My title probably scares some readers away, and well it should, because this post involves a detailed look at one paragraph of legal code.
SafeLibraries has made a number of groundless claims about libraries perpetrating fraud in claiming compliance with the Children's Internet Protection Act (CIPA). His idea is that some libraries are claiming to be CIPA-compliant in order to receive government funds, but are lying in claiming that compliance. His evidence is the assertion by some library patrons that other patrons are viewing online pornography at these CIPA-compliant libraries. I accept as fact that this is happening. How that is evidence of fraud on the part of the library is hard to follow, however, and Safelibraries is vague and evasive about the logical steps involved.
This vagueness gained a small degree of clarity in a recent exchange of comments between SafeLibraries and me regarding his
post of March 11th (yes, we're almost speaking again). Central to his claim of fraud is that, under the CIPA, libraries cannot allow an adult patron to disable the filter on a computer he or she is using, without the intervention of library staff. He has made this claim in other posts as well, asserting that the patron must ask a library employee to disable the filter, and asserting that allowing adult patrons to disable their own filters makes the libraries' claims of CIPA-compliance fraudulent.
SafeLibraries has indicated that he might explain this in a post on his blog. I certainly look forward to seeing how he manages to explain his particular interpretation of the law. But I also want to be proactive here, explaining what the CIPA actually says, and what the FCC has said about interpreting the CIPA.
The relevant paragraph from the CIPA is
U.S.C. 254(h)(6)(d), which reads:
(D) Disabling during adult use
An administrator, supervisor, or other person authorized by the certifying authority under subparagraph (A)(i) may disable the technology protection measure concerned, during use by an adult, to enable access for bona fide research or other lawful purpose.
This can be rendered into plainer English by substituting some of the terms. The "certifying authority under subparagraph (A)(i)" is, simply, the "library," meaning a library that is certifying that it is in compliance with the CIPA. The "technology protection measure concerned" is the "filter," meaning the hardware and software that filters internet content on a particular library computer. Rewriting the paragraph with those substitutions makes the meaning clearer, without changing that meaning:
An administrator, supervisor, or other person authorized by the library may disable the filter, during use by an adult, to enable access for bona fide research or other lawful purpose.
Now some legal experts have argued that this implies that the patron and the person who actually does the disabling of the filter must be two different persons. Other legal experts have argued that this paragraph says no such thing. Personally, I don't see any validity in arguing that two people have to be involved. What the law says is that a library can authorize some "other person" to disable the filter. The law could have gone on to narrow the definition of "other person," could have stated that the "other person" had to be in some kind of official relationship with the library, could have specified some kind of process for designating official "filter disablers," or simply could have said explicitly that the patron could not be such an "other person." But the law says none of these things. Remember, too, that this clause does not just apply to the library-patron relationship, but also applies to library employees who are using computers in some office that is not accessible to the public. In that situation, the "adult" who is using the computer and the "person authorized" to disable the filter are one and the same individual. This clause makes no distinction between that transaction and a transaction between a librarian and a patron. A library can, therefore, authorize a patron to disable the filter on his or her own behalf.
Maybe the issue, then, is what "authorized" means. Maybe it doesn't just mean "permitted." Maybe there has to be a formal authorization process, even though the law makes no mention of such. Then all the library has to do is put up a sign saying "we authorize adult patrons to disable the internet filter on library computers they are using." This would comply fully with the law.
Even if my own logic here is faulty, the Federal Communications Commission (FCC), which administers compliances with the CIPA, has pointedly refused to require that a patron go to a library employee to request disabling of the filter. In 2001, in order 01-120, the FCC acknowledged the many problems such an interpretation could involve, since librarians are not really in a position to to judge the lawfulness of a patron's intended use of the internet, and will be bothered with constant requests for disabling. Referring specifically to 254(h)(6)(d), the FCC states:
"We decline to promulgate rules mandating how entities should implement these provisions. Federally-imposed rules directing school and library staff when to disable technology protection measures would likely be overbroad and imprecise, potentially chilling speech, or otherwise confusing schools and libraries about the requirements of the statute. We leave such determinations to the local communities, whom we believe to be most knowledgeable about the varying circumstances of schools or libraries within those communities."
In essence, the FCC has given CIPA-compliant libraries written permission to make their own decisions about whether an adult patron must go to a library employee to request that the filter be disabled or can disable the filter without any staff intervention. Regardless of the "correct" interpretation of the legal code, then, the FCC is not going to proceed against a library for allowing patrons to disable their own filters. If one insists that the law requires library staff to intervene in disabling the filter, then you could also insist that allowing a patron to disable the filter without staff intervention constitutes fraud under the CIPA. It would be a fraud without consequence, however, since the FCC is not going to demand the return of any government funds or de-certify a library's statement of compliance on this basis.
Suppose I'm just entirely wrong about all of this. Suppose that a patron cannot be allowed to disable the filter without the involvement of library staff. Then we are left in a situation of pure idiocy. An adult patron who wants to surf the web unfiltered has to go to a library employee to request the filter be disabled. Per the Supreme Court's US v. ALA decision, the library employee cannot ask the patron for a reason, but must disable the filter upon demand.The staff are reduced to mere robots, automatically disabling the filter without thought or analysis anytime an adult patron so demands. Such staff intervention adds no value and is thus a complete waste of time. While some libraries might make their own choice to waste their labor resources this way, it is perfectly ridiculous for the law to require them to do so against their will.
Which brings us right back to square zero with SafeLibraries' claims of fraud. If he's right and I'm wrong, then we'll have the FCC proceeding against libraries for CIPA fraud over a ridiculous technicality, the claim that the library allowed the patrons to unblock filters without staff intervention, even though said staff intervention would make absolutely no difference to the outcome. Whether library staff disable the filter or the patron disables the filter without staff intervention, the filter is still disabled. And a patron surfing the web without the filter might view materials that the filter would have blocked. The mere fact that a patron was viewing material that the filter would have blocked is in no way evidence of fraud on the part of the library, since the library could simply have disabled the filter when the patron so demanded, and the law requires the library to do so.
Perhaps SafeLibraries' analytical muddle arises from a failure to distinguish two separate areas of law: the CIPA and Obscenity. If it is criminal in a given library to view certain kinds of pornographic images, that is the result of the applicable state and local Obscenity laws, and has nothing at all to do with the CIPA. If a patron requests that the filter be disabled, and then uses that unfiltered library computer to view images that are illegally obscene in the jurisdiction in which the library operates, that is matter for local or state police (under some circumstance even the FBI), but any prosecution of that matter has nothing to do with the CIPA.
Sound logic is eventually inescapable. Increasingly, it appears that SafeLibraries' deafness and blindness to what the law actually says is entirely deliberate.