Who is Responsible for CIPA Compliance?
First, let’s get something straight: CIPA compliance is a prerequisite for receiving E-Rate funding discounts to pay for communications services like internet connections and (for now) Voice Services. If you are not asking for E-Rate, then CIPA does not apply to you. Period.
The reason for this is that it is a violation of First Amendment rights to mandate filtering of online materials across the board wherever a minor under the age of 17 may be using the internet at a public institution. Proponents of CIPA had tried and failed to pass similar legislation due to the potential restrictions on free speech. Linking the Children’s Internet Protection Act to funding eligibility frees the Act to set requirements that are otherwise unconstitutional.
CIPA Doesn’t Apply To These Situations And Institutions Either
Telecommunications for Schools and Libraries do not have to be compliant. In this case, the definition of a “minor” is a person under the age of 17. Additionally, as of 2012, public libraries do not need to follow CIPA guidelines, as doing so poses a threat to the free exercise of First Amendment rights by majority age internet users.
E-Rate discounts can be between 20-90% off of services and products related to using and maintaining internet services. The Universal Services Agency Company (USAC) processes all E-Rate requests and submissions. Their website outlines how and when to apply, as well as providing a training schedule for applicants and service providers.
Every year the FCC’s Eligible Services List is updated and available before the Form 471 filing window opens.
The Universal Service Administrative Company has been contracted by the FCC to manage all E-Rate Applications. School or library Administrative Authorities certify their institution’s enforcement of an internet safety policy that includes mechanisms that block or filter internet access to objectionable materials.
Administrative Authority Responsibilities:
1) Ensure compliance with the requirements of CIPA;
2) Certify actions undertaken in order to bring the school or library into compliance. For example, any necessary procurement procedures to comply with the requirements of CIPA; or
3) Waive CIPA requirements as the authority has determined that CIPA does not apply because the school is receiving discounts for telecommunications services only.
CIPA Requirements (excerpted from the application section of usac.org)
1. Internet Safety Policy
Schools and libraries are required to adopt and enforce an internet safety policy that includes a technology protection measure that protects against access by adults and minors to visual depictions that are obscene, child pornography, or – with respect to use of computers with internet access by minors – harmful to minors. “Minor” is defined as any individual who is under the age of 17.
2. Technology Protection Measure
A technology protection measure is a specific technology that blocks or filters internet access.
The school or library must enforce the operation of the technology protection measure during the use of its computers with Internet access, although an administrator, supervisor, or other person authorized by the authority with responsibility for administration of the school or library may disable the technology protection measure during use by an adult to enable access for bona fide research or other lawful purposes. For example, a library that uses internet filtering software can set up a process for disabling that software upon request of an adult user through use of a sign-in page where an adult user can affirm that he or she intends to use the computer for bona fide research or other lawful purposes.
CIPA uses the federal criminal definitions for obscenity and child pornography.
Decisions about what matter is inappropriate for minors are made by the local community. E-rate Program rules specify that “[a] determination regarding matter inappropriate for minors shall be made by the school board, local educational agency, library, or other authority responsible for making the determination.”
3. Public Notice and Hearing or Meeting
The authority with responsibility for administration of the school or library must provide reasonable public notice and hold at least one public hearing or meeting to address a proposed technology protection measure and Internet safety policy. For private schools, public notice means notice to their appropriate constituent group.
Additional meetings are not necessary – even if the policy is amended – unless those meetings are required by state or local rules or the policy itself.
Harmful to minors: Defined as “any picture, image, graphic image file, or other visual depiction that – (i) taken as a whole and with respect to minors, appeals to a prurient interest in nudity, sex, or excretion; (ii) depicts, describes, or represents, in a patently offensive way with respect to what is suitable for minors, an actual or simulated sexual act or sexual contact, actual or simulated normal or perverted sexual acts, or a lewd exhibition of the genitals; and (iii) taken as a whole, lacks serious literary, artistic, political, or scientific value as to minors.”
Administrative Authority: The entity that must make the relevant certification for the purposes of CIPA.
Potential School Administrative Authorities
- school board
- school district
- local educational agency
- other authority responsible for athe dministration of a school
Potential Library Administrative Authorities
- library board
- other authority with responsibility for administration of the library
New For 2019
As of FY2019, Voice Services will no longer be eligible. That means any voice service, including VoIP, voicemail, and hard lines.
While the CIPA requirements make intuitive sense, the E-Rate process requires attention to detail. Applicants and service providers must wade hip-deep in bureaucratic alphabet soup. The reading is dull while at times being confusing. Consider hiring a temporary worker or contractor, or temporarily re-assigning a staff-person to the task in that first funding year at least. While the potential to get 90% off of services is clearly worth it, the amount of time and effort requires planning.