Cyber-Rights Groups Urge Federal Agency to Stay Out of Blocking Software Battle

FOR IMMEDIATE RELEASE

NEW YORK–The American Civil Liberties Union, Electronic Privacy Information Center and Electronic Frontier Foundation today urged the Federal Communications Commission not to get involved in judging whether libraries are in compliance with a new law requiring them to install blocking software on public Internet terminals.

In formal comments sent this afternoon to the agency, the groups also urged the FCC to give libraries more time to comply with the new rule before having to forfeit the much-needed funds that are tied to the federal blocking software requirement.

The groups opposed the law’s passage and are now preparing a legal challenge which they expect to file next month. But in the meantime, the groups said, “we recognize the FCC’s statutory obligation” to formulate implementing regulations to the “Children’s Internet Protection Act,” and “therefore provide these comments.”

The comments follow.

###

February 15, 2001

Ms. Magalie Roman Salas
Office of the Secretary
Federal Communications Commission
445 12th Street, S.W.
Washington, D.C. 20554

Re: Notice of Proposed Rule
Federal State Joint Board on Universal Service
CC Docket No. 96-45, FCC 01-31

Dear Ms. Salas:

We are writing on behalf of the American Civil Liberties Union (ACLU), the Electronic Frontier Foundation (EFF) and the Electronic Privacy Information Center (EPIC) to comment on the issues raised by the Commission’s Notice requesting comment on proposed regulations concerning the Children’s Internet Protection Act (CHIPA). 66 Fed. Reg. 8374 (proposed January 31, 2001). In our view, CHIPA itself is facially unconstitutional. We anticipate filing a lawsuit to have portions of the law declared unconstitutional. However, we recognize the FCC’s statutory obligation under CHIPA, and therefore provide these comments.

Paragraph 3 of the Notice requests comment on the language of the certification required by CHIPA. A strong argument could be made that no certification should be required at all until Year 5, rather than Year 4. However, even if Year 4 certification is required, it is our view that the proposed abbreviated certification is insufficient. First, many recipients may be unaware of the distinction made in CHIPA between libraries that now use “technology protection measures” and those that do not. They may not know that the latter need not install such measures in the first applicable year. Many recipients do not have large legal staffs that monitor statutory enactments, much less federal regulations. There has been widespread publicity to the effect that CHIPA will require installation of blocking software. The Commission’s proposal could have the effect of fostering this confusion and leading recipients to believe that they must install such measures immediately. However, the language of the statute requires that recipients who do not currently use technology protection measures install such measures in the second applicable year not the first. In our view, the certification language should make this clear.

Second, there may be recipients schools that have not yet decided what actions to take with regard to this law. The decision-making process has been abbreviated by the short time-lines in CHIPA. More specifically, although the Notice suggests that the first certification will not be due until October, it is our understanding that many libraries submit the Form 486 earlier in order to receive funds more quickly. This time period does not make it possible for all recipients to fully evaluate all of their options under CHIPA. However, by not requiring installation of technology measures in the first year, CHIPA obviously intended to allow recipients sufficient time to evaluate their options and make an intelligent, knowledgeable decision about whether to install such measures and, if so, what measures to install. In our view, the FCC should make it clear that it would constitute compliance with the certification requirement if a library or school that does not now use such measures were to accept the e-rate funding in the first year while examining the viability and utility of such measures, and yet still decide to decline to apply for e-rate funding in the second year.

Thus, in our view, the certification for libraries and/or schools that do not now utilize such measures should be “I certify that the recipient does not now utilize technology protection measures as defined in the Children’s Internet Protection Act, 42 U.S.C. §254(h), and that in the following year we either will comply with the Act, will not seek applicable funds for that year, or will seek the waiver permitted by the Act.”

Paragraph 5 of the Notice requests comment on the form of compliance certification to be used by consortia. In our view, the guiding principle should be ease of application. The consortia should be given the option of either certifying on behalf of members or of permitting members to individually certify to the Commission. Moreover, lack of compliance by one member of a consortia should not result in loss of funds to other consortia members.

Paragraph 7 of the Notice requests comment on enforcement procedures. In our view, the enforcement process raises several issues, both procedural and substantive. First, a recipient should not be considered to have failed to submit a certification until final date for the submission of the Form 486 for the relevant year (even if the Form 486 is in fact submitted earlier than the final date). However, if for subsequent years, the Commission adds the certification to earlier forms, such as the Form 471, and that portion of the form is not signed by the recipient, the Commission should be required to give individual notice to the recipient of the need to have such certification in the Form 486 and failure to certify on the Form 471 should not be fatal. Even if the certification is not contained in the Form 486, upon receipt of such a form, the Commission should be required to give individual notice to the recipient of that failure and the recipient shall be given 60 days to cure without loss of funds.

Neither the CHIPA nor the Notice indicate whether the Commission will assume responsibility for determining whether the “technology protection measure” chosen by the recipient is sufficient under the Act. All three standards (obscenity, child pornography, and harmful to minors) are legal terms of art to be determined by a relevant local court and not by the Commission. Accordingly, the Commission should play no role in determining what Internet speech fits into these categories and the regulations should explicitly reject that role.

Even if the Commission refuses to determine the standards, the question will arise whether the Commission, on its own initiative or upon receipt of a complaint, will determine the validity of the “technology protection measure.” In other words, will the Commission determine, for example, that Product A, if used, will constitute compliance and Product B, if used, will not constitute compliance? In our view, the Commission should make explicit that it will not receive or act upon complaints that any technology measure chosen by a recipient is insufficient to constitute compliance.

If the Commission believes it must either on its own initiative or upon complaint review the adequacy of a recipient’s “technology protection measure,” then the Commission should issue specific draft regulations concerning those measures and allow time for public comment on those regulations. At a minimum, those regulations must permit an evidentiary hearing and place the burden on the Commission to prove that the measure adopted does not constitute compliance and that measures exist that do constitute compliance.

Finally, in Section 4 of the Notice, the Commission estimates that compliance would take only one minute, emphasizing the time to actually sign the certification. That, of course, ignores the considerable time that will be required to ensure that the certification is correct. The estimate should be revised to reflect that in order to ensure that certification is correct, the Commission estimates it make take the equivalent of several weeks of full-time work by certifying authorities.

Sincerely,

Christopher A. Hansen
Ann Beeson
AMERICAN CIVIL LIBERTIES UNION FOUNDATION

David Sobel
ELECTRONIC PRIVACY INFORMATION CENTER

Lee Tien
ELECTRONIC FRONTIER FOUNDATION