TEXT: Digital Economy is transforming the way businesses, governments and societies interact and operate. A tremendous revolution in the world of communication has led to change the means of business transactions what we call E-commerce or Electronic Data. With the development of E-commerce over the globe, legislations have been made throughout the world to regulate the E-commerce.
The convenience and flexibility of the services and products available on the Internet have meant that all aspects of our lives are now increasingly being digitized. However, there is also an increasing concern about the privacy and security of the individuals and organizations, alike. To this end, electronic certificates, are commonly used to ensure higher levels and assurances of electronic identities and content integrity of electronic transactions. In fact, the use of electronic certificates to enhance security and privacy has now gained global acceptance in both the public and private sectors.
ELECTRONIC TRANSACTIONS ORDINANCE (ETO) 2002
Like other countries of the world, in Pakistan legislation has been formulated under the Electronic Transactions Ordinance (ETO) 2002. The legal framework of ETO regulates the electronic transactions and provide means to recognize all electronic data and electronic signatures in term of their validity or invalidity. The objective was the establishment of legal obligations on one side and the recognition of electronic records on the other side.
ELECTRONIC CERTIFICATION ACCREDITATION COUNCIL (ECAC):
ECAC has been established by the Federal Government of Pakistan under Section-18 of the Electronic Transactions Ordinance (ETO), 2002 as an autonomous body and operates under the Ministry of Information Technology &Telecom (MoITT), Government of Pakistan. It provides a legal framework to recognize and facilitate documents, records, information, communications, and transactions in the electronic form enabling digital signatures to be accepted at par with handwritten (wet) signatures. ECAC is mandated to grant accreditation to any Certificate Service Provider (CSP) who intends to work as an Accredited Certificate Service Provider. All companies, individuals or firms engaged in the business of electronic services are required to get themselves accredited with ECAC in their own business interests. The Certificate of Accreditation aims to make electronic transactions more secure, more reliable and worldwide acceptable.
COUNCIL COMPOSITION
Present Council Members comprises of:
Engr. Miraj Gul – Chairman
Mr. Shahzad Sami – Member
Mr. Ghulam Mustafa – Member
Mr. Abdul Wahid Khan – Member
DIGITAL SIGNATURE CERTIFICATES
A digital signature is a specific type of electronic signature (e-signature) which relies on public-key cryptography to support identity authentication and provide data and transaction integrity and Digital Signature Certificates authenticate your identity electronically. It also provide a high level of security to online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. One can use digital certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information with assurance to the recipient that it has not been changed in transit, and also verify your identity as the sender of the message. Unlike a handwritten signature, a certificate-based signature is difficult to forge because it contains encrypted information that is unique to the signer.
ECAC TO SECURE E- COMMERCE
The E-Commerce policy framework of Pakistan, is a monumental achievement and a major step towards the realization of the “Digital Pakistan”. We believe this is an extremely positive development and would indeed result in economic prosperity for the nation through the promotion of E-Businesses, the creation of jobs for the youth and numerous opportunities for the IT industry of Pakistan. Within a digital economy/country, the elements of trust & security form the foundation on top of which digital systems, services, and businesses must be built. Moreover, the E-Commerce Policy of Pakistan has stressed on the importance of establishing effective data protection as well. As electronic digital signatures and certificates are essential components of every E-Commerce and digital system, hence, to ensure security and establish trust in the system, I believe the ECAC will play a pivotal role in the success and realization of the Digital Pakistan vision and the E-Commerce Policy of Pakistan.
ECAC CONTRIBUTION TO DIGITAL PAKISTAN VISION
Establishing TRUST in any on-line transaction is a fundamental requirement for Digital Pakistan. ECAC through creation of trust is committed to achieve a secure ‘Digital Pakistan’ — a vision of Govt. of Pakistan in following sectors:
a) E-Governance
b) E-Tax
c) E-Health
d) E-Education
e) E-Banking
f) E-Procurement Etc.
ETO provides required legal sanctity to the digital signatures and these can now be accepted at par with handwritten signatures. All Companies, Individuals, Firms engaged in Electronic transactions and Encryption services are mandated under ETO to be accredited from ECAC to make electronic transactions more Secure, Reliable and worldwide acceptable.
ETO is mainly focused on the security of electronic transactions that follows standards mentioned in the ECAC Certificate Service Providers Regulations. i.e. ISO21188, ISO 27006, ISO 27001 and ISO 27002 for CSPs.
INFORMATION SECURITY AUDITORS
ECAC under its regulations registers Information Security Audit Companies that can be engaged by the Electronic Certification Service Providers to conduct an information security audit of Digital Certificate Service Providers facilities under the Electronic Certification Accreditation Council Regulations.
ECAC AS A MEMBER OF WORKING GROUP IV of the United Nations Commission on International Trade Law (UNCITRAL)
Multilateral arrangements between national accreditation bodies and members of United Nations Commission on International Trade Law have also helped to make accreditation an internationally recognized ‘stamp of approval’ to demonstrate compliance against agreed standards and requirements. These arrangements provide governments and regulators with a credible and robust framework on which to further develop and enhance government-to-government bilateral and multilateral international trade agreements.
ECAC understands the importance of international collaborations for development of internationally acceptable regulations and mechanisms for secure electronic transactions. In the context, ECAC’s delegation participated in-person in 62nd UNCITRAL (United Nations Commission on International Trade Law) Session held in Vienna, Austria for the first time. Pakistan’s representation depicted a strong commitment to develop a strong platform to secure and protect the Electronic Transactions rapidly growing under Digital Pakistan policy of the Ministry of IT & Telecom (Govt. of Pakistan).
ESTABLISHMENT OF PUBLIC KEY INFRASTUCTURE (PKI)
ECAC, to fulfill the mandatory obligation under ETO 2002, initiated the process for establishment of Public Key Infrastructure (PKI) for National Root Certification Authority (CA). ECAC’s PKI is inevitable to enable high level of assurance in E-Transactions of the Country. This PKI infrastructure is the set of technology and processes that make up a framework of encryption to protect and authenticate digital communications. PKI uses cryptographic public keys that are connected to a digital certificate, which authenticates the device or user sending the digital communication. It will be globally recognized through Web-Trust audit as per international standards. Today, I am proud to announce the launch of first ever PKI for National Root Certification Authority of the Government of Pakistan. This first Root CA at the National level will be world wide recognized and facilitate in securing the E-Transactions & ensuring data integrity, data confidentiality, strong authentication & non-repudiation. Moreover, will ensure trust, confidence & ease of doing business for online services to the citizens of Pakistan.
Establishment of National Root Certification Authority (CA)
Accreditation of Certifications Service Providers (CSPs), is one of the main functions of the Council, to provide legal sanctity to digital signatures based upon the principle of equivalence to handwritten (wet) signatures.
ECAC through National Telecom Corporation (NTC) at it’s cloud-based Data Centre premises has successfully achieved launching of effective implementation, enforcement, creation and management of PKI (Public Key Infrastructure) today.
PRIVILEGE TO APPROPRIATE AUTHORITIES
For National Authorities and Regulators, accreditation underpin conformity for Ease of Doing Business which means businesses shall spend less time tied up with bureaucracy formalities. The paper-based concept of identification, declaration and proof are carried through the use of digital signatures in an electronic environment. Digital signatures and cryptography services involved in e-transactions need accreditation for ensuring their integrity.
TRUST AND SECURITY
Within a digital economy the elements of Trust & Security forms the foundation on top of which digital systems, services and businesses must be built. As Pakistan embarks on its journey toward becoming a truly digital economy, establishment of Regulatory frameworks for ensuring data protection, establishing trust, and maintaining security of all digital transactions, documents and information systems are thus essential.
I, on behalf of the Council, expect that the role and the exclusive mandate granted to ECAC will be respected by all stakeholders. By addressing the increasing concern about the privacy and security of the individuals as well as organizations, ECAC endeavors for keeping the nation abreast with the ever-changing trends of E-commerce while protecting the interest of all related stakeholders.
Copyright Business Recorder, 2022
Comments
Comments are closed.