occurs, the insured will get back something like 90% of the premiums paid, with the insurance company keeping the remainder. Under this policy, if the loss is $1,000,000,000, the insured pays the first $100,000,000 and the last $800,000,000. It seems clear that those who need the insurance most will not be able to get it without paying huge premiums that they likely do not have. In other cases, one needs to determine whether it would be better to invest the $100,000,000 premium toward developing a Year 2000 solution, instead of purchasing this insurance. There does not appear to be any "first-party" insurance for this situation -- that is, insurance which will cover a company’s costs in correcting the Year 2000 problem. In regard to "third-party" insurance (liability to others), perhaps the most obvious coverage for some of these claims will be Directors and Officers liability insurance and Errors and Omissions coverage. III. Specific Contract Provisions In analyzing a contract, regardless of subject matter, to determine the respective rights and responsibilities of the parties vis-a-vis Year 2000 Problems, there are a series of provisions which appear in most contract, that are particularly relevant. These include:
A. License Rights Provisions Where a software or database vendor cannot or will not make its products Year 2000 compliant, or where the licensee has reasonable doubt that the vendor will make its product Year 2000 complaint, the license may decide to modify the products itself, or hire a solution provider to do the work. Leaving aside the question of whether anyone other than the vendor can reasonably make the necessary changes to make the product Year 2000 compliant in time,[33] a more basic legal question is whether the licensee has the rights under the license agreement to engage in such activities:
The license rights provisions spell out what right the licensee has with regard to the products and need to be reviewed carefully to determine what rights the licensee has under the express terms of the agreement[39] In addition, the fair use provisions[40] and Section 117 of the Copyright Act[41] should be reviewed as well. Section 117 provides certain additional rights which every licensee receives, even if not specifically set forth in the license agreement, and even if the vendor attempts to disclaim or preclude them.
The most important right held by a copyright owner is the exclusive right of reproduction.[42] The license normally will set forth the reproduction rights granted to the licensee. These rights are generally limited to (i) copying the software/database into the storage medium of the computer system; (ii) loading the software/data into memory for execution of the program; and (iii) making a back-up or archival copy of the program/data in case of system crash or data loss. Many licenses do not specifically spell out the reproduction rights granted to the licensee, but simply provide that the licensee has the right to "use" the software or data. Since "use" is not one of the rights enumerated in the Copyright Act, there has been confusion as to what reproduction rights exist under such a license term. It is generally assumed that "use" of software or data implies the rights to copy the product into permanent storage on the target computer system and to load the product into memory for execution. However, those implied rights are limited to the licensee, and do not extend to a third party,[43] such as a solution provider. The right to make back-up copies is granted by Section 117 of the Copyright Act,[44] even where the license does not provide for such copies, and even if the vendor attempts to deny the licensee the right to make back-up copies. However, except for being able to save copies of the system for evidentiary purposes, the right to make back-up copies, in an of itself, will be of limited value to a licensee with a Y2K Problem. 2. Decompilation/Reverse Engineering "Decompilation"[45] and "reverse engineering"[46] may be required to obtain a human-readable version of the software,[47] if the vendor refuses to provide access to the source code.[48] The right to decompile or reverse engineer the software is seldom granted to a licensee. Indeed, it is often expressly prohibited. If the licensee or a third party hired by the licensee to correct the Y2K Problems decompiles, disassembles or otherwise reverse engineers the "object code" version of the software, the licensee and/or the third party would be violating the copyright held by the software owner. The licensee’s right to reverse engineer the software, if any, must either arise under Section 117 of the Copyright Act,[49] under an equitable theory of implied license, under the "fair use" doctrine,[50] or as part of the licensee’s efforts to mitigate damages. Whether any of these positions would be accepted by a court is unclear. Several courts have approved reverse engineering, where such conduct was the only way in which the defendant could gain access to the unprotected ideas and functional elements of the computer program.[51] However, in the Y2K scenario, the licensee or third party is not merely desirous of gaining access to the ideas contained in the code, but needs access to and use of the code itself to prepare the necessary Y2K modifications. As such, these cases are of no assistance. 3. Modification/Derivative Works The Copyright Act grants the owner the exclusive right "to prepare derivative works based upon the copyright work."[52] The software license may or may not specifically permit the licensee to make changes to the code; or it may specifically prohibit the creation of such works. If the license does not permit the creation of derivative works, the licensee or a third party hired to correct Y2K Problems can be charged with copyright infringement, while the licensee may also be charged with breach of contract. The licensee may claim the right to modify the code under Section 117 of the Copyright Act,[53] or may contact the vendor to obtain consent to make the necessary Y2K modification itself. A problem may arise when the vendor claims that it will have a Year 2000 fix available in a timely manner, but the licensee doubts that it will be able to meet the deadline. If the licensee cannot replace the defective software, it may decide to reverse engineer the software in order to obtain access to a workable version of the source code and to modify it, taking the risk of a breach of contract or copyright infringement suit from the vendor, rather than the risk of not receiving a Year 2000 upgrade in time. In such a case, the licensee's breach of the agreement might appear less serious if it has made the modifications itself, rather than have an unaffiliated third party make the modifications. The licensee should carefully review all agreements with the vendor, including the license and any maintenance agreements. In some cases, the agreement may state that all express warranties are deemed void if the licensee or at third party modifies the software. 4. Section 117 Rights Section 117[54] was added to the Copyright Act in recognition that computer software is different from other types of copyrighted works and the owner of a copy of a computer program requires additional rights not required by the owners of copies of other types of works. Section 117 provides in pertinent part:
Any exact copies prepare in accordance with the provisions of this section may be leased, sold, or otherwise transferred, along with the copy from which such copies were prepared, only as part of the lease, sale, or other transfer of all rights in the program."[55] While Section 117 arguably permits the owner of a copy of software to reverse engineer and even modify the copy in order to correct the Year 2000 Problem,[56] it is unclear whether a mere licensee of software or a third party vendor would have any rights under Section 117, even if the reverse engineering and/or modification of the code is the only way to obtain Year 2000 Compliant code. Most courts have strictly construed the language of Section 117 to preclude any rights to licensees or third parties.[57] However, in Foresight Resources Corp. v. Pfortmiller,[58] the court held that a licensee had the right to hire a third party to prepare enhancements for the licensed software. 5. Fair Use The concept of "fair use" is an equitable doctrine, now codified in copyright law.[59] It is a "means of ensuring a proper balance of the citizenry’s need to be informed and the author’s monopoly of his original writings. . . .[60] Under Section 107 of the Copyright Act:
Where the fair use doctrine is likely to come into play in the Year 2000 genre is in situations where the vendor cannot or will not repair the Year 2000 problems in a computer system, and the user, or a designated third party, needs to copy or reverse engineer[61] the software and/or databases in order to modify them for Y2K compliance. Several software copyright cases have permitted a user making intermediate copies of the software for the purpose of reverse engineering the software to extract the unprotected "ideas" embedded in or implemented in the software.[62] B. Express Warranties The Uniform Commercial Code provides that express warranties by a seller of goods are created by "any affirmation of fact or promise made by the seller to the buyer which relate to the goods and become part of the basis of the bargain."[63] The terms "guarantee" or "warranty do not have to be used, nor is it necessary that the seller have the specific intent to create a warranty.[64] Representation made prior to the written agreement, whether oral or written, can create express warranties.[65] Privity of contract is not required.[66] In most vendor agreements, express warranties are generally limited to the specific representations made in the body of the agreement and any attached exhibits, such as the specifications,[67] and all other express warranties are specifically disclaimed.[68] When reviewing agreements, it is important to review all statements which could be construed as express warranties, as well as any attachments or exhibits referenced in the body of the agreement. The U.C.C. also provides that under certain circumstances, prior oral or written warranties outside the contract may be considered, even in light of an integration clause:
Since most older agreements contained no explicit reference to Year 2000 Compliance one way or the other, a user/licensee may want to argue that the specifications or representations outside of the terms of the agreement provide such a warranty. Whether such representations, even if made, will be admissible, is a matter for the court to decide, considering the provisions of the U.C.C. relevant to the introduction of such evidence. When entering into a new agreement or renewing or modifying an existing agreement, it may be possible to negotiate the addition of a specific express warranty relating to Y2K Compliance.[70] C. Implied Warranties The Uniform Commercial Code also provides for certain implied warranties. These warranties are implied in every contract for the sale of goods, unless expressly disclaimed.[71] There are three implied warranties: the implied warranty of merchantability,[72] the implied warranty of fitness for a particular purpose,[73] and the implied warranty of title.[74] 1. Implied Warranty of Merchantability In a contract for the sale of goods from a merchant[75] to a customer there is an implied warranty that the goods will be merchantable.[76] To be merchantable, the computer goods (hardware/software/system) must (1) pass without objection in the trade under the contract description, and (2) be fit for the ordinary purpose for which such goods are used.[77] The vendor’s liability for breach of this implied warranty extends down the chain of distribution to the end user, whether or not there is privity of contract.[78] A good argument can be made that computer goods which are not Year 2000 Compliant are not merchantable. However, the vendor may counter that the goods worked without a problem for a period of time longer than the warranty period provided by the vendor, the user employed the goods without objection during that warranty period, and therefore, the goods were merchantable. It is clear that a merchant is not an insurer against any loss suffered during the use of the goods.[79] However, whether the existence of a Year 2000 Problem in the goods when purchased, even though it does not manifest itself until after a period of time, makes those goods unmerchantable, is an open question. The implied warranty of merchantability is usually disclaimed.[80] 2. Implied Warranty of Fitness for a Particular Purpose Another implied warranty, more narrowly drawn than merchantability, is the implied warranty of fitness for a particular purpose.[81]
While this warranty will not arise in the case of mass-market software or systems purchased without any substantive communication between the parties on the buyer’s needs the vendor’s willingness to meet those needs, where the vendor undertakes to provide the buyer with the precise goods the buyer requires, this implied warranty may arise.[83] Generally privity of contract is required.[84] In the Year 2000 context, until recently a buyer would not have specified that the goods must be Y2K Compliant. In such a case, a breach of the implied warranty of fitness would require a finding that from the totality of circumstances surrounding the negotiations, the vendor knew or should have known that the goods had to be Y2K Compliant and that the buyer was relying on the vendor to choose such goods. Today, with buyers more aware of the Year 2000 Problem, buyers are specifically requesting Y2K Compliant goods. In such a situation, the vendor may be held to have violated the implied warranty of fitness if it supplies goods which are not Y2K Compliant. However, this implied warranty can, and usually is, disclaimed.[85] D. Warranty Limitations/Disclaimers Both express and implied warranties can, and usually are, disclaimed by contract.[86] However, courts will construe the disclaimers strictly,[87] so it is important to review the language to determine whether the disclaimers would be operative.
However, the U.C.C. also permit blanket disclaimers of implied warranties. For example, the vendor can use phrases such as "as is" or "with all faults" or "other language which in common understanding calls the buyer’s attention to the exclusion of warranties and makes plain that there is no implied warranty."[94] If the contract is deemed unconscionable, the warranty disclaimers may be stricken.[95] While courts are reluctant to find contracts unconscionable in the commercial context,[96] they are more willing to do so in consumer transactions.[97] Whether privity of contract is required for a warranty disclaimer to apply is still an open question.[98] E. Limitations on Remedies and Liability The remedies available to an aggrieved party for breach of warranty can be limited by contract.[99] Again, the precise language used in the agreement should be carefully reviewed and compared with the provisions of the Uniform Commercial Code to determine whether the limitation is enforceable. Such limitations will be strictly construed against the vendor,[100] and may be deemed unenforceable if a court determines that they are ambiguous,[101] unconscionable,[102] failed of its essential purpose, or induced by fraud. The U.C.C. provides a variety of options to the parties, which can be used alone or in combination with one another:
It is clear from disputes that have already arisen that the enforceability of limited remedies’ clauses will have a significant impact on the potential liability of a vendor for goods which turn out to be non-Year 2000 Compliant. For example, assume that a vendor of accounting software licenses a copy of that package to a customer in 1995. Also, assume that the license agreement specifically limits the remedy for any breach of warranties to a one year period, during which time of the customer can notify the vendor of a problem with the software and the vendor will attempt to remedy the problem. Also assume that this remedy is specifically stated to be the exclusive remedy for any breach. The customer does not notify the vendor of any Year 2000 Problem during the one year warranty period, but in 1997, the customer tests the software and determines that the software is not Year 2000 Compliant. The customer claims that since the Y2K Problem existed in the software at the time it was licensed, but would not appear until the customer was running Year 2000 data, which was not likely to occur within the one year warranty period, that the warranty period for Y2K Problems did not begin to run until the customer actually discovered the problem. Could the customer successful avoid the remedy limitation? F. Integration Clause An integration clause is a provision which basically says that the contract is to be interpreted solely according to the terms contained within the "four corners" of the document.[110] A sample integration clause follows:
While it is possible that there will be no integration clause, it is unlikely. The importance of such a clause cannot be understated. It allows the parties to rely on the content of the agreement without having to be concerned about earlier discussions, proposals which were rejected or significantly modified, and so forth. However, the terms of an agreement, even one containing an integration clause, can still be explained or supplemented (1) by course of dealing or usage of trade; (2) by course of performance; or (3) "by evidence of consistent additional terms unless the court finds the writing to have been intended also as a complete and exclusive statement of the terms of the agreement."[111] Even if there is an integration clause, it is possible that specific representations concerning Year 2000 Compliance may be admissible under one or more exceptions to the "parol evidence rule." G. Confidentiality It is common in agreements relating to computer goods and services to include confidentiality provisions, both to protect the vendor’s trade secret and other proprietary materials from disclosure, and to protect the user from situations in which the vendor’s employees may have access to the user’s confidential information. Confidentiality provisions come in a variety of forms, and are either one-way or mutual. It is important for the user to review any such provisions carefully to insure that its efforts to make the vendor’s products Year 2000 Compliant, will not expose the user to claims that it breached the confidentiality provisions of the agreement. This is particularly true where the user intends to engage a third party to assist it in making its system Y2K Compliant. H. Force Majeure Many contracts contain a "force majeure" clause[112] which protects a contract party from a claim of default when it fails to perform due to an act of God or other event beyond that party's reasonable control. It is unlikely that the Year 2000 Problem will be viewed as a force majeure event, since it is a known problem, which can be corrected with enough planning and resources. However, depending on the particular language used in a particular force majeure clause, and the facts and circumstances surrounding the failure to perform, the Year 2000 Problem may be claimed to constitute an event of "force majeure" in a contractual dispute. Some companies are altering their standard force majeure language specifically to rule out the Year 2000 Problem as a covered event. I. Shortened Statute of Limitations Each state specifies the period of time within which a plaintiff must bring suit. The period will differ from state to state, and among the types of claims that might be brought.[113] It is imperative that counsel for a potential plaintiff investigate the applicable statute of limitations for each claim and determine when the statute of limitations would have begun to run. It is also important to review the terms of any contracts between the parties to determine whether the parties agree to shortened the default, statutory time period within which a claim must be brought.[114] While these clauses are legal, they will be strictly construed.[115] Many states provide a minimum period for bringing suit, which cannot be further shortened by contract.[116] A shortened statute of limitations will generally works in the vendor’s favor, since the types of claims that a user may bring against a vendor for Year 2000 Problems may not be discovered until long after acceptance of the goods, or the vendor may work for a considerable period of time after the Year 2000 Problem is discovered in an effort to cure the problem before abandoning the effort. If there is a potential situation in which the statute of limitations may run, the plaintiff may be required to file suit in order to preserve its rights, or the parties may enter into an agreement to toll the statute of limitation while the parties resolve the Y2K Problem. J. Year 2000 Compliance With all the risk associated with the Millennium change, it is probably smart for a company to try to memorialize its policy in a "millennium compliance" contract provision. This is important not only in dealings with external vendors of hardware, software, and firmware components, but also for a company's internal focus on in-house developed software. Of course, this is not a substitute for specific specifications to be used by developers when creating new software, but it can provide a more specific clause against which to judge a vendor’s performance vis-a-vis Year 2000 Compliance. One of the most thoughtful millennium compliance provisions has been developed by Seattle attorney, William F. Barron:
This provision is particularly useful because it transcends legalese and technical jargon; it addresses real business issues and needs and sets a baseline philosophical position against which more detailed tests and acceptance criteria can be defined. For instance, without mentioning it specifically, this provision covers of all of the critical dates, including proper functioning on 1/1/1998, 12/31/1998, 1/1/1999, 9/9/1999, 12/31/1999, 1/1/2000, 2/28/2000, 2/29/2000, 2/30/2000, 3/1/2000, 12/31/2000, 1/1/2001, and more. Many companies and governmental agencies have revised their standard contract forms to require that any new software proposed to be sold or licensed to them be Year 2000 compliant.[117] K. Virus, Timebomb, Trojan Horse The "Millennium Bug" might not technically be viewed to be a virus, since a virus is typically understood to be a software program that can "infect" other programs by modifying them to include a version, possibly evolved, of itself.[118] However, since it "attacks" at a particular point in time, it might be viewed as a "timebomb." A third type of software problem, called a "Trojan Horse" is generally described as a software program which enters a computer system as part of another (usually legitimate) program, and is executed at a predefined time or upon the occurrence of a predetermined event. Again, this could be viewed as including a Year 2000 problem. Some contracts have specific language in which the vendor warrants that there are no viruses, timebombs, Trojan Horses or other, similar debilitating code in its software. Such clauses may give rise to a breach of contract claim in the event of a Y2K problem. L. Access to Source Code As a practical matter, software can be modified only from its source code (human-readable version). If the developer cannot or will not modify the software to make it Y2K Compliant, and the user cannot replace the software with other Y2K Compliant software, the user will require access to the source code to make it compliant. However, that is often easier said than done. Few software contracts specifically allow the user to have a copy of the source code. Of course, the relevant agreements should be reviewed to see if perhaps there is a provision allowing the user access. Even if the agreement does not have a specific provision, the vendor may be willing to allow the user access to the code, particularly if the vendor is informed of the potential liability it may incur if it refuses to do so.[119] More likely, the software agreement will have a source code escrow provision under which the source code will be placed in custody of a trusted third party ("the escrow agent"). The user will be able to obtain access to the source code under certain specified events. These events normally include:
Any of these can occur in the Year 2000 context. However, mere access to the source code, without substantial assistance from the vendor, or from the programmers who wrote the program (assuming they are no longer employed by the vendor), will probably be insufficient to allow the user to correct the code to make it Y2K Compliant. And, if the user attempts to correct the code and fails, it make be limited or precluded from taking action against the vendor, or its inability to correct the problem may be presented as evidence by the vendor that the problem could not be fixed, and therefore, the vendor was not negligent in failing to do so itself. These are complex issues, and the vendor and user should carefully evaluate both the legal and practical aspects of allowing user access to source code. M. Term and Termination Termination provisions may be extremely important to both vendors and users of computer software and services. To the extent that the agreement has a term that specifically ends before January 1, 2000, a vendor may simply allow the contract to expire, without making any effort to correct the Y2K Problem, under the theory that the user will have to replace the system anyway and it will be up to the user to acquire a Y2K Compliant system. To the extent the Y2K Problem does not arise before the end of the term, the vendor may be able to insulate itself from liability by taking that tactic. Of course, if the vendor does that with all of its clients, it is effectively out of business. To the extent that one or both parties are permitted to terminate the agreement "for convenience," that is, without the necessity of finding a material breach, the vendor may utilize this right in the same way as noted above for expiration -- give notice of termination to avoid having to correct the Y2K problem. Of course, to the extent a cause of action arose during the pendency of the agreement, neither expiration nor termination for convenience will cut off any claims that accrued during the term of the agreement. However, it may limit or negate any damages that the user could claim. To the extent that termination is limited to material breaches, it will be much more difficult for the vendor to terminate the agreement to avoid liability. Obviously, to the extent the user does commit a material breach, the vendor would have the right to terminate, even if by doing so the user was limited or denied rights it otherwise would have against the vendor for Year 2000 Problems. However, if the vendor attempts to create a basis for termination that a court later finds was concocted specifically to avoid continuation of its obligations under the agreement, the user may have claims against the vendor for fraud, breach of contract, breach of the covenant of good faith and fair dealing, or other claims under which the user could receive punitive damages and possibly attorneys fees and costs. Where the vendor has already been placed on notice by a user that its goods are not Year 2000 Compliant, it is critical that the vendor carefully document any claims it may have against the user prior to termination for material breach to avoid such claims. Developing a paper trail of letters, notices, etc. will be very important in establishing the vendor’s good faith in terminating the agreement. IV. Conclusion Just as there is no "magic bullet" to fix the technical aspects of the Year 2000 problem, there is no "magic bullet" with regard to the legal aspects. Legal counsel needs to review all of the salient documents in detail to insure that no risk or potential remedy has been overlooked. The information provided in this paper will cover the "average" vendor or user. However, because there are so many different types of companies and relationships involving computers and computer technology today, these materials should be viewed as only the starting point for the audit. Counsel must be creative in the questions he/she asks their clients to insure that no categories or relevant documents are overlooked. Footnotes * Mr. Scott is a partner in the Menlo Park (Silicon Valley), California office of Hosie Wes Sacks & Brelsford, where his practice involves intellectual property licensing and protection, complex transactions, litigation and Year 2000 issues. He is author of Scott on Computer Law (2d ed.) and Scott on Multimedia Law (2d ed.), and co-author of the forthcoming book The Year 2000 Crisis: Law, Management, Technology (Glasser LegalWorks). This paper is excerpted from that book, and contains some materials prepared by co-author, Warren S. Reid. 1. It must be remembered that vendors of computer hardware and/or software are often users of such equipment as well. As such, the legal audit of a vendor should include not only a vendor audit relating to goods and services offered by the vendor to third parties, but a user audit as well. 2. See § I.A Documentation. 3. See § I.B Advertising/Promotional Materials. 4. See § I.C Disclosure Documents. 5. See § II. Insurance Contracts. 6. Of course, there are many other concerns raised by the Year 2000 problem, which are not legal matter, but which could have a significant impact on a vendor’s business. For instance, even if a vendor has no legal obligation to provide a "fix" for a Y2K problem, it may choose to do so for goodwill purposes, and to avoid unfavorable publicity. 7. See § I.A Documentation. 8. See § I.B Advertising/Promotional Materials. 9. See § I.C Disclosure Documents. 10. See § II. Insurance Contracts. 11. See § III.F Integration Clause. 12. See § II.E Directors and Officers (D&O). 13. Of course, for the insurance exclusions to hold up in court, they will have to be very tightly written and define what a Year 2000 problem is or a Year 2000-caused problem is. In addition, insureds may try to claim that coverage is required under policies that were in force before the exclusion took effect. 14. This is particularly interesting, given the fact that insurance companies have been aware of the Year 2000 problem longer than most business due to their use of multi-year policies. And while as an industry they are much further along than most other industries, they are only recently awakening to determining the exposure they might have in their current policies with policy holders. 15. See § II.C Professional Liability/Errors and Omissions. 16. See § II.D Product Liability. 17. See Hennepin Cty. Retail Sys. v. CNA Ins. Cos., No. C7-90-2586 (Mn. App. May 21, 1991); Magnetic Data, Inc. v. St. Paul Fire & Marine Ins. Co., summarized at 19 Fire & Casualty Ins. L. Rpts. (CCH), Jan. 25, 1989. 18. A "fortuitous event" is an event which, so far as the parties to the contract are aware, is dependent on chance. See Restatement of Contracts § 291, comment [a]. 19. The exact date when those sophisticated in the technology knew or should have known of the Y2K problem is still open to debate, but it was probably in the first half of the 1990s, if not in the late 1980s. The exact date when computer users knew or should have know of the problem is certainly later, but still unclear. 20. See § III.A License Rights Provisions. 21. See § III.B Express Warranties/Specifications. 22. See § III.C Implied Warranties. 23. See § III.D Warranty Limitations/Disclaimers. 24. See § III.E Limitations on Remedies and Liability. 25. See § III.F Integration Clause. 26. See § III.G Confidentiality. 27. See § III.H Force Majeure. 28. See § III.I Shortened Statute of Limitations. 29. See § III.K Year 2000 Compliance. 30. See § III.L Virus, Timebomb, Trojan Horse. 31. See § III.M Access to Source Code. 32. See § III.N Term and Termination. 33. One of the biggest problems faced by such a licensee is whether the licensee’s MIS staff or whether any third party which is not intimately familiar with the products have any reasonable chance of modifying the products to make it Y2K compliant. 34. See § III.A.1 Reproduction. 35. See § III.A.2 Decompilation/Reverse Engineering. 36. See § III.A.3 Modification/Derivative Works. 37. See § III.A.1 Reproduction. 38. See § III.G Confidentiality. 39. Every license agreement will have a different license rights clause (or clauses). They may be called a variety of names, such as "license rights," "grant of rights," and so forth. However, most will be similar to the following sample clause:
40. See § III.A.5 Fair Use. 41. See § III.A.4 Section 117 Rights. 42. 17 U.S.C. § 106. 43. See, e.g., MAI Sys. Corp. v. Peak Computer, Inc., 991 F.2d 571 (9th Cir. 1993), cert. denied, ___ U.S. ____ (1994). 44. See § III.A.4 Section 117 Rights. 45. "Decompilation" is the process of translating the machine readable version of a computer program (generally called "object code") into a human-readable version, which can be used by programmers to make the necessary Y2K modifications. 46. "Reverse engineering" is defined as "starting with a known product and working backwards to find the method by which it was developed." Uniform Trade Secrets Act § 1, Commissioner’s Comments; Kewanee Oil Co. v. Bicron Corp., 416 U.S. 470, 476 (1974). 47. Many people refer to the result of the reverse engineering process "source code. However, this is inaccurate, since the output does not contain any comments, meaningful names or abbreviations for variables, routines and labels, or data tables. 48. See § III.M Access to Source Code. 49. See § III.A.4 Section 117 Rights. 50. See § III.A.5 Fair Use. 51. See, e.g., Sega Enters., Ltd. v. Accolade, Inc., 977 F.2d 1510 (9th Cir. 1992); Atari Games Corp. v. Nintendo of America, Inc., 975 F.2d 832, 842-43 (Fed. Cir. 1992). 52. 17 U.S.C. § 106(2). A "derivative work" is "a work based upon one or more preexisting works, such as a translation, . . . abridgement, condensation, or any other form in which a work may be recast, transformed, or adapted." Id. § 101. 53. See § III.A.4 Section 117 Rights. 54. 17 U.S.C. § 117. 55. Id. 56. The owner would have to establish that its actions in creating the new "copy" of the software was an "essential step in the utilization of the computer program," but one can predict that courts would agree with the licensee where this was the only way in which the subject software could be made Y2K Compliant. 57. See, e.g., SOS, Inc. v. Payday, Inc., 886 F.2d 1081, 1088-89 n.9 (9th Cir. 1989); CMAX/Cleveland, Inc. v. UCR, Inc., 804 F. Supp. 337, 356 (M.D. Ga. 1992). See also Hubco Data Prods., Inc. v. Management Assistance, Inc., 210 U.S.P.Q. (BNA) 718, 729 (D. Idaho 1983) (Hubco was a third party which provided a version of the MAI’s more powerful operating system to current "owners" of a less powerful version; no § 117 rights). 58. 719 F. Supp. 1006, 1009-10 (D. Kan. 1989). 59. 17 U.S.C. § 107. 60. Harper & Row Publishers, Inc. v. Nation Enters., 723 F.2d 195, 206 (2d Cir. 1983), rev’d on other grounds, 471 U.S. 539 (1985). 61. See § III.A.2 Decompilation/Reverse Engineering. 62. See Sega Enters. Ltd. v. Accolade, Inc., 977 F.2d 1510 (9th Cir.), rev’g 785 F. Supp. 1392 (N.D. Cal. 1992); Atari Games Corp. v. Nintendo of America, Inc., 975 F.2d 832, 844 (Fed. Cir. 1992). 63. U.C.C. § 2-313(1)(a). 64. Id. § 2-313(2). 65. Id. § 2-313, comment 5. 66. See Sharrad, McGee & Co. v. Suz’s Software, Inc., 100 N.C. App. 428, 396 S.E.2d 815, 817-18 (1990). 67. See § III.F Integration Clause. 68. See § III.D Warranty Limitations/Disclaimers. 69. U.C.C. § 2-202. 70. See § III.K Year 2000 Compliance. 71. See § III.D Warranty Limitations/Disclaimers. 72. See § III.C.1 Implied Warranty of Merchantability. 73. See § III.C.2 Implied Warranty of Fitness for a Particular Purpose. 74. U.C.C. § 2-312(1)(a).The implied warranty of title should not be implicated by Year 2000 Problems, and need not be discussed further. 75. In general, there should be no question that the vendor of computer hardware or software qualifies as a "merchant" under the Uniform Commercial Code. A "merchant" must meet one of the following:
U.C.C. § 2-104(a).
76. U.C.C. § 2-314. 77. Id. § 2-314(2). While there are other elements of the implied warranty, these are the only two that apply to computer goods. 78. U.C.C. § 2-315. 79. See, e.g., Clark v. DeLaval Separator Corp., 639 F.2d 1320, 1326 (5th Cir. 1981). 80. See § III.D Warranty Limitations/Disclaimers. 81. U.C.C. § 2-315. 82. Id. 83. See Lovely v. Burroughs Corp., 165 Mont. 209, 527 P.2d 557 (1974). 84. See Pawelec v. Digitcom, Inc., 192 N.J. Super. 474, 471 A.2d 60, 61 (App. Div. 1984). 85. See § III.D Warranty Limitations/Disclaimers. 86. U.C.C. § 2-316. 87. See Sierra Diesel Injection Serv., Inc. v. Burroughs Corp., 874 F.2d 653, 658 (9th Cir. 1989); Burroughs Corp. v. Chesapeake Petroleum & Supply Co., 282 Md. 406, 384 A.2d 734 (1978). 88. U.C.C. § 2-313, comment 4; Consolidated Data Terminals v. Applied Digital Data Sys., Inc., 708 F.2d 385, 391 (9th Cir. 1983) ("the disclaimer cannot be permitted to override the highly particularized warranty created by the specifications"). 89. See § III.E Limitations on Remedies and Liability. 90. Id. § 2-316(2). "Conspicuous" is defined as "so written that a reasonable person against whom it is to operate ought to have notice of it." Id. § 1-201(10). 91. Id. § 2-316(2). 92. Id. "Conspicuous" is defined as "so written that a reasonable person against whom it is to operate ought to have notice of it." Id. § 1-201(10). 93. Id. § 2-316(2). 94. Id. § 2-316(3)(a). 95. See A & M Produce Co. v. FMC Corp., 135 Cal. App. 3d 473, 489-93, 186 Cal. Rptr. 114, 123-26 (1982). 96. See J. White & R. Summers, Uniform Commercial Code § 4-9 (2d ed. 1980). 97. See A & M Produce Co. v. FMC Corp., 135 Cal. App. 3d 473, 489-93, 186 Cal. Rptr. 114, 123-26 (1982). 98. See, e.g., Professional Lens Plan, Inc. v. Polaris Leasing Corp., 234 Kan. 742, 755, 675 P.2d 887, 898-99 (App. 1984), aff’d, 238 Kan. 384, 710 P.2d 1297 (1985) (privity of contract required for implied warranties). Contra Transport Corp. of America, Inc. v. IBM Corp., 30 F.3d 953, 958-59 (8th Cir. 1994) (disclaimers effective against subpurchasers). 99. See U.C.C. §§ 2-316(4), 2-718, 2-719. 100. Lovely v. Burroughs Corp., 165 Mont. 209, 527 P.2d 557 (1977). 101. Id. 102. U.C.C. § 2-719(3)("Consequential damages may be limited or excluded unless the limitation or exclusion is unconscionable"). 103. Id. § 2-718. 104. Id. § 2-719. See also Ritchie Enters. v. Honeywell Bull, Inc., 730 F. Supp. 1041, 1048 (D. Kan. 1990). 105. See, e.g, Garden State Food Distribs., Inc. v. Sperry Rand Corp., 512 F. Supp. 975, 978 (D.N.J. 1981). 106. American Computer Trust Leasing v. Jack Farrell Implement Co., 763 F. Supp. 1473, 1488-89 (D. Minn. 1991). 107. Applied Data Processing, Inc. v. Burroughs Corp., 394 F. Supp. 504, 509 (D. Conn. 1975) ("special damages are those that ensue, not necessarily or ordinarily, but because of special circumstances"). 108. U.C.C. § 2-715(1) ("include expenses reasonably incurred in inspection, receipt, transportation and care and custody of goods rightfully rejected, any commercially reasonable charges, expenses or commissions in connection with effecting cover and any other reasonable expenses incidental to the delay or other breach"). 109. Id. § 2-715(2) ("any loss resulting from general or particular requirements and needs of which the seller at the time of contracting had reason to know and which could not reasonably be prevented" and "injury to person or property proximately resulting from any breach of warranty"). 110. Restatement (Second) of Contracts § 212(1).. 111. U.C.C. § 2-202. 112. A typical "force majeure" clause follows:
113. See 51 Am. Jur. 2d, Limitations of Actions § 92 (1970). 114. U.C.C. § 2-725(1); Milwaukee v. Northrup Data Sys., Inc., 602 F.2d 767, 769 (7th Cir. 1979). 115. See Financial Timing Publications, Inc. v. Compugraphic Corp., 893 F.2d 936, 945-46 (8th Cir. 1990). 116. See, e.g., N.J. Stat. Ann. 12A:2-725(1). 117. See, e.g., Thomas Hoffman & Julia King, "Small Vendors Pressed For Year 2000 Remedy", Computerworld, May 6, 1996, at p. 1. 118. See F. Cohen, A Short Course on Computer Viruses 2 (2d ed. 1994). 119. But be careful of the vendor that offers to give the user access to the source code, in exchange for the user signing a waive of liability in favor of the vendor. While the user may feel enormous pressure to do so, the downside is that the vendor will be absolved from liability even if access to the source code does not permit the user to correct all Y2K Problems in time.
© 1997-98 Michael D. Scott. All rights reserved. |
