Suspended as we might be in a collective disbelief that the world as we know it is not going to change drastically in the coming years, our regulators know better. The Telecom Regulatory Authority of India (TRAI) came out with a consultation paper last October – comments due last month – discussing policies that India will need to adopt to make way for M2M (machine to machine) technologies, a pre-cursor to the Internet of Things.
If the government is serious about backing disruptive technologies and finding indigenous applications, they need to start encouraging disruptive (and indigenous) policy-making too. As truly transformative technologies start to take hold in the coming years, TRAI and the Ministry of Electronics and IT (MeitY) need to encourage and institutionalise more deliberative ways of preparing ourselves to regulatory challenges.
The regulator’s recent paper when referring to Internet of Things is talking about a future where machines can communicate directly – think cars talking to each other, helping drivers avoid potential collisions. TRAI is also talking about the present – wearable devices like Fitbit which have sensors that translate your steps to digital data and then zips it to you. As noted security expert Bruce Schneier puts it, applications of IoT – found in smart home technologies like refrigerators and thermostats –are really computers that keep your food cold or your house warm.
At first glance, this looks like an instance of a regulator jumping the gun. TRAI acknowledges this concern in the paper noting that M2M technologies are still at a nascent stage in India (world over in fact). What the regulator is focusing on instead is the urgency of having clear, consistent cross-sectoral policies in place encouraging interoperability, in order to create an IoT industry in India. The M2M explosion will not be contained to any one sector and various industry verticals will be impacted from transportation to agriculture. Interoperability across such verticals holds the key to open markets to new opportunities and to realise government initiatives from Smart Cities to Smart Grids.
To the government’s credit, the erstwhile Department of Electronics & Information (DeitY) came out with a draft policy on IoT last year, offering duty benefits and even set up an incubation centre for IoT along with NASSCOM in Bangalore. Andhra Pradesh’s cabinet earlier this year approved an IoT policy for turning the state into an IoT hub. All these are great first steps – initial government backing of transformative technologies is crucial. It was, after all, the U.S. Department of Defense that built the technical foundation for the Internet.
As with every new technology that TRAI has grappled with from OTT (over-the-top) applications to cloud computing, the predominant concern of the regulator is the framework that needs to be established for the introduction of M2M service providers. Other questions for consultation include allotment of spectrum and roaming policy for M2M devices.
Glaringly missing in the midst of all this however is an understanding of the purpose of regulatory action. A central purpose of regulation is to protect the public from harm and ensure a competitive market. While the government already has bodies working on interoperability and numbering of M2M devices (no doubt important), little effort is being made to understand the harm that would occur as a result. TRAI and by extension the government, seemingly understand the significance of setting technical standards but care little for how complex legal regimes would have to look in the age of connected devices.
Take for instance the lack of adequate privacy and data protection standards in India – a concern that will get only too valid with the onslaught of M2M communications. The clamour for better data protection laws and necessary changes to the IT Act which has peaked since demonetisation, sadly has limits. While TRAI has identified data privacy and security as issues for consultation, little will be achieved through the existing mechanism of stakeholder responses to the consultation paper and open house discussions.
Disruptive policy-making calls not just for better data protection but also a better understanding of how collected data is used by Internet companies. The government would do good to reevaluate the practice of few Internet companies appropriating massive user data. An idea not too radical considering the US government is currently exploring mechanisms for imposing data sharing among companies deploying driverless vehicles, to improve users’ safety. The Supreme Court of India has already entered the broader debate, having issued a notice to the government, TRAI, Whatsapp and Facebook in January this year calling for a response on the subject of data privacy practices of social media companies.
Creating liability regimes in the world of IoT is another challenging task considering the sheer number of actors from internet providers, device manufacturers to app service providers. If any one of these devices or networks were to be comprised – havoc would result, as evidenced in the recent DoS attacks in the US that shut down major Internet platforms. Finding ways to impute liability in a confusing world of diverse actors will have to be explored. Surely we cannot take code to court. No doubt, any such liability regime will encounter the familiar refrain that the internet will remain successful only if it remains unregulated. A potentially dangerous idea to import to the realm of IoT where the risks are more palpable and real.
The government and TRAI are grossly underestimating the difficulty of conceiving new laws and evolving existing ones. A more concerted effort has to be made in this front, over years, with the government playing host and convening experts to ideate and implement laws. The Internet of Things will generate unprecedented amounts of data that will feed into machine-learning applications of tomorrow. As Gandhinagar becomes the first city in the country to turn smart with seamless WiFi connectivity, sensor- enabled traffic lights and even IP based surveillance – the urgency of administering IoT cannot be overstated.
We have visionary government programmes in place for how IoT will be deployed to make our lives better. What we need right now is a visionary outlook towards making sure that the Internet of Things will not make our lives immeasurably worse.