Complying with CIPA: What Libraries Need to Know Bob Bocher Technology Consultant Wisconsin Department of Public Instruction State Division for Libraries, Technology, and Community Learning

Complying with CIPA … — Bocher 2 Program Outline 1. Filtering: Background information 2. Supreme Court: Review of the CIPA decision 3. CIPA: The law and regulations  Compliance  Technology Protection Measures (TPM)  Disabling the TPM

Complying with CIPA … — Bocher 3 Background on Federal Laws  Communications Decency Act ( CDA, 1996 ):  Prohibited “indecent” content on the Internet  Found unconstitutional by District Court in 1996  Found unconstitutional by the Supreme Court in 1997 Key issue: Overly broad, vague language  Child Online Protection Act ( COPA, 1998 ):  Prohibited “harmful to minors” content on the Internet  District Court issued an injunction against it in 1999  Appealed (twice) to the Supreme Court Oral arguments held March 3, 2004 –Key issue: Overly broad, defining obscenity in an Internet world

Complying with CIPA … — Bocher 4 Background on CIPA  Passed in December 2000  Prohibits displaying certain images from the Internet when schools/libraries use LSTA or E-rate for certain purposes  Subject to law suit filed by ALA, ACLU, et al.  Public libraries only  Found unconstitutional by District Court in May 2002  Found constitutional by Supreme Court in June 2003  FCC issues CIPA compliance rules for libraries in July 2003  Most of FCC’s initial rules, issued in April 2001, still apply

Complying with CIPA … — Bocher 5 ALA Position  Passed filtering statement in 1997  ALA Executive Board Action (8-03)  Collect information on TPM costs  Begin developing criteria and tools for evaluating TPMs  Gather and share additional research on the impact of implementing filters  Activities undertaken by ALA’s OITP and its E-rate Task Force ALA affirms that the use of filtering by libraries to block access to constitutionally protected speech violates the Library Bill of Rights.

Complying with CIPA … — Bocher 6 * Public Libraries and the Internet 2002 … (12-02) Status of Filtering in U.S. Public Libraries*

Complying with CIPA … — Bocher 7 Court’s Rationale Congress has wide latitude to attach conditions to the receipt of federal assistance to further its policy objectives. Internet access in public libraries is not a public forum. A library’s decision to filter is a collection decision. Concerns about overblocking protected speech are dispelled by the ease with which patrons may have the filter disabled. Substantial government interests are at stake here: protecting young patrons from inappropriate material is legitimate.  Spending clause  Policy objective  Public forum  1st Amendment

Complying with CIPA … — Bocher 8 Compliance: E-rate and LSTA ProgramMust Comply with CIPA’s Requirements CIPA’s Requirements Do Not Apply E-rateWhen getting discounts for  Internal connections  Internet access When getting discounts for  Telecommunication services LSTAWhen using funds for  PCs that access the Internet  Internet access When using funds for  Any other purposes allowed by LSTA and state guidelines When using both LSTA and E-rate for services requiring compliance, CIPA’s E-rate language takes precedence.

Complying with CIPA … — Bocher 9 Timeframe for Compliance 1. E-rate:  Must be compliant now, or be “undertaking efforts” to be compliant by start of 2004 services 2. LSTA:  When applying for FY 2004 funds, a library must be compliant or be “undertaking efforts” to be compliant by the start of its use of FY 2005 funds  State Library LSTA grant timeframes differ, and thus compliance dates differ

Complying with CIPA … — Bocher 10 Implementing CIPA and TPMs FCC: We have attempted to craft our rules in the most practical way possible, while providing libraries with maximum flexibility. We conclude that local authorities are best situated to choose the technology measures and Internet safety policies most appropriate for their communities. Libraries have wide latitude in implementing CIPA and its technology protection measure (TPM) clause

Complying with CIPA … — Bocher 11 What is Not in the FCC Regulations (but could have been)  Specific TMP specifications and compliance standards  Elaboration on the types of banned images  The need for a library to  Publicly post CIPA requirements  Publicly post information on how to file a complaint  Publicly post the name of the TPM vendor  Track patron attempts to access illegal images  Track the number of times the TPM failed Tracking patrons: “This is blatantly intrusive and well beyond the scope of the CIPA.” —WI State Library comments to FCC (Feb. 2001)

Complying with CIPA … — Bocher 12 What the TPM Must Do CIPA: A library must be enforcing a policy of Internet safety that includes the operation of a TPM with respect to any of its computers with Internet access that protects against access to visual depictions that are— 1) obscene 2) child pornography 3) harmful to minors FCC: We decline to incorporate within our regulations layman’s explanations of obscenity, child pornography, and the term “harmful to minors.”

Complying with CIPA … — Bocher 13 What the TPM Must Do (cont.)  The TMP must be on all PCs  The TPM must protect against illegal images  The type of TPM and its configuration is a local decision  Vendor claims of “CIPA compliant” TPMs are of little value FCC: Requiring libraries to certify the effectiveness of their TPMs does not comport with our goal of minimizing the burden we place on libraries. Therefore, we will not adopt an effectiveness certification requirement. There is no TPM 1) Certification process 2) Compliance process 3) Measure of effectiveness Defining “protection” is a local decision.

Complying with CIPA … — Bocher 14 Defining Illegal Images  Obscenity (indirectly) and child pornography are defined in federal statutes; “harmful to minors” is defined in CIPA  Only images need to be blocked  Note: Even before CIPA, no patron had a First Amendment right to view obscenity or child pornography 1. Obscene2. Child pornography 3. Harmful to minors Adults Minors

Complying with CIPA … — Bocher 15 Defining Illegal Images (cont.)  Defining obscenity is difficult  Determined in the context of the Miller test  Much “adult” content is not legally obscene  Legally it is a judicial, not administrative decision …but library Internet AUPs must still be enforced  CIPA’s “harmful to minors” language parallels Miller  Per Miller, what is the “prurient interest” of a ten-year-old?  Libraries may filter minors’ PCs at a more restrictive level  Government has vested interest in protecting minors from materials that may be legitimate for adults

Complying with CIPA … — Bocher 16 Disabling the TPM CIPA: DISABLING DURING ADULT USE: An administrator, supervisor, or other person authorized by the certifying authority may disable the technology protection measure during use by an adult, to enable access for bona fide research or other lawful purpose. Court: The statute contains an important exception that limits the speech-related harm: It allows libraries to permit any adult patron access to an “overblocked” Web site or to disable the software filter entirely upon request. Assuming that such erroneous blocking presents constitutional difficulties, any such concerns are dispelled by the ease with which patrons may have the filtering software disabled. If some libraries do not have the capacity to unblock Web sites or to disable the filter or if an adult user’s election to view constitutionally protected Internet material is burdened in some other substantial way, that would be the subject for an as- applied challenge, not the facial challenge made in this case.

Complying with CIPA … — Bocher 17 Disabling the TPM (cont.)  CIPA’s phrase “other lawful purpose” allows access to a wide variety of content  Staff can disable the TPM  For themselves or for patrons  For any lawful purpose LSTA: Anyone can ask E-rate: Adults can ask  Court: Disabling is critical  As-applied challenge reinforces need for disabling  Specific disabling policies and procedures are a local decision FCC: Federal rules directing library staff when to disable the TPM would likely be overbroad and imprecise. We leave such determinations to local communities.

Complying with CIPA … — Bocher 18 Disabling the TPM (cont.)  Frequent disabling can be time consuming and technically difficult  A key factor in TPM evaluation  How often must a patron ask? How long can a request be valid?  Disabling requires a re-enabling process  Patrons need not state why they want the TPM disabled  Protects patron privacy and staff sanity Court: The Solicitor General confirmed that a patron would not “have to explain... why he was asking a site to be unblocked.”

Complying with CIPA … — Bocher 19 Disabling the TPM (cont.)  Can patrons select unfiltered access?  Use of smartcard systems, etc.  Could be “reasonably argued” to comport with the law  Disabling is more incentive to install Internet management systems  Patron laptops  Public library needs TPMs “with respect to any of its computers with Internet access.”  Disabling is a key issue for the ALA E-rate Task Force

Complying with CIPA … — Bocher 20 When the TPM “Fails”  Who or what determines “failure”?  CIPA provides no private right of action  But an “as applied” challenge could be attempted  E-rate penalties  FCC can recover funds for noncompliance  LSTA penalties  IMLS can withhold future funding, or issue a compliance order, but it cannot recover funds for noncompliance  Public relation issues may be more critical than penalties  Your library must have policies to address any complaints