Internet Safety Policy Guidelines by Cathy Harris Helms. Georgia Library Quarterly 40 no2 19-23 Summer 2003.

children and the internet: policies that work

Reprinted with Permission

In December, 2000, Congress passed the Children's Internet Protection Act (CIPA) and the Neighborhood Children's Internet Protection Act (NCIPA). These laws, which went into effect in April, 2001, placed restrictions on the use of federal funding available to public libraries. See 47 U.S.C. §254. They mandated implementation of internet safety policies and technology which blocks or filters certain materials from being accessed by children though the internet. Before the laws could go into effect, several groups, including the American Library Association, field suit challenging the constitutionality of the filtering component required of public libraries. In May of 2002, a three-judge United States District Court panel struck down this portion of the law (requiring filtering in public libraries) as an unconstitutional violation of library patrons' First Amendment rights. American Library Assoc., Inc. v. United States, 201 F. Supp. 2d 401 (E.D. of Pa. 2002). The case currently is on appeal to the United States Supreme Court. United States v. American Library Assoc., Inc., Appeal No. 02-361. A decision is expected some time this summer.

Although the filtering component of CIPA was struck down and is currently unenforceable, the requirement of an internet safety policy remains in full force. 47 U.S.C. §254(1)(A). A public library's internet safety policy must address: (1) access by minors to inappropriate matter on the internet and World Wide Web; (2) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (3) unauthorized access, including so-called "hacking," and other unlawful activities by minors online; (4) unauthorized disclosure, use and dissemination of personal identification information regarding minors; and (5) measures designed to restrict minors' access to materials harmful to minors. Public libraries were required to hold a publicly noticed open meeting to discuss the provisions of their proposed internet safety policy prior to June 30, 2002.

What should an internet safety policy include?

Public libraries should develop clear and specific policies for internet usage based on input from and the needs of the communities they serve. The following are some guidelines for such a policy:

* Your policy should provide equal access for all.

* Make your policy content-neutral.

* Specifically advise patrons, particularly parents of minors, whether filtering or blocking software or services is employed.

* Clearly set usage rules (i.e., age limits, time limits, printing rights and costs, whether group use is permitted on a single computer, the role and responsibilities of the parent, and the role of library staff).

* Time, place and manner restrictions may be legitimately placed on computer use.

* Your policy should be consistent with other library behavior policies. Explain in detail what behaviors will cause internet privileges to be limited or curtailed.

* Tie your policy to your library system's Mission Statement. For example, if your Mission Statement encompasses "recreational" uses, but you only want your internet computers used for "educational and informational" purposes, then you will need to explain and/or define these terms. If "recreational" use of internet access is allowed, then you should provide some specific guidelines on what is and is not permitted.

* For CIPA purposes, specifically address: (1) access by minors to "inappropriate matter" (define this term); (2) safety and security of minors when using email, chat rooms and other forms of direct electronic communications; (3) unauthorized access, including "hacking" and other unlawful activities by minors online; (4) unauthorized disclosure, use and dissemination of personal identification information concerning minors; and (5) measures designed to restrict minors' access to materials "harmful to minors" (define "minor" and "harmful to minors" consistently with Georgia law and specify your "measures").

* Consider providing a "code of conduct" or "etiquette guide" for using the internet that includes specific "do's and don'ts."

* Provide for an appeals procedure for any patron whose internet use is limited or curtailed.

* Impress upon your patrons that they are responsible for what they access online, and that parents are responsible for their children's internet use.

* Work with your attorney to ensure constitutionality.

* Make sure your library board officially approves the policy. Keep detailed minutes of any meetings in which you discuss your policy.

* Make sure all patrons read and sign your policy before their first use; parents must sign for minors.

* Once enacted, your policy should be strictly and objectively enforced.

* Distribute the policy to all patrons using the internet at your library. Also post the policy in prominent places.

Other things to consider doing:

* Develop websites linking appropriate children's websites or, at a minimum, provide a listing of appropriate websites for children.

* Teach children and their parents how to use the internet safely.

* Consider privacy screens or positioning computers to prevent passers-by from viewing unwanted images.

*Consider separating children's computers from adult computers.

How do you enforce an internet safety policy?

Library staff should never act as "internet cops." It is not and should not be the duty of library staff to monitor or censor what (i.e., content) patrons are accessing on the internet. Any such monitoring constitutes unconstitutional content-based censorship. When a patron accesses (or is suspected of accessing) unlawful materials via the internet, library staff should contact the appropriate law enforcement authorities to enforce the law, rather than attempt to enforce the law themselves. Knowing what materials are actually obscene or child pornography or "harmful to minors" (in the case of a juvenile) is extremely difficult and applicable statutory and case law are the only "true" guidelines. Thus, only courts have the authority to determine, pursuant to due process considerations, whether materials accessed online by a patron are actually obscene, child pornography or "harmful to minors." (Note the same analysis applies if a patron is sending (or is suspected of sending) unlawful materials via the internet from public library computers; library staff should contact appropriate law enforcement officials to enforce the laws.)

Because it is not the responsibility of libraries to enforce the criminal laws regarding what may and may not be sent or accessed over the internet, library staff should not take action against a patron unless or until the law enforcement authorities find a patron has violated the law. At that point, the library may take action to limit that patron's internet access on library computers. And if the courts ultimately determine a patron has violated the law, then that patron's library internet access privileges may be revoked entirely. Of course, library policy must also contain due process safeguards for any patron whose internet use has been limited or curtailed, so they are informed of the action taken against them and of their right to appeal.

That leaves for our consideration the guidelines for library staff to address legitimate time, place and manner restrictions on internet usage. These are essentially "behavioral" problems and should be addressed by library staff in the same way as other general library behavioral problems, such as making too much noise, inappropriate conduct in the library (i.e., sexual acts), and similar disorderly behavior. One rule you should keep in mind for general behavioral policies is that your policy must be sufficiently clear to put patrons on notice as to what behavior is and is not acceptable. A policy violates patrons' due process rights "if it is so vague and standardless that it leaves the public uncertain as to the conduct it prohibits." City of Chicago v. Morales, 119 S. Ct. 1849, 1859 (1999), quoting Giaccia v. Pennsylvania, 382 U.S. 399, 402-03 (1966); see also National Endowment for the Arts v. Finley, 118 S. Ct. 2168, 2179 (1998).

You may also encounter some problems in the "grey area" between illegal conduct and improper behavior. For example, what if a patron is suspected of sending inappropriate and unwanted, but not illegal, images or email to another patron or to a library employee? In this situation, there is no illegal conduct to report to the law enforcement authorities for action. Instead, it is and should be treated as a behavioral problem, exactly as if the patron spoke inappropriate and offensive, but not illegal, words to another patron or to a library employee. The problem should be handled according to general library behavioral policies, which probably means library staff would investigate the matter and attempt to obtain confirmation, then privately confront the patron with the problem and seek confirmation from the patron of the behavior, and finally reprimand or take action against the patron if warranted. Again, due process concerns mandate a patron be provided with notice and an opportunity to appeal any adverse action taken.

Similarly, a patron's internet usage may invade the rights of other patrons. Again, the problem should be handled according to general library behavioral policies.

How does one investigate or preserve evidence of illegal or inappropriate behavior? This is a truly difficult question because it necessarily raises patron's privacy rights. The library should, on the one hand, make reasonable provision for the privacy of computer users on public terminals. Libraries must protect the confidentiality of electronic records identifying individual users and linking them to internet search histories, websites accessed, and other information concerning information retrieved or sought. On the other hand, libraries may need to access this private information in order to investigate and enforce library policy and law enforcement may need this information to enforce and prosecute violations of state and/or federal law.

A "trail" of websites visited by a patron may be retained in the web browser's "history" (MicroSoft Internet Explorer and Netscape) or "temporary internet files" folder (Internet Explorer) and provides one method of tracing a patron's actions. However, a patron can easily "clear" these methods of retaining websites if he or she has the requisite knowledge. Some browsers also retain information in disk/memory cache (Netscape) and some websites visited employ "cookies" which may be traced on each computer. These sources also may provide information concerning patron's internet actions. Again, these sources can be cleared by the user or even turned off so as to not retain images or not accept "cookies."

In light of patrons' privacy rights, your policy should clearly indicate that access to the internet at the library is a privilege and not an absolute right. Patrons should be forewarned that public library internet access computers are not private and library personnel may access "tracing" files, in one or all of the methods outlined above, to maintain system integrity and to investigate suspected violations of law or policy. In addition, patrons should be warned that other patrons may be able to access such information. Users should be fully aware that websites visited and images viewed may not be "private" because the library, and its access to the internet via computer terminals, is necessarily public in nature.


Educate and inform yourselves before a problem arises. If you are prepared, you can defuse many potential conflicts. When prepared, you have the luxury of time to educate your patrons, staff and community about proper and responsible use of the internet.

* Be sure to keep records of all internet use problems. Document inappropriate behavior, patron reprimands and/or curtailed internet privileges.

* Inform your Board and staff about filtering issues and train your staff how to handle various problems. (Especially if you employ a "tap on shoulder" enforcement procedure.)

* Know how to access each computer's "history" files.

* Institute procedures to follow if a patron is discovered accessing illegal material (i.e., notify police).

* Test filtering software and services and document your test results.

What resources are out there?

* ALA website and related links ( Get the ALA's Internet Tool Kit  and check out the online information about CIPA (

* Check out:,,

* Subscribe to ALA's listserves and save all listserve e-mails in a special folder for reference. The ones I have found most helpful are: ALAWON and AL_NEWS.

* Check out the websites of the filtering proponents -- American Family Association (, Family Research Council ( and Pacific Justice Institute ( -- to know what they're up to. For opposition to filtering, see

* Stay informed about legislation. Check out materials such as COPA commission (, independent reviews of filtering software and services (Consumer Reports).

* For SLD specific CIPA information, go to:

* Check out from DTAE the SoliNET videotape "What's A Librarian To Do? The Filtering Dilemma."

Cathy Harris Helms is a lawyer with HELMS & HELMS, P.C. in Homerville, Georgia. Her website is

Back to Children and the Internet: Policies that Work main page