IT fault at libraries gave school pupils access to porn

Primary school pupils in Edinburgh had access to pornography and videos of executions at public libraries due to a computer fault.

Filters designed to block inappropriate websites were not activated on PCs accessed using child library cards.

City of Edinburgh Council believed the issue was resolved earlier this month – until it was discovered that the revised safety measures could also be easily bypassed.

All public computers in the city’s libraries were taken offline again until the issue could be rectified with the council's IT partner, the Canadian firm CGI.

The local authority said it believed that access to PCs had now been restored.

Younger pupils are sometimes taken to libraries in order to use computers during the school day.

The desktop PCs can also be booked and used by members of the public if they have a valid library card.

Content is meant to be filtered based on age to prevent access to inappropriate material.

After hearing that pupils had seen inappropriate material one parent tested the filters while logged on at a “children-only” library computer using a child’s card.

They found that websites including PornHub were visible to children.

Pictures seen by BBC Scotland showed they could also access another site which contained videos of the execution of Saddam Hussein and the public shooting of a woman in front of a stadium in Afghanistan in 1999.

The school reported the breach to CGI and the council, which took computers in its libraries offline for seven days.

Access was restored on 3 October – but the parent then found that the same websites could still be viewed using a child’s login once the “safe-search” option was toggled off in settings.

The computers were taken offline again and A4 notices were taped to screens saying that they were “experiencing technical difficulties at this time”.

School-issued iPads were taken away from pupils at one school for testing to find out if they were also susceptible to the fault.

It was discovered that websites including Wikipedia, which was not blocked by the filter, may have included inappropriate images and graphics seen by children.

In an email, the council said the devices had since been returned to pupils after “no evidence of inappropriate material” was found.

However, the parent told BBC Scotland News they felt “fobbed off” by the local authority – and that other parents had not been informed of the breach.

The parent accused the council and CGI of failing to protect children from explicit content.

The company handed out 44,000 iPads to pupils and to teaching and learning staff as part of an 18-month rollout which ended in May 2023.

A spokeswoman for City of Edinburgh Council said it was “reviewing” its security measures.

Its culture and communities convener, Cllr Val Walker, said: “After receiving a complaint from a service user, the council immediately suspended access to online services in Edinburgh libraries to review access permissions.

“Access has now been restored, and we are continuing to work with our digital partners to review how this happened and ensure safe and secure access for all users."

CGI did not respond to requests for comment when contacted by BBC Scotland News.