An Analysis of Legal Framework on Combating Cybercrime in Nigeria
Chapter One
Aim and Objectives
The cardinal objective of the research work is to
- Find answers, or solutions to the problems as highlighted under paragraph 1.2 above, this will be done by assessing and analyzing the regulatory frameworks’ role in combating cybercrime computer-related acts including physical damage to computer systems stored data, unauthorized use of computer systems and the manipulation of electronic data computed related fraud, and software piracy which have been recognized as criminal offences. This study sought to assess cybercrime and its impact in Nigeria. It also examined the existing policy framework and assessed the success of institutional countermeasures in combating cybercrime in Nigeria20.
- To examine and appraise selected court decisions to understand better, the critical role of the judiciary (Courts), and analyze the efficiency of the law enforcement agencies and other administrative machinery in dealing with, and preventing of cybercrime offences and proffer necessary recommendations for the proper enforcement and implementation of the penalties on the cybercrime
- The research attempts to provide an overview of cybercrime, cyber security, and the Concept of National Security. It defines the concept of cybercrimes and identifies reasons for cybercrime and its eradication. It looks at those involved and the reasons for their involvement in methods of stepping up cyber security In light of the above, the research would conduct an x-ray of the Cyber Crime Act 2015 enacted by the 7th National Assembly, which provided a legal framework for the prohibition, prosecution, prevention and punishment of electronic fraud and cybercrimes, to prepare the minds of stakeholders in the ICT regime and general public on the content of the Act21.
- Finally to conduct a survey into other possible ways which may most likely present appreciable modes of curbing computer-related offences in Nigeria by concluding with some findings and recommendations.
CHAPTER TWO
THE CONCEPT OF CYBERCRIME
INTRODUCTION
Today‟s world is a world of information explosion. This information explosion is taking place in such a fast speed that even a literate person is feeling as if he or she is illiterate being not able to cope up with such an information explosion. Here the question arises how is one to cope up with it? The answer is, Information Technology (IT) that can help in coping with the information explosion, by the use of internet to source for information44. The concept of cybercrime is historical with the advent of information and communication technology, massive digitalization and unprecedented interconnectivity provided by the internet has been a boon to students, doctors, teachers, lawyers, businessmen and criminals. Historical antecedent shows that unauthorized access, damage to property, theft and distribution of obscene and indecent materials are all considered as familiar cybercrimes45. This chapter shall be focusing on the clarification of the concept of cybercrime, concept of cyber security and concept of National security.
Meaning of Cybercrime
Technical experts, police, lawyers, criminologists, and national security experts understand the concept of „cyber crime‟ differently, in order to understand the Cyber crime at conceptual level, it is essential to scrutinize the definitional aspects of the word „Cybercrime‟. In this portion, some of the definitions are verified. Cybercrime must be a terminology that crept into the lexicon of our criminal jurisprudence at the advent of the internet as observed earlier.46 However, cybercrimes could mean the terms “Computer Crimes” and “Cybercrime”47. Computer crime or cybercrime is any crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target net crime of criminal exploitation of the internet, inherently a cybercrime. Cybercrime uses the unique features of the net–sending of e-mails in seconds, speedy publications/disseminations of information through the web to anyone on the planet. Computer attacks can be generated by the criminals from anywhere in the world, and executed in other areas, irrespective of geopolitical location. Often, these criminal activities can be faster, easier and more damaging with the use of internet48.
The 10th United Nation Conference on the punishment of offences, cybercrime was broken into two categories and thus defined as;
- in a narrow sense, as any illegal behaviour directed by means of electronic operations that target the security of computer system and data processing by them and
- In a broader sense, as any illegal behaviour committed by means of or in relation to a computer system or network including such crimes as illegal possession and offering or distributing information by means of a computer system or networks49.
Cybercrime, is a broad notion, in literature all kind of definition can be found of computer crime, computer-related crime, internet, etc., including discussions what about which specific crimes should be considered as such, modern definitions of cybercrime describe cybercrime as concerning any crime for the commission of which the use of the internet was essential. This implies that even offences that do not include an explicit reference to information communications technology (ICT) or to the electronic environment, can nevertheless be considered as such if the criminal conduct was directed against other computers or where the facilities of the internet were used to disseminate or retrieved information “essential” means that ICT or the electronic environment is an essential element of the criminal conduct A murder in the computer room would not qualify as such.50
Under the notion of cybercrime, all kind of subcategories can be distinguished, including their refinement and details. The cybercrime Convention 2001, that adopted the notion of cybercrime, does not provide a definition but distinguished in its substantive law part four categories of the cybercrime;
CHAPTER THREE
AN ANALYSIS OF LEGAL REGIME IN COMBATING CYBER CRIME
INTRODUCTION
The Internet has turned into a complex and challenging, if not menacing, gateway where criminal activities have progressed to attacks which are targeted and sophisticated. “Organised crime groups and cyber criminals are working together seamlessly, moving between the real world and virtual environments.135 The domains of modern activities have extended beyond the turfs of land, sea, air and space to include the cyberspace. In this new environment there are immense endowments deployable for the economic activities, development and governance. Deviants have also leveraged on assets of the cyberspace to commit crimes and compromise national security. The nature and character of these crimes pose serious challenges for regulators across the world. To curb the menace of rogue activities in cybercrime, at international, regional and national level, strategies have been formulated. This chapter shall discuss the legal regimes in combating cybercrime at the international, regional and national level.
LEGAL FRAMEWORK BASED ON INTERNATIONAL STANDARDS
United Nations Office on Drugs and Crimes136
The United Nations has undertaken several important approaches to address the challenge of cybercrime. While in the beginning its response was limited to general guidelines, the organization has in recent times dealt more intensively with the challenges and legal response.
CHAPTER FOUR
ISSUE AND CHALLENGES IN COMBATING CYBERCRIME
Introduction
Recent developments in ICTs have not only resulted in new cybercrimes and new criminal methods, but also new methods of investigating cybercrime. Advances in ICTs have greatly expanded the abilities of law-enforcement agencies. Conversely, offenders may use new tools to prevent identification and hamper investigation which poses lot challenges in the cyber realm. This chapter focuses on the law enforcement and other security body‟s skills, knowledge, techniques for effective investigations in curbing cybercrime, the role of judiciary in the admissibility of electronic evidence in cyber crime cases and the challenges of fighting cybercrime.
CHAPTER FIVE
SUMMARY AND CONCLUSION
Safeguarding the sovereign, independence and territorial integrity of the state was the central pillar of Nigerian national security policy. Other guiding principles were African unity and independence, nonintervention in the internal affairs of other states, and regional economic development and security cooperation. Subordinate goals included military self- sufficiency and regional leadership. In pursuing these goals, Nigeria was diplomatic and flexible, but it employed coercive methods or measured force when necessary. Nigeria was an active participant in the United Nations (UN), African Union (AU), and ECOWAS. Being an issue of national priority in Nigeria, cyber security is now elevated to the level of being handled by the Presidency through the Office of the National Security Adviser (ONSA). A reflection of these could be seen in the presentation of the National Cyber Security Policy and Strategy drafts by the above-mentioned office. From the above postulation, it is observed that national security is not restricted only to weapons and military preparedness but encompasses political, social and economic well-being of the people. As such, any threats to any of these constitute a threat to national security. Nigeria is interestingly at a defining moment in the establishment of a cyber-security policy and strategy framework. This is only an aspect of the numerous processes in their developmental stages concerning national security. Every country should have sufficient legislative and judicial capabilities to combat cybercrime and such laws must be harmonious among different countries; since they protect the common interest. It is the considered view of the researcher, that if the result of the cybercrime occurs upon more than one country and in case there is an extradition treaty among the criminal’s country and the countries on its territories the crime has been committed, then the criminal should be extradited to country more affected by the crime, and in case the extent of damages is equal, then the priority should be given to the country that asked for extradition in an earlier date. Cybercriminal activity has increased dramatically in recent years and can now be considered an omnipresent, even global menace that will continue to affect each and every one of us. Hardly a day goes by without cyber-related incidents hitting the headlines of Nigeria‟s most renowned newspapers, magazines and blogs. Cybercrime is one of the fastest growing areas of crime and has adopted many carefully crafted disguises to damage information systems. With regards to its impact, cybercrime is known to cause both tangible and intangible damages.
In this work, we highlighted an analysis of international, regional and national regulatory responses to cyber crime and cybersecurity in both developed and developing countries. It highlights the limits and challenges of these regulatory responses in the promotion of cybersecurity and explores several regulatory measures to address the highlighted challenges with a view to promoting global cybercrimes. The research suggests several regulatory measures to enhance global cybersecurity and also emphasizes the need for the collective responsibility of states for global cybersecurity. Proper legislation is the foundation for the investigation and prosecution of cybercrime. The efforts of the government in dealing with cyber-threats must therefore be applauded as a demonstration of its desire to stem the tide of deterioration arising from the effect of such threats on the country‟s national security, economy of Nigeria, and individual and corporate of lives of Nigerians. In this connection, it is necessary to stress that the legislative, policy and institutional measures to tackle such crimes as money laundering, cybercrimes, intellectual property violation and other computer related offences which constitute threats to the Nigerian cyberspace have been unearthed.
In a quest to tackle cybercrimes, the Nigerian Cyber Crime Act came into force in May, 2015; this explains why the government of Nigeria has continued to solicit for the active support, participation and contributions of stakeholders from relevant sectors towards achieving increased national cyber security. We also presented a comparative evaluation of the Nigerian Cyber Security Policy and Strategy, Cybercrime Act, 2015 and other regulatory framework with those of selected countries. With Nigeria being at crossroads in cyber security policy formulation, it would also provide necessary information as to the viability of the policy and strategy framework with respect to the Nigerian environment.
There is the need to develop a common platform to address cyber security since cybercrime crosses borders and cannot be fought by one country. As a region, Africa must begin to cooperate to deal with cyber threats at national and regional levels. Africa should establish a body to monitor and report cybercrimes across borders. The approach should also involve governments, industry, civil society organizations and to a large extent security agencies. The fight against cybercrime requires coordinated effort among all stake holders such as government bodies, educational institutions, business organizations and law enforcement authorities. Lawmakers must be well trained and sensitized to help implement legislation that addresses cyber threats at all levels, Africa needs strong Information and Computer Technology institutions to train cyber security experts with a strong expertise in system administration, security audit, forensic investigation, information security and software development to deal with the future challenges of cybercrime.
In addition, as we have entered the second decade of the new millennium, cybercrime has become an increasingly pervasive threat that cannot easily be linked to only a handful of regions. As noted, in the work, that “Cybercrime has no borders”. Not only have cybercriminals developed more sophisticated attack strategies, they have also learned how to blur their traces effectively and complicate the work of those seeking to track them down. Compounding matters even more is the fact that security related laws and regulations vary from country to country (sometimes even from province to province), and thus it comes as no surprise that regions with less strict legislation are prone to a higher degree of cybercrime. Our law enforcement agencies must ensure that the constitutionally guaranteed rights are not eroded and subverted in the course championing reforms, though there is no database hence biometric registration requires fingerprint, the following agencies requires biometric Banks via Bank Verification Number (BVN), Nigeria Communications Commission (NCC Subscribers require biometric) Federal Road Safety Commission (FRSC) to obtain drivers license it require biometric, Independent National Electoral Commission (INEC) and the Nigerian Immigration require biometric all this information may shared internationally but does not appearto be available to our local Law enforcement agencies. Nigeria has no legislation regulating how such data should be stored and accessed. It is to be noted, that this is the data that is used in many developed countries and societies, to build database for criminal investigation through forensic analysis. In United State of America and United Kingdom, there exist laws centered on data retention and privacy conform to set of principles aimed at protecting personal data and ultimately criminalizes unauthorized access and usage in order to deter perpetrator and compensate victim of same. Note that, there is nothing in the Act549 expresses authority for the use of biometric data to effectively carryout the functions of banking regulation. Under s. 14-25 of the Act,550 National Identity Management Commission by virtue of the Act are legally backed at least the NIMC Act contains issue of accountability regarding the capturing, storage and sharing of biometric data. Cybercriminals are often anonymous and ubiquitous, their operations can effectively be carried out across borders. More often than not, the effects of cybercrime ripple across several jurisdictions. In this wise, efforts to tackle and sanction cybercrime viewed on international, regional and national perspective must be enhanced as the enactment of substantive laws to criminalize malevolent activities on the internet, enactment of related Bills to strengthen the cybersecurity framework Completion of the legislative process and establishment of institutional framework should be considered a matter of urgency, as the existing legal framework are inadequate in tackling cybercrime in Nigeria, the liberalization of telecoms and Internet penetration policies of government have yielded unprecedented growth in ICT, leading to increased dependence on technology for the delivery of basic as well as critical services in Nigeria amongst citizens, businesses and governments.
Finally, Lawyers and judges must understand the complexity involved in digital technology and its value in scientific analysis as a prelude to advocating effective laws and principles for investigation and admissibility of electronic evidence in pursuit of civil or criminal justice. Because of rudimentary understanding of digital technology credibility of information derived electronically is hardly contested by defense lawyers only its admissibility is challenged, the gap is that the conclusions they produce have yet to be tested for reliability the test of reliability of e-evidence is inevitable once knowledge of how it works becomes widespread. Although the issue of admissibility will still be crucial but so will be the credibility of the technology used. As the law and infrastructure improve judges, lawyers, academics and other experts must be prepared for the scrutiny that digital evidence will require551.
Findings
- It is observed from the research that there exist a conflict between the provisions in sections 38 of the Cybercrime Act and S. 37 of the Constitution of the Federal Republic of Nigeria 1999 which guarantees the right to privacy of citizens. This right must extend to the most private and sensitive data and information of citizens, including biometric data. This raises a two-fold concern. The conflict firstly, relates to the constitutionality of the requirement for personal information under the KYC (Know Your Customer) and BVN (Bank Verification Number) initiatives. This requirement might be considered intrusive and a breach of the constitutionally guaranteed right to privacy, particularly given the multiplicity of biometric data requests by various regulators in Nigeria. The second implication raised by the constitutional right to privacy is the obligation placed on government and its agencies to safeguard the various data and information banks and their customers. A failure to protect the information of citizens from cyber attacks will constitute a fundamental breach of the constitutionally enshrined right to privacy as the constitutional provision prevail over any other Act.
- It is our finding that, the lacunae created by provision of section 7 of Cybercrime Act manifested in the area of enforcement, compliance and punishment. On enforcement, S. 7 of the Act mandates the operators of cybercafes to register as business name with Corporate Affairs Commission as well as Computer Professionals Registration Council. Cybercafes shall maintain a register of users through sign-in register, and that the register shall be available to law enforcement personnel whenever needed but made no provision for sanction if the section is violated. S.36 (12) of the constitution of the Federal Republic of Nigeria 1999 provides that, a person shall not be convicted of criminal offence unless that offence is defined and the penalty therefore is prescribed in a written law, and in this subsection, a written law refers to an Act of the National Assembly or a Law of a state, any subsidiary legislation or instrument under the provision of a law. It is therefore settled principle of law that any provision of law that do not prescribed punishment for violation is not law because it serve no purpose, the section mere provided a statement with regards to cybercafé owners by prescribing for registration of cybercafés and maintaining a register of users through sign in register but the Act did not provide punitive measure for anyone who failed to complied with this There is the need to insert the provision for punishment that reflect the seriousness of the offence in S. 7 of the Act which same calls for amendment.
- It is also our finding that the Evidence Act as it relates to computer- generated evidence and certification of the generated evidence hamper the smooth adjudication of case relating to internet, the integrity of internet generated evidence is also in issue, while ‘public documents’ may require certification as a pre-requisite for admissibility, some other form of authentication should be created for ‘public devices’. This is the fact that section 104 of the Act is clearly designed or ‘documents’ and does not in any way envisage ‘devices’. Another crucial issue is on the rigidity of the provisions dealing with the requirement for certification of public documents. There is a need to qualify the requirement of certification in certain cases. The blanket requirement of certification for all documents (and devices) emanating from public authorities is bound to occasion hardship and injustice such a certificate must accompany the electronic record like computer printout, Compact Disc (CD), Video Compact Disc (VCD), pen drive, etc., pertaining to which a statement is sought to be given in evidence, when the same is produced in evidence. Electronic records being more susceptible to tampering, alteration, transposition, excision e.t.c., without such safeguards, the whole trial based on proof of electronic records can lead to travesty of
Recommendations
In view of the inadequacies with the legal response in combating cybercrime, as highlighted in this work, to help safeguard against cybercrime attacks, we recommend as follow:
- It is recommended that in order to reduce the scourge of cybercrime in the country, financial institutions in the country should establish fraud detection departments. The Evidence Act has become grossly inadequate to cover the present advancement in technology with the concomitant sophistication employed in the commission of economic and financial crimes as it relates to computer-generated evidence should be amended to incorporate medium on how to authenticate an internet public device to ease the admissibility of electronically generated evidence in our court system. There is a need to reconsider the prohibitive aspects of our laws. The inadequacy of our legislation turns out to be even more serious when we consider the lack of analogy between most cyber crimes and their conventional network. There is a need to develop a comprehensive internet legislation to regulate electronic financial transactions and prevent electronic crimes. As long as there is an absence of a centralised electronic databank containing specific information on each individual resident and visitor to Nigeria, exposure of criminal intentions before they are executed and the effective investigation of crimes committed would continue to pose a serious challenge to security
- We also called for legislative reforms and amendment of legislation in combating cybercrime and full harmonization with international legislation in order for legislation on cyber crime in Nigeria to keep pace with e-crime, especially as it becomes more prevalent and sophisticated hence there is the need to develop a common platform to address cyber security since cybercrime crosses borders and cannot be fought by one country. There is need for the National Assembly to amend the cybercrime Act by inserting a provision prescribing punishment under section 7 that relates to operation of cybercafés to make effective and efficient, the law making body should also expedite action to pass necessary Bills, that could help in curbing internet related crimes including the Economic and Financial Crimes Commission Act (Amendment) Bill 2010, Electronic Transactions Bill, 2015 and Payment System Management Bill 2015 all these are yet to become law and it relates to Cybercrimes.
- Lastly, it is further, recommended that in order to advance the knowledge for applicable laws, the protection of privacy right and intellectual property, with intent to sensibilize the methods and measures to prevent and combat the cybercrimes, there is a need to organize media debates, workshops and seminars with organizations for security and civil society. Education is the most vital weapon for literacy, as such seminars and workshops should be organized from time to time with emphasis on cyber safety so that the individuals, law enforcement agencies and service providers, will learn to keep their personal and customer information safe cybercrime criminals. We therefore, recommends that curriculum which will include courses on cyber crime, cyber management and its prevention should be introduced to both tertiary and secondary schools to take care of the present social changes. The internet services providers should not just provide broadband connection to their subscribers especially the home users, but they should also monitor effectively what the subscribers are doing on the net, at what time and where. They should provide their customers, especially financial institutions and cyber cafes with well- guided security codes and packages in order to protect their information and soft ware from hackers and publishers.
BIBILIOGRAPHY TEXT BOOKS
- Afe Babalola, Law and Practice of Evidence in Nigeria, p. 262
- Ladan M.T, (2015) Cyberlaw and Policy on Information and Communications Technology in Nigeria Ahmadu Bello University Press Limited p
- Agba P.C., (2003) International Communication Principles, Concepts and Issues: In Okunna C.S. (ed) Techniques of Mass Communication: A multi – Dimensional Approach. Enugu: New Generation Books p.9
- Ehimen O.R & Bola A., (2010) “Cybercrimes in Nigeria” Business Intelligence Journal, January, Vol.3, No.1 95
- Folashade B.O. etal, (2013) The Nature, Causes and Consequence of Cyber Crime in Tertiary institution in Zaria-Kaduna state, American International Journal of Contemporary Research, Vol. 3, No. 9, September, 98
- Ibikunle F., (2013) Approach to Cyber Security Issues in Nigeria: Challenges and Solution, Publication of Department of Electrical & Information Engineering, Covenant University Nigeria, Vol,1 No1
- Longe, O.B & Longe, F.A. (2005). The Nigerian Web Content: Combating the Pornographic Malaise Using Web Journal of Information Technology Impact. Vol. 5, No. 2 Loyola University, United States of America. www.jiti.net