Just posted a reply (reproduced below for your reading convenience) to this article by ZDNet's Christopher Dawson.
Your article is very informative and highlights a key oversight by Zeeland. However, your assertion that:
"Most CIPA-compliant systems can filter off-campus devices through a simply proxy setup which can be pushed to iPads through the MDM system mentioned above."
is not correct. MDM systems will allow you to setup a proxy only when the device is on WiFi networks that you manage. Off-network proxy setting is possible if you setup a VPN, but turning off VPN is as easy as selecting Settings > VPN > OFF.
Companies like Mobicip and Lightspeed offer an alternate browser on iOS devices. By setting up this alternate browser and turning off Safari, you can ensure that the kids are offered safe browsing on any network. This is a limitation of the iOS platform and SDK, and Apple has its own justifiable reasons to keep it that way.
The alternate safe browser is a "good enough" solution to the problem, but it does mean turning off Safari and losing some of the conveniences (like weblinks on the home screen, links from emails opening in Safari etc.). So schools end up weighing the pros and cons and some decide to go one way or another. Zeeland obviously took the risky option and ended up being burned by it.
I would fault the school administration for not communicating the hazards and possible workarounds (many schools simply recommend that parents install Mobicip, which is available as a retail product through the App Store), but I think the administration would have been smart enough to setup a proxy through the MDM if at all that was possible. If only the options were that simple...
Thanks for bringing attention to this issue, though.