The Y2K Computer Bug

Technical Dangers

The most familiar danger of the millennium change is the Y2K computer bug. However, the Y2K bug is only one of the technical vulnerabilities posed by the millennium change. Viruses and hackers are also certain to cause problems after January 1, 2000.

The Y2K Bug: What Can Happen?

Many computer programs currently in use assume that the year starts with "19," and will not work properly in the year 2000. What happens then? Depending on how they were written, they could:

"Computers" include not only the PCs with which we are familiar, but also "embedded" chips used for specific functions in many common items, including elevators, stoplights, security systems, cash registers, and medical equipment. Any of these could be affected by a Y2K bug, even when they don't obviously need to know what year it is. However, not everything has a Y2K bug.

Real-world examples range from the funny to the scary. Here are just a few examples of real Y2K bugs that have already been detected, some of which failed during testing, and others of which went undetected until triggered:

Someone once described the Y2K bug as "walking into a cloud of mosquitos." You may find that your favorite brand of ice cream is not at the grocery; you may get receipts dated 1900; you may wait longer "on hold" when talking to companies on the phone. All of these are examples of minor problems that can easily occur due to Y2K bugs.

At best, none of the problems will be serious, but there will be so many of them that they will be a major headache and inconvenience.

Haven't They Fixed Everything?

Governments and businesses have spent billions of dollars to fix Y2K bugs. However, the bugs can be extremely difficult to detect and fix, and many Y2K vulnerabilities still exist.

Programs that have been certified by their makers as "Year 2000 compliant" often are not. "Our best clients still have 40 to 50 errors per million lines of code," said one consultant who tests "Y2K-ready" software. "Half of those could corrupt data or crash systems."

Many small- and medium- sized businesses haven't done a thing about Y2K. Their attitude is that they will fix any problems if they occur. A 1998 poll found that 50% of all enterprises did not plan to do any year 2000 testing before 2000.

Worldwide, other problems prevented many foreign governments and businesses from tackling the problem. Many Asian countries have barely recovered from the 1997-1998 Asian currency crisis, and did not have the money to spend on Y2K fixes. European countries were more concerned with preparing their software for a new currency, the euro. Many developing nations in Africa, Asia, and South America simply did not have the resources to tackle Y2K.

But They Say They've Fixed It!

Governments and businesses all say that most or all of their critical systems are safe. However, there is clear evidence that their claims are intended to keep people from panicking, and do not reflect the real state of affairs.

"There is a tremendous gap between the public face many corporations and governments put forward on this issue ('we will have it well in hand') and the private fears and concerns expressed by many information technology experts (ranging from 'global recession' to 'apocalypse 2000!')," says the U.S. Naval War College's report on the military response to potential Y2K crises.

"Public Transcripts can be described as authoritative statements by authoritative people," continues the report. "They typically highlight a rosier-than-average perspective on Y2K, quite often out of official fear of 'alarming the public unnecessarily.'"

"Some corporations and nations concerned about their image downplay real Y2K problems," reported the U.S. Senate's Special Committee on the Year 2000 Technology Problem in September 1999. Y2K readiness is mainly based on self-reporting, which the committee compares to "letting students grade their own tests."

Sources (only one still online!):

The Y2K Bug: What's Likely To Fail?

Y2K will not affect everyone evenly. Some industries will be more affected than others. Some countries will be affected more than others.

Countries and industries that are well-prepared for Y2K, and should experience relatively minor problems:

Countries and industries that are poorly prepared for Y2K, and will likely experience serious problems:

This means that in the U.S., problems should mainly be limited to nuisances. There should be no serious problems in the U.S, and few in Western Europe, although there will be isolated outages here and there. There could very well be serious basic service outages in Russia, Asia, and Eastern Europe.

"There will almost certainly be a cry for humanitarian relief from some developing countries suffering Y2K failures in their infrastructures," said U.S. Senator Robert Bennett, chair of the Senate's Y2K committee.

"It is likely there will be disruptions resulting in delays at some U.S. airports," reported the Senate committee in its 100-Day Report. "The situation with international air traffic control and airports is much more worrisome."

Sources (only one remaining online):

Technical Bugs Triggered After January 1

Not all Y2K bugs will be immediately obvious. Many will not cause problems until well after January 1. For example, if a paycheck program has a problem, it might not show up until the first payday. If an inventory program has a problem, it might not show up until current inventories run out. Also, early problems in the supply of one product could lead to later shortages in other products that require it.

Some computer programs will crash on February 29, 2000. The year 2000 is a leap year, and some programs use a defective method of figuring leap years that misses 2000.

Some computer programs will crash in the last days of the year 2000 because the year 2000 includes parts of 54 "calendar" weeks (Sunday-to-Saturday). Most years have 53. 2000 is the first year in 28 years to have 54. This will cause Y2K-like problems in programs that assume 53 calendar weeks per year.

Y2K Viruses

Computer viruses cause billions of dollars of damage per year to businesses and individuals. That's not new. What is new: January 1, 2000, will probably be the largest virus outbreak in the history of computing.

Anti-virus experts are "expecting the worst," says John Sun of Network Associates, who makes the McAfee anti-virus program. His company will have a 24-hour emergency response team in place between December 27, 1999, and January 4, 2000.

"We know, for example, that elements in the 'virus community' have already set up a competition for the best Y2K virus, so we are taking the issue very seriously," said the special adviser for New Zealand's Y2K Readiness Commission.

"There will be a lot of people out there who want to claim the first hack in 2000," said an Australian Computer Emergency Response Team analyst.

The U.S. Justice Department estimates that there could be as many as 20,000 computer viruses unleashed at the beginning of Y2K.

Y2K Trap Doors, Theft and Espionage

Companies have spent billions of dollars fixing Y2K problems. Because so much work was needed in such a short time, many companies did not conduct enough background checks on contract programmers hired for the job. As a result, some programmers installed "trap doors" that will let them hack the systems they supposedly "fixed." These trap doors can be used, for example, in corporate or government espionage to steal documents, and by individuals to steal large sums of money from banks.

One group of experts is predicting that at least one of the thefts will be over $1 billion.

Information Warfare

The recent war in Kosovo will go down in history as the first Information War. N.A.T.O. used infowar techniques against Serbian military infrastructure, and after the N.A.T.O. bombing of a Chinese embassy, hacker activity at U.S. Defense Department Internet sites increased dramatically.

The effects of the Y2K bug are likely to be similar to what would happen in a major infowar attack. Many militaries are undoubtedly considering it a dress rehearsal for infowar.

Cycle 23 and Solar Flares

Coincidentally, there is a technological problem in the year 2000 that has nothing to do with computers. The sun has a natural 11-year cycle of solar activity (sunspots and solar flares). Solar flares can interfere with satellites, radio and television broadcasts, power lines, and other technological equipment. The worst effect of the peak of the last cycle, Cycle 22, was a power outage in Canada.

The current cycle, Cycle 23, is expected to peak between January and March 2000.