·
Introduction
Introduction
The
cybercrime act was signed into law on the 15th of May, by President
Goodluck Jonathan before leaving office.
The objectives of the act are to provide an effective and unified legal
regulatory and institutional framework for the prohibition, prevention,
detection, prosecution and punishment of cybercrime in Nigeria; ensure the
protection of critical national information infrastructure and promote cyber
security and computer systems and networks electronic communications, data and
computer programs intellectual property and privacy rights.
cybercrime act was signed into law on the 15th of May, by President
Goodluck Jonathan before leaving office.
The objectives of the act are to provide an effective and unified legal
regulatory and institutional framework for the prohibition, prevention,
detection, prosecution and punishment of cybercrime in Nigeria; ensure the
protection of critical national information infrastructure and promote cyber
security and computer systems and networks electronic communications, data and
computer programs intellectual property and privacy rights.
Some salient provisions of
the act include:
the act include:
· Designation of certain computer
systems or networks’ as Critical National Information Infrastructure.
systems or networks’ as Critical National Information Infrastructure.
The act provides that “The President may on the recommendation of
the National Security Adviser, by Order published in the Federal Gazette,
designate certain computer systems, and/or networks, whether physical or
virtual, and/or the computer programs, computer data and/or traffic data vital
to this country that the incapacity or destruction of or interference with such
system and assets would have a debilitating impact on security, national or
economic security, national public health and safety, or any combination of those
matters as constituting Critical National Information Infrastructure.”[i]
the National Security Adviser, by Order published in the Federal Gazette,
designate certain computer systems, and/or networks, whether physical or
virtual, and/or the computer programs, computer data and/or traffic data vital
to this country that the incapacity or destruction of or interference with such
system and assets would have a debilitating impact on security, national or
economic security, national public health and safety, or any combination of those
matters as constituting Critical National Information Infrastructure.”[i]
Further
to the above power vested in the president, he may make orders for the
preservation, storage etc of the critical national information infrastructure and
offenses against infrastructure are punishable by imprisonment for as long as
10 to 15 years.
to the above power vested in the president, he may make orders for the
preservation, storage etc of the critical national information infrastructure and
offenses against infrastructure are punishable by imprisonment for as long as
10 to 15 years.
·
Registration of Cybercafés
Registration of Cybercafés
The
act provides that from the commencement of the act all operators of cybercafé
shall register as a business concern with Computer Professionals’ Registration
Council in addition to a business name registration with the Corporate Affairs
Commission. Cybercafés shall maintain a register of users through a sign-in
register. This register shall be available to law enforcement personnel
whenever needed.[ii]
act provides that from the commencement of the act all operators of cybercafé
shall register as a business concern with Computer Professionals’ Registration
Council in addition to a business name registration with the Corporate Affairs
Commission. Cybercafés shall maintain a register of users through a sign-in
register. This register shall be available to law enforcement personnel
whenever needed.[ii]
The
act does not however prescribe any penalty for cybercafé operators that do not
comply with the above provision. It however prescribes an imprisonment of 3
years or fine of one million naira (or both) for any person who perpetrates
electronic fraud or online fraud in cybercafé.
In the event of proven connivance on the part of the owners of the cybercafés,
such owners shall be liable to imprisonment for 3 years or a fine of 2 million
naira. The burden of proving such connivance shall be on the prosecutor.
act does not however prescribe any penalty for cybercafé operators that do not
comply with the above provision. It however prescribes an imprisonment of 3
years or fine of one million naira (or both) for any person who perpetrates
electronic fraud or online fraud in cybercafé.
In the event of proven connivance on the part of the owners of the cybercafés,
such owners shall be liable to imprisonment for 3 years or a fine of 2 million
naira. The burden of proving such connivance shall be on the prosecutor.
·
Intercepting electronic messages,
emails and electronic money transfers
Intercepting electronic messages,
emails and electronic money transfers
The
act provides that any person who unlawfully destroys or aborts any electronic
mails or processes through which money and or valuable information is being
conveyed is guilty of an offence and is liable to imprisonment for 7 years in
the first instance and upon second conviction shall be liable to 14 years’
imprisonment.[iii]
act provides that any person who unlawfully destroys or aborts any electronic
mails or processes through which money and or valuable information is being
conveyed is guilty of an offence and is liable to imprisonment for 7 years in
the first instance and upon second conviction shall be liable to 14 years’
imprisonment.[iii]
- Computer
Related Forgery
A person
who knowingly accesses any computer or network and inputs, alters,
who knowingly accesses any computer or network and inputs, alters,
deletes
or suppresses any data resulting in inauthentic data with the intention that
such inauthentic data will be considered or acted upon as if it were authentic
or genuine, regardless of whether or not such data is directly readable or
intelligible, commits an offence and is liable on conviction to imprisonment
for a term of not less than 3 years or to a fine of not less than 7,000,000.00
or both.[iv]
or suppresses any data resulting in inauthentic data with the intention that
such inauthentic data will be considered or acted upon as if it were authentic
or genuine, regardless of whether or not such data is directly readable or
intelligible, commits an offence and is liable on conviction to imprisonment
for a term of not less than 3 years or to a fine of not less than 7,000,000.00
or both.[iv]
- Electronic
Signatures
The act provides that electronic
signature in respect of purchases of goods, and any other
signature in respect of purchases of goods, and any other
transactions
shall be binding. Whenever the authenticity or otherwise of such signatures is
in question, the burden of proof, that the signature does not belong to the
purported originator of such electronic signatures shall be on the contender.
Any person who with the intent to defraud and or misrepresent, forges through
electronic devices another person’s signature or company mandate commits an
offence and shall be liable on conviction to imprisonment for a term of not
more than 7 years or a fine of not more thanN10,000,000.00 or to both
fine and imprisonment.
shall be binding. Whenever the authenticity or otherwise of such signatures is
in question, the burden of proof, that the signature does not belong to the
purported originator of such electronic signatures shall be on the contender.
Any person who with the intent to defraud and or misrepresent, forges through
electronic devices another person’s signature or company mandate commits an
offence and shall be liable on conviction to imprisonment for a term of not
more than 7 years or a fine of not more than
fine and imprisonment.
The
following contractual transactions or declarations are however excluded and may
not be by electronic signature[v]:
following contractual transactions or declarations are however excluded and may
not be by electronic signature[v]:
- Creation
and execution of wills, codicils and or other testamentary documents; - Death
certificate; - Birth
certificate; - Matters
of family law such as marriage, divorce, adoption and other related issues; - Isuance
of court orders, notices, official court documents such as affidavit,
pleadings, motions and other related judicial documents and instruments; - Any
cancellation or termination of utility services; - Any
instrument required to accompany any transportation or handling of dangerous
materials either solid or liquid in nature; and - Any
document ordering withdrawal of drugs, chemicals and any other material either
on the ground that such items are fake, dangerous to the people or the
environment or expired by any authority empowered to issue orders for
withdrawal of such items.
·
Cyber Terrorism
Cyber Terrorism
Any person that accesses or causes to be accessed any
computer or computer system or network for purposes of terrorism, commits an
offence and is liable on conviction to life imprisonment.
computer or computer system or network for purposes of terrorism, commits an
offence and is liable on conviction to life imprisonment.
The act
further stipulates that for the purpose of the provision as stated above,
“terrorism” shall have the same meaning under the Terrorism (Prevention) Act,
2011, as amended.
further stipulates that for the purpose of the provision as stated above,
“terrorism” shall have the same meaning under the Terrorism (Prevention) Act,
2011, as amended.
·
Identity
theft and impersonation
Identity
theft and impersonation
The act provides that any person who is engaged in the
services of any financial institution, and as a result of his special knowledge
commits identity theft of its employer, staff, service providers and
consultants with the intent to defraud is guilty of an offence and upon
conviction shall be sentenced to 7 years imprisonment orN5, 000,000.00
fine or both.
services of any financial institution, and as a result of his special knowledge
commits identity theft of its employer, staff, service providers and
consultants with the intent to defraud is guilty of an offence and upon
conviction shall be sentenced to 7 years imprisonment or
fine or both.
The
act further provides that any person who fraudulently or dishonestly makes use
of the electronic signature, password or any other unique identification
feature of any other person; fraudulently impersonates another entity or
person, living or dead, with intent to –
act further provides that any person who fraudulently or dishonestly makes use
of the electronic signature, password or any other unique identification
feature of any other person; fraudulently impersonates another entity or
person, living or dead, with intent to –
(a) gain advantage for himself or another
person;
person;
(b) obtain any property or an interest in
any property;
any property;
(c)
cause
disadvantage to the entity or person being impersonated or another person; or
avoid arrest or prosecution or to obstruct, pervert or defeat the course of
justice commits an offence and shall be liable on conviction to imprisonment
for a term of not more than 5 years or a fine of not more thanN7,
000,000.00 or to both such fine and imprisonment.
cause
disadvantage to the entity or person being impersonated or another person; or
avoid arrest or prosecution or to obstruct, pervert or defeat the course of
justice commits an offence and shall be liable on conviction to imprisonment
for a term of not more than 5 years or a fine of not more than
000,000.00 or to both such fine and imprisonment.
·
Manipulation of ATM/POS terminals
Manipulation of ATM/POS terminals
Any person who manipulates an ATM machine or Point of
Sales terminals with the intention to defraud shall be guilty of an offence and
upon conviction sentenced to Five Years imprisonment orN5, 000,000.00
fine or both. Furthermore any employee of a financial institution found to have
connived with another person or group of persons to perpetrate fraud using an
ATM of Point of sales device, shall be guilty of an offence and upon conviction
sentenced to Seven Years imprisonment without an option of fine.[vi]
Sales terminals with the intention to defraud shall be guilty of an offence and
upon conviction sentenced to Five Years imprisonment or
fine or both. Furthermore any employee of a financial institution found to have
connived with another person or group of persons to perpetrate fraud using an
ATM of Point of sales device, shall be guilty of an offence and upon conviction
sentenced to Seven Years imprisonment without an option of fine.[vi]
·
Electronic card related fraud
Electronic card related fraud
For card related offenses the act stipulates a jail term
of up 5 years and a fine of up to 7 million for offenses ranging from purchase
or sale of card of another, dealing in cards etc. In the case of financial
institutions, there is a fine of 10 million for any in institution that makes
available, lends, donates, or sells any list or portion of a list of
cardholders and their addresses and account numbers to any person without the
prior written permission of the cardholder(s).[vii]
of up 5 years and a fine of up to 7 million for offenses ranging from purchase
or sale of card of another, dealing in cards etc. In the case of financial
institutions, there is a fine of 10 million for any in institution that makes
available, lends, donates, or sells any list or portion of a list of
cardholders and their addresses and account numbers to any person without the
prior written permission of the cardholder(s).[vii]
·
Duty of financial institutions
Duty of financial institutions
Financial
institutions are required to verify the identity of their customers; as such
they are to request documents that bare their names, address and other relevant
information before issuance of ATM cards, credit cards, debit cards and other
related electronic devices. They are to apply the principle of know your
customer in documentation of customers preceding execution of customers
electronic transfer, payment, debit and issuance orders.
institutions are required to verify the identity of their customers; as such
they are to request documents that bare their names, address and other relevant
information before issuance of ATM cards, credit cards, debit cards and other
related electronic devices. They are to apply the principle of know your
customer in documentation of customers preceding execution of customers
electronic transfer, payment, debit and issuance orders.
Any official or organization, who fails to obtain proper
identity of customers before executing customer electronic instructions in
whatever way, commits an offence and shall be liable on conviction to a fine of
N5, 000,000.00. It further provides that any financial institution that
makes an unauthorized debit on a customer’s account shall upon written
notification by the customer, provide clear legal authorization for such debit
to the customer or reverse such debit within 72 hours. Any financial
institution that fails to reverse such debit within 72 hours shall be guilty of
an offence and liable on conviction to restitution of the debit and a fine ofN
5, 000,000.00.
identity of customers before executing customer electronic instructions in
whatever way, commits an offence and shall be liable on conviction to a fine of
makes an unauthorized debit on a customer’s account shall upon written
notification by the customer, provide clear legal authorization for such debit
to the customer or reverse such debit within 72 hours. Any financial
institution that fails to reverse such debit within 72 hours shall be guilty of
an offence and liable on conviction to restitution of the debit and a fine of
5, 000,000.00.
·
Administration and Enforcement
Administration and Enforcement
The
office of the National Security Adviser shall be the coordinating body for all |
security
and enforcement agencies under this Act and shall provide support to all relevant security, intelligence, law enforcement agencies and military services to prevent and combat cybercrimes in Nigeria |
·
Arrest, search, seizure and
prosecution
Arrest, search, seizure and
prosecution
The
act provides that a law enforcement officer may apply ex-parte to a
Judge in chambers for the issuance of a warrant for the purpose of obtaining
electronic evidence in related crime investigation. The judge in turn may issue
a warrant authorizing a law enforcement officer to enter and search any
premises or place if within those premises, place or conveyance –
act provides that a law enforcement officer may apply ex-parte to a
Judge in chambers for the issuance of a warrant for the purpose of obtaining
electronic evidence in related crime investigation. The judge in turn may issue
a warrant authorizing a law enforcement officer to enter and search any
premises or place if within those premises, place or conveyance –
(i) an offence under the act is being
committed; or
committed; or
(ii) there is evidence of the commission of
an offence under the act; or
an offence under the act; or
(iii) there is an urgent need to prevent the
commission of an offence under the act.
commission of an offence under the act.
The
judge may also make orders relating to search of persons, computer systems or
networks, vehicles etc.[viii]
judge may also make orders relating to search of persons, computer systems or
networks, vehicles etc.[viii]
·
Jurisdiction
Jurisdiction
The federal High Court in any location
in Nigeria, regardless of where the offence is committed has exclusive
jurisdiction to try offenses committed under the act.
in Nigeria, regardless of where the offence is committed has exclusive
jurisdiction to try offenses committed under the act.
·
Conclusion
Conclusion
Overall, the Cybercrime Act (2015) is
a boost for the Nigerian legal system as offences that are captured in the act
were in hitherto not provided for in any of our laws. This new act is in my
opinion a welcome development as it attempts to safe guard national security,
corporations and individuals alike.
a boost for the Nigerian legal system as offences that are captured in the act
were in hitherto not provided for in any of our laws. This new act is in my
opinion a welcome development as it attempts to safe guard national security,
corporations and individuals alike.
Busayo Adedeji
Busayo advises clients on
corporate immigration issues, advising clients on employment and labour law
issues, ensuring that clients are in line with regulatory compliance rules,
civil litigation etc
corporate immigration issues, advising clients on employment and labour law
issues, ensuring that clients are in line with regulatory compliance rules,
civil litigation etc
Twitter:
@thestreetloya