1. October 2000
Information Technology Act 2000 was passed. Use of 128 Bit SSL & Digital
Certificate made mandatory for e-commerce activities. As per IT ACT 2000 for
any electronic document to be legally valid, it should be digitally signed by
Digital Certificate issued by any Licensed Certifying Agency (CA) approve by
Controller of Certifying Agency (CCA).
2. September 2001
Government of Andhra Pradesh (GoAP) Core implementation committee was
formed to implement eProcurement and PWC (Price water house coopers was
appointed as consultant). They were paid Rs. 1.75 Cr for 5 projects, approx Rs. 35
Lakh/Project as consultancy fee. Ref. pwc hired as consultant.pdf.
3. Feb 2002
CCA granted license to Safescrypt on 5th February, 2002, Indiaâ€™s first CA. SAFESCRYPT Ltd, a Satyam Infoway company affiliated with VeriSign Inc,
issued the country’s first digital signature certificate to the Minister for
Communications and IT & Parliamentary Affairs, Mr Pramod Mahajan, at an
official ceremony here on Wednesday.
SafeScrypt is the first Indian company to get a certifying authority licence for
digital signature from the Controller of Certifying Authorities (CCA). The
company received this licence earlier this week.
4. In Feb 2002,
Department of Public Relation, Madhya Pradesh floated a tender for eTendering,
eProcurement which categorically specified that IT ACT 2000 needs to be
complied and Digital Certificate/SSL/PKI should be used to ensure secrecy of
price bid. No MNC consultant appointed to draft tender document. 5 Companies
participate in the same including Applitech Tenercity.com I Pvt. Ltd (Tendercity),
NexTenders, ITI/Antares, CNet, etc.
5. May 2002
Sometime in May 2002, GoAP floated a Tender for eProcurement software more
specifically eTendering and Reverse Auction engine by Govt. of AP. No mention
of PKI/SSL/Digital Certificate â€“ what was Rs. 35 Lakh paid to then to PWC?
6. Mid 2002
Out of many bidders who had submitted the tender a consortium comprising of
C1 India Pvt. Ltd., Microsoft & Antares System Ltd & Compaq had submitted the
bid. Other bidders included companies like Wipro and consortium of Boradvision
and TCS. Consortium head by C1 India Pvt. Ltd (C1) won the tender. GoAP
approves rate of Rs.4500/Tender (GoAP Pays) & 0.24% of the Tender Value
(winning bidder pays to C1 India Directly)
7. In June 2002,
GoAP enters into a secret agreement with C1 India to do a pilot project and not
the consortium which had won the contract? WHY?
8. On 29 th Jan 2003,
www.eprocurement.gov.in launched without compliance to IT ACT 2000, Digital
Certificate, PKI. GoAP gives lame excuse that since Digital Certificates are not
available, hence the same was not integrated in spite of the fact that first Digital
Certificate was issued to Shri. Promod Mahajan as early as Feb 2002.
What started as a Pilot Project for nine months, gets extended for another 9
month unilaterally in spite of the fact that system did not comply to IT ACT
9. Jan 2003
C1 India gets a 128 bit SSL Certificate from Verisign for
www.eprocurement.gov.in domain? WHY?
1.) .gov.in domain belongs to only government organizations, how come the same
was issued to a private company.
2.) 128 Bit SSL was procured from a US Company, whereas IT Act mandates that
it should be procured only from liscensed CA. Why was the same not procured
from TCS, Safescrypt.
3.) TCS, Safescrypt would have never issued a 128 Bit SSL certificate to C1 India
Pvt. Ltd, as .gov.in domain belongs to only Govt. departments. A US company
issued the same without any verification, because they were interested in dollars.
10. March 2003
PWD, Chhattisgarh floats a tender for eTendering with Department of Public
Relations, Madhya Pradesh specifications.
Tendercity, C1 India, Wipro, Antares/ITI, Nex Tener & other 3 companies
participated in the tender. Tender gets awarded to NexTender, a mumbai based
company in spite of Tendercity Being the lowest Bidder.
11. April 2003
C1 quotes to PWD, Chhattisgarh Rs. 1000/Tender as fix service charge
irrespective of Tender Value & No fee to be paid by PWD, Chhattisgarh?
Tendercity shares the same information with GoAP. GoAP calls for a steering
committee and yet no action is taken to revise fee being paid to C1 India i.e.
Rs. 4500/Tender (GoAP pays) & 0.24% of Tender Value (winning bidder pays)
12. July 2003
The first lawsuit under Indian cyber law, Antares Systems Ltd, the Bangalore-
based IT firm, has filed a case against an e-governance project in the Delhi High
Court for alleged infringement of intellectual property rights (IPRs) and unfair
competition. The case has been filed against C1 India Pvt Ltd, a subsidiary of
Nasdaq-listed CommerceOne. The Government of Andhra Pradesh and Principal
Secretary, Department of IT and Communications, AP have been arraigned as
Antares has urged the Delhi HC that C1 India and the AP Government be
restrained from infringing its copyright in its e-tendering software product
Tenderwizard and from relying upon, in any manner whatsoever, the features of
Tenderwizard, said the company’s Senior Vice-President, Mr R. Kamath.
13. July 2003
Indiaâ€™s First Digitally Singed eTender was enabled by Tendercity for Madhya
Pradesh Poorva Kshetra Vidyut Vitran Company Ltd, Madhya Pradesh Electrictiy
Board, MP (MPPKVVCL, MPSEB,MP). 10 Digital Certificates (TCS) were
issued to contractors across India.
14. December, 2003
Northern Railway floats a Tender for eTendering. C1 India, Wipro/NexTender,
Antares, HCL, Tendercity Participated in the tender. Tender awarded to
HCL/Boradvision Consortium. Rate approved Less than Rs.1500/Tender. GoAP
takes no action and does not revise the service fee it pays to C1 India.
15. Feb 2004
Tendercity writes letter to IT Secretary, GoAP, and Principle Secretary GoAP and
bring to their notice that PKI compliance is not there on eprocurement.gov.in and
that the eTendering services available at a very competitive rates in open market.
No Action taken by the GoAP Officers.
16. Mid 2004
On PWC recommendations, JV option was dropped (JV between eTendering
service provider and Government of AP) and eProcurement services was
continued to be used in ASP model
Why did PWD suggested not to go ahead with JV option? probably because in
case of JV Government of AP would have made a lot of money? Total fee
reimbursed by GoAP & Various Bidder to C1 India in last 3 years is in tune of
Crores of Rupees.
If GoAP had procured the software, it would have costed
Rs. 0, because that what C1/PWC quoted to NIC, in December 2004 for
17. July 2004
GoAP steering committee meets in October, 2004. Price bid revised to as follows
w.e.f. 1st April 2004 as follows
- GoAP pays nothing â€“ i.e. Rs. 4,500/Tender waived off
- For Tender<50 Cr â€“ each participating bidder pays 0.04% of Tender value or
Rs.10,000/Tender as processing fee, which ever is higher.
- For Tender>50 Cr â€“ each participating bidder pays 0.04% of Tender value or
Rs.25,000/Tender as processing fee, which ever is higher.
- Still the same is very very high compared to open market rates. GoAP Continues
with C1 India, when the contract though an illegal contract.
- GoAP accepts non compliance of IT ACT 2002 and yet gives C1 India 6 month
period to make their product PKI enabled, by March 2005. Why, was the project
not scrapped in then and then itself till the PKI compliance was not complete.
18. December 2004
PWC Partners with C1 India for NIC tender for eTendering.
Having played a instrumental role in causing great exchequer loss of GoAP, by
recommending ASP Mode,
C1 India reward PWC with partnership for NICTender. C1 ditched PWC (presumably) by quoting Rs.0 as software price to
19. 1st April 2005
Digital certificates made mandatory from April 2005. Digital certificate are used
only of Authentication purpose at time of Login. Only price bids are digitally
signed and leaving room for service provider to tamper with technical bids,
document uploaded, etc.
20. Mid 2005
Tendercity alleges of eProcurement scam in one of the reply it filed in Delhi
High Court. The same document is shared with various AP departments, but no
action is taken.
21. 24th November 2005,
Tendercity demonstrate to IT Secretary Shri Narsing Roa, the loopholes and
security defects in www.eprocuremnet.gov.in in person in his chamber. IT
Secretary assures that proper action will be taken against the culprits.
Tendercity gets an invitation from HUDA for demonstration of security loopholes
in the system but the same is postponed by CE after a brief 5 minute meeting.
Reason for postponement not specified. Subsequent meeting doe not take place.
22. 3rd December, 2005
Tendercity demonstrates to Principle Secretary & MD APTS the security
loopholes in www.eprocuremnet.gov.in and ideal security features that should be
enabled. Principle Secretary IT&C promise to take the appropriate action.
23. 5th December, 2005
GoAP accepts vide their email dated 5th December, 2005 that
1.) www.eprocurement.gov.in is property of GoAP
2.) GoAP sees no harm if a 128 Bit SSL Certificate has be procured from USA
instead from a licensed CA as per CCA norms and that too by C1 India. In
layman terms it means a private company owns www.eprocurement.gov.in
3.) GoAP accepts that till December 2005, price bid submitted by 10,000 of
contractors 9800 eTender enabled so far reached the server in readable fashion
without any encryption, but that OK. Itâ€™s public money and it can go down the
4.) GoAP accepts that only C1 India can access the Price bid of contractors, as
they are the system administrator and super Admin of the website. Since no
government office has access to database, and generally they are corrupt the
system is secure. As per GoAP, private company which has been given the
custody of Rs.32,000 Cr. worth of eTender price bid security are trustworthy and
5.) GoAP states that C1 India does not access the readable price bid of all
contractors that is there in Database, and which can be accessed by C1 India
anytime from anywhere. GoAP goes on record that since not a single case of
tampering has been raised, there is nothing wrong with present system and they
have full faith on C1 India. They have full faith on PWC, so what if they partner
with C1 India for other government departments.
6.) GoAP does not care about Antares software being illegally used, since the
matter is sub-judice.
7.) GoAP has accepted that the system was so insecure, that had they told the
contactors and public at large about the security loopholes, no contractor would
have submitted the bid and hence all contractors, public, government officers
were kept in dark about the security loophole.
8.) GoAP has accepted that Detached Signature and Server Side encryption are
international practice as per their MNC consultant PWC, so what if C1 India get
the privilege to access the price bid of each and every contractors.
24. 10th December, 2005
To cover things up, IT Secretary gives a clean chit to Service provider â€“ C1 India
by means of issuing unsigned certificate making a claim that there is nothing
wrong with the system.