ECAC – A Regulatory Body under MoIT for E-Transactions in Pakistan and to ensure Security of Digital Economy
Exclusive Interview conducted by Zubair Kasuri
Brig (R) Viqar Rashid Khan
The News talks to Chairman ECAC – Brig (R) Viqar Rashid Khan who says that the approval of the first ever E-Commerce policy framework, by the Federal Cabinet, is a monumental achievement and a major step towards the realization of the “Digital Pakistan” a vision of PM. We believe this is an extremely positive development and would indeed result in economic prosperity for the nation through the promotion of E-Businesses, the creation of jobs for the youth and numerous opportunities for the IT industry of Pakistan
We believe the ECAC can play a pivotal role in the success and realization of the Digital Pakistan vision and the E-Commerce Policy of Pakistan
Please Introduce ECAC?
With the increase of electronic means and development of E-Commerce and internet banking, regulatory laws have been framed which provide legal recognition to electronic transactions. The Paper-based concept of identification, declaration and proof are carried through the use of digital signatures in an electronic environment. Digital signatures are electronic signatures based on Public Key Cryptography. Like other countries in the world, Pakistan has also formulated Electronic Transactions Ordinance 2002 (ETO) to provide legal coverage to electronic transactions. It provides a legal framework to recognize and facilitate documents, records, information, communications, and transactions in the electronic form enabling digital signatures to be accepted at par with handwritten signatures.
Electronic Certification Accreditation Council (ECAC), was established by the Federal Government of Pakistan under Section-18 of Electronic Transactions Ordinance, 2002 (ETO) as an autonomous body under the Ministry of Information Technology & Telecom (MoIT), Government of Pakistan.
ECAC being a regulatory body has enforcement powers to regulate electronic transactions.
What is the Objective of ECAC?
The future of Pakistan is a digital economy. The role and mandate of ECAC is to ensure security of the digital economy through enforcement and regulation of Encryption/PKI (Public Key Infrastructure). The main objective of the body is to provide a framework to recognize and facilitate documents, records, information, communication and transactions in the electronic form enabling digital signatures to be accepted at par with handwritten signatures. ECAC aim to achieve a secure future for the economy and the country and to facilitate in implementation of ‘Digital Pakistan’ — a vision of Govt. of Pakistan.
What are the Functions of ECAC?
Primary functions of the Council are to Grant and Renew Accreditation Certificates to Certification Service Providers and their cryptography services; Monitoring and ensuring compliance by Accredited Certification Service Providers (ACSP) with the terms of their accreditation and revoke or suspend accreditation in the manner and on the grounds as may be specified in regulations; To establish and manage the repository; To carry out research and studies in relation to cryptography services and to obtain public opinion in connection therewith; To recognize or accredit foreign certification service providers; To encourage uniformity of standards and practices; To give advice to any person in relation to any matter covered under ETO.
Certificates issued by ACSP are only Digital Certificates accepted by Courts of Law. No Court inferior to Court of Sessions has jurisdiction to try cyber-crimes under this law. Operating in the public interest across all market sectors, accreditation determines the technical competence, reliability, and integrity of conformity with assessment bodies. ECAC Accredited Certificate Service Provider works through a process of transparent and impartial evaluation of these organizations against internationally recognized standards and other requirements. Accredited conformity assessment is one tool that is helping businesses not only to comply efficiently and effectively with regulations and standards around the globe but also to gain competitive advantage and to expand into new markets including those overseas.
Is it Necessary to get accredited by ECAC?
Yes it is necessary for all Certificate Service Providers’ (CSP) to get accreditation by ECAC. Without being accredited by ECAC, digital certificates issued by any CSP are not acceptable in any Court of Law.
What is Digital Signature Trust?
A Digital Signature Certificate authenticates your identity electronically. It also provides you with a high level of security for your online transactions by ensuring absolute privacy of the information exchanged using a digital certificate. You can use digital certificates to encrypt information such that only the intended recipient can read it. You can digitally sign information to assure the recipient that it has not been changed in transit, and also verify your identity as the sender of the message. ECAC is playing it’s part to ensure the importance of Digital Identity in Digital Pakistan.
What is the Role of ECAC in the recently approved E-Commerce Policy Framework?
The approval of the First-Ever E-Commerce policy framework by the Federal Cabinet, is a monumental achievement and a major step towards the realization of the “Digital Pakistan” a vision of PM. We believe this is an extremely positive development and would indeed result in economic prosperity for the nation through the promotion of E-Businesses, the creation of jobs for the youth and numerous opportunities for the IT industry of Pakistan. Within a digital economy/country, the elements of trust & security form the foundation on top of which digital systems, services, and businesses must be built. As Pakistan embarks on its journey towards becoming a truly digital economy, the establishment of regulatory framework for ensuring data protection, establishing trust, and maintaining security of all digital transactions, documents, and systems are thus essential. Moreover, the E-Commerce Policy of Pakistan has stressed on the importance of establishing effective data protection as well. As electronic digital signatures and certificates are essential components of every E-Commerce and digital system, hence, to ensure security and establish trust in the system, we believe the ECAC can play a pivotal role in the success and realization of the Digital Pakistan vision and the E-Commerce Policy of Pakistan.
What is the Vision of ECAC?
ECAC is committed to achieving ‘Digital Pakistan’ — a vision of Govt. of Pakistan:
- E-Procurement Etc.
Establishing TRUST is fundamental for a Secure Future.
What is the Future Road Map of ECAC?
- Establishment of National PKI / Root CA
- Develop & Enforce New Regulations – to support the Digital Economy
- Establish R&D Teams/Labs – for Future Innovation
How is ECAC playing it’s part in R&D?
ECAC deliberation by associating key educational institutions in research and development (R&D) for installation of National Root PKI System at ECAC is a step to invigorate the IT professional youth with the developing technology of Public Key Infrastructure (PKI) in Pakistan. It is hoped that with the support of MoIT, ECAC will play its role in creating trust for e-commerce/ e-governance as envisaged in a Digital Pakistan by the Honorable PM of Pakistan, and MoIT.
What is the Role of ECAC in the Secure Digital Economy?
The role of ECAC as a Conformity Assessment Body (COB) shall operate in the public interest to secure digital economy across all market sectors in Pakistan. Accreditation determines the technical competence, reliability and integrity of conformity assessment bodies. These are organizations that check conformity and compliance with standards and regulations through testing, verification, inspection and calibration. Accreditation works through a process of transparent and impartial assessment against internationally recognized standards and other requirements.
Enforcement of ETO 2002?
ETO provides required legal sanctity to the digital signatures and they can now be accepted at par with handwritten signatures. All Companies, Individuals, Firms engaged in Electronic transactions and Encryption services are mandated under ETO to be accredited from ECAC to make electronic transactions more Secure, more Reliable and worldwide acceptable.
ETO is mainly focused on the security of electronic transactions that follows standards mentioned in the ECAC Certificate Service Providers Regulations. i.e. ISO21188, ISO 27006, ISO 27001 and ISO 27002 for CSPs.
ECAC registers Information Security Audit Companies that can be engaged by the Electronic Certification Service Providers to conduct an information security audit of Digital Certificate Service Providers facilities under the Electronic Certification Accreditation Council Regulations.
For National Authorities and Regulators, accreditation underpin conformity for Ease of Doing Business which means businesses spend less time tied up with bureaucracy. The paper-based concept of identification, declaration and proof are carried through the use of digital signatures in an electronic environment. Digital signatures and cryptography services involved in e-transactions need accreditation for ensuring their integrity.
What benefit does accreditation provide?
For National Authorities and Regulators, confidence in the conformity assessment process underpinned by accreditation standards of ECAC can be used to support a lighter touch approach to allied regulations which in turn means that businesses spend less time tied up with bureaucracy.
Multilateral arrangements between national accreditation bodies have also helped to make accreditation an internationally recognized ‘stamp of approval’ to demonstrate compliance against agreed standards and requirements. These arrangements provide governments and regulators with a credible and robust framework on which to further develop and enhance government-to-government bilateral and multilateral international trade agreements.
Accreditation of appropriate authorities such as FBR/SECP/NADRA/E-PASSPORT/ECP in procedures of electronic transactions and record shall build an effective security system and provide a strong level of confidence to the public at large of their personal information with these authorities.
Electronic Certification Accreditation Council (ECAC), was established by the Federal Government of Pakistan under Section-18 of Electronic Transactions Ordinance, 2002 (ETO) as an autonomous body to regulate E-Transactions under the Ministry of Information Technology & Telecom (MoIT), Government of Pakistan.
Present Composition of the Council is as under;
- Brig ® Viqar Rashid Khan – Chairman ECAC
- Ahsen Saeed Zaidi – Member ECAC
- Mahir Mohsin Sheikh – Member ECAC
- Saad Naeem Zafar – Member ECAC
- Hasnain Ashraf – Member ECAC