CHAPTER TWOCYBER-CRIME IN NIGERIA2.1 INTRODUCTIONThe first attempt at introducing Internet in Nigeria was made through the UNESCO[footnoteRef:1] sponsored RINAF[footnoteRef:2] project in 1995. At one of the several workshops that were held to propagate the idea of the Internet, the Nigeria Internet Group (NIG) was formed as a non-profit, non-governmental organisation with the primary aim and objective of promoting and facilitating access to the Internet in Nigeria[footnoteRef:3]. The Internet became a reality in Nigeria in the late 90's. Obafemi Awolowo University was the first university in Nigeria to have its own VSAT internet link.[footnoteRef:4] In between the year 1996-2000 many internet service providers came up in Nigeria, like Linkserve, Cyberspace, Skannet, etc.[footnoteRef:5] From 1995 till date the number of internet users in Nigeria as risen to 55.9 million which makes Nigeria the 7th largest nation with the internet users in the world.[footnoteRef:6] Among the 55.9million Nigerians who use the internet, 34 million access the internet through their phones[footnoteRef:7]. This goes to show how Nigeria has grown in the area of ICT. [1: United Nations Educational, Scientific and Cultural Organisation. 1945] [2: Regional Information Society Network for Africa. 1992] [3: A. SONIA History of Internet in Nigeria Available at: http://introductiontomasscommunication2.blogspot.com/2010/05/history-of-internet-in-nigeria.html Accessed: (28/5/2013)] [4: Ibid] [5: Ibid] [6: The statistics is available at: http://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users] [7: The Internet Subscriber Data released by the Nigerian Communications Commission (NCC) on its website showed that only 34,471,520 customers out of the 114.172 million active subscribers on the Global System for Mobile Communications (GSM) networks use data. Available at http://www.vanguardngr.com/2013/06/ncc-says-34-5m-subscribers-in-nigeria-use-data-on-internet/ Accessed: (1/7/2012)]

Prior to the year 2001, the phenomenon of internet criminal fraud was not globally associated with Nigeria. Since then, however, the country had acquired a world-wide notoriety in criminal activities, especially financial scams, facilitated through the use of the Internet. In 2010 Nigeria occupied the number three position in the worldwide cybercrime trends index[footnoteRef:8], with the United State of America and the United Kingdom above Nigeria. The common type of cybercrime attributed to Nigeria is the Advance Free Fraud also known as 419 or yahoo yahoo. Cyber criminals unarmed but very lethal are the prowl in Nigeria. The unchecked activities of these thieves are near plague. The threat from cybercrime is multi-dimensional, targeting citizens, businesses, and governments at a rapidly growing rate. They hide under the anonymity of the internet and mobile phones to perpetuate atrocities which has earned Nigeria notoriety as haven of cybercrime. Reports says that Nigeria lost over 2 trillion naira to cybercrime alone in 2012[footnoteRef:9] and $200 million annually[footnoteRef:10], which shows the serious impact of cybercrime in Nigerias economic, especially as most business and commercial activities are now being done electronically or through the internet. The bad after taste of cybercrime and the unseriousness of Nigeria to address the monster has continued to haunt the country both economically and social-politically. [8: E. Nkerreuwen, Nigeria comes 3rd in global cybercrimes survey Available at: http://www.abujacity.com/abuja_and_beyond/2010/11/nigeria-comes-3rd-in-global-cybercrimes-survey-.html Accessed: (4/7/2013). Also See: WikiNews, Cybercrime ratings, at: http://en.wikipedia.org/wiki/cybercrimerating, (4/7/2013). Cyber Crime Statistics: 25% cybercrime remains unresolved. 75 Million Scam Emails are sent every day claiming 2,00 victims. 73% of Americans have experienced some form of cyber crime and (65% globally) do the same. 10.5% of the worlds Hackers from the UK 66% of the worlds hackers are American. 7.5% are Nigerian. Brazil suffers more than any other country with 83% of the population having suffered from internet crime. Available at: http://www.cybercrimeswatch.com/cyber-crime/cyber-crime-statistics.html Accessed: (4/7/2013)] [9: The report of a study by Paradigm Shift Initiative Nigeria (PIN) a social enterprise committed to connecting Nigerian youths with ICT opportunities as well as establishing the link between cybercrime and youth contribution to the economy for University of Toronto-based Cyber Stewards Network Project of the Citizens Lab Munk School of Global Affairs has established that Nigerian consumers lost a total of N1.246trn to cybercrime in 2012. Available at: http://www.flairng.com/index.php/technology/item/490-nigeria-lost-over-n2trn-to-cybercrime-in-2012-%E2%80%94-pin Accessed: (4/7/2013)] [10: S. Adekoye Cyber Crime Costing Nigerian Economy Available at: http://www.itnewsafrica.com/2012/04/cyber-crime-costing-nigeria-economy/ Accessed: (4/7/2013)]

The high rate of cybercrime in Nigeria has been attributed to the inadequacies of existing laws in tackling cybercrime, as most of the laws are seen as out-dated. As Nnaemeka Ewelukwa[footnoteRef:11] rightly said it is not good for technology to run faster than law. Whenever, technology moves faster than law, what you will have is a legal vacuum.[footnoteRef:12] In Nigeria there is no single law used to tackle the menace of cybercrime, and as stated earlier,[footnoteRef:13] before an act or omission can be criminalised, one of its requirements is that the Offence must be capable of precise definition, which is reiterated by the Section 36(12) of the 1999 Constitution.[footnoteRef:14] This means an uncodified crime is not punishable in Nigeria. It is obvious that Nigeria in the past decade as evolved technologically which should been met by regular up date of existing laws to tackle such change. Also the eminent rise of cybercrime in Nigeria has been traced to the direct consequence of the lapses in the 2001 National Policy for Information Technology (NPFIT)[footnoteRef:15], as it empowered Nigerians, especially the youths with cyber capacity. The honest intention of the Federal Government of Nigeria in making the policy for information technology in 2001 must have been to empower Nigerians to join the rest of the developed world to benefit from the multiple advantages of the Internet in a variety of positive ways. It could, therefore, not have been the intention of either the government or the authors of the policy that it should become an instrument for committing crimes. That is to say that it cannot be fairly claimed that the objective of the policy, from the onset, was to empower Nigerians for the commission of Internet crimes. However, it will not stop to appear curious that the introduction of the Policy was quickly followed by the then new phenomenon of online fraud of various kinds, most pernicious of which are those popularly known as 419 or Nigerian cyber-scams[footnoteRef:16], etc., and software piracy, which have adversely affected the economy and profile of the nation. According to the authoritative account of Nuhu Ribadu, former Executive Chairman of Nigerias Economic and Financial Crimes Commission, (EFCC), the country became fully aware of this pattern of crime in 2002.[footnoteRef:17] [11: Nnaemeka Ewelukwa is a Senior Teaching Fellow in International Trade Law at the School of Oriental and African Studies, University of London. He also manages African Legal Consulting Limited, London UK, a firm that consults on the legal aspects of investing or doing business in Africa.] [12: Excerpts from an interview by Vanguard newspaper titled Why cyber crime thrives in Nigeria Available at: http://www.vanguardngr.com/2011/04/why-cyber-crime-thrives-in-nigeria-by-ewelukwa/ Accessed: (4/7/2013)] [13: Jeremy Bentham, An Introduction To The Principles Of Morals And Legislation, (New York: Hafner Publishing Co, 1948) Op.cit. Supra note 31 pp.10] [14: Section 36(12) of the 1999 Constitution of the Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004, States that: a person shall not be convicted of a criminal offence unless that offence is defined and the penalty thereof prescribed in a written law; and a written law refers to an Act of the National Assembly or a law of a State.] [15: R. O. Moses-k Cyber Capacity without Cyber Security: A Case Study of Nigerias National Policy for Information Technology (NPFIT) Available at: http://www6.miami.edu/ethics/jpsl/archives/all/CyberSecurity.html Accessed: (4/7/2013)] [16: E. E. Adomi and S. E. Igun Combating cybercrime in Nigeria, The Electronic Library, vol.26, no.5 (2008): pp. 716 725; M. Chawki, Nigeria Tackles Advance Fee Fraud, Journal of Information, Law and Technology (JILT), (2009), Available at: http://www.go.warwick.ac.uk/jilt/2009_1/chawki Accessed: (5/7/2013)] [17: N. Ribadu, Cybercrime and Commercial Fraud: A Nigerian Perspective (Modern Law for Global Commerce Congress to celebrate the fortieth annual session of UNCITRAL Vienna, 9-12 July 2007, at:http://www.cnudmi.org/pdf/english/congress/Ribadu_Ibrahim.pdf, Accessed: (5/7/2013)]

It is in this light that this Chapter aims to examine the various provisions of the NPFIT and its inadequacies, and also the provisions of the existing Legal Framework in Nigeria used in tackling cybercrime and their effectiveness.

2.2 NATIONAL POLICY FOR INFORMATION TECHNOLOGY[footnoteRef:18] [18: Nigerian National Policy for Information Technology, Abuja: Federal Ministry of Science and Technology, 2001 (To be subsequently referred to in this paper as:NPFIT, 2001). Available at: http://forum.org.ng/system/files/Nigeria_IT_Policy.pdf Accessed: (1/7/2013)]

This policy was expected to deal with all emerging issues in the information and communication technology fields. It is however to be noted that the resultant policy does not offer much for the understanding, prevention and eradication of criminal activities in cyberspace. In effect, the policy has not shown a sufficient commitment on the part of government to deal with the problem of cyber-criminality in the country. In particular, the task of the IT Task Force that was recommended in the Policy is not specified, while no financial allocation was provided for the Task Force in the spending profile of the policy for combating crimes on the Internet.[footnoteRef:19] This observation is without prejudice to the correct perception of the Policy that Information Technology (IT) is the bedrock for national survival and development in a rapidly changing global environment, and challenges us to devise bold and courageous initiatives to address a host of vital socio-economic issues such as reliable infrastructure, skilled human resources, open government and other essential issues of capacity building.[footnoteRef:20] [19: NPFIT, 2001: pp. 44.] [20: NPFIT, 2001: Preamble p. ii]

A close study of the General Objectives of the Policy was carried out which revealed the Policys weakness in dealing with the menace of cyber-criminality[footnoteRef:21]. The sections of the Policy that pertain directly or in some indirect way to cyber-criminality are discussed below. General Objectives section (vii): To improve judicial procedures and enhance the dispensation of justice[footnoteRef:22]; (xv) to empower the youths with IT skills and prepare them for global competitiveness[footnoteRef:23]and (xvii) To create IT awareness and ensure universal access in order to promote IT diffusion in all sectors of our national life[footnoteRef:24] [21: R. O. Moses-k Cyber Capacity without Cyber Security: A Case Study of Nigerias National Policy for Information Technology (NPFIT) op cit. note 15 supra] [22: NPFIT, 2001] [23: Ibid] [24: Ibid]

Considering the high rate of cyber-criminality in Nigeria today, the three objectives above rather than forestall or address the issues of cyber-criminality appear to be contributory to the commission of cybercrimes[footnoteRef:25]. The improvements of judicial procedures and enhanced dispensation of justice, on their own, do not address the commission or prevention of crimes as such. On the other hand, the empowerment of the youths with IT skills and the diffusion of IT have exposed the youths to the possibilities and ease of committing financially lucrative and hard-to-detect criminal activities on the Internet. [25: N. Ribadu, Cybercrime and Commercial Fraud: A Nigerian Perspective, op cit. 16]

To a very large extent, the promises of the Policy were substantially fulfilled, albeit, in a negative way in certain instances. The fulfilment of General Objective (xv) of the Policy[footnoteRef:26]is a particularly pertinent case in support of this view. The youths were indeed empowered with IT skills, but many of them quickly turned their newly acquired skills into tools for online criminal activities. These criminal activities, also negatively, created wealth for the youths; negatively because such wealth was illegitimate, being proceeds of fraud, and detrimental to the economy and the external image of the country.[footnoteRef:27]There is no evidence that the skills so acquired were substantially used for the advancement of software development or other IT engineering tools and techniques, or credible economically viable and lawful online products. [26: NPFIT, 2001] [27: Supra note 25 pp.18]

The objective (xxi) of enhancing national security and law enforcement appears to be vacuous with respect to cyber-criminality. The Policy also has an objective (xxiii) of promoting legislation (Bills and Acts) for the protection of online business transactions, privacy and security. This is said to be the most pertinently framed objective of the policy but, however, this objective is said to be no more than a gratuitous inclusion in the Policy as shown in the failure of the government to enact the Cyber Crime Bill that had been in the National Assembly since 2004[footnoteRef:28]. Moreover, to date, the country does not have any cybercrime-specific law that had been enacted since the advent of the NPFIT and its attendant cyber-criminality. [28: Ibid]

In further clarifying its objectives, the policy defined Information Technology to mean computers, ancillary equipment, software and firmware (Hardware) and similar procedures, services (including support services) and related resources. The term IT is also defined to include any equipment or interconnected system or sub-system of equipment, that is used in the automatic acquisition, storage, manipulation, management, movement, control, display, switching, interchange, transmission or reception of data or information. This comprehensive definition captures well all imaginable uses, and abuses, of the cyberspace. Also Chapters 9, 12, 13, 14, 16 and Appendix B of the policy are further relevant to Cyber-criminality and also explanation of the policy.In Chapter 9[footnoteRef:29], section 9.3 states: (i) Provide a sound responsible and efficient regulatory environment. In (4), it states: providing legal safeguards for the privacy of individuals and the confidentiality of transactions against misuse. In Chapter 12[footnoteRef:30], the pertinent issues are in Section 12.3 of the NPFIT. These are [29: Strategies of the IT policy] [30: National Security and Law Enforcement]

i. to use IT to combat contemporary and emerging security threats and challenges that are being re-defined by Information Technology; and ii. to promote the awareness and education of all those engaged in National Security and law enforcement duties on the use, benefit and risks of new IT environment. The policy also proposed iii. To inform and protect Nigerians, the government, infrastructure and assets from illegal and destructive activities found in the global environment in order to boost the confidence of Nigerians and the international community in the country. In (iv) the policy says: Government will frame appropriate legislation. Chapter 13 of the IT policy, on legislation, reiterates the proposition in Chapter 12.3. It states: The nation shall promote and guarantee freedom and rights to information and its use, protect individual privacy and secure justice for all by passing relevant Bills and Acts.The objectives of legislation, as stated in the policy, are to facilitate e-governance, e-commerce, secure e-fund transfer and electronic payment system, and protection of governments digitalized records and information. Other objectives include establishing and enforcing cyber laws to deal with computer crime. Cyber legislation, according to the Policy, shall also encourage public confidence in IT and its proper usage, enhance freedom and access to digital information at all levels while protecting personal privacy, promote intellectual property rights and copyrights, and address other issues arising from the digital culture and protect the rights of the vulnerable groups.[footnoteRef:31] [31: Supra note 20]

To realize the foregoing legislative objectives, the strategies of the IT policy are stated as follows: The National Information Technology Development Agency (NITDA) and the Federal Ministry of Justice are to work out Bills and Acts that would bring about free access and rights to information, and other on-line transactions, with due protection, security and property rights, for individuals as well as for groups. The policy would also seek to introduce the necessary machinery for verifying and admitting in evidence electronically generated records and digital evidence in the event of administrative and legal proceedings, which will be digitalized as much as possible[footnoteRef:32]. An important part in the policy is the plan to review relevant existing laws to make the implementation of the IT policy unhindered. The policy also stated in addition, it will see to the passage of Computer Crime and Cyber Laws (CCCL). In chapter 16[footnoteRef:33], the policy at 16.3 (xxi)[footnoteRef:34]restates that it will see to the enactment of Bills and Acts to stimulate and protect the right of users and developers including intellectual property rights. Towards realizing the above objectives, the policy, in Appendix B[footnoteRef:35], statesinter alia: Government through the Federal Ministry of Justice, after due deliberation with IT and sectorial experts, will frame appropriate legislation, using technology-neutral statutory definitions. The legal mechanisms so framed are to apply in the following areas: computer crimes, information technology law, and amendment of non-specific provisions in existing laws. Other areas of application are personal privacy and digital signature. [32: The provision for the admission of Electronic Evidence was not provided for, until the New Evidence Act of 2011 in Section 84 allowed for the admission of Electronically Obtained Evidence.] [33: Policy Implementation] [34: NPFIT, 2001: pp.40.] [35: Details on the Legal Areas that must be addressed]

Significant as the IT policy is, it is noteworthy that the Nigerian state did not take any definite regulatory step on it until 2003[footnoteRef:36], whereas the ICT media proposed in the Policy had become widely available since 2001. It was not until a murder incident at a Nigerian embassy in 2003, which was connected to an Internet crime, that the Federal Government was moved to constitute a cybercrime working group, the Nigeria Cybercrime Working Group (NCWG)[footnoteRef:37], to examine all associated problems of cyber-criminality as related to Nigeria and make appropriate submissions to government on how to nip them in the bud. This body was formally launched on 31st March 2004, sequel to the recommendations of the Presidential Committee on Illegal On-line activities led by the National Security Adviser to former President Olusegun Obasanjo (1999-2007). The NPFIT has been noted to develop cyber capacity in Nigeria without a cyber-security as the policy focused on only the projected possible benefits of ICT, without being critically sensitive to the possibility of IT abuse, and thus failing to be pro-active against IT abuses that were already been experienced and being combated in other places. [footnoteRef:38] Although other countries, including the most ICT-advanced countries, also have cyber security challenges, Nigeria, being a latecomer into the technology, ought to have started right in the formulation of a Policy that benefited from the experiences of others whilst still planning to enter into the global cyber community. Failure to do this has resulted in the unstoppable life of cybercrime that some Nigerians have chosen as a profession. [36: Supra note 15 pp.17] [37: The NCWG is an inter-agency Body of Law Enforcement, intelligence, security and ICT Institutions including Private Sector Organizations. It is meant to be the Central Agency for the enforcement of Cybercrime in Nigeria or situate responsibility within the existing Law Enforcement Institution. Their responsibilities include public enlightenment, building institutional consensus amongst existing Agencies, providing technical assistance to the National Assembly on cybercrime and the Draft Act, laying the groundwork for the Cybercrime Agency, Commencement of Global cybercrime enforcement relations.] [38: Supra note 14]

2.3 CURRENT LEGISLATIVE FRAMEWORK2.3.1 THE 1999 CONSTITUTION OF THE FEDERAL REPUBLIC OF NIGERIABy virtue of Section 36(12)[footnoteRef:39] no person shall be convicted of a criminal offence except it is defined and the penalty therefor is prescribed in a written law. It is obvious from the above provision that a person cannot be convicted of a non-statutory offence and in this view; no one in Nigeria can be convicted for committing cybercrime, as the Constitution and any other enacted Law in Nigeria defines or penalise the offence. The word cybercrime is not even mentioned in any law in Nigeria. However, it is important to note that there have been convictions of offences which are considered as classifications or types of cybercrime[footnoteRef:40], not because cybercrime is penalised in Nigeria but such acts are stated in and penalised by various Laws in Nigeria. [39: Constitution Of The Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004] [40: See the classifications of cybercrimes by the OECD in Chapter One. Supra notes 51-54 pp. 14]

As the Constitution of the Federal Republic[footnoteRef:41] does not specifically state anything related to cybercrime, it however, empowers the National Assembly to make laws with respect to any matter included in The Exclusive Legislative List[footnoteRef:42]. The Exclusive Legislative List consist of various items most of which are related directly or indirectly to Commerce. The items itemised in the list include; Commercial and Industrial Monopolies[footnoteRef:43], currency coinage and legal tender[footnoteRef:44] and even Trade and Commerce[footnoteRef:45] amongst many others[footnoteRef:46]. It is quite clear from this foregoing that it is the National Assembly that has the power to make laws regulating Commerce in Nigeria. Also, Section 251 also gives the Federal High Court the Exclusive jurisdiction to adjudicate upon matters which are directly and indirectly related to Commerce by listing them. Though the Constitution does not say anything about Electronic Commerce, it can however be implied that Electronic Commerce is also a branch of Commerce and thus the same laws also regulate it. Thus, the National Assembly would have the Exclusive right to legislate E-Commerce matters as relating to cybercrime. Item 69[footnoteRef:47] goes further to state that any matter incidental or supplementary to any matter mentioned elsewhere in this list. [41: Supra] [42: S. 4(2) 1999 CAP. C23 L.F.N. 2004] [43: Item 10 of The Ell Constitution Of The Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004] [44: Item 15 of The ELL] [45: Item 62 of The ELL] [46: Including Maritime Shipping (Item 36), Patents, trademarks, trade or business names, industrial designs and merchandise trademarks (Item 43) and many more] [47: The ELL Constitution of The Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004]

2.3.2 THE CRIMINAL CODE[footnoteRef:48] [48: Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004]

The Criminal Code by virtue of Section 2 also makes it clear that an offence must be under this code, or under any Act, or Law[footnoteRef:49]. The criminal code does not mention, define or criminalise cybercrime but it prohibits some traditional crimes which are associated to the cyber world and they fall under the classifications of cybercrime, such as computer relate-forgery and computer-related fraud. These offences cannot be prosecuted through the criminal code under the heading of cybercrime as cybercrime is not stated in the Code. [49: Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004]

Such traditional offences related to cybercrime which can be done in the cyber word, for example, include the offence of stealing.[footnoteRef:50] This offence may be used to prosecute people who steal credit cards or information. Though the Act does not specifically state or list things that are capable of being stolen, but it provided that: [50: S 383 CAP. C38 L.F.N. 2004]

Every inanimate thing whatever which is the property of any person, and which is movable, is capable of being stolen. Every inanimate thing which is the property of any person, and which is capable of being made movable, is capable of being stolen as soon as it becomes movable, although it is made movable in order to steal it.[footnoteRef:51] [51: Section 383 Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004]

Section 383[footnoteRef:52] prohibits the act of stealing anything capable of being stolen. It states that: [52: Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004]

A person who fraudulently takes anything capable of being stolen, or fraudulently converts to his own use or to the use of any other person anything capable of being stolen, is said to steal that thing. It further states that: A person shall not be deemed to take a thing unless he moves the thing or causes it to move.[footnoteRef:53] This leads to the confusion as to the state of information or trade secrets stolen online through Hacking or cracking;[footnoteRef:54] can they be classified as inanimate things capable of being stolen? According to Wada and Odulaja, although cybercrime is not mentioned in the Act, it is a type of stealing punishable under the criminal code[footnoteRef:55]. [53: Section 383(6) Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004] [54: The offence described as hacking refers to unlawful access to a computer system. It is one of oldest Computer-related crimes. Following the development of computer networks (especially the Internet),this crime has become a mass phenomenon, most especially in the USA. Examples of hacking offences include breaking the password of password-protected websites and circumventing password protection on a computer system. But acts related to the term hacking also include preparatory acts such as the use of faulty hardware or software implementation to illegally obtain a password to enter a computer system, setting up spoofing websites to make users disclose their passwords197 and installing hardware and software-based keylogging methods (e.g. keyloggers) that record every keystroke and consequently any passwords used on the computer and/or device.] [55: Wada & Odulaja Assessing Cyber Crime and its Impact on E-Banking in Nigeria Using Social Theories (2012) African Journal on Computer & ICT Vol 4. No. 3. Issue 2 pp. 75]

There is also the offence of Obtaining by False Pretences as stated under Section 419[footnoteRef:56] of the Criminal Code. This offence popularly known as 419 is the most popular Cybercrime offence committed in Nigeria[footnoteRef:57]. Section 418[footnoteRef:58] gives a clear representation as to the definition of the offence. Though the definition does not in any way limit the commission of the crime to the real world only as it also predicts a situation through words, writing or conduct where it can be committed in the cyber world. Thus offences such as Advance Fee Fraud can come within the ambit of this section. This section, alongside the Advanced Free Fraud Act, has been proved to be effective in tackling computer-related frauds, a classification of cybercrime, in Nigeria.[footnoteRef:59] [56: CAP. C38 L.F.N. 2004] [57: It is regarded as a Computer-related offence which is under the classification of cybercrime earlier discussed in Chapter One. See note 52 pp.14] [58: Ibid] [59: See the case of Mike Amadi Vs. Federal Republic Of Nigeria 2008 12 SC (pt3)]

The Code also makes provisions for injury to the property of another without consent[footnoteRef:60] and injury with intent to defraud.[footnoteRef:61] It is worthy of note that Section 1[footnoteRef:62] defines property to include everything, animate or inanimate, capable of being the subject of ownership. This therefore eliminates the need for the property being capable of being stolen. Section 451[footnoteRef:63] further prescribes an offence of a person wilfully and unlawfully destroying or damaging any property[footnoteRef:64] with a punishment of two years imprisonment. [60: See S.440 CAP. C38 L.F.N. 2004] [61: See s. 441 C38 L.F.N. 2004] [62: C38 L.F.N. 2004] [63: Ibid] [64: An example of such act is Hacking of computers and inflicting damage on the computer either by deleting files or putting a virus into the system, to render the computer unusable for the time being.]

There are also a lot of traditional offences which can still be brought within the ambit of the criminal code such as Forgery which has a punishment of three years in prison.[footnoteRef:65] Unlike the offence of stealing, nothing in Sections 463, 464 and 465 which defines forgery, limits the offence only to the real world as it can be committed with any negotiable instrument, document, seal or writing which further includes a mere signature or mark of any kind. This section can be used in tackling computer-related forgery a classification or type of cybercrime. There are also quite a number of offences relating to Posts and telecommunications that can fall under cybercrime. These offences are taken care of under the Criminal Code by virtue of chapter 17. As the definition of mails include any conveyance of any kind.[footnoteRef:66] The act also defines telegraphs to include any apparatus for transmitting messages or any other communications by means of electric signals, whether with or without the aid of wires. Thus, these provisions can be sufficiently used to prosecute cybercrimes such as illegal interception of data in mails, illegal data acquisition, system interference, sending viruses[footnoteRef:67] and the likes. Although, some of the offences here have stiffer penalties than the others.[footnoteRef:68] [65: See Section 467] [66: S. 1] [67: See Section 170 which includes the sending of obscene things] [68: For example S 171 (stopping mails) carries a Life sentence while s 172 (Obstructing mails) carries a fine of hundred naira.]

2.3.3 THE ECONOMIC AND FINANCIAL COMMISSIONS ACT (EFCC)[footnoteRef:69] [69: NO. 5 2002. ACT CAP. E1 L.F.N. 2004. To be further referred to as the EFFCC ACT]

The EFCC Act also does not mention cybercrime; however it can still be used to prosecute traditional offences which fall within the purview of the definition and classification of cybercrime. Economic crime is defined by the Act as the nonviolent criminal and illicit activity committed with the objectives of earning wealth illegally, either individually or in a group or organized manner thereby violating existing legislation governing the economic activities of government and its administration to include any form of fraud, narcotic drug trafficking, money laundering, embezzlement, bribery, looting, and any form of corrupt malpractices, illegal arms deal, smuggling, human trafficking and child labour, oil bunkering and illegal mining, tax evasion, foreign exchange malpractices including counterfeiting of currency, theft of intellectual property and policy, open market abuse, dumping of toxic wastes and prohibited goods.[footnoteRef:70] [70: Section 40 Economic And Financial Crimes Commission (Establishment) Act, No. 1 2004.]

Some of these offences are listed in the responsibilities of the Commission. According to part 2 of the Act, they include: the investigation of all financial crimes, including advance fee fraud, money laundering, counterfeiting, illegal charge transfers, futures market fraud, fraudulent encashment of negotiable instruments, computer credit card fraud, contract scam, etc.; Taking charge of, supervising, controlling, and coordinating all the responsibilities, functions, and activities relating to the current investigation and prosecution of all offences connected with or relating to economic and financial crimes, in consultation with the Attorney- General of the Federation.

2.3.4 THE ADVANCE FEE FRAUD ACTAccording to Section 23 of the Advance Fee Fraud Act[footnoteRef:71] [71: Advance Fee Fraud And Other Fraud Related Offences Act, 2006]

False pretence means a representation, whether deliberate or reckless, made by word, in writing or by conduct, of a matter of fact or law, either past or present, which representation is false in fact or law, and which the person making it knows to be false or does not believe to be true.The law also helps in tracking offenders as any person or entity, providing an electronic communication service or remote computing service either by e-mail or any other form shall be required to obtain from the customer or subscriber, full names; residential address, in the case of an individual; corporate address, in the case of corporate bodies.[footnoteRef:72] [72: Section 12(1).]

Also any person or entity providing the electronic communication service or remote computing service either by e-mail or any other form, who fails to comply with the provisions of subsection (1) of section 12, commits an offence and is liable on conviction to a fine of N 100,000 and forfeiture of the equipment or facility used in providing the service.[footnoteRef:73] Finally, Section 13(1) provides that [73: Section 12(3).]

notwithstanding the provisions of the Nigerian Communications Commission Act 2003 or the provisions of any other law or enactment, any person or entity who in the normal course of business provides telecommunications or internet services or is the owner or person in the management of any premises being used as a telephone or internet cafe or by whatever name called shall be registered with the Economic and Financial Crimes Commission;[footnoteRef:74] maintain a register of all fixed line customers which shall be liable to inspection by any authorized officer of the Commission; and submit returns to the Commission on demand on the use of its facilities.[footnoteRef:75] [74: Para. (a).] [75: Para. (b).]

Advance Fee Fraud and Other Fraud Related Offences Act 2006 is currently one of the only laws in Nigeria that deals with internet crime issues, and it only covers the regulation of internet service providers and cybercafs, it does not deal with the broad spectrum of computer misuse and cybercrimes.

2.3.5 NIGERIAN COMMUNICATION COMMISSION ACT[footnoteRef:76] [76: Nigerian Communications Commission Act No. 19 2003]

The Act created the Nigerian Communication Commission (NCC)[footnoteRef:77] headed by an executive vice Chairman[footnoteRef:78] and saddled with the responsibility of overseeing the regulation of the telecommunication sector in the country. It provides an elaborate and comprehensive legal regime for the establishment control and management of telecommunication services in the Country. [77: See: section 3] [78: Section 5]

The NCC Act stipulates no specific provision or penalty for telecommunication offences save that it provides for the immunity of the service providers in cases of disclosure of customers information in furtherance of national security.[footnoteRef:79] Section 146(1) of the Act provides that A licensee shall use his best endeavour to prevent the network facilities that he owns or provides or the network service, applications service or content application service that he provides from being used in, or in relation to, the commission of any offence under any law in operation in Nigeria. The act only allows an authorised interception of communication[footnoteRef:80], which means any unauthorised interception of communication is prohibited by the act. Section 147 states that: [79: Section 146] [80: Section 147]

The Commission may determine that a licensee or class of licensee shall implement the capability to allow authorised interception of communications and such determination may specify the technical requirements for authorised interception capability.In section 157 of the act, it states that: Authorised interception means interception by the licensee of any network facilities, network service or applications service permitted under section 148 of this Act. It further states that Intercept means the aural or other acquisition of the contents of any communications through the use of any electronic, mechanical or other equipment, device or apparatus. The implication of the foregoing section is that wire-tapping by the government is legal in Nigeria unless it is permitted under s.148 and it does not state the procedures in which law enforcement need to take before they can intercept communication, like a court order

2.3.6 THE CRIMINAL PROCEDURE ACT (CPA)[footnoteRef:81] [81: Criminal Procedure Act Cap. 80 L.F.N. 1990 Act Cap. C41 L.F.N. 2004]

The Act was enacted June 1, 1945 decades before the Internet was inventedand scores before Internet licenses were granted in Nigeria. It makes provisions for the mode of prosecuting criminals including certain fundamental issues like jurisdiction, examination of witnesses and admissibility of evidences.Under the CPA, witnesses are expected to be physically present in court during trials and witness who fail to appear personally could be subpoenaed and even detained and may be released on bail upon the same bail conditions available to the accused person[footnoteRef:82]. Children, infants and young persons (below 17 years) who may need to give evidences in court in camera for security and other reasons would still have to be physically present or their testimonies would not be accepted. [82: Part 20 Criminal Procedure Act Cap. 80 L.F.N. 1990 Act Cap. C41 L.F.N. 2004]

Cybercrime offences are usually trans-border and the needed witness who would give the very material evidence may not be in Nigeria to attend the proceedings. Upon that ground, the accused may be acquitted for failure to establish a prima facie case against him by reason of insufficient evidence. He may also be discharged for want of diligent prosecution. Another insufficiency evidenced in the CPA is the provision of Section 171[footnoteRef:83] which discourages the conviction of an offence twice. According to David Ashaolu, [83: Criminal Procedure Act Cap. 80 L.F.N. 1990 Act Cap. C41 L.F.N. 2004]

the rationale behind this provision hangs in the balance of reasoning as the effect of a crime being committed eventually and the resultant damage is far greater than that of its attempt. For example, a person convicted of attempting to disseminate a virus or malicious code will definitely serve a lesser punishment than if he had actually disseminated it. Where, unknown to the law enforcement agents at the time of his arrest, he had released the virus and the brutal effect had been found out later, he technically escapes proper punishment[footnoteRef:84] [84: David Ashaolu Combatting Cybercrimes in Nigeria. Electronic copy available at: http://ssrn.com/abstract=2028154 (Accessed: 29/5/2013)]

2.3.7 CRIMINAL JUSTICE (MISCELLANEOUS PROVISIONS) ACT[footnoteRef:85] [85: Criminal Justice (Miscellaneous Provisions) Act Cap. 78 1990 Act Cap. C39 L.F.N. 2004]

This Act serves as a supplement to the Criminal Code and the Criminal Procedure Act. It is an Act to impose stiffer penalties on persons who damage, disrupt or destroy telecommunications, electrical transmission lines and oil pipelines[footnoteRef:86]. For example, a person who prevents or obstructs the sending or delivering of communications by means of telecommunications is guilty of an offence.[footnoteRef:87] The penalty is a fine of N500 or 3 years imprisonment or both. Thus, hacking, where interception is occasioned, can come under this heading, since a hacker uses the telecoms. This will also sufficiently cover offences like illegal interception, which is under the classification of cybercrime[footnoteRef:88]. Dissemination of viruses and other malicious codes, especially where the motive is a DDoS (Denial of Service attack), will naturally prevent or obstruct the to and fro movement of communication codes. All these can be tried under this statute. [86: See Sections 1-3] [87: Section 1(1) (b)] [88: See note 52 supra pp.14]

Section 9 defines telephone works as meaning wire or wires used for telegram and telecommunications, with any casing, coating, tube, pipe, insulator, etc and including any apparatus for transmitting messages or other matters including the television, by means of electronic signals whether by overhead lines or underground cables or cables lying under water and any apparatus for transmitting messages with or without wires.

2.3.8 TELECOMMUNICATIONS AND POSTAL OFFENCES ACT 1995.[footnoteRef:89] [89: Cap. T4 L.F.N. 2004]

This law like the others also does not mention cybercrime but it helps in regulating persons engaging in computer fraud or doing anything relating to fake payments. Under the Act, whether or not the payment is credited to the account of an operator or the account of a subscriber is irrelevant and where the person is guilty of the offence, such person would be liable to imprisonment for a term of not less than 5 years without the option of a fine, in the case of an individual; and if the person is a body corporate, such person would be liable to pay a fine of N500, 000.[footnoteRef:90] It also prohibits the wilfully or maliciously stopping, dumping, intercepting, tampering or meddling, with or otherwise retarding the delivery electronic mails with an imprisonment term of not less than 5 years without the option of a fine.[footnoteRef:91] It generally regulates transactions done by electronic mails which are regularly used in Electronic Commercial Transactions and are subject to hacking, classified as a cybercrime under illegal access to data[footnoteRef:92]. Section 9 of the Act states that: [90: Section 4(h).] [91: Section 9(a).] [92: See note 52 pp. 14 Chapter 1]

if any person without lawful authority, fraudulently, wilfully or maliciously stops, delays, intercepts, tampers or meddles with any postal matter or electronic mail with intent to search or pilfer it,[footnoteRef:93] or secretes, destroys or defaces any postal matter, electronic mail or any part thereof or evidence of the existence of the postal matter, electronic mail or part thereof, whether or not the postal matter, electronic mail or part thereof so secreted, destroyed or defaced, contains money or other thing whatsoever, is guilty of an offence and liable on conviction to imprisonment for a term of not less than 7 years.[footnoteRef:94] [93: Section 9(b)(i).] [94: Section 9(b)(ii).]

The Act further states that: a person who steals any postal matter or electronic mail is guilty of an offence.[footnoteRef:95] As stated earlier, these provisions can be used to prohibit illegal tampering, access or interception of emails which can be done electronically, and this act can be regarded as a cybercrime. Also the act of transferring emails is also prohibited by the act, but is limited to a person charged with the delivery of such emails.[footnoteRef:96] The provision related to that states that: [95: Section 10.] [96: Section 12.]

a person who, being charged with the delivery of any postal matter or electronic mail, without lawful authority, fraudulently, wilfully or maliciously, dumps it or delivers it to a person or address other than the person or address stated on the postal matter or electronic mail is guilty of an offence.[footnoteRef:97] [97: Ibid]

2.3.9 THE MONEY LAUNDERING ACT[footnoteRef:98] [98: CAP M18]

This Act makes provisions for the prevention and punishment of money laundering, among other things, to regulate over-the-counter exchange transactions and empower the National Drug Law Enforcement Agency to place surveillance on Bank Accounts. Although, this act , like all other Acts, did not mention some cyber activities as cybercrimes, but certain provisions of the Act such as Section 6 and Section 15(e)[footnoteRef:99] can be used to reduce money laundering which is usually now done via electronic means. Money Laundering has been classified as a cybercrime. [99: This section deals with the special surveillance of certain transactions]

2.3.10 COPYRIGHT ACT[footnoteRef:100] [100: CAP. 68 LFN 1990 ACT CAP. C28 L.F.N. 2004]

Generally all the provisions of the Copyrights Act can be effectively used in tackling offences related to infringements of copyright and related rights, a classification of Cybercrime. Furthermore the Act confers copyright on musical works, artistic works, cinematograph films, sound recordings and broadcasts. It further states that literary work includes[footnoteRef:101], irrespective of literary quality, any of the following works or works similar thereto [101: Section 51]

a) novels, stories and poetical works; b) plays stage directions, film scenarios and broadcasting scripts; c) choreographic works; d) computer programmes; e) text-books, treatises, histories, biographies, essays and articles; f) encyclopedias, dictionaries, directories and anthologies; g) letters, reports and memoranda; h) lectures, addresses and sermons; i) law reports, excluding decision of courts; j) written tables or compilations;

2.3.11 THE INVESTMENTS AND SECURITIES ACT, 2007This Act like all other laws stated above does not mention, define or penalise cybercrime, but it deals with the offence of Advance Fee Fraud by electronic means in the cyber world, which can be classified as a Cybercrime. Section 108 (1) (d) of the Act provides that:No person shall record or store in, or by means of any mechanical, electronic or other device, create information which he knows to be false or misleading in a material particular with intent to induce or attempt to induce another person to deal in securitiesThe above provision deals with Advance Free Fraud in the dealing of securities and which could be done electronically, thus falling under the classification of cybercrime.

2.3.12 NATIONAL INFORMATION TECHNOLOGY DEVELOPMENT AGENCY ACT[footnoteRef:102] [102: NO. 28 ACT 2007]

This act does not prohibit any act or omission, but empowers the National Information Technology Development Agency (NITDA) with the power to make policy, guidelines and bills, basically making the NITDA an advisory body. Section 6 of the Act states that the NITDA shall:(a) Create a frame work for the planning, research, development, standardization, application, coordination, monitoring, evaluation and regulation of InformationTechnology practices, activities and systems in Nigeria and all matters related thereto and for that purpose, and which without detracting from the generality of the foregoing shall include providing universal access for Information Technology and systems penetration including rural, urban and under-served areas.(b) provide guidelines to facilitate the establishment and maintenance of appropriate infrastructure for information technology and systems application and development in Nigeria for public and private sectors, urban-rural development, the economy and the government;(c) develop guidelines for electronic governance and monitor the use of electronic data interchange and other forms of electronic communication transactions as an alternative to paper- based methods in government, commerce, education, the private and public sectors, labour, and other fields, where the use of electronic communication may improve the exchange of data and information;(d) develop guidelines for the networking of public and private sector establishments;(e) develop guidelines for the standardization and certification of Information Technology, Escrow Source Code and Object Code Domiciliation, Application and Delivery SystemsSection 34 of the Act helps in defining a lot of technical terms which can be helpful in future legislative laws on cybercrime. The Act in its interpretation section defines computer as: any electronic device or computational machinery using programmed instructions which has one or more of the capabilities of storage, retrieval, memory, logic, arithmetic or communication and includes all input, output, processing, storage, software, or communication facilities which are connected or related to such a device in a system or network or control functions by the manipulation of signals, including electronic, magnetic or optical, and shall include any input, output, data storage, processing or communication facilities directly related to or operating in conjunction with any such device or system or computer network It further defines Computer Network as the interconnection of one or more computers through a computer system."[footnoteRef:103] [103: See Section 34]

It also defines a Computer system as:a device or collection of devices, including input and output support devices and excluding calculators which are not programmable and capable of being used in conjunction with external files, which contain computer programmes, electronic instructions, input data and output data, that performs logic arithmetic, data storage and retrieval, communication control and other functions[footnoteRef:104] [104: Ibid]

It also defines data as:a representation of information, knowledge, facts, concepts or instruction which are being prepared or have been prepared in a formalised manner, and is intended to be processed, is being processed or has been processed in a computer system or computer network, and may be in any form (including computer printout, magnetic or optical storage media, punched cards, punched tapes) or stored internally in the memory of the computers[footnoteRef:105] [105: Ibid]

It further defined electronic form, with reference to information, any information generated, sent, received or stored in media, magnetic, optical, computer memory, micro film, computer generated, micro fiche or similar device. Also Electronic record is defined as any data, record or data generated, image or sound stored, received or sent in an electronic for or micro film or computer generated micro fiche[footnoteRef:106] [106: Ibid]

2.3.13 THE EVIDENE ACT 2011[footnoteRef:107] [107: Cap E14 Laws of the Federation 2004]

Section 84 of the Act allows for the admission of electronic evidence. This provision is a big step in prosecuting acts of Cybercrime in Nigeria. The section allows facts for which direct oral evidence can be given can equally be evidenced by a computer-produced document containing such facts, subject however to condition precedents as to the document, the computer from which it was generated and the person who generated it or manages the relevant activities captured in the document[footnoteRef:108], for instant, Cybercaf Managers, Secretaries, ATM Card User or experts the list is endless. The conditions are that[footnoteRef:109]: [108: Section 84(1)] [109: Section 84(2)]

i) The document is an output of information stored or processed regularly, over a period of time by a computer. Such information been for certain activities, profit or non-profit, by any body, corporation or individual; ii) The storage or processing above was in the ordinary course of the said activities and the statement replicates or derives from the information stored or processed over that period; iii) That for the time material, the computer was functioning properly or that though non-functional or malfunctioning at some material time; such had not prevented the production of the document nor affected its accuracy; and iv) The output clearly represents the input, or is a derivative of the input stored or processed. It should be noted that where a document is stored and processed in a manner involving more than a computer via internet or network or even data transmission by whatever means - Wifi, Bluetooth, Infrared and external storage chips (with or without human intervention, directly or indirectly), the final output shall be treated as having been generated by a single computer[footnoteRef:110]. So far as the conditions for its admissibility as stated above shall apply to all the computers and devices put to use. Before it is given in evidence, the law requires a Certificate of Authenticity of a computer-produced document, duly signed by the person who produced it or manages the relevant activities captured in the document[footnoteRef:111]. Such person must certify that they identify the document and state the manner in which it was produced; that the document was produced by a computer, by giving vital particulars of the device(s) deployed; and make any other disclosure as to the satisfaction of the preconditions stated above[footnoteRef:112]. Such certification will be sufficient with a statement therein that the matters so stated in it are to the best of the knowledge and belief of the maker correct. [110: Section 84(3)] [111: Section 84(4)] [112: Ibid]

Section 258[footnoteRef:113] implies that such things as information in computer memory or in diskettes, CD ROMs, video and audio tapes, movies, as well as telefaxes, computer printouts or printouts of electronic mails can be called documents. So also can GSM text messages and voice mails, bank electronic transfers or other internet transactions be called documents? They can therefore be attached to affidavits as documentary exhibits. They, like other documents, can even be attached to affidavits as objects and not documents when the aim is to prove not their written or language contents but of their physical nature or state. Other materials are also sometimes attached as exhibits. Damaged sunglasses, torn dresses etc have been tendered before courts through affidavit evidence in fundamental rights enforcement proceedings where the plaintiff or claimant was assaulted and his/her belongings damaged by the defendant. [113: Nigerian Evidence Act 2011]

In Esso West Africa Inc v. T. Oyegbola[footnoteRef:114], the issue for decision was whether or not computer statements of account and their ledger copies were receivable in evidence as books of account under Section 37 of the old Act. Section 51 in the revised Act[footnoteRef:115] which was previously Section 37 in the old Evidence Act provides that entries in books of account, regularly kept in the course of business, are relevant whenever they refer to a matter into which the court has to inquire, but that such statements shall not alone be sufficient evidence to charge any person with liability. In proof of a claim for the balance of an amount due and owing for petroleum products sold to the respondent, the appellants stated that they normally kept the respondents accounts and that at the end of each month statements of account were made out and sent to the respondent. The appellants attempt to tender the ledger copies of the statements of account already sent to the respondent in the manner stated above was rejected by the trial court on the ground that they did not constitute the type of books of account contemplated by the law; that the ones contemplated by the law were usually bound and the pages are not easily replaced. In rejecting that line of thought, the Supreme Court stated at p. 198 of the report that: [114: (1969) 1 NMLR 194, SC] [115: Cap E14 Laws of the Federation 2004]

Besides, section 37 of the Evidence Act does not require the production of books of account but makes entries in such books relevant for purposes of admissibility. The Law cannot be and is not ignorant of modern business methods and must not shut its eyes to the mysteries of the computer. In modern times reproduction or inscriptions on ledgers or other documents by mechanical process are common place and section 37 cannot therefore apply to books of account so bound and the pages not easily replaced.Considering the nature of affidavits in Nigeria, any document or material (electronically generated or not) attached to an affidavit automatically becomes part of the affidavit and gets entitled to the waivers and exemptions from certain rules of evidence which affidavits and their exhibits are entitled to. One of such is the waiver of the rule that requires only originals of exhibits and not copies to be produced in court except in very rare cases[footnoteRef:116]. [116: L. Adedeji Electronically Generated Exhibits In Affidavits Available at: http://thelawyerschronicle.com/index.php?option=com_content&view=article&id=144:electronically-generated-exhibits-in-affidavits&catid=34:law-a-practice&Itemid=56 Accessed: (29/7/2013)]

Subject to the rules on admissibility of documents, generally a document (electronically generated or not) attached to an affidavit as an exhibit forms part of the affidavit and should be considered together with the affidavit. As a document, it is even of greater evidential value and persuasive potential than the ordinary depositions in the affidavit. If there is a conflict between the depositions and the document, the document takes priority in matters of weight.[footnoteRef:117] [117: Ibid]