Law Project Topics

A Critical Analysis of the Cybercrime Law in Nigeria

A Critical Analysis of the Cybercrime Law in Nigeria

CHAPTER ONE

OBJECTIVES

The principal purpose of this study is to evaluate the cybercrime law in Nigeria with the main focus being the recently enacted Cyber-crime Act 2015 for the regulation of cybercrime activities in Nigeria.  The study takes a subjective look at the attributes of cybercrime laws and certain challenges the cybercrime act and laws face such as: what constitutes a cyber-crime, who do you call when a cybercrime occurs, who enforces this act-the police or a special force, and how prepared are these officials?.  Further analysis will amongst other things:

  • Discuss the Nature and Types of Cybercrime;
  • Assess the controversial provisions of the cybercrime Act 2015;
  • Examine and analyze key provisions of the Cybercrime Act 2015;
  • Suggest and recommend effective ways and methods on how cyber-crimes can be tackled in Nigeria.

CHAPTER TWO

HISTORICAL BACKGROUND OF CYBER-CRIME

THE UNITED KINGDOM

The very first example of a computer being used “hack” was the Enigma Machine created by a certain Alan Turing, the godfather of modern day computer science.  The first large scale attacks were first seen in 1989 when $70 million was stolen from the First National Bank of Chicago.[1] This shocked the world and triggered the Computer Misuse Act 1990 to be passed as law in the UK. The act criminalized any unauthorized access to computer systems and was a big step in attempting to halt cybercrime.

In more recent years, cybercrime has posed a massive threat to national security, with groups like Anonymous and Lizard Squad becoming more and more powerful. As cybercrime becomes more of an issue many organizations seek to protect themselves using courses to train employees in the very real risks of the online world.[2]

In the U.K, cybercrime has risen in prominence and is still difficult to measure and this led to the officer of national statistics to conduct a survey in England and Wales asking people about their personal experience with fraud, viruses, and online crime.  From the response given, the Officer of National Statistics estimated that there were 5.6 million fraudulent activities and computer misuse crimes. The figures display that bank account fraud, for example Phishing, was the most common type of online crime with 2.4 million instances in the year 2016 to June.  [3]Victims of these cybercrimes were unlikely to report the incident to the authorities, only a very few made it to the special force created for battling cybercrime in the U.K known as ‘Action Fraud[4]

In the U.K there are various kinds of cybercrime activities that take place and affect both the consumers and businesses such as[5];

Consumers

  • Phishing: bogus emails asking for security information and personal details
  • Webcam manager: where criminals takeover your webcam
  • File hijacker: where criminals hijack files and hold them to ransom
  • Key logging: where criminals record what you type on your keyboard
  • Screenshot manager: allows criminals take screenshots of your computer screen
  • Ad clicker: allows a criminal to direct a victim’s computer to click a specific link

Business

  1. Hacking
  2. Distributed Denial of Service (DDOS) attacks

Micro Trend in 2011 highlighted some major cybercriminal threats which U.K businesses should not only be aware of but should also take steps to protect and prevent these cybercrime breaches.  These include;

  • Business Email Compromise schemes, where hackers typically target companies that work with foreign partners and take part in wire transfers on a consistent basis. Here, executives’ email accounts are compromised and then leveraged to encourage other employees to send considerable amounts of money to hackers’ foreign accounts via the previously mentioned wire transfers.
  • Distributed denial of service, or DDoS, attacks, where a company’s website is bombarded by network traffic originating from hackers. The aim here is to over exceed the website’s supporting capacity, significantly slowing the platform’s performance or making it completely unavailable. This prevents clients and customers from reaching the business via its online resources.
  • Ransom ware is also a main pain point in the U.K., where important files are locked via encryption, and a ransom is demanded by cyber criminals in return for the decryption key. These types of attacks have become a rising threat to the world, and can be incredibly dangerous, particularly in the enterprise sector.[6]In 2015, making it larger than all other kinds of crime.  The U.K government vowed to look at new ways to protect businesses and make the UK more resilient to cyber-attacks and crime.

 

CHAPTER THREE

ANALYSIS OF THE KEY PROVISIONS OF THE RECENTLY ENACTED CYBER-CRIME ACT, 2015

This chapter is mainly going to analyze the key provisions of the recently enacted cyber-crime Act, 2015 which include;

  • Section5 (1), (2), (3) which provides for the offences and penalty against critical national information.
  • Section 7 (1) which provides for registration of cyber-café
  • Section 18 (1) which provides for cyber-terrorism
  • Section 45 which provides for the power of arrest, search, and seizure
  • Section 47 which provides for the prosecution of offences
  • Section 48 (1), and (4) which provides for the order of forfeiture of assets
  • Section 50 which provides for the jurisdiction of courts relating to cyber-crime in Nigeria.

Offences and penalty against critical national informationSection 3 (1) and 5 (1), (2), (3)

In view of the critical and damaging effect of cybercrimes on the state of security and financial health of a nation, the cybercrime act in section 3(1) empowers the President on the recommendation of the National Security Adviser designate by order published in the Federal Gazette certain computer systems, networks and information infrastructure vital to the national security of Nigeria as well as her economic and social being, as constituting Critical National Infrastructure. By section 4 of the Act, the presidential order may require the office of the National Security Adviser to audit and inspect any Critical National Information Infrastructure at any time to ensure compliance with the provisions of the Act. Pursuant to the above, the Act prescribes different penalties for any contravention of the provisions of the Act pertaining to Critical National Information Infrastructure ranging from 10 years without option of fine, 15 years without the option of fine to life imprisonment this is provided for in section 5 (1)(2) and(3) of the Act.[1]

The cybercrime act attempted to cover a number of pressing issues on ground as it relates to cybercrime in Nigeria and also considering the possible events of attacks on the national information infrastructure as the security of a state and its information are always common targets for cyber criminals.  This allows the president to decide what computer systems or networks would be detrimental to the security of the country and to also keep such computer and network infrastructure under investigation and in custody of the national security adviser. It empowers the state or country to take action over any network or computer infrastructure which is likely to compromise the security of the nation.  However, this could result to the government having too much control which would lead to a violation of numbers of international and domestic laws of human rights such as the international covenant on civil and political right (ICCPR) in which Nigeria is a signatory to this covenant. [2]  This focuses on right to privacy, right to freedom of speech, expressions and religion as it is also enshrined in Chapter IV s33, s34, s35, s37, s338, s39, of the 1999 constitution of the federal republic of Nigeria.[3]

Unlawful Access to a computer system—section 6 (1)

“Any person, who without authorization, intentionally accesses in whole or in part, a computer system or network for fraudulent purposes and obtain data that are vital to national security, commits an offence and shall be liable on conviction to imprisonment for a term of not more than 5 years or to a fine of not more than N5, 000,000.00 or both fine and imprisonment.”[4]

This sections cover to a large extent what is in today’s Nigerian society a pressing issue of fraudulent activities taking place online and other online hackers who divert vital critical information or steal other people’s identity.  However this law seems to be more sensitive to national security threats using words like “Classified”, “National Infrastructure” than social and human rights violation and criminal offence taking place on social media and other social networking platforms because a single individual can have multiple accounts and engage in various crimes online such as stalking, terrorist threats, online sale of child pornography, spams, cyber bullying and spreading of viruses among others.

CHAPTER FOUR

CRITICAL ANALYSIS OF THE CONFLICTING AND CONTROVERSIAL PROVISIONS OF THE CYBER-CRIME ACT, 2015

These are the controversial provisions of the cyber-crime act;

  1. cybercrime act and the registration of cybercafés
  2. mandatory winding up and forfeiture of assets
  3. lawful interception of communication
  4. cyber security fund
  5. cancellation of international passports

Cybercrime act and the registration of cybercafés

The cybercrime act has made it compulsory for cyber cafes in Nigeria to hold and maintain a registry of its users and also register with the computer professional’s registration council (CPRC).[1]

This provision of the Act puts unnecessary responsibility on cyber café businesses.  The reason for the requirement of registration is to create a data base of the users of computer systems in cyber cafes for easy tracking, monitoring and tracing online criminal activities.

The mandatory sign in register by cyber cafes creates a potential risk for private citizens and individuals who their personal information could be compromised and sold to different commercial entities or other persons.[2]

Mandatory winding up and forfeiture of assets

The cybercrime Act 2015 further provides that where a body corporate is charged and found guilty of an offence under the act, the court can order for its winding up and forfeiture of its assets to be forfeited to the government. [3]

One of the principles of criminal law and penal theory is that the punishment should be proportionate to the crime.  This provision itself does not send a good message to foreign investors who are looking to exploit the opportunities that the information computer technology has to offer.  The forfeiture of assets to the government does not ensure a safe environment for investors and other companies and does not take into consideration the company creditors and shareholders who have stakes in the company.

Lawful interception of communication

Under certain circumstances, the judge of a federal high court may order network service providers to intercept, collect, record, permit or assist competent authorities with the collection or recording of content data or traffic.[4]  The issue with this law is that it seems to be violating a basic human right that is accorded to us by the Nigerian constitution in chapter IV and other international laws and treaties.

This particular provision is in direct conflict with section 37 of the 199 constitution which provides that ‘the privacy of citizens, their homes, correspondence, telephone conversations, and telegraphic communications is hereby guaranteed and protected’[5]

Cyber security fund;

The law establishes the national cyber-security fund and creates a levy of ‘0.005’ of all electronic transactions of;

  • Gsm service providers and all telecommunication companies,
  • Internet service providers,
  • Banks and other financial institutions,
  • Insurance companies ,
  • Nigerian stock exchange,

This turns out to be an added cost and taxes on the businesses that have an annual turnover of one hundred million naira (N100, 000,000) are already supposed to pay a fee of one percent (1%) of their annual profit before tax to the National Information technology Development fund.

CHAPTER FIVE

CONCLUSION AND RECOMMENDATIONS

SUMMARY/FINDINGS

This work has been able to analyze the opinion, views and writings of various authors, and scholars on cybercrime.  Additionally, the history of cybercrime provides a better understanding of cybercrime and its roots in various countries like the United States of America, the United Kingdom, and the federal republic of Nigeria in which the categories of cybercrime as it affects the person, government, society at large, and property.  This work further examines the cybercrime activities that are rampant in the Nigerian society such as; ATM Fraud, piracy, hacking, email Scams, cyber terrorism, cyber stalking, cyber terrorism, internet pornography, and phishing.

Also, the work examined the previous legislation on cybercrime in Nigeria prior to the Cybercrime Act 2015 such as the computer and infrastructure bill of 2005, and the cyber security bill of 2011 (now cybercrime bill 2013) followed by a  critical analysis of the Cybercrime Act 2015.

Finally an attempt was made to examine and analyze both the legal framework of cybercrime in other jurisdictions such as the United States of America and the United Kingdom and looked at the international perspective on combatting cybercrime.

FINDINGS

  • Cybercrimes against persons, property, government and the society at Large would constitute cybercrimes;
  • The Cybercrime (prohibition and prevention) Act, 2015 largely provides for offences against the government infrastructures, social use of the cyberspace;
  • The Act further provides for protection of national information infrastructure, and cancellation of passports which are in conflict with chapter iv of the 1999 constitution;
  • The Act empowers Law Enforcement officers to apply to a judge for issuing out a warrant for the purpose of obtaining electronic evidence in s.45(1)

CONCLUSION

Computer or cybercrime does have a huge drastic effect on the world today and leaving the private information of individuals on the cyberspace vulnerable to various forms of cyber-attacks.  Nigeria has been criticized for dealing with the issue of cybercrime inadequately due to enforcement agencies not being well equipped or having the necessary computer training, intelligence, and infrastructure and computer skills to enforce these laws on cybercrime.  The previous legal regimes on cybercrime activities proved inadequate to combat cybercrime in Nigeria.  However, the recent enactment of the cybercrime Act 2015 is a huge step toward combating cybercrimes as it has made and prescribed punishments and penalties for certain acts which would constitute offences under the Act such as; unlawful access to computers, unlawful interceptions of communications, unauthorized modification of data, misuse of data, system interference, intercepting electronic messages, emails, e-money transfer, tampering with critical infrastructure, computer related fraud, computer-related forgery, among others, as offenses that are punishable under the Act. Theft of electronic devices, electronic signature, child pornography and related offences, racism and xenophobic offences are also punishable under the Act. It also provided for cyber-stalking, cybersquatting and cyber-terrorism as offences.

In combatting cybercrime activities in Nigeria, there is need for the development of education curriculum and human capacity to enable individual more computer or tech savvy. The cybercrime Act, provides enough grounds for the enforcement of its laws in section 45 (2) (e) – (f)[1] but the question is how prepared are the enforcement agencies in tackling these cybercrimes, how fast can they respond and to what extent are they efficient.

Universities and other institutions running a law program should design their curriculum to include the necessary training or course such as the application of ICT to law, for the next generation of lawyers, judges, and law enforcement bodies to be more aware and conscious of cybercrime and its effects.

RECOMMENDATIONS

It is relevant at this point for there to be effective regulation and enforcement of the cybercrime Act 2015. Suggested reforms include but not limited to;

  1. establishment of an enforcement body different from the Nigerian police force saddled with the responsibility of tackling, tracking, investigating, and intercepting anticipated cyber-attacks on computer systems, networks, or devices that are designated as national information infrastructure,
  2. The enforcement body would also have as part of its mandate to monitor the activities of social media for any threat to the peace and security of the nation or threat to the lives of citizen on social media e.g. Cyber bullying, cyber terrorism
  3. Enforcement agencies should develop policies and protocols for handling cybercrime investigations and what to do in case where the security of the nation or organization is about to be compromised,
  4. Funds gotten from cybercriminal activities should be put into the National information technology development fund (NITDF) in the country such as ICT learning centers, police ICT training and creating awareness on steps in preventing and protecting ones system from cyber-attacks and harm.
  5. Ensuring that the enforcement officers and investigators understand the importance of digital evidence and how it is processed, stored, and its admissibility in the Nigerian courts according to section 84 Evidence Act as it was in Federal Republic of Nigeria v Abdul.

REFERENCES

  • Harpreet Singh Dalla, Ms.Geeta, ‘Cyber-crime-a threat to persons, property, government, and societies’ [2013] (3) (5) International journal of advanced research in computer science and software engineering; 997
  • Patrick Scott, The Telegraph, ‘How much of a problem is cybercrime in the U.K’ (2016) <http://www.telegraph.co.uk/news/2016/11/01/how-much-of-a-problem-is-cyber-crime-in-the-uk/ >Accessed 06 January 2017
  • Sc Staff, ‘New Laws Include Life sentence and Hanging for cybercrime’ U.K Magazine (London, 2015), <https://www.scmagazineuk.com/new-laws-include-life-sentence-and-hanging-for-cyber-crime/article/537371/ >accessed 07 January 2017
  • Taboola ‘Cyber Terrorism and Nigeria’s Economy’, Vanguard (2011), <http://www.vanguardngr.com/2011/11/cyber-terrorism-and-nigeria%E2%80%99s-economy/ >Accessed 14 February 2017
  • Editorial, ‘Cyber Terrorism Hits Nigeria’, The New African Press (2017), <https://newafricanpress.com/2010/09/25/cyber-terrorism-hits-nigeria/ >Accessed 15 February 2017
  • Toyin Ogunseinde, ‘Analysis: Nigeria Cybercrimes Act 2015: what are the issues’ Technology Times (Lagos, 2015) <http://technologytimes.ng/analysis-nigeria-cybercrimes-act-2015-issues/ > accessed 03 March 2017
  • Iroegbu, ‘Nigeria Loses over N127 bn annually through cybercrimes’ This Day Live (Lagos 2016) <http://www.thisdaylive.com/index.php/2016/04/19/nigeria-loses-over-n127bn-annually-through-cybercrime/ > accessed 04 January 2017