CIPA: 10 Years Later, There is Still Confusion
10/25/2013 By: Andrew Wallace
This year marks the 10th anniversary
of the landmark Supreme Court
decision to uphold the Child Internet
Protection Act (CIPA) law. Despite
considerable efforts by the people
responsible for enforcing CIPA
(E-Rate/USAC and the FCC), there remains
confusion among those required to interpret or
The concern is understandable. School
communities are worried that if they are not
compliant with the CIPA law, they may lose much
needed e-rate dollars. But the reality is, CIPA is
not a “filtering law.” If understood
properly, it can help guide an
articulated policy of Internet
safety and digital education in
The overarching law that governs what and how we filter--and what is at stake if we do not--can be broken down into three major components:
1. The Child Internet Protection Act of 2000, which deals primarily with blocking specific categories of Internet-accessed images;
2. The Neighborhood Child Internet Protection Act of 2001, which calls on school districts and their communities to develop an Internet safety policy around Web content and online communication, and;
3. The Protecting Children in the 21st Century Act of 2008, which amended the Internet safety policy to include “educating minors about appropriate online behavior, including interacting with other individuals on social networking Websites and in chat rooms and cyber-bullying awareness and response.”
Collectively, these three Acts comprise the law we commonly refer to as CIPA. Taken together, they spell out the requirements for school districts that wish to receive federal funds through the E-Rate program.
CIPA Fact 1: A
Filter is required
In order to comply with CIPA on
the most basic level, the school
district must employ a device or
software—not human supervision
or educational efforts alone—to
block three specific things:
■ Child pornography
■ Obscene images
■ Visual depictions that are
harmful to minors
The FCC defines the
term “technology protection
measures” as a filtering device
or software. The law is clear that “technology
protection measures” must be applied to all
Internet-connected computers on the school
network regardless of who uses the computer.
CIPA Fact 2: Public Input is
What is filtered or permitted should be a
reflection of the values of your school district
and community. CIPA requires public notice
of a meeting during which the school district
will officially consider or adopt your Internet
safety plan. Your plan must address the following
■ Online access to inappropriate matter
and content that is harmful to minors
■ Unethical or illegal use of the Internet
(e.g., hacking or identity fraud)
■ Safety of minors using electronic
communication (e.g., chat, IM, or email)
When discussing this agenda alongside the broader goals and initiatives of your schools, discuss how to maximize the district’s technology investment rather than limiting it. For example, how can 21st century tools like social media be used safely in your district?
CIPA Fact 3: CIPA requires
Internet Safety Education
A good source for administrators looking
for straightforward ways to comply
with the education mandates of CIPA is
CommonSenseMedia.org. Their free, step-by-
step toolkit creates the framework, as well
as practical guides and lessons for teachers, to
implement the Internet safety requirements.
Rather than burden one department each year (though the lessons are linked to ELA Common Core State Standards), the benchmark model fits nicely within a wellness curriculum with its focus on healthy online relationships. Bringing in guidance counselors to help deliver the ready-made content can lead to better conversations around how student’s digital footprint effects her college and career prospects. If available, social workers are a natural fit for the cyber-bullying exercises. A team approach underscores that this topic is of school wide importance and not just the purview of the tech department.
CIPA Fact 4: Monitoring of
Internet Use is required
CIPA states clearly that monitoring does not mean “tracking of Internet usage by any identifiable minor or adult user.” Increasingly school districts are embracing the “Trust but Verify” model. Students are expected to comply with the Acceptable Use portion of the CIPA required Internet Safety Policy, and adults respond to activity that they find in violation of the AUP.
While not required, software can facilitate this process for school administrators and IT staff. With the explosion of 1:1 and BYOD, there is valuable data that can be mined to bolster community support for your technology initiatives. Imagine sharing the thousands of hours students are logging on Khan Academy or other education sites? Students instinctively move away from adult infiltrated social media or communication tool. Want to know what the next Twitter will be? Look over your Web traffic logs, and use that data to inform your CIPA required Internet safety programs.
Monitoring Student Communication
Even when faced with the tangible benefits of tools like Google Apps for Education, it is natural for tech directors and principals to worry about more monitoring and scale back on tools with open communication and collaboration features. Instead, consider entrusting parents with their children’s password as a way to ease the burden from IT. For peace of mind and legal recourse, email archiving and indexing services are available. Commercial products like Gaggle can more proactively monitor and report on student communication with safety and education in mind.
We cannot let the monumental task of monitoring derail the legitimate need for our students to be active collaborators, creators, and communicators online. Whether it is by a software solution, or staff and parent supervision, the monitoring requirement of CIPA is achievable if we share the load.
Finding a Solution
A common criticism of filtering packages is that vendors don’t reveal their block lists or determination methods, allowing an outside entity to define your community standards. Schools do not need to abdicate local control, however, and should try and find a filter that meets basic CIPA compliance out of the box, but also has granular control so that the filter can reflect community standards.
Relying too heavily on the IT department to manage block lists often creates response time delays and will lead users to avoid using the school network or devices and resort to slower but unfiltered options such as smartphones or mobile hotspots. It is legal for filters to have teacher-created “safe zones” or for teachers to temporarily override the filter for students when a site is inadvertently blocked. This empowers teachers to provide just-in-time access to learning, as well as saves time and effort from the IT staff.
Beware of Overblocking
In an effort to guarantee CIPA compliance, some schools turn on all filtering categories. Overblocking, not underblocking, is what leads to legal challenges to your Internet Safety Policy, usually on First Amendment grounds. Be certain you understand what each filter category means and contains. While almost no content filter vendor could reasonably be expected to hand you their block lists, any worth considering should be comfortable discussing the general approach they employ, and the types of sites that will be filtered based on their sub categories. Filters have come a long way since the inception of CIPA, and it is fair that schools expect more nuance, control, and transparency from their solutions.
Particular attention should be paid to what some filters determine as “lifestyle” groups, which can block constitutionally protected information for some of our most at-risk students who are seeking legitimate information, support and community online. It is important to customize your “blocked” splash-screen to remove any implied stigma a student feels while attempting to access a blocked site. Give students options to request an override in a safe and anonymous fashion. Use the splash-screen as an opportunity to educate people about CIPA, and as a conversation starter--not a dead end.
The $20,000 Question: Will CIPA Require
for 1:1 Programs?
The FCC recently ended the
public comment period on
this extremely thorny topic.
School leaders must pay careful
attention to the anticipated 2014
announcement of their ruling,
as providing home filtering will
present considerable financial
and technical challenges. Making
home filtering a success will
require parent and student buy-in—otherwise
they will opt-out, circumvent, or abandon the
valuable tools the districts are providing them.
Yes, Federal e-rate money comes with strings
and requirements attached, in the form of CIPA
compliance. Yet when you break down the law
into what is absolutely required of schools,
the law can serve as a catalyst for some of our
basic goals: namely, keeping our students safe
when they are with us, and educating them to be
responsible users of the open Internet when they
are not within our walled gardens.
Andrew Wallace is the Director of Technology
in the South Portland School Department in
Portland, ME. Follow @andrewtwallace
Quick Facts: CIPA Requirements in a Nutshell
School Districts must:
• Use a “technology protection measure” to block images that are: child pornography, obscene, or harmful to minors.
• Determine, with community input what content (visual or written) is inappropriate for minors.
• Adopt an Internet safety policy that applies to both students and staff.
• Teach students how interact on email, social networking sites, and in chat rooms.
• Deliver instruction with a focus on cyberbullying.
• Monitor in school use of the Internet.