DEVELOPMENT IN NIGERIA CYBERCRIME LAW final 1

30
DEVELOPMENT IN NIGERIAN CYBERCRIME LAW: A REVIEW OF THE CYBERCRIME (PROHIBITION, PREVENTION, ETC.) ACT, 2015 A PAPER PRESENTED BY A.GODWIN IHEABUNIKE ESQ, ASSISTANT DIRECTOR, LEGAL DRAFTING DEPARTMENT, FEDERAL MINISTRY OF JUSTICE, ABUJA AND THE NATIONAL SECRETARY – GENERAL, LAW OFFICERS ASSOCIATION OF NIGERIA (LOAN) AT THE BREAKOUT SESSION OF THE 2015 ANNUAL GENERAL CONFERENCE OF THE NIGERIAN BAR ASSOCIATION Page 1 of 30

Transcript of DEVELOPMENT IN NIGERIA CYBERCRIME LAW final 1

DEVELOPMENT IN NIGERIANCYBERCRIME LAW: A REVIEW OF THE

CYBERCRIME (PROHIBITION,PREVENTION, ETC.) ACT, 2015

A PAPER PRESENTED BY A.GODWIN IHEABUNIKE ESQ,ASSISTANT DIRECTOR, LEGAL DRAFTING DEPARTMENT, FEDERALMINISTRY OF JUSTICE, ABUJA AND THE NATIONAL SECRETARY –GENERAL, LAW OFFICERS ASSOCIATION OF NIGERIA (LOAN) AT

THE BREAKOUT SESSION OF THE 2015 ANNUAL GENERALCONFERENCE OF THE NIGERIAN BAR ASSOCIATION

Page 1 of 30

ON TUESDAY AUGUST 25, 2015

DEVELOPMENT IN NIGERIA CYBERCRIME LAW: A REVIEW OF THECYBERCRIME (PROHIBITION, PREVENTION, ETC.) ACT, 2015

INTRODUCTION:

Nigeria is an emerging economy with great potentials.This has made it pertinent for all sectors of thecountry to keep up with information and communicationtechnology. Information and communication technologycuts across all sectors including critical sectors suchas banking, telecommunications, aviation, electricity,industry, etc. Sadly, the great opportunities andpotentials of Information and Communication Technologyhave engendered serious cyber threats and attacks whichimpacts heavily on national security and calls forcoordinated national response through legislativeframework, policy and institutional measures.

The main sources of criminal law in Nigeria are theCriminal Code Act and the Penal Code. Over the years,reference has been made to section 419 of the CriminalCode Act when dealing with fraud related crimes.However, with the growth of computer and internetcrimes within and outside the country, and in line withNigeria’s efforts to keep up with international best

Page 2 of 30

practices, the Advance Fee Fraud and Other RelatedOffences Act 2006, Money Laundering (Prohibition) Act2011 (as amended), Copyright Act, 2004 among otherswere enacted. The government has also establishedagencies to curb the menace created by computer relatedand internet fraudsters. These include the Economic andFinancial Crime Commission and the Independent andCorrupt Practices Commission to deal with the menace ofcorruption, economic and financial crimes.

However, these laws did not address cybersecurity andcybercrime issues comprehensively. For example, none ofthese statutes made provision for the protection ofcritical information infrastructure. They are also notin compliance with the Budapest Convention onCybercrime or in consonance with the Model CybercrimeLegislation proposed by Regional Bodies such as theAfrican Union and the Economic Community of WestAfrican States (ECOWAS). In addition, many fraudrelated offences using computers, internet and othertechnological devices were not explicitly covered byexisting enactments.

WHAT ARE CYBERCRIMES?

Cybercrimes are species of cross border crimesperpetrated in time and space from any geographicalspot in the world, through the instrumentality of thecomputer and internet compliant information andcommunications technology gadgets. Some of the mostrampant cybercrimes in Nigeria are network intrusion,the dissemination of computer viruses and computer-

Page 3 of 30

based variations of existing crimes, such as fraud,identity theft, stalking, bullying and terrorism.

DEVELOPMENT OF CYBERCRIME LEGISLATION IN NIGERIA:

In 2003, a Presidential Committee on FraudulentActivities on the Cyberspace, recommended a wellthought out National Cybersecurity Initiative indealing with fraudulent activities on the cyberspace.This led to the development and introduction of severalexecutive and private members’ Bills all of whichsuffered setbacks at the National Assembly.

The National Security Adviser by a Convening Order of26th August 2011 set up the Committee on CybersecurityLegislation (ONSA Committee) to harmonise allCybercrime and Cybersecurity related Bills pending atthe National Assembly and to provide a draft Bill forCybersecurity and related matters. The ONSA Committeeproposed the enactment of the National SecurityAgencies (Amendment) Bill, 2011 and the CybersecurityBill, 2011. The Committee also proposed a compositeBill for an Act to establish the Directorate ofCybersecurity. These Bills were later forwarded to theHonourable Attorney – General of the Federation forfurther necessary action.

On the April 23rd, 2012, the Federal Government throughthe Office of the Honourable Attorney - General of theFederation and Minister of Justice constituted theCommittee to Review Bills Impacting on NationalSecurity (the Committee). The Committee was charged

Page 4 of 30

with the responsibility to review, update and considerthe desirability of harmonising the Bills proposed bythe ONSA Committee and make appropriaterecommendations. The recommendation of the Committeeformed part of the Executive Bill which was laterconsidered and approved by the Federal ExecutiveCouncil in 2013 for onward transmission to the NationalAssembly for enactment into law.

OBJECTIVES OF THE ACT.

The Cybercrimes (Prohibition, Prevention, etc) Act,2015 is an Act to provide for the prohibition,prevention, detection, response, investigation andprosecution of cybercrimes; and for other relatedmatters. The core objective of the Act, is to providean effective, unified and comprehensive legal,regulatory and institutional framework for theprohibition, prevention, detection, prosecution andpunishment of cybercrimes in Nigeria; promotecybersecurity and ensure the protection of criticalnational information infrastructure.

The Act also seeks to promote cybersecurity and theprotection of computer systems and networks,electronic communications, data and computer programmes, intellectual property and privacy rights.

APPLICATION OF THE ACTBy virtue of section 2 of the Act, the provisions of the Act apply throughout the Federal Republic of Nigeria.

Page 5 of 30

PROTECTION OF CRITICAL NATIONAL INFORMATIONINFRASTRUCTURE:

Sections 3 and 4 of the Act provides for thedesignation of certain computer systems or networks ascritical national information infrastructure by thePresident and for the audit and inspection of criticalnational information infrastructure.

The President may, on the recommendation of theNational Security Adviser, by Order published inthe Federal Gazette, designate certain computersystems or networks, whether physical orvirtual, the computer programs, computer data ortraffic data vital to the country that where theincapacity or destruction of or interference withsuch systems and assets would have a debilitatingimpact on national security, national or economicsecurity, national public health and safety, or anycombination of those matters; as constitutingCritical National information Infrastructure

The Presidential Order made under section 3 of thisAct may require the Office of the NationalSecurity Adviser to audit or inspect anycritical national information infrastructure atany time to ensure compliance with the provisions ofthe Act

OFFENCES AND PENALTIES

Sections 5 to 36 provide for offences and penalties.The offences which are criminalized in line withexisting International Conventions on Cybercrime to

Page 6 of 30

wit, the Budapest Convention and the African UnionConvention include –

S/No

OFFENCES SECTION

OVERVIEW PENALTY

1 Offences againstcritical nationalinformationinfrastructure

5 Offence against anycritical nationali n f o r m a t i o ni n f r a s t r u c t u r e . .

'

Imprisonmentfor a term ofnot more than10 yearswithoutoption offine.

Where theoffenceresults ingrievousbodily harmto anyperson, theoffender isliable onconviction toimprisonmentfor a term ofnot more than15 yearswithoutoption offine.

Where theoffencecommittedundersubsection(1) of thissectionresults inthe deathof aperson, theoffender isliable on

Page 7 of 30

conviction tolifeimprisonment

2 Unlawful access to acomputer

6 A person, who,withoutauthorisation,intentionallyaccesses, in wholeor in part, acomputer system ornetwork forfraudulent purposesand obtains datathat are vital tonational security,commits an offence

Imprisonmentfor a term ofnot more than5 years or toa fine of notmore than5,000,000.00 or both

3 Perpetratingelectronic or onlinefraud using acybercafé

7 All operators of a cybercafe shall fromthe commencement of this Act, register as a business concern with Computer Professionals' Registration Council in addition to a business name registration with the Corporate Affairs Commission,and shall maintain a register of usersthrough a sign -in register and the register shall be available to law enforcement persoru1el whenever needed .

A person whoperpetrateselectronic oronline fraud using

Imprisonment for a term of3 years or a fine of N1,000,000.00or both.

In the eventof proven connivance bythe owners ofthe cybercafe, such owners are guilty ofan offence and are liable to a fine of N2,000,000.00 or imprisonment for a term of3 years or both.

Page 8 of 30

a cybercafe,commits an offence

4 System interference 8 A person who,without lawfulauthority,intentionally orfor fraudulentpurposes does anact which causesdirectly orindirectly theserious hinderingof the functioningof a computersystem byinputting,transmitting,damaging, deleting,deteriorating,altering orsuppressingcomputer data orany other form ofinterference withthe computersystem, whichprevents thecomputer system orany part thereof,from functioning inaccordance with itsintended purpose,commits an offence

Imprisonmentfor a termof not morethan 2 yearsor to afine of notmore thanN5,000,000.00or both.

5 Interceptingelectronic message,email and electronicmoney transfer

9 A person whounlawfully destroysor aborts anyelectronic mail orprocess throughwhich money orvaluableinformation isbeing conveyed,commits an offence

Imprisonmentfor 7 yearsin the firstinstance and,upon secondconviction,is liable to14 yearsimprisonment.

6 Tampering withcritical

10 From thecommencement of this

fine ofN2,000,000.00

Page 9 of 30

infrastructure Act, any personbeing employed byor under a LocalGovernment ofNigeria, privateorganization orfinancialinstitution withrespect to workingwith any criticalinfrastructure orelectronic mail,commits any actwhich he is notauthorized to doby virtue of hiscontract of serviceor intentionallypermits, tamperingwith such computer,commits an offence.

orimprisonmentfor 3 years .

7 Willful misdirectionof electronic message

11 A person who misdirects electronic messages with either the intention to fraudulently obtain financial gain as a result of such act or with the intention of obstructing the process in order to cause delay orspeeding the messages with a view to cause an omission or commission that may defeat the essence of such messages, commits

Imprisonmentfor a term of3 years or afine ofN1,000,000.00or both

Page 10 of 30

an offence.

8 Unlawful interception 12 A person, whointentionally andwithoutauthorization,intercepts bytechnical means,non-publictransmissions ofcomputer data,content, ortraffic data,includingelectromagneticemissions orsignals from acomputer, computersystem or networkcarrying oremitting signals,to or from acomputer, computersystem or connectedsystem or network,commits anoffence.

Imprisonmentof not morethan 2 yearsor to a fineof not morethan N5,000,000.00or both.

9 Computer relatedforgery

13 A person who knowingly accesses any computer or network and inputs, alters, deletes or suppresses any data resulting in inauthentic data with the intention that such inauthentic data will be considered or acted upon as ifit were authentic or genuine,

Imprisonment for a term ofnot less than 3 years or toa fine of not. less than N7,000,000. 00 or both.

Page 11 of 30

regardless of whether or not suchdata is directly readable or intelligible, commits an offence

10 Computer related fraud 14 A person who,knowingly andwithout authority orin excess ofauthority, causesany loss ofproperty toanother byaltering, erasing,inputting orsuppressing anydata held in anycomputer, whetheror not for thepurpose ofconferring anyeconomic benefitson himself oranother person,commits an offence

Imprisonmentfor a term ofnot less than3 years or toa fine of notless thanN7,000,000.00 or both.

11 Theft of electronicdevices

15 A person whosteals afinancialinstitution orPublicInfrastructureTerminal commitsan offence.

Imprisonmentfor a termof 3 yearsor a fine ofNl,OOO,OOO.OOor both.

12 Unauthorizedmodification ofcomputer systems,network data andsystem interference

16 A person who, withintent and withoutlawful authority,directly orindirectly modifiesor causesmodification of anydata held in anycomputer system or

Imprisonmentfor a termof not morethan 3 yearsor to a fineof not morethan7,000,000.00or both.

Page 12 of 30

network, commits anoffence

13 Electronic signature 17 A person who, withthe intent todefraud ormisrepresent, forgesthrough electronicdevices anotherperson's signatureor company 'smandate, commits anoffence

Imprisonment for a tenn ofnot more than 7 years or a fine of not more than 1,000,000.00 or both.

14 Cyber terrorism 18 A person who accesses or causes to be accessed any computer or computersystem or network for purposes of terrorism, commits an offence

Life imprisonment.

15 Exceptions tofinancial institutionsposting and authorisedoptions

19 From thecommencement of thisAct, no financialinstitution shallgive posting andauthorising accessto any singleemployee.

A person or personsauthorised to giveaccess to computerto employees andgives more than oneaccess to any personor persons commitsan offense

A fine of Nl,OOO,OOO.OO or 7 years imprisonment or both.

16 Fraudulent issuance ofe-instructions

20 A person beingauthorised byany financialinstitution and

Imprisonmentfor a term of7 years.

Page 13 of 30

charged with theresponsibility ofusing computer orother electronicdevices forfinancialtransactions such asposting of debitand credit, issuanceof electronicinstructions asthey relate tosending ofelectronic debit andcredit messages orcharged with theduty of confirmationof electronic fundtransfer, unlawfullywith the intent todefraud, issuesfalse electronic orverbal messagescommits an offence

17 Failure to reportcyber threats

21 A person or institution who operates a computer system or a network, whether public or private, shall immediately inform the NationalComputer Emergency Response Team (CERT) Coordination Center of any attack, intrusion and other disruptionliable to hinder thefunctioning of another computer system or network.. A person or institution who

Denial of internet services, andsuch persons or institutionshall, in addition, pay a mandatory fine of N2, 000,000.00 into the National CyberSecurity Fund.

Page 14 of 30

fails to report any such incident to the National CERT ·within 7 days of its occurrence, commits an offence

18 Identity theft andimpersonation

22 A person ·who isengaged in theservices of anyfinancialinstitution and, asa result of hisspecial knowledge,commits identitytheft of itsemployer, staff,service providersand ··consultantswith the intentto defraud commitsan offence

Imprisonmentfor a termof7 years ora fineofN5,000,000.00 or both.

19 Child pornography andrelated offences

23 A person who intentionally usesany computer system or network inor for- (a) producing child pornography,(b) offering or making available child pornography,(c) distributing ortransmitting childpornography,(d) procuring childpornography for oneself or for another person,(e) possessing child pornography in a computer system or on a computerdata storage medium:

In the caseof paragragh(a), (b), and(c) of thissection, toimprisonmentto a term often years orto a fine ofnot more thanN20,000,000.

In the caseof paragragh(d),and (c)of thissection toimprisonmentto a term offive years orto a fine ofnot more thanN10,000,000

Page 15 of 30

commits an offence.20 Cyberstalking 24 A person who

knowingly or intentionally sends a message or other matter by means Cyberstalking.of computer systemsor network that is grossly offensive, pornographic or ofan indecent, obscene or menacingcharacter or causes an y such message ormatter to be so sent, commits an offence .

Fine of not more than N7,000,000.00or imprisonment for a term ofnot more than 3 years or both .

21 Cybersquatting 25 A person who,intentionally takesor makes use ofa name, businessname, trademark,domain name or otherword or phraseregistered, or inuse by anyindividual, bodycorporate orbelonging toeither theFederal, State orLocal Government inNigeria, on theinternet or anyother computernetwork, withoutauthority or right,and for thepurpose ofinterfering withtheir use by theowner, registrant orlegitimate prioruser, commits anoffence

Imprisonmentfor a term ofnot more than2 years or afine of notmore thanN5,000,000.00 or both

Page 16 of 30

22 Racist and xenophobicoffences

26 A person who (a) distributes or otherwise makes available, any racist or xenophobic material to the public through a computer system or network (d)distributes or otherwise makes available, through acomputer system or network, to the public, material which denies or approves or justifies acts constituting genocide or crimesagainst humanity, commits an offence.

Imprisonment for a term of not more than 5 years or to a fine of not thanN1O,OOO,OOO.OO or both fineand imprisonment.

23 Attempt, conspiracy,aiding and abetting

27 A person who -

(a) attempts to commit any offence under this Act, or

(b) aids, abets,conspires,counsels orprocures anotherperson tocommit anyoffence underthis Act,

commits an offenceand is liable on conviction to the punishment providedfor the principal offence under this Act.

Liable on conviction to the punishment provided forthe principaloffence underthis Act.

Page 17 of 30

24 Importation andfabrication of e-tools

28 A person who unlawfully produces,supplies, adapts, manipulates or procures for use, imports, exports, distributes, offers for sale or otherwise makes available-

(a) any device,including acomputer programor a componentdesigned oradapted for thepurpose ofcommitting anoffence underthis Act,

(b) a computerpassword, accesscode or similardata by which thewhole or any partof a computersystem or networkis capable ofbeing accessedfor the purposeof conu11itting anoffence underthis Act, or

commits an offence

Imprisonment for a term of not more than 3 years or a fine of not more than N7,000,000.00 or both.

25 Breach of confidenceby service providers

29 A person ororganization who,being a computerbased serviceprovider or vendor,does any act with

If corporateorganizationis liable onconviction toa fine ofN5,000,000.00and

Page 18 of 30

intent to defraudand by virtue of hisposition as aservice provider,forges, illegallyused security codesof the consumerwith the intent togain any financialor materialadvantage or withintent to provideless value for moneyin his or itsservices to theconsumer, commits anoffence

forfeiture offurtherequivalentof themonetaryvalue of thelosssustained bythe consumer.

26 Manipulation ofATM/POS Terminals

30 A person whomanipulates an ATMmachine or Point ofSales terminalswith the intentionto defraud commitsan offence

and is liableon convictiontoimprisonmentfor a term of5 Years orN5,000,000.00fine or both.

27 Employeeresponsibility

31 An employee who,without any lawfulreason, continues tohold unto the codeor access right ofhis employerafter disengagementwithout any lawfulreason commits anoffence

Imprisonmentfor a term 3years or afineofN3,000,000.00 or both

28 Phishing, spamming,spreading of computervirus

32 A person whoknowingly orintentionallyengages in computerphishing, spamming orspreading of computervirus commits anoffence.

imprisonmentfor a term 3years or afine of Nl,000,000.00or both.

Page 19 of 30

29 Electronic cardsrelated fraud

33 A person who, withintent to defraud,uses any accessdevice includingcredit, debit,charge, loyalty andother types offinancial cards, toobtain cash, credit,goods or servicecommits an offence

Imprisonmentfor a term ofnot more than7 Years or afine of notmore thanNS,OOO,OOO.OOor to bothfine andimprisonmentand isfurtherliable topay, inmonetaryterms, thevalue oflosssustained bythe owner ofthe creditcard.

30 Dealing in card ofanother

34 A person, otherthan the issuer,who receives andretains possessionof two or morecards issued in thename or names ofdifferentcardholders, whichcards he knowswere taken orretained undercircumstances whichconstitute a cardtheft, commits anoffence

Liable onsummaryconviction toimprisonmentfor a term of3 years or toa fine ofNl,OOO,OOO.OOand isfurtherliable torepay, inmonetaryterms, thevalue oflosssustained bythe Cardholder.

31 Purchase or sale of 35 A person, other and is

Page 20 of 30

card of another than an issuer orhis authorisedagent, who sells acard, or a personwho buys a cardfrom a personother than anissuer or hisauthorised agent,commits an offence

liable onsummaryconvictionto a fine ofNSOO,OOO.OO andis furtherliable topay, inmonetaryterms, thevalue of Josssustained bythe cardholder orforfeit theassets orgoodsacquiredwith thefunds fromthe accountofthecardholder.

32 Use of fraudulentdevice or attached e-mails and websites

36 A person whoknowingly orintentionallyengages in computerphishing, spamming,and deliberatespread of virusthereby causingdamage to criticalinformation inpublic, private orfinancialinstitution'scomputers commits ofan offence

Imprisonmentfor a term 3years or afine of Nl,000,000.00or both.

DUTIES OF FINANCIAL INSTUTUTIONS AND SERVICE PROVIDERS

Page 21 of 30

Sections 37 – 40 of the Act imposed some duties onFinancial Institutions and Service Providers. Some ofthese Duties are – (a) Duty to ascertain the proper identity of customers

before executing customer electronic instructions(KYC) - section 37;

(b) Duty to keep all traffic data and subscriberinformation as may be prescribed by the relevantauthority, for the time being, responsible forthe regulation of communication services inNigeria, for a period of 2 years; and

(c) Duty to comply with all the provisions of the Actand disclose information requested by any lawenforcement agency or otherwise renderassistance in any inquiry or proceeding underthis Act

COORDINATION, ADMINISTRATION AND ENFORCEMENT

Sections 41 to 44 provide for co-ordination,administration and enforcement of the provisions of theAct. While the Office of the National Security Advisershall be the co-coordinating body for all security andenforcement agencies under the Act, the Attorney –General of the Federation shall be the coordinatingMinister for the effective implementation andadministration of the Act and shall ensure theeffective prosecution of cybercrimes and cybersecuritymatters.

In other to meet the minimum standard required underthe AU Convention, section 42 established theCybercrime Advisory Council. The Advisory Council withmembership drawn from identifiable StakeholdersMinistries and Agencies listed in the First Schedule to

Page 22 of 30

the Act is to create an enabling environmentfor members to share knowledge, experience,intelligence and information on a regular basisand to provide recommendations on issuesrelating to the prevention and combating ofcybercrimes and the promotion of cybersecurity in Nigeria.

The Council is to formulate and provide generalpolicy guidelines for the implementation of theprovisions of the Act and to advice on measures toprevent and combat computer related offences,cybercrimes, threats to national cyberspace andother cyber security related issues. A member of theCouncil, shall cease to hold office if he ceases tohold the office on the basis of which he became amember of the Council; or the President is satisfiedthat it is not in the interest of the public for theperson to continue in office as a member of theCouncil. The meetings of the Council shall be presidedover by the National Security Adviser and the Councilshall meet at least four times in a year and wheneverit is convened by the National Security Adviser.

The Cybercrime Advisory Council shall comprise arepresentative each of the following Ministries,Departments, Agencies and Institutions – (a) Federal Ministry of Justice; (b) Federal Ministry of Finance; (c) Ministry of Foreign Affairs;(d) Federal Ministry of Industry, Trade and

Investment; (e) Central Bank of Nigeria;

Page 23 of 30

(f) Office of the National Security Adviser; (g) Department of State Services;(h) Nigeria Police Force;(i) Economic and Financial

Crimes Commission; (j) Independent Corrupt Practices

Commission; (k) National Intelligence

Agency;(l) Nigerian Security and Civil Defence Corps; (m) Defence intelligence Agency;(n) Defence Headquarters;(o) National Agency for the

Prohibition of Traffic in Persons;(p) Nigeria Customs Service;(q) Nigeria Immigration Service;(r) National Space Management Agency;(s) Nigerian Information Technology

Development Agency; (t) Nigerian Communications

Commission;(u) Galaxy backbone;"(v) National Identity

Management Commission;(w) Nigeria Prisons Service;

and(x) One representative each from the following -

(i) Association of Telecommunications Companiesof Nigeria,

(ii) Internet Service Providers Association ofNigeria,

(iii) Nigeria Bankers Committee, (iv) Nigeria Insurance Association,(v) Nigerian Stock Exchange, and

Page 24 of 30

(vi) Non- Governmental Organization withFocus on Cyber Security.

ESTABLISHMENT OF N ATIONAL CYBER SECURITY FUND

Section 44 of the Act provides for the establishment ofthe National Cyber Security Fund to be domiciled inthe Central Bank of Nigeria into which shall becredited -

(a) a levy of 0.005 of all electronic transactionsby the businesses specified in the SecondSchedule to the Act. These businesses are GSMService providers and all telecommunicationcompanies; Internet Service Providers; Banks andother Financial Institutions; InsuranceCompanies; and Nigerian Stock Exchange.

(b) grants-in-aid and assistance fromdonor, bilateral and multilateralagencies; and

(c) all other sums accruing to the Fundby way of gifts, endowments, bequest orother voluntary contributions by persons andorganizations:

ARREST, SEARCH, SEIZURE AND PROSECUTION

By virtue of section 45 of the Act, a law enforcementofficer may apply ex-parte to a Judge in Chambersfor the issuance of a warrant for the purpose ofobtaining electronic evidence in cybercrimeinvestigation. The court shall issue a warrant

Page 25 of 30

where it is satisfied that the warrant is soughtto prevent the commission of an offence or toprevent the interference with investigativeprocess or that the warrant is for thepurpose of investigating cybercrime, cybersecurity breach, computer related offences orobtaining electronic evidence and that there arereasonable grounds for believing that the personor material on the premises or conveyance maybe relevant to the cybercrirne or computerrelated offences under investigation.

JURISDICTION AND INTERNATIONAL CO-OPERATION

The Federal High Court located in any part of Nigeria,regardless of the location where the offence iscommitted, shall have jurisdiction to try offencesunder this Act, if committed -(a) in Nigeria;(b) in a ship or aircraft registered in Nigeria;(c) by a citizen or resident in Nigeria if the

person's conduct would also constitute anoffence under a law of th e country where theoffence was committed; or

(d) outside Nigeria, where-(i) the victim of the offence is a citizen

or resident of Nigeria; or(ii) the alleged offender is in Nigeria and

not extradited to any other country forprosecution.

Under section 50 (2) , the Act provides that in thetrial of any offence under this Act, the fact that anaccused person is in possession of pecuniary

Page 26 of 30

resources or property for which he cannotsatisfactorily account and which is disproportionalto his known sources of income, or that he had at orthat at about the time of the alleged offence heobtained an accretion to his pecuniary resources orproperty for which he cannot satisfactorily account,may, if proved, be taken into consideration by thecourt as corroborating the testimony of the witness inthe trial

By virtue of section 51, Offences under the Act shall beextraditable under the Extradition Act. Sections 52 to54 went ahead to make provisions for the procedure formaking and receiving extradition request. According tosection 56, in order to provide immediate assistancefor the purpose of international cooperation, theOffice of the National Security Advisershall designate and maintain a contact point thatshall be available 24 hours a day and 7 days a week.

POWER TO MAKE REGULATIONS

Section 57 of the Act vests the power to makeregulations on the Attorney-General of theFederation. Under this section, the Attorney-General may make orders, rules, guidelines orregulations as are necessary for the efficientimplementation of the provisions of the Act.

COMMENTS AND CONCLUSION

The Act provides a comprehensive national response tothe menace of cybercrime and cyber security. From all

Page 27 of 30

indications, the Act was patterned to be in conformitywith the Budapest Convention on Cybercrime and AfricanUnion Convention on Cybersecurity and Personal DataProtection. The Act is an attempt to domesticate theseconventions by adaptation.

On issues of Cybercrime and Cybersecurity in Nigeria,we are certain that the regulations, policies andinstitutions that will be put in place, will curb cyberthreats and abuse. This in turn will make Nigeria asafe haven for foreign investment and global businessopportunities.

In addition, the Act has for the very first timeprovided protection for Nigeria’s National Criticalinfrastructure. Critical infrastructure under the Actincludes systems and assets which are so vital to thecountry that the destruction of such systems andassets would have an impact on the security,national economic security, national public health andsafety of the country.

Thirdly, the Act has tried to bring together all theStakeholder Ministries, Departments, Agencies andInstitutions by way of the National Cybercrime AdvisoryCouncil. It is expected that the Council will set thepace for combatting Cybercrime.

The Act also established the National CybercesurityFund. The Fund will be utilized in the CounteringViolent Extremism (CVE) Programme. Such programmesincludes the intervention designed to counter thepersistence of violent radicalization to reduce theincidence of violent activities, change the behaviour

Page 28 of 30

of violent extremists, and counter the negativeextreme groups while promoting core national values;and any program that seeks to identify theunderlying causes of radicalization(social,cultural, religious and economic) and devel opstrategies that provide solutions and also introducemeasures to change the attitudes and perceptions ofpotential recruits, including providing vocationaltraining of prisoners and means of sustainablelivelihood and reintegration of reformed extremists totheir families and communities. An amount notexceeding 40 percent of the Fund may be allocatedfor programs relating to countering violentextremism. However the Act did not provide for the wayin which the remaining 60 percent shall be expended.While the Act talks basically about cybercrimesprohibition and prevention, the fund is called“National Cyber Security Fund”

Finally, the drafting language of the original draft ofthe Executive Bill has been influenced by theintroduction of a series of new ideas and offencesduring the process of law making at the NationalAssembly. Some of the side notes are inelegant andthere are typographic errors here and there. It is alsoobserved that the title of the Act is not the exactlythe same thing with the title of the Act as recorded inthe Signature page. All these awaits the Courtsinterpretation and possible amendments that will comein due course.

These notwithstanding, there is the need to bring thecontents of this Act to the general public especially

Page 29 of 30

those whose activities are meant to be regulated by theAct.

Page 30 of 30