Aug 9, 2016

Busayo Adedeji - A Review of the Cybercrimes Act

·         Introduction
The cybercrime act was signed into law on the 15th of May, by President Goodluck Jonathan before leaving office.  The objectives of the act are to provide an effective and unified legal regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrime in Nigeria; ensure the protection of critical national information infrastructure and promote cyber security and computer systems and networks electronic communications, data and computer programs intellectual property and privacy rights.

Some salient provisions of the act include:

·       Designation of certain computer systems or networks’ as Critical National Information Infrastructure.
The act provides that “The President may on the recommendation of the National Security Adviser, by Order published in the Federal Gazette, designate certain computer systems, and/or networks, whether physical or virtual, and/or the computer programs, computer data and/or traffic data vital to this country that the incapacity or destruction of or interference with such system and assets would have a debilitating impact on security, national or economic security, national public health and safety, or any combination of those matters as constituting Critical National Information Infrastructure.”[i]

Further to the above power vested in the president, he may make orders for the preservation, storage etc of the critical national information infrastructure and offenses against infrastructure are punishable by imprisonment for as long as 10 to 15 years.

·         Registration of Cybercafés
The act provides that from the commencement of the act all operators of cybercafé shall register as a business concern with Computer Professionals’ Registration Council in addition to a business name registration with the Corporate Affairs Commission. Cybercafés shall maintain a register of users through a sign-in register. This register shall be available to law enforcement personnel whenever needed.[ii]

The act does not however prescribe any penalty for cybercafé operators that do not comply with the above provision. It however prescribes an imprisonment of 3 years or fine of one million naira (or both) for any person who perpetrates electronic fraud or online fraud in cybercafé.  In the event of proven connivance on the part of the owners of the cybercafés, such owners shall be liable to imprisonment for 3 years or a fine of 2 million naira. The burden of proving such connivance shall be on the prosecutor.

·         Intercepting electronic messages, emails and electronic money transfers
The act provides that any person who unlawfully destroys or aborts any electronic mails or processes through which money and or valuable information is being conveyed is guilty of an offence and is liable to imprisonment for 7 years in the first instance and upon second conviction shall be liable to 14 years’ imprisonment.[iii]

  • Computer Related Forgery

A person who knowingly accesses any computer or network and inputs, alters,

deletes or suppresses any data resulting in inauthentic data with the intention that such inauthentic data will be considered or acted upon as if it were authentic or genuine, regardless of whether or not such data is directly readable or intelligible, commits an offence and is liable on conviction to imprisonment for a term of not less than 3 years or to a fine of not less than 7,000,000.00 or both.[iv]

  • Electronic Signatures

The act provides that electronic signature in respect of purchases of goods, and any other   
transactions shall be binding. Whenever the authenticity or otherwise of such signatures is in question, the burden of proof, that the signature does not belong to the purported originator of such electronic signatures shall be on the contender. Any person who with the intent to defraud and or misrepresent, forges through electronic devices another person’s signature or company mandate commits an offence and shall be liable on conviction to imprisonment for a term of not more than 7 years or a fine of not more than N10,000,000.00 or to both fine and imprisonment.

The following contractual transactions or declarations are however excluded and may not be by electronic signature[v]:

  • Creation and execution of wills, codicils and or other testamentary documents;
  • Death certificate;
  • Birth certificate;
  • Matters of family law such as marriage, divorce, adoption and other related issues;
  • Isuance of court orders, notices, official court documents such as affidavit, pleadings, motions and other related judicial documents and instruments;
  • Any cancellation or termination of utility services;
  • Any instrument required to accompany any transportation or handling of dangerous materials either solid or liquid in nature; and
  • Any document ordering withdrawal of drugs, chemicals and any other material either on the ground that such items are fake, dangerous to the people or the environment or expired by any authority empowered to issue orders for withdrawal of such items.

·         Cyber Terrorism
Any person that accesses or causes to be accessed any computer or computer system or network for purposes of terrorism, commits an offence and is liable on conviction to life imprisonment.

The act further stipulates that for the purpose of the provision as stated above, “terrorism” shall have the same meaning under the Terrorism (Prevention) Act, 2011, as amended.

·         Identity theft and impersonation
The act provides that any person who is engaged in the services of any financial institution, and as a result of his special knowledge commits identity theft of its employer, staff, service providers and consultants with the intent to defraud is guilty of an offence and upon conviction shall be sentenced to 7 years imprisonment or N5, 000,000.00 fine or both.

The act further provides that any person who fraudulently or dishonestly makes use of the electronic signature, password or any other unique identification feature of any other person; fraudulently impersonates another entity or person, living or dead, with intent to -

(a) gain advantage for himself or another person;

(b)  obtain any property or an interest in any property;

(c)   cause disadvantage to the entity or person being impersonated or another person; or avoid arrest or prosecution or to obstruct, pervert or defeat the course of justice commits an offence and shall be liable on conviction to imprisonment for a term of not more than 5 years or a fine of not more than N7, 000,000.00 or to both such fine and imprisonment.

·         Manipulation of ATM/POS terminals
Any person who manipulates an ATM machine or Point of Sales terminals with the intention to defraud shall be guilty of an offence and upon conviction sentenced to Five Years imprisonment or N5, 000,000.00 fine or both. Furthermore any employee of a financial institution found to have connived with another person or group of persons to perpetrate fraud using an ATM of Point of sales device, shall be guilty of an offence and upon conviction sentenced to Seven Years imprisonment without an option of fine.[vi]

·     Electronic card related fraud
For card related offenses the act stipulates a jail term of up 5 years and a fine of up to 7 million for offenses ranging from purchase or sale of card of another, dealing in cards etc. In the case of financial institutions, there is a fine of 10 million for any in institution that makes available, lends, donates, or sells any list or portion of a list of cardholders and their addresses and account numbers to any person without the prior written permission of the cardholder(s).[vii]

·         Duty of financial institutions
Financial institutions are required to verify the identity of their customers; as such they are to request documents that bare their names, address and other relevant information before issuance of ATM cards, credit cards, debit cards and other related electronic devices. They are to apply the principle of know your customer in documentation of customers preceding execution of customers electronic transfer, payment, debit and issuance orders.

Any official or organization, who fails to obtain proper identity of customers before executing customer electronic instructions in whatever way, commits an offence and shall be liable on conviction to a fine of N5, 000,000.00. It further provides that any financial institution that makes an unauthorized debit on a customer’s account shall upon written notification by the customer, provide clear legal authorization for such debit to the customer or reverse such debit within 72 hours. Any financial institution that fails to reverse such debit within 72 hours shall be guilty of an offence and liable on conviction to restitution of the debit and a fine of N 5, 000,000.00.

·         Administration and Enforcement
The office of the National Security Adviser shall be the coordinating body for all
security and enforcement agencies under this Act and shall provide support to all relevant security, intelligence, law enforcement agencies and military services to prevent and combat cybercrimes in Nigeria

·         Arrest, search, seizure and prosecution
The act provides that a law enforcement officer may apply ex-parte to a Judge in chambers for the issuance of a warrant for the purpose of obtaining electronic evidence in related crime investigation. The judge in turn may issue a warrant authorizing a law enforcement officer to enter and search any premises or place if within those premises, place or conveyance –

(i)  an offence under the act is being committed; or

(ii)  there is evidence of the commission of an offence under the act; or

(iii)  there is an urgent need to prevent the commission of an offence under the act.
The judge may also make orders relating to search of persons, computer systems or networks, vehicles etc.[viii]
·         Jurisdiction
The federal High Court in any location in Nigeria, regardless of where the offence is committed has exclusive jurisdiction to try offenses committed under the act.

·         Conclusion
Overall, the Cybercrime Act (2015) is a boost for the Nigerian legal system as offences that are captured in the act were in hitherto not provided for in any of our laws. This new act is in my opinion a welcome development as it attempts to safe guard national security, corporations and individuals alike.

Busayo Adedeji

Busayo advises clients on corporate immigration issues, advising clients on employment and labour law issues, ensuring that clients are in line with regulatory compliance rules, civil litigation etc

Twitter: @thestreetloya

[i] Section 3(1) Cybercrime Act
[ii] Section 7(1) Cybercrime Act
[iii]Section 9 Cybercrime Act
[iv] Section 13 Cybercrime Act
[v] Section 17(2) Cybercrime Act
[vi] Section 30 Cybercrime Act
[vii] Section 33, 34 & 35
[viii] Section 45