In the Charter of Demand by Netizens of Bangalore proposed by the undersigned, several demands have been listed. I am trying to explain the demands further through a series of articles. This is the first of the series on Digital ID.
One of the demands put up is as follows:
1. Recognize the existence of Netizens as part of the voting Citizens by providing a “Digital ID” to every Netizen of India with which he can participate in e-Governance in a manner that the law of the land will recognize. For this purpose every Citizen who opts for Digital ID should be given a free Digital Signature Certificate as per the provisions of ITA 2008 of the class that enables him to digitally sign e-mails. Higher class of digital certificates if opted for should be subsidized by the Government.
This move will build the basic infrastructure for the Netizens to participate in activities through which they can assert their democratic rights.
The citizens of the country are today being given an ID in the name of Aadhar free of charge. What is proposed here is a similar digital ID which can be used by the Netizens for transacting in cyber space with a legally accepted form of authentication. This requires a digital signature certificate to be issued. The lowest class of digital certificate is “Class 1” which is usable for digitally signing and encrypting emails.
There was a time when E Mudhra was issuing class 1 certificates for Rs 100/-. Even now it is issued for trial certificate purpose by all Certifying Authorities free of charge.
However some time back, some Certifying authorities including E Mudhra stopped issuing Class 1 certificates and are now trying to sell only Class 2 and Class 3 certificates. These are expensive. E Mudhra today charges Rs 1000 for Class 2 (soft token) certificate with one year validity which is nothing different from the Class 1. Class 2 hard token may cost Rs 1650/- for one year validity. Class 3 may cost above rs 2000/- for one year validity.
Safescrypt also has removed Class 1 from its list of products. TCS is still selling Class 1 at around Rs 562/-.
Naavi.org has several times in the past argued that Digital Certificates should be provided to people at affordable costs and that would benefit the community with more of authenticated communications. Use of digital signatures will significantly improve the protection against spams and phishing and needs to be encouraged. But sadly, at the current prices digital signature certificates are not affordable by common people who want to use it for non commercial purposes. As a security product, digital certificates at current prices are as expensive as an “Anti Virus” software. This is unacceptable.
Part of the blame for this state of affairs rests with the Controller of Certifying Authorities.(CCA). The CCA instead of being “Consumer Oriented” has become an “Industry Body”. There is also a PKI forum which is also an industry body. Hence most decisions are based on increasing the profitability of the industry players rather than the needs of the Netizens.
Recently Naavi brought to the attention of the CCA that due to an adjudication decision of the Adjudicator of Karnataka, all the digital certificates issued by the current licensed certifying authorities could legally be declared void ab-initio and if corrective action is not taken, CCA would be a party to the cheating of the public. Unfortunately the officials in CCA did not understand the problem and did not consider it necessary to appreciate the point of view being made either out of ignorance or apathy or arrogance.
It is also a wrong interpretation of CCA in one of their circulars which has encouraged the Certifying Authorities to discontinue the issuance of Class I certificates as if it does not meet the requirements of ITA 2008 as a valid digital authentication tool.
At present the DeiTy is neither capable of nor inclined to address any such people oriented decisions as is evident by their apathy to the need for appointment of the Chairperson of Cyber Appellate Tribunal.
Once the netizens have digital certificates, the online banking transactions can be moved mandatorily to digital signature based instructions instead of the illegal and insecure system of password based authentication used by Indian Banks today.
Under these circumstances it has become necessary for Netizens to raise their voice in demand for a “Digital Identity at Affordable Cost”. Naavi therefore has proposed this as the first demand on behalf of Netizens.
The cost of managing such systems is not more than Rs 100/- per certificate per year and if an indigenous certifying system license developed by TCS is used, it should not be difficult to maintain the cost to less than Rs 100 as an one time fee.
For Governments which spend unnecessarily on laying and relaying pavements just to benefit contractors, or send MLAs on worthless foreign tours, it is not difficult to find money for one time issue of digital certificates to all the Citizens who anyway contribute to the Government exchequer through various taxes. Once a policy is in place we can ensure that value added services can be built on the possibility of authenticated e-communications and benefits can be reaped in several e-Governance projects to make the proposal feasible.
I want the Karnataka politicians to take up this cause and start a new trend in digital administration. Perhaps Bangalore is the right place to start this project and hence I propose this as a part of my Charter of Demands of Netizens for the Karnataka elections particularly for IT aware candidates.
Naavi
