The Children’s Internet Protection Act (CIPA) was signed into law on December 21, 2000. To receive support for Internet access and internal connections services from the Universal Service Fund (USF), school and library authorities must certify that they are enforcing a policy of Internet safety that includes measures to block or filter Internet access for both minors and adults to certain visual depictions. The relevant authority with responsibility for administration of the eligible school or library must certify the status of its compliance for the purpose of CIPA in order to receive USF support.

Who Must Comply with CIPA

If you receive money from E-Rate for Internet access or internal connections, you must comply with CIPA and all three of its requirements, which are discussed below.

If you are applying for E-Rate funding for internal connections or Internet services, you must be CIPA compliant.

It is in Form 486 (block 4, item 11) that you inform the FCC if your institution is complying with the required CIPA regulations. CIPA compliance certifications are required from all funded applicants. Those who do not need to comply must still submit the 486 certification to that fact.

Institutions that have their funding requests submitted by another authority (e.g., a city office submitting for a library) must, each year, fill out and submit to that authority a Form 479 which attests to their compliance. The filing authority should maintain the submitted Form 479 in their files.

Requirements of CIPA

FCC Updates CIPA Rules

The FCC released its long-awaited CIPA rule revisions incorporating the E-rate provisions of the Protecting Children in the 21st Century Act enacted in 2008. The most important aspect of the new Order (FCC 11-125) is that Internet Safety Policies — required of all applicants applying for discounts on anything more than telecommunications services — must “…include educating minors about appropriate online behavior, including interacting with other individuals on social networking websites and in chat rooms and cyberbullying awareness and response.”

Other aspects of the Order include the following:

  1. The new Internet Safety Policy requirement becomes effective for FY 2012, the E-rate funding year beginning July 1, 2012.
  2. Applicants, who have existing and properly adopted Internet Safety Policies, will not be required to hold new public hearings to amend their policies. New applicants, adopting an Internet Safety Policy for the first time, remain bound by the public notice and forum requirements.
  3. The Order clarifies that the determination of what matter is considered inappropriate for minors is a local decision to be made by the school board, local educational agency, library, or other authority. Most specifically, the FCC found that social network Websites (e.g., Facebook and MySpace) do not fall into one of the categories that must be blocked.
  4. Applicants must retain Internet Safety Policy documentation — including both the Policy itself and the adoption records — for a period of five years after the end of the funding year that relied on that Policy. Although five years is the standard record retention rule, the FCC was careful to note that this may mean the retention of Policy documentation for far longer than five years. If, for example, a Policy adopted in 2005 was used as the basis for a Form 486 certification for 2011-2012, the documentation must be retained until at least June 30, 2017. Special dispensation on record retention is provided for applicants who had adopted their policies prior to August 2004, the date the FCC initially established the five-year retention rule.
  5. The FCC clarified “…that selecting a telecommunications carrier as a service provider does not absolve schools and libraries of their obligation to adhere to the Children’s Internet Protection Act (CIPA) requirements when they use USF funding to obtain discounted Internet access service.” Conversely, it would follow that an applicant receiving discounts on telecommunications services, but not on Internet service itself carried over the telecommunications facility, would not have to be CIPA compliant. This provision is particularly important for many libraries receiving telecom discounts, but forgoing Internet discounts, for policy reasons.
  6. The Order codifies much of the statutory language of the original Children’s Internet Protection Act including definitions of “minor,” “obscene,” “child pornography,” “harmful to minors,” “sexual act,” “sexual contact,” and “technology protection measure…” For CIPA purposes, a “minor” means “any individual who has not attained the age of 17 years.”
  7. The FCC concluded that the new rules will not require revisions to either the Form 486 or Form 479, but that changes have to be made to the instructions for those forms to list revised restrictions (and, presumably, the revised technology plan requirements adopted last year).

Although CIPA requirements mandate filtering school or library computers used to access the Internet, the FCC acknowledged that there was confusion as to CIPA requirements pertaining to the on-site use of portable devices owned by students and library patrons. The FCC indicated that it intended to seek public comment on these issues in a separate proceeding.