/dqc/media/agency_attachments/3bO5lX4bneNNijz3HbB7.jpg)
Follow UsWill the digital signature ever become a reality in India? It's a million-dollar question. How many companies who have a paid-up capital of Rs 5 crore and a net worth of Rs 50 crore are willing to go and invest in the infrastructure to become a Certifying Authority (CA) for digital signatures? Not many.
The dotcom crash and the slowdown in the US are likely to affect one more important technology in India. The digital signature may be the next victim of the dotcom crash. There is no way to find out if the government's initiative for e-commerce and digital signatures was based on rational thinking or on dotcom hype. If it was a result of the dotcom hype, the future of digital signature in India is very bleak. If it was an outcome of rational thinking, the digital signature may still become a reality in India, but in the distant future.
It is more than six months since the controller of e-commerce assumed office under the Ministry of Information Technology. Six months is a long time to make at least a start. But, almost nothing has happened so far. The certifying authorities are still not in place.
The process is taking so long because the application forms cannot be issued to the companies willing to become the certifying authorities. The application forms cannot be issued because the booklet that will go with the application forms is not yet ready! The booklet is not yet ready because the regulations that will be published in this booklet are not yet finalized. The regulations are not finalized because they have to go to the IT Ministry, the Law Ministry and other concerned ministries before they get finalized. And yet, the official version is that a lot of groundwork has been done!
So, when are we taking off? Well, as early as possible but without any commitments! We are very good at doing the so-called groundwork, but not so good at taking off the ground. So what if the certifying authorities are not yet in place, the Auditors Panel is already in place to audit the hardware and software infrastructure of the certifying authorities.
As the time passes by, number of authorities, deputies, assistants, panels, committees, sub committees and so on, will go on increasing. We will have a huge bureaucracy for handling the issues related to digital signature, and a miniscule of people using digital signatures.
Certifying authority
So far so good. But, are the companies who want to be the certifying authorities waiting in line to get the application forms and the accompanying booklet of guidelines, rules and regulations? May be they were willing to wait in the line to get application forms when the idea was hot. Not any more.
First of all, the condition that the company should have a paid-up capital of minimum Rs. 5 crore and net worth of Rs 50 crore will eliminate many potential applicants. Secondly, with the dotcom crash and the panic that followed, many companies have gone to the other extreme of believing that e-commerce is dead. So, if e-commerce is dead, who needs digital signatures anyway?
The digital signature needs high-end technology and very high security and reliability on one hand. On the other, it also needs trust of the people who will use the digital signatures. After you put in so much of money and effort in infrastructure, if people are not going to trust you, all the money will go down the drain. That is a scary situation for any company investing a lot on digital signature infrastructure. With a new scam filling up newspaper columns every day, it is a difficult task to win the trust of people at the moment.
Many companies all over the world have even been using proprietary digital-signature technology for decades as part of electronic data interchanges, even before the Internet- based e-commerce came into existence.
Changing digital technology
Digital signature technology is not a technology that will always remain the same. For now, your digital signature is likely to be a simple bit of encryption embedded in your PC that tells other computers that your request for a commercial transaction over the Internet is coming from your computer. At its most basic level, digital signatures are nothing more than blocks of data -- strings of 1s and 0s --- that have been scrambled by some type of encoding algorithm.
Computer-security companies design and incorporate these algorithms into software that customers can download from the Internet. These so-called asymmetric algorithms use two separate keys -- a private key and a public key. One key is to encrypt the message and the other to decipher it. With two keys at either end of transaction, a consumer using a digital signature and a company providing a service over the Internet could do business without divulging anything beyond that specific transaction.
There is also one more point to remember when talking about digital signatures. Unless a desktop PC is secured with a password that is known to only an authorized person, it is not the right place for transacting business with digital signatures. A PC can be easily hacked into and is unsafe.
Some security companies now offer a roaming service that lets users enter a PIN on any Internet connection and reconstruct their private key -- a big step toward creating truly portable digital signatures.
Another portable alternative is available in the form of an encrypted signature stored in a smart card that every desktop PC with a smart card reader can read. People can execute their signatures by inserting their smart card and typing in the PIN code.
For the ultimate in authentication, some sort of biometric technology will have to be used. Most likely, technologies for that could include desktop retinal scanners or fingerprint scanners. Scientists say all of these minute physical
measurements would prove nearly impossible to duplicate and just as impossible to separate from the user's identity. But, if we remain tangled in the web of bureaucratic rules and regulations we will never be able to catch up with these new technologies. We will not be able to sign off with a "Yours Digitally" signature.
Ashok Dongre is an advertising and marketing professional, specializing in website design. You can contact him via e-mail at
dongre@usa.net