'Panopticon’ of the 21st Century: Ubiquitous IoTs, Controlled Cryptography and Toothless Article 20(3)March 11 2019
Shanmugham D Jayan
English jurist Jeremey Bentham designed a structure to be utilized as a penitentiary. The design permitted all inmates to be observed simultaneously without their knowing whether or not they are being watched. It was said that a single watchman was sufficient to watch (‘opticon’) over all of the (‘pan’) inmates.
Even though for all practical purposes this was an impossibility, the inmates were never in a position to know whether they are being watched or not and it was believed that they will restrain themselves for the fear of being watched. Such a structure was called a panopticon.
Internet of Things (IoT) seems to be the new mantra. The beginning of IoT can be traced back to a Coke vending machine placed in Carnegie Mellon University in the early 1980s. The vendor company had incorporated in it sensors and a communication facility that could communicate on a real-time basis the information about the quantity of bottles of drink in the machine.
However, the coining of the phrase, as well as the relevance of the same, happened much later. Presently, Internet of Things are those independent things/gadgets that can gather some data and communicate the same through the internet and make some information possessing system react to the said input. Further, the reverse process of this is also capable of being done by such things/gadgets.
Law in its normative form right from its inception was focused on controlling interaction between subjects. Interaction between subjects in the minimalist form to the infinite possibilities is referred to as socialization.
Thus, in such a context, the law is a tool for perpetuating/containing socialization. The scope of socialization in its realistic level is wherein one subject interacts with the other in real space on a specified time. However, in cyberspace, to a great extent, this is achieved through other means. At this juncture, it will be apt to think about the origin of the term cyberspace.
An author by the name William Gibson in a fiction titled Neuromancer brought in this term. The author was raising the question regarding the place of meeting of two persons who are having a long-distance telephonic conversation. He concluded that the conversing persons were not meeting anywhere, but in cyberspace. Actually, the said author was referring to the absence of space by the usage ‘cyberspace’.
When the use of the internet became prevalent, the space created by the internet was referred to as cyberspace. Law, which strongly relies on the dimension of space and time, is thus losing one among the same when it is trying to bring in normativity in cyberspace.
Internet of Things by its nature is excusing the presence of human beings for doing an act which if done by a human being would have brought in single/many interactions. So, the scope of the law is being hit in a dual-pronged manner. Firstly, the absence of the concept of space acts as a rider, and secondly, absence of human beings in the said interaction/s.
Any human interaction necessarily generates some information which is processed/stored within the said person. It may be noted that in an accusatorial system, right against self-incrimination is a core feature of criminal law jurisprudence. When interactions are done by things/gadgets, the same set of data is generated and processed but is stored in some information processing system.
Be it be the extraction of blood and DNA samples or conduct of a Polygraph test, reliance on Article 20(3) - which brings in the concept of right against self-incrimination in the Indian Constitutional realm - stands negated by the judiciary.
Without a doubt, provisions in the Information Technology Act, 2000 definitely indicate that information stored in a system are subject to the powers of the State for extracting the same. By no stretch of imagination will Article 20(3) be used against the same if one is relying on the existing delicacy of the courts in utilizing the same.
Cryptography is the sole means of protecting data of an individual in the electronic form from the public gaze. The history of the legal control of cryptography in the United States of America, including the issues many jurisdictions took up with service providers of Blackberry Messenger, is a clear indication that the State is not pleased with uncontrolled use of cryptography by the subjects.
Section 69 of the Information Technology Act, 2000 is a specific example for this philosophy being used in India. So, there is no iota of doubt regarding the control by the State over the utilization of cryptography, the sole means of ensuring secrecy.
Thus, reading together these three aspects i.e. (1) Shifting of real social interaction of the subjects in the system to one through Internet of Things, (2) Presence of statutory provisions that are creating a penal liability for not cooperating with State for unearthing of encrypted information, (3) The legal position that Article 20(3) will not come in the way of such provisions; is creating a situation which is nothing but panopticon of 21st century.
Shanmugham D Jayan is a visiting faculty at National University of Advanced Legal Studies (NUALS) Kochi, and Cochin University. He teaches Constitutional Law, Jurisprudence, IT Law and Law of Taxation. He is also a lawyer specialising in taxation and frequents courts and authorities of first instance.
With a premium account you get:
- One year of unrestrcited access to previous interviews, columns and articles
- One year access to all archival material
- Access to all Bar & Bench reports