Ed. Tech.

Safe and Ethical Use of Computers

Filtering | Acceptable Use Policies & Guidelines | General Information

Q & A on the Internet Protection Certification
Summary
Timelines
Q & A on the Internet Protection Act

** If a school is receiving Internet Access and/or Internal Connections funding for Year 4 E-rate funding (which begins July 1, 2001), it will be required to certify by Saturday, October 27, 2001 that it is in compliance. Public libraries will have until 2002 to certify that they have adopted Internet filtering technologies. Please see below for more details. Important: If a school is receiving E-rate discounts on Telecommunications Services ONLY, it is exempt from these requirements.

Q & A on the Internet Protection Certification:

  1. Who is affected and what are the deadlines?

If a school is receiving Internet Access and/or Internal Connections funding for Year 4 E-rate funding (which begins July 1, 2001), it will be required to certify by October 27, 2001 that it is in compliance. The certification will be added to the Form 486, which applicants file when their services have been delivered and they are ready to receive support.

The FCC said that even though the certification does not have to be filed until October, schools will be required to be in compliance with the law at the time they begin receiving discounted services, which could be as early as July 1, 2001. However, for Year 4, schools will be permitted to certify that they are merely "undertaking such actions" to put in place "an Internet safety policy and technology protection measures," rather than having them in place already, thus giving all applicants a one-year implementation window.

Public libraries will have until July 2002 to certify that they have adopted Internet filtering technologies. Please see web site for more details.
  1. What will I be certifying to?

Affected applicants will be certifying that they are in compliance with the Children's Internet Protection Act (CIPA) regulations, which basically means two things:

  1. After at least one public hearing they have adopted an Internet Safety Policy (ISP) that addresses a number of issues, including:
    • hacking;
    • the unauthorized disclosure, use or dissemination of personal information regarding minors;
    • the safety and security of minors when using electronic mail, chat rooms, etc.; and
    • the technology protection measure that is or will be in place
  2. The school is operating a technology protection measure with respect to any of its computers with Internet access that protects against access through such computers to visual depictions that are obscene, child pornographic, and/or harmful to minors. In the rules, the FCC provided no further guidance on how a technology protection measure should be defined. If schools and libraries have already adopted an Internet Safety Policy that complies with the law, including the public hearing requirement, they would not be required to adopt a new one.
  1. Are technology protection measures such as filtering products E-rate eligible?

The FCC considered many comments about the funding needed to institute the filtering requirements, and stated the statutory language is clear that recipients may not receive universal service discounts for technology protection measures. Therefore, filters and blocking systems will not be eligible items for E-Rate.

  1. Are all computers required to be filtered, including administrative computers?

The FCC is imposing the requirements on ALL Internet-accessible computers used by the schools and libraries, including public, student, staff and administrative workstations on the Internet because the law made no distinction between school and library computers that are used only by adult staff, and those used by children or the public.

However, they have left it to local communities to determine how to implement the law's provision that permits technology protection measures to be disabled for adults for bona fide research or other lawful uses. The law specifically states, "an administrator, supervisor, or person authorized by the responsible authority [i.e. school, school board, local educational agency, or other authority with responsibility for administration of such school] may disable the technology protection measure concerned to enable access for bona fide research or other lawful purposes." There are no additional definitions to these terms.

  1. How will consortia applicants certify that their members are complying with CIPA?

The FCC is creating a new form, Form 479, that each member of a consortium will be required to complete and submit to the lead consortium member or agency. The FCC stipulated that if a consortium member is found not to be in compliance with the law, it would not jeopardize the funding commitment of the rest of the consortium and that the lead consortium member will not be responsible for verifying the accuracy of a member's certification. What is not known is whether any of the Form 479s will be required to be submitted to the Schools and Libraries Division (SLD) with the consortium's application.

  1. What happens if a school or library receives E-rate discounts but is found to be in noncompliance with the law?

Entities that are found not to be in compliance with the law would be required to reimburse the Universal Service Fund for discounts that were received during the period they were not in compliance.

  1. Will a school or library need to track the effectiveness of filters?

The FCC found that the CIPA law did not require that entities certify the effectiveness of their Internet Safety Policy and technology protection measures, and that they would therefore not impose that additional requirement. Further, the FCC indicated that they will not be mandating that schools and libraries track the number of attempts made to access prohibited visual depictions or the number of times the technology measure succeeded or failed. It also will not require schools or libraries to collect any complaints filed by the public and make these available. They note, "Because we concur that these data collection and reporting requirements fall outside the requirements of CIPA, we decline to impose such requirements on recipients."

  1. Will a school or library have to publicly post the CIPA requirements or a copy of its Internet Safety Policy?

The FCC considered requests by some commenters that wanted schools and libraries to publicly post the key requirements of CIPA and the text of the written Internet Safety Policy that was adopted. The FCC chose to NOT require schools and libraries to post this material citing that it is not a requirement of the law.

  1. Will there be separate regulations for Technology Literacy Challenge Funds or Library Services Technology Act grants?

The E-rate rules supercede any rules that may be developed for these other programs. However if a school is not receiving E-rate funding and is ONLY receiving TLCF funding or if a library is not receiving E-rate funding and is only receiving LSTA funding, there might be separate regulations developed for those funding streams.

  1. Will the court challenges to CIPA affect these regulations and their implementation?

It is unlikely that the courts will rule on the cases prior to July 1 or October 27, and, therefore, schools should proceed with implementing these requirements.


INTERNET PROTECTION ACT

SUMMARY

Before the last session ended, Congress passed the "Children’s Internet Protection Act (CIPA)," and the Neighborhood Protection Act. These acts are almost identical, and basically REQUIRE that schools and libraries receiving E-rate, Elementary Secondary Education Act (ESEA) - Title III [including Technology Literacy Challenge Fund (TLCF)] and/or the Library Services Technology Act (LSTA) funds, have an Internet Safety Policy in place.

Schools and libraries are expected to implement an Internet Safety Policy that addresses the following components.

1) The operation of a technology protection measure through computers with Internet access that protects against access through such computers to visual depictions that are:

  • obscene,
  • child pornographic
  • harmful to minors

2) Certification that the school/district or public library is enforcing the operation of such technology protection measures during any use of such computers.

3) Requires that the school/district hold at least one public meeting or hearing on the Policy of Internet Safety.

The E-Rate program, the U.S. Department of Education and the Institute of Museum and Library Services will require certification of compliance with the requirements under their various jurisdictions in a manner to be determined.

TIMELINES

The FCC has indicated that it views October 27, 2001 as the first certification deadline for E-rate funds awarded for program year four.

Other reports state that schools and libraries that currently have a Policy of Internet Safety (i.e. an Acceptable Use Policy) AND have a technology protection measure (i.e. filtering software and/or hardware system) in place, will self-certify in their Year 4 Form 486’s (in the June 2001 timeframe) that they have a system in place.

For schools that currently DO NOT have BOTH a Policy of Internet Safety AND a technology protection measure -- and will not have one in place by July, 2001 -- the school shall certify that it is undertaking such actions, including any necessary procurement procedures, to put in place an Internet safety policy and technology protection measure that meets such requirements. The school then has until the next program year (July 2002) to comply. If they do not comply by the July 2002 Program Year, E-Rate funds will not be disbursed.

The New Jersey State Library has posted information on proposed timelines at http://www2.njstatelib.org/njlib/ucipa3.htm.

Questions and Answers on Internet Protection Act

Although the Children's Internet Protection Act (CIPA) and the Neighborhood Protection Act laws were signed in December, most parties are still trying to piece together all of the information and requirements. The following questions and answers are based on excerpts from a comprehensive piece done by the American Library Association (ALA).

1. Q: What is a "technology protection measure"?

A: The law defines a "technology protection measure" as "a specific technology that blocks or filters Internet access to visual depictions that are-(A) obscene . . .; (B) child pornography . . .; or (C) harmful to minors . . ." Although the law clearly requires the use of filtering or blocking technology, it does not require the use of specific filtering software or services. Instead, CIPA requires schools or libraries covered by the new requirements to certify that they are using technology that blocks or filters access to visual depictions of the type specified in the legislation.

2. Q: Do CIPA and the Neighborhood Act cover the same ground? What is the relationship between the two different "acts"?

A: CIPA and the Neighborhood Act cover different ground and are not in conflict. Both acts comprising the new law set forth requirements concerning the "protection" of minors from certain materials. The CIPA requires the filtering or blocking of certain visual depictions and requires schools and libraries to adopt and implement an Internet safety policy and operate "technology protection measures" (blocking and filtering) if they receive—

  • E-rate discounts for Internet access, Internet service, or internal connections;
  • Funds under ESEA - Title III to purchase computers used to access the Internet or to pay the direct costs associated with accessing the Internet; or
  • Funds under the state grant programs of LSTA to purchase computers used to access the Internet or to pay the direct costs associated with accessing the Internet. The Neighborhood Act covers a broader range of content and certain prohibited activities, pertains to the universal service discounts only, and requires schools and libraries to adopt and implement an Internet safety policy - essentially an "acceptable use" policy - addressing various specific issues and to do so with local participation. One of a number of elements of the Internet safety policy is the use of blocking or filtering technology (referred to in the legislation as a "technology protection measure." (The specific requirements relating to blocking or filtering technology and the timing and procedures for certifying their use are contained in the CIPA.)

3. Q: Three agencies - the Federal Communications Commission (FCC), the U.S. Department of Education, and the Institute of Museum and Library Services (IMLS) - have responsibilities under this new law. Will my library need to make multiple certifications to multiple agencies?

A: No. Covered schools and libraries are required to file only one certification with one agency to avoid conflicting or duplicative requirements, among the three federal agencies involved.

  • Every library and school receiving E-rate discounts for Internet access, Internet service, or internal connections must comply with the new amendments to section 254 of the Communications Act (as added by sections 1721 and 1732 of the new statute) and certify compliance with Children’s Internet Protection Act to the FCC. That is the only agency to which these entities are responsible, even if they receive Elementary and Secondary Education Act (ESEA) - Title III or Library Services and Technology Act (LSTA) (state grants) funds.
  • Schools and school libraries receiving ESEA - Title III funds for computers or accessing the Internet, but no E-rate discounts, must provide their certification to the Department of Education.
  • Libraries receiving LSTA state grant funds for computers or accessing the Internet, but no E-rate discounts, must provide their certification under the Museum and Library Services Act.

4. Q: My school or library does not receive E-rate discounts. Will CIPA (or the Neighborhood Act) apply if we receive an LSTA or TLCF grant that is for activities other than purchasing computers for accessing the Internet or for other Internet access costs?

A: No, the requirements of CIPA are specifically tied to use of LSTA/TLCF funds "to purchase computers used to access the Internet, or to pay for direct costs associated with accessing the Internet." If no LSTA/TLCF funds are received by the school or library, or if those received are used for purposes other than those quoted, then CIPA simply does not apply. (The Neighborhood Act applies only to E-rate recipients.)

5. Q: Does this new law apply if a library or school is not a direct recipient of federal funds, but only an indirect recipient of those funds through a state intermediary program?

A: Yes, the law applies in all of the programs to direct and indirect recipients of federal funds under the programs specified. For example, since the law states that "no funds made available" through LSTA or ESEA may be used to purchase computers or pay for Internet access, it does not matter whether the funds go directly to the school or library or through an intermediary.

6. Q: The new law appears to require only use of technology protection measures that block or filter Internet access to "visual depictions"; does that mean that I do not need to take steps to block or filter text, whatever the content?

A: Yes. CIPA requires only that covered schools and libraries block or filter "Internet access to visual depictions . . . ." Therefore, the blocking or filtering technology need not affect text, whatever the content, and setting a browser to "text only" would satisfy this requirement.

7. Q: What kind of "visual depictions" must be blocked or filtered?

A: For adults, the recipient of funds must block or filter access to visual depictions that are obscene (as defined by the federal obscenity statute, 18 U.S.C. ‘ 1460 et seq.) and child pornography (as defined by 18 U.S.C. ‘ 2256). For minors, the recipient of funds must block or filter visual depictions that are obscene and child pornography, as well as visual depictions that are "harmful to minors."

8. Q: What is "obscenity"?

A: The federal obscenity statute cited in CIPA does not itself contain an express definition of obscenity. However, the Supreme Court (in Miller v. California, 413 U.S. 15 (1973)) has established a test for obscenity that is now implicitly incorporated into the federal statute:

  • Whether "the average person, applying contemporary community standards," would find that the material, taken as a whole, appeals to the prurient interest;
  • whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state or federal law to be obscene; and
  • whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value.

9. Q: What is "child pornography"?

A: The federal child pornography statute, 18 U.S.C. ‘ 2256, defines "child pornography" as "any visual depiction" of a minor under 18 years old engaging in "sexually explicit conduct," which includes "actual or simulated" sexual intercourse, bestiality, masturbation, sadistic or masochistic abuse, or "lascivious exhibition of the genitals or pubic area." The statute’s definition includes not only actual depictions of sexually explicit conduct involving minors, but also images that "appear to be" minors engaging in sexually explicit conduct.

10. Q: What is "harmful to minors"?

A: The act defines "harmful to minors" as "any picture, image, graphic image file, or other visual depiction that:

  • "taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion;
  • depicts, describes, or represents in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and
  • taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors."

11. Q: What is a "minor"?

A: The act defines "minor" as an individual who has not attained the age of 17.

12. Q: Can a filter ever legally be disabled?

A: Yes, under limited circumstances. The act provides that an administrator, supervisor, or other authorized person may disable the blocking or filtering technology "to enable access for bona fide research or other lawful purposes." If the school or library is covered by CIPA because it receives E-rate discounts for Internet access, Internet service, or internal connections, then the blocking or filtering technology may be disabled for research or other lawful purposes only "during use by an adult." However, if the school or library is covered only by virtue of receipt of ESEA - Title III funds or LSTA state grant funds, and not through the E-rate provisions, then the blocking or filtering technology may be disabled for any user "for bona fide research or other lawful purposes." This anomaly is not explained in the statute or its legislative history.

13. Q: What does "bona fide research" and "other lawful purposes" mean?

A: No definition or explanation is offered for these terms in the statute or its legislative history.

14. Q: What is the source of the requirement that certain schools and libraries adopt an "Internet safety policy," and what must such a policy address?

A: There are two sets of requirements for an Internet safety policy, one established by the Neighborhood Children’s Internet Protection Act and one by CIPA. The Neighborhood Act provides that libraries and schools receiving E-rate discounts for Internet access, Internet service, or internal connections must adopt and implement an Internet safety policy that addresses the following issues:

  • "(i) access by minors to inappropriate matter on the Internet and World Wide Web;
  • "(ii) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications;
  • "(iii) unauthorized access, including so-called ‘hacking’, and other unlawful activities by minors online;
  • "(iv) unauthorized disclosure, use, and dissemination of personal identification information regarding minors; and
  • "(v) measure designed to restrict minors’ access to materials harmful to minors."
  • CIPA requires that libraries and schools that receive E-rate discounts for Internet access, Internet service, or internal connections or that receive ESEA - Title III or LSTA state grant funds must also, in their Internet safety policy, include the operation of blocking or filtering technology and provide for the enforcement of the operation of such technology during use of those computers with Internet access by minors. Additionally, schools receiving E-rate discounts (but not libraries or schools that receive LSTA or ESEA - Title III funds, but that do not receive E-rate discounts) must also certify that their policy includes "monitoring the online activities of minors."

15. Q: What must an "Internet safety policy" adopted under the Neighborhood Act look like?

A: The statute provides no specific format. Schools and libraries will have flexibility to develop their own policies, which may correspond to a current "acceptable use policy" - so long as they address the elements required by the law.

16. Q: Are there any procedures my school or library will be required to follow for the adoption and maintenance of our Internet safety policy?

A: Yes. The Neighborhood Act requires that, prior to adopting its Internet safety policy, the school or library must provide "reasonable public notice" and "hold at least one public hearing or meeting" to address the proposed policy. After adopted, the Internet safety policy must be available to the FCC, upon request, for review by the Commission.

17. Q: Does this mean that my school or library cannot use the Internet safety policy that was in place before the Neighborhood Act becomes effective, even if the policy covers all the issues required to be addressed by the new statute?

A: The wording of the statute - requiring a public hearing or meeting "to address the proposed Internet safety policy" - would seem to suggest that even an existing policy must be reconsidered pursuant to reasonable public notice and subject to a public hearing or meeting. If the existing policy was originally adopted in compliance with these requirements and addresses all of the issues required, then reconsideration should not be required. However, the FCC will have the last word on this question and has not provided any guidance on whether the agency will agree with ALA’s interpretation.

18. Q: Must the broad Internet safety policy outlined above (covering access by minors to inappropriate matter, safety and security of minors, unlawful activities by minors, personal identification information regarding minors, and restricting minors’ access to material harmful to minors) be adopted by all schools and libraries receiving ESEA - Title III funds or LSTA state grant monies, even if they do not receive E-rate discounts for Internet access or service?

A: No. This broad Internet safety policy mandated by the Neighborhood Act applies only to schools and libraries receiving E-rate discounts. However, schools and libraries that do not receive E-rate discounts, but receive ESEA - Title III funds or LSTA state grant monies to purchase computers used to access the Internet or to pay for direct costs associated with accessing the Internet, are required to have in place "a policy of Internet safety for minors that includes the operations of a technology protection measure" that filters or blocks Internet access.

19. Q: What kind of "certification" will be required by the FCC, D. of Ed., and IMLS?

A: CIPA requires annual certification of compliance with the statute’s requirements that the covered school or library has in place the required Internet safety policy, which includes the operation of blocking or filtering technology, and is enforcing the operation of that technology during use of its computers. Additionally, schools receiving E-rate discounts (but not libraries or schools that receive LSTA or ESEA - Title III funds, but do not receive E-rate discounts) must also certify that their policy includes "monitoring the online activities of minors."

20. Q: To which agency will libraries and school be required to make this certification?

A: Certification must be made only to one agency, depending on the category into which each covered school or library falls:

  • Every school and library receiving E-rate discounts for Internet access, Internet service, or internal connections must certify compliance with CIPA to the FCC. That is the only agency to which these entities are responsible, even if they receive ESEA - Title III or LSTA (state grants) funds.
  • Schools and school libraries receiving ESEA - Title III funds for computers or accessing the Internet, but no E-rate discounts, must provide their certification to the Department of Education.
  • Libraries receiving LSTA state grant funds for computers or accessing the Internet, but no E-rate discounts, must provide their certification under Museum and Library Services.
  • A detailed specification of CIPA’s certification requirements follows:
  • Library receives E-Rate support only = Comply with E-Rate provisions only
  • Library receives LSTA support only = Comply with LSTA provisions only
  • Library receives both E-Rate and LSTA support = Comply with E-Rate provisions only
  • Library receives no support from E-Rate or LSTA = No requirements under CIPA
  • School receives E-Rate support only = Comply with E-Rate provisions only
  • School receives ESEA - TITLE III support only = Comply with ESEA - TITLE III provisions only
  • School library receives LSTA support only = Comply with LSTA provisions only
  • School receives both E-Rate and ESEA - TITLE III support = Comply with E-Rate provisions only
  • School receives no support from E-Rate, ESEA - TITLE III, or LSTA = No requirements under CIPA

21. Q: Who makes the certification if the library or school that ultimately receives the funds or E-rate discount is not the "applicant," as is the case where there are state agencies or consortia who apply for the funds from the federal agencies and pass them on to other entities?

A: We do not know the answer at this time.

22. Q: How do the agencies intend to enforce compliance with CIPA’s requirements?

A: The Act prescribes one set of compliance enforcement requirements for the universal service discounts program and another set of requirements for the programs under ESEA - TITLE III and LSTA. Entities that fail to submit the certification as required for universal service discounts will be ineligible for such discounts/fund, and entities that fail to comply with their certifications will have their discounts suspended and would be required to reimburse funds or discounts received. For ESEA - TITLE III and LSTA programs, the act contemplates that the responsible agency may withhold further payments or suspend the funding and issue a complaint to compel compliance through a cease and desist order. The CIPA allows all of the covered agencies to enter into a compliance agreement when a covered school or library "is failing to comply substantially with the requirements" of the law. However, the recovery of funds already paid to the recipients of ESEA - TITLE III and LSTA program monies is specifically prohibited. Any withholding of funds must be subject to traditional due process considerations applicable to federal beneficiaries.

23. Q: If a school or library certifies that it is in compliance, how would the responsible agency determine otherwise?

A: If the school or library has in place an Internet safety policy that involves use of any blocking or filtering technology, and if it certifies that it is enforcing the operation of that technology, then noncompliance could be determined if the responsible agency receives a complaint and through investigation concludes that the certification was inaccurate or false. Otherwise, the failure to certify would constitute the most likely ground for noncompliance.

EXCEPTIONS AND WAIVERS

There are some instances where schools and libraries can disable the filtering technology. Specifically, an administrator, supervisor, or person authorized by the responsible authority [i.e. school, school board, local educational agency, or other authority with responsibility for administration of such school] may disable the technology protection measure concerned to enable access for bona fide research or other lawful purposes.

**The Consortium for School Networking (CoSN) compliance document on the Children's Internet Protection Act is now available for download on the CoSN's web site at www.cosn.org. This 13-page document, which provides details on requirements of schools and libraries to comply with the Act, is available at no charge.