Professional Documents
Culture Documents
Cyber Law Study Mat
Cyber Law Study Mat
1. Shrink-wrap contracts
The name derives from the shrink wrap packaging of the CD-ROMs in which software used to
be distributed. In cases when licensing contracts are packaged along with the software, the
contract begins when the user tears open the shrink wrap to use the software.
Licensing agreements these day s are usually not delivered with the packaging and instead show
up before installing the software in question.
Shrink wrap contracts, have a decided advantage over other types of electronic contracts in that
their acceptance can be reversed by returning the product.
2. Clickwrap contracts
Clickwrap contracts refer to those familiar and long blocks of text that nobody reads, detailing
the terms and conditions for using a web-based service, software, etc.
They’re called clickwrap contracts because the user typically has to click a button or check a box
to indicate that they accept the contract.
clickwrap contracts are “less negotiable” than shrink-wrap contracts, i.e., they must be accepted
for the user to proceed to the next web page or gain access to an application, so forth.
Essentially, clickwrap agreements create a scenario in which the user is forced to either take it or
leave it.
This creates a slew of legal problems regarding the enforceability of clickwrap contract.
Specht v. Netscape
Dating back to 2002, this case is seen as the original clickwrap case. Plaintiffs downloaded
Netscape Communicator, which consists of Netscape Navigator and other web software, from
the Netscape website, when they clicked "Yes", indicating assent to the terms of the click-wrap
license agreement for Communicator.
Claims related to SmartDownload are not covered by the license agreement for Netscape
Communicator, despite the fact that SmartDownload is meant to enhance the functioning of
Communicator. This means that when the plaintiffs clicked through Communicator's license
agreement, they were not agreeing to the SmartDownload agreement. Thus on the web page
users visited to download software, Netscape included language “Please review and agree to the
terms” at the bottom of the screen, but users weren’t required to agree to the terms in any other
way.
The court determined that a customer clicking a button didn’t necessarily indicate an agreement
to terms if the customer wasn’t aware of the existence of those terms, and did not enforce
Netscape’s terms.
Barnes & Noble included a link to the terms on the bottom left corner of every page on their site.
If a user clicked on the hyperlink to the terms, they would see the language at the very top of the
terms that by visiting or doing anything on the Barnes and Noble site, they have accepted the
Terms of Use.
Unfortunately, Barnes & Noble included the link at the bottom of each webpage and did not
otherwise call the terms out to the user or require them to take an action to explicitly assent to the
terms.
So, the court found that users were not put on reasonable notice.
3. Browse-wrap contracts
Browse-wrap contracts are something you’ve probably seen daily. They refer to pieces of text on
websites that go something like – “By continuing your use of these services, you agree to the
terms and conditions” or “By signing up I agree to the terms of use.”
Essentially, browse-wrap agreements are contracts that you agree to simply by continuing to use
the service or continuing to browse the web page, which is where the term originates.
Additionally, the terms of browse-wrap agreements can be viewed usually through a hyperlink.
Blockbuster may at any time, and at its sole discretion, modify these Terms and Conditions of
Use, including without limitation the Privacy Policy, with or without notice. Such modifications
will be effective immediately upon posting. You agree to review these Terms and Conditions of
Use periodically and your continued use of this Site following such modifications will indicate
your acceptance of these modified Terms and Conditions of Use. If you do not agree to any
modification these Terms and Conditions of Use, you must immediately stop using the Site.
The court found that this language made for portions of the agreement to be "illusory" because
they really could be changed at any time and with no actual notice and no actual acceptance or
agreement to the change.
This case showed that to really lock a user into the Terms of Service or Privacy Policy you
dictate for your web site or mobile app, you absolutely need to give actual notice that you have
terms, rules and policies and get an actual agreement to them.
Q.3
Elements Of E Contract
1. Offer
Offer is defined under Section 2(a), of the Indian Contract Act, 1872. It states that an offer is an
expression of the willingness of a person to enter into a legally binding contract with another
party. Advertisement on websites is considered to be an invitation to offer until and unless it is
specified clearly. Because offer and invitation to offer are two different concepts. An offer to any
person, is an invitation to it, until intention, is clearly conveyed. When a person responds via an
e-mail or fills in any forms available on the internet, they make an offer for a particular thing.
Now it's in the hand of the seller whether to accept it or reject it either by an express
confirmation or maybe by any conduct. As a result of which, we can say that an invitation to
offer is incapable of turning into a binding contract by accepting its terms and conditions until it
is accepted.
2. Acceptance
Once an offer is accepted, a contract comes into existence, except the postal acceptance rule
applies. The postal acceptance rule is an exception to the normal rule that acceptance of a
contract must be communicated to the offeror before a contract comes into existence. Under this
rule, acceptance of a contract is said to occur at the time when the acceptance is posted. Hence,
the communication of acceptance is complete, on part of the proposer when it is put in the course
of transmission to him and as on part of the acceptor when it comes to the knowledge of the
proposer that is when the acceptance enters into the designated computer resource. There is no
disparity between Indian and Common law in this regard as seen in Lalman Shukla v. Gauri
Dutt. Here the plaintiff is a munib. The defendant's nephew was absconded and the plaintiff
volunteered his services to search for the missing boy. In this case, wherein spite of the fact that
he found the boy whose uncle had promised to pay Rs. 501 to anyone who finds his nephew. But
the munib was denied the reward seeing that he came to know about the payment only after
finding the boy. Both offer and acceptance can be mainly done via email, website forms, and
online agreements.
The Information Technology Act of 2000 is not a complete one and as a result, the Indian
Contract Act of 1872 is still used for electronic contracts as well. However, both acts still
complete each other.
Section 5 which speaks of revocation will not be relevant as there is no much time in electronic
contracts. The dispatch and receipt of mail happen within few minutes and simultaneously.
In Re London And Northern Bank case we see that an offer to purchase shares was withdrawn
by a letter posted on 26th October and it reached the acceptor (addressee) on the next day at 8:30
a.m. The acceptor actually posted the letter of acceptance of the offer after 8:30 a.m. The offer
was held validly revoked.
4. Lawful Consideration
The Indian Contract Act of 1872 says that for a valid contract, there must be a lawful
consideration. The same applies to e-contracts too. In the present days, once an item has been
supplied and the payment is successfully done, the consideration is executed and the needs are
satisfied. The main problem arises at that time when the consideration is mere executory once.
Like in the case of online shopping sites which promise to supply any product(cash on delivery).
Another problem arises that Contract law can't be applied fully in e-contracts sometimes when an
autonomous computer is used.
Online purchase: Cash on delivery/ online payment first and then only delivery.
5. Lawful Object
The object which is used for entering into the contract should be a lawful one. Contracts that are
illegal or which violate public policy will not be enforceable by courts. Such types of contracts
are considered to be void. An agreement that calls for, the causing of a crime is illegal and
therefore void.
It is generally accepted, that natural persons and legal persons both are capable of entering into
contracts. Computers don't come under natural persons, Neither English nor American contract
law, at present, consider them to be legal persons and therefore are not considered to be
competent parties to contracts. As a result, it is the buyer and the seller who are natural persons,
and, are capable of being parties to the contract. The autonomous computer, clearly cannot be a
contractual party to the contract.
7. Free Consent
The consent should be free from fraud, misrepresentation, mistake, etc. However, it becomes a
bit difficult sometimes to determine because the margin that is used to determine the strict rule of
free consent gets narrower.
8. Certainty Of Terms
Keeping a record of the contract as agreed is important and vital too. This leads to difficulty if
there are several email exchanges, each attaching documents intended to form part of the terms
of the contract including counter-offers and negotiations amongst the contracting parties. As
mentioned above, it leads to difficulty in such a case to determine who is the offeror and who has
accepted the offer, which may determine the party's terms and conditions applicable.
Q.5
It has a wide and great scope in the corporate field. Students who are experts in cyber law are in
great demand and are paid handsomely. The rapid growth of the information technology has lead
to a situation where the existing laws are challenged. It deals with computer hackers and people
who introduce viruses to the computer. Cyber Law prevents or reduces the damage from cyber-
criminal activities by protecting information access, privacy, communications, intellectual
property (IP) and freedom of speech related to the use of the Internet, world wide web (www),
email, computers, cell phones, software and hardware, such as data storage devices.
In today’s techno-savvy environment, the world is becoming more and more digitally
sophisticated and so are the crimes. Internet was initially developed as a research and
information sharing tool and was in an unregulated manner. As the time passed by it became
more transactional with e-business, e-commerce, e-governance and e-procurement etc. All legal
issues related to internet crime are dealt with through cyber laws. As the number of internet users
is on the rise, the need for cyber laws and their application has also gathered great momentum.
In today’s highly digitalized world, almost everyone is affected by cyber law. For example
Cybercrime cases such as online banking frauds, online share trading fraud, source code
theft, credit card fraud, tax evasion, virus attacks, cyber sabotage, phishing attacks, email
hijacking, denial of service, hacking, pornography etc. are becoming common.
Digital signatures and e-contracts are fast replacing conventional method of transacting business.
Technology per se is never a disputed issue but for whom and at what cost has been the issue in
the ambit of governance. The cyber revolution holds the promise of quickly reaching the masses
as opposed to the earlier technologies, which had a trickle-down effect. Such a promise and
potential can only be realized with an appropriate legal regime based on a given socio-economic
matrix.
UNIT 2
Q.2
Asymmetric Encryption
Can only be decrypted using a publicly available key known as the ‘Public Key’ provided by the
sender. The procedure has been under Section 2(1)(f) of the Information Technology Act, 2000.
Under this system, there is a pair of keys, a private key known only to the sender and a public
key known only to the receivers.
The message is encrypted by the private key of the sender, on the contrary, decryption can be
done by anyone who is having the public key. It depicts the authenticity of the sender. It is also
known as the ‘principle of irreversibility’ ie. the public key of the sender is known to many
users, but they do not have access to the private key of the sender which bars them from forging
the digital signature.
Symmetric encryption is a type of encryption where only one key (a secret key) is used to both
encrypt and decrypt electronic information. The entities communicating via symmetric
encryption must exchange the key so that it can be used in the decryption process. This
encryption method differs from asymmetric encryption where a pair of keys, one public and one
private, is used to encrypt and decrypt messages.
By using symmetric encryption algorithms, data is converted to a form that cannot be understood
by anyone who does not possess the secret key to decrypt it. Once the intended recipient who
possesses the key has the message, the algorithm reverses its action so that the message is
returned to its original and understandable form. The secret key that the sender and recipient both
use could be a specific password/code or it can be random string of letters or numbers that have
been generated by a secure random number generator (RNG). For banking-grade encryption, the
symmetric keys must be created using an RNG that is certified according to industry standards,
such as FIPS 140-2.
Block algorithms: Set lengths of bits are encrypted in blocks of electronic data with the use of a
specific secret key. As the data is being encrypted, the system holds the data in its memory as it
waits for complete blocks.
Stream algorithms: Data is encrypted as it streams instead of being retained in the system’s
memory.
AES, DES, IDEA, Blowfish, RC5 and RC6 are block ciphers. RC4 is stream cipher
While symmetric encryption is an older method of encryption, it is faster and more efficient than
asymmetric encryption, which takes a toll on networks due to performance issues with data size
and heavy CPU use. Due to the better performance and faster speed of symmetric encryption
(compared to asymmetric), symmetric cryptography is typically used for bulk encryption /
encrypting large amounts of data, e.g. for database encryption. In the case of a database, the
secret key might only be available to the database itself to encrypt or decrypt.
Q.3
Legal recognition of electronic records- Where any law provides that information or any other
matter shall be in writing or in the typewritten or printed form, then, notwithstanding anything
contained in such law, such requirement shall be deemed to have been satisfied if such
information or matter is-
Sudershan Cargo Pvt. VS. M. Takewake Engineering Pvt. Ltd: Acknowledgement of debt by
e-mail constitutes valid and legal acknowledgement. Acknowledgement though not signed by
addressee would satisfy parameters of section 18 of Limitation Act.
Legal recognition of electronic signature- Where any law provides that information or any
other matter shall be authenticated by affixing the signature or any document shall be signed or
bear the signature of any person, then, notwithstanding, anything contained in such law, such
requirement shall be deemed to have been satisfied, if such information or matter is authenticated
by means of an electronic signature affixed in such manner as may be prescribed by the Central
govt.
Section 6: Use of electronic records and electronic signatures in Govt. and its agencies-
Section 7: Retention of electronic records- (1) Where any law provides that documents,
records or information shall be retained for any specific period, then, that requirement shall be
deemed to have been satisfied if such documents, records or information are retained in the
electronic form, if-
Provided that this clause does not apply to any information which is automatically generated
solely for the purpose of enabling an electronic record to be dispatched or received. Temporary
storing for dispatch is not covered under this section. Nothing in this section shall apply to any
law that expressly provides for the information for the retention of documents, records or
information in the form of electronic records.
Q.4 UNCITRAL Model Law on electronic signatures 2001
The purpose of UNCITRAL Model Law on Electronic Signatures 2001 provides the following
statement which signifies the importance of electronic signature.
General Provisions
Article 2 of the Law provides six definitions, the most important one is of “Data message”. It is
defined as information generated, sent, received, or stored by electronic, optical, or similar
means. This definition has been attributed after taking into consideration the future technological
developments as well, which is the reason for inclusion of the term similar means. This wide
definition includes the notion of a record and even revocation and amendment.
The sphere of application that Article 1 talks about, is for the information in the form of data
messages, in the context of commercial activities. Article 1 talks about application – Information
in form of data messages in the realm of commercial activities.
The Model Laws give the interpretational tools (Article 3) which call for a standard of
international origin and uniformity in application of general principles of law.
(Article 4): There can be variation in the communication of data messages by the agreement of
the parties
The principle of non-discrimination has been enforced by the means of Article 5 which
specifies that the information communicated via electronic mode, i.e., in the form of data
messages cannot be denied legal validity and effect. Information by the way of reference has also
been given legal validity and thus, the application of this law has been considerably widened.
This is of utmost importance in the context of international law.
The nations required the documents to be in writing and validation was only given to the hand
written signature as a form of authentication. By the means of provisions in Articles 6 & 7, the
Model has done away with both of the above obstacles. Accessibility of data messages does not
require the document to be in writing, and recognition of digital signature marks the approval
of the full structure of the contract. This provision is termed relevant for every circumstance
including a relevant agreement.
The notion of originality is defined in Article 8 which provides that data messages can fulfill the
legal requirement of presentation and retention of information in its original form subject to the
assurance of integrity and presentability of data messages. Presentability meaning the ability to
display the information where required. Article 9 specifies that the data messages cannot be
denied admissibility in the court of law solely on the basis that the information is in the form of a
data message. Thus, evidentiary value has been granted to data messages.
The requirement of retention of information is also met by retention of information in the form of
data messages subject to the accessibility, accuracy and originality of format and identity of
origin. (Article 10).
Offer and acceptance of offer, when communicated in the form of data messages, cannot be
denied legal validity and enforceability solely on the grounds that they are in the form of data
messages. Thus, the formation of a valid contract was made possible through the means of data
messages. (Article 11)
Article 12: Acknowledgement in the form of receipt of data messages has also been granted
legal validity.
Article 13: The data message is attributed to the originator if it is sent by him or by a person
authorised by him.
Article 14: provides that the receipt of the data message and its acknowledgement can also be
agreed upon by the parties beforehand.
Article 15: The transaction ensues (occurs) when the information goes out of control of the
sender. The place of dispatch is the place of business and the time is when the acceptance enters
the system of the addressee.
Specific provisions
Articles 16 & 17 talk about carriage of goods and transport documents. They enforce the ability
to achieve carriage of goods by the means of data messages and fulfillment of the requirement of
transport documents through the same as well. It is imperative for the objective of furtherance of
international trade.
Q.5
Under the contract law also, signature holds a vital position as it is considered as a sign of
acceptance of an offer. The Conventional form of signatures has evolved a lot due to
technological advancement. With the increased usage of online transactions and e-mails, the risk
of the data being hacked has also increased. Hence, the concept of online signatures has become
relatively important.
The person who receives the electronic message or document is able to realise who is the sender
of the message. The digital signature makes it possible to verify the name of the person signing
the message digitally.
The receiver of the electronic message is able to determine whether he/she has received the
original document or whether the document has been altered before the receipt or not.
3. Non- Repudiation
The sender of the message cannot refute the contents of the electronic message and cannot deny
that he/she had never sent the message.
DIFFERENCE
Authenticit It is less authentic as compared to the It has more authenticity as compared to the
y digital signature. electronic signature.
Use It is used for verifying a document. It is used as a means for securing a document.
E-GOVERNANCE
The e in e governance stands for electronic Governance refers to lawful rules for management,
control and administration. E governance is a public sector, use of information and
communication technologies with Aim of:
E governance generally considered as a wider concept than E government, since it bring change
in the way of citizen, relate to government and to each other. E governance can bring the concept
of citizenship. Its objectives is to enable, engage and empower the citizen.
Objectives of E governance:
1. E governance is not only providing information about the various activities and
organisations of the government but it involves citizens to communicate with government
and participate in decisions-making process.
2. Putting government rules and regulations online.
3. Putting information relating to government plans, budget, expenditures and performances
online.
4. Putting online key judicial decision like environment decision etc, which is important for
citizen and create precedence for future actions.
5. Making available contact addresses of local, regional, national and international officials
online.
6. Filing of grievances and receiving feedback from the citizens.
7. Making available the reports of enquiry committees or commission online.
Legal recognition of record (section 4): where any law requires that any information should be
in the typewritten or printed form then such requirement shall be deemed to be satisfied if it is an
electronic form. Therefore, section 4 confers validity on electronic record.
Legal recognition of electronic signatures (section 5): Where any law provides that only
information or other matters shall be authenticated by affixing the signature or any document
shall be signed or bear the signature of any person, then such information or matter is
authenticated by means of electronic signature affixed in such manner as may be prescribed by
the central government.
Use of electronic records and electronic signature in government and it's agencies (section
6): The filling of any form, application or other documents, creation, retention or perseverance of
record, issue or grant of any license or permit or payment in government offices and it's agencies
may be done through the means of electronic form.
Delivery of services by service provider (section 6A): For the purpose of E governance and for
efficient delivery of services to public through electronic means the appropriate government
may, by notification in the official gazette authorize any service provider to set up, maintain and
perform such other services as it may specify.
Retention of electronic records (section 7): The documents, records or information which to be
retained for any specified period shall be deemed to have been retained if the same is retained in
the electronic form provided the following conditions are satisfied:
The information remains accessible so as to be usable subsequently.
The electronic records is retained in its original format which accurately represent the
information contained.
The detail which will facilitate the identification of the origin, destination, dates and time
of receipt of such electronic records are available there in.
Audit of documents etc. Maintained in electronic form (section 7A): where any law for time
being in force contains provision for audit of documents, record or information, then such
provision shall also be applicable for audit of documents, records or information processed and
maintain in electronic records.
Publication of rule, regulation etc in electronic gazette (section 8): Where any law provides
that any rule, regulation, order, bye law, notification or any other matter shall be published in
official gazette, then such requirements shall be deemed to have been satisfied if such rule,
regulation, order, bye law, notification or any other matter is published in official gazette or
electronic gazette.
No right to insist government office etc to interact in electronic form (section 9): No right is
conferred upon any person to insist any ministry or department of central government or state
government or any authority under any law or controlled or funded by central or state
government should accept, issue, create, retain and preserve any documents in the form of
electronic records or effect any monetary transaction in the electronic form.
Power to make rules by central government in respect of electronic signature (section 10):
In India, the main thrust for E governance was provided by the launching of NICNET in 1987-
The National Satellite Based computer Network. This was followed by the launch of district
information system of national informatics Centre Programme to computerize all district offices
to the state government.
Parliament of Indian website: Website of Indian parliament carries information of the
parliament, the constitution of India, various budgets, resume of work, parliamentary debates,
committee and members of the house and links to other central and state government website.
E governance Centre at Haryana secretariat: The Haryana govt has set up E governance
Centre at the secretariat to effectively monitor information technology in the state.
Bhoomi: This project was started by the state of Karnataka which involves computerization of
more than 200 treasuries all over the state and it was mainly for computerization of land record
system.
Contents:
1. Introduction
5. Powers of CCA
1. Introduction
Sections 17 to 34 of Chapter VI of the Act provide for the Controller of Certifying Authorities
(CCA) to licence and regulate the working of Certifying Authorities (CAs). CCA also ensures
that none of the provisions of the Act are violated. The regulation of certifying authorities or
electronic signature infrastructure in India consists of:
Controller of Certifying Authority (CCA). The IT Act, 2000 provides for an appointment,
functions, powers, duties of CCA (the apex regulatory body for certifying authorities in
India) and other officers.
Certifying Authorities (CAs). A certifying authority is a trusted third party or entity that
will get licence from the controller and will issue electronic signature certificate to the
users of e-commerce. These authorities will function under the supervision and control of
the controller of certifying authorities.
Section 17:
- It provides that the Central Government may, by notification in the Official Gazette,
appoint a Controller of Certifying Authorities for the purposes of this Act. It may also be
the same or subsequent notification appoint such number of Deputy Controllers, Assistant
Controllers, other officers and employees as it deems fit. (Appointment)
- The controller has to function under the general control and directions of the Central
Government and the Deputy Controllers and Assistant Controllers have to function under
general superintendence and control of the controller. (Control and function)
- The controller shall have its head office at a place prescribed by the Central Government.
(Place of office)
- There shall be a seal of the office of the controller. (Seal)
vi. To specify the terms and manner for maintenance of accounts by CAs;
vii. To specify the terms and conditions for appointment of auditors and their
remuneration;
b) To recognise the foreign certifying authority (Sec. 19). The controller, with the prior
permission of the Central Government and by notification in the Official Gazette, may
recognise any foreign certifying authority for the purpose of this Act [Sec. 19(1)].The
controller may revoke such recognition by notification in the Official Gazette for reasons
to be recorded in writing [Sec. 19(3)].
c) To grant licence to CAs to issue electronic signature certificate (Sec. 21). The
controller can grant a licence to any person to issue electronic signature certificate
provided he applies and fulfils such requirements with respect to qualification, expertise,
manpower, financial resources and other infrastructure facilities which are necessary for
the issue of Electronic Signature Certificate [Sec. 21(1) and (2)].The controller may after
considering the documents and such other factors, as he deems fit, grant the licence or
reject the application. He may reject only after the applicant has been given a reasonable
opportunity of presenting his case (Sec. 24).
d) To suspend licence (Sec. 25). The controller may suspend licence if he is satisfied after
making an enquiry that CA has:
ii. failed to comply with terms and conditions necessary for granting
of license.
The notice of suspension or revocation may be published in the database maintained by the
controller (Sec. 26).
Application for licence (Rule 8). The following persons may apply for grant of licence
to issue electronic signature certificate :
iii. A firm having capital subscribed by all partners of not less than ` 5 crore
and net worth of not less than ` 50 crore ; However, the firm, in which the
capital held in aggregate by any non-resident Indian and foreign national,
exceeds 49% of its capital, shall not be eligible for grant of licence ;
Submission of application (Sec. 22 and Rule 10). Every application for the issue of a
licence shall be in such form as may be prescribed by the Central Government and shall
be accompanied by :
Validity of licence (Rule 13). A licence shall be valid for a period of 5 years from the
date of its issue and the licence shall be non-transferable or non-heritable.
Issuance of licence (Sec. 24 and Rule 16)Note. For details refer point 3 of para 8.3.
Renewal of licence (Sec. 23 and Rule 15). An application for renewal of a licence shall
be
xi. made not less than 45 days before the date of expiry of the period of
validity of licence.
Suspension of licence (Sec. 25 and Rule 14)Note. For details refer point 4 of para 8.3
No Certifying Authority whose licence has been suspended shall issue any electronic
signature certificate during such suspension [Sec. 25(3)].
4. Powers of CCA
The Act has conferred the following powers upon the controller of certifying authorities :
a) Power to authorise in writing, the deputy or the assistant controller or any officer to
exercise any of his powers (Sec. 27).
b) Power to investigate any contravention of the Act or rules or regulations made
thereunder. [Sec. 28(1)].
c) Power to direct a certifying authority or any employee of such authority to take such
measures or to cease to carry on such activities if these are necessary to ensure
compliance with the provisions of the Act, rules or any regulations made thereunder [Sec.
68(1)].
d) Power to direct any agency of the government to intercept any information transmitted
through any computer resource if it is necessary in the interest of the sovereignty or
integrity of India, security of state, friendly relations with foreign state etc. [Sec. 69(1)].
e) Power to issue directions for blocking the public access of any information through any
computer resource in the circumstances given under point No. 4 (Sec. 69A).
f) Power to authorize to monitor and collect traffic data or information through any
computer resource for cyber security (Sec. 69B).
g) Power to make regulations for carrying out the purposes of this Act after consultation
with the cyber regulatory advisory committee and previous approval of Central
Government. The regulations may pertain to the following :
h) Power to exercise himself or through an authorized officer the following powers which
are conferred on Income Tax Authorities under Chapter XIII of the Income Tax Act,
1961 :
To follow certain procedures regarding security system (Sec. 30). The Act has
laid down certain procedures relating to security system to be followed by the
certifying authority in the performance of its services. It must :
i. make use of hardware, software, and procedures that are secure from
intrusion and misuse ;
The above stated security procedures must ensure the achievement of 4 objectives of a security
system:
To ensure compliance of the Act (Sec. 31). The certifying authority must ensure
that every person employed or engaged by it complies with the provisions of the
Act, rules, regulations or order, made thereunder.
To display its licence (Sec. 32). The certifying authority must display its licence
at a conspicuous place in the premises in which it carries on its business.
To surrender its licence (Sec. 33). The certifying authority must surrender its
licence to the controller on its suspension or revocation.
According to Sec. 2(1)(tb) ‘Electronic Signature Certificate’ means “an electronic signature
certificate issued under section 35 and includes Digital Signature Certificate.” Digital Signature
Certificates are the electronic equivalent of physical or paper certificates (e.g., drivers’ licence,
passport, membership card etc.). There are basically 3 types of digital signature certificates :
Class I, Class II and Class III and each having different level of security.
A digital signature is deemed to be one of the strongest tools for cyber security. It serves the
following purposes:
It verifies the authenticity of the originator after any electronic message has been
created.
A digital message cannot be modified, altered or tempered with and any change to
the content will render the signature invalid. Hence, it ensures integrity and
confidentiality of the content.
Digital Signature Certificates are legally admissible in a court of law as per the
provisions of the IT Act and hence it serves as an evidence under the law and
signor cannot repudiate his act subsequently.
Date of expiry ;
Revocation of Digital Signature Certificate (Sec. 38). A certifying authority can revoke
a DSC under any of the following circumstances :
A DSC shall not be revoked unless the subscriber has been given an opportunity of being heard
in the matter [Sec. 38(1)]. Further, on revocation of a DSC under this section, the authority shall
communicate the same to the subscriber [Sec. 38(2)].
Where a DSC is suspended or revoked u/s 37 or u/s 38, the CA shall publish a notice of such
suspension or revocation in the repository specified in the DSC for publication of such notice
[Sec. 39(1)]. Further, where one or more repositories are specified, the CA shall publish notices
of such suspension or revocation in all such repositories.
Duties of Subscribers
Definition.
According to Sec. 2(1)(zg), “Subscriber” means a person in whose name the electronic signature
certificate is issued.
Sections 41 to 43 of Chapter VIII of Information Technology Act prescribe the following duties
of subscribers who have obtained the Digital Signature Certificate from some certifying
authority:
Generating Key Pair (Sec. 40). Where any DSC has been accepted by the subscriber, he
has a duty to generate the key pair consisting of public key to which private key of the
subscriber corresponds and which is to be listed in the digital signature certificate by
applying the security procedure prescribed under Section 16.
Duty of subscriber of Electronic Signature Certificate (Sec. 40A). In respect of
Electronic Signature Certificate the subscriber shall perform such duties as may be
prescribed [Inserted vide ITAA, 2008].
Acceptance of Digital Signature Certificate (Sec. 41). Acceptance of digital certificate
entitles him to the rights under it as well as imposes some obligations upon him. Sub-
sections 1 and 2 of Section 41 provide the following provisions relating to acceptance of
certificate by the subscriber :
the subscriber holds and is entitled to hold the private key corresponding to the public
key listed in the DSC.
all representations made by the subscriber to the CA and all information contained in the
DSC are true.
all information contained in the DSC that is within the knowledge of the subscriber is
true.
Sub-sections (1) and (2) of Section 42 lay down the following duties of the subscriber relating to
the control of private key :
Duty to exercise reasonable care to retain control of the private key corresponding to the
public key listed in the DSC.
Duty to take all steps to prevent disclosure of private key.
If the private key has been compromised (lost), duty to communicate the same to the
certifying authority without any delay.
In case of compromise of private key till such information is given to the certifying
authority, the subscriber shall continue to be liable [Explanation to Sec. 42(2)].
The internet has brought a massive revolution in the 19th century which can be equated with the
industrial revolution. The internet was launched for the purpose of communication between the
masses but within the few years only, it became one of the most important tools for the
communication for business transactions, governmental policies and social interaction. It has
provided the opportunities for the millions of people and brought liabilities in the field of
intellectual property, data privacy, etc.
The challenges that the law has faced in recent years is, how to foster the development of
intellectual property on the Internet while preventing its unauthorized use. We have addresses
for our homes and offices. In the same way, domain names are nothing but simple forms of
addresses on the internet. These addresses enable the users to locate websites on the net in
an easy manner. Domain name corresponds to various IP (Internet Protocol) numbers which
connect various computers and enable direct network routing system to direct data requests to
the correct addressee.
Cybersquatting and Domain Name Disputes, both are covered under Trademark Law. There are
so many instances of abusive domain name registration and infringement of trademarks on the
internet that law of trademark has extended its purview to domain names as well. Most of the
domain name disputes and cybersquatting cases are dealt under the passing off when there are
no specific provisions on the issue.
CYBERSQUATTING
Cybersquatting is a type of domain name dispute which is prevalent in the world. It is a practice
where individuals buy domain names reflecting the names of an existing companies, with a sole
intention to sell the names back to that company to attain profit when they want to set up their
own website.
There are various types of cybersquatting. Most commonly used is the typo squatting where a
cyber-squatter registers domain names containing variant of popular trademarks. Typo
squatters believe that the internet user will make the typographical errors while entering the
domain names into their web browsers.
DOMAIN NAME
Internet domain name is a combination of typographic characters used to describe the location
of a specific location online. It is known as the Uniform Resource Locator or URL. It is
considered the identity of a Web site. The Internet domain name is very important for the small
businesses who want to establish their name on internet. The two organizations cannot have
same domain names.1 Example – www.google.com ; www.yahoo.com, etc.
'WWW' means that site is linked to World Wide Web.
'google' is the name you choose to your site, and ideally is readily identifiable with your
organization name or core business.
'.com' is known as top-level domain name and it indicates that your organization name or
core business.
Sometimes '.in' is being used in place of '.com' that means that company is registered in
In the above example only google.com is being used shows search results from Global servers,
Google.co.in is more targeted to local Indian Market. You will always see difference in search
results for both cases on Google.co.in you will get results of more India related sites, who
primary operate in or for India specific.
The last two or three letters of a domain nameor URL (e.g.- .com, .in, .org ) are known as its
top-level domain. The top-level domain which are used earlier are for Example '.org' generally
describes a nonprofit, charity, or cultural organization site; '.gov' indicates a governmental site;
and .net, which is most often used by network-related businesses. Some other common top-
level domains are country codes, like .us for United States and .au for Australia, etc.
Domain name registration system2 started on the basis of the "First come First serve" basis. The
registrant authority which was initially the "Internic" did not take the responsibility for checking
the ownership of the name. Later when the internet became popular, large popular companies
wanted to enter the internet with their own websites and often found that the domain name they
were seeking had already been booked. So companies which wanted the same domain name
had to pay a price, which were sometimes unimaginable. This increasing cost of buying back of
domains resulted in 'Meta society' trade mark owners coming together and claiming that their
intellectual property rights on a registered trade mark should be extended to "domain name".
This has resulted in considering "Registration of Domain Names without the intention of using
them" as cybersquatting.
A Domain name serves the same purpose online, which a trademark serves in the offline
business transactions. It helps the customers identify the source of goods/services provided by
the owner of such goods and services. Therefore, Domain names are of utmost importance in
online businesses. They are important because of the following reasons:
Promotion of business and building up of customer base online and offline by way of
advertising on the web.
Establishment of the credibility of the website and the business on the internet.
Easy access to customers and prospective customers.
The existence of domain names without the requirement of the registration brought the concept
of "first come, first served". This has created the disputes among the owners of the trademark
because many speculators have started to register domain names in order to resell them for a
higher price to the trademark owners. The problem arose with the trademark owners because of
their entitlement to IP rights make them feel ripped off by this new practice named as
"cybersquatting".3 Thus, anyone who wishes to register a domain for the first time which is
trademarked can do so; whatever problems may arise will have to be faced later.4
The reason of the increase in the incidence is the growing importance of domain name in the e-
commerce trend. Domain name hold a good importance as there can be only one user of a
domain name unlike the trademark law where there can be two or more users of a same or
similar trademark for various classes of goods and services under the honest concurrent use if
such use does not amount to infringement or causing confusion or dilution. But this kind of
provision is not applicable in the case of domain names. Since, the domain registration system
follows the "first come, first served" policy. So, once a person registers a domain name similar
to a trademark, any other person using a similar mark is denied registration of another domain
name similar to that trademark. That means only one user is allowed to use a particular domain
name and any other application for the same domain name will be refused. This is the main
reason as to why trademark owners prefer to get their trademarks registered as their domain
names for business.
The cases of trademarks and domain names conflict mainly involve issues related to the use of
goodwill of a trademark by an infringer in the domain name to divert the potential customers of
the owner of the trademark to a website not associated with that trademark, or use of meta-tags
resulting in dilution of trademark or unauthorized registration of the trademark as domain name
with the intent to extort money or to prevent the owner from using the trademark.
The Cyber squatters quickly sell the domain names to other non-related entities, thereby
enabling passing off5 and diluting of famous trademark or trade names.6
The advent of the computer is one of such remarkable innovations because it has determined the
living culture of today’s humans. The individuals from every age group and the organization’s
functioning in any kind of industry have become users of computers. Rather than giving a narrow
definition to the term ‘computer’, Section 2(I)(i) the IT Act, 2000 was drafted in such a manner
to include all the kinds of processing devices, computer networks, storage, and software. It
includes mobiles, smart devices, cameras, e-readers, etc. This technology has become the soul
and essence of many activities happening in the world.
Though the invention of the computer has numerous benefits like data storage, transfer of
information, and effectively contributed to making human life easier, there are negative facets
involved with the same device which affect life miserably. Herein, the attention must be drawn
to the fact that negative facets are the results of the misuse by very limited people and have
nothing to do with the invention itself. The possibility of misuse imbibed with the computer has
taken various shapes and some of such activities that are criminal in nature are recognized as
‘cybercrimes’. This kind of crime has become a major area of concern across all the countries in
the world, especially India. This is because of the government’s active drive to achieve digital
emancipation in a country where digital unawareness and low literacy are known to exist. This
contrast between the state’s aim and present circumstances is directly creating opportunities for
cybercriminals. In light of the aforementioned significance, this article deals with the
punishments available in the Indian Penal Code, 1860 for various cyber crimes apart from what
was mentioned in the IT Act, 2000.
The term cybercrime was used for the first time in 1995 by Sussman and Heuston who were
renowned legal scholars. The term cybercrime was seen as a collection of conducts and acts
rather than a single notion. These conduct usually involve manipulation or infiltration into data
or computer systems which amounts to illegal activities. It is also familiar as e-crime, technology
crime, information related crime, etc. As the manipulation of computers usually happens through
computer networks i.e internet, the term ‘cybercrimes’ has evolved from ‘cyberspace’ which
denotes the internet. But cyberspace is not the only platform for the commission of cybercrime
but they have even been committed offline i.e software attacks etc. The strange element of
cybercrimes, when compared to general crimes, is that the perpetrator and the victim might never
have direct contact with each other. The victim for cybercrime might be chosen by the
perpetrator by considering certain factors like digital vulnerability, illiteracy, personal agenda,
etc. A cybercrime would affect the physical or economic sovereignty, data privacy, social
relations, etc of the individuals. For achieving these purposes, the cyber attackers usually choose
countries in which the laws and the technology are not developed to an extent that provide
mechanisms to catch and punish the perpetrators. As far as India is concerned, the IT Act, 2000
extensively deals with numerous cybercrimes and their punishments. Along with this, the Indian
Penal Code, 1860 also contains certain provisions which concern themselves with a number of
cybercrimes.
As far as the history of cybercrime is concerned, the first cybercrime was committed within the
year of computer invention by Charles Babbage i.e 1820. In that year, Joseph- Marie Jacquard,
who was a renowned textile manufacturer in France created a loom in order to repeat the activity
of weaving. As the labourers who worked in the factory and did the same activity manually
became concerned about the loom as it has threatened the existence of their jobs directly, they
sabotaged the loom thus committing a cybercrime. Though this is a raw form of cybercrime, the
mechanisms to commit a cybercrime have evolved to a dangerous extent in the last two
centuries.
Apart from punishments in IT Act, 2000, there are certain crimes that are attracted by IPC
provisions as well. The following is the enumeration of the IPC provisions along with various
cyber crimes that are attracted by respective Sections and the punishment for the same.
Section 292 of IPC: Although this Section was drafted to deal with the sale of obscene material,
it has evolved in the current digital era to be concerned with various cybercrimes. The
publication and transmission of obscene material or sexually explicit act or exploit acts
containing children, etc which are in electronic form are also governed by this section. Though
the crimes mentioned above seem to be alike, they are recognized as different crimes by the IT
Act and IPC. The punishment imposed upon the commission of such acts is imprisonment and
fine up to 2 years and Rs. 2000. If any of the aforementioned crimes are committed for the
second time, the imprisonment could be up to 5 years and the fine could be imposed up to Rs.
5000.
Section 354C of IPC: The cybercrime dealt with under this provision is capturing or publication
of a picture of private parts or acts of a woman without such person’s consent. This section
exclusively deals with the crime of ‘voyeurism’ which also recognizes watching such acts of a
woman as a crime. If the essentials of this Section (such as gender) are not satisfied, Section 292
of IPC and Section 66E of IT Act, 2000 is broad enough to take the offenses of a similar kind
into consideration. The punishment includes 1 to 3 years of imprisonment for first-time offenders
and 3 to 7 years for second-time offenders.
Section 354D of IPC: This section describes and punishes ‘stalking’ including both physical and
cyberstalking. If the woman is being monitored through electronic communication, internet, or
email or is being bothered by a person to interact or contact despite her disinterest, it amounts to
cyber-stalking. The latter part of the Section states the punishment for this offense as
imprisonment extending up to 3 years for the first time and 5 years for the second time along
with a fine imposed in both the instances. In the case of Kalandi Charan Lenka v. The State of
Odisha (also State of Tamil Nadu v. Suhas Katti) , the victim received certain obscene messages
from an unknown number which are damaging her character. Moreover, emails were sent and the
fake Facebook account was created by the accused which contained morphed pictures of the
victim. Hence, the accused was found prima facie guilty for cyberstalking by the High Court
under various provisions of IT Act and Section 354D of IPC
Section 379 of IPC: If a mobile phone, the data from that mobile or the computer hardware is
stolen, Section 379 comes into the picture and the punishment for such crime can go up to 3
years of imprisonment or fine or both. But the attention must be given to the fact that these
provisions cannot be applied in case the special law i.e IT Act, 2000 provisions are attracted. In
this regard, in the case of Gagan Harsh Sharma v. The State of Maharashtra, one of the
employers found that the software and data were stolen and someone has breached the computers
and gave access to sensitive information to the employees. The employer gave information to the
police and they filed a case under Section 379, 408, and Section 420 of IPC and various other IT
Act provisions. The question in front of the court is whether the police can file a case under IPC
or not. The court decided that the case cannot be filed based on the IPC provisions as the IT Act
has an overriding effect.
Section 411 of IPC: This deals with a crime that follows the offenses committed and punished
under Section 379. If anyone receives a stolen mobile phone, computer, or data from the same,
they will be punished in accordance with Section 411 of IPC. It is not necessary that the thief
must possess the material. Even if it is held by a third party knowing it to be others, this
provision will be attracted. The punishment can be imposed in the form of imprisonment which
can be extended up to 3 years or fine or both.
Section 419 and Section 420 of IPC: These are related provisions as they deal with frauds. The
crimes of password theft for the purpose of meeting fraudulent objectives or the creation of
bogus websites and commission of cyber frauds are certain crimes that are extensively dealt with
by these two sections of IPC. On the other hand, email phishing by assuming someone’s identity
demanding password is exclusively concerned with Section 419 of IPC. The punishments under
these provisions are different based upon the gravity of the committed cybercrime. Section 419
carries a punishment up to 3 years of imprisonment or fine and Section 420 carries up to 7 years
of imprisonment or fine.
Section 465 of IPC: In the usual scenario, the punishment for forgery is dealt with in this
provision. In cyberspace, the offenses like email spoofing and preparation of false documents are
dealt with and punished under this Section which imbibes the imprisonment reaching up to 2
years or fine or both. In the case of Anil Kumar Srivastava v. Addl Director, MHFW, the
petitioner electronically forged signature of AD and later filed a case making false allegations
about the same person. The Court held that the petitioner was liable under Section 465 as well as
under Section 471 of IPC as the petitioner also tried to use it as a genuine document.
Section 468 of IPC: If the offenses of email spoofing or the online forgery are committed for the
purpose of committing other serious offenses i.e cheating, Section 468 comes into the picture
which contains the punishment of seven years of imprisonment or fine or both.
Section 469 of IPC: If the forgery is committed by anyone solely for the purpose of disreputing
a particular person or knowing that such forgery harms the reputation of a person, either in the
form of a physical document or through online, electronic forms, he/she can be imposed with the
imprisonment up to three years as well as fine.
Section 500 of IPC: This provision penalizes the defamation of any person. With respect to
cybercrimes, sending any kind of defamatory content or abusive messages through email will be
attracted by Section 500 of IPC. The imprisonment carried with this Section extends up to 2
years along with fine.
Section 504 of IPC: If anyone threatens, insults, or tries to provoke another person with the
intention of effecting peace through email or any other electronic form, it amounts to an offense
under Section 504 of IPC. The punishment for this offense extends up to 2 years of
imprisonment or fine or both.
Section 506 of IPC: If a person tries to criminally intimidate another person either physically or
through electronic means with respect to the life of a person, property destruction through fire or
chastity of a woman, it will amount to an offense under Section 506 of IPC and punishment of
imprisonment where the maximum period is extended up to seven years or fine or both.
Section 509 of IPC: This Section deals with the offense of uttering a word, showing a gesture,
and committing an act that has the potential to harm the modesty of a woman. It also includes the
sounds made and the acts committed infringing the privacy of a woman. If this offense is
committed either physically or through electronic modes, Section 509 gets attracted and the
punishment would be imprisonment of a maximum period of one year or fine or both.
Conclusion
As we already know for a fact that the IT Act, 2000 has an overriding effect over the IPC
provisions while governing the cybercrimes, there are a lot of instances where IPC provisions are
applied based on the subjective circumstances of every case. Though some people feel that IPC
should not have a realm to govern cybercrimes, there are numerous cybercrimes that are not
extensively dealt by the IT Act, 2000. Hence, after the due amendments are made to the IT Act
which contains with respect to every cybercrime, then the IPC can be withdrawn from governing
in the domain of cybercrimes.
Section 46 of Information Technology Act, 2000
Power to adjudicate
(1) For the purpose of adjudging under this Chapter whether any person has committed a
contravention of any of the provisions of this Act or of any rule, regulation, 51 [direction or
order made thereunder which renders him liable to pay penalty or compensation] the Central
Government shall, subject to the provisions of sub-section (3), appoint any officer not below the
rank of a Director to the Government of India or an equivalent officer of a State Government to
be an adjudicating officer for holding an inquiry in the manner prescribed by the Central
Government.
52 [(1A) The adjudicating officer appointed under sub-section (1) shall exercise jurisdiction to
adjudicate matters in which the claim for injury or damage does not exceed rupees five crore:
Provided that the jurisdiction in respect of the claim for injury or damage exceeding rupees five
crore shall vest with the competent court.]
(2) The adjudicating officer shall, after giving the person referred to in sub- section (1) a
reasonable opportunity for making representation in the matter and if, on such inquiry, he is
satisfied that the person has committed the contravention, he may impose such penalty or award
such compensation as he thinks fit in accordance with the provisions of that section.
(3) No person shall be appointed as an adjudicating officer unless he possesses such experience
in the field of Information Technology and legal or judicial experience as may be prescribed by
the Central Government.
(4) Where more than one adjudicating officers are appointed, the Central Government shall
specify by order the matters and places with respect to which such officers shall exercise their
jurisdiction.
(5) Every adjudicating officer shall have the powers of a civil court which are conferred on the
Cyber Appellate Tribunal under sub-section (2) of section 58, and-
(a) all proceedings before it shall be deemed to be judicial proceedings within the meaning of
sections 193 and 228 of the Indian Penal Code (45 of 1860);
(b) shall be deemed to be a civil court for the purposes of sections 345 and 346 of the Code of
Criminal Procedure, 1973 (2 of 1974);
53 [(c) shall be deemed to be a civil court for purposes of Order XXI of the Civil Procedure
Code, 1908 (5 of 1908).]
Cyber Appellate Tribunal: Section 62
Cyber Appellate Tribunal has been established under the Information Technology Act under the
aegis of Controller of Certifying Authorities (C.C.A.).
The first and the only Cyber Appellate Tribunal in the country has been established by the
Central Government in accordance with the provisions contained under Section 48(1) of the
Information Technology Act, 2000.
The Cyber Appellate Tribunal has, for the purposes of discharging its functions under the I.T.
Act, the same powers as are vested in a civil court under the Code of Civil Procedure, 1908.
However, the procedure laid down by the Code of Civil Procedure, 1908 applies but at the same
time the Tribunal is guided by the principles of natural justice.
Initially the Tribunal consisted of only one person who was referred to as the Presiding Officer
who was to be appointed by way of notification by the Central Government. Thereafter the Act
was amended in the year 2008 by which section 49 which provides for the composition of the
Cyber Appellate Tribunal has been changed. As per the amended section the Tribunal shall
consist of a Chairperson and such number of other Members as the Central Government may by
notification in the Official Gazette appoint. The selection of the Chairperson and Members of the
Tribunal is made by the Central Government in consultation with the Chief Justice of India. The
Presiding Officer of the Tribunal is now known as the Chairperson.
The Central Government may by notification in the Official Gazette appoint a Controller of
Certifying Authorities, and also Deputy and Assistant Controllers whose qualifications,
experience and terms and conditions of service may be prescribed by the Government, for
discharging the functions provided under section 18 of The Act. The Act empowers the Central
Government to appoint an officer not below the rank of a Director to the Government of India or
an equivalent officer of a State Government to be an adjudicating officer to hold an enquiry as
to whether any person has contravened any provisions of the Act or any rule, regulation or
direction or order made there under which renders him liable to pay penalty or compensation.
The adjudicating officer appointed under the Act can exercise jurisdiction to adjudicate matters
in which the claim for injury or damages does not exceed rupees 5 crore. In respect of claim for
injury or damage exceeding rupees five crores, the jurisdiction shall vest with the competent
court.
Cryptography and its Types
Cryptography is technique of securing information and communications through use of codes so
that only those person for whom the information is intended can understand it and process it.
Thus preventing unauthorized access to information. The prefix “crypt” means “hidden” and
suffix graphy means “writing”.
In Cryptography the techniques which are used to protect information are obtained from
mathematical concepts and a set of rule based calculations known as algorithms to convert
messages in ways that make it hard to decode it. These algorithms are used for cryptographic key
generation, digital signing, verification to protect data privacy, web browsing on internet and to
protect confidential transactions such as credit card and debit card transactions.
1. Confidentiality:
Information can only be accessed by the person for whom it is intended and no other
person except him can access it.
2. Integrity:
Information cannot be modified in storage or transition between sender and intended
receiver without any addition to information being detected.
3. Non-repudiation:
The creator/sender of information cannot deny his or her intention to send information at
later stage.
4. Authentication:
The identities of sender and receiver are confirmed. As well as destination/origin of
information is confirmed.
Types Of Cryptography:
In general there are three types Of cryptography:
2. Hash Functions:
There is no usage of any key in this algorithm. A hash value with fixed length is
calculated as per the plain text which makes it impossible for contents of plain text to be
recovered. Many operating systems use hash functions to encrypt passwords.
The Caesar Cipher technique is one of the earliest and simplest method of encryption
technique. It’s simply a type of substitution cipher, i.e., each letter of a given text is replaced
by a letter some fixed number of positions down the alphabet. For example with a shift of 1,
A would be replaced by B, B would become C, and so on. The method is apparently named
after Julius Caesar, who apparently used it to communicate with his officials.
Thus to cipher a given text we need an integer value, known as shift which indicates the
number of position each letter of the text has been moved down.
In the Rail fence cipher, the plaintext is written downwards diagonally on successive "rails"
of an imaginary fence, then moving up when the bottom rail is reached, down again when the
top rail is reached, and so on until the whole plaintext is written out. The ciphertext is then
read off in rows. For example, to encrypt the message 'WE ARE DISCOVERED. RUN AT
ONCE.' with 3 "rails". N is number of rails – decryption.
Substitution ciphers are probably the most common form of cipher. They work by replacing
each letter of the plaintext (and sometimes puntuation marks and spaces) with another letter
(or possibly even a random symbol).