Monday, November 24, 2014

Is India ready for eGovernance?

Since opening of Indian economy to the world, and proliferation of Internet all over, we are seeing more and more services provided by the government is becoming web centric. It means a lot, at least to the technology savvy young public, as they are able to get information literally on their finger tips by accessing very useful information on their smart phones and laptops.

But, as a old time Information Technology (IT) professional, I notice that many a times, implementation by government departments leaves much to be desired. Most of government websites are designed and maintained by National Informatics Centre (NIC).

I'll give some example to illustrate, what I mean.

1. Scant regard for IT Security

I will be able to best illustrate this point by showing screen-shots of few prominent government websites.

a. Error shown below is for a page on NSDL site that take you to a page that allows you to make TDS payments under Form 280, 281 etc. What it means that this page does not have valid SSL certificate. Certificate installed on this page is for other two sites.

The landing page has a valid SSL certificate but in a round about manner using SAN value.

Possibly this page has become obsolete over a period of time but it is still there on the NSDL website and still gives error shown below.

This 'Mismatched Address' SSL error on Aadhaar/UIDAI site is really not expected. The error is due to improper usage of a wildcard SSL certificate.

b. Error shown below is seen while doing 'Upload' of TDS return after logging in to eTDS/TCS website with proper credentials. It basically means that Jar file (Java executable file/application) is not digitally signed. If it was digitally signed using Code Signer Certificates for Java, possibly this error would not have appeared.

How does a user - who would be a accountant or tax consultant would react to such an error message. He would simply learn to 'ignore' all such errors and get his work done, somehow. But this tendency of ignoring errors could land him in great trouble if he is redirected to a phising site - which would steal all his confidential data and possibly install Trojan or a malware that would make his PC a part of a botnet.

Also, using Java applications for websites is considered very dangerous because of numerous vulnerabilities discovered over so many years. Here is an informative article on - whether one should uninstall Java.

2. Poor Design and coding of Web Applications
One has to find out by trial and error as to how to make certain sites work.

a. Website doesn't accept Amount with decimal points: Check Challan Status link of NSDL site (see below) does not like if you enter amount with decimal points! See screen-shot below, where if we enter amount with decimal points it gives error saying 'Please enter valid amount'.

Is it easy for any one to guess that he is not supposed to type in decimal point and two zeros after that?

In fact, few years back there was a site which required decimal point and two zeros to be compulsorily added to a number to make it work. If decimal and zeros were missing then system would throw an error.

b. Many sites don't accept valid Email ids: I have noticed many instances where a website or Excel Form will not accept certain valid Email id. For example, Form 280 (TDS) payment website does not accept an Email id if it has dash "-" in the Email id. Same issue is with Excel Form by Maharashtra VAT Departments for VAT returns. For example if Email id is it will be rejected, though could be a real registered domain.

Some sites while giving an error - unnecessarily resets values of certain fields without any reason. Below given example of Form-281 for TDS payments is a good example of such poorly designed system.

c. Aadhaar side does not accept valid 12 digit Aadhaar numbers: This error on Aadhaar site is craziest of all.

d. File Attachments sent by CPC, Bangalore (Income tax) are without Date and Time Stamp: Whenever I get any Email with attachments from CPC, Bangalore the file attachments are not having any date and time stamp. So, one can never be sure when such files were created by them in first place. Also, another problem is that while backing up such undated files backup software does not like and throws warnings because it works on date & time stamp to find out which is the latest file.

It is left to anybody's guess as to while should an Income Tax Assessment order which is digitally signed by the assessment officer should be undated.

e. Maharashtra VAT department's website and systems do not allow change of registered Email id, no matter what you do: We had registered Email id with Sales Tax (now VAT) department many years back. But, over a period of time we switched to a mail id using our own company domain. We changed registered mail id at most places except with Maharashtra VAT department.

We gave feedback on website saying our Email id has changed but nothing happened. We wrote grievance form after logging in to their website - nothing happened. We called helpdesk they could not help. We wrote letter and hand-delivered to the assessment officer - nothing happened. Once I had a chance to meet VAT Commissioner and I told him about it. His reaction was as if I was taking up a silly issue! And he did not take note of it for correction. May be that RTI may work.

But, result is that we don't get any circulars/ notices / information mails from VAT department. Is 'Ignorance a bliss'? Perhaps 'yes' but ultimately No.

More on this later.