Seems like some people disagree with this interpretation: https://twitter.com/N805DN/status/835945815227138048

AIUI CIPA doesn't require MITM but most schools interpret it that way.

Most (private) schools in my area do not interpret it to require MITM. We specifically want to avoid MITM because it's a can of worms we don't want opened. We rely instead on SNI-based filtering systems, which work well for the most part. I'm using TLS 1.3 in Firefox Nightly with no issues.

>> content filtering is a requirement for the FCC's E-Rate program in which the government pays some of the cost of the school's internet connection.

I'd be interested to see the cost of compliance versus the subsidy. The federal government puts an awful lot of strings on financing for schools given the relatively low percentage of overall funding they pay.

I'd like to see some state somewhere turn down the money and see what they can do with the extra flexibility.

IIRC the E-Rate program is a high double digit by percentage subsidy, such that Wireless ISPs will lose business by not having an E-Rate certification because the school will just stick with polky, 6mbps DSL for their 200+ kids at a rural school.

Of course they have a choice. It's not very princinpled to sell your children's online privacy in exchange for some "grant" money going to an oppressive-dictatorship supporting company like BlueCoat.

(Also it's possible can do server address based blocking without MITM)

Sure, it's possible, if you're willing to blanket block all sorts of elastic IP ranges such as all of AWS.

You can do it based on DNS.

Could they try to find an alternative source of funds (as the San Francisco Public Library did), or adopt an interpretation of CIPA under which they don't have to use this particular feature?