accesstointernetinnovationBanking and Finance

We wrote to the Department of Financial Services asking them to conduct a consultation on the E-Rupi programme

We wrote to the Department of Financial Services about the E-Rupi. We pointed out several issues such as surveillance and financial exploitation, the lack of data protection, and exclusion. We suggested that a consultation be conducted, and that data protection norms be specified.

Rohin Garg
Rohin Garg

30 August, 2021
6 min read

tl;dr

We wrote to the Department of Financial Services regarding the lack of consultation about the E-Rupi programme. We pointed out several issues with the programme, such as the threat of surveillance and financial exploitation, the lack of data protection, and the risk of exclusion from government welfare benefits. We also suggested that a consultation on the E-Rupi programme be conducted, and that data protection norms for the programme be specified.

Background

On 2nd August, 2021, the Prime Minister launched the E-Rupi voucher programme. The E-Rupi is a digital payment instrument developed by the National Payments Corporation of India with the help of the Department of Financial Services and the National Health Authority. Beneficiaries of E-Rupi vouchers shall receive a pre-paid digital voucher that can be used to access government and private services.

Initially, the E-Rupi vouchers are going to be assisting with India’s COVID-19 vaccine rollout, where people will be given E-Rupi vouchers that can be redeemed to receive a vaccine shot. However, the programme is supposed to revolutionise the sector, and its supporters say that is going to radically transform the delivery of government services. Thus, the programme will not just be limited to vaccine delivery:

  • Beyond COVID-19 vaccines, the healthcare sector can use it to provide medicines and nutritional support.
  • Direct Benefit Transfers for income support from the government can also be delivered through E-Rupi vouchers.
  • E-Rupi vouchers can be used to facilitate school voucher programs.
  • Private sector enterprises can use it to deliver welfare benefits to employees.
  • MSMEs can use it for business to business transactions.
  • Subsidies for fertilisers, fuel etc may be delivered through E-Rupi vouchers.In light of all of this, we created an explainer last week to help you better understand the programme better and learn about the several issues it faces. However, we now need to make sure that the government understands these issues. Thus, we have decided to write to the Department of Financial Services, explaining the concerns about the programme and providing recommendations.

Surveillance, financial exploitation, and data protection

One of the main concerns about the E-Rupi programme is the threat of exploitation of the data generated by the usage of E-Rupi vouchers. As an example, governments may exploit this data to conduct financial surveillance. This former stems from the fact that, unlike a physical coupon, the e-Rupi voucher is a person specific instrument. Thus, even if this is not by design, some information about the beneficiary will automatically be given out over the course of its use. Additionally, given that it is likely that such vouchers will be linked to forms of government identity such as Aadhaar, this will lead to the linking of yet another database with data on citizens without any prior assessment of whether such a move fulfills certain proportionality requirements.

In 2020, a paper titled ‘Design of an E-Voucher System for Supporting Social Welfare Using Blockchain Technology’ by Hsu, Tu, and Huang attempted to assess how digital vouchers can be used to deliver welfare benefits. The paper noted that noted that designing a framework that can “confirm the identity of the issuer, ensure the authenticity of the e-voucher, and achieve non-anonymity and non-transferability”, though possible, requires a complex system with strict controls of the flow of information which presently does not exist. Several security requirements also exist that would need comprehensive implementation and rationalisation with existing government systems. In the absence of such controls, granular and disaggregated data about citizens may be used for surveillance by the state.

Financial exploitation through fraud and predatory behaviour is also a danger. This can be evidenced from earlier instances where attempts to digitalise the delivery of welfare services. For example, the PM-KISAN scheme witnessed Rs. 110 crore being credited to those who were not beneficiaries due to factors such as the deregulation of norms. Additionally, LPG payments that were being delivered through the Airtel Payments bank were not delivered to the bank accounts of beneficiaries and instead went into their Airtel bank accounts, a lot of which were automatically created without user consent. Such happenings not only necessitate the need to spend government resources on the recovery of the money disbursed but also effectively take away benefits from genuine beneficiaries.

Furthermore, at present, India does not have robust data protection legislation. Though the pending Personal Data Protection Bill, 2019 may address at least some of these questions, many of the supporters of the programme have spoken about the need for light touch regulation with respect to E-Rupi vouchers. For reasons enunciated above, such a regulatory framework would lead to significant issues and be a hindrance to the receipt of government services. Thus, in such a context, fears about data harvesting and financial exploitation cannot be ignored.

Exclusion from government benefits

While the E-Rupi programme may aim to use the deployment of digital vouchers as a method of increasing financial inclusion, the programme at present may be accompanied by significant exclusion from welfare benefits. A key reason for this is that the E-Rupi will make the ownership of a phone necessary for the receipt of welfare services.

India still witnesses a significant digital divide, as can be seen from the latest data from the Telecom Regulatory Authority of India: as of 30th June, 2021, overall teledensity is 88.07%, while rural teledensity is even lower 60.10%. Given that those in rural areas will be a large percentage of the intended recipients of the welfare benefits, a reliance on E-Rupi vouchers may result in the exclusion of those who need it the most.

We have already witnessed such exclusion with Aadhaar-based authentication for PDS entitlements, where a study in Jharkhand also found that Aadhaar based verification “either did not reduce errors of inclusion or leakage or did so at the cost of increased exclusion error”, with an error of between 22% and 34% of reduced disbursals. Furthermore, the study found that 88% of the ration cards that had been cancelled in the name of addressing leakages actually belonged to genuine citizens of India!

Lastly, while the UPI-induced increase in digital payments has been touted as a win for digital financial inclusion, the data may suggest otherwise: a paper by the Center for Global Development that studied digital financial inclusion in India found that, as of 2018, only 35% of the population were digitally financially ‘included’ - this means that 65% of the country remains outside the digital payment ecosystem.Furthermore, their estimates were based on those who had ever made a digital transaction. Thus, were the timescale to be studied reduced (by, say, counting only those who are regular users i.e. those who had made a digital transaction in the last year, or even in the last 30 days), this figure would come down substantially. Thus, as the paper suggests, the supposed success of UPI may come more from increased usage by existing users and not from increased digital financial inclusion. Such issues must be guarded against with extreme caution when it comes to the E-Rupi programme, since most of the imagined uses of the E-Rupi vouchers will involve the constitutionally guaranteed welfare benefits of the Indian citizenry.

Our suggestions

There are some significant issues here, and, given the scale of transformation envisioned by the E-Rupi programme, the government needs to address these. Thus, we have the following recommendations:

  1. Publish white paper on the E-rupi programme: The E-Rupi programme will introduce massive changes into not only India’s digital payments system but also to the welfare delivery framework. Such changes will impact the lives of millions of Indians, especially those dependent on welfare benefits, and so they require significant consultation before they can be implemented. Thus, we recommend that the DFS put out a white paper on the E-Rupi programme. This would involve laying out the implementation plan for the programme, and delineating the various entities that will be involved in the E-Rupi ecosystem. Additionally, a comprehensive list of use cases for the E-Rupi must be provided.
  2. Need for consultation and discussion: Once the white paper has been released, the DFS must undertake a publicly notified consultation process, drawing on perspectives not just from the financial sector but also civil society, technical experts, and academics.
  3. Security standards for data generated from E-Rupi usage:  In the absence of robust data protection legislation, the massive amounts of data that will be generated from the usage of E-Rupi vouchers will be vulnerable to exploitation. Thus, as the E-Rupi programme is currently being implemented in the absence of such a law, it is important security standards for the storage and processing of E-Rupi data be specified, including guidelines for strict access controls.

Important documents

  1. IFF’s letter to the Department of Financial Services Regarding the the lack of consultation for the E-Rupi programme (link)
  2. IFF’s explainer on the E-Rupi programme (link)

Subscribe to our newsletter, and don't miss out on our latest updates.

Similar Posts

1
Your personal data, their political campaign? Beneficiary politics and the lack of law

As the 2024 elections inch closer, we look into how political parties can access personal data of welfare scheme beneficiaries and other potential voters through indirect and often illicit means, to create voter profiles for targeted campaigning, and what the law has to say about it.

6 min read

2
Press Release: Civil society organisations express urgent concerns over the integrity of the 2024 general elections to the Lok Sabha

11 civil society organisations wrote to the ECI, highlighting the role of technology in affecting electoral outcomes. The letter includes an urgent appeal to the ECI to uphold the integrity of the upcoming elections and hold political actors and digital platforms accountable to the voters. 

2 min read

3
IFF Explains: How a vulnerability in a government cloud service could have exposed the sensitive personal data of 2,50,000 Indian citizens

In January 2022, we informed CERT-In about a vulnerability in S3WaaS, a platform developed for hosting government websites, which could expose sensitive personal data of 2,50,000 Indians. The security researcher who identified the vulnerability confirmed its resolution in March 2024.

5 min read

Donate to IFF

Help IFF scale up by making a donation for digital rights. Really, when it comes to free speech online, digital privacy, net neutrality and innovation — we got your back!