Children's Internet Protection Act: Comments

Comment Submitted by: 

Nancy Willard, M.S. J.D.

Center for Advanced Technology in Education

University of Oregon, College of Education

Eugene, Oregon 97403

541-346-2895

541-346-6226 (fax)

E-mail: nwillard@oregon.uoregon.edu

URL: http://netizen.uoregon.edu

Responsible Netizen Institute

P.O. Box 50412

Eugene Oregon 97405

541-344-9125

541-344-1481 (fax)

URL:http://responsiblenetizen.org

27 August 2002

Evaluation of Available Technology Protection Measures 

Section 1703(a)(1) of the Act requires NTIA to evaluate whether or not currently available technology protection measures, including commercial Internet blocking and filtering software, adequately address the needs of educational institutions. 

1. Discuss whether available technology protection measures adequately address the need of educational institutions. 

I am providing copies of chapters of my new book, Safe and Responsible Use of the Internet: A Guide for Educators as an attachment to this. Please also consult my Analysis of the Constitutionality (and Advisability) of the Use of Commercial Filtering Software in Public Schools, which is available online at: http://responsiblenetizen.org/documents/constitutionality.doc.

In brief, what these chapters discuss are the concerns regarding school reliance on commercial filtering software, which include: their use as a surrogate for the more important responsibilities of education; constitutional concerns (about the use of this particular technology, not CIPA itself); overblocking which interferes with the effective educational use of the Internet in school; viewpoint discrimination; and the failure to support the effective use of the Internet for educational and instructional purposes. 

I believe the use of commercial, proprietary-protected filtering software by public schools to be unconstitutional because such use results in the abdication of decision-making authority by local school decision-makers to third party companies that are not blocking based on educational standards, protect their criteria, processes and relationships as confidential trade secrets, and are engaging in viewpoint discrimination.The ability of local school officials to override the systems to provide access do not cure the constitutional concerns because this places undue burden on students seeking sensitive, possibly controversial, information, and is simply not timely or efficient. 

Other technologies, which presumably could be used to comply with CIPA (this is an open question, which is addressed in "Children's Internet Protection Act"), include: blocking based on first party rating; filtering technologies where the criteria and processes are not protected; products that filter and warn; content limited access; filtered monitoring; and SPAM control technologies.These technologies can be effectively incorporated into a comprehensive education and supervision approach. 

2. Is the use of particular technologies or procedures more prevalent than others? 

Most public schools are using commercial proprietary-protected filtering software

3. What technology, procedure, or combination has had the most success within educational institutions? 

There are no research funds available to accurately ascertain the answer to this question. Funding for research in the use of educational technology has been very limited. The NRC report captures the essential points in regards to this question. In the preface to the report, Dick Thornberg , former Attorney General and committee chair, indicated that the report would "disappoint those who expect a technology 'quick fix'" and chided school officials and others for seeking "surrogates to fulfill the responsibilities of training and supervision needed to truly protect children from inappropriate sexual materials on the Internet.[1] "

The NRC Committee asked educators, "What is the benefit of having filters?" In virtually every school the committee visited the primary reasons offered for filters were to avoid controversy in the community and to avoid liability for exposing children to inappropriate material[2].Essentially, it appears that the primary reason schools have filters is not to protect kids -- but to protect the school. 

The NRC report also stated the following:

(F)ilters can be highly effective in reducing the exposure of minors to inappropriate content if the inability to access large amounts of appropriate material is acceptable[3]

In various site visits conducted by the NRC committee students "often reported that information on blocked sites might have been useful for legitimate academic research purposes" and teachers reported that "educationally relevant sites were blocked regularly[4]."

It light of these findings, it is clear that the use of commercial filtering software in public schools can not be considered to be "successful."

4. Please explain how the technology protection products block or filter prohibited content (such as Ayes@ lists, (appropriate content); Ano" lists, (prohibited content), human review, technology review based on phrase or image, or other method.) Explain whether these methods successfully block or filter prohibited online content and whether one method is more effective than another. 

Without full and complete data from the companies, it is impossible to ascertain any of this information. The questions should be asked to determine what material is appropriately blocked and what material is inappropriately blocked due to technical process problems or bias.

5. Are there obstacles to or difficulties in obtaining lists of blocked or filtered sites or the specific criteria used by technology companies to deny or permit access to certain web sites? Explain.

Please note the history of the proceedings in the ALA trial. At one point in the trial, N2H2, a filtering company intervened to close the hearing for fear of their trade secrets being disclosed. In The chapter "Analysis of the Constitutionality (and Advisability) of the Use of Commercial Filtering in Public Schools," the issue and implicationsof the lack of public accountability are discussed. The following is the type of information I suggest would be essential to be made publicly availableto fully understand how effectively and responsibly these filtering technologies actually function:

Database of blocked sites

Internal criteria and guidelines related to the blocking decision-making processes. Records and pertinent material related to training and supervision of employees who are engaged in the blocking decision-making. All corporate records, memos, and the like related to the establishment of the categories and the determination of the types of material to be blocked within each category. Qualifications of employees who have established blocking criteria and those who are making the blocking decisions

Complete description of technical systems that are utilized in the blocking decision-making process, including all internal audits and reports assessing the effectiveness of these systems.

Records related to the blocking processes, including numbers of sites returned by the search engine, average number of sites reviewed by each employee by the hour, results of the review process (number of sites blocked and number of sites not blocked).

Keywords that are used to identify potential sites that are then reviewed for possible blocking. If the filtering system blocks in "real time" based on an analysis of the incoming traffic, a list of all keywords that are used to identify sites that are blocked. All memos, reports and the like related to the development of these keywords.

Identification of marketing targets and all reports related to marketing approaches and activities related to these clients. List of all major clients, any clients that have a religious focus, and any clients that are government units in countries that are filtering the Internet for their citizens. All proposals presented by the company to anyprospective religious-orientedclient, prospective governmental units in countries engaging in censorship of their citizen's access to the Internet, and any other relevant major clients. 

The advantage of the use of the other technologies outlined in the chapter "Technology Protection Measures," which drew directly from the NRC Report, is that their use would address the concerns of public accountability. 

6. Do technology companies readily add or delete specific web sites from their blocked lists upon request? Please explain your answer.

In schools, the first line of request to gain access to a blocked site is at the school or district level, with a request for an override. It should be noted that there is some inconsistency or lack of clarity in the CIPA legislation related to overriding or disabling. The confusion relates to provisions in CIPA that allow the school to disable the filter to provide access for adults for legitimate research purposes -- although it is unclear how one can make a decision to allow access to material that is illegal for legitimate research purposes. This disabling provision does not apply to the system when used by minors thus leaving the question of whether or not it is ever possible for a school to override the filter and whether all unblocking decisions and actions must be made at the company level. This inconsistency was addressed by the court in the ALA ruling.

I personally posed this question to an official at F.C.C. and my understanding of his response was that there was a difference between overriding and disabling and that the local standards provisions of CIPA would allow for local overriding. The following is the information provided by Mark Seifert, Deputy Division Chief, Accounting Policy Division, Common Carrier Bureau, Frontline Manager for FCC for Oversite of the School and Libraries Division:

Issues of selection of the Technology Protection Measure, configuration of the Technology Protection Measure, and operation of the Technology Protection Measure with respect to unblocking sites that have been inappropriately blocked are all matters for the local community to decide. The FCC considers these issues to fall within the provision of the law set forth in Section 1732. (2) Local determination of content. The FCC has not received any complaints under CIPA and does not have enforcement procedures in place.According to the Commission's order, the FCC believes that Congress did not intend to penalize recipients that act in good faith and act in a reasonable manner to implement available Technology Protection Measures.The Commission also found that it was reasonable to presume that a school or library would comply with its certification, and therefore, the Commission would "rarely, if ever," be called upon to look beyond that certification[5].

As noted by the NRC, in virtually all schools they visited there were complaints regarding the time it took to gain an override of the filter. In most cases, the time and process demands are such that people are dissuaded from even requesting an override. Students who have unfiltered access at home get access there. Students without Internet access at home do without. 

Most technology educators I have communicated with have indicated that the level of intentional access to pornography or other inappropriatematerial in schools is very low. If such intentional access is not very low, this would be an indication of failure in supervision and discipline. Therefore, according to these educators, the vast majority of sites that are blocked appear to fall into two categories: material that is not relevant, but was accessed in the context of conducting research (the "chaff"); and material that is highly relevant to a particular research topic (the "wheat"). In schools that allow a significant amount on non-instructional use of the Internet --open access times--it would be reasonable to suspect that there would also be blocked access to a range of popular culture sites. 

One of the frustrations that is frequently reported is that if a site is found to be blocked during research activities it is not possible to tell whether this is a "wheat" site or a "chaff" site. Therefore, there is reticence about seeking to have the site overridden because it is unknown whether or not going through the override process would be worthwhile. There are likely more requests for an override when the system is blocking access to a site that is known by the user to contain appropriate relevant material. 

This question also raises another issue. Many of the products used in schools are also used by conservative religious ISPs who are requesting that their users submit the URLs for sites that they think ought to be blocked. It is probable that the companies are very responsive to these requests. This has a strong possibility of leading to blocking based on viewpoint bias. 

7. Discuss any factors that were considered when deciding which technology tools to use (such as training, cost, technology maintenance and upgrades or other factors.) 

Not applicable for me to comment on. It should be noted that an additional cost, which is rarely accounted for, is the human costs that would be involved if the district did seek to promptly respond to each and every request to unblock. 

Fostering the Development of Technology Measures 

Section 1703(a)(2) directs NTIA to initiate a notice and comment proceeding to make recommendations on how to foster the development of technology measures that meet the needs of educational institutions. 

Obviously the first thing that needs to be said is that the focus should not be on new technologies--rather the focus should be on the development of more effective educational and social strategies. 

The second really important issue of concern is that CIPA has actually undermined the development of new technologies. The *vast majority* of school administrators think that the only way to comply with CIPA is through the use of the current type of commercial, proprietary-protected filtering software. They think that if they try anything else, they will end up in trouble with the FCC. 

I have provided some guidance to a company called Vericept, which provides filtered monitoring. This kind of approach is a really good way to hold secondary level students accountable and is far preferable to the commercial filtering. There was an article that appeared in the NY Times about this company. In this article, there is a statement from some unidentified members of Congress saying that they wanted CIPA to be flexible enough to allot for newer technologies. But the company has told me that they are having difficulties getting school administrators to consider their product as a means of complying with CIPA. 

Rather than let the market unfold as it would have, which would have facilitated the introduction of newer, perhaps better technologies, CIPA has forced the adoption of a particular technology. It will be exceptionally hard for any other form of technology to gain any kind of a foothold. Investors will know this, so newer technologies will not even be developed. There will be no funds for development made available. 

Congress' intervention in this area has and will restrict all further technological development. 

1. Are current blocking and filtering methods effectively protecting children or limiting their access to prohibited Internet activity? 

The NRC Report answered this question directly:

(F)ilters can be highly effective in reducing the exposure of minors to inappropriate content if the inability to access large amounts of appropriate material is acceptable[6]

The inability to access large amounts of appropriate material is unacceptable in the secondary levels of school. For elementary students, this is likely not a significant concern. 

Essentially, the foundation question here is what is the meaning of the term "protection." No technology protection measure is or ever will be 100% effective in protecting young people from exposure to material that is potentially harmful. There is simply too much material on the Internet, with more material posted every second, for any technological system to be truly effective. Virtually every young person will, at one time or another, have unsupervised access to the Internet through an unfiltered, unblocked, and unmonitored system. Any time a technology is created that seeks to block access to material, another technology will emerge to get around such blocking actions. Technically proficient young people can easily obtain information on effective strategies to get around these systems.

As the NRC Report indicated: "Technology solutions seem to offer quick and inexpensive fixes that allow adult caregivers to believe that the problem has been addressed, and it is tempting to believe that the use of technology can drastically reduce or eliminate the need for human supervision.[7]" But that technology is not a "substitute for education, responsible adult supervision, and ethical Internet use.[8]

Ultimately the only filtering and blocking methods that will protect children will be the filtering and blocking software that resides in the hardware that sits upon shoulders.

This is not to say that there is not a role for technologies. Technologies can help to create safe places for younger students and ensure accountability on the part of older students. 

The best approach for younger children is the use of "white lists" of pre-reviewed, approved sites with access provided within a secure environment. There area variety of technologies, such as proxie servers and the use of the Internet Content Rating Association system to limit access to specific sites, that can be effective in this regard. As noted in the NRC report there is a need for much greater focus on developing and identifying these good sites for young people. 

Monitoring technologies can be very effective in limiting access to prohibited Internet activity, if appropriately implemented. Appropriate implementation requires full disclosure and notice of the existence of monitoring. But the limitation is indirect-- the teen exerts self-control to limit access because of the knowledge that if they do access inappropriate material, they will be identified and subject to appropriate discipline. 

But it remains to be seen whether any school districts will shift to a more comprehensive education and supervision approach. They all believe that they must use commercial filtering software. 

2. If technologies are available but are not used by educational institutions for other reasons, such as cost or training, please discuss. 

As was revealed in the NRC report, virtually all schools that have installed filtering software noted that their reason for doing so was for the purpose of reducing controversy and addressing concerns of liability. Many have also done so because of state or federal mandate. In many states the filtering has been applied at the state level, with no options provided at the local level to not use the filtering selected by the state. 

As was discussed above, since the existing filtering software has been sold as the "necessary solution" it will be very hard to convince administrators of the need for a change -- either to a newer technology or to a focus on comprehensive education and supervision strategies. Most of the school administrators I have discussed this issue with are of the opinion that the only way to comply with CIPA is to install the commercial, proprietary filtering software. 

There has been a wide perpetration of the "myth" that the use of filtering software is necessary to protect young people. It was only in May of this year that the "voice of reason" in the form of the NRC report suggested that filters were merely "technology quick fixes" and that our attention should be more strongly focused on education and supervision. But there has not been much national attention paid to this report -- and the only folks with marketing money are those promoting filtering software. 

As noted in the NRC report, and verified by my own work, comprehensive strategies thatare grounded in education and supervision are not quick and easy. They require professional development for staff, education for students and parents, attention to how and when students are using the Internet, and responsive intervention and discipline. It is my personal perspective that very few schools really are interested in approaching these issues in a comprehensive manner. They have been sold on the value of the "quick fix" and are not as willing to entertain the possibility that more may be necessary. 

3. What technology features would better meet the needs of educational institutions trying to block prohibited content? 

The focus of attention should not be on new technologies. The focus of attention should be on the development and implementation of a comprehensive education and supervision approach to protect children by preparing them to make safe and responsible choices.

4. Can currently available filtering or blocking technology adjust to accommodate all age groups from kindergarten through grade twelve? Are these tools easily disabled toaccommodate bona fide and other lawful research? Are these tools easily dismantled? 

Some products purport to provide "granularity" to allow for different settings for different grades. But the category and blocking decisions are not being made on the basis of educational standards; nor are decisions being made by educators. Without access to internal information, it is not possible to tell whether the technology is being adequately adjusted to serve different educational needs. 

The tools are not easily overridden. Recently, a professional trainer of teachers told me that the teachers she had trained this summer were having difficulties reaching a site through the filtering system at their school. This site was an important basic site for the educational activities the teacher had learned to accomplish during the summer. Upon contacting the school, she was told that the override committee would take this issue up in October!

Most teachers and librarians I have spoken with have told me that the process to request and achieve an override within the district is so time consuming and delayed, that they simply teach their students alternative ways to get around the school computer, such as use their home computer. This impedes the education of students who do not have a home computer. Further, this results in ineffective use of the expensive computer technology that has been installed in schools. 

The filters that are used on school systems are not easily dismantled. There was, however, a great story in Salon magazine of a high school student who was so frustrated by the filter at school that he set up an external server that made it possible for students to go around the filter. It is unknown how often this particular approach has been taken by frustrated students or teachers. 

There are also many ways that students can get around a filtered system, if they so desire. The issue that should have greater concern is addressing the "desire."

Current Internet Safety Policies 

Section 1703(a)(3) requires NTIA to evaluate the development and effectiveness of local Internet safety policies currently in operation that were established with community input. 

1. Are Internet safety policies an effective method of filtering or blocking prohibited material consistent with the goals established by educational institutions and the community? If not, please discuss the areas in which the policies do not effectively meet the goals of the educational institutions and/or community. 

The greatest disappointments in the implementation of CIPA are the following:

- Primary focus on filtering technologies. 

- The failure of Congress to wait for guidance in the form of the NRC Report.

- The failure of school districts to effectively address the requirements of an effective Internet Safety Plan.

The requirements set forth in CIPA for the Internet Safety Plan were excellent requirements. Had CIPA consisted of these requirements andhad CIPA been delayed until after the release of the NRC Report, SIGNIFICANT advanced and improvements would have been made in addressing the important concerns of inappropriate materials and dangers present on the Internet. We now have the most troubling situation--over 90% of schools using technological quick fixes as surrogates for their more important responsibilities of education and supervision. And, as a result, our children have been placed in a position of much greater vulnerability and risk.

Undoing this colossal mess and shifting the attention of educators to the approaches recommended by the NRC will be extremely difficult. School decision makers want to think they have solved the problem. They have not--but convincing them of this after they have been convinced that filtering will solve their problems--will present a difficult challenge. 

CIPA done significant harm to the overall objective of protecting and preparing young people to engage in the safe and responsible use of the Internet and effectively avoid and address the dangers and concerns present on the Internet.

As one who has provided consulting services to schools related to technology for over a decade, I am able to draw comparisons to the experiences with the requirements for technology plans that were incorporated into the Technology Literacy Challenge law. At the time these requirements were implemented, there was, within the field, a good understanding of the kinds of provisions and approaches that were necessary to develop a good technology plan. Because the TLC requirements simply required a plan and noted the topics that needed to be addressed, knowledgeable consultantsand technology directors were able to use the TLC requirements in an effective manner to help districts develop good technology plans. The TLC requirements were broad enough to encompass the needs of all districts. (I myself provided consulting services in the development ofTLC technology plans for one of Oregon's largest school districts, as well as 8 one room districts in Eastern Oregon.) The TLC technology plan requirements were very similar to the Internet Safety Plan requirements in CIPA. 

If Congress had had the wisdom to wait until the issuance of the NRC report and had limited CIPA to the Neighborhood Children's Internet Protection Act portion of the law, we would now be able to make great strides in developing the kinds of approaches and action plans that would truly protect our young people. 

This was an opportunity lost. Congress' rush to implement a one-size-fits-all technological quick fix has set the matters back considerably. 

And, just for the record, I did try to educate members of Congress, especially some of the key members of the Senate Commerce committee on this important issue. 

2. Please discuss whether and how the current policies could better meet the needs of the institutions and the community. If possible, provide specific recommendations. 

I have provided an entire book of specific suggestions. Whether or not any school districts will actually read and follow this guidance remains to be seen. I attempted to promote many of these same strategies to school districts last year, while they were coming into compliance with CIPA and was entirely unsuccessful. 

I would also suggest comparing the materials I have provided to the CIPA-compliant policies that was recommended by N2H2, one of the commercial filtering software companies whose testimony was relied upon by Congress in the development of CIPA. It is entirely evident from a comparison of the N2h2 recommended policy how the company's view of these issues comes from an entirely inadequate, over-simplistic understanding of the issues. They fail to understand what is necessary for effective policy and planning in a school environment. N2H2's policy is set forth below. 

3. Are educational institutions using a single technology protection method or a combination of blocking and filtering technologies? 

Why is this question in a section focusing on the Internet safety plan? The vast majority of schools have adopted the use of a commercial filtering software product. I advocate the use of a variety of technologies to provide for different levels of protection and accountability at different levels of schooling. 

4. Describe any best practices or policies that have been effective in ensuring that minors are protected from exposure to prohibited content. Please share practices proven unsuccessful at protecting minors from exposure to prohibited content. 

I am providing an entire book of suggestions. I request you consider the news article that ran last January in our local newspaper. It features a presentation of the approach taken by the school district my children attend. This district was one of the few to have decided to not apply for E-Rate funds because of their lack of willingness to install filtering when the approach they are using is working. 

"Filtering out the filth: Eugene schools use traditional methods to block 

inappropriate material"

http://www.registerguard.com/news/20020127/1a.safesurfing.0127.html

I further request you consider the editorial that ran several days later, which provided full support for the approach taken by our district 

"The best Internet filter: It's in students' minds, not their computers"

http://www.registerguard.com/news/20020129/ed.edit.filters.0129.html

All of the approaches recommended in my book have come from my conversations with knowledgeable technology directors in districts that had not installed filtering. 

N2H2's Recommended CIPA Policy

Online at: http://www.filteringinfo.org/sample_school_erate.html

(Filtering Info is N2H2's service for schools.)

Sample policy for a School Receiving E-rate Funding

An Internet Acceptable Use Policy (AUP) is required for schools and libraries receiving the E-rate. The E-rate requirements list several specific items that must be addressed in the policy. To help schools and libraries understand what requirements apply to them, FilteringInfo.org has created a sample policy that covers these minimum policy requirements:

Enforce use of a technology protection measure that blocks or filters Internet access when in use by minors. A minor is defined in the legislation as "any individual who has not attained the age of 17 years." 

- Address access by minors to inappropriate material. 

- Address access by minors to material harmful to minors. 

- Address safety of minors when using e-mail, chat, etc. 

- Address unauthorized/unlawful use by minors. 

- Address disclosure of personal info by minors. 

- Provide means for monitoring access by minors. However, the legislation states that "Nothing in this title or the amendments made by this title shall be construed to require the tracking of Internet use by any identifiable minor or adult user." 

Sample Policy

Below is a sample policy that you may use to craft your own Internet Acceptable Use Policy (AUP). Please feel free to copy any and all of the language below to help you create and edit your own policy document to fit your particular needs. Note that the placeholder [YOUR SCHOOL] is meant to be replaced with the name of your organization. Also, carefully review the information in your policy to be sure that your district or local governing body is in accordance with the language.

[YOUR SCHOOL] Policy on Internet Access

Internet users are expected to use the Internet as an educational resource. The following procedures and guidelines are used to help ensure appropriate use of the Internet at [YOUR SCHOOL].

Student Expectations in Use of the Internet

a. Students shall not access material that is obscene, pornographic, child pornography, "harmful to minors", or otherwise inappropriate for educational uses.

b. Students shall not use school resources to engage in "hacking" or attempts to otherwise compromise system security. 

c. Students shall not engage in any illegal activities on the Internet. 

d. Students shall only use electronic mail, chat rooms, and other forms of direct electronic communications for school-related purposes. 

e.Students shall not disclose personal information, such as name, school, address, and telephone number outside of the school network. 

Any violation of school policy and rules may result in loss of school-provided access to the Internet. Additional disciplinary action may be determined in keeping with existing procedures and practices regarding inappropriate language or behavior. When and where applicable, law enforcement agencies may be involved.

Staff Expectations in Use of the Internet

a. Staff shall not use access material that is obscene or is child pornography. (Note the absolutely absurd policy provision that allows staff to access material that is harmful to minors! This, of course, is in accord with CIPA.))

Any violation of school policy may result in loss of school-provided access to the Internet. Additional disciplinary action may be determined in keeping with existing procedures and practices. When and where applicable, law enforcement agencies may be involved.

Enforcement of policy

a. [YOUR SCHOOL] uses a technology protection measure that blocks or filters Internet access to block access to some Internet sites that are not in accordance with the policy of [YOUR SCHOOL]. 

b. The technology protection measure that blocks or filters Internet access may be disabled by a [YOUR SCHOOL] staff member for bona fide research purposes by an adult. 

c. A [YOUR SCHOOL] staff member may override the technology protection measure that blocks or filters Internet access for a student to access a site with legitimate educational value that is wrongly blocked by the technology protection measure that blocks or filters Internet access. 

d. [YOUR SCHOOL] staff will monitor students' use of the Internet, through either direct supervision, or by monitoring Internet use history, to ensure enforcement of the policy. 

[YOUR SCHOOL] Internet Acceptable Use Policy, Approved by [YOUR SCHOOL BOARD], [On this date]


[1] cite
[2] See * for a discussion of liability related to access to material.
[3] NRC at ES 8.
[4] NRC at 12.1.3.
[5] Personal communication, 25 October 2001
[6] NRC at ES 8.
[7] NRC Report at 14.3.
[8] NRC report at 14.3.