Allied Issues in e-Governance

One day Mr. Indian decides to move from a small village of Nainital, a hill station at the foothill of the Himalayas, to business capital Mumbai in the western region of India.

NAINITAL

The answer to all his questions and queries is

“e-GOVERNANCE”

e-Governance

e-Governance is no more and no less than governance in an electronic

environment. It is both governance of that environment and governance

within that environment, using electronic tools (Zussman, 2002).

Goals of e-Governance

The goals of e-Governance are: better service delivery to citizens Ushering in transparency and

accountability Empowering people through information Improved efficiency within Governments Improve interface with business and

industry.

Revolution through e-Governance

State Bank of India and Bharti Airtel had partnered to enable money remittance over mobile phones in 2007. The intent was to enable individuals’ access to the benefits of a full range of financial services regardless of socio economic level or geographical location using the ubiquity and ease of mobile communications.

This programme would enable global Indians to easily and securely send remittances to their dependents, many of whom didn’t have bank accounts.

The project was piloted in a small Himalayan village of District Pithoragarh in state of Uttarakhand has seen the tremendous results in that unbanked village.

News Headlines

Petrol pumps to go Hi-Tech in country” (Mumbai Mirror, 3 September, 06)

“Use the mouse to visit under trials: Arthur road jail will install online system to enable relatives to get appointments” (Sunday times of India, Mumbai, September 23, 2006)

“State police get net savvy, interrogate accused on webcam” (Times of India, 23 Sept, 2006)

“E-filing cases in apex court of India from 2 Oct 2006”

Attaining e-Governance

India is moving towards achieving e-Governance which can usually be attained in four steps:

Information or Cataloguing,

Transaction,

Vertical Integration, and

Horizontal integration.

Issues & Challenges in E-Governance

ISSUES

Technical

Privacy

Securities

Social

Infrastruct-ure

Accessibility

Usability and

Acceptance

Political will Power

Economic

Legal

Technical Issues

IT infrastructure is the backbone of E-governance.

Interoperability with existing software and hardware platforms is a key success factor.

Finally, some legal aspect, like security and privacy, must be considered, as personal data are processed and stored, and financial transitions must be executed.

Privacy Issues

Citizens’ concern on privacy of their life and confidentiality of the personal data need to be technically supported.

Privacy and confidentiality has to be highly valued in establishing and maintaining websites.

An ideal Cyber policy and strict appliance of it is the backbone for citizen’s support.

Securities

The financial transaction demands for transactional security. All support for full security is necessarily needed to maintain.

An ideal Cyber Security Policy will ensure the existence of a sound and secure e-governance and critical infrastructure base in India.

Social Issues

Acceptance and usability by a large variety of people make e-governance successful

The interface must be usable by rich or poor, disabled or elderly people, understandable by low literacy or non-native language people, etc.

Infrastructure

Social, geographical and economical disparity issues have to be removed and proper infrastructure is required to establish e-governance.

The ICT facilities need to be developed and should be available to one and all citizens.

Internet connection through satellite, phone lines or through cable or Television should be accessible for all especially to the people in rural areas.

Infrastructure

Comparison of ICT usage between India and developed countries

Accessibility

Any service should be accessible by anybody from anywhere at anytime.

Even if Internet population is exponentially growing in India, still there is a significant portion of the people who may not be able to access services for various reasons like limited access to ICT technologies and devices, low literacy, or phobia for Computer etc. Therefore, universal access is still a mirage.

Usability & Acceptance

People especially in rural areas are often not expert users and need guidance and support for their transaction.

Governmental websites must be user friendly, to be effective.

A reconceptualization of government services is mandatory for successful implementation and to get social acceptance.

Political will power & Economic issues

E-governance means less interaction with government servants, it will be helpful in reducing bribery issues.

Economical issues are mainly concerned with return of investment and safeguard of the previous ones. Cost of implementation, operational and evolutionary maintenance must be low enough to guarantee a good cost/benefit ratio.

Legal issues

Strong and effective rules related with IT has to be formulated and strongly implemented. This presupposes the adoption and use of security measures more particularly empowering and training judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing.

Other issues

Underutilization of existing ICT infrastructure.

Attitude of Government Departments and government officers need a proper counseling. Many officers perceive their department as most important and disregard other department’s needs.

Lack of coordination between Govt. Department and Solution developers.

Resistance to re-engineering of departmental processes is also a challenge, but this approach is changing now.

Concern for E-governance in India

Need of the Hour

Database of citizens

It should contain all the personal details i.e. name, address, citizen Id, etc. and financial information. Every citizen should have a unique Id number and password.

The citizens can access their information and transactions through this but at the same time the other people won’t be able to access their record.

Just by going through his/her file the individual will come to know about their electricity bill, bank statements, next due LIC premium, phone bill etc. and can transact with all or any of the department at the same time.

Biometrics

The strong database needed for a successful e-governance is vulnerable to fraud. There are attempts being made to come up with “Biometric” techniques, which are more secure.

The password can be replaced as an individual’s mark of identity, fingerprints or facial characteristics to verify the identity. Instead of having card readers, there should be devices like fingerprint readers or eye scanners.

It is one of the important evolving technologies, which will ensure the security and privacy issues as well. But underutilization of these techniques is one of the barriers.

Smart Cards

One smart card with complete detail of the citizens is the smartest solution. A smart card with citizens name, address, financial information, personal information etc. fully supported and secured by Biometrics may be the key solution.

A fully secured card with easy operability can be used for all transactions and information. One such project was pilot run at IIT Bombay campus few years back.

Legal Framework for E-Governance

Accessibility

Right to Information Act 2005

Right to Information Act 2005 mandates timely response to citizen requests for government information. It is an initiative taken by Department of Personnel and Training, Ministry of Personnel, Public Grievances and Pensions to provide a – RTI Portal Gateway to the citizens for quick search of information.

The enactment of the RTI Act, 2005 gave a fillip to transparency in government dealings and concurrently provided some protection against the unwarranted disclosure of confidential information under that law. 

IT Act 2000

The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.

In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.

Highlights of IT Act 2000..

Email would be a valid and legal form of communication in India that can be duly produced and approved in a court of law.

Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.

Digital signatures have been given legal validity and sanction in the Act.

The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.

The Act now allows Government to issue notification on the web thus heralding e-governance.

Highlights of IT Act 2000…

The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.

Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and cause losses damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.

IT Act Amendment 2008

Until a couple of years ago, Indian law had no provisions dealing with privacy protection. In 2008, the IT Act was amended to introduce the following:

A new civil provision prescribing damages for an entity that is negligent in using “reasonable security practices and procedures” while handling “sensitive personal data or information” resulting in wrongful loss or wrongful gain to any person.

Criminal punishment for a person if (a) he discloses sensitive personal information; (b) does so without the consent of the person or in breach of the relevant contract; and (c) with an intention of, or knowing that the disclosure would cause wrongful loss or gain.

Indian Privacy Law 2011

On April 11, 2011, India’s Ministry of Communications and Information Technology notified the IT Rules, 2011 under the IT Act, 2000.  India now has a privacy law, brought into force with immediate effect with wide ramifications on the way companies will do business in India. 

Sensitive Personal Information -  The law relates to dealing with information generally, personal information and “sensitive personal data or information”. SPD is defined to cover the following: (a) passwords, (b) financial information such as bank account or credit card or debit card details; (c) physical, physiological and mental health condition; (d) sexual orientation; (e) medical records and history; and (f) biometric information.

Indian Privacy Law 2011..

Privacy Policy - Every business is required to have a privacy policy, to be published on its website.  The business has to also appoint a Grievance Officer. The privacy policy appears to be required whether or not the business deals with SPD. 

The privacy policy must describe what information is collected, the purpose of use of the information, to whom or how the information might be disclosed and the reasonable security  practices followed to safeguard the information.

Online payment Security

Online Buying Cycle

Rationale

The fraudulent use of credit cards in the electronic commerce marketplace has prompted the use of secure protocols to address these problems. Secure communication and payment protocols have been devised to address these problems.

Their corresponding use has been effective to prevent identity theft and unauthorized credit charge charges. The use of digital signatures and encryption has provided more secure means for engaging in web commerce.

SET Protocol

Developed by Visa and MasterCard

Designed to protect credit card transactions

Confidentiality: all messages encrypted

Trust: all parties must have digital certificates

Privacy: information made available only when and where necessary

SET Transactions

Components to build Trust

• Data Privacy Encryption

• Who am I dealing with? Authentication• Message integrity

Message Digest• Non-repudiation Digital

Signature• Access Control

Certificate Attributes

Components to build Trust

• Data Confidentiality Encryption

• Who am I dealing with? Authentication• Message integrity

Message Digest• Non-repudiation Digital

Signature• Access Control

Certificate Attributes

Symmetric Key Encryption

Same Key is used to both encrypt and decrypt data.

Examples : DES, 3DES, AES

Public Key Encryption

• Each user has 2 keys: what one key encrypts, only the other key in the pair can decrypt.

• Public key can be sent in the open.• Private key is never transmitted or shared.

Example : RSA (Rivest, Shamir, and Adleman )

RECIPIENT’S Public Key RECIPIENT’S Private Key

Common e-Security Technologies

Components to build Trust

• Data Confidentiality Encryption

• Message integrity Message Digest

• Non-repudiation Digital Signature

• Who am I dealing with? Authentication• Access Control

Certificate Attributes

Digital Signature

A digital signature is not a digitized form of signature

A digital signature will be UNIQUE for every document “signed” by an individual

Private key and public key are unique to the subscriber and constitute a functioning key pair

Data Encrypted with Public Key, can only be decoded by corresponding Private Key

Impossible to decrypt data without Private Key

Digital Signature

Signer’s Private Key

SignedDocument

HashAlgorithm

Digest EncryptedDigest

Verifying Signature

?Hash Algorithm

Digest

Digest

Signer’sPublic Key

Integrity : One bit change in the content changes the digest.

Dual Signatures

Links two messages securely but allows only one party to read each.

MESSAGE 1

DIGEST 1

NEW DIGEST

HASH 1 & 2WITH SHA

MESSAGE 2

DIGEST 2

CONCATENATE DIGESTSTOGETHER

HASH WITH SHA TOCREATE NEW DIGEST

DUAL SIGNATURE

PRIVATE KEYENCRYPT NEW DIGESTWITH SIGNER’S PRIVATE KEY

Dual Signatures for SET

Concept: Link Two Messages Intended for Two Different Receivers -

Order Information (OI): Customer to Merchant

Payment Information (PI): Customer to Bank

Goal: Limit Information to A “Need-to-Know” Basis:

Merchant does not need credit card number.

Bank does not need details of customer order.

Afford the customer extra protection in terms of privacy by keeping these items separate.

This link is needed to prove that payment is intended for this order and not some other one.

Components to build Trust

• Data Confidentiality Encryption

• Message integrity Message Digest

• Non-repudiation Digital Signature

• Who am I dealing with? Authentication• Access Control

Certificate Attributes

Digital Certificate

A digital certificate or Digital ID is a computer-based record that attests to the binding of a public key to an identified subscriber.

Certificate issued by Certification Authority (CA).

Certified digital signature attests to message content and to the identity of the signer.

Combined with a digital time stamp, messages can be proved to have been sent at certain time.

Access Control

Certification Authority (CA): This is an authority that is trusted to provide public key certificates to cardholders, merchants and payment gateways. In fact, CAs are very crucial to the success of SET.

Secure Socket Layer Protocol

SSL Protocol

The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet.

The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer.

SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.

SSL – Working

When a Web Browser attempts to connect to a website secured with SSL, the following steps occur -

SSL – Working..

1. An SSL Certificate enables encryption of sensitive information during online transactions.

2. Each SSL Certificate is a unique credential identifying the certificate owner.

3. A Certifying Authority authenticates the identity of the certificate owner before it is issued

Website using SSL protocol

SSL Certificate

Need for an SSL Certificate

An insecure Website without strong digital authentication leads to vulnerabilities in Web Server communication: An illegal website can be created with similar web

pages. With Digital Certificates issued to the Web Server, this can be avoided.

If the information between the Web Server and the clients is transmitted in clear text, it can be read/altered. This is very critical during financial transactions over the website, wherein the clients provide their credit card details and other payment details to Web Servers.

PKI Solutions for Government – A Case Study

Filing Documents Online

As paper documents are converted to the electronic form and filed, it is mandatory to provide strong authentication to the documents filed.

TCS-CA offers a toolkit that can be integrated with the e-Governance application, which provides stronger authentication using Digital Certificates.

Alternatively, the files can also be signed off-line using TCS-CA-developed desktop signing tool FileSigner.

Processing/ Approval of documents online using DS

TCS-CA offers a toolkit that can be integrated seamlessly with the e-Governance application, and can be used to digitally sign the operation of processing/ approving with the data that is being processed/approved.

Payment Authentication

For this, TCS-CA provides a Digital Certificate-based solution. The web server and the client are issued SSL certificates and hence are able to communicate over the SSL with highly secure 128 bit encryption, which provides confidentiality for the information that is being transmitted.

Clients are issued Digital Certificates, which enables strong authentication for online payments.

Secure Document Storage/ Retrieval

In e-Governance, documents pertaining to registrations, certificates and applications, have to be retained for a specific period of time.

TCS-CA offers a solution for strong authentication and integrity of the documents using Digital Certificate-based technology. The solution also facilitates strong access control mechanism for documents.

e-Procurement/ e-Tendering

These IT enabled Services, being highly sensitive, need highest level of Trust and Security along with legal sanctity.

TCS-CA provides the solution for ensuring Trust and Security in the e-Tendering/ e-Procurement scenario using PKI based Digital Signature/ Encryption technologies. TCS-CA also provides legally valid Time Stamping/ Digital Notarization Services, which ensures the Date and Time of bid submission.

Impact of E-Governance

Fosters Cutting process costs

Automation can replace higher human costs with lower ICT costs to support efficiency/productivity improvements.

Informatisation can support decisions and implementation in downsizing or rightsizing exercises.

The rationale is to address the large size of public sector expenditure and the inefficiency of many of its processes.

Case – IDSC, Cairo

In Egypt, the Information and Decision Support Center has created a comprehensive national database with 85 million birth records, 12 million marriage records and 2 million divorce records.

This provided the basis for a national ID number and, hence, a secure and accurate national ID card. Automation of previously-manual processes has saved considerable sums of money.

The information base and ID numbers have also been an essential building block in the creation of other public sector planning and service delivery applications.

Efficiently Manages Process Performance

The rationale is to make more efficient or effective use of process resources.

Case - The Government of Tanzania has recently launched its integrated HR and Payroll systems covering about 280,000 public servants.

While the capital invested was significant at around US$ 6.5 million, the savings already accrued in improved management- reduced ghost workers, improved control, and accuracy-mean that the project has already paid for itself.

Efficiently Manages Process Performance

The government of Tanzania has also implemented an Integrated Financial Management System (IFMS) at all ministries in Dar-es-Salaam and Dodoma via a wide area network.

IFMS has improved control over expenditure management, resulting in more timely and detailed reporting. Internet-enabled versions of both systems will soon be rolled out countrywide.

Promotes Inclusion of Citizens

e‐Governance is in essence, the application of ICT to government functioning in order to create ‘Simple, Moral, Accountable, Responsive and Transparent’ (SMART) governance.

Specifically, it aims to improve the efficiency of the state by shrinking it and to enhance its accountability and transparency by making the interface with citizens more inclusive.

Leads to BPR

Comprehensive e‐Governance reforms cover the process, preparedness and the technology, and the people.

Introduction of e‐Governance needs process engineering as the first step. Technology comes second, only after the processes have been re‐engineered.

And ultimately, in order to make the reforms sustainable the people in the concerned departments/ agencies have to internalize the change. This is also one of the reasons why e‐Governance projects succeed at the pilot level but ‘when up‐scaled’ they become unsustainable.

Encourages Empowerment

It can be done by transferring power, authority and resources for processes from their existing locus to new locations.

Typically that transfer is to lower; more localized levels of the public sector and may be seen as decentralization.

The rationale is to reduce the costs and increase the speed of processes and decision making and to create more flexible and responsive processes.

Implications of E-Governance

E-Governance has important policy implication for resource mobilization of the State -

It can significantly reduce the cost of administration on the one hand and maximize the revenue on the other hand.

At the same time, it can promote accountability and transparency in the functioning of PSE.

It can transform the society into an ICT driven economy by providing opportunity for employment and promoting economic growth and development.

Successful e-Governance Projects

Akshaya

In August 2003, Chamravattom village, a small backward hamlet in Kerala, South India, earned a unique distinction. It became the first village in India to become 100% information technology (IT) literate. At least one person in each of the 850 families of the village was provided computer training on basic word processing skills and browsing, under the 'Akshaya' project.

The project was launched by the government of Kerala with an aim to make the entire state computer literate.

Akshaya

"My sons are grown-up and often talk about computers. Before I went to the Akshaya centre, I didn't know what a computer was. But now I understand what my sons are learning and I can also e-mail my husband in the Gulf. We left school much before we knew what learning meant. Though late, this learning has indeed opened our eyes and enhanced our self-esteem.”

- A 38-year-old housewife, on Kerala Government's Akshaya Project.

Gyandoot

Through Gyandoot, farmers got access to data relating to market prices of their agricultural produce and land prices as well, enabling them to sell these on their own rather than going through unscrupulous traders.

The project was launched by the government of Madhya Pradesh to facilitate the farmers. The Gyandoot project was initiated in January 2000 by a committed group of civil servants in consultation with various gram panchayats in the Dhar district of Madhya Pradesh. 35 such centres have been established since January 2000.

eSeva

Andhra Pradesh is known for its keenness in implementing several e-governance projects, prominent among them being eSeva and CARD.

Through eSeva, busy urbanites could pay their bills for 36 public services offered by the state government at a single counter, and in some cases, even pay their bills online – another first of its kind facility in India.

CARD project aimed at the complete computerization of the land registration process in AP.

Bhoomi

The Bhoomi project provided farmers instant access to important land records, which would have otherwise taken them months to obtain. It also protected their land records from manipulation by corrupt government officials.

The project was launched by the government of Karnataka for computerization of Land Records.

The common benefit for all these remarkably innovative projects was the convenience it brought to the citizens who were targeted.

Conclusion

The ability of Central government to understand all needs from ordinary local citizens is limited.

Therefore, the participation of citizens in local level is extremely important. The true e-governance should be attained by interface of citizens both with central and local government.

This can shift the paradigm of the E- Governance in to success.

References

www.tcs-ca.tcs.co.in/pdf/IS_Government.pdf

www.tcs-ca.tcs.co.in/pdf/E-Returns-Government.pdf

www.egov.mit.gov.in

www.e-governance-imp.html

http://ijedict.dec.uwi.edu//viewarticle.php?id=332&layout=html

http://www.riseproject.eu/_fileupload/RISE%20Conference/Presentations/Vinayak%20Godse.pdf

www.it.iitb.ac.in/~prathabk/egovernance/egov_success_stories_gujrat.html

THANK YOU