[OPLINTECH] Opinion: Executive Order 2023-03D (1/8/23)

Kevin Puffer KPuffer at wcdpl.org
Fri Jan 20 09:23:44 EST 2023 

Ohio Techies

I have been reading this list for many many years, but until today, have
never posted. (*I know there is a derogatory name for folks like me.*)
Notwithstanding, I felt compelled to offer some personal and
professional opinions regarding Governor Mike DeWine's recent executive
order 2023-03D
<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&ved=2ahUKEwiqz4bVoNb8AhWKMjQIHRcfDU0QFnoECAMQAQ&url=https%3A%2F%2Fcontent.govdelivery.com%2Fattachments%2FOHIOGOVERNOR%2F2023%2F01%2F09%2Ffile_attachments%2F2373098%2FSigned%2520Executive%2520Order%25202023-03D.pdf&usg=AOvVaw1IZiPQHrDRst2mVaf87C-7>
(1/8/23)



I realize there are a variety of opinions on this matter; many, I'm sure, I
have not personally thought of or ever considered. I am not offering mine
here as immovable, but as one man's perspective to toss into the fray. Most
who may take the time to read this missive are not in the position to set
policies for their libraries, but are surely in positions to influence
decision making to some degree.



On Sunday (1/8/2023) Governor Mike DeWine signed Executive Order 2023-03D
banning all Chinese Social Media use on State of Ohio equipment. The
prohibition covered certain applications, platforms, and websites on
State-Owned and State-Leased Devices. It was immediately questioned if this
order included library owned equipment that is used by both library staff
and the public.

The order states: *All State agencies, boards, and commissions shall
prohibit the following on any state owned or state-leased device capable of
accessing the internet: (i) the download and/or use of any social media
application, channel, and platform that is owned by an entity located in
China and (ii) accessing the website of any social media application,
channel, and platform that is owned by an entity located in China.*

I personally took the initiative to initiate the necessary measures so the
libraries that I serve could comply with this executive order, if they so
choose, through our electronic policy management system. Of course, each
library system always decides on their own level of protection.

Both Don Yarman, executive director of OPLIN, and the Ohio Library Council
(OLC) have publicly expressed their opinion that Public Libraries in Ohio
are exempt from compliance with Executive Order 2023-03D (1/8/23). Of
course, both are far more qualified to answer the question of compulsory
compliance than I am.  Here is my personal and professional opinion as to
why I believe it is prudent to heed, and voluntarily comply with the order.

Executive Order 2023-03D (1/8/23)

While it may yet to be argued if Public Libraries will eventually be
required by law to comply with this executive order, or if libraries could
be held liable for failure to comply, notwithstanding the order was
implemented to provide both a stance of practical leadership and a broad
measure of safety from foreign exploitation for Ohio citizens. Ohio
libraries are certainly one of the best ways to support that goal; I'm sure
public libraries must have been considered strong allies when making the
order.

Some points to consider:

·        Voluntary compliance sends the public message that libraries
continue to practice sound and safe stewardship of State resources.
Proactive protection from foreign exploitation is a value libraries share
with the Governor. Therefore, even if not mandatory, compliance by public
libraries is an example of positive leadership in safe cyber practices and
demonstrates how Ohioans work together for the good of Ohioans.

·        Even if public libraries are not technically State Agencies, *The
State Library of Ohio* is, and so absolutely covered by this order. Public
libraries generally follow their leadership in practice and policy,
especially in the area of public safety. If it is prudent for public
libraries to continue practicing something that the State Library is
forbidden to practice is a question every librarian should ask themselves.

·        The ISP for Ohio Public Libraries (OPLIN) is also a state agency
and so is included in this order. The order states “All State agencies,
boards, and commissions shall prohibit the following on any state owned or
state-leased device capable of accessing the internet…” When Public
libraries access internet sites that are included in this ban, they do so
through equipment owned wholly by the State of Ohio.

·        Public library employees are considered State employees for the
purpose of certain benefits and protections. One of the protections for
state employees is this proactive protection from foreign exploitation.

·        All public libraries in Ohio exist primarily on State funds, some
rely entirely on state funds. The spirit of this order, if not the letter,
is focused on protecting Ohioans by wielding the tool of state funds
towards protecting, and not harming Ohioans. As recipients and managers of
State of Ohio funds, it is an ethical obligation to operate within the
spirit of the funding source, or else reject the funds and freely operate
autonomously.

·        A library's noncompliance is based on the denomination of public
libraries being a "political subdivision", and therefore exempt from
compliance. "Political subdivision" actually means that an entity is
"sub-divided" from, but remains politically part of the whole from which it
derives. In this case public libraries are at least grammatically a
political subdivision of the State of Ohio.  As such, the whole always
works better overall when all the subdivisions work synergistically
together.

·        Public libraries should be paragons of good public citizenship.
Good citizenship compels us to follow the lead of our Governor, especially
when that leadership invites us to do good, by establishing sound safety
practices for library patrons. Safe internet practice sends a strong
message that libraries are vitally concerned about the safety of Ohioans.

·        Dangers and perils come in many forms and from many sources.
Public libraries have a strong history of providing a safe and secure place
for Ohio library patrons, and families have come to rely on prudent safety
measures being consistently maintained by the public libraries in Ohio
that they frequent. Libraries go to great lengths to ensure their patrons
are protected from many physical dangers and social hazards while utilizing
library resources. Every library has strong safety policies in place, and
those policies are regularly reviewed to ensure that the organization is
providing the safest environment for library staff and patrons. Providing
some protection from exploitation of unsuspecting patrons, especially by
foreign actors, while within the library safety zone is a natural role for
libraries. We do it all the time with spam blockers, antivirus/antimalware
measures, phishing detectors, etc. It is one thing to allow our patrons to
knowingly choose what they want to embrace and what they want to reject; it
is quite another to provide a direct means for their personal harm while
they are completely unaware of it.

·        Governors do not make executive orders lightly. State government
makes decisions for the State from more reliable, and more comprehensive
data than is available to the average citizen. The executive order spells
out the real dangers. It is worth reading in its entirety
<https://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=&cad=rja&uact=8&ved=2ahUKEwiqz4bVoNb8AhWKMjQIHRcfDU0QFnoECAMQAQ&url=https%3A%2F%2Fcontent.govdelivery.com%2Fattachments%2FOHIOGOVERNOR%2F2023%2F01%2F09%2Ffile_attachments%2F2373098%2FSigned%2520Executive%2520Order%25202023-03D.pdf&usg=AOvVaw1IZiPQHrDRst2mVaf87C-7>
.



Even if it remains that libraries are perpetually exempt from this
executive order, it is less than prudent to avail public networks of that
exemption. Turning a blind eye to a known safety hazard is dangerous, and
not in the best interest of our staff, or the patrons we serve. (IMHO)



My 2 cents, for what it's worth.
KP

-- 
  *Kevin Puffer*
*Systems Administrator*
*Wood County District Public Library*
*http://wcdpl.org <http://wcdpl.org>*
*251 N. Main St. Bowling Green, OH 43402*
*(419)** 352-5104   -  kpuffer at wcdpl.org <kpuffer at wcdpl.org>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.oplin.org/pipermail/oplintech/attachments/20230120/3b655166/attachment.htm>

More information about the OPLINTECH mailing list