Imagine. This word gives people the freedom to think what they want, to live in a world of their own creation where normal rules don’t apply. Now imagine this: You are sitting at home, planning a trip abroad. You go onto the internet, reserve a plane ticket and hotel accommodation, then discover that your passport has expired. So you renew it online, get confirmation of the success and completion of the procedure and finally apply for and receive your visa via email. While you’re at it, why not request a couple of birth certificates (in case of any emergencies), and at the same time sign and approve some confidential documents from the bank regarding a new loan — all this without leaving your seat.
Imagine that this could happen in Egypt in the coming 10 years.
Prime Minister Ahmed Nazif has been conjuring an e-government since his earliest days as minister of communications and information technology. Now with the new e-Signature system approved, he has taken a massive stride toward turning his dream into a digital reality. The e-Signature project will help the government stand toe-to-toe with first-world countries when it comes to communication between its agencies, banks, the private sector and citizens. With an initial investment of around LE 60 million, the government means business.
e-Signature: The Technology
An e-signature is one of the most widely used and effective tools for securing information online. Unlike a normal password, an e-signature is used to prevent any tampering with the document after it is electronically signed. It also authenticates the contents and source of the document before it is signed and can include a time stamp that authenticates the time of creation or modification of information.
It is the backbone of the electronic data transfer system, and its success depends on the extent to which corporations and government agencies use the technology to facilitate bureaucratic tasks.
e-Signature and the Government
The entire e-Signature system is a matrix of operational units, mechanisms, procedures and laws that must interact and communicate together and with international bodies. As with any nationwide service or technology, there has to be a supervisory agency; in the case of e-signatures, it is the Information Technology Industry Development Agency (ITIDA).
Dr. Sherif Hashem, ITIDA’s executive vice president, has clearly spent much time in recent months explaining the entire e-signature concept to curious outsiders.
“E-signatures are like pens,” he says, “but with an added level of complexity, since each signature will have a purpose and will be given to the individual based on their position within the organization. This signature will expire once they leave the organization.”
ITIDA will act as the national coordinator for e-Signatures and has issued licenses to four certification service providers (CSP) and one government Certification Authority (CA) that represents e-government. ITIDA will audit and supervise all five, meaning that government employees will have two keys: one for usage in intergovernmental communication published from the government CA, the other when dealing with the public, published from one of the CSPs.
Corporations that want to integrate e-signatures into their operations don’t need to migrate to a new information system, they just need to add the required modules. But before corporations decide on changing to an e-signature-based platform, it must know exactly how and where it wants to use e-signatures — after all, in the real world not all documents are signed.
For e-signatures to work, all published signatures must be compatible with each other and with other internationally published keys. This is why ITIDA contracted German specialist firm Giesecke & Devrient to establish the “rootCA” that will be responsible for creating the interoperable infrastructure for e-Signature. According to Hashem, “We have cooperated with European and Asian countries who have experience with implementing e-Signature to benefit from their experience and expertise. I believe that we — Egypt — are not far behind the rest of the world, we are in the same phase of the learning curve.”
Applications and clients are critical for e-signatures to succeed, Hashem says. “The main driver for e-Signature is the e-government project. There are a lot of applications, whether within each ministry or between government agencies. The Ministry of Finance will be the first ministry to benefit from e-Signatures.”
The Ministry of Finance (MoF) has contracted the Ministry of Administrative Development to handle the e-Signature project on their behalf. Deputy Minister of Admnistrative Development Dr. Ashraf Abdelwahab says “the Ministry of Finance will be the first to benefit from e-Signature. The clearing process of checks, for example, currently takes seven to 21 days. With e-Signature, this process will take only one business day. The expected revenue increase will range from LE 600-700 million annually. This is in addition to indirect savings resulting from not using manual delivery schemes, such as hiring errand boys.
“Prime Minister Ahmed Nazif has already issued orders that high-level correspondence between ministries and the cabinet will be done via a private network using email,” Abdelwahab notes. “This network is completely secure, but its users are limited. E-Signature will help widen the scope of users of such networks. The infrastructure is there and it is the correct one. The challenge lies in our ability to manage it.
“The first thing after e-Signature is fully operational is to give all check-signers signature keys, which they will start to use immediately; there are almost 4,000 individuals. This will revolutionize cash-transfer procedures between the various ministries’ financial entities, the check clearing authority in banks and the MoF. In five years time, I hope that we will be able to implement e-Signature in between 30-50% of all government agencies. In 10 years time, we are hoping to see a significant number of applications that would change the way goods and services are delivered.”
Cyber Crime
Hashem has a novel idea. “I have a great solution to the problem of car accidents — lets make everyone stay at home.” It may seem a bit nutty on first glance, but that’s Hashm’s point: When cars first appeared on the roads, he says, the first solutions proposed tohelp eliminate traffic accidents was to ban people from driving. And so it is, he says, with those who fear e-commerce opens up new avenues for financial crimes.
“E-Signature is no different than cars,” Hashem continues. “Using cyber crime as an excuse not to use e-signatures is as unreasonable as stopping people using cars to eliminate traffic accidents. The benefits of using e-signatures over conventional signatures are huge, in terms of authentication, storage, archiving and retrieval. Plus, it speeds up various business procedures. These benefits far outweigh the risks, and it is worth the effort.”
Applying new technology on a national scale not only requires highly advanced infrastructure and technicians, it also requires that certain legislative issues and mechanisms are in place prior to the project’s implementation. Additionally, it is vital to educate authorities on how to deal with various legally-binding documents that use e-signatures.
“Fighting cyber crime doesn’t entail only the prevention of hacking or fraud attempts on a technical level; it needs us to have the ability to criminalize these actions,” says Hashem. “Accordingly, there are committees being planned, whose jobs are to fight cyber crime and maintain data integrity. Not all are done for e-Signature, but all will affect the future of e-Signature. The rootCA will have the ability to trace fraud and implement various rules and regulations.
“There is no magical solution that could solve all problems. Of course there is the unrealistic solution; like the solution to the car accident problem — but we have no time for such solutions. It is a continuous race and we need to remain ahead.”
The Business of Security
As technology and electronic informa-tion play an increasingly central role in all aspects of society and government, security in these areas becomes essential. Giesecke & Devrient (G&D, see box) is the market leader in the e-security industry in Egypt, and a major player on the world stage. “In Egypt, we are operating on two main categories of products, first ‘Card Services’ which includes SIM and smart cards, we supply the region with both. Our SIM and smart card clients include Vodafone, Orascom, and Saudi Telecom,” says Amru Kotb, general manager of G&D Egypt. “The second category is government solutions, like the National ID and e-Signature projects, in which we are involved in the back end of the project, and are responsible for the technical training.”
Having the correct tools to produce the right software requires highly talented and experienced programmers. Kotb believes that this is no challenge for a country like Egypt. “Here in Egypt, we only import the SIM operating system, because it is unified all over the world. But with regards to software development, it is all done by home-grown programmers. The biggest difference between Egyptian and German programmers is that the Germans are more systematic about their analysis, they wait for the specs before they work. Egyptian programmers have a trial-and-error style in their work. But at the end of the day the quality of work and the ability to meet deadlines is the same.”
Regarding the future of the business of e-security, Kotb believes, “We are currently at the beginning of the SIM and smart card boom in Egypt. There are almost 20 million users of these cards, with a population of 77 million. Sixteen million people are below 16 years of age, and the degree of penetration is very low. This wave of increase will not slow down for at least 10 years, at which time there will be another wave regarding some new technology. As for government projects like e-Signature, we are now just beginning to build the backbone; in the next phase we will develop applications that will use this backbone. The government offices dealing directly with the public will be most affected by the presence of e-signature based applications.” All in all, a whiff of revolution is certainly in the air.
With 380 employees, the Ministry of Administrative Development is the smallest Ministry in Ahmed Nazif’s cabinet. It was founded in 1976, and at the time, it was not a separate entity, but a committee whose job it was to follow up on government work-flow, ensuring set operational guidelines were adhered to. When new operational guidelines are proposed, the ministry is responsible for ensuring that the government is adhering to the laws set. Its responsibility also includes setting and modifying guidelines for intergovernmental communication protocols.
The Ministry of Administrative Development is responsible for the organizational structure of the government, employee ranks, laws, wages, promotion plans, legislative issues and workflow guidelines that determine how each hierarchal level communicates with other levels, and how communication flows within levels.
According to Dr. Ashraf Abdelwahab, deputy to the Minister of Administrative Development, “As of 2004, our work has been extended even more. When H.E. Ahmed Nazif was appointed as prime minister, he transferred all the e-government tools to our ministry. This meant that training government employees was crucial to realizing the prime minister’s plans. We are focusing on department managers, who currently stand at 8,700 employees.
“We are now cooperating with foreign government training centers by sending department managers to their facilities for training. We are also cooperating with academic institutes like the Spanish IESE, which offers an Executive Development Program and an Executive MBA, as well as corporate entities such as Microsoft. We also had to change the conventional tree-like hierarchal structure within the government to a project-based structure, which would be more suitable when implementing the e-government projects like e-Signature.”
Introducing change to large organizations is a long and difficult process. These difficulties are more pronounced in the government than most corporations. With 700 operational units, not all are on the same level of automation, and not all are accepting change,” says Abdelwahab. “But eventually, on a certain level, there will be automated processes and procedures in all units. But for some personnel, like police officers, it would prove difficult for them to deal with the public with a smart card reader that can read ID or driving license smart cards. There will always be a human factor, no matter how computerized our operations are.”
The Implementers: Giesecke & Devrient
Giesecke & Devrient (G&D) have a long history of operating in security-sensitive areas such as currency printing and processing equipment, the development of smart cards and technological solutions for a range of industries that require information security. The company, now over 150 years old, operates on a global scale, with over 8,000 employees based both at its Munich headquarters and across the world. Amru Kotb has spent 12 years with G&D and was appointed as General Manager of G&D Egypt in 2005.
The first project the company undertook was the National ID Card project, back in 1996. “At the time it was a very big project for us,” Kotb says. “G&D’s risk estimate was much higher than reality; we underestimated the technical prowess of the Egyptian engineers and the acceptance of the public to this new form of ID. Thankfully, we were able to complete the project on time using mostly local resources []. We are currently working to gain the approval of the second generation ID cards, which will be smart cards.”
The company’s second major project in Egypt is the e-Signature system, placing G&D once more at the center of an ambitious, wide-ranging government initiative with significant technological and security requirements.
Autor(en)/Author(s): Tamer Hafez
Quelle/Source: Business Today Egypt, August 2007
