ISTE

   Washington Notes

WASHINGTON NOTES
News of U.S. educational technology policy and legislation
Compiled and edited by Leslie Harris, Jee Hang Lee, and Ghani Raines.
© ISTE, 2000.
If you use excerpts, credit ISTE.


January 2000 Contents

-------------------------------


To Top Final Numbers on 0.38% Budget Cut
-------------------------------

OMB and the Department of Education (ED) have finalized the rescission of the 0.38% cut required by the FY2000 omnibus appropriations bill. Title III experienced a cut of $2.855 million, with money coming from Technology Innovation Challenge Grants and the Star Schools Programs. Overall, the ED reduction totaled $108.643 million.

In broad categories this cut comes from the following:

  • Reduction in ED salaries and expenses: $250,000.
  • Reduction of 7.5% in earmarked programs (225 earmarks were reduced): $14.31 million.
  • Reduction in non-earmarked program funding: $94.083 million.

Cuts in non-earmarked programs
Impact aid. $3.8 million from the heavily impacted district part (-5%)

Pell Grants. $60.283 million (-0.78%). Due to an increased funding surplus from past years, which will be used in FY2000, this cut in Pell Grant Budget Authority will have no impact on the maximum award (still $3,300) or any other program aspect. The total Pell program level will remain at $8.067 billion. The $60.383 million cut is totally offset by an identical increase of $60.283 million in prior year funding surplus to be used in FY2000.

ESEA Title VI. $14.25 million (-3.75%). This is the maximum ED could have taken from Title VI, because FY2000 BA equaled $95 million, while the remainder of the program is advanced funded as FY2001 BA. Thus, the $14.25 million equals the maximum 15% that a program’s FY2000 BA can be cut.

SAFE and Drug-Free Schools State Grants. $5.75 million (-1.3%). The Department states that it made this cut because evaluations demonstrate that the current practice of allocating funds by formula to all LEAs spreads the funds “too thinly to have a significant impact on drug prevention efforts in most of the districts.”

Total Cuts
In total, counting cuts to earmarks, the following 20 programs are the ones with rescissions:

  • Technology Innovation Challenge grants: $2.405 million
  • Star Schools: $450,000
  • 21st century community learning centers: $333,000
  • Impact aid payments for heavily impacted districts: $3.8 million
  • Impact Aid construction: $248,000
  • ESEA Title VI: $14.25 million
  • Safe and Drug-Free Schools State grants: $5.75 million
  • IDEA Research and Innovation: $75,000
  • IDEA Technical Assistance and Dissemination: $75,000
  • IDEA Personnel Preparation: $187,000
  • IDEA Technology and Media Services: $113,000
    (Total IDEA National Activities: $450,000)
  • Vocational Rehabilitation Demonstration and Training programs: $420,000
  • Vocational Rehabilitation Recreational Programs: $75,000
  • Vocational Rehabilitation National Institute on Disability and Rehabilitation: $38,000
  • Pell Grants: $60.283 million
  • Fund for the Improvement of Postsecondary Education: $3.409 million
  • Learning Anywhere Anytime Partnerships: $671,000
  • Fund for the improvement of Education: $5.661 million
  • Civic Education: $150,000
  • Departmental Management, program administration: $250,000


To Top COPPA: What it Means for Schools and Libraries

Congress passed the Children’s Online Privacy Protection Act on October 23, 1998. The Act is intended to protect the privacy of minors using the Internet by requiring parental consent for collection of personally identifiable information. The Act was largely in response to growing concerns that commercial entities were collecting information from children online and using that information for targeted marketing without the knowledge or consent of parents.

The Act required the FTC to issue regulations implementing the COPPA provisions. The FTC Rule was issued in late 1999, and goes into effect on April 21, 2000.

What the Rule Says:
Simply put, the Rule requires that:

Commercial

  • Commercial Web sites and online services (“Web sites”) that are targeted to children or which have actual knowledge that they are in contact with a child under the age of 13 obtain verifiable parental consent if they collect any personally identifiable information from the child (or information that could be linked to personally identifiable information);
  • These for-profit Web sites and online services place their information collection, use, and disclosure practices prominently on their Web site;
  • Parents must then be given the opportunity to review and delete information about their children;
  • Web sites that collect information for one-time use only and do not archive it are not required to get parental consent.
  • Web sites that collect information that is not personally identifiable (e.g. demographic information) are not required to seek parental consent.
  • Subscriptions that require an e-mail address (such as a newsletter) or other more than “one-time” contacts are not required to get prior parental consent; however, parents must be notified and given the opportunity to “opt-out” their children from the subscription.

Noncommercial

  • Noncommercial Web sites, such as those run by schools, libraries, advocacy organizations and community groups are not covered by the Rule. For example, a noncommercial site requiring an e-mail address sign up for a newsletter (such as a Planned Parenthood newsletter) would not need to notify parents at all, while a newsletter from Sports Illustrated for Kids would be required to notify parents and give them the ability to opt their children out of the service. Similarly, a noncommercial homework help line (such as Kids Connect, run by a division of the American Library Association) would not need to notify parents if they collect personally identifiable information from a child, but a commercial service (such as infoplease.com’s Homework Helper) would be required to provide parental notification before such a collection. However, it is not clear whether the Rule applies to commercial activities by non-profit organizations.
  • The Rule’s parental consent requirements only apply to situations where a site is requesting information from the child: to participate in a game or send a prize; enter a chat room, become an online pen pal; set up a Web site for the child or to otherwise engage in marketing to the child or disclosure to third parties. Thus, not every visit to a commercial site targeted to children is covered by the Act. The law is aimed at limiting the disclosure of personally identifiable information, not limiting children’s access to information on these sites.

For two years, the Rule provides a “testing” phase with regards to what verifiable parental consent means. While a variety of verification techniques will be permitted—including phoned, faxed, mailed, e-mailed, and credit-card verified responses—a sliding scale will be introduced, meaning that only some disclosures require the more secure forms of parental verification.1 These include chat rooms, message boards, and disclosures to third parties. The FTC is examining other possibilities, such as digital signatures, for future use.

One final note: operators of Web sites or online services collecting information are responsible for collecting the information. Intermediary online services or Web sites that serve as a conduit are not responsible. For example, ISPs and other service providers (such as schools and libraries) are not responsible if a child goes through them to a service or site that violates the child’s privacy.

What the Rule Says and Doesn’t Say About Obtaining Parental Consent in a School Setting

The Rule very clearly applies to all commercial (i.e., engaged in a for-profit activity) online services and Web sites, even if they are educational, regardless of whether they are being used by students in a home setting or in a classroom. In a home setting, the obligations of such sites and services are relatively clear; parental consent is generally required if any personally identifiable information will be collected, and parents must be notified of the collection practices as outlined above.

The Rule is less clear, however, on the obligations of either the online commercial services or Web sites being accessed in a classroom or school library setting or of the school itself. The rule does not require covered sites to obtain consent directly from parents before collecting personally identifiable information from students. Instead, the rule says:

…[T] he Rule does not preclude schools from acting as intermediaries between operators and parents in the notice and consent process, or from serving as the parents’ agent in the process. For example, many schools already seek parental consent for in-school Internet access at the beginning of the school year. Thus, where an operator is authorized by a school to collect personal information from children, after providing notice to the school of the operator’s collection, use, and disclosure practices, the operator can presume that the school’s authorization is based on the school’s having obtained the parent’s consent.2

This provision addresses the obligation of the operator. They can simply ask the school for consent and presume it reflects the parent’s wishes. The Rule is silent as to what the school ought to do. It appears to permit the school to simply choose not to get in the business if providing consent and decline the opportunity to “act… as intermediaries between operators and parents.” Alternatively, the school could choose to “serve as the parent’s agent” and give consent, for example after getting blanket consent for the year or in each instance—from a parent. However, our reading of the language does not suggest such an obligation.

The regulations also provide no guidance on how the rule will actually operate in a school setting. How will a Web operator know whether the children on its site are in a school setting? If the operator does have that knowledge, how will the operator know whom to contact in order to get consent from the schools? And what resources will be necessary in schools to deal with consent requests. Finally, if a school declines to get in the middle between parents and schools, what action should a site take? These questions are left unanswered by the Rule.

The FTC does intend to “provide guidance to the educational community” regarding the protection of children’s’ privacy in a future clarification of the Rule—hopefully before it goes into effect in April. It is critical that the school community come together on a position that minimizes the burden on students and schools.

A final note: the “presumption” language only covers schools and school libraries. Public libraries are not covered. Children accessing the Web in public libraries are treated as if they are at home—which means they must get parental consent before providing personally identifiable information to covered sites and online services.

Endnotes

1 In general, credit cards, signed and mailed consent forms, and call-in verifications are considered fairly secure, while e-mail is considered fairly insecure, unless it is accompanied by an additional source of authentication, such as a PIN code or password obtained through a more secure method.

2 Federal Register, Vol. 64, No. 212, p.59903.

 

Prepared by Leslie Harris, Jee Hang Lee, and Ghani Raines
On behalf of the International Society for Technology in Education.