In India, digital signature became legally valid in October after the IT Act 2000 was passed. And then it was time to get a system in place. This led to the birth of The Controller of Certification Authorities of India (CCAI), a government body that will be the watchdog for the business of digital signatures in the country. However, CCAI will not directly evaluate those willing to become Certification authorities (CAs). The CCAI will appoint auditors on whose recommendations the licenses would be issued. The CCAI has now finally made the move to appoint Certification Authorities (CAs). As a first the step CCAI will start accepting application from those willing to become CAs from the 4th of April 2001.
A panel of more than a dozen of corporates has been finalized as auditors to audit facilities of those desiring to become certifying authorities. The list of auditors includes the major audit and consulting firms in India like Ernst & Young, Price Waterhouse Coopers, Arthur Andersen. These companies with their expertise in the area of organizational audit would be at an advantage to audit organizational processes. The others appointed as auditors also include technology majors like Wipro, Tata Infotech, TCS and Mahindra BT. The edge these companies have is the understanding of technology. Therefore, the systems audit can be expected to be the playing field for these technology companies.
However, in the sensitive matters like audit for CA license, the creditability of the auditor and the global experience is going to be a very critical criterion, which will help the auditors clinch deals. Tata Infotech has been one of the very few Indian companies that has had an eye on the securities market for quite sometime now. However, the expectations of the company regarding the market are very realistic and they expect the markets to grow gradually.
The pace of e-commerce in India depends on the pace of the development of Infrastructure. According to a survey by a consulting firm the biggest impediment to the development in e-commerce was not the lack of security (contrary to the popular misconception) but the lack of systems being in place. Needless to say as e-commerce transactions begin to grow in volumes, security will become the primary concern. But right now the imperative is to get started.
The Indian e-security solutions and services market is expected to be worth Rs 4.6 bn in 2000 and is expected to grow 10 times over the next two years. Though the projections are quite optimistic the demand for e-security is a function of the growth in e-commerce in the country. What is interesting is the fact that the share of IT spend that e-security gets in India is just 0.8% compared to the global figures of 5.5%. This could be due to the fact that the companies in India have not suffered major losses to be able to appreciate the necessity of greater spending for e-security.
However, the government too needs to get its act together. The CCAI’s office is being put into place and the strength of the office is being increased with three new deputy controllers. The new deputy controllers will handle three different specializations, which include technology, intelligence and finance/ legal. The first meeting of the auditors with the CCAI will take place on the 10th of April 2001 to finalize the procedures for preliminary and main audits of the applicant corporates.
In a move to get things into place swiftly the CCAI has stipulated a four-month time frame for the applicant companies to get their audit completed. If the companies fail to meet the deadline the process of application would have to be started all over again. The licensing of certification authorities is going to be an ongoing process without any last date of filing the applications. The government has decided to keep away from putting a cap on the number of players in the market and wants the market forces to decide. The onus in now on the auditors, appointed by the government, to maintain strict standards of ethics in the certification process.
However, things are not going to zoom from here. There are a few impediments; according to the guidelines a CA may accept up to Rs 25, 000 for issuing a digital certificate. With such a high cost not many, other than a few MNC and large corporates, will be able to have one. Also, there is the critical issue of bandwidth availability for transaction on the net, which is to be resolved though a lot is being done on the front.
Slowly and surely the process to develop infrastructure for e-commerce in India is moving. As the volumes pick up our software companies will not have to look very far for markets. As most of them derive significant proportions of their revenues from e-commerce solutions they will have big business in the country itself.