Allied Issues in eGovernance
One day Mr. Indian decides to move from a small village of Nainital, a hill station at the foothill of the Himalayas, to business capital Mumbai in the western region of India.
NAINITAL
The answer to all his questions and queries is “e-GOVERNANCE “e -GOVERNANCE””
e-Governance
e-Governance is no more and no less than governance in an electronic environment. It is both governance of that environment and governance within that environment, using electronic tools (Zussman, 2002).
Goals of e-Governance The goals of e-Governance are:
better service delivery to citizens
Ushering in transparency and accountability
Empowering people through information
Improved efficiency within Governments
Improve interface with business and industry.
Revolution Re volution through e-Governance
State Bank of India and Bharti Airtel had partnered to enable money remittance over mobile phones in 2007. The intent was to enable individuals’ access to the benefits of a full range of financial services regardless of socio economic level or geographical location using the ubiquity and ease of mobile communications.
This programme would enable global Indians to easily and securely send remittances to their dependents, many of whom didn’t have bank accounts.
The project was piloted in a small Himalayan village of District Pithoragarh in state of Uttarakhand has seen the tremendous results in that t hat unbanked village.
News Headlines
Petrol pumps to go Hi-Tech in country” (Mumbai Mirror, 3 September, 06)
“Use the mouse to visit under trials: Arthur road jail will install online system to enable relatives to get appointments” (Sunday times of India, Mumbai, September 23, 2006)
“State police get net savvy, interrogate accused on webcam” (Times of India, 23 Sept, 2006)
“E-filing “E -filing cases in apex court co urt of India from 2 Oct 2006” 2006”
Attaining e-Governance
India is moving towards achieving e-Governance which can usually be attained in four steps:
Information or Cataloguing,
Transaction,
Vertical Integration, and
Horizontal integration.
Issues & Challenges Challenges in EEGovernance
Technical Legal
Privacy
Economic
Securities
ISSUES Political will Power
Social
Usability and Acceptance
Infrastructure Accessibility
Technical Issues
IT infrastructure is the backbone of E-governance.
Interoperability with existing software and hardware platforms is a key success factor.
Finally, some legal aspect, like security and privacy, must be considered, as personal data are processed and stored, and financial transitions must be executed.
Privacy Issues
Citizens’ concern on privacy of their life and confidentiality of the personal data need to be technically supported. supported.
Privacy and confidentiality has to be highly valued in establishing and maintaining websites.
An ideal Cyber policy and strict appliance of it is the backbone for citizen’s support.
Securities
The financial transaction demands for transactional security. All support for full security is necessarily needed to maintain.
An ideal Cyber Security Policy will ensure the existence of a sound and secure e-governance and critical infrastructure base in India.
Social Issues
Acceptance and usability by a large variety of people make e-governance successful
The interface must be usable by rich or poor, disabled or elderly people, understandable by low literacy or nonnative language people, etc.
Infrastructure
Social, geographical and economical disparity issues have to be removed and proper infrastructure is required to establish e-governance.
The ICT facilities need to be developed and should be available to one and all citizens.
Internet connection through satellite, phone lines or through cable or Television should be accessible for all especially to the people in rural areas.
Infrastructure
Comparison of ICT usage between India and developed countries
Accessibility
Any service should be accessible by anybody from anywhere at anytime.
Even if Internet population is exponentially growing in India, still there is a significant portion of the people who may not be able to access services for various reasons like limited access to ICT technologies and devices, low literacy, or phobia for Computer etc. Therefore, universal access is still a mirage.
Usability & Acceptance Acceptance
People especially in rural areas are often not expert users and need guidance and support for their transaction.
Governmental websites must be user friendly, to be effective.
A reconceptualization of government services is mandatory for successful implementation and to get social acceptance.
Political will power & Economic issues i ssues
E-governance means less interaction with government servants, it will be helpful in reducing bribery issues.
Economical issues are mainly concerned with return of investment and safeguard of the previous ones. Cost of implementation, operational and evolutionary maintenance must be low enough to guarantee a good cost/benefit ratio.
Legal issues
Strong and effective rules related with IT has to be formulated and strongly implemented. This presupposes the adoption and use of security measures more particularly empowering and training judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing.
Other issues
Underutilization of existing ICT infrastructure.
Attitude of Government Departments and government officers need a proper counseling. Many officers perceive their department as most important and disregard other department’s needs.
Lack of coordination between Govt. Department and Solution developers.
Resistance to re-engineering of departmental processes is also a challenge, but this approach is changing now.
Concern for E-governance in India
Need of the Hour
Database of citizens
It should contain all the personal details i.e. name, address, citizen Id, etc. and financial information. Every citizen should have a unique Id number and password.
The citizens can access their information and transactions through this but at the same time the other people won’t be able to access their record.
Just by going through his/her file the individual will come to know about their electricity bill, bank statements, next due LIC premium, phone bill etc. and can transact with all or any of the department at the same time.
Biometrics
The strong database needed for a successful e-governance is vulnerable to fraud. There are attempts being made to come up with “Biometric” techniques, which are more secure.
The password can be replaced as an individual’s mark of identity, fingerprints or facial characteristics to verify the identity. Instead of having card readers, there should be devices like fingerprint readers or eye scanners.
It is one of the important evolving technologies, which will ensure the security and privacy issues as well. But underutilization of these techniques is one of the barriers.
Smart Cards
One smart card with complete detail of the citizens is the smartest solution. A smart card with citizens name, address, financial information, personal information etc. fully supported and secured by Biometrics may be the key solution.
A fully secured card with easy operability can be used for all transactions and information. One such project was pilot run at IIT Bombay campus few years back.
Legal Framework for EGovernance
Accessibility
Right to Information Act 2005
Right to Information Act 2005 mandates timely response to citizen requests for government information. It is an initiative taken by Department of Personnel and Training, Training, Ministry of Personnel, Public Grievances and Pensions to provide a – RTI Portal Gateway to the citizens for quick search of information.
The enactment of the RTI Act, 2005 gave a fillip to transparency in government dealings and concurrently provided some protection against the unwarranted disclosure of confidential information under that law.
IT Act 2000
The IT Act 2000 attempts to change outdated laws and provides ways to deal with cyber crimes. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.
In view of the growth in transactions and communications carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.
Highlights of IT Act Act 2000..
Email would be a valid and legal form of communication in India that can be duly produced and approved in a court of law.
Companies shall now be able to carry out electronic commerce using the legal infrastructure provided by the Act.
Digital signatures have been given legal validity and sanction in the Act.
The Act throws open the doors for the entry of corporate companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates. Certificates.
The Act now allows Government to issue notification on the web thus heralding e-governance.
Highlights of IT Act Act 2000…
The Act has given a legal definition to the concept of secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.
Under the IT Act, 2000, it shall now be possible for corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and cause losses damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.
IT Act Amendment 2008
Until a couple of years ago, Indian law had no provisions dealing with privacy protection. In 2008, the IT Act was amended to introduce the following:
A new civil provision prescribing damages for an entity that is negligent in using “reasonable security practices and procedures” while handling “sensitive personal data or information” resulting in wrongful loss or wrongful gain to any person.
Criminal punishment for a person if (a) he discloses sensitive personal information; (b) does so without the consent of the person or in breach of the relevant contract; and (c) with an intention of, or knowing that the disclosure would cause wrongful loss or gain.
Indian Privacy Law 2011
On April 11, 2011, India’s Ministry of Communications and Information Technology notified the IT Rules, 2011 under the IT Act, 2000. India now has a privacy law, brought into force with immediate effect with wide ramifications on the way companies will do business in India.
Sensitive Personal Personal Information - The law relates relates to dealing dealing with information generally, personal information and “sensitive personal data or information” information”.. SPD is defined to cover the following: (a) passwords, (b) financial information such as bank account or credit card or debit card details; (c) physical, physiological and mental health condition; (d) sexual orientation; (e) medical records and history; and (f) biometric information.
Indian Privacy Law 2011..
Privacy Policy - Every business is required to have a privacy policy,, to be published policy published on its website. website. The business has has to also appoint a Grievance Officer. The privacy policy appears to be required whether or not the business deals with SPD.
The privacy policy must describe what information is collected, the purpose of use of the information, to whom or how the information might be disclosed and the reasonable security practices followed followed to safeguard safeguard the information.
Online payment Security
Online Buying Cycle
Rationale
The fraudulent use of credit cards in the electronic commerce marketplace has prompted the use of secure protocols to address these problems. Secure communication and payment protocols have been devised to address these problems.
Their corresponding use has been effective to prevent identity theft and unauthorized credit charge charges. The use of digital signatures and encryption has provided more secure means for engaging in web commerce.
SET Protocol
Developed by Visa and MasterCard
Designed to protect credit card transactions t ransactions
Confidentiality: all messages encrypted
Trust: all parties must have digital certificates
Privacy: information made available only when and where necessary
SET Transacti Transactions ons
Components to build Trust
•
•
•
•
•
Data Privacy Who am I dealing with? Message integrity Non-repudiation Access Control
Encryption Authentication Message Digest Digital Signature Certificate Attributes
Components to build Trust
•
•
•
•
•
Data Confidentiality Who am I dealing with? Message integrity Non-repudiation Access Control
Encryption Authentication Message Digest Digital Signature Certificate Attributes
Symmetric Key Encryption
Same Key is used to both encrypt and decrypt data. Examples : DES, 3DES, AES
Public Key Encryption
RECIPIENT’S Public Key •
• •
RECIPIENT’S Private Key
Each user has 2 keys: what one key encrypts, only the other key in the pair can decrypt. Public key can be sent in the open. Private key is never transmitted or shared. Example : RSA (Rivest, Shamir, and Adleman )
Common e-Sec e-Security urity Technol echnologies ogies
Components to build Trust
•
•
•
•
•
Data Confidentiality Message integrity Non-repudiation Who am I dealing with? Access Control
Encryption Message Digest Digital Signature Authentication Certificate Attributes
Digital Signature
A digital signature is not a digitized form of signature
A digital signature will be UNIQUE for every document “signed” by an individual
Private key and public key are unique to the subscriber and constitute a functioning fu nctioning key pair
Data Encrypted with Public Key, can only be decoded by corresponding Private Key
Impossible to decrypt data without Private Key
Digital Signature
’
Signer s Private Key
Hash Algorithm
Digest
Encrypted Digest
Signed Document
Verifying Signature Digest
Hash Algorithm
Digest
?
’
Signer s Public Key
Integrity : One bit change in the content changes the digest.
Dual Signatures
Links two messages securely but allows only one party to read each. MESSAGE 1
MESSAGE 2 HASH 1 & 2 WITH SHA
DIGEST 1
DIGEST 2
CONCATENATE DIGESTS TOGETHER HASH WITH SHA TO CREATE NEW DIGEST
NEW DIGEST ENCRYPT NEW DIGEST WITH SIGNER S PRIVATE KEY
PRIVATE KEY
’
DUAL SIGNATURE
Dual Signatures for SET Concept: Link Two Two Messages Intended for Two Different Receivers Order Information Information (OI): (OI): Customer to Merchant Merchant Information (PI): (PI): Customer to Bank Payment Information Goal: Limit Information to A Need-to-Know Basis: Merchant does not need credit card number. order. Bank does not need details of customer order. Afford the customer extra protection in terms of privacy by keeping these items separate. This link is needed to prove that payment is intended for this order and not some other one.
Components to build Trust
•
•
•
•
•
Data Confidentiality Message integrity Non-repudiation Who am I dealing with? Access Control
Encryption Message Digest Digital Signature Authentication Certificate Attributes
Digital Certificate A
digital certificate or Digital ID is a computer-based record that attests to the binding of a public key to an identified subscriber.
Certificate issued
by Certification Authority Authority (CA).
Certified
digital signature attests to message content and to the identity of the signer.
Combined
with a digital time stamp, messages can be proved to have been sent at certain time.
Access Control
Certification Authority (CA): (CA): This is an authority that is trusted to provide public key certificates to cardholders, merchants and payment gateways. In fact, CAs are very crucial to the success of SET.
Secure Socket Socket Layer Protocol
SSL Protocol
The Secure Sockets Layer (SSL) is a commonly-used protocol for managing the security of a message transmission on the Internet.
The "sockets" part of the term refers to the sockets method of passing data back and forth between a client and a server program in a network or between program layers in the same computer.
SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate.
SSL
–
Working
When a Web Browser attempts to connect to a website secured with SSL, the following steps occur -
SSL
–
Working..
1. An SSL Certificate enables encryption of sensitive information during online transactions.
2. Each SSL Certificate is a unique credential identifying the certificate owner.
3. A Certifying Authority authenticates the identity of the certificate owner before it is issued
Website using SSL protocol
SSL Certificate
Need for an SSL Certificate
An insecure Website without strong digital authentication leads to vulnerabilities in Web Web Server communication:
An illegal website can be created with similar web pages. With Digital Certificates issued to the Web Server, this can be avoided.
If the information between the Web Server and the clients is transmitted in clear text, it can be read/altered. This is very critical during financial transactions over the website, wherein the clients provide their credit card details and other payment details to Web Web Servers.
PKI Solutions for Government Government – A Case Study
Filing Documents Online
As paper documents are converted to the electronic form and filed, it is mandatory to provide strong authentication to the documents filed.
TCS-CA offers a toolkit that can be integrated with the e-Governance application, which provides stronger authentication using Digital Certificates.
Alternatively, the files can also be signed off-line using TCS-CA-developed TCS-CA-de veloped desktop signing tool FileSigner FileSigner..
Processing/ Approval Approval of documents online using DS
TCS-CA offers a toolkit that can be integrated seamlessly with the e-Governance application, and can be used to digitally sign the operation of processing/ approving with the data that is being processed/approved.
Payment Authentication
For this, TCS-CA provides a Digital Certificate-based solution. The web server and the client are issued SSL certificates and hence are able to communicate over the SSL with highly secure 128 bit encryption, which provides confidentiality for the information that is being transmitted.
Clients are issued Digital Certificates, which enables strong authentication for online payments.
Secure Document Storage/ Retrieval
In e-Governance, documents pertaining to registrations, certificates and applications, have to be retained for a specific period of time.
TCS-CA offers a solution for strong authentication and integrity of the documents using Digital Certificatebased technology. The solution also facilitates strong access control mechanism for documents.
e-Procurement/ e-Tendering
These IT enabled Services, being highly sensitive, need highest level of Trust and Security along with legal sanctity.
TCS-CA provides the solution for ensuring Trust and Security in the e-Tendering/ e-Procurement scenario using PKI based Digital Signature/ Encryption technologies. TCS-CA also provides legally valid Time Stamping/ Digital Notarization Services, which ensures the Date and Time of bid submission.
Impact of E-Governance
Fosters Cutting process costs
Automation can replace higher human costs with lower ICT costs to support efficiency/productivity improvements.
Informatisation can support decisions and implementation in downsizing or rightsizing exercises.
The rationale is to address the large size of public sector expenditure and the inefficiency of many of its processes.
Case – IDSC, Cairo
In Egypt, the Information and Decision Support Center has created a comprehensive national database with 85 million birth records, 12 million marriage records and 2 million divorce records.
This provided the basis for a national ID number and, hence, a secure and accurate national ID card. Automation of previously-manual processes has saved considerable sums of money.
The information base and ID numbers have also been an essential building block in the creation of other public sector planning and service delivery applications.
Efficiently Manages Process Performance Performance
The rationale is to make more efficient or effective use of process resources.
Case - The Government of Tanzania has recently launched its integrated HR and Payroll systems covering about 280,000 public servants.
While the capital invested was significant at around US$ 6.5 million, the savings already accrued in improved management- reduced ghost workers, improved control, and accuracy-mean that the project has already paid for itself.
Efficiently Manages Process Performance
The government of Tanzania has also implemented an Integrated Financial Management System (IFMS) at all ministries in Dar-es-Salaam and Dodoma via a wide area network.
IFMS has improved control over expenditure management, resulting in more timely and detailed reporting. Internet-enabled versions of both systems will soon be rolled out countrywide.
Promotes Inclusion of Citizens
e‐Governance is in essence, the application of ICT to government functioning in order to create ‘Simple, Moral, Accountable, Responsive and Transparent’ (SMART) governance.
Specifically, it aims to improve the efficiency of the state by shrinking it and to enhance its accountability and transparency by making the interface with citizens more inclusive.
Leads to BPR
Comprehensive e‐Governance reforms cover the process, preparedness and the technology, and the people.
Introduction of e‐Governance of e‐Governance needs process engineering as the first step. Technology comes second, only after the processes have been re‐engineered re‐engineered..
And ultimately, in order to make the reforms sustainable the people in the concerned departments/ agencies have to internalize the change. This is also one of the reasons why e‐Governance projects succeed at the pilot level but ‘when up‐scaled’ they become unsustainable.
Encourages Empowerment
It can be done by transferring power, authority and resources for processes from their existing locus to new locations.
Typically that transfer is to lower; more localized levels of the public sector and may be seen as decentralization.
The rationale is to reduce the costs and increase the speed of processes and decision making and to create more flexible and responsive processes.
Implications of E-Governance E-Governance has important policy implication for resource mobilization of the State
It can significantly reduce the cost of administration on the one hand and maximize the revenue on the other hand.
At the same time, it can promote accountability and transparency in the functioning of PSE.
It can transform the society into an ICT driven economy by providing opportunity for employment and promoting economic growth and development.
Successful e-Governance Projects
Akshaya
In August 2003, Chamravattom village, a small backward hamlet in Kerala, South India, earned a unique distinction. It became the first village in India to become 100% information technology (IT) literate. At least one person in each of the 850 families of the village was provided computer training on basic word processing skills and browsing, under the 'Akshaya' project.
The project was launched by the government of Kerala with an aim to make the entire state computer literate.
Akshaya
"My sons are grown-up and often talk about computers. Before I went to the Akshaya centre, I didn't know what a computer was. But now I understand what my sons are learning and I can also e-mail my husband in the Gulf. We left school much before we knew what learning meant. Though late, this learning has indeed opened our eyes and enhanced our self-esteem.” self-esteem.”
- A 38-year-old housewife, on Kerala Government's Akshaya Project.
Gyandoot
Through Gyandoot, farmers got access to data relating to market prices of their agricultural produce and land prices as well, enabling them to sell these on their own rather than going through unscrupulous traders.
The project was launched by the government of Madhya Pradesh to facilitate the farmers. The Gyandoot project was initiated in January 2000 by a committed group of civil servants in consultation with various gram panchayats in the Dhar district of Madhya Pradesh. 35 such centres have been established since January 2000. 2000.
eSeva
Andhra Pradesh is known for its keenness in implementing several e-governance projects, prominent among them being eSeva and CARD.
Through eSeva, busy urbanites could pay their bills for 36 public services offered by the state government at a single counter, and in some cases, even pay their bills online – another first of its kind facility in India.
CARD project aimed at the complete computerization of the land registration process in AP.
Bhoomi
The Bhoomi project provided farmers instant access to important land records, which would have otherwise taken them months to obtain. It also protected their land records from manipulation by corrupt government officials.
The project was launched by the government of Karnataka for computerization of Land Records.
The common benefit for all these remarkably innovative projects was the convenience it brought to the citizens who were targeted.
Conclusion
The ability of Central government to understand all needs from ordinary local citizens is limited.
Therefore, the participation of citizens in local level is extremely important. The true e-governance should be attained by interface of citizens both with central and local government.
This can shift the paradigm of the E- Governance in to success.
References
www.tcs-ca.tcs.co.in/pdf/IS_Government.pdf
www.tcs-ca.tcs.co.in/pdf/E-Returns-Government.pdf
www.egov.mit.gov.in
www.e-governance-imp.html
http://ijedict.dec.uwi.edu//viewarticle.php?id=332&layout=html
http://www.riseproject.eu/_fileupload/RISE%20Conference http://www.riseproject.eu/_fileupload/R ISE%20Conference/Present /Present ations/Vinayak%20Godse.pdf
www.it.iitb.ac.in/~prathabk/egovernance/egov_suc www.it.iitb.ac.in/~pratha bk/egovernance/egov_success_stories_gu cess_stories_gu jrat.html
THANK THAN K YOU YOU