NIGERIAN CYBERCRIME LAW: WHAT NEXT? BY CHINWE NDUBEZE AT THE CYBER SECURE NIGERIA 2016 CONFERENCE ON 7 TH APRIL 2014
OUR MANDATE O The EFCC is the agency charged with the responsibility for the enforcement of all economic and financial crimes laws among other things. O This means that certain aspects of cybercrime enforcement fall within the purview of the mandate of the EFCC.
HOW WE DID IT O Advance Fee Fraud and Other Fraud Related Offences Act, 2006 (AFF ACT) was used by the EFCC in its fight against cybercrime especially as it relates to online fraud. However, the provisions of the AFF Act were: O Limited. For instance possession of documents containing false pretence/s and sending out mails containing false pretence online was criminalized. It did not cover situation where offending documents were found in a person s sent email box where the email account had been hacked? O Re-active rather than proactive -- No provisions for prevention O Silent on where to report cyber attacks? O Not robust enough to cover cybercrimes such as hacking, cyber espionage and terrorism, cyber pornography and such.
WHERE WE ARE O O O O The EFCC is happy that the Cybercrime (Prohibition, Prevention Etc.) Act 2015 has been passed into law. This will clearly aid the fulfilment of its mandate. The objectives of the Act are quite laudable and include to: Provide an effective unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria. Ensure the protection of critical national infrastructure. Promote cyber-security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.
VITAL PROVISIONS O Provides for the protection of Critical National Information Infrastructure (CNII) O Created cybercrime offences with prescribed penalties like computer related forgeries, online fraud, child pornography, cyber terrorism, identity theft, cyber: stalking; bullying; harassment, squatting, racist and xenophobic offences, dealing in e-tools, breach of confidence by service providers, manipulation of ATM and POS Terminals, phishing, spamming, spreading of computer virus, electronic card related offences,.
O Requires Cyber-cafe s to register as a business concern with Computer Professionals Registration Council in addition to registration with the CAC and also to maintain a register of users through a sign-in register. This register should be made available by the owner of the Cybercafé to law enforcement personnel when required.
ESTABLISHMENT OF THE NIGERIAN EMERGENCY RESPONSE TEAM O ngcert operations centre was officially commissioned and domiciled in the office of the NSA by the then NSA -- Mohammed Sambo Dasuki on 25 th May 2015, upon the Act being signed into law in 15 th May 2015. O https://www.cert.gov.ng/
Section 21: Duty to report Attacks O Anyone who operates a computer system or network are required to inform CERT of attacks, intrusions and other disruptions liable to hinder functioning of another computer system or network is duty bound to report such to CERT within 7 days or face denial of internet services and fine of N2m. O ngcert has the power to isolate affected computer systems or networks (botnets)
ADMINSTRATION AND ENFORCEMENT O ONSA to be the coordinating body, provide support, ensure formulation and effective implementation of a comprehensive cyber security strategy and a national cyber security policy for Nigeria, establish and maintain the CERT O Maintain National computer forensic laboratory or coordinate same for law enforcement, security and intelligence agencies, O Build capacity, establish platforms for PPP, coordinate Nigerian involvement with international cyber security cooperation and such similar responsibilities.
DUTIES OF RELEVANT AGENCIES UNDER THE ACT O Relevant Agencies include: Ministry of finance, ICPC, EFCC, ONSA, Federal Ministry of Justice, Ministry of Foreign Affairs, CBN, DSS, NPF, NIA, NAPTIP, etc. O Develop requisite institutional capacity for effective implementation of the Act. O Collaborate with the ONSA to Initiate, develop and organize training programmes nationally or internationally for relevant officers.
CYBERCRIME ADVISORY COUNCIL (THE COUNCIL) O The Act established the Council to be comprised of a representative of relevant Ministries and Agencies (as listed in Schedule 1), who shall not be below the directorate rank in the public service. O The duties and functions of the Council include: providing platform for information sharing; formulation of policy guidelines regarding the implementation of the Act; advise on prevention and combating measures; establish programs for the award of grants to encourage research in the field including the promotion of graduate Internship in the field.
NATIONAL CYBERSECURITY FUND (THE FUND) O The Act established the fund to be domiciled in the CBN. Sources of the Fund shall include: O GSM service providers; Internet Service Providers, Banks and Other FI s, Insurance Companies and the Nigerian Stock Exchange to pay prescribed levies on all E-Transactions to be credited to the Fund; O Grants-in-aid and assistance from donor, bilateral and multilateral agencies; O Unencumbered, gifts, endowments, bequests or other voluntary contributions by persons and organisations; O Appropriated Funds by the National Assembly; O Monies or assets that accrue from time to time. O The office of the NSA to keep record of the Fund.
EXPANDED JURISDICTION O Federal High Court located in any part of Nigeria has the jurisdiction to try offences under the Act if committed: O In Nigeria; in a ship or aircraft registered in Nigeria; by a citizen or resident in Nigeria if his act would amount to a crime in the country where the offence was committed; O Offences committed outside Nigeria can be tried in Nigeria where victim is a citizen or resident in Nigeria; the offender is in Nigerian and is not extradited to any other country for prosecution.
THE WAY FORWARD O Complete implementation of the Act is required. O The inauguration of the Cyber crime Advisory council. This has been slated to take place on 18 th April 2016. O The National Cyber-security Fund needs to be up and running with the inauguration of the Council. This will provide the requisite funds to handle the emerging challenges in this area.
O Legislation to regulate Electronic Commerce is necessary. O Data Protection Legislation. O Development of technical and man power competence especially for law enforcement is very essential, eg. computer forensics specialists. O What about preparing for the expected growth of Internet of Things (IOT). Need to leverage on what is being suggested by many as the 4 th Revolution to grow our digital economy.. O Public education on basic internet security procedures appear urgent.