Questions and Answers On Filter Disabling Under CIPA

Questions have been raised concerning the conditions under which librarians may disable filters required by the Children’s Internet Protection Act Internet during use by adult patrons. While the Supreme Court's decision assumes that disabling is easily accomplished, many librarians report that it can be time-consuming for staff and technically difficult to implement and manage. CIPA provides that “An administrator, supervisor, or other person authorized by the certifying authority � may disable the technology protection measure concerned, during use by an adult, to enable access for bona fide research or other lawful purpose.” Two alternative scenarios raise questions regarding options available to librarians under the statute and regulations. The scenarios are presented below, followed by analytical commentary on each.

Scenario 1: All PCs in the library have filters that are set to a default "active" status. Each workstation has an option on the screen that asks if adult patrons want filtered or unfiltered Internet access. Adults that want unfiltered access click that option. As part of this process, a warning could appear on the screen saying that by requesting unfiltered access the adult agrees to use the Web only for legitimate purposes. Furthermore, the library would have on file an AUP signed by the patron in which it is stated that he/she wants unfiltered access. In this scenario there is no direct intervention by staff, and thus adult patrons need not ask staff to disable the filter.

Question: Does this scenario comply with CIPA?

An argument might be made that the statute literally requires an “administrator, etc.” to disable the filter “during use by an adult” – and that does not include “before use” or “for use” or the like (or effectively allowing the adult user, rather than the administrator, to do the disabling). Under that narrow interpretation, this scenario would not comply with the statute because the patron, not the administrator, will be doing the actual disabling of the filter.

However, an argument based upon common sense is equally applicable: the law requires the computer to be disabled so that the filter is not operable “during use by an adult.” So long as the library has adopted reasonable procedures to ensure that only an adult can use the disabled computer, then the filter is disabled “during use by” the adult – through the adult’s making an affirmative selection to use the PC without filtering – and the statutory objective is attained. The administrator in fact has been responsible for accomplishing the disabling by establishing the system under which the filter will be disabled. This approach thus appears reasonable under the statute.

Additional technological safeguards might, of course, be employed. For example, a library might have an Internet management system where adult patrons wanting unfiltered access could enter their library card number (or swipe their card) and will then be offered the option on the screen of having unfiltered access. Again, so long as the library ensures that only an adult can use the disabled computer, here through the requirement that the adult use a number or swipe a card verifying that the user is an adult, then the filter is disabled “during use by” the adult and the statutory objective is attained.

Scenario 2: A library has a bank of PCs in which the filter is in a default "inactive" state. The PCs are clearly labeled to be used "By Adults Only." Library staff monitor use on a regular basis. Library staff supervise use of the computers; if staff thinks a person under age 17 is using the "adult" PCs, they ask for some identification.

Question: Does this second scenario comply with CIPA?

As under the first scenario, the administrator does not literally disable the computer “during use by an adult,” but disables the computer in advance, for use by an adult. Nonetheless, as under the first scenario, the library is taking the responsibility to ensure that only adults may use the disabled computers, and the statutory goal is thus achieved. Hence this option also appears reasonable under the statute.

It may be advisable under this scenario to have the patron sign a form or respond to a screen inquiry at the beginning of his/her use stating that he or she wants unfiltered access. An additional safeguard would be to required a librarian to enable access to the adult-use machine in the first instance. These are practical measures that would help ensure that an unfiltered computer is not accessed by either a child or an unwitting adult.

Caveat on both scenarios: Both scenarios provide protection for children against access to obscene material on library computers covered by CIPA. While both assume that the libraries will in good faith enforce their policies and procedures designed to ensure that only adults use computers with disabled filters, neither can be expected to be any more failsafe than any other system or procedures that rely on technology and human judgment.

These answers are designed to provide practical guidance to libraries on disabling filters under CIPA. The observations that the options appear reasonable do not constitute a legal opinion that the options presented are authorized by the statute, nor are they recommendations by ALA or the author.

Thomas M. Susman, Ropes & Gray LLP
December 2003