Call it an ‘e-letter day’–that was how minister for communication and
IT, Pramod Mahajan chose to describe February 6, 2002. For on this day, Mahajan
received India’s first digital signature certificate from SafeScrypt, a Satyam
Infoway promoted and VeriSign affiliate company. The day also marked India’s
entry into the age of secure electronic transactions. What this means is that
the country now has the mechanism to ensure that individuals and corporations
can communicate with each other fearlessly and transact business without
actually using paper documents as contract notes. This also means that business
documents can be produced electronically, signed digitally and sent using the
Internet without the fear of repudiation and tampering.
Digital gains
Digital signatures are the backbone on which digital contracts rest. In
fact, one of the main objectives of the IT Act 2000 is to facilitate digital
contracts through the issue of digital signatures. The legal framework for
dispute resolution in the Act would be meaningless unless the procedures for
developing, affixing and authenticating digital signatures are in place.
One of the objectives of the IT act is to provide a legal framework for
resolving any dispute that could arise with respect to electronic transactions.
Such a framework, which in India is envisaged as a two-tier quasi-judicial
structure, is necessary to establish the confidence for developing e-commerce in
any country. The authenticity of digital signatures has yet not been challenged
in any court of law, but putting in place an effective mechanism for resolving
disputes is important. It would now be possible to verify the authenticity of
the person one is dealing with over the Net. Also, these certificates ensure
integrity of data–one can determine whether the information that is sent or
received has been modified or corrupted on the way.
Crossing the hurdles
While the advent of SafeScrypt as the country’s first certifying authority
(CA) has been hailed as a significant milestone, the biggest issue facing a CA
would be that of trust. As SafeScrypt managing director Atul Saran says, ‘‘The
issue of digital signatures in not a technology, but a ‘trust’ business.’’
Despite the fact that the country has got its first digital signature
certificate, the question of its authenticity remains an issue.
Service providers may have to use the new tool to promote themselves as
secured sites for B2B and B2C transactions and spread the much-required
awareness. But, the ideal situation would be if the government agencies act as
catalysts by becoming early adapters. However, this seems to be a tall order
going by the fact that so far there is only one pilot project running in the
government sector (the Andhra Pradesh government project for secure messages)
and the process is on to identify the second one.
There are other issues too. While the so-called CAs generate the certificates
themselves, the thorny question of whether a certificate is actually valid for
use remains unsettled. The issue gets compounded further because a single user
might have multiple certificates, each one issued by a different institution and
manufactured by a different vendor. Also, as the day progress, it becomes
imperative to have a hierarchy of CAs. This is important because situations may
arrive when a person does not trust the first CA. The solution: one can check
the certificate for its digital signature with the next CA up the tree, and so
on until they reach the ‘root’ CA. The problem is, India has only one CA so
far. While there’s no doubt that even having the first CA in place is no mean
an achievement, there are technology issues too that need to be ironed out. Many
companies all over the world have been using proprietary digital-signature
technology for decades as part of electronic data interchanges, even before the
Internet-based e-commerce came into existence.
The same is true for the modern day CAs. Indian companies will need to tackle
the issue of interoperability between different CAs and root CA. Nevertheless,
with the first CA now operational, the country is poised to take a further step
forward. e-commerce has so far been limping in the country. The technology is
bound to leapfrog policies and procedures paving the way for effective
e-commerce in the country.
SHUBHENDU PARTH In New Delhi (With
inputs from Rahul Gupta/CNS)