Allied Issues in eGovernance

One day Mr. Indian decides to move from a small village of Nainital, a hill station at the foothill of the Himalayas, to business capital Mumbai in the western region of India.

NAINITAL

The answer to all his questions and queries is e-GOVERNANCE

e-Governance

e-Governance is no more and no less than governance in an electronic environment. It is both governance of that environment and governance within that environment, using electronic tools (Zussman, 2002).

Goals of e-Governance
The goals of e-Governance are:
better service delivery to citizens Ushering in transparency and accountability

Empowering people through information

Improved efficiency within Governments Improve interface with business and industry.

Revolution through e-Governance

State Bank of India and Bharti Airtel had partnered to

enable money remittance over mobile phones in 2007. The intent was to enable individuals access to the benefits of a full range of financial services regardless of socio economic level or geographical location using the ubiquity and ease of mobile communications.
This programme would enable global Indians to easily

and securely send remittances to their dependents, many of whom didnt have bank accounts.
The project was piloted in a small Himalayan village of

District Pithoragarh in state of Uttarakhand has seen the tremendous results in that unbanked village.

News Headlines
Petrol pumps to go Hi-Tech in country (Mumbai Mirror,

3 September, 06)
Use the mouse to visit under trials: Arthur road jail will

install online system to enable relatives to get appointments (Sunday times of India, Mumbai, September 23, 2006)
State police get net savvy, interrogate accused on

webcam (Times of India, 23 Sept, 2006)

E-filing cases in apex court of India from 2 Oct 2006

Attaining e-Governance
India is moving towards achieving e-Governance which

can usually be attained in four steps:

Information or Cataloguing, Transaction, Vertical Integration, and

Horizontal integration.

Issues & Challenges in EGovernance

Technical Legal Privacy

Economic

Securities

ISSUES
Political will Power
Social

Usability and Acceptance

Infrastructure
Accessibility

Technical Issues
IT infrastructure is the backbone of E-governance.
Interoperability with existing software and hardware

platforms is a key success factor.

Finally, some legal aspect, like security and privacy,

must be considered, as personal data are processed and stored, and financial transitions must be executed.

Privacy Issues
Citizens

concern on privacy of their life and confidentiality of the personal data need to be technically supported.
establishing and maintaining websites.

Privacy and confidentiality has to be highly valued in An ideal Cyber policy and strict appliance of it is the

backbone for citizens support.

Securities
The financial transaction demands for transactional

security. All support for full security is necessarily needed to maintain.

An ideal Cyber Security Policy will ensure the existence

of a sound and secure e-governance and critical infrastructure base in India.

Social Issues
Acceptance and usability by a large variety of people

make e-governance successful

The interface must be usable by rich or poor, disabled or

elderly people, understandable by low literacy or nonnative language people, etc.

Infrastructure
Social, geographical and economical disparity issues

have to be removed and proper infrastructure is required to establish e-governance.

The ICT facilities need to be developed and should be

available to one and all citizens.

Internet connection through satellite, phone lines or

through cable or Television should be accessible for all especially to the people in rural areas.

Infrastructure
Comparison of ICT usage between India and developed

countries

Accessibility
Any service should be accessible by anybody from

anywhere at anytime.
Even if Internet population is exponentially growing in

India, still there is a significant portion of the people who may not be able to access services for various reasons like limited access to ICT technologies and devices, low literacy, or phobia for Computer etc. Therefore, universal access is still a mirage.

Usability & Acceptance

People especially in rural areas are often not expert users

and need guidance and support for their transaction.

Governmental websites must be user friendly, to be

effective.
A

reconceptualization of government services is mandatory for successful implementation and to get social acceptance.

Political will power & Economic issues

E-governance means less interaction with government

servants, it will be helpful in reducing bribery issues.

Economical issues are mainly concerned with return of

investment and safeguard of the previous ones. Cost of implementation, operational and evolutionary maintenance must be low enough to guarantee a good cost/benefit ratio.

Legal issues
Strong and effective rules related with IT has to be

formulated and strongly implemented. This presupposes the adoption and use of security measures more particularly empowering and training judiciary and law enforcement manpower with the knowledge and use of cyber forensics and digital evidencing.

Other issues
Underutilization of existing ICT infrastructure.
Attitude of Government Departments and government

officers need a proper counseling. Many officers perceive their department as most important and disregard other departments needs.
Lack of coordination between Govt. Department and

Solution developers.
Resistance to re-engineering of departmental processes is

also a challenge, but this approach is changing now.

Concern for E-governance in India

Need of the Hour

Database of citizens
It should contain all the personal details i.e. name, address,

citizen Id, etc. and financial information. Every citizen should have a unique Id number and password.
The citizens can access their information and transactions

through this but at the same time the other people wont be able to access their record.
Just by going through his/her file the individual will come

to know about their electricity bill, bank statements, next due LIC premium, phone bill etc. and can transact with all or any of the department at the same time.

Biometrics
The strong database needed for a successful e-governance

is vulnerable to fraud. There are attempts being made to come up with Biometric techniques, which are more secure.
The password can be replaced as an individuals mark of

identity, fingerprints or facial characteristics to verify the identity. Instead of having card readers, there should be devices like fingerprint readers or eye scanners.
It is one of the important evolving technologies, which will

ensure the security and privacy issues as well. But underutilization of these techniques is one of the barriers.

Smart Cards
One smart card with complete detail of the citizens is the

smartest solution. A smart card with citizens name, address, financial information, personal information etc. fully supported and secured by Biometrics may be the key solution.
A fully secured card with easy operability can be used for

all transactions and information. One such project was pilot run at IIT Bombay campus few years back.

Legal Framework for EGovernance

Accessibility

Right to Information Act 2005

Right to Information Act 2005 mandates timely response

to citizen requests for government information. It is an initiative taken by Department of Personnel and Training, Ministry of Personnel, Public Grievances and Pensions to provide a RTI Portal Gateway to the citizens for quick search of information.
The enactment of the RTI Act, 2005 gave a fillip to

transparency in government dealings and concurrently provided some protection against the unwarranted disclosure of confidential information under that law.

IT Act 2000
The IT Act 2000 attempts to change outdated laws and

provides ways to deal with cyber crimes. The Act offers the much-needed legal framework so that information is not denied legal effect, validity or enforceability, solely on the ground that it is in the form of electronic records.
In view of the growth in transactions and communications

carried out through electronic records, the Act seeks to empower government departments to accept filing, creating and retention of official documents in the digital format. The Act has also proposed a legal framework for the authentication and origin of electronic records / communications through digital signature.

Highlights of IT Act 2000..

Email would be a valid and legal form of communication in India

that can be duly produced and approved in a court of law.

Companies shall now be able to carry out electronic commerce

using the legal infrastructure provided by the Act.

Digital signatures have been given legal validity and sanction in

the Act.
The Act throws open the doors for the entry of corporate

companies in the business of being Certifying Authorities for issuing Digital Signatures Certificates.
The Act now allows Government to issue notification on the web

thus heralding e-governance.

Highlights of IT Act 2000

The Act has given a legal definition to the concept of

secure digital signatures that would be required to have been passed through a system of a security procedure, as stipulated by the Government at a later date.
Under the IT Act, 2000, it shall now be possible for

corporates to have a statutory remedy in case if anyone breaks into their computer systems or network and cause losses damages or copies data. The remedy provided by the Act is in the form of monetary damages, not exceeding Rs. 1 crore.

IT Act Amendment 2008

Until a couple of years ago, Indian law had no provisions dealing

with privacy protection. In 2008, the IT Act was amended to introduce the following:
A new civil provision prescribing damages for an entity that is

negligent in using reasonable security practices and procedures while handling sensitive personal data or information resulting in wrongful loss or wrongful gain to any person.
Criminal punishment for a person if (a) he discloses sensitive

personal information; (b) does so without the consent of the person or in breach of the relevant contract; and (c) with an intention of, or knowing that the disclosure would cause wrongful loss or gain.

Indian Privacy Law 2011

On April 11, 2011, Indias Ministry of Communications and

Information Technology notified the IT Rules, 2011 under the IT Act, 2000. India now has a privacy law, brought into force with immediate effect with wide ramifications on the way companies will do business in India.
Sensitive Personal Information - The law relates to dealing with

information generally, personal information and sensitive personal data or information. SPD is defined to cover the following: (a) passwords, (b) financial information such as bank account or credit card or debit card details; (c) physical, physiological and mental health condition; (d) sexual orientation; (e) medical records and history; and (f) biometric information.

Indian Privacy Law 2011..

Privacy Policy - Every business is required to have a privacy

policy, to be published on its website. The business has to also appoint a Grievance Officer. The privacy policy appears to be required whether or not the business deals with SPD.
The privacy policy must describe what information is collected,

the purpose of use of the information, to whom or how the information might be disclosed and the reasonable security practices followed to safeguard the information.

Online payment Security

Online Buying Cycle

Rationale
The fraudulent use of credit cards in the electronic

commerce marketplace has prompted the use of secure protocols to address these problems. Secure communication and payment protocols have been devised to address these problems.
Their corresponding use has been effective to prevent

identity theft and unauthorized credit charge charges. The use of digital signatures and encryption has provided more secure means for engaging in web commerce.

SET Protocol
Developed by Visa and MasterCard Designed to protect credit card transactions Confidentiality: all messages encrypted Trust: all parties must have digital certificates

Privacy: information made available only when and

where necessary

SET Transactions

Components to build Trust

Data Privacy Who am I dealing with? Message integrity Non-repudiation Access Control

Encryption Authentication Message Digest Digital Signature Certificate Attributes

Components to build Trust

Data Confidentiality Who am I dealing with? Message integrity Non-repudiation Access Control

Encryption Authentication Message Digest Digital Signature Certificate Attributes

Symmetric Key Encryption

Same Key is used to both encrypt and decrypt data. Examples : DES, 3DES, AES

Public Key Encryption

RECIPIENTS Public Key

RECIPIENTS Private Key

Each user has 2 keys: what one key encrypts, only the other key in the pair can decrypt. Public key can be sent in the open. Private key is never transmitted or shared. Example : RSA (Rivest, Shamir, and Adleman )

Common e-Security Technologies

Components to build Trust

Data Confidentiality Message integrity Non-repudiation Who am I dealing with? Access Control

Encryption Message Digest Digital Signature Authentication Certificate Attributes

Digital Signature
A digital signature is not a digitized form of signature
A digital signature will be UNIQUE for every document

signed by an individual
Private key and public key are unique to the subscriber and

constitute a functioning key pair

Data Encrypted with Public Key, can only be decoded by

corresponding Private Key

Impossible to decrypt data without Private Key

Digital Signature

Signers Private Key

Hash Algorithm

Digest

Encrypted Digest

Signed Document

Verifying Signature
Digest

Hash Algorithm

Digest

Signers Public Key

Integrity : One bit change in the content changes the digest.

Dual Signatures
Links two messages securely but allows only one

party to read each.

MESSAGE 1
HASH 1 & 2
WITH SHA

MESSAGE 2
CONCATENATE DIGESTS TOGETHER HASH WITH SHA TO CREATE NEW DIGEST NEW DIGEST ENCRYPT NEW DIGEST WITH SIGNERS PRIVATE KEY

DIGEST 1

DIGEST 2

PRIVATE KEY

DUAL SIGNATURE

Dual Signatures for SET

Concept: Link Two Messages Intended for Two Different Receivers Order Information (OI): Customer to Merchant Payment Information (PI): Customer to Bank Goal: Limit Information to A Need-to-Know Basis: Merchant does not need credit card number. Bank does not need details of customer order. Afford the customer extra protection in terms of privacy by keeping these items separate.
This link is needed to prove that payment is intended for this order and not some other one.

Components to build Trust

Data Confidentiality Message integrity Non-repudiation Who am I dealing with? Access Control

Encryption Message Digest Digital Signature Authentication Certificate Attributes

Digital Certificate
A digital certificate or Digital ID is a computer-based

record that attests to the binding of a public key to an identified subscriber.

Certificate issued by Certification Authority (CA).
Certified digital signature attests to message content

and to the identity of the signer.

Combined with a digital time stamp, messages can be

proved to have been sent at certain time.

Access Control
Certification Authority (CA): This is an authority that is

trusted to provide public key certificates to cardholders, merchants and payment gateways. In fact, CAs are very crucial to the success of SET.

Secure Socket Layer Protocol

SSL Protocol
The Secure Sockets Layer (SSL) is a commonly-used

protocol for managing the security of a message transmission on the Internet.

The "sockets" part of the term refers to the sockets

method of passing data back and forth between a client and a server program in a network or between program layers in the same computer.
SSL uses the public-and-private key encryption system

from RSA, which also includes the use of a digital certificate.

SSL Working
When a Web Browser attempts to connect to a website

secured with SSL, the following steps occur -

SSL Working..

1. An SSL Certificate enables encryption of sensitive information during online transactions.

2. Each SSL Certificate is a unique credential identifying the certificate owner.

3. A Certifying Authority authenticates the identity of the certificate owner before it is issued

Website using SSL protocol

SSL Certificate

Need for an SSL Certificate

An insecure Website without strong digital authentication

leads to vulnerabilities in Web Server communication: An illegal website can be created with similar web pages. With Digital Certificates issued to the Web Server, this can be avoided. If the information between the Web Server and the clients is transmitted in clear text, it can be read/altered. This is very critical during financial transactions over the website, wherein the clients provide their credit card details and other payment details to Web Servers.

PKI Solutions for Government A Case Study

Filing Documents Online

As paper documents are converted to the electronic

form and filed, it is mandatory to provide strong authentication to the documents filed.
TCS-CA offers a toolkit that can be integrated with the

e-Governance application, which provides stronger authentication using Digital Certificates.

Alternatively, the files can also be signed off-line using

TCS-CA-developed desktop signing tool FileSigner.

Processing/ Approval of documents online using DS

TCS-CA offers a toolkit that can be integrated

seamlessly with the e-Governance application, and can be used to digitally sign the operation of processing/ approving with the data that is being processed/approved.

Payment Authentication
For this, TCS-CA provides a Digital Certificate-based

solution. The web server and the client are issued SSL certificates and hence are able to communicate over the SSL with highly secure 128 bit encryption, which provides confidentiality for the information that is being transmitted.
Clients are issued Digital Certificates, which enables

strong authentication for online payments.

Secure Document Storage/ Retrieval

In e-Governance, documents pertaining to registrations,

certificates and applications, have to be retained for a specific period of time.

TCS-CA offers a solution for strong authentication and

integrity of the documents using Digital Certificatebased technology. The solution also facilitates strong access control mechanism for documents.

e-Procurement/ e-Tendering
These IT enabled Services, being highly sensitive, need

highest level of Trust and Security along with legal sanctity.

TCS-CA provides the solution for ensuring Trust and

Security in the e-Tendering/ e-Procurement scenario using PKI based Digital Signature/ Encryption technologies. TCS-CA also provides legally valid Time Stamping/ Digital Notarization Services, which ensures the Date and Time of bid submission.

Impact of E-Governance

Fosters Cutting process costs

Automation can replace higher human costs with lower

ICT costs to improvements.

Informatisation

support

efficiency/productivity

can support decisions and implementation in downsizing or rightsizing exercises.

The rationale is to address the large size of public sector

expenditure and the inefficiency of many of its processes.

Case IDSC, Cairo

In Egypt, the Information and Decision Support Center has

created a comprehensive national database with 85 million birth records, 12 million marriage records and 2 million divorce records.
This provided the basis for a national ID number and, hence,

a secure and accurate national ID card. Automation of previously-manual processes has saved considerable sums of money.
The information base and ID numbers have also been an

essential building block in the creation of other public sector planning and service delivery applications.

Efficiently Manages Process Performance

The rationale is to make more efficient or effective use

of process resources.
Case - The Government of Tanzania has recently

launched its integrated HR and Payroll systems covering about 280,000 public servants.
While the capital invested was significant at around US$

6.5 million, the savings already accrued in improved management- reduced ghost workers, improved control, and accuracy-mean that the project has already paid for itself.

Efficiently Manages Process Performance

The government of Tanzania has also implemented an

Integrated Financial Management System (IFMS) at all ministries in Dar-es-Salaam and Dodoma via a wide area network.
IFMS

has improved control over expenditure management, resulting in more timely and detailed reporting. Internet-enabled versions of both systems will soon be rolled out countrywide.

Promotes Inclusion of Citizens

eGovernance is in essence, the application of ICT to

government functioning in order to create Simple, Moral, Accountable, Responsive and Transparent (SMART) governance.
Specifically, it aims to improve the efficiency of the

state by shrinking it and to enhance its accountability and transparency by making the interface with citizens more inclusive.

Leads to BPR
Comprehensive eGovernance reforms cover the process,

preparedness and the technology, and the people.

Introduction of eGovernance needs process engineering as

the first step. Technology comes second, only after the processes have been reengineered.
And ultimately, in order to make the reforms sustainable

the people in the concerned departments/ agencies have to internalize the change. This is also one of the reasons why eGovernance projects succeed at the pilot level but when upscaled they become unsustainable.

Encourages Empowerment
It can be done by transferring power, authority and

resources for processes from their existing locus to new locations.

Typically that transfer is to lower; more localized levels of

the public sector and may be seen as decentralization.

The rationale is to reduce the costs and increase the speed

of processes and decision making and to create more flexible and responsive processes.

Implications of E-Governance
E-Governance has important policy implication for resource mobilization of the State It can significantly reduce the cost of administration on

the one hand and maximize the revenue on the other hand.
At the same time, it can promote accountability and

transparency in the functioning of PSE.

It can transform the society into an ICT driven economy

by providing opportunity for employment promoting economic growth and development.

and

Successful e-Governance Projects

Akshaya
In August 2003, Chamravattom village, a small

backward hamlet in Kerala, South India, earned a unique distinction. It became the first village in India to become 100% information technology (IT) literate. At least one person in each of the 850 families of the village was provided computer training on basic word processing skills and browsing, under the 'Akshaya' project.
The project was launched by the government of Kerala

with an aim to make the entire state computer literate.

Akshaya
"My sons are grown-up and often talk about computers.

Before I went to the Akshaya centre, I didn't know what a computer was. But now I understand what my sons are learning and I can also e-mail my husband in the Gulf. We left school much before we knew what learning meant. Though late, this learning has indeed opened our eyes and enhanced our self-esteem. - A 38-year-old housewife, on Kerala Government's Akshaya Project.

Gyandoot
Through Gyandoot, farmers got access to data relating

to market prices of their agricultural produce and land prices as well, enabling them to sell these on their own rather than going through unscrupulous traders.
The project was launched by the government of

Madhya Pradesh to facilitate the farmers. The Gyandoot project was initiated in January 2000 by a committed group of civil servants in consultation with various gram panchayats in the Dhar district of Madhya Pradesh. 35 such centres have been established since January 2000.

eSeva
Andhra

Pradesh is known for its keenness in implementing several e-governance projects, prominent among them being eSeva and CARD.
36 public services offered by the state government at a single counter, and in some cases, even pay their bills online another first of its kind facility in India.

Through eSeva, busy urbanites could pay their bills for

CARD project aimed at the complete computerization

of the land registration process in AP.

Bhoomi
The Bhoomi project provided farmers instant access to

important land records, which would have otherwise taken them months to obtain. It also protected their land records from manipulation by corrupt government officials.
The project was launched by the government of

Karnataka for computerization of Land Records.

The common benefit for all these remarkably innovative

projects was the convenience it brought to the citizens who were targeted.

Conclusion
The ability of Central government to understand all

needs from ordinary local citizens is limited.

Therefore, the participation of citizens in local level is

extremely important. The true e-governance should be attained by interface of citizens both with central and local government.
This can shift the paradigm of the E- Governance in to

success.

References
www.tcs-ca.tcs.co.in/pdf/IS_Government.pdf
www.tcs-ca.tcs.co.in/pdf/E-Returns-Government.pdf www.egov.mit.gov.in www.e-governance-imp.html http://ijedict.dec.uwi.edu//viewarticle.php?id=332&layout=html http://www.riseproject.eu/_fileupload/RISE%20Conference/Present

ations/Vinayak%20Godse.pdf jrat.html

www.it.iitb.ac.in/~prathabk/egovernance/egov_success_stories_gu

THANK YOU