Cybercrime laws and regulations

Cybercrime laws and regulations

Cybercrime law includes laws related to computer crimes, internet crimes, information crimes, communications crimes, and technology crimes. While the internet and the digital economy represent a significant opportunity, they’re also an enabler for criminal activity. Cybercrime laws are laws that create the offences and penalties for cybercrimes. 

Cybercrime is a global problem, which requires a coordinated international response. 

Cyber crime has become a global phenomenon; this kind of crime has the serious potential for severe impact on our lives, society, and economy because our society is becoming an information society where communication takes place in cyberspace. While there are several textbooks talking about cyber crime, but only few literatures focus on the relevant laws to combat these seemingly uncontrollable phenomenon.  

In other words, most materials talk about the crime of cyber crime without talking about the cyber law. 

The world has seen a remarkable transformation in terms of the use of information communication technology (ICT) with the advent of Internet based companies. 

Goods and services are routinely purchased and delivered electronically leading to significant changes in industries like journalism, travel, and banking. Online payments cut across all industries and are being used by a significant portion of U.S. households. For example, eBay reports that literally millions of people make their entire living solely on the eBay platform  

It is obvious that the large portion of the population relies on the Internet, either directly or indirectly, for an ever increasing set of services. Seemingly nothing can slow this trend, with the possible exception of some catastrophic failure. 

 It is unlikely that the Internet as a whole will experience such a catastrophic technical failure, and in fact these borders on the impossible. What is possible, and perhaps even likely should current trends continue? Is the perception by Internet users that the Internet is unsafe and therefore unsuitable for everyday use even as we migrate towards cloud computing? Should this perception become widespread?  

Cyber crime, and other cyber issues are the one area that could cause this type of loss of faith in the safety of the Internet. Cyber crime is slowly getting worse, and that technical measures alone, while necessary and helpful, cannot significantly move the trend line in a positive direction. 

There is much data to support this position, and we do not think it is helpful to simply regurgitate that here. We believe that action is needed mostly from the government and non-governmental officials to counteract these negative trends.

Cybercrime describes:

1. crimes directed at computers, data or information communications technologies (ICTs), and

2. crimes committed by people using computers or ICT.

International cybercrime conventions

1. African Union Convention on Cyberspace Security and Personal Data Protection.

2. Council of Europe Convention on Cybercrime (also known as the Budapest Convention on Cybercrime)

Model cybercrime law

1  CW Model Law – Model Law on Computer and Computer-related Crime.

2. SADC Model Law – SADC Model Law on Computer Crime and Cybercrime. 

3. HIPCAR – Harmonization of ICT Policies, Legislation and Regulatory Procedures in the Caribbeans (Cybercrime/e-Crimes)

4. ITU – International Telecommunications Union Cybercrime Legislation Resources – ITU Toolkit for Cybercrime Legislation

Let's examine the Legal Framework for Cybercrime in Nigeria.

The most prevalent cybercrimes in Nigeria which are codified into the Cybercrimes (Prohibition, Prevention, etc.) Act 2015

(the Act) are hacking, software piracy, pornography, viruses and worms spamming, website cloning, credit card or ATM fraud, denial of service attack, virus dissemination, phishing, cyber plagiarism, cyber stalking, cyber defamation, cyber terrorism.

Apart from the Act, there are several other 

legislations which deal with cybercrimes in Nigeria, including the Criminal Code Act, Money Laundering (Prohibition) Act (MLA) 2011 Advance Fee Fraud Act, Nigeria Data Protection Regulation 2019 and Nigerian Communications Act (NCA) 2003. 

However, the focus of this article is the Act which is established primarily to curb cybercrimes in Nigeria.

The Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (“the Act”)

The Act has the objective of providing an effective and unified legal, regulatory, and institutional framework for the prohibition, prevention, detection, prosecution, and punishment of cybercrimes in Nigeria.

 The Act also seeks to promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property, and privacy rights.

 The Act establishes the Nigerian Cybercrime Working Group (NCWG) for the effective enforcement of the Act. The two major prosecuting bodies under the Act are the Economic and Financial Crimes Commission (EFCC) and the Federal Ministry of Justice. 

Curbing Cybercrimes in several Industries in Nigeria 

• Telecommunications:- The Cybercrime 

Act sets out the duties of telecommunication service providers in 

record retention and data protection. Under the Act, a relevant authority or a law 

enforcement agency can request for a 

service provider to 

(a) keep any traffic data, subscriber information, and content or non-content 

information; or

 (b) release any information it has stored. 

The Act further makes it a duty on service providers to release traffic data and subscriber information but restricts the use of this information to legitimate purposes only.

Banks and other Financial Institutions:-

The Nigeria Electronic Fraud Forum (NEFF) which is in conjunction with the 

Central Bank of Nigeria and Nigeria 

Bankers Committee has the sole aim of 

monitoring online bank transactions by 

sharing fraud data among banks and 

formulating risk management strategies to secure e-payment transactions. 

NEFF has created an organized structure to safeguard the integrity of e-payment channels and ensure consumers are protected from cyberattacks through electronic payments.

On a related note, the Nigeria Deposit 

Insurance Corporation (NDIC) controls 

the activities of financial institutions in 

Nigeria. NDIC has a supervisory power 

over insured financial institutions or banks

to request for information when required.

Let's examine the issue of Jurisdiction

Jurisdiction is so radical that it forms the basis of any adjudication and goes into the roots of any matter before the courts. If a court lacks jurisdiction, it also lacks the necessary competence to try the case. 

The Court of Appeal stated that “Jurisdiction is the life wire of a Court as no Court can entertain a matter where it lacks jurisdiction.”

The critical question in relation to cybercrimes is whether it can be said that cybercrime offences lack locus delicti or whether the offences could be said 

to have multiple locus delicti because the cases are multijurisdictional. 

In most cases, extradition is seen as an option of solving the jurisdiction challenge, but there must be an existence of extradition treaty between states to automatically return cybercriminals for trial. And in such case, the dual criminality principle needs to be fulfilled. This simply means that before a suspect can be validly extradited, both the requested state and state of domicile of the criminal must ensure that the alleged offence is punishable in their respective states.

In Nigeria, the Federal High Court has jurisdiction to try offences under the Cybercrime Act (the “Act”)14 and such offences are extraditable under the Extradition Act

.

Section 52 of the Act on its part provides as follows:

"The Attorney General of the Federation may request or receive assistance from any agency or authority of a foreign state in the investigation or prosecution of 

offences under this Act and may authorize or participate in any joint investigation or cooperation carried out for detecting, preventing, responding and prosecuting any offence under this Act. And such 

joint investigation or cooperation may be carried out whether or not any bilateral or multilateral agreements exist between Nigeria and the requested or requesting country. Furthermore, the AttorneyGeneral of the Federation may, without prior request, forward to a competent authority of a foreign State, information obtained in the course of an investigation, if such information will assist in the investigation of an offence or the apprehension of an offender under this Act".

This section clarifies the issue of existing treaties between states for extradition to be effective. The absence of a treaty will not hinder the enforcement of the law where there is an occurrence of cybercrime. 

Although under international law, no 

instrument imposes on sovereign nations an obligation to automatically extradite cybercriminals,but with the aid of cooperation between states, this

will enhance the prosecution of the cybercriminal.

The recent collaboration between the Federal Bureau of Investigation (FBI) and Economic and Financial Crimes Commission (EFCC) under the 

“operation rewired” in 2019 recorded tremendous success in apprehending cyber criminals and recovered the sum of $251,000 from 281 arrests recorded in the US and overseas, including 167 in 

Nigeria 17.

Another collaboration which has yielded positive results is a joint effort of International Criminal Police Organization (INTERPOL), Group-IB and Nigeria Police Force cybercrime Investigation, where three suspects have been arrested in Lagos which are believed to have compromised government and private sector companies in more 

than 150 countries since 2017

. 

For an investigation of cybercrime, the NDIC introduced a 24-hour toll-free telephone and a Complaint Unit in its Bank Examination Department and Special Insured Institutions Department (SIID) to enable bank customers and the general public report any financial abuses for 

investigation and possible resolution in cases where there are problems ranging from arbitrary interest charges, account balances manipulation and cybercrime issues in Nigeria. 

Conclusion.

The signing of the West African Police Information System (WAPIS) Programme which was implemented by INTERPOL, will create an overall development of a regional platform for stronger criminal data exchange and access to Interpol 

communication system.

The current partnership of the INTERPOL with the Organisation for Economic Co-operation and Development will also

create an interface for members of both 

organizations in curbing the continued increase in cybercrime.

The recent extension of information by 

INTERPOL to EFCC in the information platform codenamed 1p-247 will enhance the global police communications system to connect with law enforcement agencies in all the 194 INTERPOL member countries.

This has provided direct access for EFCC to obtain information about criminal activities across the world. With this 

development, countries will have quick and collaborative response to cybercrimes.

The seamless continuous communication and cooperation between INTERPOL and its Regional/State counterparts, as well as the domestication of treaties on extradition, will help minimize the jurisdictional challenge that has characterized the enforcement of cyber-crimes.

Meanwhile, the Nigerian government should normalize data sharing between government agencies and key private sector players in order to strengthen the law enforcement agencies. However, 

individuals and organizations involved in data control or processing must ensure that the data security measures for protection of their cyberspace are created, and such measures must be updated periodically to respond to emerging 

threats.