[OPLINTECH] Opinion: Executive Order 2023-03D (1/8/23)

Don Yarman don at oplin.ohio.gov
Fri Jan 20 11:23:33 EST 2023 

On Fri, Jan 20, 2023 at 9:24 AM Kevin Puffer via OPLINTECH
<oplintech at lists.oplin.org> wrote:

> Both Don Yarman, executive director of OPLIN, and the Ohio Library Council (OLC) have publicly expressed their opinion that Public Libraries in Ohio are exempt from compliance with Executive Order 2023-03D (1/8/23).

When I say (accurately) that the Executive Order applies to state
agencies only, and that libraries are not state agencies but
subdivisions of local government, I am not offering an opinion of
whether libraries should or should not follow the directives the
Governor has set for state agencies. Internet content access policies
are the responsibility of the local library board.

If a library board decides to block access to any internet
destination, libraries can use mechanisms of their choice, including
Cisco Umbrella, which OPLIN provides for any public library that wants
it. Email OPLIN Support for more information.

                    Don Yarman (he/him/his)
                    Director, Ohio Public Library Information Network
                    2323 W Fifth Ave Suite 130, Columbus OH 43204
                    don at oplin.ohio.gov | 614.728.5250



Of course, both are far more qualified to answer the question of
compulsory compliance than I am.  Here is my personal and professional
opinion as to why I believe it is prudent to heed, and voluntarily
comply with the order.
>
> Executive Order 2023-03D (1/8/23)
>
> While it may yet to be argued if Public Libraries will eventually be required by law to comply with this executive order, or if libraries could be held liable for failure to comply, notwithstanding the order was implemented to provide both a stance of practical leadership and a broad measure of safety from foreign exploitation for Ohio citizens. Ohio libraries are certainly one of the best ways to support that goal; I'm sure public libraries must have been considered strong allies when making the order.
>
> Some points to consider:
>
> ·        Voluntary compliance sends the public message that libraries continue to practice sound and safe stewardship of State resources. Proactive protection from foreign exploitation is a value libraries share with the Governor. Therefore, even if not mandatory, compliance by public libraries is an example of positive leadership in safe cyber practices and demonstrates how Ohioans work together for the good of Ohioans.
>
> ·        Even if public libraries are not technically State Agencies, The State Library of Ohio is, and so absolutely covered by this order. Public libraries generally follow their leadership in practice and policy, especially in the area of public safety. If it is prudent for public libraries to continue practicing something that the State Library is forbidden to practice is a question every librarian should ask themselves.
>
> ·        The ISP for Ohio Public Libraries (OPLIN) is also a state agency and so is included in this order. The order states “All State agencies, boards, and commissions shall prohibit the following on any state owned or state-leased device capable of accessing the internet…” When Public libraries access internet sites that are included in this ban, they do so through equipment owned wholly by the State of Ohio.
>
> ·        Public library employees are considered State employees for the purpose of certain benefits and protections. One of the protections for state employees is this proactive protection from foreign exploitation.
>
> ·        All public libraries in Ohio exist primarily on State funds, some rely entirely on state funds. The spirit of this order, if not the letter, is focused on protecting Ohioans by wielding the tool of state funds towards protecting, and not harming Ohioans. As recipients and managers of State of Ohio funds, it is an ethical obligation to operate within the spirit of the funding source, or else reject the funds and freely operate autonomously.
>
> ·        A library's noncompliance is based on the denomination of public libraries being a "political subdivision", and therefore exempt from compliance. "Political subdivision" actually means that an entity is "sub-divided" from, but remains politically part of the whole from which it derives. In this case public libraries are at least grammatically a political subdivision of the State of Ohio.  As such, the whole always works better overall when all the subdivisions work synergistically together.
>
> ·        Public libraries should be paragons of good public citizenship. Good citizenship compels us to follow the lead of our Governor, especially when that leadership invites us to do good, by establishing sound safety practices for library patrons. Safe internet practice sends a strong message that libraries are vitally concerned about the safety of Ohioans.
>
> ·        Dangers and perils come in many forms and from many sources. Public libraries have a strong history of providing a safe and secure place for Ohio library patrons, and families have come to rely on prudent safety measures being consistently maintained by the public libraries in Ohio that they frequent. Libraries go to great lengths to ensure their patrons are protected from many physical dangers and social hazards while utilizing library resources. Every library has strong safety policies in place, and those policies are regularly reviewed to ensure that the organization is providing the safest environment for library staff and patrons. Providing some protection from exploitation of unsuspecting patrons, especially by foreign actors, while within the library safety zone is a natural role for libraries. We do it all the time with spam blockers, antivirus/antimalware measures, phishing detectors, etc. It is one thing to allow our patrons to knowingly choose what they want to embrace and what they want to reject; it is quite another to provide a direct means for their personal harm while they are completely unaware of it.
>
> ·        Governors do not make executive orders lightly. State government makes decisions for the State from more reliable, and more comprehensive data than is available to the average citizen. The executive order spells out the real dangers. It is worth reading in its entirety.
>
>
>
> Even if it remains that libraries are perpetually exempt from this executive order, it is less than prudent to avail public networks of that exemption. Turning a blind eye to a known safety hazard is dangerous, and not in the best interest of our staff, or the patrons we serve. (IMHO)
>
>
>
> My 2 cents, for what it's worth.
> KP
>
>
> --
>   Kevin Puffer
> Systems Administrator
> Wood County District Public Library
> http://wcdpl.org
> 251 N. Main St. Bowling Green, OH 43402
> (419) 352-5104   -  kpuffer at wcdpl.org
> _______________________________________________
> OPLINTECH mailing list
> OPLINTECH at lists.oplin.org
> https://lists.oplin.org/mailman/listinfo/oplintech
>
> ****** Did you know that OPLIN provides a free security scan for your library's network? https://www.oplin.ohio.gov/security ******

More information about the OPLINTECH mailing list