|Image credit: Myfinanceintelligence.com|
As Nigeria tries to leap into the 21st century after over a decade into the century, technology will keep creating new opportunities. But with these opportunities, there will continue to be risks. Technology alone will not be adequate. This is where the law comes in. Law must continue to grow with technology to provide adequate protection. We need effective laws to protect both merchants and end users from the risks often associated with electronic transactions and communication, particularly on cyberspace.
Nigeria’s cyberspace needs adequate protection.
Cyberspace has become increasingly toxic, especially in Nigeria. Back in 2001, Nigeria was reported by the American National Fraud Information Centre as having the fastest growing online scam. 12 years later, Nigeria was the 3rd most active country for cybercrime activity globally. With the phenomenal growth in telecommunications, cybercrime is becoming even more sophisticated in the country. Mobile technology is also making the menace very difficult to control. These new ways of communicating and transacting business have largely rendered our criminal laws obsolete. Even anti-virus software, encryptions, firewalls, login passwords, and others are not 100% protective.
The new Cybercrime Act
To clean up our toxic cyberspace, Nigeria passed the Cybercrimes (Prohibition, Prosecution, etc) Bill into law, retitled Cybercrimes (Prevention, Prohibition, etc) Act. This new Act is now the governing regime for the country’s cyberspace. It was signed into law by President Goodluck Jonathan on 15 May 2015 before handing over to the present administration. The Cybercrime Act will be well complemented by the equally new Administration of Criminal Justice Act 2015. These Acts, with the Evidence Act 2011, will no doubt improve Nigeria’s cyberspace.
Section 1, under Part I of the Cybercrime Act, outlines the objects and application of the Act as follows:
(a) provide an effective and unified legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria;
(b) ensure the protection of critical national information infrastructure; and
(c) promote cyber security and the protection of computer systems and networks, electronic communication, data and computer programs, intellectual property, and privacy rights.
Part II empowers the President to designate certain computer systems or networks as critical national information infrastructure. This is on the National Security Adviser’s recommendation.
The new Act is a comprehensive one. Part III provides various offences in and out of cyberspace. It states penalties for various computer-related offences such as offences against critical national infrastructure; unlawful access to a computer; and unlawful system interference and interceptions. Others involve registration of cyber cafes, electronic communication, electronic-cards related fraud, money transfers, computer-related forgery and fraud, electronic signature, cyber terrorism, identity threats and impersonation, and child pornography. Interestingly, the Act also covers cyberstalking, cybersquatting, phishing, spamming, spreading of computer virus, breach of confidence by service providers, and other offences.
Part IV provides for the duties of financial institutions in recording, retaining, and protecting customer’s information. It prescribes the know-your-customer principle in the documentation of customers. Part V takes care of the administration and enforcement of the Act. To ensure that law enforcement officers do not act beyond their powers, Part VI regulates arrest, search, seizure, and prosecution. Jurisdiction and international cooperation are covered under Part VII. Part VIII is the last part of the Act. It contains miscellaneous comprising regulations, interpretation, and citation.
How adequate is the protection provided under the Cybercrime Act?
I think this comprehensive approach, though hardly adequate, is the best way to go about protecting Nigeria’s cyberspace. Apart from the interrelatedness of most of the offences created under the Act, any attempt at being too detailed under each provision might render the Act obsolete in no time. Things change very fast in the cyber world. The law cannot always catch up with it, but it can go ahead of it.
Cyberspace, with its peculiarly wide-ranging aspects, often requires specific provisions for any meaningful protection. General provisions may not always be adequate. That is why I find section 57 of the Act fundamentally crucial. Section 57 accommodates regulations. It empowers the Attorney-General of the Federation to make orders, rules, guidelines, or regulations as are necessary for the efficient implementation of the provisions of [the] Act. This ensures that Nigeria is up to date regardless of any changes in cyberspace.
What have other jurisdictions being doing to protect their cyberspace?
In other jurisdictions like the US, UK, and Canada, specific laws are often avoided to prevent obsoleteness. They enact laws that generally regulate various aspects of cyberspace, not just cybercrime. In the US for instance, there are industry-specific cybersecurity regulations. The Gramm-Leach-Billey Act, Homeland Security Act (including Federal Information Security Management Act), and Health Insurance Portability and Accountability Act (HIPAA) generally mandate financial institutions, federal agencies, and healthcare bodies to protect their systems and information respectively.
Is Nigeria now better prepared?
As cyber activity continues to grow in Nigeria, I suspect we will need to provide industry-specific regulations to consolidate on our new cybercrime regime. Telecom, e-banking, and e-commerce are some of Nigeria’s fast-growing sectors that will increasingly demand more regulations. Nigeria must be prepared.
Senator Iyere Ihenyen is an associate at Assizes Lawfirm and The Write House, Lagos.