Faculty of law Baze University, Solomon Oho, April 2017

A CRITICAL ANALYSIS OF THE CYBERCRIME LAW IN NIGERIA

BY

SOLOMON OGHOFOMELUO OHO

BU/14A/LAW/1108

BEING A LONG ESSAY SUBMITTED TO THE FACULTY OF LAW, BAZE

UNIVERSITY, ABUJA IN PARTIAL FULFILMENT OF THE REQUIREMNT FOR
THE AWARD OF THE BACHELOR OF LAW DEGREE LL.B (HONS)

APRIL, 2017

1
 Faculty of law Baze University, Solomon Oho, April 2017

CHAPTER ONE

GENERAL INTRODUCTION

The rate of cybercrime has gone up considerably in the last 10 years since the inception of the
internet and digital age.in Nigeria, the national security adviser (NSA) estimated the annual cost
of cybercrime to the country’s GDP is 0.08% which represents N 127 billion.1 There are various
kinds of acts which would constitute an offence in the newly promulgated cybercrime Act 2015
such as: unlawful access to computers, unlawful interceptions of communications, unauthorized
modification of data, misuse of data, system interference, intercepting electronic messages,
emails, e-money transfer, tampering with critical infrastructure, computer related fraud,
computer-related forgery, among others, as offenses that are punishable under the Act. Theft of
electronic devices, electronic signature, child pornography and related offences, racism and
xenophobic offences are also punishable under the Act. It also provided for cyber-stalking,
cybersquatting and cyber-terrorism as offences; there are actually many valid reasons for the
need of cybercrime laws in Nigeria. The study takes a subjective look at the attributes of
cybercrime laws and certain challenges the cybercrime act and laws face such as: what
constitutes a cyber-crime, who do you call when a cybercrime occurs, who enforces this act-the
police or a special force, and how prepared are these officials?. It also takes a subjective look at
certain controversial provisions of the cybercrime act of 2015 which are: cybercrime act and
the registration of cybercafés, mandatory winding up and forfeiture of assets, lawful
interception of communication, cyber security fund, cancellation of international
passports.
During the course of this research, reference and credit would be given to each author that
his or her work is used in this research to add to existing
This research work would raise certain contentious issues with the provisions of the cyber-
crime act 2015, the enforcement mechanisms, officers, and how competent these officers are in
combatting cyber-crime in Nigeria. It would also look at the scope, the significance, and research
methodology used.

1
Iroegbu, ‘Nigeria Loses over N127 bn annually through cybercrimes’ This Day Live (Lagos 2016)
<http://www.thisdaylive.com/index.php/2016/04/19/nigeria-loses-over-n127bn-annually-through-cybercrime/ >
accessed 04 January 2017

2
 Faculty of law Baze University, Solomon Oho, April 2017

1.1. BACKGROUND OF THE STUDY

Humans over the past years and decades have evolved from one stage to another stage in life,
always coming up with different and better ways in carrying out their activities or daily life
which they refer to as development. This can be traced back to the Stone Age down to the
renaissance-the industrial revolution or the Iron Age.2 Humanity has passed through three (3)
major stages of evolution which are; the hunter-gatherer, agricultural, and technological stage.3

Human developments or improvements in information and communication technology (ICT)

has led to the information being represented into electronic or digital format which has led to the
rapid demand of free, open and global access to information by its users.

However, this shift from the ancient or traditional means of information communication has
now provided a platform for criminal activities on the internet coupled with the fact that laptops,
computers, and internet connectivity is becoming more affordable to the populace. Ever since
the inception of the internet and Nigeria’s participation in this global phenomenon, there has
been a rapid increase in the amount of crimes being committed on the internet through the use of
various platforms such as Social media, emails, dating websites, online stores, Mobile Banking,
Trade and service websites, and social engineering. The society over the past years have become
more increasingly dependent on new information technology to carry out businesses through
online services such as; Jumia, Konga, Wakanow, E-bay, Amazon and Alibaba, manage
industrial activities, engage in personal communication through social media sites such as
Facebook, Snapchat, WhatsApp, Pinetrest, Badoo, Tinder, Twitter, LinkedIn and many others.
These technologies and information allow for enormous gain and efficiency, productivity and
other benefits they create a vulnerability to those who wish to take an advantage of the system
and new situations.4

Cyber-crime is now prevalent in the Nigerian society, of which the most common is fraud.
this is as a result of the high rate of unemployment and other social factors which keep the

2
Laurence Evans , ecotoa.com, ‘Civilization: Modern Cultures,’ (2008),
<http://www.ecotao.com/holism/hu_mod.htm > accessed 04 January 2017
3
Ibid1
4
Martins, MartinsLibrary.blogspot.com, ‘General introduction to cyber-Crime effects in Nigerian sector,’ (N.D) <
http://martinslibrary.blogspot.com.ng/2013/08/general-introduction-to-cyber-crime.html >accessed 04 January
2017

3
 Faculty of law Baze University, Solomon Oho, April 2017

youths among the Nigerian population Idle coupled with the ‘Get Rich Quick syndrome’. This
makes the youth explore their skills in the cyber world and how they can benefit from it and not
be caught knowing that there are no proper enforcement mechanisms put in place in Nigeria.

The cyber-crime Act, 2015 is yet the most recent form of legislation combatting cyber-crimes
in Nigeria and this study aims to analyze the key provisions of this Act, the contentious
provisions, as well as to provide possible solutions and recommendations to combatting these
cyber-crime issues in Nigeria. The study would also bring to light the various kinds of cyber-
crime perpetrators, their mechanisms, and tools.5

1.2. STATEMENT OF PROBLEM

This research work will trace the history and uprising of cybercrimes such as ATM Fraud,
piracy, hacking, email Scams etc. its effect on the Nigerian economy, its effect on Nigeria’s
reputation in the global international system, the harsh effect of the cyber-crime act 2015 on
cyber cafes operating in Nigeria, the cyber security fund; its use and management. The study
takes a subjective look at the attributes of cybercrime laws and certain challenges the cybercrime
act and laws face such as: what constitutes a cyber-crime, who do you call when a cybercrime
occurs, who enforces this act-the police or a special force, and how prepared are these officials?

1.3. OBJECTIVES

The principal purpose of this study is to evaluate the cybercrime law in Nigeria with the main
focus being the recently enacted Cyber-crime Act 2015 for the regulation of cybercrime
activities in Nigeria. The study takes a subjective look at the attributes of cybercrime laws and
certain challenges the cybercrime act and laws face such as: what constitutes a cyber-crime, who
do you call when a cybercrime occurs, who enforces this act-the police or a special force, and
how prepared are these officials?. Further analysis will amongst other things:

 Discuss the Nature and Types of Cybercrime;

 Assess the controversial provisions of the cybercrime Act 2015;
 Examine and analyze key provisions of the Cybercrime Act 2015;

5
Nigerian Cybercrime (Prohibition and prevention) Act 2015

4
 Faculty of law Baze University, Solomon Oho, April 2017

 Suggest and recommend effective ways and methods on how cyber-crimes can be tackled in
Nigeria.
1.4. SCOPE OF STUDY

This research work will focus on the present and future problems of cybercrime. The scope
of this study or work includes but is not limited to; an overview of the cyber-crimes in Nigeria,
the recently enacted cybercrime act 2015. An attempt would be made to analyze the cyber-crime
Act 2015 and the international perspective and cooperation relating to the cyber-crime act 2015.

1.5. SIGNIFICANCE OF THE STUDY

The significance of this study cannot be overemphasized. This is because this study would be
of benefit to every internet user or subscriber; those who constantly carry out business,
educational, Cyber cafés and financial transaction activities on the internet. The study is aimed
at analyzing the recently enacted legislation on cyber-crime laws along with its shortcomings and
challenges in combatting cyber-crime activities in Nigeria. The government, law and policy
makers would also find this study very useful and handy as they attempt to come up with feasible
and effective solutions to this rising issue of cyber-crime in Nigeria. Similarly, this work would
further support law enforcement agencies with their aim to stopping cyber-crimes by giving
suggestions and recommendations on ways in which they can enforce and equip themselves to be
ready to combat cyber-crimes in Nigeria. This study would also help Law researchers and even
those in related discipline in their future research.

1.6. RESEARCH METHODOLOGY

During the course of this research, the doctrinal research method would be relied on for this
research work. The research will combine both primary and secondary sources of materials.
The relevant statutes and case laws would be consulted to assist in this research work.

The nature of this study also demands that much reliance will be placed on online materials,
textbooks, journals, and articles written in this area.

1.7. LITERATURE REVIEW

 What is Crime?
With the aim of understanding and finding out the true meaning of cybercrime and its laws in
Nigeria, the definition, elements and scope of crime would be evaluated.

5
 Faculty of law Baze University, Solomon Oho, April 2017

Sir Carleton Allen writes;

“Crime is a crime because it consists in wrongdoing which directly and in serious degree
threatens the security or wellbeing of the society.”6
This definition by Sir Allen explains why certain acts have been made crimes by the judicial
decision or the legislative arm. These acts that have been made crimes do not necessarily reflect
the present state of affairs. Meaning that a crime may remain a crime long after that act or crime
no longer threatens the public or society. Hence Allen’s view describes to us what he thinks
ought to be criminal than what is criminal.7
Some crimes however, may also be civil wrongs or torts such as theft, or criminal damage for
which the affected individual may claim damages and compensation.8
A crime is any act or omission that violates a law which results in a punishment. Punishments can
range from the payment of a fine to incarceration in jail. The level of the offense or crime will
usually be set in proportion to the severity of the crime.9
Kadish defines crime as any act or omission to act which is prohibited by law enacted for the
protection of the public at large and the judiciary is to punish the doer of a crime if found guilty of
the offence as initiated by the prosecution attorney of the state. Kadish distinguishes between a
“public crime” to be a public wrong whereas a private crime is a “civil wrong” and tort to an
individual.10
 ELEMENTS OF CRIME;

Preliminary element; before the state can attempt to prove that the defendant is guilty of the
alleged crime, they must first determine (i) that there has been an occurrence of some injury
which constitutes a crime, and (ii) that somebody’s criminal act is responsible for the injury. In a
cybercrime case, the state would have to prove that there was an injury arising from the
cybercrime act and that such cybercrime act was carried out by the defendant.11

6
CK Allen, the Nature of a Crime in Legal Duties (Oxford: Clarendon, 1931)
7
Smith and Hogan’s Criminal Law (David Ormerod, 13th edition, 2011)
8
, Business insider, Definition of Crime (N.D), <http://www.businessdictionary.com/definition/crime.html >
Accessed 04 January 2017
9
Legal Free Advice.com, Criminal Law, (N.D), <http://criminal-law.freeadvice.com/criminal-law/criminal-
law/crime_law.htm> Accessed 04 January 2017
10
Kadish, Criminal Law: Adaptable to courses using materials (Legalines Eight Edition 2010)
11
Ibid 10

6
 Faculty of law Baze University, Solomon Oho, April 2017

There are two(2) elements that are necessary for the prosecution to prove during a criminal trial
in order for the alleged criminal to be guilty These elements are known as the ‘Actus Reus’-an
act (a Prohibited conduct), and the ‘Mens rea’ –this is the mental element of a guilty mind or
intention. For example, if a person intentionally and without lawful excuse (such as self-
defense) strikes another which leads to his harm or death, The prohibited conduct is the striking
and the mental element, or guilty mind, is the intention to strike/hurt/injure.12 'Actus reus'
translates as “to do an act" from Latin, i.e. the occurrence of the criminal act or an unlawful
omission of an act. It is the act which, in combination with mens rea constitutes a crime. For
example, the crime of theft requires physically taking something (the actus reus) coupled with
the intent to permanently deprive the owner of the object (the mens rea).the act of a
cybercriminal deceiving another on the internet to transfer certain amount of money for false
reasons or under false pretenses which would amount to a criminal act of fraud.

'Mens rea' translates as 'to have in mind" from Latin. It is an important element of any crime
because it relates to the need to determine whether the defendant held the sufficient state of mind
to have the intent to commit the particular crime in question with the ‘guilty mind’. - 1)
According to the Hyam v DPP13 case it relates to the idea that there is sufficient “criminal
intention". Sweet v. Parsley14 case illustrates that mens rea is required when the offence is a true
crime as oppose to a normative offence.15

Furthermore, there are two additional elements which are needed to prove and these are;
Causation, and Social Harm16

Causation basically just means that the prohibited act committed caused or resulted to the end
harm.

In proving social harm, The State must prove that the defendant performed a physical act that
caused social harm with the intent to bring about that harm.

12
Legal Services Commission of South Australia ,’Elements of Crime,’ (N.D),
http://www.lawhandbook.sa.gov.au/ch12s03.php Accessed 05 January 2017
13
Hyam ‘v’ DPP [1955] AC 55
14
Sweet ‘v’ Parsley [1970] AC 132
15
Law Teacher, ‘Outline the basic elements of crime,’ (N.D),< https://www.lawteacher.net/free-law-
essays/business-law/outline-the-basic-elements-of-crime-law-essays.php >Accessed 05 January 2017
16
R.J Reeves, ’what are the basic elements of crime?,’ (2013), <http://www.mecklenburgdwi.com/what-are-the-
basic-elements-of-a-crime/ >Accessed 05 January 2017

7
 Faculty of law Baze University, Solomon Oho, April 2017

 What is Cybercrime?

There is no definite or generally acceptable definition of ‘cybercrime’ under the Nigerian law
because cybercrime is a new and emerging field of criminal law which has recently been brought
to light in the judicial system. There is little difference with what crime is and what cybercrime
is, the major difference is the scope and the platform which cybercrime activities are carried out.

The word cybercrime is popularly used to describe the criminal activities related to cyberspace or
the cyber world. Furthermore, the word cybercrime could be defined as any crime that involves
computer and networks, including crimes that do not heavily rely on computers and most times
the computer is either a tool or a target or both.17 Therefore, cybercrime covers offences
involving cyberspace, computers and other electronic information storage devices, such as data
interference, illegal interception, illegal access and the misuse of devices.18

There has also been contention from various legal scholars that cybercrimes are old crimes via
the computer. That is, the cybercrime offences are known to our statutes but are now promoted
and carried out through the use of computers. However, in committing them, the digital media is
used as an alternative instrument.

According to Chukkol, it has been rightly observed that computers or related electronic medium
like mobile phones may play a part in the commission of nearly every form of criminal activity
for which penalties already exist under the existing statutes like the penal code law, the criminal
code Act, Economic and Financial Crimes Commission Act.19

However, there is still need for a separate legislation on cybercrime with the aim of combatting,
punishing, and deterring cyber criminals hence the Cybercrime Act, 2015. The foundation of
criminal law in Nigeria’s legal system is that a person cannot be convicted for an offence that is
not provided for in any criminal statute, legislation or enactment. Also the existing Penal code
and criminal Act in Nigeria cannot be adequate or efficient in dealing with such cybercrime
offences. The existing laws on crime in Nigeria did not address areas or envision issues like the
jurisdiction- what happens when a cybercrime is committed outside Nigeria by a Nigerian? Who
17
Olowu D, ‘Cybercrimes and the boundaries of domestic legal responses’ case for an inclusionary framework for
Africa, journal of information, law and technology (JILT),’(N.D), <http://go.Warwick.ac.uk/jilt/20091/olowu >
Accessed 05 January 2017
18
K.S. Chukkol, The Law of Crimes in Nigeria ( Ahmadu Bello University Press ltd, Revised edition 2010)
19
Ibid

8
 Faculty of law Baze University, Solomon Oho, April 2017

exercises jurisdiction? What courts have the jurisdiction to entertain the matter? The issue of
evidence and investigation are also areas that need to be addressed. That is why there is a need
for new Laws or enactments addressing these issues.

 Categories of Cybercrime

Cybercrime against Persons;

Cybercrime committed against persons or individuals would include acts such as broadcast of
child pornography, harassment of a person through any electronic device or internet, cyber
bullying, fraud, and sending of viruses and DDOS. Cybercrime against persons can also be
looked from the angle of a violation of a right to privacy of citizens online.20

Cybercrime against Property;

The cybercrimes against property is one which is a notorious occurrence in the Nigerian
cyberspace with acts such as intellectual property crimes (software piracy, theft of computer
source code, infringement of copyright, patent, and trademark), cybersquatting, and cyber
vandalism, spreading of viruses, cyber trespass and hacking.

Cybercrimes against government

The growth of the internet has led to various crimes and cyber terrorism with the aim of
compromising the national security of a government to gain unauthorized access to their data and
cause a number of other damages e.g. Wiki Leaks who illegally authorized files from the
American government threatening to release them to the media.

Cybercrimes against the society;

Any unlawful act done with the intention of causing harm to the cyberspace or society at large,
the cyber space can been used to carry out physical attacks on individuals and the society.21

20
Harpreet Singh Dalla,‘Cyber-crime-a threat to persons, property, government, and societies’ [2013] (3) (5)
International journal of advanced research in computer science and software engineering; 997
21
Ibid

9
 Faculty of law Baze University, Solomon Oho, April 2017

CHAPTER TWO

HISTORICAL BACKGROUND OF CYBER-CRIME

2.1. THE UNITED KINGDOM
The very first example of a computer being used “hack” was the Enigma Machine created by a
certain Alan Turing, the godfather of modern day computer science. The first large scale attacks
were first seen in 1989 when $70 million was stolen from the First National Bank of Chicago.22
This shocked the world and triggered the Computer Misuse Act 1990 to be passed as law in the
UK. The act criminalized any unauthorized access to computer systems and was a big step in
attempting to halt cybercrime.

In more recent years, cybercrime has posed a massive threat to national security, with groups like
Anonymous and Lizard Squad becoming more and more powerful. As cybercrime becomes more
of an issue many organizations seek to protect themselves using courses to train employees in the
very real risks of the online world.23

In the U.K, cybercrime has risen in prominence and is still difficult to measure and this led to the
officer of national statistics to conduct a survey in England and Wales asking people about their
personal experience with fraud, viruses, and online crime. From the response given, the Officer
of National Statistics estimated that there were 5.6 million fraudulent activities and computer
misuse crimes. The figures display that bank account fraud, for example Phishing, was the most
24
common type of online crime with 2.4 million instances in the year 2016 to June. Victims of
these cybercrimes were unlikely to report the incident to the authorities, only a very few made it
to the special force created for battling cybercrime in the U.K known as ‘Action Fraud25

22
FNBC
23
Focus Training, , ‘The Secret History of Cyber-Crime’ information Security, (2015)
<http://www.informationsecuritybuzz.com/articles/the-secret-history-of-cyber-crime/ > 05 January 2017
24
Patrick Scott, ‘How much of a problem is cybercrime in the U.K’ The Telegraph (2016)
<http://www.telegraph.co.uk/news/2016/11/01/how-much-of-a-problem-is-cyber-crime-in-the-uk/ >Accessed 06
January 2017
25
Ibid6

10
 Faculty of law Baze University, Solomon Oho, April 2017

In the U.K there are various kinds of cybercrime activities that take place and affect both the
consumers and businesses such as26;

Consumers

 Phishing: bogus emails asking for security information and personal details

 Webcam manager: where criminals takeover your webcam

 File hijacker: where criminals hijack files and hold them to ransom

 Key logging: where criminals record what you type on your keyboard

 Screenshot manager: allows criminals take screenshots of your computer screen

 Ad clicker: allows a criminal to direct a victim’s computer to click a specific link

Business

1. Hacking

2. Distributed Denial of Service (DDOS) attacks

Micro Trend in 2011 highlighted some major cybercriminal threats which U.K businesses
should not only be aware of but should also take steps to protect and prevent these cybercrime
breaches. These include;

 Business Email Compromise schemes, where hackers typically target companies that work
with foreign partners and take part in wire transfers on a consistent basis. Here, executives' email
accounts are compromised and then leveraged to encourage other employees to send
considerable amounts of money to hackers' foreign accounts via the previously mentioned wire
transfers.
 Distributed denial of service, or DDoS, attacks, where a company's website is bombarded by
network traffic originating from hackers. The aim here is to over exceed the website's supporting
capacity, significantly slowing the platform's performance or making it completely unavailable.
This prevents clients and customers from reaching the business via its online resources.
 Ransom ware is also a main pain point in the U.K., where important files are locked via
encryption, and a ransom is demanded by cyber criminals in return for the decryption key. These

26
National Crime Agency, ‘Cyber Crime’, (N.D),< http://www.nationalcrimeagency.gov.uk/crime-threats/cyber-
crime> Accessed 06 January 2017

11
 Faculty of law Baze University, Solomon Oho, April 2017

types of attacks have become a rising threat to the world, and can be incredibly dangerous,
particularly in the enterprise sector.27In 2015, making it larger than all other kinds of crime. The
U.K government vowed to look at new ways to protect businesses and make the UK more
resilient to cyber-attacks and crime.
2.1.1. LAWS ON CYBER CRIME IN THE UNITED KINGDOM

The Computer Misuse Act 1990 (CMA 1990)28 was introduced in August 1990 following a
Law Commission report surrounding computer misuse which found that the UK was trailing
behind many EU member states in relation to technological development.29

The Computer Misuse Act introduced three new offences into the U.K criminal Law,

 unauthorized access to computer material;

The basic notion of hacking – whereby an individual causes a computer to perform a function
when at the time he intends to access a program or data held in a computer – is covered by the
offence of unauthorized access to computer material (s 1, CMA 1990).

Does an individual have to know that his accessing the computer material is unauthorized?

The most important thing for the offence to take place, access to the computer material has to be
unauthorized and the individual gaining access has to be aware that his access is unauthorized.30

 unauthorized access with intent to commit a further offence;

s. 2 of CMA 199031 provides for the penalty of unauthorized access to computer material with
the intent to commit or facilitate the commission of further offences. The basis notion is that
someone guilty of an offence under s 1 of CMA 1990 will have further criminal sanctions

27
C. Budd, TrendMicro.com, ‘The state of cybercrime in the U.K’, (2016), <http://blog.trendmicro.com/the-state-
of-cyber-crime-in-the-u-k/ >accessed 06 January 2017
28
The computer misuse Act 1990
29
inbrief.com , ‘The Hacking of computers and the criminal law’, (N.D),
<http://www.inbrief.co.uk/offences/hacking-of-computers/ > accessed 06 January 2017
30
Ibid
31
CMA 1990

12
 Faculty of law Baze University, Solomon Oho, April 2017

imposed on him if this is done with the intention to commit or facilitate the commission of
further offences.

Further offences under s 2 are those which have a sentence fixed by law or where an individual
found guilty of that offence would be liable for a term of imprisonment of five years or more.32

Examples of further offences may be:

1. fraud under the Fraud Act

2. forgery or counterfeiting under the Forgery and Counterfeiting Act 1981;

3. theft under the Theft Act 1968;

4. criminal damage under the criminal damage Act 1971;

 Unauthorized acts with intent to impair, or with recklessness as to impairing,

operation of computer, etc. (as amended by the Police and Justice Act 2006);

S.3 of CMA 1990 was amended by the Police and Justice Act 2006. Its aim was to tackle
computer viruses and denial of service attacks, which can have devastating effects on the
organizations targeted. The offence does not have to be against a particular computer, program or
data and is committed even if, for example, the denial of service is only temporary.33

OTHER AMENDMENTS TO THE CMA 1990

Subsequently, The Serious Crime Act 2015 added a new offence (s 3ZA) of ‘unauthorized
acts causing, or creating risk of, serious damage’. The territorial scope of computer misuse was
also extended, meaning that a UK national is still committing an offence if the computer misuse
happened outside the UK, as long as it was also illegal in the country where the hacking took
place.34

PENALTIES UNDER THE CMA 1990

32
Ibid13
33
The Police and Justice Act 2006, chapter 48 in force on October 1st 2008
34
The serious Crime Act 2015; The Computer Misuse Act 1990

13
 Faculty of law Baze University, Solomon Oho, April 2017

Penalties for offences under CMA 1990 range from two years’ imprisonment and/or a fine for
unauthorized access to computer material; up to five years and/or a fine for unauthorized access
with intent to commit or facilitate commission of further offences; up to 10 years and/or a fine
for unauthorized modification of computer material; and imprisonment for life and/or a fine for
breach of s 3ZA.35

The Computer Misuse Act 1990 has been amended to make sure that hackers that launch serious
attacks, such as those on critical infrastructure, could face life imprisonment. 36

The amendment also aims to implement the EU Directive on Attack against information systems;
the bill now makes it an offence for individuals to obtain tools such as malware with the
intention to commit cybercrime personally.

Furthermore there is a provision to extend the jurisdiction of UK law enforcement to allow it to

take action against UK citizens committing cybercrime offences while physically outside of the
UK on nationality alone.37

The changes are intended to ensure legislation is up to date and so bring offenders to justice and
prevent individuals from committing cyber offences, thus reduce the threat and impact of cyber-
crime. In September 2020 there would be a review. A government assessment says the number
of new prosecutions are likely to be ‘negligible' (there were only two prosecutions in England
and Wales under s. 3A of the Computer Misuse Act over the past three years) so it is assumed
the law will be used to target serious crime and not low level hackers.38

Without the new amendment made to the Computer misuse Act 1990, the law enforcement
agencies would not have the necessary powers or authority to intervene early enough to prevent
potential criminal damage resulting from cybercrime activities.

35
The CMA 1990, 3ZA
36
, O.Solon, ‘U.K Law introduces life sentence for cyber criminals’ Wired.com (2014),
<http://www.wired.co.uk/article/cybercrime-bill-life-sentence > accessed 06 January 2017
37
Ibid
38
Sc Staff, , ‘New Laws Include Life sentence and Hanging for cybercrime’ U.K Magazine (London, 2015),
<https://www.scmagazineuk.com/new-laws-include-life-sentence-and-hanging-for-cyber-crime/article/537371/
>accessed 07 January 2017

14
 Faculty of law Baze University, Solomon Oho, April 2017

2.1.2. OTHER LEGISLATION DEALING WITH CYBERCRIME

The Terrorism Act 2000;

When the Terrorism Act 2000 (TA 2000)39 first came into force it made the threat of or use of
computer hacking a potential act of terrorism.

The use or threat of an action designed seriously to interfere with or seriously to disrupt an
electronic system will be a terrorist action under TA 2000 only if both of the following
conditions are satisfied:

1. It is designed to influence the government or to intimidate the public or a section of the

public.

2. It is made for the purpose of advancing a political, religious or ideological cause.

TA 2000 does not, however, make for additional penalties for hackers who would be punished
under the existing laws of CMA 1990

2.2. THE UNITED STATES OF AMERICA

The FBI is the lead federal agency for investigating cyber-attacks by criminals, overseas
adversaries, and terrorists.40 In the United States, one of the earliest acts of cybercrime came in
the form of Hacking and the term is used to describe the activity of modifying a product or
procedure to alter its normal function, or to fix a problem. The term purportedly originated in the
1960s, when it was used to describe the activities of certain MIT model train enthusiasts who
modified the operation of their model trains. They discovered ways to change certain functions
without re-engineering the entire device.41

39
Terrorism Act 2000
40
FBI, ‘Cybercrime, What we Investigate’, (N.D),< https://www.fbi.gov/investigate/cyber > Accessed 07 January
2017
41
Florida Tech Online ‘A Brief History of Cybercrime’, (N.D),
<https://www.floridatechonline.com/blog/information-technology/a-brief-history-of-cyber-crime/ >accessed 07
January 2017

15
 Faculty of law Baze University, Solomon Oho, April 2017

These curious individuals went on to work with early computer systems where they applied their
curiosity and resourcefulness to learning and changing the computer code that was used in early
programs. Some of their hacks became so successful they outlived the original product, such as
the UNIX operating system, developed as a hack by Dennis Ritchie and Keith Thompson of Bell
Labs. To the general public a “hack” became known as a clever way to fix a problem with a
product, or an easy way to improve its function.

The malicious association with hacking became evident in the 1970swhen early computerized
phone systems became a target. Technologically savvy individuals, called “phreakers”
discovered the correct codes and tones that would result in free long distance service. They
impersonated operators, dug through Bell Telephone company garbage to find secret
information, and performed countless experiments on early telephone hardware in order to learn
how to exploit the system. They were hackers in every sense of the word, using their
resourcefulness to modify hardware and software to steal long distance telephone time. This
innovative type of crime was a difficult issue for law enforcement, due in part to lack of
legislation to aid in criminal prosecution, and a shortage of investigators skilled in the
technology that was being hacked. It was clear that computer systems were open to criminal
activity, and as more complex communications became available to the consumer, more
opportunities for cybercrime developed.42

One of the first high-profile hacking attacks committed in 1983, by an American student and one
of the most famous in the future hacker Kevin Mitnick. Using one of the university computers,
he entered into a global network ARPANet, an Internet precursor, and get into the Pentagon
computers. He had access to all the files of the Ministry of Defense. Mitnick was arrested right
on campus. He was convicted and served his first real sentence after spending six months in a
correctional center for young people.

42
FBI, ‘Cybercrime, What we Investigate’, (N.D), <https://www.fbi.gov/investigate/cyber >accessed 08 January
2017

16
 Faculty of law Baze University, Solomon Oho, April 2017

Ransom ware;

In a ransom ware attack, victims—upon seeing an e-mail addressed to them—will open it and
may click on an attachment that appears legitimate, like an invoice or an electronic fax, but
which actually contains the malicious ransom ware code. Or the e-mail might contain a
legitimate-looking URL, but when a victim clicks on it, they are directed to a website that infects
their computer with malicious software.43

Once the infection is present, the malware begins encrypting files and folders on local drives,
any attached drives, backup drives, and potentially other computers on the same network that the
victim computer is attached to. Users and organizations are generally not aware they have been
infected until they can no longer access their data or until they begin to see computer messages
advising them of the attack and demands for a ransom payment in exchange for a decryption key.
These messages include instructions on how to pay the ransom, usually with bit coins because of
the anonymity this virtual currency provides.44

2.2.1. LAWS ON CYBERCRIME IN THE UNITED STATES

 THE COMPUTER FRAUD AND ABUSE ACT (CFAA);

In the United States of America given the system of government, Laws concerning computer
crimes have been enacted at the state and federal levels. In 1986, Congress passed the
Computer Fraud and Abuse Act (CFAA).45 This law has been amended and expanded as
internet technology has advanced, and it continues to form the basis for federal prosecutions of
computer-related criminal activities.46

Moreover, the very first legislation on a federal level regarding computer crime was the
Counterfeit Access Device and Computer Fraud and Abuse Act in 1984. This Act made
obtaining financial or credit information through a computer a crime. Before this Act was put in

43
Ibid24
44
essay.ws, ‘The History of Cybercrime essay’ , (N.D), <http://www.essay.ws/the-history-of-cyber-crimes-essay/>
Accessed 08 January 2017
45
The Computer Fraud and Abuse Act 1986
46
HG.org Legal Resources, ‘Computer Crime Law’, (N.D),< http://www.hg.org/computer-crime.html > Accessed 08
January 2017

17
 Faculty of law Baze University, Solomon Oho, April 2017

place, there was not much that could be done for computer fraud. Not only did this Act help fight
against computer fraud, but it also acted against the use of computers as a means of inflicting
damage on other computing systems. Note that this was a Federal Act, and about half of the
states passed similar statutes for greater enforcement. It was around this time in 1984 that there
was an organized effort to try to define what exactly constitutes "computer crime."47

The Computer Fraud and Abuse Act (CFAA) [18 U.S.C. s.1030]48 makes it illegal for anyone
to distribute computer code or place it in the stream of commerce if they intend to cause either
damage or economic loss. The CFAA focuses on a code's damage to computer systems and the
attendant economic losses, and it provides criminal penalties for either knowingly or recklessly
releasing a computer virus into computers used in interstate commerce. Someone convicted
under the CFAA could face a prison sentence as long as 20 years and a fine of up to $250,000.
Hence, the development and possession of harmful computer code would not amount to a
criminal act, however using the code can amount to a criminal Act.49 Each major subsection of
the CFAA is intended to explain a particular aspect of computer crime. In simple terms, the
CFAA prohibits:

 Accessing a computer without authorization and subsequently transmitting classified

government information. [Ss 1030(a) (1)];
 theft of financial information [Ss 1030(a) (2)];
 accessing a "protected computer," which the courts have recently interpreted as being any
computer connected to the internet, even if the intruder obtains no data [Ss1030(a) (3)];
 computer fraud [Ss 1030(a) (4)];
 transmitting code that causes damage to a computer system [Ss 1030(a) (5)];
 trafficking in computer passwords for the purpose of affecting interstate commerce or a
government computer [Ss 1030(a)(6)];
 Computer extortion [Ss 1030(a) (7)].

47
Psu.edu, ‘History of Computer Crime’, (N.D),
<http://www.personal.psu.edu/users/j/m/jms6423/Engproj/History%20of%20Computer%20Crime.xhtml
>Accessed 08 January 2017
48
CFAA 1986, [18 U.S.C. Section 1030]
49
Frontline, ‘Computer Crime Laws’ (N.D),
<http://www.pbs.org/wgbh/pages/frontline/shows/hackers/blame/crimelaws.html > Accessed 08 January 2017

18
 Faculty of law Baze University, Solomon Oho, April 2017

One of the most prominent events in the history of computer crime was the terrorist attack of
September 11, 2001. Though this attack was not directly related to computer crime, it led to the
creation of the Uniting and Strengthening America by Providing Appropriate Tools Required to
intercept and Obstruct Terrorism Act--the USA PATRIOT Act. This Act gave government
agencies an increased ability to crack down on computer crime in the name of intercepting and
obstructing terrorism.50

A new Act, known as the Cyber security Act of 2012, has been proposed. This Act would allow
the Homeland Security Department to work with organizations to develop security standards.51

 NATIONAL INFORMATION INFRASTRUCTURE PROTECTION ACT OF

1996;

When the CFAA was enacted in 198452 (as the Counterfeit Access Device and Computer Fraud
and Abuse Act), it applied only to federal government computers and computers owned by large
financial institutions. It was designed simply to give the Secret Service the jurisdiction to
conduct investigations into computer crime.

The National Information Infrastructure Protection Act,53 which was signed into law by then-
President Clinton in 1996, significantly amended the CFAA. Its definition of a "protected
computer" was expanded to effectively cover any computer connected to the internet.

2.2.2. OTHER FEDERAL LEGISLATION DEALING WITH CYBERCRIME

There are other laws in the federal statutes that have been applied to hacker cases. These laws
aren't designed specifically to counter computer crime, but have been applied to certain cases
when existing law has proved inadequate in scope:

 Economic Espionage Act;

50
Ibid
51
United states Code, Title 18 Crimes and Criminal Procedure-Part I Crimes-Chapter 47-Fraud and False
Statements-Section 1030 Fraud and related activity in connection with computers
<http://www.cybercrimelaw.net/US.html >Accessed 08 January 2017
52
The Counterfeit Access Device and Computer Fraud and Abuse Act 1984
53
The National Information Infrastructure Protection Act 1996

19
 Faculty of law Baze University, Solomon Oho, April 2017

Enacted in 1996, the Economic Espionage Act (EEA)54 has both domestic and international
components and condemns foreign espionage as well as theft of trade secrets. It has been used to
prosecute industrial espionage through traditional means as well as the newer electronic pilfering
methods. In essence, the EEA makes it a federal crime to take, download, receive, or possess
trade secret information obtained without the owner's authorization.

 Wired Fraud Act;

The Wire Fraud Act makes it illegal to use interstate wire communications systems, which
ostensibly includes the internet, to commit a fraud to obtain money or property. In addition,
computer-aided theft involving the use of interstate wires or mails is considered criminal.55

 Identity Theft and Assumption Deterrence Act;

The Identity Theft and Assumption Deterrence Act (ITADA) [18 U.S.C. Section 1028(a) (7)]56
was passed by Congress in 1998. It criminalizes identity theft and allows courts to assess the
losses suffered by individual consumers. According to the act, identity theft is defined as
follows:

“Whoever knowingly transfers or uses, without lawful authority, a means of

identification of another person with the intent to commit, or otherwise promote, carry
on, or facilitate any unlawful activity that constitutes a violation of federal law”

Therefore, anyone who steals any name or number that may be used to identify a specific
individual is committing a federal crime and may be forced to pay damages. While the CFAA
covers certain aspects of identity theft, the ITADA addresses restitution and relief for the
victims.57

54
The Economic Espionage Act 1996
55
National Conference of State Legislature, ‘Computer Crime Statutes’, (2016)
<http://www.ncsl.org/research/telecommunications-and-information-technology/computer-hacking-and-
unauthorized-access-laws.aspx >Accessed 09 January 2017
56
The Identity Theft and Assumption deterrence Act 1998, Section 1028(a) (7)
57
Ibid

20
 Faculty of law Baze University, Solomon Oho, April 2017

According to a March 1999 study in Information & Communications Technology Law, 33

states have enacted their own laws to combat computer crime, while 11 more have laws pending
in state legislatures. The laws from state to state vary widely in structure and wording, but not in
intent. Almost all of the present state laws criminalize the unauthorized access to or use of
computers and databases, using a computer as an instrument of fraud, and known and foreseeable
acts of computer sabotage.

By nature, however, state laws are limited in scope. While most law enforcement has historically
been left to the states, states are ill-equipped to deal with the extraterritoriality of computer
crime. State law enforcement agencies cannot execute search warrants, subpoena witnesses, or
make arrests beyond their own borders. Yet computer crimes are hardly ever confined to a
specific locality.58

2.3. THE FEDERAL REPUBLIC OF NIGERIA

Nigeria is one of the fastest growing countries in West Africa and it embraces the use and
services of information technology devices such as computers, telephones, ATM, and the
internet (World Wide Web). These are all aspects of information technology and were invented
for the development and improvement of society to bring about positive change in the country’s
economy and the living standard of its citizens or inhabitants. Thus banks, schools, hospitals,
law enforcement agencies and the general public rely on services provided by the use of
computers internet and other related ICT devices. However, there have been consequences and
vulnerability which other users with criminal intentions to carry out criminal activities tend to
explore and take advantage of the vast personal and public information stored and shared on the
internet. This is not a problem that exists only to Nigeria but to other countries around the world
who have integrated the Information technology into their system. Nigeria has recently been
experiencing a high rate of cyber-criminal activities which has done more than enough damage
to its reputation as a nation state in the international scene via computer, ATM, Mobile Phones,
and other electronic related devices.59 For example in 2009, Sony PlayStation Company released
a commercial advertisement undermining and associating Nigerians with cybercriminal activities

58
Hacker Law, ‘U.S Hacking Laws-Hacking’, (N.D), <http://www.hackerlaw.org/?page_id=55 >Accessed 09 January
2017
59
K.S. Chukkol, The Law of Crimes in Nigeria ( Ahmadu Bello University Press ltd, Revised edition 2010)

21
 Faculty of law Baze University, Solomon Oho, April 2017

and bad business ethics. The Nigerian Minister of information and communications Dr. Dora
Akunyili released a formal statement denouncing and expressing Nigeria’s dislike for the
comments made during the advert.60

Crimes committed by a person or group of persons via Cyber space and computers are cyber-
crimes or computer crimes. They include; fraud, Identity theft, DDOS attack, Hacking,
distribution of viruses, and credit card fraud. The EFCC in 2015 arraigned three (3) youth
Coppers in the Federal High court in Enugu for the offences bordering on obtaining by false
pretense and Advance fee fraud.61 However, cybercrimes have been tackled by some legislation
to a large extent in Nigeria with the enactment of the cybercrime Act of 2015 which now
provides, and prescribes punishment for the cyber criminals

60
ChidiSan ‘Nigerian Government reacts to Sony's PlayStation 3 Ad’, (2009),
<http://www.gistmania.com/talk/topic,20428.0.html > Accessed 10 January 2017
61
Economic and Financial Crimes Commission (Establishment ) Act, LFN 2002

22
 Faculty of law Baze University, Solomon Oho, April 2017

or offenders. The existing penal and criminal codes do not have direct and adequate provisions
on cybercrime.

2.3.1. LAWS ON CYBERCRIME IN NIGERIA

 THE COMPUTER SECURITY AND INFRASTRUCTURE BILL OF 2005

The bill is wide, extensive and covers a lot on issues relating to security of computer, systems
and networks, Protection of critical ICT infrastructures, investigation, and prosecution of online
crimes or crimes committed in the cyber space. The bill is divided into three parts; Part 1-the
enforcement and offences under the act with total number of 18 sections. Part 2- provides for
security and protection of critical information infrastructure and part 3- the general provision-
dealing with procedural and jurisdictional matters.62

The primary objective of the Computer Security and Infrastructure Bill of 2005;63

 Criminalize illegal conducts against ICT systems;

 Secure the use of ICT infrastructures and systems;

 Enhanced global collaboration in cybercrime enforcement;

 Criminalizes unlawful Access to computer with intent to commit or facilitate the

commission of further crimes;

 Criminalizing data forgery, computer fraud and identity theft;

 Criminalizing cyber piracy;

 CYBER-SECURITY ACT OF 2011

62
MartinsLibrary.com, ‘A critical review of the computer security and critical information infrastructure protection
bill 2005 as Nigerian specific cybercrime legislation’, (N.D) < http://martinslibrary.blogspot.com.ng/2015/03/a-
critical-review-of-computer-security.html > Accessed 10 February 2017
63
Ibid

23
 Faculty of law Baze University, Solomon Oho, April 2017

The cyber security Act of 2011 was more than a stepping stone for fight against cybercrime in
Nigeria as the Act was to cover and implement on new and rising areas such as a unified and
comprehensive legal framework, criminalizing specific computer related offences and
prescribing punishments for such acts, Arrests and warrants, and international cooperation in
prosecuting cyber criminals.64

Part I – General Objectives; deals with the scope of the Bill and its application. The objects and
scope of this Act are to provide an effective, unified and comprehensive legal framework for the
prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria;
Enhance cyber security and the protection of computer systems and networks, electronic
communications; data and computer programs, Intellectual property and privacy rights; The
provisions of this Act shall be enforced by law enforcement agencies in Nigeria to the extent of
an agency's statutory powers in relation to similar offences.

Part II – Offences & Penalties; This Part ( Sections 2 to 18) criminalizes specific computer and
computer related offences, which include: Unlawful access to a computer; Unauthorized
disclosure of access code; Data forgery; Computer fraud; System interference; Misuse of
devices; Denial of service; Identity theft and impersonation; Child Pornography; Records
Retention and Preservation; Unlawful Interception; Cybersquatting; Cyber- terrorism; Failure of
Service Providers to Perform certain Duties; Racist and xenophobic Offences; Attempt,
conspiracy and abetment; and Corporate Liability.

Part III – Critical Information Infrastructure Protection Part III provides for the security and
protection of critical information infrastructure. It further provides for the audit and inspection of
critical information infrastructure and punishment for offences against critical information
infrastructure.

Part IV – Search, Arrest and Prosecution ; this deals with issues such as jurisdiction, powers of
search and arrest, obstruction of law enforcement officers, prosecution, forfeiture of assets,
compounding of offences; payment of compensation; and the power to make regulations.

64
T.G George, ‘legislation on cybercrime in Nigeria: imperatives and challenges’, (N.D),
<http://www.ncc.gov.ng/documents/233-legislation-on-cybercrime-in-nigeria-imperatives-and-challenges/file >
Accessed 12 February 2017

24
 Faculty of law Baze University, Solomon Oho, April 2017

Part V--International Cooperation; Cybercrime and cyber security issues are not restricted by
geographical boundaries and legal jurisdictions but can only be checked through international
cooperation which is covered in Sections 29 to 34 of the Bill. The issues covered include:
Extradition; Mutual Assistance Requests; Expedited preservation of data, Evidence Pursuant to a
Request; and Form of Requests.

2.4. International legal Measures on Cyber crime

The Commonwealth, Model Law on computer and computer related crime

This is a model law on computer related crime developed by the commonwealth countries to
harmonize and unify their computer related criminal law with the convention of cybercrime.
This provides for the international cooperation of commonwealth states in dealing with
cybercrime related offences and devising new strategies and plans on tackling cybercrime. 65

The commonwealth model law serves as a set of principles which other commonwealth states
can adapt to its legal framework making it compatible with other states on issues such as arrests,
seizure, warrant, and jurisdictional issues. This further creates an opportunity for commonwealth
states to enhance cooperation in defense against terrorism and cyber-attacks.

The Draft African Union Convention on the Establishment of a Credible Legal Framework
for Cyber security in Africa

African states have been working towards common cyber security norms and regulations
through the African Union (AU) to adopt a new Convention on Cyber Security and Personal
Data Protection. This was criticized by the stakeholders who felt that the draft could lead to
usurpation of their fundamental human rights and infringement on their right to privacy.

Nonetheless, the provisions of the draft border on electronic commerce, personal data
protection, cybercrime with a special focus on racism, xenophobia, and child pornography

65
The Commonwealth, Model Law on computer and computer related crime (LMM(02)17) (Oct. 2002)

25
 Faculty of law Baze University, Solomon Oho, April 2017

and national cyber security. It also encourages member states to promote cyber security
education for information technology professionals and to add to their legal codes criminal
offences for hacking computer systems. This would make it legal for the enforcemen t
agencies or bodies to break into any system that poses a threat to any African nation’s cyber
security or at the verge of being compromised and doing so within the ambits of the law. 66

66
Ephraim Percy, ‘Africa moves towards a common cyber security legal framework’ Access now (02 June 2014)
<https://www.accessnow.org/africa-moves-towards-a-common-cyber-security-legal-framework/ > accessed 13
February 2017

26
 Faculty of law Baze University, Solomon Oho, April 2017

CHAPTER THREE

ANALYSIS OF THE KEY PROVISIONS OF THE RECENTLY ENACTED CYBER-

CRIME ACT, 2015

This chapter is mainly going to analyze the key provisions of the recently enacted cyber-crime
Act, 2015 which include;

 Section5 (1), (2), (3) which provides for the offences and penalty against critical national
information.
 Section 7 (1) which provides for registration of cyber-café
 Section 18 (1) which provides for cyber-terrorism
 Section 45 which provides for the power of arrest, search, and seizure
 Section 47 which provides for the prosecution of offences
 Section 48 (1), and (4) which provides for the order of forfeiture of assets

 Section 50 which provides for the jurisdiction of courts relating to cyber-crime in

Nigeria.

3.1. Offences and penalty against critical national information--Section 3 (1) and 5 (1), (2),
(3)

In view of the critical and damaging effect of cybercrimes on the state of security and financial
health of a nation, the cybercrime act in section 3(1) empowers the President on the
recommendation of the National Security Adviser designate by order published in the Federal
Gazette certain computer systems, networks and information infrastructure vital to the national
security of Nigeria as well as her economic and social being, as constituting Critical National
Infrastructure. By section 4 of the Act, the presidential order may require the office of the
National Security Adviser to audit and inspect any Critical National Information Infrastructure at
any time to ensure compliance with the provisions of the Act. Pursuant to the above, the Act
prescribes different penalties for any contravention of the provisions of the Act pertaining to
Critical National Information Infrastructure ranging from 10 years without option of fine, 15

27
 Faculty of law Baze University, Solomon Oho, April 2017

years without the option of fine to life imprisonment this is provided for in section 5 (1)(2)
and(3) of the Act.67

The cybercrime act attempted to cover a number of pressing issues on ground as it relates to
cybercrime in Nigeria and also considering the possible events of attacks on the national
information infrastructure as the security of a state and its information are always common
targets for cyber criminals. This allows the president to decide what computer systems or
networks would be detrimental to the security of the country and to also keep such computer and
network infrastructure under investigation and in custody of the national security adviser. It
empowers the state or country to take action over any network or computer infrastructure which
is likely to compromise the security of the nation. However, this could result to the government
having too much control which would lead to a violation of numbers of international and
domestic laws of human rights such as the international covenant on civil and political right
(ICCPR) in which Nigeria is a signatory to this covenant. 68 This focuses on right to privacy,
right to freedom of speech, expressions and religion as it is also enshrined in Chapter IV s33,
s34, s35, s37, s338, s39, of the 1999 constitution of the federal republic of Nigeria.69

3.2. Unlawful Access to a computer system—section 6 (1)

“Any person, who without authorization, intentionally accesses in whole or in part, a computer
system or network for fraudulent purposes and obtain data that are vital to national security,
commits an offence and shall be liable on conviction to imprisonment for a term of not more
than 5 years or to a fine of not more than N5, 000,000.00 or both fine and imprisonment.”70

This sections cover to a large extent what is in today’s Nigerian society a pressing issue of
fraudulent activities taking place online and other online hackers who divert vital critical

67
O.O. Viyon, ‘An assessment of Nigeria’s cybercrimes (prohibition, prevention etc.) Act 2015’, (2015),
<http://www.thelawyerschronicle.com/an-assessment-of-nigerias-cybercrimes-prohibition-prevention-etc-act-
2015/ > Accessed 13 February 2017
68
HumanRights.com, ’International Human Rights Law-United for Human rights’ , (2017),
<http://www.humanrights.com/what-are-human-rights/international-human-rights-law/international-human-
rights-law-end.html >Accessed 14 February 2017
69
CFRN 1999, S.33, S.34, S.35, S.37, S.38, S.39
70
CA 2015, S.6(1)

28
 Faculty of law Baze University, Solomon Oho, April 2017

information or steal other people’s identity. However this law seems to be more sensitive to
national security threats using words like “Classified”, “National Infrastructure” than social and
human rights violation and criminal offence taking place on social media and other social
networking platforms because a single individual can have multiple accounts and engage in
various crimes online such as stalking, terrorist threats, online sale of child pornography, spams,
cyber bullying and spreading of viruses among others.

3.3. Registration of cyber-café--Section 7 (1)

In Nigeria, some of the cybercrime activities take place in cyber cafés because of its nature of
operation and promotes the animosity of its users. This makes cyber cafes a common place for
cybercriminals to carry out their criminal activities such as fraud (419), hacking, ATM fraud and
other cybercriminal activities. The cybercrime act, 2015 attempts to curb this fault in the system
by making it mandatory for the cyber café businesses and owners to have a book of registry in
which every user would have to sign and input his credentials before accessing the computers in
the cyber café and this registry is to be submitted to the computer professionals Registration
council. This would allow the council to monitor and keep records of users so that when there is
any act of cybercrime, they can investigate, and trace the act to the user or the cyber café where
the criminal act was carried out.71

3.4. Cyber-terrorism; Section 18 (1)

Cyber terrorism has become a global threat and pressing issue to the international scene which
various states have come together to formulate ways on preventing cyber terrorist attacks on the
security of nation states. The international system which is characterized by conflicts, and
acrimony forcing nation states, non-state actors, and criminals devise new ways to break into the
computer systems of industrial, defense, and financial sectors to obtain vital data information
which could compromise the security or operations of such state or institutions. Countries
around the world have put so much effort in the prevention and prohibition of cyber terrorism
such as the United States of America, and the United Kingdom.72

71
CA 2015, S.18(1)
72
Taboola ‘Cyber Terrorism and Nigeria’s Economy’ , Vanguard (2011),
<http://www.vanguardngr.com/2011/11/cyber-terrorism-and-nigeria%E2%80%99s-economy/ >Accessed 14
February 2017

29
 Faculty of law Baze University, Solomon Oho, April 2017

The United States president Barack Obama aimed at tackling cyber terrorism by introducing a
new bill to the congress to get a comprehensive cyber legislation that would increase the US
government’s ability to respond to cyber terrorist attacks. In Nigeria, there has been no cyber
terrorist attack or an emerging scenario where large amount of government information could be
stolen.

In an attempt to combat cyber terrorism in Nigeria, the Terrorism Prevention Act and
Cybercrime act in section 18(1) and (2) both provides for offence of cyber terrorism.73

3.5. Power of arrest, search, and seizure--Section 45

Section 45 (1)- “A law enforcement officer may apply ex parte to a judge in chambers for the
issuance of a warrant for the purpose of obtaining electronic evidence in related crime
investigation.”74

This particular provision shows that drafters of this Act had a vision in mind when drafting this
piece of legislation and taking into account the sever and harmful attacks that could take place
without the criminal attacker being physically present and gave the enforcement agencies the
power to apply ex parte to a judge for a warrant to arrest, search, and seize any electronic device
as electronic evidence in related crime investigation.

Section 45 (2) (e), and (f)—

“The judge may issues a warrant authorizing a law enforcement officer to use or cause to use a
computer or any device to search any data contained in or available to any computer system or
network. Use any technology to decode or decrypt any coded or encrypted data contained in a
computer into readable text or format.”75

This particular section of the act shows again the vision of the drafters of this act in terms of
enforcement of the provisions of this act and enabling the proper officials or enforcement
agencies to carry out their various duties as it relates to cyber-criminal activities.

73
Editorial, ‘Cyber Terrorism Hits Nigeria’, The New African Press (2017),
<https://newafricanpress.com/2010/09/25/cyber-terrorism-hits-nigeria/ >Accessed 15 February 2017
74
CA 2015, S.45(1)
75
CA 2015, S.5 (2) (e) and (f)

30
 Faculty of law Baze University, Solomon Oho, April 2017

The jurisdiction of courts relating to cyber-crime in Nigeria--Section 50

The act provides that the Federal high court located anywhere or in any state in Nigeria would
have the appropriate jurisdiction to entertain and try offences under this act if the offences are
committed in Nigeria, in a ship or aircraft registered in Nigeria, by a citizen or resident in
Nigeria, or outside Nigeria where the victim to a cybercrime offence is a Nigerian.76However,
there have been concerns and other views that this exclusive jurisdiction to the Federal High
court would be a huge burden on the court of law. 77

76
CA 2015, S.50(1) (a-d)
77
Toyin Ogunseinde, ‘Analysis: Nigeria Cybercrimes Act 2015: what are the issues’ Technology Times (Lagos, 2015)
<http://technologytimes.ng/analysis-nigeria-cybercrimes-act-2015-issues/ > accessed 03 March 2017

31
 Faculty of law Baze University, Solomon Oho, April 2017

CHAPTER 4

CRITICAL ANALYSIS OF THE CONFLICTING AND CONTROVERSIAL

PROVISIONS OF THE CYBER-CRIME ACT, 2015

These are the controversial provisions of the cyber-crime act;

1. cybercrime act and the registration of cybercafés

2. mandatory winding up and forfeiture of assets
3. lawful interception of communication
4. cyber security fund
5. cancellation of international passports

4.1 cybercrime act and the registration of cybercafés

The cybercrime act has made it compulsory for cyber cafes in Nigeria to hold and
maintain a registry of its users and also register with the computer professional’s
registration council (CPRC). 78
This provision of the Act puts unnecessary responsibility on cyber café businesses.
The reason for the requirement of registration is to create a data base of the users of
computer systems in cyber cafes for easy tracking, monitoring and tracing online
criminal activities.
The mandatory sign in register by cyber cafes creates a potential risk for private
citizens and individuals who their personal information could be compromised and
sold to different commercial entities or other persons. 79
4.2. Mandatory winding up and forfeiture of assets
The cybercrime Act 2015 further provides that where a body corporate is charged
and found guilty of an offence under the act, the court can order for its winding up
80
and forfeiture of its assets to be forfeited to the government.
One of the principles of criminal law and penal theory is that the punishment should
be proportionate to the crime. This provision itself does not send a good message

78
CA 2015, S 7 (1) (2)(3) (4)
79
Law Padi.com, ‘5 controversial aspects in cybercrime act 2015’ (2015) < http://lawpadi.com/5-controversial-
aspects-of-the-nigerian-cybercrime-act-2015/ > accessed 03 March 2017
80
CA 2015, S. 48 (1) (2)(3)

32
 Faculty of law Baze University, Solomon Oho, April 2017

to foreign investors who are looking to exploit the opportunities that the
information computer technology has to offer. The for feiture of assets to the
government does not ensure a safe environment for investors and other companies
and does not take into consideration the company creditors and shareholders who
have stakes in the company.
4.3. lawful interception of communication
Under certain circumstances, the judge of a federal high court may order network
service providers to intercept, collect, record, permit or assist competent authorities
with the collection or recording of content data or traffic. 81 The issue with this law
is that it seems to be violating a basic human right that is accorded to us by the
Nigerian constitution in chapter IV and other international laws and treaties.
This particular provision is in direct conflict with section 37 of the 199 constitution
which provides that ‘the privacy of citizens, their homes, correspondence, telephone
conversations, and telegraphic communications is hereby guaranteed and
protected’ 82
4.4. cyber security fund;
The law establishes the national cyber-security fund and creates a levy of ‘0.005’ of
all electronic transactions of;
 Gsm service providers and all telecommunication companies,
 Internet service providers,
 Banks and other financial institutions,
 Insurance companies ,
 Nigerian stock exchange,
This turns out to be an added cost and taxes on the businesses that have an annual
turnover of one hundred million naira (N100, 000,000) are already supposed to pay
a fee of one percent (1%) of their annual profit before tax to the National
Information technology Development fund. 83

82
CFRN 1999, S37
83
Law Padi.com, ‘5 controversial aspects in cybercrime act 2015’ (2015) < http://lawpadi.com/5-controversial-
aspects-of-the-nigerian-cybercrime-act-2015/ > accessed 04 March 2017

33
 Faculty of law Baze University, Solomon Oho, April 2017

The section further provides that any amount not exceeding 40 percent of the fund
would be allocated for programs relating to violent extremism. The funds gotten
from cybercriminal activities should be put into the National information
technology development fund (NITDF) in the country such as ICT learning centers,
police ICT training and creating awareness on steps in preventing and protecting
ones system from cyb er-attacks and harm than paying. 84
4.5. cancellation of international passports
The Act provides that any individual who is convicted of an offence under the act shall have
his international passport cancelled.85 This provision appears to be violating the
constitutional right of freedom to movement of citizens of Nigeria laid out in section 41 of
the 1999 constitution.86 In the case of SSS v Agbakoba, the court of appeal held that the
seizure of the appellant’s international passport by men of the state security services was
illegal because the international passport is a property of the individual not the state
government.87

84
CA 2015, S.44 (1) (2) (4)
85
CA 2015, S48 (4)
86
CFRN 1999, S.41
87
Martins Chima, ‘Right to Freedom of movement-Know your right’ (2017)
<http://martinslibrary.blogspot.com.ng/2013/01/right-to-freedom-of-movement-know-your.html> accessed 05
March 2017

34
 Faculty of law Baze University, Solomon Oho, April 2017

CHAPTER 5
CONCLUSION AND RECOMMENDATIONS
5.1. SUMMARY/FINDINGS
This work has been able to analyze the opinion, views and writings of various
authors, and scholars on cybercrime. Additionally, the history of cybercrime
provides a better understanding of cybercrime and its roots in various countries like
the United States of America, the United Kingdom, and the federal republic of
Nigeria in which the categories of cybercrime as it affects the person, government,
society at large, and property. This work further examines the cybercrime activities
that are rampant in the Nigerian society such as; ATM Fraud, piracy, hacking, email
Scams, cyber terrorism, cyber stalking, cyber terrorism, internet pornography, and phishing.
Also, the work examined the previous legislation on cybercrime in Nigeria prior to the
Cybercrime Act 2015 such as the computer and infrastructure bill of 2005, and the cyber security
bill of 2011 (now cybercrime bill 2013) followed by a critical analysis of the Cybercrime Act
2015.
Finally an attempt was made to examine and analyze both the legal framework of cybercrime in
other jurisdictions such as the United States of America and the United Kingdom and looked at
the international perspective on combatting cybercrime.
FINDINGS
 Cybercrimes against persons, property, government and the society at Large would
constitute cybercrimes;
 The Cybercrime (prohibition and prevention) Act, 2015 largely provides for offences
against the government infrastructures, social use of the cyberspace;
 The Act further provides for protection of national information infrastructure, and
cancellation of passports which are in conflict with chapter iv of the 1999 constitution;
 The Act empowers Law Enforcement officers to apply to a judge for issuing out a
warrant for the purpose of obtaining electronic evidence in s.45(1)
5.2. CONCLUSION
Computer or cybercrime does have a huge drastic effect on the world today and leaving the
private information of individuals on the cyberspace vulnerable to various forms of cyber-
attacks. Nigeria has been criticized for dealing with the issue of cybercrime inadequately due to

35
 Faculty of law Baze University, Solomon Oho, April 2017

enforcement agencies not being well equipped or having the necessary computer training,
intelligence, and infrastructure and computer skills to enforce these laws on cybercrime. The
previous legal regimes on cybercrime activities proved inadequate to combat cybercrime in
Nigeria. However, the recent enactment of the cybercrime Act 2015 is a huge step toward
combating cybercrimes as it has made and prescribed punishments and penalties for certain acts
which would constitute offences under the Act such as; unlawful access to computers, unlawful
interceptions of communications, unauthorized modification of data, misuse of data, system
interference, intercepting electronic messages, emails, e-money transfer, tampering with critical
infrastructure, computer related fraud, computer-related forgery, among others, as offenses that
are punishable under the Act. Theft of electronic devices, electronic signature, child pornography
and related offences, racism and xenophobic offences are also punishable under the Act. It also
provided for cyber-stalking, cybersquatting and cyber-terrorism as offences.
In combatting cybercrime activities in Nigeria, there is need for the development of education
curriculum and human capacity to enable individual more computer or tech savvy. The
cybercrime Act, provides enough grounds for the enforcement of its laws in section 45 (2) (e) –
(f)88 but the question is how prepared are the enforcement agencies in tackling these
cybercrimes, how fast can they respond and to what extent are they efficient.
Universities and other institutions running a law program should design their curriculum to
include the necessary training or course such as the application of ICT to law, for the next
generation of lawyers, judges, and law enforcement bodies to be more aware and conscious of
cybercrime and its effects.
5.3. RECOMMENDATIONS
It is relevant at this point for there to be effective regulation and enforcement of the
cybercrime Act 2015. Suggested reforms include but not limited to;
1. establishment of an enforcement body different from the Nigerian police
force saddled with the responsibility of tackling, tracking, investigating, and
intercepting anticipated cyber-attacks on computer systems, networks, or
devices that are designated as national information infrastructure,
2. The enforcement body would also have as part of its mandate to monitor the
activities of social media for any threat to the peace and security of the

88
CA 2015, S.45(2) (e-f)

36
 Faculty of law Baze University, Solomon Oho, April 2017

nation or threat to the lives of citizen on social media e.g. Cyber bullying,
cyber terrorism
3. Enforcement agencies should develop policies and protocols for handling
cybercrime investigations and what to do in case where the security of the
nation or organization is about to be compromised,
4. Funds gotten from cybercriminal activities should be put into the National
information technology development fund (NITDF) in the country such as
ICT learning centers, police ICT training and creating awareness on steps in
preventing and protecting ones system from cyber-attacks and harm.
5. Ensuring that the enforcement officers and investigators understand the
importance of digital evidence and how it is processed, stored, and its
admissibility in the Nigerian courts according to section 84 Evidence Act as
it was in Federal Republic of Nigeria v Abdul. 89

89
FRN ‘v’ Abdul [2007] EFCLR 204-207

37
 Faculty of law Baze University, Solomon Oho, April 2017

BIBLIOGRAPHY
BOOKS
CK Allen, the Nature of a Crime in Legal Duties (Oxford: Clarendon, 1931)
Smith and Hogan’s Criminal Law (David Ormerod, 13th edition, 2011)
Kadish, Criminal Law: Adaptable to courses using materials (Legalines Eight Edition 2010)
K.S. Chukkol, The Law of Crimes in Nigeria (Ahmadu Bello University Press ltd, revised edition
2010)

JOURNALS
Harpreet Singh Dalla, Ms.Geeta, ‘Cyber-crime-a threat to persons, property, government, and
societies’ [2013] (3) (5) International journal of advanced research in computer science and
software engineering; 997

ONLINE JOURNAL ARTICLES

Olowu D, ‘Cybercrimes and the boundaries of domestic legal responses’ case for an inclusionary
framework for Africa, journal of information, law and technology (JILT),’ (N.D),
<http://go.Warwick.ac.uk/jilt/20091/olowu > Accessed 05 January 2017

NEWSPAPER/MAGAZINE ARTICLES
Patrick Scott, The Telegraph, ‘How much of a problem is cybercrime in the U.K’ (2016)
<http://www.telegraph.co.uk/news/2016/11/01/how-much-of-a-problem-is-cyber-crime-in-the-
uk/ >Accessed 06 January 2017
Sc Staff, ‘New Laws Include Life sentence and Hanging for cybercrime’ U.K Magazine
(London, 2015), <https://www.scmagazineuk.com/new-laws-include-life-sentence-and-hanging-
for-cyber-crime/article/537371/ >accessed 07 January 2017
Taboola ‘Cyber Terrorism and Nigeria’s Economy’, Vanguard (2011),
<http://www.vanguardngr.com/2011/11/cyber-terrorism-and-nigeria%E2%80%99s-economy/
>Accessed 14 February 2017
Editorial, ‘Cyber Terrorism Hits Nigeria’, The New African Press (2017),
<https://newafricanpress.com/2010/09/25/cyber-terrorism-hits-nigeria/ >Accessed 15 February
2017

38
 Faculty of law Baze University, Solomon Oho, April 2017

Toyin Ogunseinde, ‘Analysis: Nigeria Cybercrimes Act 2015: what are the issues’ Technology
Times (Lagos, 2015) <http://technologytimes.ng/analysis-nigeria-cybercrimes-act-2015-issues/ >
accessed 03 March 2017
Iroegbu, ‘Nigeria Loses over N127 bn annually through cybercrimes’ This Day Live (Lagos
2016) <http://www.thisdaylive.com/index.php/2016/04/19/nigeria-loses-over-n127bn-annually-
through-cybercrime/ > accessed 04 January 2017

WEB PAGES
Laurence Evans, ecotoa.com, ‘Civilization: Modern Cultures,’ (2008),
<http://www.ecotao.com/holism/hu_mod.htm > accessed 04 January 2017
Martins, MartinsLibrary.blogspot.com, ‘General introduction to cyber-Crime effects in Nigerian
sector,’ (N.D) < http://martinslibrary.blogspot.com.ng/2013/08/general-introduction-to-cyber-
crime.html >accessed 04 January 2017
Business insider, Definition of Crime (N.D),
<http://www.businessdictionary.com/definition/crime.html > Accessed 04 January 2017
Legal Free Advice.com, Criminal Law, (N.D), <http://criminal-law.freeadvice.com/criminal-
law/criminal-law/crime_law.htm> Accessed 04 January 2017
Legal Services Commission of South Australia, ’Elements of Crime,’ (N.D),
http://www.lawhandbook.sa.gov.au/ch12s03.php Accessed 05 January 2017
Law Teacher, ‘Outline the basic elements of crime,’ (N.D), < https://www.lawteacher.net/free-
law-essays/business-law/outline-the-basic-elements-of-crime-law-essays.php >Accessed 05
January 2017
R.J Reeves, ’what are the basic elements of crime?’ (2013),
<http://www.mecklenburgdwi.com/what-are-the-basic-elements-of-a-crime/ >Accessed 05
January 2017
Focus Training, information Security, ‘The Secret History of Cyber-Crime’, (2015)
<http://www.informationsecuritybuzz.com/articles/the-secret-history-of-cyber-crime/ > 05
January 2017
National Crime Agency, ‘Cyber Crime’, (N.D),< http://www.nationalcrimeagency.gov.uk/crime-
threats/cyber-crime> Accessed 06 January 2017

39
 Faculty of law Baze University, Solomon Oho, April 2017

C. Budd, TrendMicro.com, ‘The state of cybercrime in the U.K’, (2016),

<http://blog.trendmicro.com/the-state-of-cyber-crime-in-the-u-k/ >accessed 06 January 2017
inbrief.com, ‘The Hacking of computers and the criminal law’, (N.D),
<http://www.inbrief.co.uk/offences/hacking-of-computers/ > accessed 06 January 2017
O.Solon Wired.com, ‘U.K Law introduces life sentence for cyber criminals’, (2014),
<http://www.wired.co.uk/article/cybercrime-bill-life-sentence > accessed 06 January 2017
FBI, ‘Cybercrime, What we Investigate’, (N.D),< https://www.fbi.gov/investigate/cyber >
Accessed 07 January 2017
Florida Tech Online ‘A Brief History of Cybercrime’, (N.D),
<https://www.floridatechonline.com/blog/information-technology/a-brief-history-of-cyber-
crime/ >accessed 07 January 2017
essay.ws, ‘The History of Cybercrime essay’, (N.D), <http://www.essay.ws/the-history-of-cyber-
crimes-essay/> Accessed 08 January 2017
HG.org Legal Resources, ‘Computer Crime Law’, (N.D),< http://www.hg.org/computer-
crime.html > Accessed 08 January 2017

40