Use of Internet of Things (IoT) would significantly increase in the near future. As more and more things are now dependent upon IoT, there is an urgent need to ensure that its misuses can be minimised. As countries around the world are still experimenting with IoT there are very few norms and regulations governing IoT world over. As far as India is concerned, we have no dedicated Internet of Things (IoT) Law in India as on date. Of course, Indian government has issued the draft IOT Policy of India (pdf) and Revised Draft IOT Policy of India (pdf) but they are not sufficient to cover the areas and operations of a very innovative technology like IoT.
By its very nature, smart technology and smart equipments are dependent upon IoT for their automatic and instantaneous functioning. Whether it is smart cities or e-health gadgets, everything is dependent upon IoT these days. However, we have no laws for smart cities, e-health, IoT, cyber security, cyber forensics, privacy protection, data protection (pdf), etc. Even the Information Technology Act, 2000 (IT Act 2000) is grossly deficient in managing contemporary techno legal issues.
There are even more pressing requirements for Indian government regarding IoT. For instance, cyber security of Internet of Things (IoT) in India is one such requirement. The cyber security infrastructure of India is grossly deficient in many aspects and it is certainly not capable of managing IoT cyber threats. The cyber security trends in India 2016 by Perry4Law Organisation (P4LO) have clearly proved this point. Similarly, Indian government must take care of civil liberties issues in cyberspace to make its projects constitutional and legal.
Privacy Rights in the Information age (pdf) have to be addressed by Indian government for new technologies and concepts including smart cities and IoT. For instance, the surveillance and censorship under Digital India and Aadhaar projects need to be curbed through constitutional mechanisms and constitutionally sound laws. Similarly, there is an urgent need to ensure a constitutional and lawful interception and phone tapping law of India. Keeping recent developments in mind, the Indian cyber law and telegraph Act must be immediately repealed and re-enacted by Indian Parliament.
Another crucial aspect pertains to the Internet intermediary liability law of India that requires a complete reformulation. This is more so when the Supreme Court of India has literally killed the cyber law due diligence (pdf) requirements in India and has made Indian cyberspace a perfect place of chaos. Indian government needs to clarify the position of Internet intermediaries in India as they are going to play a major role in the lawful deployment and use of IoT in India.
Finally, international legal issues of cyber security must be managed by India for successful and peaceful use of IoT in India. India is facing severe malware and cyber attacks and India is not well prepared to deal with the same. We need a cyber espionage policy of India, cyber warfare policy of India (pdf), critical infrastructure protection in India (pdf), cyber attacks crisis management plan of India for cyber attacks and cyber terrorism, encryption policy of India (pdf), etc. This is more so when the US Supreme Court has allowed US judges to issue warrants for computer access in any part of the world. This means that law enforcement agencies of US have now long arm jurisdiction to target and hack even computers located in India. Clearly, this would violate cyber law and civil liberties protections of many countries including India and push other countries towards cyber warfare and cyber espionage race. As India has very limited means to establish authorship attribution, we cannot ascertain the person/institution/country responsible for attacking our critical infrastructures including IoT infrastructure.
The Techno Legal Center of Excellence for Internet of Things (TLCOEIOT) in India is the only techno legal institution in the world that has been managing these issues for long. With a dedicated CoE for IoT in India, we would help in safeguarding and strengthening of Indian cyberspace in general and Digital India and Indian e-governance in particular. Perry4Law Organisation (P4LO) hopes that this initiative of P4LO would be beneficial to all national and international IoT stakeholders.