Cybercrimes Act 2015 and need for further amendments
EVEN the older generation are quite aware that the times have changed. We are now in the age of technology. No one can deny this fact. Not even the few who found it difficult to adapt to this change. Denying this fact is tantamount to living in the very past.
Cyber space defines the world in which we live today. Internet transactions are gaining momentum everyday. Consequently, as in the real world, there are a number of deliquents who would use the cyberspace in a rather negative way. This is a universal phenomenon, not limited to Nigeria. No doubt, this has created the need to push for a law to protect genuine internet users.
In other jurisdictions, such laws protecting cyber users have been existing, but for Nigeria, it is just starting. The Act is known as the Nigeria Cybercrimes Act 2015. The new Cybercrimes Act, signed into law on May 15, 2015 stipulates that, any crime or injury on critical national information infrastructure, sales of pre-registered SIM cards, unlawful access to computer systems, Cyber-Terrorism, among others, would be punishable under the new law.
In fact it made some elaborate provisions in its quest to protect Nigerians from unscrupulous elements. But stakeholders at a forum last weekend in Lagos explained that it overreached itself by delving into items that ordinarily are not supposed to be in it, in addition to other inherent fundamental flaws.
The event, organised by Technology Times Outlook, reviewed the Act; revealing the pros and cons of the new law; what it portends for the fight against cybercrime, as well as the possibilities for Cybersecurity in Nigeria.
Keynote speaker, Mr Basil Udotai, the managing partner, Technology Advisor and the pioneer Director and Head of the Directorate for Cybersecurity (DfC) at the Office of the National Security Adviser (NSA) while praising the enactment of the law, criticised certain provisions of the law.
His words: “For a while people were really worried that digital economy had carried on with the absence of legal framework for cybercrime/cybersecurity; a glaring gap in law enforcement. The law has wiped out the tears of Nigerians. It is the first statutory instrument in the country that criminalises online actions, prescribing punishment and creating legal proceedures for investigation, protection and enforcement. For the first time in Nigeria, anybody that damages critical infrastructure will be liable because the law mandated the creation of national forensic laboratory. The Attorney General(AG) now has the mandate to issue regulatory statements over cybercrime and cybersecurity. The law also created an advisory council.”
He however pointed out that there are lots of loopholes in the law. According to him, the challenges manifests in the area of enforcement, compliance, cybercrime investigation, the cybersecurity funds, the conflict arising from the National Security Agencies Act which cannot be amended except by the constitution and others.
On the area of enforcement, he said section 7 mandates every cybercafe operator to register with the Computer Professionals Registration Council of Nigeria (CPN), which he said was not necessary, adding that it also failed to provide for a single enforcement institution.
He noted that the enforcement framework will provide a choatic compliance. “Is there a conspiracy to ensure Nigeria doesn’t enforce cybercrime? You may feel that way if you look at the enforcement framework designed for this Law. But I think it was an error, which should be corrected: Decentralized and Distributed Enforcement Framework: NSA to coordinate enforcement by all LEA and Security Agencies (“relevant law enforcement agencies”); Cybercrime investigation, prosecution and enforcement – separated?”, he queried. According to him, traditional approach in our Criminal Justice System usually based on confered authority has now been departed from. “It is an unprecedented departure from the norm, and very unlikely to work”, he said.
The Cybercrime Act is made up of 59 Sections, 8 Parts; and 2 Schedules. 1st Schedule lists the Cybercrime Advisory Council; 2nd Schedule lists businesses to be levied for the purpose of the Cybersecurity Fund under S.44(2)(a) GSM service providers and all telecom companies; Internet service providers; Banks and other financial institutions; Insurance companies; and Nigerian Stock Exchange.
“Ideally, the principles around Cybercrime legislations require that the law focuses on computer-related offences; Content-related offences; Computer integrity offences; Jurisdiction and Procedural issues: International harmonization/relations. But a review of the law indicates that in addition to meeting the foregoing milestones commendably, the drafters made strenuous efforts in seeking to bank transactions: the danger of a single story”, he stated.
Udotai added that the Act is in conflict with the constitution in respect of the provisions of the National Security Agencies Act (NSA). He explained that the Constitution made (a) the National Youth Service Corps Decree 1993; (b) the Public Complaints Commission Act;(c) the National Security Agencies Act and (d) the Land Use Act enactments that cannot be invalidated except in accordance with the provisions of section 9 (2) of the Constitution.
He also said a levy of 0.005 of all electronic transactions by the businesses specified in the second schedule to this Act in Section 44 may not deliver. ‘’With a trillion or so worth of transactions, someone put the number that is likely to result to the fund at N600m”, he noted.
In conclusion, Udotai said: “The Cybercrime Act though long in coming and beset with certain challenging components, may be applied to effective tackle Nigeria’s cybercrime and cybersecurity challenges. But deliberate efforts have to be made by the key players; Office of the National Security Adviser (ONSA) and the Office of the Attorney General of the Federation (OAGF) working with stakeholders to make this a reality.”
Earlier, the founder/group Chief Executive Officer of Technology Times, Shina Badaru in his welcome address stated that cyberspace is now connected to the new world in which we live. “If you are not using mobile phone, you are probably using the Bank ATM. As we live and work within the dormains and networks, the users must have the comfort that there is a legislation that protects them while they work and play”, he said.
In his contribution, the group Chief Executive Officer of Proshare Nigeria, Mr Femi Awoyemi said though the Act is not perfect, it is praiseworthy. According to him, no Act of legislation would ever be perfect. He explained that the Act is not an act to catch criminals, but an act that defines the way we live and act as a people.
Other members of the panel who made outstanding contributions to the topic include the immediate past chairman of the Nigerian Bar Association (NBA), Lagos branch, Mr Alex Muoka; President, Consumer Advocacy Foundation of Nigeria (CAFON), Ms Sola Salako; Head, Legal Services and Board Matters Unit, National Information Technology Development Agency (NITDA), Emmanuel Edet as well as the Chief Corporate Services Officer, Smile Communications Nigeria Limited, Mr. Tobe Okigbo.
However, the final verdict from participants is that the Act requires urgent amendment to make it more effective in achieving the desired goal even though there are those who harped on the need to concentrate on the act of preventing cybercrime than prescribing punishment for offenders.