Friday, April 4, 2014

Not Only Filters: Some Suggestions for Dealing with Malware Protection in Libraries

Happy 4/04 Day

Recently, I was at the Cambridge Public Library looking for divorce paperwork for Massachusetts (for more on why that happened, check out this post.) CPL doesn’t use filtering software on their computers (woo!) and has a clear and concise use policy as well as individual privacy screens. From that perspective, it was an ideal library computer experience.

However the short form financial statement (non-malware pdf at link), available from the MA court website and necessary for many court filings, was actually blocked by CPL’s anti-malware software. I tried a couple of different times to download it, including on different browsers, before eventually finding the form was available elsewhere on the Plymouth County Court website. 

When I finished my session, I went up to the super nice librarian who had helped me figure out the computer system and mentioned that a site was blocked. She commented that I must be wrong – that CPL didn’t block anything. I clarified that it was the malware protection software, she had me write down what was blocked on a post-it note, and I went on my way.

I accessed the PDF from my computer later that day, and was pretty certain there was nothing harmful there. Additionally, this document is super important for people who are filing for divorce or child custody who make under $75,000 – many of the people that the Cambridge public library serves. I don’t imagine I’m the only one who has encountered this problem. Anti-malware software, just like filters, can be over-inclusive.

However, not using malware protection is probably not a good solution – I imagine that CPL has thought through its policy on this and come to the conclusion that significant staff time and energy is saved by protecting users from themselves on the front end. So how to solve this problem of over-inclusive anti-malware software, especially in scenarios like that form?

Providing people with information on how to report problems with malware protection seems like an excellent first step. Neither the pop-up nor the computer use agreement had any information about reporting problems with malware protection. There was no information to suggest that websites could be wrongly blocked by malware protection, and as such, non-tech savvy folks may just conclude that there’s nothing to be done. Often, filtering software will include the “if you think this has been wrongly blocked, do X” when it blocks a site –a similar message would go a long way towards helping folks who are trying to access legitimate information. An aside: if the website had been serving malware, it seems like the CPL would be in an excellent position to contact the MA court system to let them know about the problem, as opposed to me. Not necessarily a librarian’s job, but maybe something to consider.

Additionally, the casualness of the reporting procedure did not reassure me that this particular concern was taken seriously. Although the form is now unblocked (I went back to check), the response from the librarian, otherwise perfectly nice, was unhelpful. Letting librarians who might be manning a computer use desk know that patrons may report blocked sites, or even better, having a way for patrons to do so directly from the computer, would both be solutions that would better enable libraries to gather information. At-computer reporting could allow inclusion of a URL in the report, something my post-it note did not have.

In general, even if your library isn’t running filters, it’s worth thinking about what other roadblocks patrons may encounter, and having systems that encourage reporting and feedback. Informal methods may catch some problems, like this one, but may not provide enough information to spot patterns. For libraries that serve populations who might not have other methods to access material online, it’s vital to ensure that patrons can get to the information they might need without running afoul of overzealous protection software.