Whenever we think about smart cities the picture of an information and communication technology (ICT) driven infrastructure comes to our mind. Any smart city essentially relies upon a mixture smart grids, Internet of Things (IoT), big data, cloud computing, regulatory framework, etc. While the technology infrastructure helps in automatic and instantaneous dealing between various smart elements of a smart city yet the regulatory framework ensures that everything happens as per the desired code of conduct. Deviances and irregularities are taken care of by laws specifically drafted for smart cities. However, civil liberties and cyber security aspects of smart cities are most important to inculcate a culture of trust and compliance among various smart cities stakeholders. Technology should not be used in such a manner that it becomes an instrument of e-surveillance and digital panopticon.
Managing law and order situation in a smart city is really tricky. By its very nature a smart city relies too much upon intrusive and disruptive technologies. For instance, CCTV cameras, geo location tracking, wi-fi driven services, cloud computing adoption, digital nature of services, etc acquire and store too much data, information and details of individuals and companies. Sometimes this happens in an automatic manner and without any human intervention or involvement. While this happens at a grand and large scale yet privacy, data protection and cyber security issues are given very low priority. This in turn gives rise to a new genre of cyber criminals most of whom are located well beyond the reach and physical boundaries of a country like India.
Indian Government has enacted the Information Technology Act, 2000 (IT Act 2000) but it lacks precision, effectiveness and relevance for meeting the needs of contemporary times. Indian Government is already in the process of bringing suitable amendments in the IT Act, 2000 and we at Perry4Law Organisation (P4LO) welcome this move of Indian Government. Similarly, we also welcome the appointment of Dr. Gulshan Rai as the first Chief Information Security Officer (CISO) of India. This would certainly help in establishing a robust and resilient Cyber Security Infrastructure of India as Dr. Gulshan Rai is well known for his cyber security capabilities and expertise. We are sure he would be instrumental in formulation of techno legal Critical Infrastructure Protection Policy of India (Pdf), Cyber Warfare Policy of India (Pdf), Encryption Policy of India (Pdf), etc. All of these policies and many more techno legal policies are essential for successful establishment and management of smart cities in India.
IoT Privacy, Data Protection and Cyber Security issues in India are still evolving. As far as Privacy is concerned, we have no dedicated Privacy Law in India. From the attitude of Indian Government it is clear that it is not at all interested in ensuring Privacy Rights of Indian Citizens. This is more so regarding smart cities which are totally “Police State” in the absence of adequate Privacy safeguards. While denying Privacy Rights to Indian Citizens before the Supreme Court of India, the Central Government argued that Privacy is not a “Fundamental Right” under the Indian Constitution. The Supreme Court was more than happy to accept this line of argument and this has unnecessary prevented codification of Privacy Rights in India. The Supreme Court was required to reject this argument at the very beginning but it seems the Supreme Court did not have the nerve to do so. The net result is that we have no Privacy Rights protection under the Indian Constitution as per the viewpoint of Indian Government. Obviously, Indian Government cannot assure Indian Citizens and International community that it “Respects and Protects” Privacy Rights in India and Indian Citizens and their data remain vulnerable to all sorts of misuses and violations. Those looking for Privacy protection under the smart cities projects are heading towards a big shock.
As far as data protection is concerned, again there is no dedicated law for data protection in India. This means that data of various stakeholders are at the mercy of those holding the same. In the absence of a data protection law in India, there is no deterrence against data theft and data violation activities. In many cases, data of Indian Citizens is found on servers located in foreign jurisdictions. The problem is more complicated in cases of use of cloud computing where the data centers are located in foreign jurisdictions. Indian Government’s love for cloud computing without adequate Privacy and data protection is going to create a big nightmare for it very soon.
However, the biggest hurdle before the smart cities is lack of adequate cyber security laws and cyber security capabilities in India. Just like Privacy and data protection, we have no dedicated cyber security laws in India. Even the outdated and defunct Cyber Security Policy of India 2013 has failed to protect Privacy Rights in India. The Centre of Excellence for Cyber Security Research and Development in India (CECSRDI) has already recommended formulation of the Cyber Security Policy of India 2016 that has not been formulated by Indian Government so far. India is not at all capable of dealing with International Legal Issues of Cyber Security as on date and it would require a herculean task to develop the same within next decade. When India cannot protect the basic infrastructures and computers located in India, it would be very difficult for it to protect smart cities and critical ICT infrastructures supporting these smart cities. Even the Digital India project of India Government is suffering from inadequate cyber security and missing civil liberties protection.
The real position regarding Smart Cities and Digital India is that we have no Privacy Rights, Data Protection and Cyber Security in India that can support Smart Cities or Digital India. This is the ground reality no matter how much publicity and social media engineering we do to give a positive image for the same. Perry4Law Organisation (P4LO) strongly recommends that Indian Government must ensure a Techno Legal Framework that can safeguard the interests of various stakeholders involved in smart cities and Digital India projects. Implementing smart cities and Digital India projects without Privacy Rights, Data Protection and Cyber Security is certainly a recipe for disaster that Indian Government must avoid at all costs.