Internet of Things (IoT) can make our lives much comfortable and easier. The mere fact that many of our daily lives activities can be performed in an automatic and instantaneous manner is itself sufficient to adopt IoT by most of us. However, there are some who may like to think beyond the factors of ease, automation and convenience. Some of us may give more priority to issues like civil liberties, data protection and cyber security arising out of the use of IoT by us. If we ignore these requirements we would be creating more troubles for us than solutions in the long run. This is the reason why we at Perry4Law Organisation (P4LO) have launched a dedicated Techno Legal Centre of Excellence (CoE) for Internet of Things (IoT) in India. The CoE would cover techno legal issues pertaining to IoT so that we can derive the best out of IoT infrastructure of India.
Making of policies is one thing but their actual implementation is an altogether different story. As far as India is concerned, we do not have even basic level policies and regulatory frameworks regarding IoT, smart cities, smart grids, critical infrastructure protection, civil liberties safeguards, etc. Even the cyber law of India has become outdated and an unnecessary mixture of self contradictory provisions. We are also at the loss of having a Judiciary and Parliament that do not understand technology related issues at all. Recently the Supreme Court of India has killed the cyber law due diligence and Internet intermediary liability law of India by pronouncing a decision that was not at all called for. If this was not enough the Indian Government failed to bring suitable amendments in the Information Technology Act, 2000. Perry4Law Organisation (P4LO) even provided its suggestions in this regard but till the month of July 2016 there is no sign of any such amendment on the part of Indian Government.
Another peculiar feature about Indian Government, whether Congress or BJP, is that they are not at all interested in ensuring civil liberties protection in cyberspace. On the contrary, Indian Government has further increased its e-surveillance activities to such an extent that India can safely be considered to be a Totalitarian Police State. For instance, surveillance and censorship under Digital India and Aadhaar projects of Indian Government has increased to the levels of being illegal and Unconstitutional. Indian Government has been clubbing Aadhaar with Digital India and other projects even against the express prohibitory orders of Supreme Court of India. Unfortunately, the only intention of Indian Government seems to be to exercise absolute “Social Control” over Indian population through the means of a “Digital Panopticon”. In these circumstances, wide scale use of smart cities and IoT in India would only help the Indian Police State that is already violating Human Rights and Fundamental Rights of Indian Citizens through Unconstitutional projects like Aadhaar. This is the reason why Indian citizens must insist upon dedicated laws for Privacy, Data Protection and Cyber Security before adopting IoT in their daily lives.
Indian Citizens would never know how smart cities, Digital India, IoT and Aadhaar may hit them to the detriment of their statutory and Constitutional rights. Obviously, Indian Government is all interested in keeping them in dark and maintaining the status quo of missing privacy, data protection and cyber security laws in India. Every year promises are made and committees are set up but nothing concrete happens in these directions. Perry4Law Organisation (P4LO) has been pursuing these issues for the last five years but successive Indian Governments have failed to take any concrete action in this regard.
Too much reliance upon smart cities and IoT in India in these circumstances would only be counterproductive. For instance, cyber criminals and crackers have already started misusing CCTV cameras and IoT devices. The Lizard Squad group has been using compromised IoT devices, including CCTVs, to launch DDOS attacks against websites and take them down. This is in addition to misusing the compromised IoT devices themselves. This scenario can be as dangerous as the imagination of a cracker and cyber criminal can go. Critical infrastructures depending upon SCADA and IoT are at a greater risk. A driver less car can be hacked and accident can be caused. Similarly, a life saving device at a hospital can be tampered with remotely by cyber criminals and this may even result in death of the patient. Traffic lights and power grids can be compromised and sabotaged by cyber criminals creating chaos and damage.
Contemporary malware are beyond the reach of security products and services and they cannot be detected for long. Recently, it has been revealed that a previously disclosed serious vulnerability in D-Link IoT devices including baby monitors could affect more than 120 products around the world. India has not prescribed any rules or regulatory framework for IoT devices, the video streaming conducted by them, encryption related issues of IoT, cyber security of IoT, privacy , data security and data protection requirements for IoT, etc. In short, IoT usage in India is as blind as it can be with no accountability for the IoT vendors, products and service providers. White labeling services provided for IoT related services have their own set of problems and legal issues in the absence of any regulatory framework.
The objective of this article is not to discourage adoption and use of IoT in India. My sole concern is that IoT must be introduced in India only when we are ready for the same. We cannot be ready for IoT and smart cities for another decade with the present speed of reforms and inadequate and outdated laws. It seems Indian Government lacks either the will power or the necessary techno legal expertise to ensure a robust and resilient IoT infrastructure in India and this would jeopardise the Digital India and e-governance projects of India in the long run.