InformationWeek

Kenton County Public Library in Kentucky isn't alone. Too many companies are lax about security. They forget to update their virus-detection software, don't delete old users, or place blind faith in users' willingness to police themselves. Kenton County Public Library is guilty of the latter. "We're in a tough position because we provide access to information," says Erin Knoll, IS librarian at the library. "We hoped our patrons would be responsible, but ultimately we had to filter content."

The library's three branches offer a wide selection of books, programs, and services to 886,000 patrons in three towns: Covington, Erlanger, and Independence. Three years ago, the library decided to offer Internet service, setting up 60 workstations at its branches. The terminals link to the main branch in Covington, which accesses the Internet through a T1 line.

When the library introduced Internet service in 1997, the board decided not to filter URLs or monitor content, hoping that library patrons would use the services responsibly. "Call me an idealist, but the purpose of a library is to provide people with access to all types of information," Knoll says. "Regrettably, in a family-oriented environment, that's just not possible."

The open-access policy predictably gave way to misuse. Unfortunately, some people downloaded graphic sexual images in plain view of children and other patrons. "We got numerous complaints from parents," Knoll says. "I don't blame them, but there's a fine line between providing access to all information and doing what's right for the majority of the population. We decided we needed to start filtering content, so we started looking for solutions."

Knoll turned to other libraries and schools that were faced with similar challenges. Knoll was sold on I-Gear, Symantec Corp.'s URL filter that lets users block categories. The library blocked sites that contained illegal content in compliance with local statutes, some of which include sexual content. The library didn't announce its new policy, it simply stated it on PC access screens.

Since deploying I-Gear, complaints from parents have drastically decreased. "I-Gear is working well," Knoll says. "It gave us the ability to block graphical formats and unblock individual sites. It provides the kind of flexibility we need to provide access to information while blocking unwanted content."

If a patron complains about someone accessing sexual content, Knoll traces the site and blocks it. She also keeps Symantec informed of what she finds so newly blocked sites can be added to a master list. Conversely, if a customer complains about not being able to access a site that's supposedly suitable, she reviews it on an unfiltered staff PC and unblocks the site if she finds it appropriate for the library.

"We can't block all sites because there are new ones, and old ones often change their names," Knoll says. Some creative patrons were using Internet foreign-language dictionaries so they could bypass the system to access X-rated sites, she says. "We filtered some of these, and Symantec discovered more. It's a continual process, but one that's apparently necessary."