Legal aspects of e-payment in government
What is e-payment?
Electronic payments system refer to all payments that are completed using some form of electronic communications technology with a range of payments instruments such as debit or credit cards, Internet payments, direct debiting of accounts and the use of mobile phones or set-top boxes. Stored value, pre-paid cards and accounts, electronic money and click-through transactions are also included. The ability to complete payments with confidence is critical to the efficient functioning of the electronic transaction marketplace and therefore to the development of e-commerce more generally.
What is e-government?
E-Government has been defined as a way for government to use the new technologies to provide people with more convenient access to government information and services, to improve the quality of the services and to provide greater opportunities to participate in democratic institutions and processes. E-Government presents Nigeria with huge opportunities to move firmly into the 21st Century with higher quality, cost effective, government services and better relationship between Nigerians and their government.
Some advantages of E-government are as follows:
* It will be easier for people to have a say in government.
* People will receive more integrated services because different government organisations will be able to communicate more effectively with each other.
* People will get better services from government organisations.
* People will be better informed because they can get up-to-date and comprehensive information about government laws, regulations, policies and services.
Nigerian E-government initiatives
In the last two-three years, E-government has been slowly creeping into our everyday lives. In Lagos State, the enquiry and collection of state taxes have increasingly become Internet friendly with tax-payers able to assess tax payments history online. At the federal level, the Nigerian Immigration has blazed the trail with online payment for new passports and other services. Sometime ago, the Federal Government through its Accountant General, issued a circular making it mandatory for payments to personnel and contractors to be made electronically.
Although this is a welcome innovation and the advantages are very visible, there are significant legal issues, which must be addressed as this mode of doing business evolves. This article will analyse some of those issues and proffer solutions.
Key legal issues
One of the clear benefits of electronic transactions between citizens and government is the opportunity to collect “customer” information that can be used as a key input to operational and policy decision making. It has been argued and I agree that as attractive as this benefit might be to public sector planners, the possibility that an electronic transaction will provide an instant window on citizen’s details represents a real threat to personal privacy while online. In Nigeria, it would mean that if strict data security procedures are not put in place; citizen’s details will be available for both legal and illegal purveyors of information. Only recently in the United Kindom, a country operating one of the most advanced e-government systems a sensitive database containing highly personal information on 25 million citizens was lost by the government and has not been found till date. This database contained national insurance numbers along with names, addresses, bank account details of 25 million citizens.
The only law that relates to the issue of privacy in Nigeria at the time of writing this paper is Section 37 of the 1999 Constitution of the Federal republic of Nigeria which provides that “the privacy of citizens, their homes, correspondence, telephone conversations and telegraphic communications is hereby guaranteed and protected”.
This provision is certainly not adequate when compared to having a separate law that governs protection of personal data which takes into consideration the enormous issues and complexities of processing personal data.
An example is the Data Protection Act 1998 of the United Kingdom, which sets out eight principles which are:
* The data shall be processed fairly and lawfully;
* it is only obtained for one or more specified and purposes lawful purposes;
* it shall be adequate, relevant and not excessive;
* it shall be accurate and up to date;
* it is not kept for longer than necessary;
* it is processed in accordance with the data subject’s rights;
* it is kept secure using technical and organizational methods; and
* it is not transferred out of the European Economic Area (EEA) unless there is an adequate level of protection for data subjects.
In the same vein, the New Zealand’s privacy legislation (the privacy Act 1993) offers broad protection of individual privacy that should address citizen’s concerns. Some of the principles, which are similar to the Data Protection Act are as follows:
* The individual must be made aware of a number of matters (including that information is being collected, the purpose for which the information is being collected, the intended recipients of the information, and the name and address of the agency collecting the information).
* Personal information must be protected by adequate security systems.
* Personal information shall not be used unless it is accurate, up to date, complete, relevant and not misleading.
* Personal information must not be used for any purpose other than which it was collected.
It is extremely sad that the Nigerian government has nothing close to these principles enumerated above to protect its citizens. The current passport information that is being uploaded to Immigration database has dangerous implications if not adequately protected by laws enacted by the National Assembly.
Although not a necessary function of online billing, another web-based innovation has been the use of ‘cookies’ or small pieces of code, to build profile on the needs, preferences and patterns of expenditure of any individual visiting particular web sites. Cookies work by placing an identifying code on the hard drives of those who visit the site. This code allows the visitor to be tracked as they travel through the website and to be recognised on subsequent visits. For example if you regularly visit the Corporate Affairs Commission (CAC) website, a “cookie” would have been placed on your hard drive to facilitate greater efficiency and service delivery. However such information on the profile of the user needs can be used without his permission and this would definitely violate privacy laws.
There is no doubt that with the introduction of e-payment systems in government there will huge issues relating to fraud and crime. There are various methods of electronic funds transfer that can be used to effect payment and the most common method is the use of debit cards popularly called ATM cards. The usual method for online payment would require a user to be directed a secure site where personal and confidential information is entered in order to authenticate the transaction. In addition with the recent government directive electronic funds transfer (EFT) will join debit cards as a popular mode of payment. In fact it is safe to say that the recent Federal Government circular is aimed at eliminating fraud and corruption in payment of government contractors and employees.
Nevertheless, implementation of these systems will also open up huge avenues for cybercrimes, which can substantially eliminated by proactive and incisive legislation which Nigeria currently does not have.
Put simply, Nigeria has no adequate laws for criminals in this electronic age. The traditional offence of stealing cannot cover for example someone who lures you by an e-mail to provide your bank details and then transfers all the funds from your account electronically to an account of his choice. Below are some of the online avenues of fraud, which can be substantially addressed by legislation.
Phishing is the unsolicited sending of an e-mail to another person. This e-mail purports to be from a financial institution or indeed a government agency where the recipient is a contractor asking you to send some key parts of your personal information for whatever reason (for instance to update your account). The e-mail states that failure to forward this information could lead to a suspension or closing of the account.
Phishing is a type of fraud committed by means of the internet and involves a party misrepresenting their identity in order to elicit personal information such as access codes and passwords from another internet user, which they then use to their own advantage. This activity is commonly used to access bank accounts and remove funds from them. With the advent of e-government it might also be used by criminals to obtain information from unsuspecting citizens, which can be used to defraud them.
If a criminal gets access to your personal information through any means including phishing it can be used to open bank accounts and get loans, state documents such as passports and driving licenses in your name. Implementing e-payment systems will definitely open citizens up to these types of crimes
In many countries specific laws make it a crime to use another person’s identity for personal gain.
However, in Nigeria at the moment there are no direct laws that prevent or criminalise this kind of fraud. Collateral or “embedded laws” cannot help this situation as most forward looking countries have set up specialized laws and “well funded” state agencies to deal with this serious problem.
As the government has made the move to e- payment for its services, there is no doubt that with time, there will be certain contracts that would have to be concluded using electronic means that is without the traditional paper document and an endorsement at the bottom of the page.
How then can a contract via electronic mail have any authenticity or how can it be said to be admissible in a court of law? These issues and many more are addressed in my book “Electronic Contract Formation -The Nigerian initiatives.”
Electronic signatures provide that answer; however it must first be pointed out that this should not be confused with an actual electronic signature at the bottom of the e-mail instead it is the fact that the document carries information in it that it came from a particular person that constitutes the signature.
An electronic signature enables the recipient of the information to verify the authenticity of the origin of the information and to ensure that the information is still in its original form. Further more it provides non-repudiation, which means that the sender is unable to claim that they did not send it.
However electronic signatures have a problem in the sense that you only know that the message came from “A” but how do you know who “A” is.
The solution to that is to use a trusted third party or what is called a Digital Certificate. Its function is similar to a physical certificate and it verifies the authenticity of the sender.
However, at the time of writing this paper, Nigeria has no laws that recognise or protect electronic signatures. Electronic signatures have the possibility of conferring greater authenticity than the traditional document which is endorsed at the bottom; reason being that with Electronic signatures and the use of trusted 3rd parties it is guaranteed that the message will remain unchanged unlike a paper document which can be altered in different ways.
User charges and ‘convenience fees’
In Nigeria it is expected that the government agency enabling legislation and accompanying regulations will make provision for the specification of user charges, or the method for calculating user charges for government services. Nevertheless regulations are not always technologically neutral and may not anticipate electronic transactions or the application of user charges to them. Therefore, this will need to be addressed by each agency in developing their electronic billing capacity.
In case of debit cards the ability to add on convenience fees may be less difficult due to the nature of the cards. However with respect to credit card transactions, any potential on-charging of credit cards charges to the customer is subject to the international franchising rules under which the local franchises and their agents, the banks operate. These rules do not allow the cost of credit card transactions to be passed to the customer and this policy is reflected in merchant agreements between the banks and billing agents.
Reportedly, some international card companies are said to be willing to entertain a more liberal approach with respect to ‘convenience fees’ that may be on-charged to the customer. While this might have the benefit of reducing costs to government departments, it is also a disincentive on customers and may impact adversely on uptake.
The only way forward as I have consistently said is legislation and proactive regulation. Nigeria is too slow and far behind in terms of legislation to back up the gains that have been made in the ICT sector the last few years. The National Assembly must wake up to this responsibility and pass far reaching laws. In fact, I declare that it is a national emergency for these laws to be passed because these e-payment systems especially in government have the potential effect in reducing the cost of running government especially in this economic downturn.
I daresay that e-payments systems especially will not work efficiently without the enabling legislation. It is sad that a country as small as Vanuatu in the Pacific has as far back as 2000 passed an Electronic Transactions Act and E-Business Act. We shall continue to hope and pray.
* Adeniji Kazeem is the Managing Partner of Adeniji Kazeem & Co., Lagos.