John A. Coates, P.E., Administrator Wastewater Compliance Evaluation Section, Office of Wastewater Management Florida Department of Environmental Protection Florida’s Electronic Discharge Monitoring Report (EDMR) System Preserving Data Credibility
Present paper based system... ~4,500 individually permitted wastewater facilities 3 parts to DMRs Part A, Summary statistics Part B, Daily Values Part D, Groundwater wells
... can be burdensome! Implementation Approach Specify Functionality balance technology vs. administrative process reduce unforeseen risks by keeping control within system build in administrative controls enfoTech & Consulting, Inc.
System Description... Web-enabled “Thin Client” application X.12 EDI protocol text file Data encryption during Internet submission Registered Users with access control via user names and passwords PIN-based electronic signature for submitters
Registration Process... “Who are you?” Existing legacy system tracks permittees & “Authorized Representatives” Notarized Application Forms for: Permittee request for permit modification & designation of “Viewers” or “Certifiers” Electronic Signature Agreement for Certifiers
Registration Process... “PINs & Electronic Signatures” “Electronic Signature Act of 1996,” in Part II, Chapter 282, F.S. (§ , F.S.) Confidentiality & PIN compromise issues addressed in ESA and minor permit revision Preliminary (non functional) PIN issued via certified mail in confidential envelope Certifiers obtain Functioning PIN via system (being built)
EDMR Status “Ready, Set, Verify, Go” Initial Trial Status Review period during which paper DMRs are submitted for “verifying” file compatibility & accuracy Information is not automatically transferred to legacy system Functions for suspension, etc. Manual status changes and historical tracking Automatic after repeated failures in password or PIN entry
Submission Process “Mail that Report” SSL encrypted connection Steps File selection PIN entry (& verification) Required Check for Certification Statement Submit Enhanced Certification Statement “Return Receipt” submittal response (being added)
EDMR Submission Logs “While you were submitting...” EDMR Submission Log user name, password, PIN submission date/time for File Selection, Submit, Received, & Acknowledgement Sent. IP address captured and stored Checksum
Copy of Record “While you were submitting...” Copy of Record X.12 EDMR file self-monitoring data limits/requirements Submission Log (with forensic information)
EDMR Storage and Access “The EDMR Afterlife...” X.12 EDMR file stored as Binary Large Object in Oracle 8i Processed for online viewing and data transfer EDMR Status/error messages and human readable views/download provided Revisions allowed, but, each submission maintains records of revisions
Database Functionality... “enhancing credibility” PIN & Password instances encrypted Database constraints set to “Insert Only” for Key fields submission file (X.12) password, PIN, & checksum rest of Submission Log Audit Trail feature records any changes to selected tables/fields
Fundamentals for Credible and Enforceable Data Authentication Report Integrity Nonrepudiation
Authentication Identifying the Submitter Reliance on Notary laws Person must be permittee or authorized representative ESA and Permit confidentiality requirements Functional PIN issuance procedure preface to certification statement forensic data (e.g., IP address)
Report Integrity Securing the Data During Transmission SSL and TCP/IP protection during transmission Capturing Checksum as received After Receipt general system security Department roles database design (e.g., Insert Only and Audit Trail features) Permanent Copy of Record
Nonrepudiation Verifying Intent Design of Submission Steps Proximity of PIN to Certification statement Certification statement language System requires active “check” of Certification statement for each submission to demonstrate intent to be bound by the content of the data “Data” file includes data & limits
Demonstrating Credibility “The Persuasive Expert” Well documented system design and operating procedures Generation of Log Reports System Access Electronic Signature Submission Record Integrity Report reproduces copy of record compares original checksum with current provides related Audit Trail records
Summary Credible Data ? Administrative (procedural) & technological solutions reduce unforeseen risks Reasonable to build, implement & maintain Contacts or questions