Smart cities are gaining attention of both national and international business community. Indian government has decided to spend crores of money on smart cities to ensure best urbanisation environment. Since the concept is new, there would be many techno legal challenges that Indian government would face in this regard. Cyber security, civil liberties protection and techno legal regulatory compliances are just few of such challenges. There is no doubt that India must have made suitable policies and strategies regarding the proposed smart cities. However, till now the Indian Government has not made public a smart city policy that meets the cyber security and civil liberties requirements.
For instance, in 2015 the central government announced plans to develop 100 smart cities over the next five years, with an outlay of Rs 1 lakh crore. However, the mission statement and guidelines from the ministry of urban development are silent on the legal framework to regulate and manage these. Town planning and legal experts are more in favour of tweaking and strengthening the current municipal and state laws, rather than any new legislative framework to govern these changed cities. However, we at Perry4Law Organisation (P4LO) believe that smart cities would require smart laws rather than following the outdated and traditional laws. We cannot tweak existing laws because we have no laws regarding cyber security and cyber forensics and our cyber law is grossly outdated. Even the need to have a cyber security policy of India 2016 not met so far by Indian government. There is no sense in tweaking non relevant and inapplicable existing laws in this situation.
World over, smart cities and countries are facing techno legal issues pertaining to healthcare, cloud computing, e-commerce disputes, bitcoins, privacy protection, data protection (pdf), e-discovery, cyber forensics, etc. The Indian Companies Act, 2013 (pdf) would guide and manage the operational framework of any smart city project in India. It envisages setting up of a Special Purpose Vehicle (SPV), registered under the Companies Act, which will plan, appraise, approve, release funds, implement, manage, operate, monitor and evaluate any smart city development. The SPV, incorporated at the city level, will have the state or Union Territory and the urban local body as promoters, having 50:50 equity shareholding.
Smart cities are also closely related to the Internet of Things (IoT) concept. India has issued the Draft Policy on Internet of Things (IoT) (PDF) and a Revised Draft Policy on Internet of Things (IoT) (PDF). The IoT Policy of India is yet to be finalised and implemented after analysing and incorporating the public suggestions and inputs. While India is embracing the concept of Digital India and electronic delivery of services to its citizens yet its actual implementation requires strong and effective techno legal framework. Digital India and initiatives based upon it cannot be successful till the foundation of Digital India itself is strong, legal and flexible. Unfortunately, Digital India project is not only suffering from many shortcomings but it is also heading towards rough waters.
Cyber security in an interconnected world is a difficult task to manage. This is more so when the enemy is almost invisible and anonymous. It has been a considerable time since India has been using e-governance for various public services. However, cyber security of e-governance services in India is still missing to a large extent. This is equally true regarding critical infrastructures that require resilient and robust cyber security. For instance, cyber security of smart grids in India is still not adequate. We cannot use insecure smart grids for smart cities as they would create more problems than solutions. Similarly, smart cities also require smart law enforcement machinery where the law enforcement agencies are well versed in techno legal issues like cyber law, cyber security, cyber forensics, etc.
There are many cyber security challenges before the Narendra Modi Government that have to be addressed on a priority basis. A quick analysis of the National Cyber Security Policy of India 2013 reveals that it is suffering from many shortcomings. There are no Cyber Security Disclosure Norms in India that may require individuals and companies to share details of cyber attacks and cyber breaches. There is also an urgent need to formulate the Cyber Security Policy of India 2016 as the Cyber Security Trends are very alarming in India. Even there is no implementable Telecom Security Policy of India as on date and telecom related issues are getting complex day by day.
However, Indian Government and other stakeholders have also initiated many good projects to facilitate public delivery of services through e-governance and use of information and communication technologies (ICT). For instance, an E-Police Station in Delhi has been established that would register online FIR for motor vehicle theft cases of Delhi. The Reserve Bank of India (RBI) has also decided to set up an IT Subsidiary to deal with technology related banking issues. The Technical Advisory Committee (TAC) of SEBI would address cyber security issues as well. The Grid Security Expert System (GSES) of India has also been proposed by Indian Government. Indian Government has also banned private e-mail services for official communications in Government Departments. Indian Government would also launch Internet Safety Campaign very soon to spread awareness about cyber security among various stakeholders. However, the best effort of Indian Government via-a-vis cyber security is the appointment of Dr. Gulshan Rai as the first Chief Information Security Officer (CISO) of India by the Prime Minister Office (PMO) of India. This would definitely strengthen the cyber security infrastructure of India.
Another area of concern regarding Smart Cities would be protection of Civil Liberties in Cyberspace where India is lagging far behind than its international and constitutional obligations. Recently the Supreme Court of India has asked for a clarification from the central government regarding privacy invasive software and mobile applications. India has no dedicated privacy and data protection laws. Privacy protection in the information era has to be ensured by Indian government for the success of smart cities in India.
The smart cities project of Indian government has both negative and positive aspects. It is for the Indian government to remove the negative aspects and stress more upon the positive and development aspects. I hope and wish that this would be the approach of Indian government regarding smart cities in India.