After Test Data Scandal, India’s Youth Stake Their Claim on the Digital Square

Apar Gupta is a fellow at Tech Policy Press. Disclosure: The author has conversed and informally provided legal advice and support to Dipke, Adhikary and Sidhant in his capacity as an Advocate and Director at IFF. IFF has also collaborated on two instagram posts regarding web censorship and the IT Rules with CJP’s instagram page.

On May 15, two weeks before the Supreme Court broke for a nearly month-long summer vacation, the Honorable Justice Surya Kant, Chief Justice of India, called the millions of unemployed Indian youth “cockroaches” and “parasites.” In his own words, they become “media, some of them become social media, RTI activists and other activists and they start attacking everyone.”

Offensive remarks have been a pattern with Justice Kant, noticed primarily within the legal community. But this time was different, and his words sparked an online firestorm. Perhaps it was to be expected, as India is the world’s most populous country, home to 1.4 billion people with a median age ranging between 28-30. It’s this segment of Indians—late millennials, Gen-Z, and Gen-Alpha—that carry deep anxiety and often anger towards public systems that they believe only cause coercion, distrust and scarcity. They worry about their present and their future while blaming the past. To put it in stark economic terms, as per the report State of Working India 2026, nearly 40% of Indian graduates under the age of 25 are unemployed.

Unsurprisingly, a large section of these “cockroaches” took to social media to voice their outrage, which was not quelled by Kant’s later attempt at clarification. Their creative protest was exemplified by individuals such as Abhijeet Dipke, who vibe coded a website and graphics on Claude to launch social media handles under the moniker, “Cockroach Janta Party” (Cockroach People’s Party), or the CJP. In pure numbers of followers, within a week it overtook the Instagram handles of the ruling Bharatiya Janata Party (BJP) and the principal opposition party, the Indian National Congress (INC).

While some—including me—dismissed it on the day it was launched as a social media fad, over time many commentators have recognized that the outcry as an expression of the disenchantment of India’s youth with social and political vehicles that fail to represent their voices in a digitized India. The official response was unsurprisingly censorial, which almost has become a muscular reflex of the Indian state to protect the political interests of the ruling BJP. Its insecurity is real, for as the debutant TVK’s astounding electoral success in the State of Tamil Nadu has evidenced, digital organizing is as, if not more, important as physical mobilization.

The financialization of digital public infrastructure

Two days before CJP’s social media blew up, more than 1.8 million class 12 students were being informed about their exam results. Colloquially called the “board,” it is a nationwide exam administered by the Central Board of Secondary Education (CBSE) that causes mental trauma due to social and parental pressure for scholastic achievement. The results of these tests are considered a lifelong marker for success, and to gain admission or meet qualification criteria for entrance exams in institutions of higher education. This year, the CBSE launched the On-Screen Marking System (OSM) which offered a total of 10 bulleted benefits promising, “efficiency and transparency.” However, as soon as the results were announced, when applying for reevaluation students discovered glaring discrepancies both in their marks as well as the OSM portal. This occurred in a low trust environment in which there have been successive reports of competitive examinations being compromised due to “paper leaks.” The problem is so severe that authorities have imposed internet shutdowns as a preemptive measure to prevent mass cheating in other competitive and state recruitment exams.

The entire process of revaluation through the OSM portal, through which evaluators grade papers and then students can view the marksheets and apply for revaluation, is financialized—with the cost being borne by the students. This includes ₹100 for a scanned copy of an evaluated answer book (typically a student takes a test in a minimum of 5 subjects), ₹100 for verification of issues observed, and ₹25 per question for re-evaluation (typically a test has about 33 questions), with the re-evaluation fee refundable if marks increase. While CBSE reduced the reevaluation fee following the backlash, it remains clear this system is designed to levy a monetary levy for transparency, which thereby causes economic based discrimination for students from economically weaker sections of society. Irrespective of the costs, this year, nearly one in four Class 12 students—about 23 percent of those who appeared for the board examinations this year—applied for scanned copies of their evaluated answer sheets. This financialization of public services exists as a consensus within a broader pattern of government digital platforms and finds its foundational articulation within the Report of the Technology Advisory Group for Unique Projects (TAGUP Report) authored under India’s best known technocrat, Mr. Nandan Nilekani, in 2011.

Coerced digitization and the hidden labor of teachers

As soon as these 4,04,319 students were able to view their scanned answer sheets, they discovered glaring errors forcing them to apply for revaluation. However, some errors, such as pages not being scanned, fell well beyond the remit of a typical revaluation. The immediate response by the CBSE was apathy and denial, even as its helpline telephone numbers remained perpetually engaged and the email address did not lead to any response. This situation led to a hapless student named Vedant Shrivastava creating an account on X to voice his helplessness after he discovered that the answers in his Physics paper did not match his handwriting. As his post was being shared by many other students and parents who were voicing similar complaints, its popularity invited a comment by a “news anchor” from DD News—India’s state broadcaster calling—Vedant "anti-national" and a "Pakistani." This fits within a broader pattern where online criticism of public policies and officials is neutered with censorship through legal orders—but also, more commonly, with online bullying and trolling that is tacitly supported through state sanction.

Due to overwhelming backlash on X, the CBSE secretary acknowledged the genuineness of Vedant’s grievance and an insincere apology was posted by the DD News anchor. Vedant was not alone. A flood of posts by Class 12 students on social media led to the discovery that the 8 million answer scripts which were written by hand and then scanned were low resolution images that were sometimes illegible to the teachers who served as evaluators. These evaluators were also under techno-managerial pressure akin to an Amazon warehouse employee, where they were expected to scroll through pages and simply deal with the delays in the image renders of the scanned answersheet. The method removed human judgement, and discretion was exorcised by the OSM portal. As Prof. Anita Rampal has explained, “Assessment is not a mechanical scrolling of our eyes on a page; it involves human cognitive processing with professional understanding. As teachers, we evaluate a student’s work with moral responsibility, we flip back and forth to decide what they understand and how to mark that fairly.”

Subsequent reporting that revealed that the OSM portal pilot led to “red flags” that were ignored in favor of a universal rollout, which only underscored that pilots on digitization may, at best, result in tweaks to the technical design but rarely result in a halt to the digitization itself. Here, the objection must be much more foundational and draw from Prof. Neil Postman’s inquiry into technology. It must go beyond the narrow framing of technology being an execution problem, of a bad software design or code, or a corrupt vendor and incompetent bureaucrats that is where many, if not most policy professionals focus their critique but to question the very dogmatic choice of coercive digitalization in India. The OSM “controversy” should have ended here but it was just getting started.

Teenagers wake up India’s cyber watchdog

Months before—on February 25—a 19-year-old cyber security researcher named Nisarga Adhikary sent an email to India’s Cyber Security Emergency Response team (CERT-In) reporting five critical vulnerabilities in the OSM portal. Adhikary received a boilerplate response that CERT-in was "in process of taking appropriate action with the concerned authority." CERT-In then went silent, and the flaws remained unpatched. The reported vulnerabilities included a master password sitting in the site's publicly readable JavaScript, an authentication check that ran inside the user's own browser, and a flaw that let one examiner's identity be swapped for another's to reach records that were not theirs. As the flaws stayed live, on May 22—after waiting nearly three months—Adhikary published his blog calling them out.

CBSE's first instinct was to deny what the opposition INC called it a "massive data leak." it dismissed the charge as misleading and factually incorrect, insisting the exposed address was only a testing site holding sample data, distinct from the live evaluation portal. Adhikary's reply relied on further research and reports by another fellow teen, Tirth Parmar. It demonstrated, and publicly documented, what he described as full create-read-update-delete (CRUD) and shell access to CBSE's live production servers, and flagged a fresh leak of personal data on another live portal, notifying CERT-In and CBSE once more. Even though it was a Sunday, the CBSE was forced to issue a public statement for the first time acknowledging “vulnerabilities in the OnMark portal of our service provider.” It even expressed gratitude “to all alert citizens and ethical hackers pointing out such weaknesses, and have gotten in touch with some of them directly.” I checked in with Nisarga, who said in his characteristic straightforward style, “no one contacted me.” The statement also recorded the deployment of cybersecurity teams from across the government and India’s Institutes of Technology to fortify and migrate the systems while the board simultaneously described the flaws as the result of vendor error. Curiously, there was a studied silence as to the role of CERT-In, which should have led this cyber security investigation.

Why was this faulty portal deployed? The answer apparently runs back through the procurement, where subsequent scrutiny found that the marking contract went to Coempt EduTeck, which earlier operated as Globarena, over larger bidders. It was the firm behind the botched 2019 Telangana intermediate exam results that reportedly led to the suicides of about 20 students. In his reading of the tender documents, Sarthak Sidhant—a student who had just given his 12th standard exam—noted that CBSE's later requests for proposals quietly dropped the clauses that would have disqualified a vendor for poor past performance. In a text message he told me that he “ragged the tenders with pagewise chunking and section wise chunking for better retrieval." Further, the contract itself required a CERT-In security audit before the portal went live. These audit reports are not public. As per press reports and unnamed sources it went live despite alerts by CERT-In.

Those findings have since travelled from a teenager's website to Parliament. The story has been headline news in newspapers and television media, and on 2 June, Sarthak Sidhant appeared before the Parliamentary Standing Committee on Education, chaired by the Congress MP Digvijaya Singh, to lay out the tender discrepancies in person. And it is not one board's failure. By May 31, Adhikary had also shown that CBSE's exam records sat in an Amazon cloud bucket so badly configured that anyone on the internet could list and download it, scanned answer sheets and question papers included. Two days later, a sixteen-year-old, Rylen Anil, claimed he found the same class of flaw in the JEE Advanced 2026 results system run by IIT Roorkee, where a public cloud store holding roughly 180,000 candidate result records and close to 190,000 admit cards with names, dates of birth, mobile numbers were left open without a password. According to Anil, results of the two examinations that most shape a young Indian's life—the school boards and the gateway to the IITs—were both sitting on misconfigured public storage, both found out by teenagers within seventy-two hours of each other. (JEE Advanced says “the issue was rectified immediately after being reported,” according to the Deccan Herald.)

What are CERT-In’s priorities?

This is where CERT-In's silence stops reading as mere incompetence or oversight. A national CERT is meant to be a narrow, trust dependent technical body like its peers in the United States (where CISA insists it has "no intelligence or law enforcement mission") or Japan (where JPCERT/CC calls itself neutral and independent of any government agency). None of these agencies bans VPNs or compels years of citizens' data to be retained. CERT-In does the reverse, and the clearest expression of it is its 2022 Directions that forced VPNs, data centers and cloud providers to hold subscriber data for five years. Significantly, it sits inside the same ministry whose machinery blocks content, and it has refused to disclose how many compliance notices it has issued, a reticence the government has since formalized into a blanket exemption from the Right to Information Act.

What it has never built is any protection for the security researchers with CERT-In's own 2021 disclosure policy warns researchers that reporting a vulnerability buys them no exemption from prosecution, and Section 43 of the IT Act draws no line between a criminal intruder and a good-faith researcher. More recently it issued notices to social media companies demanding subscriber information. All of these actions took place in an environment in which Indian students' personal details are routinely leaked and sold. For instance the records of over 100,000 NEET aspirants were offered online for a few thousand rupees, and there is an entire broker economy feeding on JEE and NEET databases, as Maheshwer Peri and others have documented. A state that can block a million URLs, withhold a viral party's account and watch its own broadcaster brand a complaining student "anti-national" clearly does not view securing the state exams on which those same young lives turn as a priority.

It’s only just begun

Stepping back from the OSM portal and the tender, a stranger pattern comes into view. CBSE’s failure has not stayed a story about software, but flowed into the broader youth resentment that created the Cockroach Janta Party. It no longer remains limited to satire. As I was writing, the CJP’s founder, Abhijeet Dipke, flew back to India to lead a peaceful, constitution bound protest at Jantar Mantar on 6 June, with a single demand for the resignation of the Union Education Minister, Dharmendra Pradhan, over a run of compromised examinations, the NEET-UG paper leaks, the OSM debacle, and the rest. The government swiftly gave it permission and the protest saw a modest turnout being covered by more YouTubers than mainstream media.

At the core of CJP’s demand is the desire for political accountability that has been absent in the twelve years of this Modi government, where no Cabinet minister has resigned due to public pressure. The sole aberration, nearest it has come, was in 2018, when a junior minister, M.J. Akbar, stepped down during the midst of the #MeToo movement after some twenty women accused him of sexual harassment and the silence around him grew untenable. This reluctance is not driven by ego but rather by the strategic calculation that once one minister falls, it sets a domino in motion that may touch the Prime Minister.

The youth plan to defy this logic, and in doing so, they may even agree on little else. The young people at the centre of the CJP, or the loose collective that is conducting cyber security research do not share a common manifesto. For instance, Adhikary has drawn online scorn for his advocacy for an Indian Palantir, while Sidhant has charmed many through his earnestness and his fondness for poet Dinkar, and meanwhile Parmar draws gusto from a mashup of the Bhagwat Gita and Dharundar. Abhijeet clings to the image of India’s foremost caste reformer, Dr. Bhimrao Ramji Ambedkar as he addresses the hundreds of protesters at Jantar Mantar. These young people hold diverse opinions about a digitized state, or even are yet to develop them, but they seek answers when it fails the very young people it promises to serve. Unwittingly they are discovering their politics and much of it emerges and is directed towards digital technologies.