McAsh's Thoughts

December 24, 2011

Combating Cybercrimes in Nigeria 1

Filed under: Nigeria — David Ashaolu (McAsh) @ 8:37 am

In its most simplistic form, cybercrimes can be described as criminal actions committed on Cyberspace. They are of two major categories: crimes committed solely with the aid of the Internet, which were unknown to our criminal law prior to the advent of the Internet. Examples of such will include dissemination of viruses and other malicious codes. The second category relates to crimes which became enhanced through the aid of the Internet. These criminal activities were committed traditionally, but have been introduced to the cyberspace and their operations have been aided by Internet’s anonymity and inventiveness. Examples here include online fraud (Nigerian 419 scams).

Nigeria’s notoriety in cybercrimes worldwide is an open secret. There is hardly any crime which is not perpetrated by Nigerians more for gain than for play. Being Africa’s most populated nation and powerhouse, the behaviour of Nigerians come under the spot light as role models, and as a model of African behaviour. Nigeria should therefore be at the fore of cyberspace policing in Africa.

The legal regime of a phenomenon can be traced to two broad sources: the legislature and the judiciary. Perhaps, a third arm is the institutional framework which is the implementing agency that enforces the policies made by various authorities.[1]

Nigeria is yet to enact an ICT Law which would criminalize unlawful acts committed via and with the aid of information technology, computers or computer networks. Since cybercrime is by nature committed on the cyberspace, a direct enactment prohibiting cybercrime in its intrinsic original cyber nature is nullus secondus in this combat.

It will be pretentious to assume that with the few cybercrime prosecutions and convictions achieved by the EFCC to date in Nigeria, we are achieving much in our fight against cybercrimes. When compared with what obtains in other countries around the world, we see we are nowhere near where we should be. Certain factors which hamper the prosecution of cybercrime in Nigeria are examined hereunder.

Challenges

The factors militating against an effective policing of Nigeria’s cyberspace are numerous. I shall take them one by one, starting with the administrative quagmire faced by prosecutors.

Administrative Predicament

Section 36(12), 1999 Constitution of the Federal Republic of Nigeria (as amended) provides thus:

“a person shall not be convicted of a criminal offence unless that offence is defined and the penalty thereof prescribed in a written law; and a written law refers to an Act of the National Assembly or a law of a State

Thus, the factors involved in the prosecution of a crime under the Nigerian law emanate from one major source: legislation. An uncodified crime is not punishable.[2]

This fundamental fair hearing position has enjoyed tremendous support from the courts over the years.[3] In Udokwu v Onugha[4], the act complained of was committed 6 months before they were prohibited by legislation. The court held that the accused had committed no offence by virtue of Section 22(10), 1963 Constitution.[5]

In prosecuting cybercrimes, the acts complained of must have been defined as criminal and punishable by a law of the land.[6] Prosecuting an accused person for acts which, though we all know are wrong and unacceptable, are not criminalized by local enactments, will be tantamount to a breach of the fundamental right to fair hearing of the person so tried.

The major setback to the prosecution of all forms of cybercrimes is the lack of a direct legislation prohibiting these acts. At present, they are sociologically perceived as social vices and morally condemned as wrongs. But legally, they are not punishable. An ICT Law is the very first step towards ensuring a crime free ICT world.

This situation is not unique to Nigeria. In 2000, the notorious “I Love You” virus was released. It caused severe damages worldwide. Eventually, it was traced to some individuals in the Philippines after investigations that involved both the FBI and Philippine’s National Bureau of Investigation. The joint operation however ran into difficulties and eventhough they identified the criminals, they could not prosecute them since there was no ICT law in the Philippines and thus the creation and dissemination of malicious codes was not an offence.

Sometimes in 2004, the Nigerian Cyber-crime Working Group (NCWG) was set up. The NCWG was charged with the duty of producing a Cybercrime Bill, an ICT Law for Nigeria. But its members spent more resources on “resource control” than “crime control”. Instead of setting out to work with the rigour and gusto their Terms of Reference required, they spent precious time clarifying who had more powers than whom. The NITDA claimed that the Cybercrime Agency should be instituted under it while the EFCC wanted the agency to be integrated into its Commission. The Nigerian Computer Society was advocating for a fresh independent body altogether as the Cybercrime Agency. That was how seven precious years have passed us by with no meaningful progress.

As a result, law enforcement agencies have been condemned to prosecuting cybercrimes by the repertoire of traditional crime legislations. For example, a crime like cyberfraud can be prosecuted under the Advanced Fee Fraud and other Related Offences Act, 1995 or the offence of obtaining by false pretences under the Criminal Code.[7]

Abuse of privacy crimes committed on the Internet would have been perfectly prosecuted under a Data Protection legislation. Plagiarism, piracy and other intellectual property offences currently prosecuted under the Nigerian Copyright Act is ineffective, as the definition of ‘property’ does not include data stored on the computer system or certain types of software which only exist on the ICT world.[8]

These traditional provisions are inadequate in sufficiently catering for all forms of cybercrimes, owing to the latter’s inventiveness and cyber nature, characterized by cyber-anonymity and pseudo-identity.

It is worth mentioning here that the office of the National Security Agency (NSA) this year prepared a draft Cybersecurity Bill which is still making rounds and taking comments before a final draft is sent to the National Assembly. It is available here and comments on this bill can be made below.[9] 

When this law is enacted, we should be singing a different tune as regards the legal regime of cybercrimes in Nigeria. But for now, law enforcement agents make do with traditional criminal law enactments to prosecute cybercrimes wherever the acts intersect. Save a special cybercrime procedural law, the existing criminal law procedural practices as contained in the criminal procedure Act, Criminal Procedure Code and the Evidence Act, shall apply at the moment to these prosecutions.

I shall be considering these procedural practices in a later blog, while exposing their inadequacies at prosecuting cybercrimes.

 

Nigeria Cybersecurity Bill 2011 Comments

(To comment to this blog, kindly go to the top right corner of this page or down below the References) Please get a copy of the Bill from the blog, review it and post your comments below. Be specific, so that the drafters will be able to easily identify the issues you spot and incorporate them appropriately.
  • You can provide a Nickname if you wish
  • kindly provide a valid e-mail address for feedback
  • Please be brief and specific

[1] Ashaolu & Oduwole, Policing Cyberspace in Nigeria, (Lifegate Publishers, Ibadan) 2009 at page 129

[2] Section 151 (3) CPA, Cap C41 LFN 2004 provides that a charge against a suspect must contain the “written law” prohibiting the act and the Section in that written law. Where these are absent, the charge is void.

[3] See Aoko v. Fagbemi (1961) 1 All NLR 400

[4] (1963) 7 ENLR 1

[5] Also Section 33 (10), 1979 Constitution

[6] By Section 12 of the 1999 Constitution, a foreign treaty, ratified or not, is not enforceable inNigeria except it has been codified in a local Nigerian legislation.

[7] Section 419

[8] See Section 41, Copyright Act, Cap C28, LFN 2004 which defines “literary works” to include “computer programmes” (defined as a set of instructions and languages which facilitate the smooth operation of the computer system, promptly excluding things like software and raw digital data like personal information stored on computer drives).

[9] This Bill is a response to the issue of inadequacy of Cyberlaws in Nigeria which I have previously raised severally. (See, for example, Ashaolu and Oduwole, Policing Cyberspace in Nigeria, ibid.) The Bill was made available for comments and I have since sent my thoughts, hoping it will be more properly drafted. We are eagerly awaiting the future of the Draft, although I believe the Draft needs a wholesale evaluation which some people are doing a great job on at the moment. Kindly make your contributions to this Bill.

Be Sociable, Share!

3 Comments

  1. Thanks-a-mundo for the article.Really looking forward to read more.

    Comment by Braxton Blakey — March 13, 2012 @ 11:11 pm

  2. Unfortuneately, the Nigerians scams will go on forever as there is no policing the content. As long as there as suckers who respond to enticing email, this will be more scams. its one of our biggest comments for support

    Comment by Remote PC Services — March 14, 2012 @ 1:53 pm

  3. Sensational article. I told about it many friends. I paste a link to it on my website ( http://ekoplava.pl/ ) and translate entry to the Polish. Thank you.

    Comment by domy nad morzem — March 25, 2012 @ 12:20 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.