Frequently Asked Questions on the Children's Internet Protection Act (CIPA)
General
Q: What is CIPA and what does it require?
Q: Do I need to comply with CIPA in order to receive E-Rate funds?
Q: Will my E-Rate discounts apply to filtering software, hardware, and maintenance?
Q: Can I get an E-Rate discount if my ISP provides filtered access?
Timeline Requirements
Q: When do CIPA E-Rate requirements begin?
Q: What do I need to do to comply with CIPA and get Program Year 4 funds?
Q: When do I need to certify my compliance with CIPA?
Q: Do I have until October to certify if I start receiving funds in July?
Q: Will the CIPA requirements remain the same for Program Year 5?
Certification Requirements
Q: How do I certify compliance with CIPA?
Q: Does a school or library have to certify that the filtering or blocking technology is meeting the specific CIPA requirements?
Q: I am part of a consortium. What does a consortium need to do in order to comply with CIPA?
Q: In a state network or consortia setting, who is responsible for making sure that the schools and libraries are filtering or blocking covered material?
Technology Requirements
Q: CIPA requires the use of "technology protection measures" - isn't that more broad than filtering or blocking software?
Q: What filtering or blocking technology meets the CIPA requirements?
Q: Must schools and libraries install filtering or blocking technology on computers that are not used by children or other members of the public?
Q: What happens if, despite the filters, students are able to access materials restricted under CIPA?
Q: Do we have to keep records to show how well the technology is working?
Q: Is my school liable if our filters don't block access to materials others find objectionable?
Q: Under what circumstances can filters be disabled?
Monitoring Requirements
Q: What constitutes "monitoring" student Internet use in school?
"Internet Safety Policy" Requirements
Q: What is the difference between an Acceptable Use Policy and an Internet Safety Policy?
Q: What does a school "Internet Safety Policy" need to contain?
Q: Does the Internet Safety Policy have to address all these topics in a particular manner?
Q: I am not sure what some of the Internet Safety Policy requirements mean. Did the FCC provide definitions?
Public Meeting Requirements
Q: What kind of public meeting or hearing do I need to have to comply with CIPA?
Q: Do private schools need to have public meetings or hearings?
Additional Questions
Q: Is CIPA the same as the CHIP Act, CHIPA, and N-CIPA?
Q: What's the difference between CIPA, COPPA, COPA, and the CDA?
General
Q: What is CIPA and what does it require?
A: The Children's Internet Protection Act, commonly known as CIPA or the CHIP
Act, mandates that schools and libraries receiving E-Rate discounts for "Internet access,
Internet services, or internal connections," or education technology grants like STAR
Schools or Technology Innovation Challenge Grants under the Department of Education or
Library Services and Technology Act funds, put into place Internet safety policies that
include installation and use of Internet filtering software or services preventing access
to "visual depictions" of material that is obscene, child pornography, and, when minors
are using the computer, material that is harmful to minors. Schools must also monitor
student Internet use, and E-Rate recipients must implement detailed Internet Safety Policies.
Q: Do I need to comply with CIPA in order to receive E-Rate funds?
A: All entities receiving discounts on Internet access and internal connections
will need to comply with CIPA. Entities receiving E-Rate funding only for services
classified as "telecommunications" services do not need to comply with CIPA.
Q: Will my E-Rate discounts apply to filtering software, hardware, and maintenance?
A: No. E-Rate discounts cannot be used for any services or hardware other than
internal connections, telecommunications, and Internet access. Filtering technologies
and services not eligible.
Q: Can I get an E-Rate discount if my ISP provides filtered access?
A: You can only get E-Rate discounts for Internet access; filtering would be
considered an Internet service, which is not eligible. However, if filtering is
bundled with your Internet access, you may be able to get a partial discount,
covering only the Internet access portion of the service. For more details,
see the Schools and Libraries Division's FAQ on cost allocation:
www.sl.universalservice.org/reference/costallocationguide.asp
Timeline Requirements
Q: When do CIPA E-Rate requirements begin?
A: CIPA E-Rate requirements begin with Program Year 4, which begins July 1, 2001.
If you receive E-Rate funding with a later Year 4 Service Start Date, CIPA's requirements
begin with your Service Start Date.
Q: What do I need to do to comply with CIPA and get Program Year 4 funds?
A: You must at least have "undertaken action" towards compliance with CIPA - meaning
that you must begin taking serious steps towards compliance either by October 28, 2001, or
if you have not yet received your Funding Commitment Decision Letter, within 120 days of
receiving it. You will need to certify the status of your CIPA compliance to USAC on Form
486. If you are a member of a consortia, you will need to file a statement about that
status to the billed entity in the consortia on a new form 479. During Program Year 4,
that certification or statement may be one of three things: 1) That your school is
compliant with the requirements of CIPA; 2) That your school is taking steps towards
compliance with CIPA and expects to be compliant by Funding Year 5; or 3) That your
school receives only telecommunications services through the E-Rate program and is
thus not subject to the requirements of CIPA.
Q: When do I need to certify my compliance with CIPA?
A: Under the current rules, you must certify your CIPA compliance by October 28,
2001. However, that's a Sunday and the FCC has indicated that certifications postmarked
Monday will be treated as having missed the deadline, so the effective deadline is Saturday,
October 27. Remember also that E-Rate funding will not begin to flow until you have
certified compliance with CIPA.
Q: Do I have until October to certify if I start receiving funds in July?
A: Yes, but there's a catch. The funds will not begin to flow until after the
certification is completed. Funding will be retroactive to the time when you began
receiving the service if you were taking steps towards becoming CIPA compliant during
any time for which you are requesting funds.
Q: Will the CIPA requirements remain the same for Program Year 5?
A: The substantive requirements will most likely remain the same. The procedures
are likely to change. Schools that applied for and received funding for Program Year 4
will not have until October to certify compliance during Program Year 5. The FCC has
indicated that for Program Year 5 and beyond, it will continue using Form 486 for
certification of CIPA compliance. That form is technically due within ten days of
the start of the E-Rate funded service, although the deadline has not been strictly enforced.
Certification Requirements
Q: How do I certify compliance with CIPA?
A: A new certification will be included on the Form 486. This certification will
allow applicants to state that they are either in compliance with the requirements of CIPA
or are working to become compliant. Some waivers will be available for schools limited by
local procurement laws. By Funding Year 6 (approximately 2 years from now), all applicants
receiving internal connections and/or Internet access discounts will need to comply with CIPA.
Q: Does a school or library have to certify that the filtering or blocking technology is meeting the specific CIPA requirements?
A: No. Schools and libraries must certify that they are in compliance or working
on becoming compliant with CIPA, but they don't have to certify as to the precision of the
software they have selected. However, if a school or library knowingly fails to comply
with CIPA, it loses eligibility and risks having to repay E-Rate funds that have already
been paid.
Q: I am part of a consortium. What does a consortium need to do in order to comply with CIPA?
A: The compliance process for consortia is somewhat more complicated that the
compliance process for other applicants. Within a consortium, all entities receiving
internal connections or Internet access must fill out the new Form 479. The lead member
of the consortium is responsible for collecting these and certifying on behalf of all
the members of the consortium.
Q: In a state network or consortia setting, who is responsible for making sure that the schools and libraries are filtering or blocking covered material?
A: The answer to this question is not clear. The FCC and USAC have made it very
clear that they consider the question of "what technology protection measure" is selected
to be a local decision. Ultimately, if a school or school district certifies that it is
compliant with CIPA or that it is undertaking actions to become compliant and will be
compliant by E-Rate Year 5, the "administrative authority" making that certification has
made a legal claim about that compliance status - and they should be prepared to back
up that statement.
Technology Requirements
Q: CIPA requires the use of "technology protection measures" - isn't that more broad than filtering or blocking software?
A: No. Under CIPA, a "technology protection measure" is defined as "… a specific
technology that blocks or filters Internet access to visual depictions that are:
- obscene, as that term is defined in section 1460 of title 18, United States Code;
- child pornography, as that term is defined in 2256 of title 18, United States Code; or
- harmful to minors."
This could include filtered Internet access through the Internet service provider,
restricting users to a web browser such as LYNX, which only permits text-based Internet
browsing, or using a client-side or server-side Internet filtering software program.
Q: What filtering or blocking technology meets the CIPA requirements?
A: The FCC made it very clear that the technology selection is a local matter, not
something it will review or micromanage. Each local school or library authority may select
the filtering or blocking technology of its choice, so long as it blocks visual depictions
that are obscene, child pornography, or harmful to minors.
Q: Must schools and libraries install filtering or blocking technology on computers that are not used by children or other members of the public?
A: Yes. All computers with Internet access must be filtered if a school or library
is covered by CIPA. This includes administrative computers and school district computers
that teachers or administrators use from home.
Q: What happens if, despite the filters, students are able to access materials restricted under CIPA?
A: The FCC does not require that the filtering software schools and libraries select
be foolproof. Schools and libraries are required to engage in a good faith effort to abide
by the requirements of CIPA. Although it is not required, it is a good idea to review the
accuracy of the product you select and upgrade if necessary on a regular basis.
Q: Do we have to keep records to show how well the technology is working?
A: No. Although several groups asked the FCC to require schools and libraries to
keep web logs and make them available to the public, the FCC did not do so. The FCC
indicated that such a request goes beyond what CIPA requires. A local district, however,
may choose to keep logs or otherwise trace the effectiveness of its software.
Q: Is my school liable if our filters don't block access to materials others find objectionable?
A: CIPA does not create a "private right of action," meaning that if an individual
comes in to a school and finds objectionable material on a computer subject to the CIPA
requirements, he or she cannot file a lawsuit complaining that the school violated CIPA.
The person can complain to the FCC or USAC, which may investigate the school's compliance.
The most severe penalties available under CIPA involve requiring a school that has
knowingly violated the CIPA requirements to repay the E-Rate funding received while
the school was out of compliance. In addition, there may be state or local laws
that apply, depending on the circumstances. This is a question best answered in
consultation with the school's attorney.
Q: Under what circumstances can filters be disabled?
A: If a school receives E-Rate support for Internet access or internal connections,
the filters cannot be disabled when minors are using the computers. For example, if a
school uses Bess, the time-limited password disabling feature can not be used when a
minor is using the computer. If a site is inappropriately blocked, educators must work
with the network manager, technology director and/or the provider of the filtering
software to have it unblocked. When adults are doing "bona fide research," filters
may be disabled on the spot.
If a school receives Department of Education educational technology grants, but not
E-Rate funding, the filters may be disabled for anyone conducting "bona fide research,"
not only adults.
Monitoring Requirements
Q: What constitutes "monitoring" student Internet use in school?
A: The FCC declined to further explain the requirement that student Internet use be
monitored, reserving that for local authorities. That means that 'monitoring software' is
not required, although it clearly remains one option schools may consider.
"Internet Safety Policy" Requirements
Q: What is the difference between an Acceptable Use Policy and an Internet Safety Policy?
A: They're essentially different terms for the same thing. However, you need to make sure that
the school's Acceptable Use Policy addresses all of the specific topics outlined in CIPA, and
that it was adopted with at least one open meeting or hearing. If you have covered all the
substantive areas and held a public meeting on your policy, you don't need to do it again.
Otherwise, you need to revise the policy and subject it to public review in order to meet
the Internet Safety Policy requirements of CIPA.
Q: What does a school "Internet Safety Policy" need to contain?
A: A school Internet Safety Policy must address the following issues:
- Access by minors to inappropriate material on the Internet and World Wide Web;
- The safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications (e.g. Instant Messaging services);
- Unauthorized access, including so-called 'hacking' and other unlawful activities by minors online;
- Unauthorized disclosure, use, and dissemination of personal identification information regarding minors; and
- Measures designed to restrict minors' access to materials harmful to minors;
It must also require the selection and use of filtering or blocking technology.
Q: Does the Internet Safety Policy have to address all these topics in a particular manner?
A: No. As long as you address all of the topics required by CIPA, the FCC considers the
content of the Internet Safety Policy to be a local decision. You do not even have to provide
the FCC with a copy of the Internet Safety Policy when you file your certification that you
are compliant with CIPA.
Q: I am not sure what some of the Internet Safety Policy requirements mean. Did the FCC provide definitions?
A: No. It's up to you interpret the requirements. But there are resources that can
help. The first place to look is CoSN's Safeguarding the Wired Schoolhouse web site:
www.safewiredschools.org.
It includes a checklist for decision makers about how to manage Internet content in schools.
Schools may want to examine CIPA's rules and the CoSN checklist with their lawyers, to make
sure that your policy also complies with local laws that may address similar issues.
Public Meeting Requirements
Q: What kind of public meeting or hearing do I need to have to comply with CIPA?
A: It depends. Public schools and libraries need to make sure that any public meeting
they have on this issue follows local or state law related generally to public meetings.
Otherwise, the structure and agenda of the meeting is up to you. In most cases, the school
board or the library trustees will be responsible for holding the meeting, but the state
department of public instruction or state library agency may also be responsible. Contact
your local school or library board, or your school or library attorney, to determine the
appropriate answer for your situation.
Q: Do private schools need to have public meetings or hearings?
A: Yes. Private schools must hold public meetings to create Internet Safety Policies.
Private schools may want to consult with counsel to decide how to interpret the requirements
in the context of a private institution.
Additional Questions
Q: Is CIPA the same as the CHIP Act, CHIPA, and N-CIPA?
A: These acronyms all refer to the Children's Internet Protection Act. N-CIPA
specifically refers to the "Internet Safety Policy" section, which applies only to the
E-Rate. This document will refer to the Children's Internet Protection Act as "CIPA."
Q: What's the difference between CIPA, COPPA, COPA, and the CDA?
A: CIPA is the Children's Internet Protection Act, and was passed in late 2000.
It requires schools and libraries receiving certain types of federal funding to filter
or block Internet access to "visual depictions" of material that is obscene, child
pornography, and when minors are using the computer, material that is harmful to minors.
COPPA is the Children's Online Privacy Protection Act, and was passed in 1998. It
requires commercial Web sites oriented to minors to get parental permission to collect
personally identifiable information from children under age 13.
COPA is the Children's Online Protection Act, and was passed in 1997. It prohibited
commercial Web sites from providing "harmful to minors" content to minors. COPA was
found unconstitutional by the 3rd Circuit Court of Appeals. The Supreme Court is
expected to review that decision shortly.
CDA is the Communications Decency Act, which passed as part of the 1996 Telecommunications
Deregulation Act. The CDA prohibited "indecent" communication over the Internet. It was
found unconstitutional by a unanimous Supreme Court in 1997.
©2003 Consortium for School Networking. All rights reserved.
|
