Is India ready for eGovernance?

Since opening of Indian economy to the world, and proliferation of Internet all over, we are seeing more and more services provided by the government is becoming web centric. It means a lot, at least to the technology savvy young public, as they are able to get information literally on their finger tips by accessing very useful information on their smart phones and laptops.

But, as a old time Information Technology (IT) professional, I notice that many a times, implementation by government departments leaves much to be desired. Most of government websites are designed and maintained by National Informatics Centre (NIC).

I'll give some example to illustrate, what I mean.

1. Scant regard for IT Security

I will be able to best illustrate this point by showing screen-shots of few prominent government websites.

a. Error shown below is for a page on NSDL site that take you to a page that allows you to make TDS payments under Form 280, 281 etc. What it means that this page does not have valid SSL certificate. Certificate installed on this page is for other two sites.

The landing page has a valid SSL certificate but in a round about manner using SAN value.

Possibly this page has become obsolete over a period of time but it is still there on the NSDL website and still gives error shown below.


This 'Mismatched Address' SSL error on Aadhaar/UIDAI site is really not expected. The error is due to improper usage of a wildcard SSL certificate.

b. Error shown below is seen while doing 'Upload' of TDS return after logging in to eTDS/TCS website with proper credentials. It basically means that Jar file (Java executable file/application) is not digitally signed. If it was digitally signed using Code Signer Certificates for Java, possibly this error would not have appeared.

How does a user - who would be a accountant or tax consultant would react to such an error message. He would simply learn to 'ignore' all such errors and get his work done, somehow. But this tendency of ignoring errors could land him in great trouble if he is redirected to a phising site - which would steal all his confidential data and possibly install Trojan or a malware that would make his PC a part of a botnet.

Also, using Java applications for websites is considered very dangerous because of numerous vulnerabilities discovered over so many years. Here is an informative article on - whether one should uninstall Java.

2. Poor Design and coding of Web Applications
One has to find out by trial and error as to how to make certain sites work.

a. Website doesn't accept Amount with decimal points: Check Challan Status link of NSDL site (see below) does not like if you enter amount with decimal points! See screen-shot below, where if we enter amount with decimal points it gives error saying 'Please enter valid amount'.

Is it easy for any one to guess that he is not supposed to type in decimal point and two zeros after that?

In fact, few years back there was a site which required decimal point and two zeros to be compulsorily added to a number to make it work. If decimal and zeros were missing then system would throw an error.

b. Many sites don't accept valid Email ids: I have noticed many instances where a website or Excel Form will not accept certain valid Email id. For example, Form 280 (TDS) payment website does not accept an Email id if it has dash "-" in the Email id. Same issue is with Excel Form by Maharashtra VAT Departments for VAT returns. For example if Email id is abc@pqr-india.com it will be rejected, though prq-india.com could be a real registered domain.

Some sites while giving an error - unnecessarily resets values of certain fields without any reason. Below given example of Form-281 for TDS payments is a good example of such poorly designed system.

c. Aadhaar side does not accept valid 12 digit Aadhaar numbers: This error on Aadhaar site is craziest of all.

d. File Attachments sent by CPC, Bangalore (Income tax) are without Date and Time Stamp: Whenever I get any Email with attachments from CPC, Bangalore the file attachments are not having any date and time stamp. So, one can never be sure when such files were created by them in first place. Also, another problem is that while backing up such undated files backup software does not like and throws warnings because it works on date & time stamp to find out which is the latest file.

It is left to anybody's guess as to while should an Income Tax Assessment order which is digitally signed by the assessment officer should be undated.

e. Maharashtra VAT department's website and systems do not allow change of registered Email id, no matter what you do: We had registered vsnl.com Email id with Sales Tax (now VAT) department many years back. But, over a period of time we switched to a mail id using our own company domain. We changed registered mail id at most places except with Maharashtra VAT department.

We gave feedback on website saying our Email id has changed but nothing happened. We wrote grievance form after logging in to their website - nothing happened. We called helpdesk they could not help. We wrote letter and hand-delivered to the assessment officer - nothing happened. Once I had a chance to meet VAT Commissioner and I told him about it. His reaction was as if I was taking up a silly issue! And he did not take note of it for correction. May be that RTI may work.

But, result is that we don't get any circulars/ notices / information mails from VAT department. Is 'Ignorance a bliss'? Perhaps 'yes' but ultimately No.

More on this later.

Cost of outsourced work

For last few years outsourcing work is routinely adopted by companies to reduce costs. Now a days we see various non-core activities like after sales service, salary payments, marketing activities, claim processing, event management, house-keeping, physical security of premises and so on - are routinely handled by outside agencies. While cost reduction may be true in short run - there is a cost that a company pays for outsourcing its activities.

For example, look at the quality of service provided by outsourced agencies for After Sales Service. Is there any credible proof that outsourced agencies can offer to its customers that their customer's are served well and are happy with their service? I doubt.

Take this instance of a leading software product vendor who routinely outsources its Dealer Incentive scheme management to third parties.  Yesterday we learnt about a dealer scheme from this vendor's newsletter and clicked on the link to register for the same. And we got a Google advisory saying:

Site is listed as suspicious - visiting this web site may harm your computer.
Part of this site was listed for suspicious activity 1 time(s) over the past 90 days.

What happened when Google visited this site?

Of the 2 pages we tested on the site over the past 90 days, 2 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 2010-03-13, and the last time suspicious content was found on this site was on 2010-03-13.
Malicious software is hosted on 2 domain(s), including waimaighaiphahxi.in/ , weedshop.org/ . 

I brought this to the notice of the Agency who was administering this scheme with copy to Partner Account Manager of the software vendor. In about 1 hour I got a telephone call from the Agency - a girl told me not worry - as we were pre-registered for the scheme!! When I asked her about Free Malware given out to the dealers upon registration - she feigned ignorance and said she will check up. There is no response from software vendor yet.

Few days back I had written to the same vendor's Senior Manager asking him if any quality checks are in place to ensure that all dealers are informed about the "schemes" launched by them and agency informs and distributes the incentives in time? After a reminder I got a email saying all distributors are advised to include my email id in all their communications to dealers! I asked him why have I not received the Incentive after 10 weeks of scheme closure - I've yet to receive any reply. Of course, I did not ask him about the schemes - which we did not know about - and lost out on incentives in this period of  4 to 5 months.

Take another example, recently we got cheque of more than Rs.1,00,000/- from one of customer through their outsourced agency - a bank - who makes payment to vendors on behalf of this party. Can you believe that this payment was already made to us few months back - as an advance payment after deducting TDS? When we pointed this out to the customer they asked for the cheque back by courier. Not a word of appreciation or complaint! Is this a routine? I believe so. Else how can you explain customer behaviour as noticed by us?

Believe me, this incident is not an isolated incident. We see about 1 or 2 incidents every year like this and return the cheques.