******************************************************** NOTICE ******************************************************** This document was converted from WordPerfect or Word to ASCII Text format. Content from the original version of the document such as headers, footers, footnotes, endnotes, graphics, and page numbers will not show up in this text version. All text attributes such as bold, italic, underlining, etc. from the original document will not show up in this text version. Features of the original document layout such as columns, tables, line and letter spacing, pagination, and margins will not be preserved in the text version. If you need the complete document, download the WordPerfect version or Adobe Acrobat version, if available. ***************************************************************** CORRECTED VERSION Before the Federal Communications Commission Washington, D.C. 20554 In the Matter of Federal-State Joint Board on Universal Service Children's Internet Protection Act ) ) ) ) ) ) CC Docket No. 96-45 REPORT AND ORDER Adopted: March 30, 2001 Released: April 5, 2001 By the Commission: TABLE OF CONTENTS Paragraph I. INTRODUCTION. . . . . . 1 II. EXECUTIVE SUMMARY . . . . . .3 III. BACKGROUND. . . . . . . 4 IV. DISCUSSION A. Constitutionality of CIPA. . . . . . . 9 B. Timing of Section 254(h) . . . . . . .10 C. Timing of Section 254(l) . . . . . . .16 D. Certification Form . . . . .20 E. Entities Certifying. . . . . . . 23 F. Application of CIPA to Certain Services. . . . . . . 28 G. Certification Language . . . . . 32 H. Disclosure and Information-Gathering Requirements. . . . . . . 40 I. Noncompliance Provisions . . . . . . .43 J. Public Notice and Hearing Requirements . . . . .49 K. Disabling Technology Protection Measures . . . . . . 53 L. Universal Service Funding for CIPA Compliance. . . . . . .54 V. PROCEDURAL MATTERS A. Effective Date . . . . . . .56 B. Paperwork Reduction Act. . . . . 57 C. Final Regulatory Flexibility Analysis. . . . . .58 1. Need for, and Objectives of, the Proposed Rules . . . . . 59 2. Summary of Significant Issues Raised by the Public Comments in Response to the IRFA . . . . . . . . . . . . . . . . 60 3. Description and Estimate of the Number of Small Entities To Which Rules Will Apply . . . . . . . . . . . . . . . 61 4. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements. . . . . . . . . . . . . . . 63 5. Steps Taken to Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered. . . . . . . 68 6. Report To Congress. . . . . 71 V. ORDERING CLAUSES. . . . . . 72 Appendix A Parties Filing Comments Appendix B Parties Filing Reply Comments Appendix C Final Rules I. Introduction 1. In this Report and Order, we adopt rules proposed in the Further Notice of Proposed Rulemaking (Notice), to implement the Children's Internet Protection Act (CIPA). Congress included CIPA as part of the Consolidated Appropriations Act, 2001. Sections 1721 et seq. of CIPA provide that schools and libraries that have computers with Internet access must certify that they have in place certain Internet safety policies and technology protection measures in order to be eligible under section 254(h) of the Communications Act of 1934, as amended (the Act), to receive discounted Internet access, Internet services, and internal connection services. CIPA also requires that our rules implementing the statute be in effect by April 20, 2001. 2. We adopt these rules with the goal of faithfully implementing CIPA in a manner consistent with Congress's intent. We have attempted to craft our rules in the most practical and efficacious way possible, while providing schools and libraries with maximum flexibility in determining the best approach. Moreover, to reduce burdens in the application process, we have designed rules to use existing processes where applicable. We conclude that local authorities are best situated to choose which technology measures and Internet safety policies will be most appropriate for their relevant communities. III. EXECUTIVE SUMMARY 4. In this Order, we adopt rules that do the following: · In order to receive discounts for Internet access and internal connections services under the universal service support mechanism, school and library authorities must certify that they are enforcing a policy of Internet safety that includes measures to block or filter Internet access for both minors and adults to certain visual depictions. These include visual depictions that are (1) obscene, or (2) child pornography, or, with respect to use of computers with Internet access by minors, (3) harmful to minors. An authorized person may disable the blocking or filtering measure during any use by an adult to enable access for bona fide research or other lawful purpose. · A school administrative authority must certify that its policy of Internet safety includes monitoring the online activities of minors. · In order to receive discounts, school and library authorities must also certify that they have adopted and implemented an Internet safety policy addressing (i) access by minors to inappropriate matter on the Internet and World Wide Web; (ii) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (iii) unauthorized access, including so-called "hacking," and other unlawful activities by minors online; (iv) unauthorized disclosure, use, and dissemination of personal information regarding minors; and (v) measures designed to restrict minors' access to materials harmful to minors. · For this funding year, schools and libraries must certify by October 28, 2001 that they have the policies and technology measures in place, or that they are undertaking such actions, including any necessary procurement procedures, to put them in place for the following funding year. Because no school or library may receive services at discount rates during any time period in which it is out of compliance with its certification, as of the time that a school or library begins receiving services in Funding Year 4, it must either have the policies and technology measure in place, or be undertaking necessary actions to put them in place for the next year. · Schools and libraries shall make the necessary certifications in FCC Form 486, which is submitted after a decision is made on requests for discounts under the universal service support mechanism. II. BACKGROUND 3. Pursuant to section 254 of the Act, the Federal Communications Commission (Commission) established the schools and libraries universal service support mechanism (colloquially known as the "e-rate" program). Under that mechanism, eligible schools, libraries, and consortia that include eligible schools and libraries (collectively, recipients), may apply for discounted eligible telecommunications, Internet access, and internal connections services. 4. The Schools and Libraries Division (SLD) of the Universal Service Administrative Company (Administrator) administers the schools and libraries support mechanism under the direction of the Commission. After an applicant for discounted services under the schools and libraries support mechanism has entered into agreements for eligible services with one or more service providers, it must file with SLD an FCC Form 471 application. The Form 471 notifies the Administrator of the services that have been ordered, informs the providers with whom the applicant has entered into an agreement, and supplies an estimate of funds needed to cover the discounts to be given for eligible services. SLD then issues a funding commitment decision letter indicating the discounts, if any, to which the applicant is entitled. The approved recipient of discounted services subsequently submits to SLD an FCC Form 486, which triggers the process for SLD to receive invoices from the service provider. 5. CIPA amends, inter alia, section 254 of the Act to impose new requirements on schools and libraries "having computers with Internet access" and receiving discounted services under the schools and libraries universal service support mechanism. Specifically, under CIPA, no school or library may receive universal service discounts unless the authority with responsibility for administration of the school or library makes the required certifications, and ensures the use of such computers in accordance with the certifications. They must certify that they are enforcing a policy of Internet safety and have in place a technology protection measure. The policy of Internet safety must include a technology protection measure that protects against Internet access by both adults and minors to visual depictions that are (1) obscene, or (2) child pornography, or, with respect to use of the computers by minors, (3) harmful to minors. The entity must also certify that its policy of Internet safety includes monitoring the online activities of minors. CIPA does not, however, require the tracking of Internet use by any identifiable minor or adult user. Furthermore, CIPA requires that recipients provide reasonable public notice and hold at least one public hearing or meeting to address this proposed policy of Internet safety. 6. In carrying out its certification responsibilities under CIPA, an entity receiving supported services must also adopt and implement, pursuant to section 254(l), an Internet safety policy addressing (i) access by minors to inappropriate matter on the Internet and World Wide Web; (ii) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (iii) unauthorized access, including so-called "hacking," and other unlawful activities by minors online; (iv) unauthorized disclosure, use, and dissemination of personal information regarding minors; and (v) measures designed to restrict minors' access to materials harmful to minors. CIPA also requires that recipients provide reasonable public notice and hold at least one public hearing or meeting to address this proposed Internet safety policy as well. 7. Schools and libraries for which entities knowingly fail to submit certifications pursuant to CIPA are not eligible for discount services until such time as the appropriate entity submits certifications. Schools and libraries that knowingly fail to ensure the use of their computers in accordance with the certifications under section 254(h)(5)(A)(i) and (6)(A)(i) are required to reimburse any funds and discounts received for the period during which they were out of compliance, but may receive discounts for subsequent services after remedying compliance. Under existing law and Commission procedure, the Administrator of the universal service support mechanism for schools and libraries does not provide funds directly to schools and libraries, but rather, provides funds to eligible service providers, who then offer discounted services to eligible schools and libraries. If necessary (as when funds have been incorrectly awarded), the Administrator seeks reimbursement from the service provider. CIPA, however, specifically requires that any reimbursement of universal service funds necessary because of an entity's noncompliance with section 254(h)(5)(A)(i) and (6)(A)(i) shall be made by the school or library. VIII. DISCUSSION A. Constitutionality of CIPA 1. In the Notice, we sought comment regarding effective implementation of CIPA by the Commission. Some commenters state their view that the legislation is facially unconstitutional, because mandatory blocking and filtering of school and library Internet access violates users' privacy rights. Other commenters assert that the statute is constitutional. In general, administrative agencies are to presume that the statutes that Congress directs them to implement are constitutional. We therefore defer to Congress's determination that section 254(h) and (l) is constitutional and comply with Congress's direction to promulgate implementing regulations. A. Timing of Section 254(h) 2. CIPA provides that the effective date of its provisions is 120 days after the date of enactment, i.e., April 20, 2001. Section 254(h) further provides that certifications shall be made "with respect to the first program funding year under this subsection following [the] effective date [of this paragraph], not later than 120 days after the beginning of such program funding year." In any subsequent year, recipients must certify as part of the application process for such program funding year. In the Notice, the Commission stated, "Funding Year 4 of the schools and libraries universal service support mechanism, which begins on July 1, 2001 and ends on June 30, 2002, is the first program year after the effective date. Therefore, the [CIPA] certifications pursuant to section 254(h)(5) and (6) are due on or before October 28, 2001." 3. We adopt our tentative conclusion that Funding Year 4 of the schools and libraries universal service support mechanism, which begins on July 1, 2001, is the first program funding year following the effective date of CIPA, notwithstanding the arguments of many commenters that the first funding year following the effective date is Funding Year 5, which begins July 1, 2002. According to their view, the program funding year begins not with the availability of funds for services starting July 1, 2001, but rather, had already begun with the opening of the filing window for FCC Form 471 on November 6, 2000. Thus, because the application process was already underway at the time of enactment of the statute, these commenters contend, requiring certification in Funding Year 4 would constitute a retroactive application of law, would be burdensome and confusing, and might cause recipients to have to renegotiate or breach contracts. 4. We are not persuaded that Funding Year 5 is the first program funding year following the effective date of the statute. It is well-established in the Commission's rules and in numerous orders that the program "funding year" for the schools and libraries universal service support mechanism starts on July 1, and ends on June 30 of the following year. Although the commenters are correct that the application process begins prior to July 1 of each year, July 1 is the starting date for the funding year because recipients may not receive discounts for services obtained before that date. This conclusion is supported by the instructions to the application form. SLD has published elsewhere that the funding year begins on July 1 of each year. 5. Requiring certifications for Funding Year 4 does not impose an undue burden on recipients. Congress provided that, for Funding Year 4 or any other year that is the first year after the effective date of section 254(h) in which an entity applies for universal service discounts, entities that do not have the Internet safety policy and technology protection measures of section 254(h) in place shall certify that they are "undertaking such actions, including any necessary procurement procedures, to put in place" the required policy and measures. Entities making this certification need not have the required policy and measures in place until the subsequent year. 6. We further disagree with commenters who suggest that requiring certifications for Funding Year 4 is a retroactive application of law because entities had already entered commitments for Funding Year 4 as of the date of the statute. As described above, CIPA clearly requires that entities certify no later than October 28, 2001 for Funding Year 4. Moreover, because entities must certify by that date only that they are undertaking such actions to put in place an Internet safety policy and technology protection measure for Funding Year 5, schools and libraries have ample notice of the statutory requirements. 7. We emphasize that although the statute permits certifications to be submitted by October 28, 2001, for Funding Year 4, schools and libraries must implement the actions required under CIPA before they may receive discounted services. Thus, any school or library that receives discounted services between July 1 and October 28, 2001, must be taking actions to comply with CIPA at the time that it actually receives these services, even though the certification is not due until October 28, 2001. Entities that intend to certify that they have not completed all the requirements of CIPA but are undertaking such actions, including necessary procurement procedures, to complete CIPA's requirements for Funding Year 5, may only receive discounts for Funding Year 4 if they are undertaking such actions by the time they begin receiving services. A. Timing of Section 254(l) 8. Although CIPA establishes a timeframe in which an entity must certify pursuant to section 254(h)(5)(B-C) or (6)(B-C) that it has adopted a policy of Internet safety including a technology protection measure, it does not establish a specific timeframe for certifying that an entity has adopted an Internet safety policy pursuant to section 254(l), nor is there legislative history that suggests a specific timeframe for section 254(l). We must therefore determine what is a reasonable timeframe in light of the statutory context and statutory goals. For the reasons set forth below, we adopt a timeframe for section 254(l) that corresponds with the timeframe set forth in section 254(h)(5) and (6). 9. Although section 254(l) does not specify a particular certification timeframe, it becomes effective by its terms on or after April 20, 2001. Congress also directed that rules be prescribed by April 20, 2001. Moreover, section 254(l) imposes some very similar, if not identical, requirements as section 254(h), and adds other requirements. As explained above, we find that entities must submit a certification required under section 254(h)(5) and (6) no later than October 28, 2001. Because the certification requirements of section 254(h) and (l) are complimentary, and may overlap to a significant degree, we believe the better policy is to adopt the same timeframe for certification for both sets of requirements. Indeed, it is quite likely that a school or library would find that the technology protection measure employed for section 254(h)(5)(B)(i)(III) or (6)(B)(i)(III) would satisfy, at least in part, the requirement in section 254(l). Thus, we agree with commenters that such an approach will minimize the administrative burdens on entities and result in the least confusion for all entities and recipients. We recognize, however, that section 254(l) imposes certain additional requirements beyond those found in section 254(h). For that reason, we adopt a rule that, like section 254(h)(5)(E)(ii) and (6)(E)(ii), affords recipients time in which to put section 254(l) requirements in place. 10. We therefore conclude that entities shall certify, no later than October 28, 2001 for Funding Year 4, that they have adopted the Internet safety policy of section 254(l). Starting in Funding Year 5, entities will be required to make this certification as part of the application process for that funding year. In addition, in Funding Year 4, or any other year that is the first year in which an entity applies for universal service discounts, entities that have not adopted and implemented the Internet safety policy required by section 254(l) shall certify that they are "undertaking such actions, including any necessary procurement procedures, to put in place" the required policy. Entities making this certification are not required to adopt and implement the required policy until the subsequent year. 11. In accordance with our reasoning above, we also conclude that we should adopt waiver rules identical to those found in section 254(h)(5)(E)(ii)(III) and (6)(E)(ii)(III), that shall apply to the certification for section 254(l). If state or local procurement rules or regulations or competitive bidding requirements prevent an entity from making the section 254(l) certification, the entity may comply with the statute by so certifying, and must certify in accordance with our rules that the school or library will be brought into compliance. A. Certification Form 12. In concurrence with the views of the vast majority of commenters, we direct that certifications in Funding Year 4 and subsequent funding years be made on a modified FCC Form 486 ("Receipt of Service Confirmation Form"). In the Notice, the Commission proposed requiring certifications on a modified FCC Form 486 for Funding Year 4, and on a modified FCC Form 471 starting in Funding Year 5. We now are persuaded that utilizing a modified Form 486 is the most efficient and least burdensome means of certification for Funding Year 4 and subsequent years. 13. We believe this conclusion is consistent with the statutory language, which stipulates that schools and libraries may not receive services at discount rates under the schools and libraries support mechanism, unless the required certifications are made on their behalf. The Form 471, however, is completed by applicants for discounted services to indicate specifically those services for which discounts are sought. Applicants completing their Forms 471 are not assured of receiving discounted services, and consequently might not become subject to CIPA requirements. Thus, the Form 486, which is submitted only after SLD has rendered a decision on the application, is more appropriate for CIPA certifications. Schools and libraries will know by the time they submit the modified Form 486 that they will receive discounts, which is not the case at the time of Form 471 submission. By certifying on Form 486, schools and libraries will only have to certify as to CIPA compliance after they are certain of receiving discounted services. 14. Some commenters observe that recipients may submit their Forms 486 prior to the October 28, 2001 certification deadline in the statute. These commenters request that the Commission permit entities to amend their Form 486 certifications up to the October 28, 2001 deadline. We conclude that recipients submitting their modified Forms 486 early may amend the certifications on the modified Form 486, but must submit such amendments for Funding Year 4 postmarked no later than October 28, 2001. Schools and libraries may not, however, receive discounts for services in Funding Year 4 or any subsequent funding year unless they have made the necessary certifications under CIPA on the Form 486. We delegate to the Common Carrier Bureau the authority to make any changes necessary to the Form 486 consistent with this Order. A. Entities Certifying 15. In discussing compliance requirements for schools, CIPA refers both to certifications by a "school, school board, local education agency, or other authority with responsibility for administration of the school," and also to certifications made solely by a "school." As the schools and libraries support mechanism has been implemented, however, applicants may be entities other than individual schools. In addition, it is possible that there may be no individual at a particular school with the responsibility under state and local laws and policies to certify on behalf of a school. Often, the responsible individuals are school district officials or school board members. One proposal to remedy this discrepancy would allow certifications by school districts, rather than schools. Similarly, although CIPA recognizes that waivers may be sought by a "library, library board, or other authority with responsibility for administration of a library," the statute also at times refers merely to certifications made by "a library." Because individual schools or libraries may or may not have the authority to make legally binding commitments, we conclude that the statute permits certifications for schools pursuant to CIPA to be made by the relevant school, school board, local education agency, or other authority with responsibility for administration of the school. We similarly conclude that certifications for libraries pursuant to CIPA may be made by a library, library board, or other authority with responsibility for administration of the library. Consistent with this interpretation and existing support mechanism procedures and policy, we direct SLD to accept CIPA certifications from the Billed Entity on behalf of its component members. 16. In the Notice, we sought comment on which entities may make the certifications required under CIPA, particularly in cases involving consortia. Applicants often include consortia that comprise eligible schools and libraries. We received numerous comments proposing that consortia be given maximum flexibility in determining the best manner in which to certify CIPA compliance for all consortium members. In light of existing procedures involving consortia, we are convinced that having the consortium leader certify that it has received the certifications required by CIPA from individual consortium members is the most efficient and least burdensome method for ensuring compliance with CIPA. 17. We conclude that all members of a consortium receiving discounts for Internet access and/or internal connections must submit signed certifications to the Billed Entity of each consortium on a new form, FCC Form 479 ("Certification to Consortium Leader of Compliance with the Children's Internet Protection Act"), in language consistent with that adopted herein on the FCC Form 486. The Billed Entity shall maintain a file of those certifications. We therefore direct the Common Carrier Bureau, with input from SLD where appropriate, to establish a form in which such members of consortia shall make the required CIPA certifications. The Billed Entity shall certify on the Form 486 that it has received completed and signed certifications from all such members, and shall make such certifications available to the Commission or SLD upon the request of either. 18. We therefore disagree with commenters who suggest that individual consortia members be permitted to certify to the Commission on their own behalf, and also with those who recommend that individual members be required to certify. We conclude that our approach will best ensure full accountability and compliance on the part of all schools and libraries, while minimizing administrative burdens and costs for consortia leaders, individual schools and libraries, and the Commission. We further conclude, in response to commenters' concerns, that because the Billed Entity in a consortium is required to certify only that it has received the signed and completed certifications from the members of the consortium, the Billed Entity is not responsible for verifying that members' certifications are accurate. 19. In addition, we conclude that it would be inconsistent with the statute to penalize the entire consortium if only some members of the consortium fail to comply with CIPA, as pointed out by commenters. We therefore direct SLD to propose to the Common Carrier Bureau, if necessary and in a manner consistent with our directive herein, processes for reimbursement of universal service funds by those members of consortia that are not in compliance. In the event that a member of a consortium is deemed not to be in compliance with CIPA, the authority for that school or library shall reimburse its proportional share of the universal service discounts it has received pursuant to the statute for the period during which the entity was out of compliance with CIPA. If a school or library entity subsequently comes into compliance with CIPA, it will again be eligible for discounts, but not for any period during which it was out of compliance. A. Application of CIPA to Certain Services 20. Section 254(h)(5)(A)(ii) and (6)(A)(ii) states that CIPA only applies to entities receiving "Internet access, Internet service, or internal connections." As we observed in the Notice, the schools and libraries universal service support mechanism supports only telecommunications services, Internet access, and internal connections. We agree with commenters that the plain language of section 254(h)(5)(A)(ii) and (6)(A)(ii) clearly excludes from the requirements of CIPA schools and libraries receiving only telecommunications services. 21. We conclude that the statute does not carve out an exception for computers that access the Internet but cannot access the World Wide Web, as is argued by some commenters. Section 254(h)(5)(B-C)(i) and (6)(B-C)(i) clearly states that CIPA applies "with respect to any of [a recipient's] computers with Internet access . . ." However, systems like those of certain libraries, which connect various computers in different libraries through the Internet but are designed so that they cannot access the World Wide Web or any depictions prohibited by CIPA, may, in effect, constitute the required filtering and blocking required by CIPA. 22. Some commenters request that the Commission exempt from CIPA's requirements computers that are not available to the public, such as computers used solely by school or library staff. They argue that exempting entities from having to install technology protection measures on such computers would reduce recipients' costs. Other commenters, by contrast, contend that CIPA on its face clearly applies to "any of [a recipient's] computers with Internet access . . . ." We agree with the latter view that CIPA makes no distinction between computers used only by staff and those accessible to the public. We therefore may not provide for any exemption from CIPA's requirements for computers not available to the public. Because the statute provides that recipients may disable technology protection measures for adults engaged in bona fide research or other lawful purposes, school and library staff may continue to access all visual depictions necessary for those purposes. To the extent that recipients are concerned about costs associated with maintaining filtering or blocking systems that may frequently be disabled for use by staff, they are encouraged to take such considerations into account when negotiating the purchase or acquisition of technology protection measures. 23. Commenters also express their view that CIPA is in potential conflict with laws governing access at federal depository libraries. Such commenters contend that existing statutes require federal depository libraries to provide free and open access to all citizens of both hard copy and electronic resources regardless of age. As a way of reconciling any potential conflict between statutes, we believe that CIPA's provision for disabling blocking and filtering technology for bona fide research and other lawful purposes should accommodate such concerns. A. Certification Language 24. In the Notice, the Commission proposed that recipients certify by affirming either (1) "I certify that the recipient complies with all relevant provisions of the Children's Internet Protection Act, 47 U.S.C.  254(h)," or, (2) "I certify that the requirements of the Children's Internet Protection Act, 47 U.S.C.  254(h), do not apply." Some commenters express the view that this simple certification should be more specific, in order to prevent inadvertent or intentional non-compliance. We are persuaded that the certification language that we adopt today will better ensure that recipients understand the fundamental requirements of certification. We have incorporated the suggestion of various commenters to allow entities to certify that, although they are not in compliance, they are undertaking such actions, including such necessary procurement procedures, to put the Internet safety policy and technology protection measures in place by the next funding year. Although an entity without the required measures in place could be fully compliant with the provisions of CIPA by undertaking these actions -- and therefore could validly certify that the recipient is "in compliance" under the certification proposed in the Notice -- we are persuaded that having a separate certification option will avoid unnecessary confusion. 25. Some commenters have requested that we require entities to certify to the effectiveness of their Internet safety policy and technology protection measures. However, such a certification of effectiveness is not required by the statute. Moreover, adding an effectiveness standard does not comport with our goal of minimizing the burden we place on schools and libraries. Therefore, we will not adopt an effectiveness certification requirement. 26. A large majority of commenters express concern that there is no technology protection measure currently available that can successfully block all visual depictions covered by CIPA. Such commenters seek language in the certification or elsewhere "designed to protect those who certify from liability for, or charges of, having made a false statement in the certification" because available technology may not successfully filter or block all such depictions. Commenters are also concerned that technology protection measures may also filter or block visual depictions that are not prohibited under CIPA. 27. We presume Congress did not intend to penalize recipients that act in good faith and in a reasonable manner to implement available technology protection measures. Moreover, this proceeding is not the forum to determine whether such measures are fully effective. 28. After careful review, we conclude that the appropriate school or library authority must make the following certification on FCC Form 486: I certify that, as of the date of the start of discounted services (check one): (1) The recipient(s) of service represented in the Funding Request Number(s) on this Form 486 has (have) complied with the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l). (2) Pursuant to the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) undertaking such actions, including any necessary procurement procedures, to comply with the requirements of CIPA for the next funding year, but has (have) not completed all requirements of CIPA for this funding year. (3) The Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), does not apply because the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) receiving discount services only for telecommunications services. 4. A Billed Entity who filed a Form 471 as a "consortium application" and who is also a recipient of services as a member of that consortium must select one of the above certifications. 5. Furthermore, every Billed Entity who filed a Form 471 as a "consortium application" on behalf of consortium members shall make one of the following two certifications: I certify as the Billed Entity for the consortium that I have collected duly completed and signed Forms 479 from all eligible members of the consortium. I certify as the Billed Entity for the consortium that the only services that I have been approved for discounts under the universal service support mechanism on behalf of eligible members of the consortium are telecommunications services, and therefore the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), do not apply. 6. The Form 486 certification section shall also include the following disclaimer: "The certification language above is not intended to fully set forth or explain all the requirements of the statute." A. Disclosure and Information-Gathering Requirements 7. After careful review, we decline to require schools and libraries to publicly post the key requirements of CIPA, the text of the written Internet safety policy adopted, the name of the vendor of the technology protection measure chosen, and instructions on registering complaints. We disagree with commenters that suggest that recipients be required to post this material in a public area, preferably near the Internet computers, and on websites when possible. Commenters argue that this mandated disclosure would inform library patrons and parents of school children about the measures taken to protect against illegal or objectionable content, and would assure that the public would assist in monitoring compliance. 8. The plain language of the statute does not require such disclosures. Congress has not specified what information schools and libraries must disseminate to their relevant communities regarding CIPA implementation choices, and the manner in which they must do so. Because the statute does not require these disclosures, we decline to impose additional burdens on schools and libraries. 9. A few commenters propose mandating that all schools and libraries compile and report specific information about the workings of technology protection measures. Under these proposals, entities would be required, for example, to catalogue (in various categories) the number of attempts made to access prohibited visual depictions, the number of times the technology measure succeeded or failed, and the number of instances where "clearly or arguably appropriate and protected material" was inadvertently blocked or restricted. It has also been proposed that we require all recipients to collect any complaints filed by the public, and make these available. Other commenters oppose these various requirements as not mandated by CIPA, overly burdensome to schools and libraries, and potentially violative of statutory privacy rights of students. Because we concur that these data collection and reporting requirements fall outside the requirements of CIPA, we decline to impose such requirements on recipients. As we have stated previously, we are confident that local authorities will take the appropriate steps to ensure that they have complied with CIPA's requirements. A. Noncompliance Provisions 10. Section 254(h)(5)(A) and (6)(A) specifically prohibits the receipt by schools and libraries of services at discount rates unless such recipients submit certifications as described in section 254(h)(5)(B-C), (6)(B-C), and (l). Moreover, section 254(h)(5)(F) and (6)(F) addresses the consequences to schools and libraries for failure to submit and comply with their certifications. In the Notice, we sought comment on whether rules are necessary to implement these provisions. 11. Schools and libraries for which entities knowingly fail to submit certifications pursuant to CIPA are not eligible for discount services until such time as the appropriate entity submits certifications. Schools and libraries that knowingly fail to ensure the use of their computers in accordance with the certification requirements under section 254(h)(5)(B-C) and (6)(B-C) are required to reimburse any funds and discounts received for the period during which they were out of compliance, but may subsequently receive discounts after remedying compliance. The statute provides that if a school or library has failed to comply with these certification requirements, "[u]pon submittal to the Commission of a certification or other appropriate evidence of such remedy, the [school or library] shall be eligible for services at discount rates under this subsection. Under existing law and Commission procedure, the Administrator of the universal service support mechanism does not provide funds directly to schools and libraries, but rather, provides funds to eligible service providers, who then offer discounted services to eligible schools and libraries. If necessary (as when funds have been incorrectly awarded), the Administrator seeks reimbursement from the service provider. CIPA, however, requires that any reimbursement of universal service funds necessary because of an entity's noncompliance with CIPA shall be made by the school or library. Therefore, in cases in which we find noncompliance with these requirements, we will require the noncompliant school or library to reimburse the universal service support mechanism directly for any discounts received. 12. Section 254(h)(5)(F)(i) and (h)(6)(F)(i) applies by its terms to section 254(l) and therefore a school or library is not eligible for services at discount rates if it knowingly fails to submit the certifications required pursuant to section 254(h)(5)(A) and (h)(6)(A). In contrast, section 254(h)(5)(F)(ii) and (6)(F)(ii), which addresses a school's or library's failure to comply with certification requirements of section 254(h)(5)(B-C) and (6)(B-C), does not by its terms apply to section 254(l) Moreover, section 254(l) does not contain specific statutory language addressing a school's or library's failure to comply with the certification requirements of section 254(l). Section 254(h)(5)(A) and (h)(6)(A), however, specifically states that a school or library "having computers with Internet access may not receive services at discount rates under paragraph (1)(B) unless the school [or library]. . . . (II) submits to the Commission a certification that an Internet safety policy has been adopted and implemented for the school under subsection (l)." Therefore we believe it is necessary to adopt a rule providing for reimbursement in the event of noncompliance, and remedies for failure to comply with the certification requirements set forth section 254(l). This approach is consistent with our analysis and conclusions in paragraphs 16-19 of this Order. We previously found that, given the significant overlap between the certification requirements in section 254(h)(5)(B-C) and (6)(B-C), and 254(l), we should adopt, by rule, timeframe and waiver provisions to apply to the requirements of section 254(l) that are identical to those applicable by statute to the certification requirements of section 254(h)(5)(B-C) and (6)(B-C). 13. Therefore, any school or library that knowingly fails to ensure the use of its computers in accordance with the certification under subsection 254(l) shall reimburse any funds and discounts from the federal universal service support mechanism for schools and libraries for the period covered by such certification. In addition, a school or library may remedy this failure by ensuring the use of its computers in accordance with such certification. Upon submittal to the Commission of a certification or other appropriate evidence of such remedy, the school or library shall be eligible for services at discount rates from the federal universal service support mechanism for schools and libraries. 14. Moreover, we determine that schools and libraries have adequate incentives to comply with the requirements of the statute. Not only would failure to submit or comply with a certification requirement result in the loss of discounted services, but it could also engender concern among library patrons and parents of students at the school. We believe that schools and libraries will act appropriately in order to avoid such outcomes. Thus, it is reasonable to presume that an entity will comply with its certification, and therefore, we will rarely, if ever, be called upon to look beyond that certification. We therefore direct the Common Carrier Bureau, with input from SLD, where appropriate, to develop any necessary procedures to address those instances where an entity fails to comply with its certification. 15. In accordance with these views, we decline to follow the suggestions of commenters to incorporate within our regulations layman's explanations of obscenity, child pornography, and the term "harmful to minors." We decline to amplify the statutory definitions. A. Public Notice and Hearing Requirements 16. Section 254(h)(5)(A)(iii) of CIPA establishes that a school, school board, local educational agency, or other authority with responsibility for administration of the school, shall provide reasonable public notice and hold at least one public hearing or meeting to address a proposed Internet safety policy. Under the parallel provision for libraries, CIPA requires that a library shall provide such notice and such a hearing. Furthermore, section 254(l) requires that schools and libraries adopting the requisite Internet safety policy under that section also provide reasonable public notice and at least one public hearing or meeting to address that proposed policy. 17. Some commenters recommend that entities that have already adopted Internet safety policies need not be required by the Commission to "repeat the process once more" by providing reasonable notice and holding a public hearing. As an initial matter, for reasons of coherency and consistency already explained in this Order, we interpret "library" in section 254(h)(6)(A)(iii) and 254(l)(1) to mean "library, library board, or other authority with responsibility for administration of the library." Similarly, we construe "school" in section 254(l)(1) to mean "school, school board, local educational agency, or other authority with responsibility for administration of the school," rendering that section consistent with other provisions in the statute. 18. If an entity has already provided reasonable public notice and at least one public hearing or meeting relating to an Internet safety policy and technology protection measure that meets the requirements of section 254(h), and also relating to an Internet safety policy that complies with section 254(l), then we conclude that the entity has already complied with the public notice and hearing requirements of CIPA. If an entity has not met those conditions, we conclude that the statute requires that the entity provide the required notice, and hearing or meeting. 19. The public notice and hearing requirement for schools contained in section 254(h)(5)(A)(iii) also states that "[i]n the case of an elementary or secondary school other than an elementary or secondary school as defined in section 14101 of the Elementary and Secondary Education Act of 1965 (20 U.S.C.  8801), the notice and hearing required by this clause may be limited to those members of the public with a relationship to the school." The existing statutory framework in section 254(h) limits discounts to elementary and secondary schools as defined in paragraphs (14) and (25) of section 14101 of the Elementary and Secondary Education Act of 1965. Therefore, it appears that there are no schools eligible for discounted services pursuant to section 254 that would not fall within the definition of the Elementary and Secondary Education Act of 1965. A. Disabling Technology Protection Measures 20. Section 254(h)(5)(D) and (6)(D) permits a school or library administrator, supervisor, or other person authorized by the certifying authority, to disable an entity's technology protection measure in order to allow bona fide research or other lawful use by an adult. A number of commenters, particularly libraries, express concern that each time an adult user requests that the blocking or filtering software be disabled pursuant to these provisions, school or library staff would be required to make a determination that the user was engaging only in bona fide research or other lawful purposes, and staff would then be required to disable the technology protection measure. Many commenters caution that staff would be unable to satisfactorily make such determinations, and that the requirement would render moot existing policies, have a chilling effect on adults' Internet use, and significantly impinge on staff time and resources. We decline to promulgate rules mandating how entities should implement these provisions. Federally-imposed rules directing school and library staff when to disable technology protection measures would likely be overbroad and imprecise, potentially chilling speech, or otherwise confusing schools and libraries about the requirements of the statute. We leave such determinations to the local communities, whom we believe to be most knowledgeable about the varying circumstances of schools or libraries within those communities. A. Universal Service Funding for CIPA Compliance 21. CIPA clearly prohibits recipients from obtaining discounts under the universal service support mechanism for the purchase or acquisition of technology protection measures necessary for CIPA compliance. A number of commenters state their opposition to this statutory prohibition, arguing, for example, that "the legislation should be modified" to allow filtering devices to qualify as eligible services. One commenter proposes "modifying the definition of eligible internal connections to be products and services necessary to transport information permissible under [CIPA] all the way to individual classrooms." Others request that we direct SLD to provide universal service funds to state education and library agencies for costs associated with administrative and outreach activities. 22. We must reject each of these proposals as inconsistent with the plain language of the statute. The statutory language is clear-- no sources of funds other than those available under the Elementary and Secondary Act of 1965 or the Library Services and Technology Act are authorized for the purchase or acquisition of technology protection measures under CIPA. Thus, recipients may not receive universal service discounts for technology protection measures. It is the role of the Commission only to interpret and implement the directives of Congress, and therefore, we have no authority to "modify" CIPA. Nor are we empowered to deem eligible for universal service support other costs associated with implementation of CIPA that are not otherwise eligible under section 254 of the Act. The schools and libraries universal service support mechanism may only provide discounts on telecommunications services, Internet access, and internal connections. V. PROCEDURAL MATTERS A. Effective Date 23. We conclude that the effective date of the rules promulgated in this Order shall be April 20, 2001, which will be less than thirty days after publication in the Federal Register. Although the Administrative Procedures Act normally requires 30 days notice before rules become effective the Commission, for good cause, may make rules effective with less than 30 days notice. We find such good cause based on the shortened time frame imposed by Congress for implementation of CIPA. A. Paperwork Reduction Act 24. The action contained herein has been analyzed with respect to the Paperwork Reduction Act of 1995 (PRA) and found to impose new or modified reporting and/or recordkeeping requirements or burdens on the public. Implementation of these new or modified reporting and/or recordkeeping requirements will be subject to approval by the Office of Management and Budget (OMB) as prescribed by the PRA, and will go into effect upon announcement in the Federal Register of OMB approval. A. Final Regulatory Flexibility Analysis 25. As required by the Regulatory Flexibility Act (RFA), an Initial Regulatory Flexibility Analysis (IRFA) was incorporated in the FNPRM. The Commission sought written public comments on the proposals in the FNPRM, including comment on the IRFA. This present Final Regulatory Flexibility Analysis (FRFA) conforms to the RFA, as amended. 1. Need for, and Objectives of, the Proposed Rules 26. The Children's Internet Protection Act (CIPA), included as part of the Consolidated Appropriations Act, 2001, Pub. L. 106-554, requires the Commission to prescribe regulations in order to implement the legislation. This Order adopts rules that implement CIPA. Eligible school and library authorities must certify (1) that they are enforcing a policy of Internet safety that includes measures to block or filter Internet access for both minors and adults to certain visual depictions, (2) that schools' policies of Internet safety includes monitoring the online activities of minors, and (3) that schools and libraries have adopted and implemented an Internet safety policy under section 254(l). 1. Summary of Significant Issues Raised by the Public Comments in Response to the IRFA 27. The Commission received no comments directly addressing the IRFA. However some comments dispute our estimate that executing the certifications on FCC Form 486 would take approximately one minute. These comments assert that the time requirement was longer due to the preparation and information gathering necessary to make the CIPA certifications. This information gathering is not a requirement imposed upon schools and libraries by the Commission, rather CIPA requires the collection of this data. After considering these comments, we conclude that requiring the certifications as part of the existing FCC Form 486 process is the least burdensome procedure for program participants. 1. Description and Estimate of the Number of Small Entities To Which Rules Will Apply 28. The RFA directs agencies to provide a description of and, where feasible, an estimate of the number of small entities that may be affected by the proposed rules, if adopted. The RFA generally defines the term "small entity" as having the same meaning as the terms "small business," "small organization," and "small governmental jurisdiction." In addition, the term "small business" has the same meaning as the term "small business concern" under the Small Business Act. A small business concern is one that: (1) is independently owned and operated; (2) is not dominant in its field of operation; and (3) satisfies any additional criteria established by the Small Business Administration (SBA). A small organization is generally "any not-for- profit enterprise which is independently owned and operated and is not dominant in its field." Nationwide, as of 1992, there were approximately 275,801 small organizations. "Small governmental jurisdiction" generally means "governments of cities, counties, towns, townships, villages, school districts, or special districts, with a population of less than 50,000." As of 1992, there were approximately 85,006 governmental entities in the United States. This number includes 38,978 counties, cities, and towns; of these, 37,566, or 96 percent, have populations of fewer than 50,000. The Census Bureau estimates that this ratio is approximately accurate for all governmental entities. Thus, of the 85,006 governmental entities, we estimate that 81,600 (96 percent) are small entities. 29. Under the schools and libraries universal service support mechanism, which provides support for elementary and secondary schools and libraries, an elementary school is generally "a non-profit institutional day or residential school that provides elementary education, as determined under state law." A secondary school is generally as "a non-profit institutional day or residential school that provides secondary education, as determined under state law," and not offering education beyond grade 12. For-profit schools and libraries, and schools and libraries with endowments in excess of $50,000,000, are not eligible to receive discounts under the program, nor are libraries whose budgets are not completely separate from any schools. Certain other statutory definitions apply as well. The SBA has defined as small entities elementary and secondary schools and libraries having $5 million or less in annual receipts. In funding year 2 (July 1, 1999 to June 20, 2000) approximately 83,700 schools and 9,000 libraries received discounts under the schools and libraries universal service mechanism. Although we are unable to estimate with precision the number of these entities that would qualify as small entities under SBA's definition, we estimate that fewer than 83,700 schools and 9,000 libraries would be affected annually by the rules promulgated in this Order, under current operation of the program. 1. Description of Projected Reporting, Recordkeeping, and Other Compliance Requirements 30. This Order adopts measures that will result in minimal additional reporting. Specifically, the Order requires eligible schools and libraries receiving federal universal service support for Internet access or internal connections to make one of the following certifications on FCC Form 486: I certify that, as of the date of the start of discounted services (check one) · The recipient(s) of service represented in the Funding Request Number(s) on this Form 486 has (have) complied with the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l). · Pursuant to the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) undertaking such actions, including any necessary procurement procedures, to comply with the requirements of CIPA for the next funding year, but has (have) not completed all requirements of CIPA for this funding year. · The Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), does not apply because the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) receiving discount services only for telecommunications services. 4. A Billed Entity who filed a Form 471 as a "consortium application" and who is also a recipient of services as a member of that consortium must select one of the above certifications. 5. Furthermore, every Billed Entity who filed a Form 471 as a "consortium application" on behalf of consortium members shall make one of the following two certifications: · I certify as the Billed Entity for the consortium that I have collected duly completed and signed Forms 479 from all eligible members of the consortium. · I certify as the Billed Entity for the consortium that the only services that I have been approved for discounts under the universal service support mechanism on behalf of eligible members of the consortium are telecommunications services, and therefore the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), do not apply. 3. The Form 486 certification section shall also include a disclaimer stating that the certification language above is not intended to fully set forth or explain all the requirements of the statute. 4. The Commission adopts rules, which modify FCC Form 486 to include the certification language listed above. This form is already completed on a regular basis, and the modification would merely require the checking of one additional box prior to signing the form. We continue to estimate that it would take no more than one minute to review and check the appropriate certification box. The Commission concludes that this approach would be the most effective procedure for implementation of CIPA's requirements, and the least burdensome to recipients. 1. Steps Taken to Minimize Significant Economic Impact on Small Entities, and Significant Alternatives Considered 5. The RFA requires an agency to describe any significant alternatives that it has considered in reaching its proposed approach, which may include the following four alternatives (among others): (1) the establishment of differing compliance and reporting requirements or timetables that take into account the resources available to small entities; (2) the clarification, consolidation, or simplification of compliance or reporting requirements under the rule for small entities; (3) the use of performance, rather than design, standards; and (4) an exemption from coverage of the rule, or part thereof, for small entities. 6. This certification requirement is legislatively mandated by CIPA. The Commission is attempting to implement this requirement in the most effective and least burdensome manner possible for all entities, including small schools and libraries. Given that a certification is required by the legislation, we considered the alternative of having each school and library submit separate documentation, including the appropriate certification, to the Commission; however, such an approach seemed unnecessarily burdensome, particularly on small entities. In addition, even in light of comments that we underestimated the time required to complete the certification, we still believe that it is less burdensome to certify as part of an ongoing process. The parties' concerns about the time taken to comply with CIPA in order to be able to certify are not at issue here. The Commission's responsibility is to assure the certification of compliance. As discussed above, the Commission concludes that adding the certification requirement to the existing FCC Form 486 process is the least burdensome alternative for implementing the requirements of the CIPA. 7. In reaching this conclusion the Commission also considered, as an alternative, adding the certification language to the existing FCC Form 471. However, the Form 471 is submitted by applicants for universal service discounts, whereas CIPA requires certifications by recipients. Furthermore, entities completing Form 471 are not assured of receiving discounted funds, and consequently might not become subject to CIPA requirements. Therefore we have concluded that Form 486, which is completed only by recipients of services, is more appropriate for CIPA certifications by recipients. Recipients will know by the time they submit the modified Form 486 that they will receive discounts, which is not the case at the time of Form 471 submission. By certifying on Form 486, recipients will only have to certify as to CIPA compliance once they are certain of receiving discounted services. 8. Report to Congress: The Commission will send a copy of this Report and Order, including this FRFA, in a report to be sent to Congress pursuant to the Small Business Regulatory Enforcement Fairness Act of 1996. In addition, the Commission will send a copy of the Report and Order, including this FRFA, to the Chief Counsel for Advocacy of the Small Business Administration. A copy of the Report and Order and FRFA (or summaries thereof) will also be published in the Federal Register. V. ORDERING CLAUSES 9. Accordingly, IT IS ORDERED that, pursuant to the authority contained in sections 1- 4, 201-205, 218-220, 254, 303(r), and 403 of the Communications Act of 1934, as amended, 47 U.S.C.  151-154, 201-205, 318-220, 254, 303(r), 403, section 553 of the Administrative Procedure Act, 5 U.S.C.  553, and the Children's Internet Protection Act, Pub. L. 106-554  1701 et seq. as codified at 47 U.S.C.  254(h) and (l), In the Matter of Federal-State Joint Board on Universal Service, Children's Internet Protection Act, Report and Order in CC Docket No. 96- 45 IS ADOPTED. The collection of information contained within this Report and Order is contingent upon approval by the Office of Management and Budget. 10. IT IS FURTHER ORDERED that, pursuant to the authority contained in sections 1-4, 201-205, 218-220, 254, 303(r), and 403 of the Communications Act of 1934, as amended, 47 U.S.C.  151-154, 201-205, 318-220, 254, 303(r), 403, section 553 of the Administrative Procedure Act, 5 U.S.C.  553, and the Children's Internet Protection Act, Pub. L. 106-554  1701 et seq. as codified at 47 U.S.C.  254(h) and (l), section 54.520 of the Commission's rules, 47 C.F.R.  54.520 IS ADOPTED, as set forth in Appendix C attached hereto. 11. IT IS FURTHER ORDERED that, because the Commission has found good cause, this Report and Order and 47 C.F.R.  54.520, as adopted and set forth in Appendix C, are EFFECTIVE April 20, 2001, which is less than thirty days following publication in the Federal Register. 12. IT IS FURTHER ORDERED that AUTHORITY IS DELEGATED to the CHIEF OF THE COMMON CARRIER BUREAU pursuant to section 0.291 of the Commission's rules, 47 C.F.R.  0.291, to modify, or require the filing of, any forms that are necessary to implement the decisions and rules adopted in this Report and Order. 13. IT IS FURTHER ORDERED that the Commission's Consumer Information Bureau, Reference Information Center, SHALL SEND a copy of this Report and Order, including the Final Regulatory Flexibility Analysis, to the Chief Counsel for Advocacy of the Small Business Administration. FEDERAL COMMUNICATIONS COMMISSION Magalie Roman Salas Secretary APPENDIX A PARTIES FILING COMMENTS Commenter Abbreviation Aftab, Parry American Association of School Administrators AASA American Center for Law and Justice ACLJ American Civil Liberties Union Foundation ACLUF American Library Association ALA Anthe, Charles Appleton, Public Library Ayers, Andrew Brooklyn Public Library Cambridge Community Library Board of Trustees Cambridge Center for Democracy and Technology and CDT/People For the People for the American Way Center, Sue L. Chicago Public Library Chicago Consortium for School Networking and the International CoSN/ISTE Society for Technology in Education Council of Chief State School Officers CCSSC C/W MARS Fletcher, Nancy Funds for Learning FFL Georgia Department of Education Georgia Gibson, Carol Haley, Ed Illinois Library Association Illinois State Board of Education Illinois Internet Safety Association ISA Istook, Jr., The Honorable Ernest J. Rep. Istook Kalamazoo Public Library Kalamazoo Knievel, Michael J. Koeller, Margaret Livonia Public Library Manitowac Public Library Manitowac McFarland Public Library Middleton Public Library Mid-Wisconsin Federated Library System Missouri Research and Education Network National Association of Independent Schools NAIS National Law Center for Children and Families NLC New Jersey Library Association New York Library Association NYLA APPENDIX A (continued) PARTIES FILING COMMENTS Commenter Abbreviation North Boston Library Exchange, Inc. North Carolina Office of Information Technology Services North Carolina Norwood, Scott Office of Information Technology Services Portage Public Library Portage Society for Technology in Education Prairie du Dac Public Library The Library Network Library Network Rusk County Community Library Shorewood Public Library South Central Library State Library of North Carolina Sun Prairie Public Library The Library Network Thomas, Charles West Bend Community Memorial Library Westchester Library System Whitefish Bay Public Library Winkle, Sharon Wisconsin Department of Public Instruction Wisconsin Library Association Wyoming State Library XYZ Public Library APPENDIX B PARTIES FILING REPLY COMMENTS Commenter Abbreviation American Association of School Administrators AASA American Library Association ALA Chicago Public Library Chicago Congressman Ernest Istook Rep. Istook Consortium for School Networking CoSN/ISTE International Society for Technology in Education Donald and Aida Johnson ESniff.com, Inc. Internet Safety Association ISA Michigan Library Association MLA MOREnet National Law Center for Children & Families NLC Southfield Public Schools Michigan Schools & Libraries Herrick District Library Chelsea District Library Shiawassee District Library Bullard Sanford Memorial Library Plymouth District Library Fremont Area District Library Wayne RESA Wisconsin Dept. of Public Instruction APPENDIX C FINAL RULES For the reasons discussed in the preamble, the Federal Communications Commission amends 47 CFR part 54 as follows: PART 54 UNIVERSAL SERVICE Subpart F Universal Service Support for Schools and Libraries 1 The authority citation for part 54 continues to read as follows: Authority: 47 U.S.C. 1, 4(i), 201, 205, 214 and 254 unless otherwise noted. 2 Add  54.520 to subpart F to read as follows:  54.520 Children's Internet Protection Act certifications required from recipients of discounts under the federal universal service support mechanism for schools and libraries. (a) Definitions. (1) School. For the purposes of the certification requirements of this rule, school means school, school district, local education agency or other authority responsible for administration of a school. (2) Library. For the purposes of the certification requirements of this rule, library means library, library board or authority responsible for administration of a library. (3) Billed Entity. Billed entity is defined in  54.500. In the case of a consortium, the billed entity is the lead member of the consortium. (4) Statutory Definitions. The terms "minor," "obscene," "child pornography," "harmful to minors" and "technology protection measure" as used in this section, are defined in the Children's Internet Protection Act  1721(c). (b) Who is required to make certifications. (1) A school or library that receives discounts for Internet access and internal connections services under the federal universal service support mechanism for schools and libraries, must make such certifications as described in subsection (c). The certifications required and described in subsection (c) must be made in each funding year. (2) Schools and libraries that only receive discounts for telecommunications services under the federal universal service support mechanism for schools and libraries are not subject to the requirements 47 U.S.C.254(h) and (l), but must indicate, pursuant to the certification requirements in subsection (c), that they only receive discounts for telecommunications services. (c) Certifications required under 47 U.S.C.  254(h) and (l). (1) Schools. The billed entity for a school that receives discounts for Internet access or internal connections must certify on FCC Form 486 that an Internet safety policy is being enforced. If the school is an eligible member of a consortium but is not the billed entity for the consortium, the school must certify instead on FCC Form 479 ("Certification to Consortium Leader of Compliance with the Children's Internet Protection Act") that an Internet safety policy is being enforced. (i) The Internet safety policy adopted and enforced pursuant to 47 U.S.C.  254(h) must include: (A) A technology protection measure that protects against Internet access by both adults and minors to visual depictions that are obscene, child pornography, or, with respect to use of the computers by minors, harmful to minors. This Internet safety policy must also include monitoring the online activities of minors. (ii) The Internet safety policy adopted and enforced pursuant to 47 U.S.C.  254(l) must address all of the following issues: (A) access by minors to inappropriate matter on the Internet and World Wide Web, (B) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications, (C) unauthorized access, including so-called "hacking," and other unlawful activities by minors online; (D) unauthorized disclosure, use, and dissemination of personal information regarding minors; and (E) measures designed to restrict minors' access to materials harmful to minors. (iii) A school must satisfy its obligations to make certifications by making one of the following certifications required by subsection (c)(1) on FCC Form 486: (A) The recipient(s) of service represented in the Funding Request Number(s) on this Form 486 has (have) complied with the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l). (B) Pursuant to the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) undertaking such actions, including any necessary procurement procedures, to comply with the requirements of CIPA for the next funding year, but has (have) not completed all requirements of CIPA for this funding year. (C) The Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), does not apply because the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) receiving discount services only for telecommunications services. (2) Libraries. The billed entity for a library that receives discounts for Internet access and internal connections must certify, on FCC Form 486, that an Internet safety policy is being enforced. If the library is an eligible member of a consortium but is not the billed entity for the consortium, the library must instead certify on FCC Form 479 ("Certification to Consortium Leader of Compliance with the Children's Internet Protection Act") that an Internet safety policy is being enforced. (i) The Internet safety policy adopted and enforced pursuant to 47 U.S.C.  254 (h) must include a technology protection measure that protects against Internet access by both adults and minors to visual depictions that are obscene, child pornography, or, with respect to use of the computers by minors, harmful to minors. (ii) The Internet safety policy adopted and enforced pursuant to 47 U.S.C.  254(l) must address all of the following issues: (A) access by minors to inappropriate matter on the Internet and World Wide Web; (B) the safety and security of minors when using electronic mail, chat rooms, and other forms of direct electronic communications; (C) unauthorized access, including so-called "hacking," and other unlawful activities by minors online; (D) unauthorized disclosure, use, and dissemination of personal information regarding minors; and (E) measures designed to restrict minors' access to materials harmful to minors. (iii) A library must satisfy its obligations to make certifications by making one of the following certifications required by subsection (c)(2) on FCC Form 486: (A) The recipient(s) of service represented in the Funding Request Number(s) on this Form 486 has (have) complied with the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l). (B) Pursuant to the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) undertaking such actions, including any necessary procurement procedures, to comply with the requirements of CIPA for the next funding year, but has (have) not completed all requirements of CIPA for this funding year. (C) The Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), does not apply because the recipient(s) of service represented in the Funding Request Number(s) on this Form 486 is (are) receiving discount services only for telecommunications services. (3) Certifications required from consortia members and billed entities for consortia. (i) The billed entity of a consortium, as defined in subsection (a)(3) other than one requesting only discounts on telecommunications services for consortium members, must collect from the authority for each of its school and library members, one of the following signed certifications on FCC Form 479 ("Certification to Consortium Leader of Compliance with the Children's Internet Protection Act"), which must be submitted to the billed entity consistent with subpart (c)(1) or subpart (c)(2) above: (A) The recipient(s) of service under my administrative authority and represented in the Funding Request Number(s) for which you have requested or received Funding Commitments has (have) complied with the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l). (B) Pursuant to the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), the recipient(s) of service under my administrative authority and represented in the Funding Request Number(s) for which you have requested or received Funding Commitments is (are) undertaking such actions, including any necessary procurement procedures, to comply with the requirements of CIPA for the next funding year, but has (have) not completed all requirements of CIPA for this funding year. (C) The Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), does not apply because the recipient(s) of service under my administrative authority and represented in the Funding Request Number(s) for which you have requested or received Funding Commitments is (are) receiving discount services only for telecommunications services; and (ii) The billed entity for a consortium, as defined in paragraph (a)(3), must make one of the following two certifications on FCC Form 486: (1) "I certify as the Billed Entity for the consortium that I have collected duly completed and signed Forms 479 from all eligible members of the consortium."; or "(2) I certify as the Billed Entity for the consortium that the only services that I have been approved for discounts under the universal service support mechanism on behalf of eligible members of the consortium are telecommunications services, and therefore the requirements of the Children's Internet Protection Act, as codified at 47 U.S.C.  254(h) and (l), do not apply."; and (iii) The billed entity for a consortium, as defined in paragraph (a)(3), who filed a FCC Form 471 as a "consortium application" and who is also a recipient of services as a member of that consortium must select one of the certifications under subsection (c)(3)(i) on FCC Form 486. (d) Failure to provide certifications. (1) Schools and Libraries. A school or library that knowingly fails to submit certifications as required by this section, shall not be eligible for discount services under the federal universal service support mechanism for schools and libraries until such certifications are submitted. (2) Consortia. A billed entity's knowing failure to collect the required certifications from its eligible school and library members or knowing failure to certify that it collected the required certifications shall render the entire consortium ineligible for discounts under the federal universal service support mechanism for school and libraries. (3) Reestablishing eligibility. At any time, a school or library deemed ineligible for discount services under the federal universal service support mechanism for schools and libraries because of failure to submit certifications required by this section, may reestablish eligibility for discounts by providing the required certifications to the Administrator and the Commission. (e) Failure to comply with the certifications. (1) Schools and Libraries. A school or library that knowingly fails to ensure the use of computers in accordance with the certifications required by this section, must reimburse any funds and discounts received under the federal universal service support mechanism for schools and libraries for the period in which there was noncompliance. (2) Consortia. In the case of consortium applications, the eligibility for discounts of consortium members who ensure the use of computers in accordance with the certification requirements of this section shall not be affected by the failure of other school or library consortium members to ensure the use of computers in accordance with such requirements. (3) Reestablishing compliance. At any time, a school or library deemed ineligible for discounts under the federal universal service support mechanism for schools and libraries for failure to ensure the use of computers in accordance with the certification requirements of this section and that has been directed to reimburse the program for discounts received during the period of noncompliance, may reestablish compliance by ensuring the use of its computers in accordance with the certification requirements under this section. Upon submittal to the Commission of a certification or other appropriate evidence of such remedy, the school or library shall be eligible for discounts under the universal service mechanism. (f) Waivers based on state or local procurement rules and regulations and competitive bidding requirements. Waivers shall be granted to schools and libraries when the authority responsible for making the certifications required by this section, cannot make the required certifications because its state or local procurement rules or regulations or competitive bidding requirements, prevent the making of the certification otherwise required. The waiver shall be granted upon the provision, by the authority responsible for making the certifications on behalf of schools or libraries, that the schools or libraries will be brought into compliance with the requirements of this section, before the start of the third program year after April 20, 2001 in which the school or library is applying for funds under this title. (g) Funding year certification deadlines. (1) Funding Year 4. For Funding Year 4, billed entities shall provide one of the certifications required under subsection (c)(1), (c)(2) or (c)(3) to the Administrator on an FCC Form 486 postmarked no later than October 28, 2001. (2) Funding Year 5 and subsequent funding years. For Funding Year 5 and for subsequent funding years, billed entities shall provide one of the certifications required under subsection (c)(1), (c)(2) or (c)(3) in accordance with the existing program guidelines established by the Administrator.