Now that you have wireless, how about a policy?

Recently I wrote a post about marketing your wireless service. It sparked a number of excellent comments, including some questions on policy. I decided they were worth answering in a longer form, including some helpful tips cribbed from my book on Wireless Networking for Libraries which I thought would be helpful.

Chances are that your library already has an Internet (or computer) use policy. If you don’t—get one! There are plenty of examples out on the web. That said, the question becomes: do you need a separate policy for your wireless access? The answer to that question depends on how your existing use policy is worded.

  • Does your policy simply give the standard disclaimer about the Internet being “an unregulated resource/medium” and patrons using it at their own risk, with perhaps some procedural information on time limits, signup, etc.?
  • Does it look something like this example from my library?

Most Internet use “policies” contain a disclaimer section--usually fairly standardized from library to library--and a procedures section that details that library’s particular way of handling access to their Internet stations, age limits for use, printing limitations and/or costs, and so forth. If your wireless access is simply an extension of your wired local area network for patron use, you can assume that much of the same language from your Internet use policy will be appropriate for wireless. There are some things you may want to add, however. If your wireless network is completely separate from your staff network, you have saved yourself some security issues. However, your users still need to be told what risks they take using the service, what the acceptable use of this service is, and what it means to them to use it with their own equipment. Below is some sample language.

  • “The library cannot guarantee a secure connection at all times and in all places in the library, as many things can interfere with wireless including building elements, cordless phones, etc. The library takes no responsibility for lost data, etc. due to a lost connection.”
  • “Wireless networks are transmitted via radio waves, and are therefore susceptible to potential ‘eavesdropping’, so patrons should be aware of what they are transmitting over this open network. In addition, patrons are responsible for maintaining up-to-date antivirus software, firewalls, etc.”
  • “As the library’s Internet access is filtered, so is the wireless access to the Internet.” Assuming this is the case. Equally, if you are not filtering wireless access, but you do filter your wired connections, they should be made aware of this difference, as well.
  • “Patrons must take responsibility for their own equipment.” This is a biggie that many libraries forget. Some libraries include a legal disclaimer about not being responsible for lost items—usually this is copied from the library use policy, where it already exists.
  • “All library policies concerning legal and acceptable use of computers and the Internet apply, as well as library conduct policies.” Again, your existing policies cover many of your concerns already. You simply need to apply them equally and fairly.

In addition, be sure patrons know what they can and cannot expect from this service, including:

  • “The library does/does not provide the ability to access streaming audio or video, telnet or FTP.” These are not one service, but individual policy decisions you will need to make.
  • “Web-based email only, no POP3 or SMTP connection.” This is for laptop users who have Outlook or Outlook Express on their machines. Chances are you do not have an email (SMTP) server attached, so they need to access their work or home email via a web-based interface. They should know how to get to this.
  • “No printing is available from the wireless network. You can save your documents to floppy or USB drive and print them from our wired stations.” This is a common limitation, as wireless printing options are unwieldy at the moment (though this is changing). Be sure you let them know if they can or cannot.
  • “Staff will provide no/little/some technical support, including/not including dealing with patrons’ personal computer equipment.”
  • Many public libraries offer free, open wireless access, but assume no responsibility in configuring patrons’ equipment beyond simple hands-off troubleshooting (if even that). Some libraries choose to offer a minimum of assistance to patrons using their own laptops, but generally include language in their policy offsetting liability for such help. This is a tricky situation, and one you need to decide for your library, and your staff. Offering no help can make library staff feel helpless, but you don’t want to set up false expectations for patrons of technical knowledge of many different operating systems. Troubleshooting help sheets, both in paper and on the website, can give basic tips for configuring laptops to work in a wireless environment. This is often a good solution midway between “we don’t touch patrons’ laptops or offer help” and expecting staff to configure patron equipment. One piece of advice: Don’t reinvent the wheel! Find out what other libraries are doing, and pick what works for your situation. Search for library wireless policies and use what makes sense for you. Finally, decide how you will make patrons aware of the policy. Will you simply post it around the building? Will you put it on your website? If you want them to agree to an acceptable use policy before using the service, you might look into a captive portal software product, which forces the user to a specific website when they first get on your network, where you can have them agree to (and hopefully read) a policy. An Internet or periodical search will get you more info on captive portals. * NEXT UP: a checklist for your Wireless Policy! * Adapted with permission from: by Louise Alcorn and Maryellen Mott Allen. New York: Neal-Schuman Publishers, 2006.

Comments

We have wireless access for our public library. We issue WEP keys to anyone who wants access, and we don't require a library card or registration.
I recently received a call from a gentleman in another state who believed that someone had used our wireless access to harass him by signing him up with sites that send spam.
I explained to him that we don't have any information about who is using our wireless, but he felt that we are legally responsible for any illegal activity done by using our wireless access.
Any thoughts about this? Are we liable? Should our wireless policy (we don't currently have one, but I will be working on one using the new Cookbook 2) include a litany of all the things users shouldn't do?

A few things that hit me right away: WEP is the lowest, most breakable level of wireless security. If you can move up to WPA or WPA2, you should do so.

Handing out keys is hard on staff - work with an IT professional to secure your network at the server end, so you can provide unfettered but secure access to your wireless.

Re: The guy who called - You would need to talk to a lawyer (city attorney?) about your actual liability. However, your Internet Use Policy *should* have a disclaimer saying the library does not accept responsibility/liability for problems with privacy, spamming, etc. Just a basic disclaimer, which nearly every public Internet provider has (the Internet is an unregulated medium, cannot guarantee any information received or confidentiality, etc.). Do you not have an Internet policy?? I'm going to be a bit severe here for a moment: you should NOT have Internet access available to the public until AFTER you have a policy in place. Either wired or wireless. That said, the horse may be out of the barn. You need to draft a policy NOW and have it Board approved. You can get examples from the websites of dozens of libraries. A simple Google search on library internet policy will get you a bunch to start with. I've also linked mine below (it's not the best I've seen, for what that's worth).

If you DO have an Internet Use Policy, you can fall back on that policy to some extent, including for wireless - you're basically just providing Internet access via a wireless conduit. It's still the same Internet, with all the same pitfalls, etc. However, your responsibility does lie in telling people what those pitfalls are, in a general manner.

You can take a look at my library's Internet Use Policy. It's pretty standard. In fact, it's cadged from a variety of other library policies around the country. Only the first half is really 'policy', the other half is simply local procedure, which is of course different for every library. Again, ours is not the best I've seen, but it covers the basics.

For wireless, my original web post gives some ideas for "extras" you'll need to be sure you have in your policy to cover that service's peculiarities.

I'm a bit confused how this guy knows that it was someone using your wireless that signed him up. Or was HE using your wireless at the library? If the latter, it may not have been your wireless that got this guy that spam - it may have been someone behind him looking over his shoulder at your library. This sort of behavior should be covered in your Library Conduct Policy, as it's a behavioral, not technological, issue. Again, if you don't have such a thing, I would close your doors until you do! I don't mean to sound alarmist, but you're opening yourself up for all sorts of annoyance if you don't have the basics - Internet/Computer Use Policy and a general Library Conduct Policy - in place before you ever provide a service like public Internet.

You need to have your city (or college or university) attorney jump on this and get more information. If you work with an IT department of any kind (city, university), they need to be brought on board about all of this. Technically the fault lies with whomever did the actual deed of signing him up (and really, he could have 'signed' himself up for all sorts of stuff by replying to the wrong email).

I hope this helps you some - feel free to email me if you have any further questions about the tech. For legal questions, I'm afraid you'll need to get legal advice.

Best of luck!
Louise