Children's Internet Protection Act: Questions and Answers

When do the requirements of CIPA go in to affect?
Are all E-rate discounts affected by the CIPA ruling?
If libraries choose to continue receiving federal funds for E-rate, when must decisions be made and filters installed? Can a library's decision change?
Do all the workstations in a library need to be filtered or only those accessible by patrons?
If my library filters all workstations, must we also require an acceptable use policy (AUP)?
What is NCIPA?
Who bears the cost of installing filters? Our fiscal year runs from January 1 to December 31 and our budget does not include funding for this mandate.
When must the filtering be turned off? How are we expected to “turn off” a filter when requested by patrons?
Just how much filtering is required? Will my current filter be adequate to meet the requirements of this legislation?
How will my library's connection to the K20 Network be affected if we choose not to meet the requirements of CIPA?
How will young people be able to conduct legitimate research on topics that are blocked by filters?
Does CIPA apply to all federal funding coming to public libraries?
Do I need to inform the public that our library is filtering?
Do I need to update our library's technology plan?
If our library has previously received computer hardware or software from E-rate or LSTA funds, are we required to filter?
Within CIPA, at what age is a person considered to be an adult? Is it 17 or 18?
My library has an automated program that patrons login to using their bar code number/patron ID. The login provides access to the library catalog and the Internet. The automation system automatically places a user in filtered or unfiltered access, depending upon their profile. If an adult requests unfiltered access, must they do so on every visit to the library, or can we change it once in the profile and still be CIPA compliant?
How do we manage/administer staff computers? Will we require staff to sign anything? Will we be able to keep anonymous logins?
Who decides that a filter is CIPA compliant?
Is there any instance where staff can override filtering on a children's computer?

When do the requirements of CIPA go in to affect?

According to the FCC order, “This Order and the accompanying rules shall be effective upon the later of publication in the Federal Register, approval of the revised FCC Forms 486 and 479, or the effective date of the Supreme Court decision.” As of August 1, 2003, neither the publication of the revised forms nor publication of this order in the Federal Register have occurred.

Are all E-rate discounts affected by the CIPA ruling?

No. E-rate discounts are divided into three distinct groups of services. Only “Internet access” and “internal connections” are subject to CIPA. “Telecommunications”, which may include telephone service and data circuits is specifically excluded from CIPA's restrictions. For a comprehensive list of eligible services in each category, examine the Universal Service Administration Company (USAC) Schools and Libraries Division's Eligible Services List or contact Library Development.

If libraries choose to continue receiving federal funds for E-rate, when must decisions be made and filters installed? Can a library's decision change?

The FCC notes that it would be “unrealistic” to expect libraries to be fully CIPA compliant during Funding Year 2003 (FY03). Therefore, “…CIPA allows libraries either to certify (1) that they are in compliance with CIPA or (2) that they are 'undertaking such actions, including any necessary procurement procedures, to put in place' the required policy measures to comply with CIPA for the next funding year.” However, those libraries seeking discounts for either Internet access or internal connections in FY03 must resubmit the revised FCC Form 486/479 indicating their CIPA status. Nothing precludes a change to a Library's CIPA status.

Do all the workstations in a library need to be filtered or only those accessible by patrons?

The original CIPA legislation required “…the operation of a technology protection measure with respect to any of its computers with Internet access.” No exceptions were made for subsets of these computers, such as staff and “adult only” workstations.

If my library filters all workstations, must we also require an acceptable use policy (AUP)?

The CIPA legislation requires compliant libraries have “… in place a policy of Internet safety … that includes the operation of a technology protection measure with respect to any of its computers with Internet…” Your AUP would be required if it serves the purpose of “a policy of Internet safety” as defined by CIPA/NCIPA.

What is NCIPA?

The Neighborhood Children's Internet Protection Act (NCIPA) sets guidelines for a library's “policy of Internet safety”. This policy must address: “(I) access by minors to inappropriate matter on the Internet and World Wide Web; (II) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (III) unauthorized access, including so-called 'hacking', and other unlawful activities by minors online; (IV) unauthorized disclosure, use, and dissemination of personal identification information regarding minors; and (V) whether the school or library, as the case may be, is employing hardware, software, or other technological means to limit, monitor, or otherwise control or guide Internet access by minors”. NCIPA also requires a library to “…provided reasonable public notice and held at least one public hearing or meeting which addressed the proposed Internet use policy.”

Who bears the cost of installing filters? Our fiscal year runs from January 1 to December 31 and our budget does not include funding for this mandate.

Your library is responsible for all costs arising from the implementation of CIPA compliance. While FCC Order 03-188 notes that, given the timeframe, “…it is unrealistic to expect all libraries to be in a position to certify compliance with CIPA for Funding Year 2003…”, it does require that “During Funding Year 2003, all libraries that receive discounts for Internet access or internal connections must certify that they are either compliant with CIPA or undertaking efforts to be in compliance by the time the libraries commence services for Funding Year 2004.”

When must the filtering be turned off? How are we expected to “turn off” a filter when requested by patrons?

FCC Order 03-188 states that in order to comply with the statute's Internet filtering requirement a library must “… implement a procedure for unblocking the filter upon request by an adult.” No situation was given where minors would be allowed unfiltered access to the Internet. The mechanism for unblocking adult access to Internet sites is unspecified by the FCC and is left to the discretion the individual library.

Just how much filtering is required? Will my current filter be adequate to meet the requirements of this legislation?

The Federal government has published no lists of sites that must be restricted nor has it set standards for blocking. The CIPA legislation requires the operation of a technology protection measure with respect to any of a library's computers with Internet access that protects against access through such computers to visual depictions that are-1) obscene; 2) child pornography; or in the case of minors 3) harmful to minors. FCC Order 01-120 originally implemented CIPA in regards to the E-rate program. It noted that “Some commenters have requested that we require entities to certify to the effectiveness of their Internet safety policy and technology protection measures. However, such a certification of effectiveness is not required by the statute. Moreover, adding an effectiveness standard does not comport with our goal of minimizing the burden we place on schools and libraries. Therefore, we will not adopt an effectiveness certification requirement.”

How will my library's connection to the K20 Network be affected if we choose not to meet the requirements of CIPA?

Connection to the statewide K20 Network requires neither filtering nor compliance with the CIPA regulations. Cost to participate, however, may be affected. The quarterly billing received by your library for use of the network includes both the cost for data circuits and ISP (Internet Service Provider) charges. The circuit fee falls under the E-rate category of “telecommunications” and IS NOT subject to CIPA. This cost will not vary regardless of your library filtering status. The second portion of your bill, ISP charges, IS subject to CIPA. If your library chooses to be fully CIPA compliant and has filed an FCC Form 479 indicating this with the State Library, any savings realized will be passed back to the consortium members.

How will young people be able to conduct legitimate research on topics that are blocked by filters?

No provision is made to grant unfiltered access to the Internet to minors. Minors may, however, request that the library “unblock” sites that they feel have been blocked inappropriately.

Does CIPA apply to all federal funding coming to public libraries?

CIPA states that “No funds made available under this Act for a library … may be used to purchase computers used to access the Internet, or to pay for direct costs associated with accessing the Internet …” Of the programs administered by the Washington State Library, only E-rate discounts and LSTA grants are affected by the restrictions of this legislation. We would urge that you directly contact other agencies that may administer federal monies coming to your institution for their answers to this question.

Do I need to inform the public that our library is filtering?

No guidance was given on this question in either the original legislation or the ensuing court decisions. This is a policy issue that should be addressed by your board.

Do I need to update our library's technology plan?

Beginning in Funding Year 2015 (July 2015-June 2016), no technology plan is required for the purpose of E-rate.

If our library has previously received computer hardware or software from E-rate or LSTA funds, are we required to filter?

No.

Within CIPA, at what age is a person considered to be an adult? Is it 17 or 18?

From the definitions section of the Children's Internet Protection Act, a “minor” is defined as: “The term 'minor' means any individual who has not attained the age of 17 years.” Therefore, an adult is anyone 17 years of age and older.

My library has an automated program that patrons login to using their bar code number/patron ID. The login provides access to the library catalog and the Internet. The automation system automatically places a user in filtered or unfiltered access, depending upon their profile. If an adult requests unfiltered access, must they do so on every visit to the library, or can we change it once in the profile and still be CIPA compliant?

FCC Order 03-188 states that a library must “...implement a procedure for unblocking the filter upon request by an adult”, it does not specify how this will occur or whether it needs to be done repeatedly. The CIPA legislation itself says “An administrator, supervisor, or person authorized by the responsible authority under paragraph (1) may disable the technology protection measure concerned to enable access for bona fide research or other lawful purposes.”

It would appear that as long as a mechanism is in place that can assure that the unfiltered session is for the “adult” in question, then the library is compliant. If the library cannot assure this, then the “...procedure for unblocking the filter...” is flawed and unusable. For example, if a minor can login using an adult’s unfiltered profile, or an unfiltered adult profile is left logged in where a minor can use the terminal, this would not be in compliance. The use of such a procedure would have to be a judgement/policy call on the part of the library board and administration.

The question to be answered by a library is: “What constitutes bona fide research or other lawful purposes and what time period should be associated with that research or purpose?” Such research or purpose will likely not be indefinite and will likely need to be reviewed from time to time.

How do we manage/administer staff computers? Will we require staff to sign anything? Will we be able to keep anonymous logins?

Staff computers are not exempt from filtering. There is nothing that staff or the public are required to sign to use the internet, unless your board decides to implement such a policy. Authorized staff are allowed to turn filters off. One would assume, that the same staff would be authorized to turn filters off on staff machines. Who you authorize to do this and what your policy is for turning a filter off upon request will be a local decision.

You can have anonymous or generic logins. If the logins activate a non-filtered profile (which would have to comply with your policy and be disabled by an “authorized staff member”), then the users of those terminals would need to agree to unfiltered access and no one under 17 could use them for any reason.

Who decides that a filter is CIPA compliant?

There are definitions of what the filter should do (see the FAQ), but there is no authoritative list of what should be blocked. Your board will have to review the available filtering options and decide what works for your community.

Is there any instance where staff can override filtering on a children's computer?

No. Minors have to use filtered terminals.

Contact

Cody Hanson

[email protected]

(360) 480-0315

Feedback

We encourage your feedback. If you have comments or suggestions, please use our feedback form.

IMLS

Funded in part by the Institute for Museum and Library Services (IMLS) through the Library Services and Technology Act (LSTA).