Header image alt text


Building a Responsible Cyber Society…Since 1998

Brand Ambassador of Digital India Program wins the International Award….

Posted by Vijayashankar Na on September 30, 2015
Posted in Cyber Law  | 9 Comments

The officials at the Department of Electronics and Information Technology (DeitY) must be congratulating themselves on the excellent work done by their search committee  which found out and recommended  Sri Ankit Fadia to be appointed as the Brand Ambassador for the Digital India Program when they hear that their golden choice won an International award recently in a conference called DEFCON-23. The award was called “Security Charlatan of the year”.

It is great news that  Mr Ankit Fadia the celebrated Brand Ambassador for Digital India appointed on 1st July 2015 under a grand certificate  signed by none other than the then Secretary of the department Mr Ram Sewak Sharma won the coveted global award in the conference.

DEFCON-23 was held in Las Vegas between August 6-9 and I am not sure if any representative from DeitY  attended the.  But they must be glad to know that this is an annual event  widely attended by the community of “Hackers” from around the world and is very popular in the Information Security Community. Perhaps they should plan to attend the next DEFCON conference is expected to be  held between August 4-7, 2016 at Las Vegas.  As custodians of Digital India,  it will be a great opportunity for them to  identify more Brand Ambassadors for Digital India program.

(P.S: We can for the time being ignore the controversy surrounding the appointment  as to whether it  was done by the Secretary without the knowledge of others in the department and hence was  disowned in a PIB press release in the morning of 29th September 2015. However, by that time Mr Ankit had already published the certificate signed by Mr Ram Sewak Sharma and hence the department was forced to confirm the appointment  in the evening. See details).

The Best Security Charlatan award was won by Ankit Fadia against stiff competition involving 7 global nominations including one more from India namely Rahul Tyagi. The citation is available in the enclosed Video available on Youtube (See minutes 31 onwards.. It is a must watch). The award was given in absentia since Mr Fadia did not attend the conference.

If I stop here, the officials of DeitY will perhaps pat their backs and also hold a grand function in Delhi to honour their newly appointed Brand Ambassador. Because I donot want Mr Ravi Shankar Prasad and Mr Modi to be again facing inconvenient questions from the press, I would like to add the full details of the award.

The award is known as the “Security Charlatan Award” and is given for the “Best Charlatan in the Information Security and Hacking domain” as nominated by a global audience and voted during the conference.

The word “Charlatan” is not a commonly used word and hence we need to look up a dictionary for understanding the meaning.

According to dictionary.com, the word “Charlatan” means

 a person who pretends or claims to have more knowledge or skill than he or she possesses; quack.”

This was surprising for me since I wase looking at the “Brand Ambassador” of Digital India and confused how can he be a “Quack” and that too an award winning “Quack”?

Then I made a fresh search in the trusted Google and was horrified to get the meaning as

“A charlatan (also called swindler or mountebank) is a person practicing quackery or some similar confidence trick in order to obtain money, fame or other advantages via some form of pretense or deception.”

I was stunned..What? “also called swindler”?.. I intend taking up this with Mr Sundar Pichai and seek a clarification.

Anyway readers may check their own dictionary and confirm if this word has any different meaning.

If Mr Ankit Fadia is a global award winner for the “Security Charlatan” in the DEFCON conference, it is high time DeitY should check what kind of award their search committee should get for identifying and appointing a “Charlatan” as a “Brand Ambassador”.

May be our readers have a recommendation?..If so forward it to Mr Ravi Shankar Prasad.


Lesson to DeitY- Who is a Brand Ambassador?

Posted by Vijayashankar Na on September 30, 2015
Posted in Cyber Law  | 1 Comment

The DeitY has recently been in the news for its decision to appoint “Brand Ambassadors” for the Digital India Programme.

My previous post on this subject in these columns has suggested that there are moles in DeitY who are trying to derail the Modi Government’s flagship program. Only a proper enquiry by the Government would unravel the persons involved. It may also be worthwhile to read this article in Business World which also highlights the problem of the Modi Government due to dishonest bureaucracy.

Assuming that there was no malicious intention in appointing Brand Ambassadors and if any shortcomings were there, it was only a reflection of lack of awareness or inefficiency or ineptitude of the officials, I will try to provide some of my thoughts on the concept of Brand Ambassadors.

The concept of appointing “Brand Ambassadors” is popular in private sector where a “Celebrity” is used in advertisements and promotional campaigns consistently in such a manner that the “Association” with the brand ambassador’s own personality adds value to the product. For example, Amitab Bachhan is used as a brand ambassador for ICICI Bank and it is working well. Lux has been using many celebrities over a period of time.

When Brand Ambassadors get associated with a Brand, they mutually reinforce the brand values. If the product is new and the ambassador is reputed, the reputation of the ambassador gets rubbed onto the product. If the product already has a strong brand perception, the ambassador may also gain.

Take the case of all friends of Indrani Mukherjee like say Suhail Seth.  As long as Indrani Mukherjee was a successful business women, the associated friends also reaped the benefit of association in terms of perception of the outside world.  But the moment she got embroiled in controversies, the friends started running for cover. This is the risk of associating with a brand with an ambassador who has the potential to fail. Such things happen often when sportsmen are used as brand ambassadors. When the sportsman goes through a lean patch, the image of the product also takes a hit.

There are also stray incidents where the failure of the product hurts the image of the ambassador also. Recently,  when Maggi was pulled up for being not what it claimed to be, both Amitab and Madhuri Dikshit who were the brand ambassadors were questioned for their role in misleading the public. The instance of Mr Dhoni being  hauled to Court is an example of how improper use of the brand ambassador by the brand manager can also cause trouble.

Ideally, the image or personality of the brand ambassador should be in sync with the brand personality of the product. If I am the CEO of a company and want to use the services of a brand personality, I will have to do a thorough background check on the person and be satisfied that his past does not contain any adverse image related issues. Besides, I will also ensure that the possibilities of the person’s image being hurt in future is also reasonably non existent. Otherwise, I may be in the midst of a high stake multi crore publicity extravaganza and suddenly my brand ambassador may be caught in a drunken brawl and arrested. Worst still, he/she may be accused of a  crime involving moral turpitude.

The prudence of the Brand management team is to pick the brand ambassador who has an impeccable reputation which gels with the brand personality and is unlikely to be in the wrong end of publicity when his association with the product is being harnessed for the campaigns. If I donot get a proper ambassador who fulfills my criteria, I would rather go without an ambassador for my brand and try to win the consumer’s heart through the product itself.

Now let us apply these principles to the decision of the Ministry in appointing four persons as brand ambassadors to the Digital India project.

Two of these are students who have performed well in IIT JEE. One is working in Samsung USA and the other is Mr Ankit Fadia known more as a “Hacker”. The two students obviously have no baggage. But they also have no great past except as “Topper of IIT JEE”. The third is working in USA and his contribution to India is largely unknown. All these three would get more recognition out of being the brand ambassadors rather than the other way round.

The fourth will on the other  hand come with a lot of baggage and most of it is bad reputation. In fact the possibility of Digital India as a brand losing is more in this case as the other three have little or no potential to damage the brand image of Digital India.

If therefore an evaluation was made objectively, certain negative marks need to be awarded to Mr Ankit Fadia’s choice.

I am also not sure if being a “Topper in IIT JEE” should be a criteria for Digital India. Digital Success globally is often represented by school drop outs since “innovative” persons often feel that the education system as it exists at their time is unable to support their innovative brain. Such people will always be “Ahead of their times” and they can never aspire to work for being an IIT JEE topper.  Some IIT toppers may eventually end up as successful CEOs but they may be working for the school drop outs. (Remember the film Three Idiots).

The choice of all the four Brand Ambassadors is therefore considered as not prudent since they cannot provide a positive brand reinforcement to the concept of Digital India and at least one of them has the potential to impose a huge negative reinforcement.

I therefore call upon the department to withdraw the announcement.

Hope the DeitY officials will incorporate the principles indicated above when they chose a Brand Ambassador in future if required.

Perhaps for the Digital India Project, Government may not need a brand ambassador at present. There can however be an alternative approach. Once the project is under implementation, periodically Government can identify persons who have significantly contributed to the project and recognize them for their contribution for which some criteria need to be developed. He could be considered the  “Brand Ambassador for the Year/Month” until replaced by the next . During the interim period his achievements can be publicized and that will be a motivation for others to contribute to the project in subsequent periods. Such persons can be ordinary Netizens, School Teachers, may be some MPs or even Start Ups and Business owners.

(There is a survey which one of the IS professionals has launched in this respect. Readers can access the survey here and respond.  bit.ly/digitalindiasurvey)


Are there Trojans in DeitY trying to spoil the Digital India Project?

Posted by Vijayashankar Na on September 29, 2015
Posted in Cyber Law  | 2 Comments

Ravi Shankar Prasad as the Minister of Communication and Technology occupies a key position in the Modi cabinet. His ministry is also critical to the image of Mr Modi himself who is pushing the Digital India Concept world over.

On the other hand, opposition is very keen that Modi should be portrayed in bad light and one strategy they seem to have hit upon is to work through the DeitY and put spokes in the digital projects that Modi would like to succeed. Mr Ravi Shankar Prasad has been caught in between and he is forced to face the bad publicity generated by the series of blunders committed by the department.

First it was the net neutrality debate, the publication of lacks of e-mail addresses by TRAI, then it was the Draft Encryption Policy and now the appointment of  “Brand Ambassadors” for the Digital India promotion.

The most recent of the decisions which has caught the attention of the public is the announcement on 29th September 2015 that Mr Ankit Fadia was appointed as a Brand Ambassador of the Digital India project on 1st July 2015. Also, PIB first released a press release number 128279 at 03.46 GMT (09.16 IST) denying that any brand ambassador was appointed as reported in the section of press as shown below.


Actually, the press report had emanated because Mr Ankit Fadia himself had posted on his Facebook Time line the information about the appointment along with a certificate issued by Mr Ram Sewak Sharma who was the secretary of the department earlier and has now moved over as the TRAI chairman and is due to go into super annuation shortly.


Then surprisingly, there was a clarificatory press release issued at 1800 IST that Mr Ankit Fadia and three others had been appointed as “Brand Ambassadors”.



It is surprising how the department manages to work in this manner again and again as if there are a bunch of school kids managing the department.

Apart from the strange manner in which notifications are issued, retracted and re-issued, it is necessary for the public of the country to understand that these repeated bloomers reflect a gross inefficiency and ineptitude of the departmental officials. They show case the ignorance of the officials in arriving at decisions which are downright bad.

To this list we may add one more shortly when the President of India would be passing a bill to amend Indian Registration Act in a manner that is not legally feasible under Information Technology Act 2000.

(Ed: This refers to a bill from Karnataka and the department has already been notified by the undersigned that it is ultra-vires ITA 2008 and has to be rejected by the President. But I am not confident that DeitY would act in time to stop the bill and we can discuss this once again as another faux pas involving the President also).

The people of India are worried that  these people in DeitY may be incapable of taking India to the Digital India and implement projects such as Smart Cities, IOT etc.

Let us look at the lack of normal due diligence that is evident in the appointment of Mr Ankit Fadia as the Brand Ambassador. If anybody makes a google search, he would come across a multitude of articles expressing grave doubts about this gentleman’s capability for what he claims, that is as an “Expert Ethical Hacker” and more importantly expressing doubts about his integrity, penchant for making false claims etc. I am not trying to pass a judgement on the gentleman here but would only draw the attention of the citizens of the country to some of the following articles namely

1.Ankit Fadia Revealed– Forbes India

2.Ankit Fadia is Indian Hacker-Arudh.com

3.Ankit Fadia-India’s Best Fake (Fraud) hacker– waybyhackers.blogspot.in

4.Is Ankit Fadia selling Viagra?..Midday

While there are many articles which on the other hand speak about his training programs etc., the information available from the informed Information Security Community indicate that Mr Fadia unfortunately does not seem to enjoy a good reputation.

Further, some body who claims to have hacked CHIP magazine, (Editor says this is false), helped FBI and CBI in cracking international cases (For which no proof seems to be there), the role of a “Brand Ambassador” where he has to be a “Role Model” does not suit. .

Perhaps  the wisemen in DeitY may be thinking that  we need to bring up the next generation of youngsters on the thought that it is great to be a hacker. I disagree on this view. The future of Digital India should not  be built on youngsters who think a “hacker”  is a role model.

I reiterate that I am no body to pass a professional view on Mr Fadia and his capabilities as a Hacker. But I am only looking at the perception that he carries in the professional circles and the perception that his appointment would have with the community.

I request through these columns, Mr Fadia to explain why the perception which the information security professionals seem to hold about him is wrong. We will be glad to publish the same here.

But at the same time we would like DeitY to explain if possible what sort of due diligence they exercised in appointing Mr Fadia as the Brand Ambassador for Digital India, whether the above articles were brought to the notice of Mr Ravi Shankar Prasad and he understood the import of appointing Mr Fadia for this role. Or were these articles hidden from the attention of the Minister and he was kept in the dark about this alternate view present in the market about Mr Fadia.

I am aware that this information can be sought by an RTI but we would like DeitY to disclose the information without the formality of going through an RTI process. We will be glad to publish the clarification that the department may give in this regard.

Assuming that some corrective action would be initiated by the Minister in this regard, we may put aside the issue for the time being.

However, I am deeply concerned that the repeated occurrences of what appears to be an impossibly foolish decisions taken by the DeitY indicate that there is some mole in the department who is working solely for the purpose of discrediting Mr Ravi Shankar Prasad and through him Mr Modi. He is acting like a typical “Trojan” or a “Computer Contaminant” who needs to be identified and removed. It is possible that the trojan may not be alone but actually be a group who owe their loyalty to the previous regime.

I call upon Mr Amit Shah to personally investigate the matter and take corrective action as otherwise the fears all of us have about Digital India project ending up in a fiasco may actually manifest.

On our part, as responsible members of the digital society at present,  undersigned as well as a few other professionals have found it necessary to start a “Secure Digital India” initiative and keep alerting the Government on some of the key issues on which attention may be required. We hope sooner or later the Government will realize that it is better to take advise from people who care for the nation rather than those who may be within the department and trying to destabilize the operations.

P.S: My apologies to Mr Ankit Fadia as a person. I have made some of the comments here with lot of regret. I  would have liked to avoid it if it was not for the belief that the administration needs to be toned up and citing his example was necesssary for this purpose.   I have used his example here more to highlight the lack of due diligence of the department rather than to pass any judgement on his capability. He may have a useful role to play for the success of  Digital India project but I doubt if that would be as a “Brand Ambassador”.  My friendly advise to him is to recuse himself from being the Brand Ambassador for the Digital India project.


As Prime Minister Modi concludes his historic visit of the US west Coast aggressively selling the concept of Digital India to the US tech industry, back in India, it is recognized that the Digital India initiatives need to be supported by other support initiatives.

 The Ministry of Communications and Information Technology (MCIT) should be the natural leader in developing this support system. Other ministries including the Education Ministry,  Commerce Ministry, the Law Ministry and the Finance Ministry also have their roles to play. When it comes to security of Digital India, even the Home Ministry needs to provide its support.

At present, Mr Modi is running ahead of others with his ideas and marketing efforts. But others don’t seem to be able to catch up with him. In particular, the bureaucracy appear to be completely confused.

The scenario as it is building up is very much like a management problem that a CEO of a company faces when a major new project is being taken up for implementation and the organization as a whole is not ready for the change.

Some of the recent decisions of the MCIT which are initiated by the DeitY have created a concern among Information Security professionals that DeitY has no clue on the problems that Digital India implementation and Security requirements.

But, instead of remaining arm chair critics, a responsible group of Information Security professionals have decided that they would support the Digital India initiative of the Government with a “Secure Digital India” initiative.

The group has formed a “Special Interest Group” and will collaborate through the Face Book page and try to develop specific documents commenting on the information security aspects of Digital India. It will be a non Government voluntary initiative aimed at working like a “Shadow Cyber Security Expert Group” advising the Government (though unsolicited at this point of time) through the social media on issues relevant to Secure Digital India.

I look forward to your support in this initiative.


The Digital India vision of Mr Modi has been making rounds in the tech circles in San Jose. During his interactions with the techies, it was notable to observe that Modi did mention about Privacy Protection, Cyber Security and Intellectual Property Protection which are key concerns in the Digital Industry and can be considered as “Essential Aspects of Ease of Doing Business in India” for the tech companies.

We are aware that we need to cover a lot of ground in these aspects and periodically, people like us will criticize bad initiatives such as the Draft encryption policy of the DeitY or the Section 66A scrapping by the Supreme Court or the Karnataka Adjudication system and Cyber Appellate Tribunal not being available, Karnataka Government passing an illegal bill in the Legislative houses etc. In the future also we will continue to criticize whenever things donot happen the way they should.

But it is clear that Mr Modi and his vision is at a different plane to all others in the Indian Government. As a result either the rest of the people in his Government are unable to keep pace with him or more probably the bureaucracy which has developed its own vested interests in the Congress regime is looking at  opportunities to discredit the current Government and Modi’s initiatives and need to mend its ways.

However, we are atleast reassured that Mr Modi is traversing in the right direction, and even if his journey is delayed, he will ultimately reach his destination and make the Digital India dream a reality. It was heartening to observe that the tech giants were able to share the optimism of Mr Modi and were eager to increase their commitments to India.

Sitting in Bengaluru, governed by Congress which has been pursuing the sole policy of doing everything to prevent Modi from succeeding in taking the country ahead, it appears that the State has lost a great opportunity to progress by electing the Congress Government in the last state elections. Mr Siddaramaiah himself came to power with a good promise but he has become a victim of the Congress culture and unable to do things which he himself could have done to enable Karnataka move ahead. It appears that he has now resigned to counting time to retire. If he had been able to be on Modi’s Digital India initiative, representatives from Karnataka should have been in San Jose now trying to arrange a marriage between the US-Silicon city with the Indian Silicon City.  Unfortunately we continue to languish in the garbage of bad roads, caste politics,  etc.

What will be amusing in the next few days is how Congress politicians try to find fault with Modi’s actions in USA and further expose their frustration as well as anti development initiatives.

One of the key aspects which was impressive in Mr Modi’s dicussions in San Jose  is the concept of “Personal Sector” which Mr Modi appears to have brought up during the discussion with Mr Tim Cook of Apple when he tried to impress upon him that apart from developing a manufacturing base for iPhones, he should consider an “App-development Eco System” in India supporting individual entrepreneurial initiatives. The view that came out was that just like the Public Sector and Private Sector there can be a “Personal Sector” of the economy that can contribute to the growth of the country with self employed technical professionals working on their own without looking for employment either in the Public or Private Sector and eventually creating employment opportunities for others.

A few decades back, when the undersigned resigned first from public sector and then from private sector and entered what we now recognize as the “Personal Sector”, we were very apologetic about the decision. Despite our personal confidence, we had to contend with the society which looked upon such persons as impractical. But now the “Start up Culture” has gained  respectability and IIT and IIM graduates donot mind giving up lucrative job offers and moving into the “Personal Sector”.

Modi’s visit to San Jose has raised the awareness and respect for  such moves so that in the coming days parents donot discourage their wards if they are really interested in giving up jobs and starting their own ventures.

Now it is for Mr Arun Jaitely and Mr Ravi Shankar Prasad to think of other supporting policy initiatives that make this “Personal Sector” develop in their respective departments of Finance and IT.

Apart from the two ministries of Finance and IT which need to provide direct policy push to Mr Modi’s “Personal Sector” initiative, it is necessary for Ms Smriti Irani  also to start thinking of policies that will not only provide the right educational input at the time our students graduate, but also run “Start Up Entrepreneurial Programs” for developing the necessary skill sets. Many times, failures of start ups result from the fact that an idea may be technically brilliant but is not financially feasible for various reasons.

I have been advising many Start ups to start as a team of professionals of which there should be Financial, Marketing and Managerial experts also besides the Technology experts. Additionally, I have been advising such Start ups to conduct a “Techno Legal Feasibility” of their projects so that they donot get into legal hurdles for their projects.

I hope “Digital India” initiative will incorporate a sub project for developing “Start Up Skills” and I would like professional organizations in India undertake a series of workshops and conferences on the theme of “What it takes to be a Successful Start up”?.. Will Computer Society of India or NASSCOM or  Management Associations take the responsibility?

I invite one of these institutions to build a “Development Center For StartUps” and undertake all activities that are integral to the skill development for this sector. The Central Government through the education ministry can provide the necessary support in terms of funds and conduct workshops around the country to develop the “Personal Sector”.



In what should be an eye opener to the Corporate Sector, Law Enforcement and the Government, it is reported that two Indian conglomerates were forced to pay $5 million each to hackers who blackmailed them.

Refer Report in ET

Refer Report in businessinsider.in

Refer Report in track.in

The report hides the names of the conglomerates but states that the payments were made in May. It appears that the hackers collected series of email correspondence between the employees of the company and some other entity which revealed illegal activities and blackmailed the companies to pay the ransom.

Though the report names some hacker groups from Middle East, the possibility that the employees themselves have raised the demand through others cannot be ruled out.

It is stated that the Companies appointed “Private Detectives” to check the incident and did not report it to the authorities. Such Cyber Experts have also passed on their comments to the news reporters and these news agencies now have the identity of both the companies as well as the cyber experts who also have the knowledge of the incident.

So far so good. $ 10 million is lost and probably the two companies are large enough to absorb this loss and move on.

But the story does not end here. In fact another story has just begun and I want the law enforcement to move in and investigate. It is possible that the law enforcement also may be sucked in to this “Hiding of Information” and the companies may pay silence money to them. I therefore call the attention of the Central Government which is concerned about the “Black Money” and initiate a larger probe to bring the offence to full light and let the public know what really happened and where.

The fact that the two companies have paid a ransom of US $ 5 million each (Rs 30 crores each) indicate that the value of the offence which they had committed earlier about which the hackers successfully collected the ransom must of of the order of at least Rs 100 crores each. This must be a cognizable offence which the companies as well as the Cyber experts and the media have kept under the wraps. Neither the news paper nor the Cyber Experts involved have the right to hide a cognizable offence which may have ramifications including “Financing of Terrorists”.

Also if the Companies have paid the ransom to the Middle East entities, the payment itself will be in black money possibly in the form of bitcoins. Payment in black, buying Bitcoins both could be considered as additional offences committed today by these companies to hide their previous offences. The Companies therefore have committed further crimes to cover their earlier crimes.

Also, it cannot be ruled out that the hackers may make further claims perhaps through different entities and demand further ransom since for them these companies will be an eternal milchcow.

Now it is necessary to recognize that these two sets of offences and the potential loss in future will have adverse impact on e Investors in the Company and Banks who have lent to the conglomerate.

I therefore call upon SEBI and RBI to clarify to the public what action they are going to take in this news report.  If SEBI and RBI keep quiet, it would only indicate that they have been silenced too.

Probably the Courts also can take suo moto action and launch some proceedings. At least I hope the news channels who crave for such crime stories to pick up the incident and explore for the nation to know the truth.

Let us wait for some time for RBI and SEBI to clarify and then start the next level of questioning these agencies if they fail to act.

At the same time, I would have preferred the two companies to have surrendered to the authorities instead of paying the ransom and requested the Government to pardon them. If they failed to do so earlier for whatever reasons, they should do so at least now.