Congress Passes New Federal Filtering Requirements
Message Posted January 31, 2001
Summary/Q & A Listed
Comments and Questions Due to FCC by February 15
SUMMARY
Before the last session ended, Congress passed the "Children's Internet Protection Act," known at CIPA or CHIP and the Neighborhood Protection Act.
These Acts are almost identical, and basically REQUIRE that schools and libraries receiving E-rate, TLCF and/or LSTA funds have "in place a)
1) 'Policy of Internet safety' that must include the 2) Operation of a 'technology protection measure' with respect to any of its computers with Internet access that protects against access through such computers to visual depictions that are: obscene, child pornographic, harmful to minors; and that the school/district "is enforcing the operation of such technology protection measures during any use of such computers."
Copy of CIPA Law: http://www.ala.org/cipa/Law.PDF
The Act defines a 'technology protection measure' as "a specific technology that blocks or filters Internet access to visual depictions that are
obscene, child pornographic, or harmful to minors." By "specific technology", the Act does not specify brand names, types of technologies, etc. etc., but clearly, the intent is a software and/or hardware component of the computer and/or network that will block the objectionable content.
Specifically, the difference between the two Acts is that Neighborhood Act says that the Internet safety policy must also address (1) email, chat
rooms, etc., (2) hacking, (3) unauthorized disclosure, use or dissemination of personal information about minors AND it also requires a public hearing
or meeting about the proposed Internet policy. CIPA is concerned solely with visual depictions and specifies technology protection measure (a.k.a.,
filters).
TIMING AND APPLICABILITY
For schools and libraries that currently have a "policy of Internet safety" (i.e. an Acceptable Use Policy) AND have a "technology protection measure"
(i.e. filtering software and/or hardware system) in place, they will self-certify in their Year 4 Form 486's (in the June 2001 timeframe) that they have a system in place. Every year, schools and libraries will re-certify their continuing compliance with the legislation as part of their E-Rate applications and Forms (although it's being debated whether the certification should be part of the 486 or 471 certifications).
For schools and libraries that currently DO NOT have BOTH a "policy of Internet safety" AND a "technology protection measure" -- and will not have
one in place by July, 2001 -- the school or library shall certify that "it is undertaking such actions, including any necessary procurement procedures,
to put in place an Internet safety policy (and "technology protection measure") that meets such requirements;" The school or library then has
until the next program year (July, 2002) to comply. If they do not comply by the July 2002 Program Year, E-Rate funds will not be disbursed.
ELIGIBLE FUNDS
As of today, the Act DOES NOT allow E-Rate funds to be used for the purpose of acquiring the "technology protection measures" and it is doubtful that
the FCC will change the rules to make such software eligible.
EXCEPTIONS AND WAIVERS
There are some instances where schools and libraries can disable the filtering technology. Specifically, "an administrator, supervisor, or
person authorized by the responsible authority [i.e. school, school board, local educational agency, or other authority with responsibility for
administration of such school] may disable the technology protection measure concerned to enable access for bona fide research or other lawful purposes."
FCC REQUESTING COMMENT ON IMPLEMENTATION OF NEW LAW
Because it appears that implementation of the certifications behind the new law will fall under the FCC, they have opened a very brief Notice of
Proposed Rule Making, asking for comments from any interested party. If you are interested in making specific comments to the FCC, or would like to
raise questions you feel need to be addressed, you have until February 15 to do so. Specific instructions and topics they would especially like to see
addressed are located at: http://www.ala.org/cipa/FCCRulemaking.pdf.
It's easy to submit comments via e-mail by going to:
http://www.fcc.gov/e-file/ecfs.html and select either 'Send a File or 'Brief Comment Using Your Internet Browser' or 'Send a Comment Using Your E-Mail'
and fill in the form. You must enter 96-45 in Proceeding box. To view comments that already have been submitted from other parties, go to:
https://haifoss.fcc.gov/cgi-bin/ws.exe/prod/ecfs/comsrch_v2.hts. Type 96-45 in the "Proceeding" box and click "retrieve document list" and leave
everything else blank.
*** Questions and Answers ***
Although the law was signed on December, most parties are still trying to piece together all of the information and requirements. Below is an excerpt
from a comprehensive piece done by the ALA. It's rather long, but contains good answers to very specific questions.
1) Q: Do CIPA and the Neighborhood Act cover the same ground? What is the relationship between the two different "acts"?
A: CIPA and the Neighborhood Act cover different ground and are not in conflict. Both acts comprising the new law set forth requirements concerning
the "protection" of minors from certain materials. The CIPA requires the filtering or blocking of certain visual depictions and requires schools and libraries to adopt and implement an Internet safety policy and operate "technology protection measures" (blocking and filtering) if they receive--
* E-rate discounts for Internet access, Internet service, or internal connections;
* Funds under title III of ESEA to purchase computers used to access the Internet or to pay the direct costs associated with accessing the
Internet; or
* Funds under the state grant programs of LSTA to purchase computers used to access the Internet or to pay the direct costs associated with
accessing the Internet The Neighborhood Act covers a broader range of content and certain prohibited activities, pertains to the universal service discounts only, and requires schools and libraries to adopt and implement an Internet safety policy - essentially an "acceptable use" policy - addressing various specific issues and to do so with local participation. One of a number of elements of the Internet safety policy is the use of blocking or filtering
technology (referred to in the legislation as a "technology protection measure." (The specific requirements relating to blocking or filtering
technology and the timing and procedures for certifying their use are contained in the CIPA.)
2) Q: Three agencies - the Federal Communications Commission (FCC), the Department of Education (D. of Ed.), and the Institute of Museum and Library Services (IMLS) - have responsibilities under this new law. Will my library need to make multiple certifications to multiple agencies?
A: No. Covered schools and libraries are required to file only one certification with one agency to avoid conflicting or duplicative requirements, among the three federal agencies involved.
* Every library and school receiving E-rate discounts for Internet access, Internet service, or internal connections must comply with the new
amendments to section 254 of the Communications Act (as added by sections 1721 and 1732 of the new statute) and certify compliance with Children's
Internet Protection Act to the FCC. That is the only agency to which these entities are responsible, even if they receive Elementary and Secondary
Education Act (ESEA) title III or Library Services and Technology Act (LSTA) (state grants) funds.
* Schools and school libraries receiving ESEA title III funds for computers or accessing the Internet, but no E-rate discounts, must provide
their certification to the Department of Education.
* Libraries receiving LSTA state grant funds for computers or accessing the Internet, but no E-rate discounts, must provide their
certification under Museum and Library Services Act.
3) Q: My school or library does not receive E-rate discounts. Will CIPA (or the Neighborhood Act) apply if we receive an LSTA or TLCF grant that is for
activities other than purchasing computers for accessing the Internet or for other Internet access costs?
A: No, the requirements of CIPA are specifically tied to use of LSTA/TLCF funds "to purchase computers used to access the Internet, or to pay for
direct costs associated with accessing the Internet." If no LSTA/TLCF funds are received by the school or library, or if those received are used for
purposes other than those quoted, then CIPA simply does not apply. (The Neighborhood Act applies only to E-rate recipients.)
4) Q: Does this new law apply if a library or school is not a direct recipient of federal funds, but only an indirect recipient of those funds
through a state intermediary program?
A: Yes, the law applies in all of the programs to direct and indirect recipients of federal funds under the programs specified. For example, since
the law states that "no funds made available" through LSTA or ESEA may be used to purchase computers or pay for Internet access, it does not matter
whether the funds go directly to the school or library or through an intermediary.
5) Q: Does the new law apply to libraries that do not have children's collections or programs, or one located in a retirement community?
A: Yes, in each instance. Under the plain language of the statute, libraries must have safety policies that include the operation of blocking or
filtering technology "with respect to any . . . computers with Internet access that protects against [even theoretical] access through such
computers to visual depictions that are . . . obscene," etc. The statute requires that libraries receiving E-rate discounts or LSTA or ESEA funds for
computers or Internet access adopt a policy for minors and adults that includes blocking or filtering technology, even if minors are unlikely to
use their computers.
6) Q: Is there any provision in the statute for exempting libraries whose computers will not be used by minors, or for exempting computers that are
not available to the public?
A: No. None is provided in the statute. It is possible that the agencies administering the new law could create exceptions or exemptions in their
regulations or guidelines.
"TECHNOLOGY PROTECTION MEASURE"; DISABLING
7) Q: What is a "technology protection measure"?
A: The law defines a "technology protection measure" as "a specific technology that blocks or filters Internet access to visual depictions that
are-(A) obscene . . .; (B) child pornography . . .; or (C) harmful to minors . . ." Although the law clearly requires the use of filtering or blocking
technology, it does not require the use of specific filtering software or services. Instead, CIPA requires schools or libraries covered by the new
requirements to certify that they are using technology that blocks or filters access to visual depictions of the type specified in the
legislation.
8) Q: The new law appears to require only use of technology protection measures that block or filter Internet access to "visual depictions"; does
that mean that I do not need to take steps to block or filter text, whatever the content?
A: Yes. CIPA requires only that covered schools and libraries block or filter "Internet access to visual depictions . . . ." Therefore, the
blocking or filtering technology need not affect text, whatever the content, and setting a browser to "text only" would satisfy this requirement.
9) Q: What kind of "visual depictions" must be blocked or filtered?
A: For adults, the recipient of funds must block or filter access to visual
depictions that are obscene (as defined by the federal obscenity statute, 18 U.S.C. ' 1460 et seq.) and child pornography (as defined by 18 U.S.C. '
2256). For minors, the recipient of funds must block or filter visual depictions that are obscene and child pornography, as well as visual
depictions that are "harmful to minors."
10) Q: What is "obscenity"?
A: The federal obscenity statute cited in CIPA does not itself contain an express definition of obscenity. However, the Supreme Court (in Miller v.
California, 413 U.S. 15 (1973)) has established a test for obscenity that is now implicitly incorporated into the federal statute:
* (a) Whether "the average person, applying contemporary community standards," would find that the material, taken as a whole, appeals to the
prurient interest;
* (b) whether the work depicts or describes, in a patently offensive way, sexual conduct specifically defined by the applicable state or federal
law to be obscene; and
* (c) whether the work, taken as a whole, lacks serious literary, artistic, political, or scientific value.
11) Q: What is "child pornography"?
A: The federal child pornography statute, 18 U.S.C. ' 2256, defines "child pornography" as "any visual depiction" of a minor under 18 years old
engaging in "sexually explicit conduct," which includes "actual or simulated" sexual intercourse, bestiality, masturbation, sadistic or
masochistic abuse, or "lascivious exhibition of the genitals or pubic area." The statute's definition includes not only actual depictions of sexually
explicit conduct involving minors, but also images that "appear to be" minors engaging in sexually explicit conduct.
12) Q: What is "harmful to minors"?
A: The act defines "harmful to minors" as "any picture, image, graphic image file, or other visual depiction that-
* "(A) taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion;
* "(B) depicts, describes, or represents in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual
act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and
* "(C) taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors."
13) Q: What is a "minor"?
A: The act defines "minor" as an individual who has not attained the age of 17.
14) Q: Can a filter ever legally be disabled?
A: Yes, under limited circumstances. The act provides that an administrator, supervisor, or other authorized person may disable the blocking or filtering
technology "to enable access for bona fide research or other lawful purposes." If the school or library is covered by CIPA because it receives
E-rate discounts for Internet access, Internet service, or internal connections, then the blocking or filtering technology may be disabled for
research or other lawful purposes only "during use by an adult." However, if the school or library is covered only by virtue of receipt of ESEA title III
funds or LSTA state grant funds, and not through the E-rate provisions, then the blocking or filtering technology may be disabled for any user "for bona
fide research or other lawful purposes." This anomaly is not explained in the statute or its legislative history.
15) Q: What does "bona fide research" and "other lawful purposes" mean?
A: No definition or explanation is offered for these terms in the statute or its legislative history.
INTERNET SAFETY POLICY
16) Q: What is the source of the requirement that certain schools and libraries adopt an "Internet safety policy," and what must such a policy
address?
A: There are two sets of requirements for an Internet safety policy, one established by the Neighborhood Children's Internet Protection Act and one
by CIPA. The Neighborhood Act provides that libraries and schools receiving E-rate discounts for Internet access, Internet service, or internal
connections must adopt and implement an Internet safety policy that addresses the following issues:
* "(i) access by minors to inappropriate matter on the Internet and
World Wide Web;
* "(ii) the safety and security of minors when using electronic mail,
chat rooms, and other forms of direct electronic communications;
* "(iii) unauthorized access, including so-called 'hacking', and other
unlawful activities by minors online;
* "(iv) unauthorized disclosure, use, and dissemination of personal
identification information regarding minors; and
* "(v) measure designed to restrict minors' access to materials
harmful to minors."
CIPA requires that libraries and schools that receive E-rate discounts for Internet access, Internet service, or internal connections or that receive
ESEA title III or LSTA state grant funds must also, in their Internet safety policy, include the operation of blocking or filtering technology and
provide for the enforcement of the operation of such technology during use of those computers with Internet access by minors. Additionally, schools
receiving E-rate discounts (but not libraries or schools that receive LSTA or ESEA funds, but that do not receive E-rate discounts) must also certify
that their policy includes "monitoring the online activities of minors."
17) Q: What must an "Internet safety policy" adopted under the Neighborhood Act look like?
A: The statute provides no specific format. Schools and libraries will have flexibility to develop their own policies, which may correspond to a current
"acceptable use policy" - so long as they address the elements required by the law.
18) Q:Are there any procedures my library will be required to follow for the adoption and maintenance of our Internet safety policy?
A:Yes. The Neighborhood Act requires that, prior to adopting its Internet safety policy, the school or library must provide "reasonable public notice"
and "hold at least one public hearing or meeting" to address the proposed policy. After adopted, the Internet safety policy must be available to the
FCC, upon request, for review by the Commission.
19) Q:Does this mean that my library cannot use the Internet safety policy that was in place before the Neighborhood Act becomes effective, even if the
policy covers all the issues required to be addressed by the new statute?
A:The wording of the statute - requiring a public hearing or meeting "to address the proposed Internet safety policy" - would seem to suggest that
even an existing policy must be reconsidered pursuant to reasonable public notice and subject to a public hearing or meeting. If the existing policy
was originally adopted in compliance with these requirements and addresses all of the issues required, then reconsideration should not be required.
However, the FCC will have the last word on this question and has not provided any guidance on whether the agency will agree with ALA's
interpretation.
20) Q:Must the broad Internet safety policy outlined above (covering access by minors to inappropriate matter, safety and security of minors, unlawful
activities by minors, personal identification information regarding minors, and restricting minors' access to material harmful to minors) be adopted by
all schools and libraries receiving title III ESEA funds or LSTA state grant monies, even if they do not receive E-rate discounts for Internet access or
service?
A:No. This broad Internet safety policy mandated by the Neighborhood Act applies only to schools and libraries receiving E-rate discounts. However,
schools and libraries that do not receive E-rate discounts, but receive title III ESEA funds or LSTA state grant monies to purchase computers used
to access the Internet or to pay for direct costs associated with accessing the Internet, are required to have in place "a policy of Internet safety for
minors that includes the operations of a technology protection measure" that filters or blocks Internet access.
CERTIFICATION AND ENFORCEMENT
21) Q:What kind of "certification" will be required by the FCC, D. of Ed., and IMLS?
A:CIPA requires annual certification of compliance with the statute's requirements that the covered school or library has in place the required
Internet safety policy, which includes the operation of blocking or filtering technology, and is enforcing the operation of that technology
during use of its computers. Additionally, schools receiving E-rate discounts (but not libraries or schools that receive LSTA or ESEA funds, but
do not receive E-rate discounts) must also certify that their policy includes "monitoring the online activities of minors."
22) Q:To which agency will libraries and school be required to make this certification?
A:Certification must be made only to one agency, depending on the category into which each covered school or library falls:
* Every school and library receiving E-rate discounts for Internet access, Internet service, or internal connections must certify compliance
with CIPA to the FCC. That is the only agency to which these entities are responsible, even if they receive ESEA (title III) or LSTA (state grants)
funds.
* Schools and school libraries receiving ESEA title III funds for computers or accessing the Internet, but no E-rate discounts, must provide
their certification to the Department of Education.
* Libraries receiving LSTA state grant funds for computers or accessing the Internet, but no E-rate discounts, must provide their certification under Museum and Library Services.
A detailed specification of CIPA's certification requirements follows:
Library receives E-Rate support only = Comply with E-Rate provisions only
Library receives LSTA support only = Comply with LSTA provisions only
Library receives both E-Rate and LSTA support = Comply with E-Rate provisions only
Library receives no support from E-Rate or LSTA = No requirements under CIPA
School receives E-Rate support only = Comply with E-Rate provisions only
School receives ESEA support only = Comply with ESEA provisions only
School library receives LSTA support only = Comply with LSTA provisions only
School receives both E-Rate and ESEA support = Comply with E-Rate provisions only
School receives no support from E-Rate, ESEA, or LSTA = No requirements under CIPA
23) Q: Who makes the certification if the library or school that ultimately receives the funds or E-rate discount is not the "applicant," as is the case where there are state agencies or consortia who apply for the funds from the federal agencies and pass them on to other entities?
A: We do not know the answer at this time.
TIMING OF CERTIFICATION AND ENFORCEMENT
24) Q: How do the agencies intend to enforce compliance with CIPA's requirements?
A: The Act prescribes one set of compliance enforcement requirements for the universal service discounts program and another set of requirements for the programs under ESEA and LSTA. Entities that fail to submit the certification as required for universal service discounts will be ineligible for such
discounts/fund, and entities that fail to comply with their certifications will have their discounts suspended and would be required to reimburse funds
or discounts received. For ESEA and LSTA programs, the act contemplates that the responsible agency may withhold further payments or suspend the funding and issue a complaint to compel compliance through a cease and desist order.
The CIPA allows all of the covered agencies to enter into a compliance agreement when a covered school or library "is failing to comply
substantially with the requirements" of the law. However, the recovery of funds already paid to the recipients of ESEA and LSTA program monies is
specifically prohibited. Any withholding of funds must be subject to traditional due process considerations applicable to federal beneficiaries.
25) Q: If a school or library certifies that it is in compliance, how would the responsible agency determine otherwise?
A: If the school or library has in place an Internet safety policy that involves use of any blocking or filtering technology, and if it certifies
that it is enforcing the operation of that technology, then noncompliance could be determined if the responsible agency receives a complaint and
through investigation concludes that the certification was inaccurate or false. Otherwise, the failure to certify would constitute the most likely
ground for noncompliance.
Julie Tritt Schell
Executive Policy Specialist
Pennsylvania Department of Education
333 Market Street, 10th Floor
Harrisburg, PA 17126
(717) 705-4486
(717) 787-7222 - fax
jtritt@state.pa.us
| 
