e.hasil.org.my - Not too bad

4 more days to go for Malaysian to pay their taxes (for year 2006), deadline is 30th April 2007.

I actually used the e-filing services provided by Inland Revenue Board of Malaysia known as LHDN (Lembaga Hasil Dalam Negeri).

I didn't encounter the situation as described in this blog.

Perhaps I just follow the flow and waited for responses with great patience.

Patience is required.

The system is still using old Microsoft ASP scripting technology. Well, not a problem actually except that it is outdated.

It provides two layers of securities.

1. Pin-number.
This measure is something like what the banks are doing.

You see, everybody needs to login using IC number as the username. But the system doesn't just accept it as-is because you might not be the rightful IC owners, because IC number is just a number. So, the system wants to make sure that you really have the physical MyKad with you. One way is that you go and purchase a MyKad reader and then download some softwares provided in the e-hasil page. Secondly, you need to bring your MyKad to LHDN offices and they will provide you with a pin-number. This pin-number is to map to your IC number in the system database to prove that you are you. So, this is the first level. Make sure that you are you.

2. SSL(Secure Sockets Layer) with digital certificate.

This is the fun part and is the peak of the technology for e-hasil. To have SSL working, you got to install the ActiveX as according to e-hasil.

ActiveX ...

So, e-hasil will send you two things automatically. First is the activeX control and second is the digital cert (which is meant for one person only, with your name on it) which will look like this.

ActiveX is Microsoft famous technology. It can be accurately described in this page.

In short, ActiveX is not a software but a component of Microsoft Windows system. But it does provide software interfaces in this case.

The purpose of the ActiveX component provided by e-hasil is to complement the digital cert to enable SSL. (Secured connections)

Layman ...

So, in layman terms, the secured connections is actually pretty much like login and logout.

You have to login, but actually you are logging in to the ActiveX control.

The ActiveX control provides interfaces to the login. The interfaces come in the form of dialog boxes pop-up from your web brower (Internet Exporer). By the way, try not to use Firefox.

The good thing about this security architecture is that it allows a computer to work with more than one digital certificates. For instance, a house with only one PC where the father, son and daughter have to pay taxes. They use e-hasil and downloaded ActiveX control for one time and 3 individual digital certificates. Thus, the next time they are trying to login again (to resubmit), they can choose their own digital certificate from the ActiveX control interfaces, by login.

Of course, when you just downloaded the digital certificate for the first time, you have to supply the login creditials which are username and password. It is not exactly termed as username as password actually.


Take detailed process of SSL working with digital certs.

The password provided is actually the public key.

1. Users (computers) send a list of cyphers for the server (e-hasil) to choose.
2. Server chooses the apppropriate cypher and responses to users.
3. Server then responses with a digital certificate. (to let u know that you are really communicating with e-hasil)
4. Then users provide the password which is the public key.
5. Then both users and server will use the selected cypher and public key to encrypt the informations sent between each other through the Internet.

if you are interested to check out the details, you may proceed to Control Panel/Internet Options/Content/Certificates to check out the details on the digital certificate. You can see your names one it.

Problems ...

1. Lost of digital certificates.

I know of some people who are unable to use the service for the second time or more because they have previously (previous year) downloaded the digital certificates into their PCs or laptops and have since formatted the computer.

e-hasil doesn't cater for redownload of the same digital cert for the same people. Well, perhaps this is to ensure the highest of security measures. But it is not so practical as well.

2. Bottleneck.

Traffic congestions and still is. Try to use it during the time of 6pm to 7pm, when many people would be rushing home to use the Internet for paying tax but unfortunately get stuck in traffic jams. They have to add more load balancers to increase the numbers of web servers.

3. Client side pop-up blockers.

Many users have their pop-up blocker turned on by default which brings about some problems. For instance, when you are trying to print the "draft borang" and it just wouldn't go through the pop-up blocker, causing the session to be put on hold and eventually as it reaches the time-out period, the whole session will be terminated. Then, users might think that the system(e-hasil) sucks and hangs and is good for nothing. Worst still, people unfamiliar with ICT might think that they have committed something wrong and their data might be lost and etc.

P/S: If a web based system hangs or doesn't response, it is not your fault or your computer's fault, it is simply the problem with the providers (ISP or in this case e-hasil)

4. Unable to install ActiveX control.

Some users reported to be not able to install the ActiveX control. However, it did occur to me that the ActiveX control wasn't sent over by e-hasil while using Firefox Browser. So, of course I can't install because the file wasn't sent over.

5. Linux users problem.

Because of the ActiveX issue, Linux users can't use e-hasil using Firefox or other web browsers from their Linux machines. They have to go to the Cyberacafe to pay taxes.

Other relevant news...

1. Residents find e-filing services convenient.
2. High security measures at goverment agencies.
3. e-Filing bottleneck fixed. - Still bottleneck actually. But consider workable.

Conclusion ..

The digital cert is meant for clients (users) to make sure that the server which we are communicating with is the real e-hasil. Thus, e-hasil should never dry-up in terms of sending the same digital certificate to the same people. Users (tax payers) should never have to keep a copy of the downloaded digital certificates because the certificate will expire in 3 years anyway. Till then, you have to choice but to redownload again.

However, in this case, it also possible that e-hasil would only send over the digital certificate once because certificates and stamped with individual names. This practice is a means to prevent other people's certificates from landing on other people's computer.

The "logins" to ActiveX control is for the SSL connections.

The whole idea of all this is to enable security at all times. e-hasil can actually scrap the idea of digital certificates by just providing normal logins with usernames and passwords like gmail, yahoo mail and etc. But of course, such would expose a risk of hacking treats where the databases which store thse login credentials can be hacked.

Not only that, if without SSL connections, ears-dropping risk is prevalent.

Therefore, the idea of using SSL with digital certificates is a good choice. Except that it has to be improvised to cater for usability and flexibility.

P/S: I may not be accurate on this matter because technical details are as-is. Comments are welcomed.

I recommend the system architects of e-hasil to read this book called "Getting Real by 37Signals".

and if you don't have money to buy the book, I suggest that we check out readwriteweb to get some ideas on lastest web technologies. web 3.0 now ?

In all, the system provides a very straigh-forward facility for Malaysia tax payers to tabulate the figures, calculations would be automated. This is much better than older times of Excel templates.