Law Requires Content Filtering on School and Library Networks

If you’re looking for financial ­assistance to upgrade your ­classroom connectivity, keep in mind that schools and libraries receiving E-Rate funding, which is administered by the Federal Communications Commission, must comply with the provisions of the Children’s Internet Protection Act. The four CIPA provisions that affect K–12 institutions require the creation of an internet safety policy, the use of content filtering technology, monitoring of user activity and educating minors about appropriate online behavior.

Keys to Developing an Internet Safety Policy

Every school that receives E-Rate funding for internet connectivity must adopt a policy that describes how to appropriately use the internet in the school environment. Schools must provide parents with reasonable notice and conduct at least one public meeting before adopting the policy. The policy provisions should include:

• Policy and technology measures to restrict access by minors to inappropriate internet content
• Security measures to protect minors who use email, chat rooms and other direct electronic communications
• Rules regarding unlawful online activities by minors, including hacking and other unauthorized access
• Protections against the unauthorized disclosure, use or dissemination of minors’ personal information

Fortunately, schools don’t need to create these policies from scratch. CIPA has been law since 2001, and many schools publish their internet safety ­policies online. A quick web search for “school internet safety policy” will turn up many existing policies that schools may use as templates for their own document.

Best Practices for Implementing Content Filtering and Monitoring

CIPA requires that schools use “a ­technology protection measure with respect to any of its computers with internet access that protects against access through such computers to visual depictions that are obscene, child pornography, or harmful to minors.” The law also requires that schools monitor the activity of minors online to detect potential inappropriate use.

The bottom line is that all covered schools must perform content filtering that blocks inappropriate content on their networks. Typically, schools meet this requirement by installing a dedicated content filtering device that sits on the network and evaluates all requests for web pages. These devices, available from manufacturers such as Barracuda Networks, Lightspeed and Dell SonicWALL, provide administrators with an interface that allows them to configure the filtering parameters and provide regular updates to the filtered site list.

Administrators responsible for maintaining these filters should never forget that students can be very resourceful, especially when it comes to bypassing internet content filters. When schools deployed the first wave of content filtering technology a decade ago, students quickly discovered that early filters were unable to block access to encrypted websites and that they could bypass filters by simply adding “HTTPS” before the web address. After content filtering companies blocked this approach, students discovered the existence of online proxy servers that weren’t blocked by content filters, which allowed access to any other site on the internet. Content filtering companies quickly moved to add proxy sites to the blocked list. Today, enterprising students use cloud service providers to create their own private proxy servers that aren’t included on filtering lists and aren’t currently blocked.

The struggle between students and administrators for effective content filtering is a cat-and-mouse game that will never end. While CIPA requires technical filtering measures, these will never be sufficient to completely protect students from inappropriate content. School administrators must monitor ­student activity with old-fashioned shoulder surfing and watch for signs that students have found a method to bypass filters. Using traditional disciplinary techniques to punish students who bypass the filters sends a strong message and may deter future unauthorized access attempts.