With an objective to kickstart work on developing India’s own web browser, the Ministry of Electronics & Information Technology (MeitY) has launched the Indian Web Browser Development Challenge (IWBDC) for Indian tech enthusiasts and innovators on August 9, 2023.
According to a press release issued by MeitY, the Indian government is envisioning to build a web browser, which will have its “own trust store with an inbuilt CCA India root certificate.” This essentially means that the browser will by default trust websites that have SSL certificates issued by CCA-regulated authorities, which is problematic given the history of these authorities (more on this below).
Quick context: The Controller of Certifying Authorities (CCA) licenses and regulates the working of Certifying Authorities in India. Certifying Authorities issue digital certificates called Secure Sockets Layer (SSL), which essentially authenticates a website’s identity and enables an encrypted and secure connection between two systems online. The certification protects user information on a website.
Speaking at the launch, Arvind Kumar from CCA highlighted that currently, India depends on SSL certificates issued by foreign entities as foreign browsers only trust those certificates. To reduce this dependence, the Indian government’s vision is to build a web browser that can automatically trust certificates issued by Indian authorities approved by the CCA.
Article continues below ⬇, you might also want to read:
- Indian Govt Probing Unauthorised Digital Certificates Issued By NICCA
- Views: Why India’s “Indigenous” Smartphone Operating System BharOS Is Overhyped
- Indian Govt Denies Plans Of Smartphone “Security Testing” Or Crackdown On Pre-Installed Apps
- Summary: Parliamentary Panel Proposes Establishing Cyber Protection Authority And Overhauling Cybersecurity Regulations For Financial Sector
“Proposed browser would also focus on accessibility and user friendliness, ensuring built-in support for individuals with diverse abilities. Moreover, the browser envisions the ability to digitally sign documents using a crypto token, bolstering secure transactions and digital interactions,” the press statement added.
The IWBDC will be led by MeitY, CCA, and the Centre for Development of Advanced Computing (C-DAC), Bangalore. The Ministry has announced total cash prizes worth Rs 3.41 Crore for the challenge.
Why it matters: Indian Certifying Authorities have been under the scanner in the past for issuing unauthorised certificates, an issue that was also flagged by Google and Microsoft. In 2014, the CCA initiated a probe into the unauthorised certificates issued by National Informatics Centre (NIC), which provides technical infrastructure for most government websites. Microsoft had also flagged the issue of “improperly issued” SSL certificates. It was further discovered that the NIC’s digital certification unit was also hacked, thus exposing lakhs of digital certificates to security vulnerabilities.
Commentators on the micro-blogging platform X, however, have highlighted that Indian SSL certificates are not trusted by major web browsers.
Indian SSL certificates are not trusted by any major web browsers. Even goverment websites use certs issued overseas.
Government's solution for this: create an Indian browser (through competition) that is required to trust Indian certifying authorities. https://t.co/BHWc0xjw85
— Aroon Deep (@AroonDeep) August 10, 2023
Given the history, it is worth deliberating upon the factors that render India’s certifying authorities untrustworthy for commonly used browsers in order to ensure safety for Indian users, e-commerce companies, and businesses.
Note: The headline was edited at 11:08 AM on August 11, 2023, for clarity.
STAY ON TOP OF TECH NEWS: Our daily newsletter with the top story of the day from MediaNama, delivered to your inbox before 9 AM. Click here to sign up today!