Children's Internet Protection Act, CIPA: A Brief FAQ on Public Library Compliance (2-04)

(PDF Lite FAQ — PDF Complete FAQ)


CIPA PowerPoint slides. The slides are an expanded version of those used for the CIPA program at the February 2004 PLA Conference. They include notes that provide more information for some of the slides. See especially the explanatory note on the title slide. (3-9-04)

Introduction:

This is a brief version of a FAQ on the Children's Internet Protection Act (CIPA). It focuses on compliance with CIPA in light of the Supreme Court's June 2003 ruling that the filtering language in CIPA was, on its face, constitutional for public libraries. The complete CIPA FAQ has links to other resources including the law, court decisions, and FCC regulations. Note: Only information from the appropriate federal agencies or courts should be considered official. Trustees and staff are encouraged to seek legal advice as needed on this complex issue. Permission is granted to reproduce this handout, with proper attribution.

-Bob Bocher, Technology Consultant
WI Division for Libraries, Technology, and Community Learning


Q: Under what circumstances does my library have to comply with CIPA?

A: The Supreme Court's 6-3 CIPA decision means that any public library using E-rate or LSTA funds for the following purposes must comply with the law's filtering requirement. Note: When a library receives both E-rate discounts and LSTA, the E-rate language of CIPA takes precedence.

  1. E-rate: CIPA applies when getting discounts for Internet access or for internal connections costs. Compliance is not needed for discounts on telecommunication costs, including voice or data circuits.
  2. LSTA CIPA applies when using LSTA funds to purchase computers used to access the Internet or to pay for direct costs associated with accessing the Internet. Compliance is not needed for other uses of LSTA funds.

Q: What is the timeframe for complying with CIPA?

A: Following the Court's ruling, the FCC and IMLS released information on the compliance timeframe.

  1. E-rate: Libraries have until the start of 2004 E-rate services to comply with CIPA. For almost all libraries this will be July 1, 2004. During the 2003 E-rate funding year, libraries need to be already compliant with the law or be undertaking actions to be compliant by the start of 2004 services.
  2. LSTA: Libraries not now compliant must certify when applying for FY 2004 funds from the State Library that they are undertaking efforts to comply by the following year. States have different timeframes for the LSTA grant process and thus compliance dates will differ from state-to-state.

Q: What has to be filtered or subject to the "technology protection measure" (TPM)?

A: The filter, referred to in CIPA as a "technology protection measure" (TPM), must protect against access to visual depictions that (1) are obscene, (2) contain child pornography, or (3) are harmful to minors. The first two prohibitions are defined in other parts of the federal statues. Obscenity is also frequently defined in state statutes and local ordinances using guidelines established in the Supreme Court's 1973 Miller ruling. "Harmful to minors" is defined in CIPA. It takes the Miller definition of obscenity and applies it with respect to minors under age 17. In its April 2001 CIPA regulations, the FCC declined to "amplify the statutory definitions" in the law. It should be noted that even prior to CIPA patrons had no legal right to view obscene images, and child pornography is clearly illegal, regardless of format. CIPA does not require the filtering of text or audio.

Q: What computers must have the Internet TPM?

A: The law states that a library must have a TPM in place "with respect to any of its computers with Internet access [emphasis added]." This includes staff and patron computers accessed by minors or adults. Even Internet-connected computers located in administrative areas not accessible to the public must still have TPMs. An increasingly popular option is allowing patron-owned laptops to access the Internet via the library's wireline or wireless network. In this regard, it is reasonable to assume that CIPA's phrase "its computers" refers to a library's PCs, not patron-owned laptops. Officials at a federal agency have indicated off the record that they agree with this assumption.

Q: Under what circumstances or conditions can the TPM be disabled?

A: The law states that any authorized staff may disable the TPM to allow Internet access for lawful purposes. In the E-rate section of CIPA the disabling provision applies only to adults (age 17 or older), but the LSTA section allows anyone to request that the TPM be disabled. Under the E-rate provisions, since authorized staff can disable the TPM for adults, it should be easy to craft a policy to allow adult staff to turn off the TPM for their own use. The disabling process should be a key part of any filter evaluation. The Supreme Court's ruling places considerable emphasis on CIPA's disabling language as a way to avoid First Amendment harm from overblocking. For example, Justice Kennedy's concurring opinion states that if a patron requests unfiltered access to view constitutionally protected content, and such a request is not honored in a reasonable manner, then the library places itself at risk of a possible "as applied challenge." This means the patron contends that the library has applied CIPA's filtering mandate in such an onerous fashion that it is unconstitutionally blocking access to legal content. The law does not address the issue of requiring patrons to state why they are seeking unfiltered Internet access, but language in the Court's ruling supports the position that patrons simply have to request unfiltered access, with no explanation needed. (A library's AUP should address the issue of what constitutes acceptable or unacceptable use.)

The FCC's CIPA regulations declined to provide any guidance on disabling procedures or policies, saying that it left "such determinations to local communities." Libraries thus have considerable latitude in this area, which has resulted in discussions of disabling scenarios that are of minimal burden to staff and patrons. For example, one scenario is to have a TPM on workstations but have the patron select unfiltered access by choosing this option on the screen or by use of a smart card process. To provide practical guidance in this area, but not a formal legal opinion, an attorney retained by ALA indicated that such a scenario could be reasonably argued to comport with the law. This assumes that the library makes a good faith effort to enforce a policy that only adults can select the unfiltered option and use the unfiltered PCs. Examples of further safeguards could include signage indicating "adult only" workstations, and the library has the patron sign an AUP which states that he/she wants unfiltered access. In this scenario there is no direct intervention by staff, and adult patrons need not be constantly asking staff to disable the filter.

Q: How effective does the TPM have to be?

A: The law states that the Internet TPM must protect against visual depictions outlawed by the legislation. No TPM is 100% effective in preventing all such access. In its CIPA regulations, the FCC declined to further define the TPM requirements or to adopt any type of definition or certification on how effective a TPM must be, beyond the general "protect" language in the law. Thus, a vendor's claim that its TPM is "CIPA compliant" or that its TPM meets CIPA requirements is of little value. In deference to local control, the FCC further noted, "We conclude that local authorities are best situated to choose which technology measures will be most appropriate for their relevant communities."

Q: What are the legal implications if the TPM fails?

A: The FCC presumes that Congress did not intend to penalize libraries that act in good faith and in a reasonable manner to implement TPMs. The FCC also notes that failure to comply with the law's requirements could "engender concern among library patrons," and it believes that libraries will act appropriately to avoid such situations. A library must have policies and procedures in place if it is to address any such complaints expeditiously. It is still possible that a patron could claim that too many allegedly illegal images are getting through the TPM and file a complaint directly with the FCC. Under CIPA, the FCC can require a library to reimburse its E-rate discounts for any period of time it was out of compliance, but the Commission assumes that it "will rarely, if ever," be called upon to take such action. For LSTA, the IMLS can withhold future payments to the library and enter into some type of CIPA compliance agreement with the library, but it cannot retroactively recoup funds for any time a library was out of compliance.

Q: Does it make any difference where the filtering takes place?

A: It makes no difference where the filtering is done. It can be done centrally by an Internet Service Provider, or at the server level on the library's LAN or WAN, or the filter can be individually installed on each workstation. Filter installation on each PC is practical only when the number of workstations is quite small.


Let me know if you have any questions.

Bob Bocher, Technology Consultant
Division for Libraries, Technology, and Community Learning
Public Library Development
125 S. Webster St., Box 7841, Madison, WI 53707-7841
(608-266-2127, fax 608-267-9207)
robert.bocher@dpi.wi.gov

February 2004


For questions about this information, contact Robert Bocher (608) 266-2127