Agriculture builds secure system for ethics reports
Agriculture builds secure system for ethics reports
USDA's executive-level employees can now file public and confidential financial reports via the Web
By Tony Lee Orr
The Agriculture Department's Senior Executive Service employees who are required to file an annual public financial disclosure report can now use an interactive program to complete the form online.
Agriculture employees can access interactive public financial disclosure forms through the Ethics Office Web site, at www.usda.gov/ethics.
Some 650 executive-level staff members and political appointees received e-mail notices in March that the online service is available via a secure connection to the National Finance Center in New Orleans, said John Surina, Agriculture's Office of Ethics director.
This fall the office will offer a similar capability to approximately 17,000 high-level general service employees who must file a confidential financial disclosure report, Surina said. Agriculture employs about 100,000 workers, he said.
When Surina approached the independent Office of Government Ethics to propose putting the reports online, it agreed with the plan and added a couple of stipulations, he said.
It recommended limiting the use of the application to current Agriculture employees scattered from rural county extension offices to foreign countries and requiring filers to print, sign and mail in the form after online completion until electronic filing wins approval, Surina said.
Surina looked at what other agencies had available.
'But we found that there was no standard desktop suite within the department,' Surina said. 'We had to create three versions.'
The agency offered its Public Financial Disclosure form online in Corel Quattro Pro, Lotus 1-2-3, and Microsoft Excel spreadsheet formats.
Then, Agriculture borrowed an idea from the Energy Department, which uses the Adobe Portable Document Format for some files, Surina said. But some Agriculture employees were intimidated by using the Adobe Acrobat reader with the PDF files. The reader lets users input information but won't store it.
'It was really an ugly solution,' Surina said of the four options.
He and others continued kicking around the technical challenge.To the drawing board
'Then we started looking to the Web,' Surina said. 'It has easy access, and it's more friendly, but security became an issue.'
The office turned to the National Finance Center because of its reputation of securely maintaining private records, Surina said.
The center serves as paymaster to more than 450,000 federal employees working in 100 departments and agencies. NFC also hosts a Web page, allowing workers whose agencies employ the center as paymaster to access their payroll records using a personal identification number, Surina said.
More than 87,000 federal workers take advantage of the center's Personal Page feature, he said.
A la mode
In a review of agency security programs, consulting company Input of Vienna, Va., found that spending varied widely last year.
New Technology Management Inc., the designer of Agriculture's Ethics Web site, did all the front-end programming for the online form and designed the page layout. The Winchester, Va., company gave the layout the same look as the office's site, said Leine Whittington, a company contractor working in the USDA Ethics Office.
The front-end work was completed in about 45 hours using straight Hypertext Markup Language programming, Whittington said.
The center then completed the back-end work, providing the same security measures it provides for its Personal Page payroll records, Surina said.
Agriculture employees who choose to use the online system access it through the Ethic's Office Web site, at www.usda.gov/ethics
. A link sends them to the center's secured server.
The center's Web team developed the application using Microsoft Internet Information Server 4.0 and Microsoft Active Server Pages Version 2.0. It accesses an Oracle8 database, said Steve Cunningham, chief of the Web branch at the National Finance Center.
The application server farm uses dual-processor Compaq ProLiant 3000 servers running Microsoft Windows NT 4.0. The database server is a four-processor Compaq ProLiant 6000 running NT 4.0, he said. The center has plans to migrate the database to a Unix platform.
Security is provided in part by the Secure Sockets Layer's 128-bit public-key encryption, he said.
When an employee signs up for the service, a personal identification number is sent to the user's home based on information already on file at the center, Surina said.
To access the Personal Page after signup, users must have a Java-enabled Web browser, the site instructs.Sure and secure
'Whether your browser has 40-bit or 128-bit encryption, your data is protected automatically at the 128-bit level because of the Global Server Certificate that is installed at our site,' the site states. 'This certificate can convert 40-bit browsers, while communicating with our site, to 128-bit access level.'
The idea of filling out the forms online is already catching on. 'People from other agencies have called the center wanting to get in on it,' Surina said.
Now the goal is to turn the filing system into a totally digital method of filing the reports, Surina said. That move should come as soon as digital signatures are more accepted, he said.