UNIT 1 CYBERCRIME LEGISLATIONS IN NIGERIA AND SELECTED AFRICAN COUNTRIES
3.2 Advance Fee Fraud and Other Fraud Related Offences Act, 2006
125
cybercriminals and potential cybercriminals the penalties imposed for most of the offences are relatively severe.
126
11. Restitution
Part II - Electronic Telecommunication Offences etc. It covers the following sections:
12. Duty to obtain subscriber‟s name and address.
13. Duties of telecommunication Internet Service Providers and Internet Cafes.
Part III – Jurisdiction. It covers the following sections:
14. Jurisdiction to try offences, etc.
15. Possession of pecuniary resources not accounted for.
16. Power to control property of an accused person.
17. Power to make order of forfeiture without conviction of an offence.
18. Power of arrest.
19. Power to grant bail.
Part IV – Miscellaneous. It covers the following sections:
20. Interpretation.
21. Repeals the Advance Fee Fraud and Other Fraud Related Offences Act No.13 of 1995 and the Advance Fee Fraud and Other Fraud Related Offences (Amendment), 2005.
22. Citation.
The Act re-enacts a consolidated Advance Fee Fraud and Other Fraud Related Offences Act, 2006 and provides the Federal High Court, the High Court of the Federal Capital Territory, the High Court of the States, with the jurisdiction to try offences and impose penalties provided under it.
127
Before the enactment of the Cybercrime (Prohibition, Prevention Etc.) Act, 2015, law enforcement agencies in Nigeria such as the Nigerian Police Force and the Economic and Financial Crimes Commission relied on the Advance Fee Fraud and other Fraud Related Offences Act, 2006 and other related laws to persecute cybercriminals. It is important to note that in the early days of cybercrime in Nigeria, online advance fee fraud otherwise known as “yahoo-yahoo” was the most prevalent type of cybercrime in Nigeria. This is because broadband internet was not well developed in Nigeria and the public could only access the internet from cyber cafes. However, today, with the breakthrough in e-economy and increased internet access, other types of cybercrime have emerged.
3.3 Other Cybercrime Related Legislations
Apart from the Cybercrime (Prohibition, Prevention etc.) Act , 2015 and Advance Fee Fraud and Other Fraud Related Offences Act, 2006, there are other legislations that are not explicit on cybercrime but can be relied on in the policing of cybercrime and prosecution of cyber criminals. Some of these legislations include:
i. Money Laundering (Prohibition) (Amendment) Act, 2012. The Act amends the Money Laundering (Prohibition) No. 11 2011 to expand the scope of money laundering offences and enhance customer due diligence measure. The Act clearly prohibits the laundering of proceeds of crime and illegal activities. Section 15 (1) stipulates:
Money laundering is prohibited in Nigeria. (2) Any person or body corporate, in or outside Nigeria, who directly or indirectly (a) conceals or disguises the origin of; (b) converts or transfers;
(c) removes from the jurisdiction; or (d) acquires, uses, retains or takes possession or control of; any fund or property, knowingly or reasonably ought to have known that such property is, or forms
128
part of the proceeds of an unlawful act; commits an offence of money laundering under this Act.
The penalty for contravening Section 15, Sub-section 2 is stated in Section 15 (3):
A person who contravenes the provisions of subsection (2) of this section is liable on conviction to a term of not less than 7 years but not more than 14 years imprisonment. (4) A body corporate who contravenes the provisions of subsection (2) of this section is liable on conviction to- (a) a fine of not less than 100% of the funds and properties acquired as a result of the offence committed; and (b) withdrawal of licence. (5) Where the body corporate persists in the commission of the offence for which it was convicted in the first instance, the Regulators may withdraw or revoke the certificate or licence of the body corporate
The unlawful act which Section 15; Sub-section 2 of the Act referred to is elaborated in Section 15, Sub-section 6 of the Act:
The unlawful act referred to in subsection (2) of this section includes participation in an organized criminal group, racketeering, terrorism, terrorist financing, trafficking in persons, smuggling of migrants, sexual exploitation, sexual exploitation of children, illicit trafficking in narcotic drugs and psychotropic substances, illicit arms trafficking, illicit trafficking in stolen goods, corruption, bribery, fraud, currency counterfeiting, counterfeiting and piracy of products, environmental crimes, murder, grievous bodily injury, kidnapping, hostage taking, robbery or theft, smuggling (including in relation to customs and excise duties and taxes), tax crimes (related to direct taxes and indirect taxes), taxes crimes (related to
129
direct taxes and indirect taxes) extortion, forgery, piracy, insider trading and market manipulation or any other criminal act specified in this Act or any other law in Nigeria.
There are several organized cybercrime groups operating across the globe. These cybercriminals usually target financial institutions, businesses and other institutions.
For example, they may use malware or social engineering tactics to access targeted bank accounts and make illegal fund transfers. The illegal proceeds of crime are laundered using cryptocurrencies in order to conceal it. It has been argued that cybercriminals account for 10 percent of the total illegal profits that are laundered globally.
Obviously, the laundering of proceeds of cybercrime described above which is a fraudulent activity not only contravenes the provisions of the Cybercrime (Prohibition, Prevention Etc.) Act, 2015 but also contravenes the Money Laundering (Prohibition) (Amendment) Act, 2012.
ii. Evidence Act, 2011
The Evidence Act, 2011 repeals the Evidence Act, Cap. E14, Laws of the Federation of Nigeria, 2004 and enacts a new Evidence Act, 2011 which applies to all judicial proceedings in or before Courts in Nigeria. The old evidence Act did not explicitly recognize electronic or computer generated documents. The implication is that electronically generated evidence was not admissible during proceedings in the court of law. However, following the enactment of the Evidence Act, 2011, electronic evidence became admissible. Section 84 (1) of the Evidence Act 2011 provides:
In any proceeding, a statement contained in a document produced by a computer shall be admissible as evidence of any fact stated in it of which direct oral evidence will be
130
admissible, if it is shown that the conditions in subsection (2) are satisfied in relation to the statement and computer in question.
(2) The conditions referred to in subsection (1) are –
(a) that the document containing the statement was produced by the computer during a period over which the computer was used regularly to store or process information for the purpose of any activities regularly carried on over that period, whether for profit or not, by anybody, whether corporate or not, or bay any individual.
(b) that over that period there was regularly supplied to the computer in the ordinary course of those activities information of the kind contained in the statement or of the kind form which the information so contained is derived;
(c) that throughout the material part of the period the computer was operating properly or, if not, that in any respect in which it was not operating properly or was out of operation during that part of that period was not such as to affect the production of the documents or the accuracy of its contents;
and
(d) that the information contained in the statement reproduces or is derived from information supplied to the computer in the ordinary course of those activities.
Furthermore, Section 93 of the Evidence Act, 2011 provides for the recognition of electronic signature. It stipulates:
If a document is alleged to be signed or to have been written wholly or in part by any person, the signature or the handwriting
131
of so much of the document as is alleged to be in that person‟s handwriting must be proved to be in his handwriting.
(2) Where a rule of evidence requires a signature, or provides for certain consequences if a document is not signed, an electronic signature satisfies that rule of law or avoids those consequences.
(3) An electronic signature may be proved in any manner including by showing that a procedure existed by which it is necessary for a person, in order to proceed further with a transaction, to have executed a symbol or security procedure for the purpose of verifying that an electronic record is that of the person.
The above cited sections of the Evidence Act, 2011 clearly underscores the relevance of the Act to effective prosecution of cybercrime cases. Evidence required in most cybercrime cases are electronic in nature. This means that they are often stored in computers and other electronic devices. Therefore, the retrieval and presentation of such evidence in the court of law during trial can assist the prosecutors in proving their case against a cybercrime suspect. Of course, this Act will compliment the Cybercrime (Prohibition, Prevention, Etc.) Act, 2015.
3.4 Cybercrime Legislations in Selected African Countries
There are cybercrime legislations in other African countries. While some of these legislations seem old and not explicit on emerging patterns of cybercrime, others are recent and quite explicit on cybercrime. Some of these legislations will be discussed below.
132
The Republic of South Africa - Electronic Communications and Transactions Act 25 of 2002
The Republic of South Africa - Electronic Communications and Transactions Act 25 of 2002 was assented to on 31 July, 2002 and amended by the Consumer Protection Act 68 of 2008 which became effective from 31 March, 2011. It provide for the facilitation and regulation of electronic communications and transactions; to provide for the development of a national strategy for the Republic; to promote universal access to electronic transactions by SMMEs; to provide for human resource development in electronic transactions; to prevent abuse of information systems; to encourage the use of e-government services; and to provide for matters connected therewith.
The object of the Act is listed in section 2.
The objects of this Act are to enable and facilitate electronic communications and transactions in the public interest, and for that purpose to-
(a) recognise the importance of the information economy for the economic and social prosperity of the Republic;
(b) promote universal access primarily in underserviced areas;
(c) promote the understanding and, acceptance of and growth in the number of electronic transactions in the Republic;
(d) remove and prevent barriers to electronic communications and transactions in the Republic;
(e) promote legal certainty and confidence in respect of electronic communications and transactions;
(f) promote technology neutrality in the application of legislation to electronic communications and transactions;
(g) promote e-government services and electronic communications and transactions with public and private bodies, institutions and citizens;
133
ensure that electronic transactions in the Republic conform to the highest international standards;
(i) encourage investment and innovation in respect of electronic transactions in the Republic;
(j) develop a safe, secure and effective environment for the consumer, business and the Government to conduct and use electronic transactions;
(k) promote the development of electronic transactions services which are responsive to the needs of users and consumers;
(l) ensure that, in relation to the provision of electronic transactions services, the special needs of particular communities and, areas and the disabled are duly taken into account;
(m) ensure compliance with accepted International technical standards in the provision and development of electronic communications and transactions:
(n) promote the stability of electronic transactions in the Republic;
(o) promote the development of human resources in the electronic transactions environment;
(p) promote SMMEs within the electronic transactions environment;
(q) ensure efficient use and management of the .za domain name space;
and
(r) ensure that the national interest of the Republic is not compromised through the use of electronic communications.
The Act provides for sixteen (16) chapters covering: interpretation, objects and applications; maximizing benefits and policy framework; facilitating electronic transactions; e-government services; cryptography providers; authentication service providers; consumer protection; protection of personal information; protection of critical databases; domain name authority and administration; imitation of liability of
134
service providers; cyber inspectors; cybercrime; and general provisions. Chapter XIII which is titled cybercrime comprise of the following sections:
85. Definition
86. Unauthorized access to, interception of or interference with data 87. Computer-related extortion, fraud and forgery
88. Attempt, and aiding and abetting 89. Penalties
This particular chapter of the Act that focuses on cybercrime is not comprehensive enough because when compared to for example, the Nigerian Cybercrime (Prohibition, Prevention Etc.) Act, 2015, it is obvious that it does not capture many emerging variants of cybercrime. However a comprehensive cybercrime bill is reportedly before the South African parliament and is expected to be passed into law soon.
The Republic of Ghana - Electronic Transactions Act, 2008 (Act No.772)
The Electronic Transactions Act, 2008 (Act No.772) was the first major legislation on cybercrime in Ghana. The Act provides for the regulation of electronic communications and related transactions as well as connected purposes. The Act which is enacted by the President and Parliament of the Republic of Ghana was assented to on 18th December, 2008. Section 1 provides for the object of the Act:
The object of the Act is to provide for and facilitate electronic communications and related transactions in the public interest, and to (a) remove and prevent barriers to electronic communications and transactions;
(b) promote legal certainty and confidence in electronic communications and transactions;
135
(c) promote e-government services and electronic communications and transactions with public and private bodies, institutions and citizens;
(d) develop a safe, secure and effective environment for the consumer, business and the Government to conduct and use electronic transactions;
(e) promote the development of electronic transaction services responsive to the needs of consumers;
(f) ensure that, in relation to the provision of electronic transactions services, the special needs of vulnerable groups and communities and persons with disabilities are duly taken into account;
(g) ensure compliance with accepted international technical standards in the provision and development of electronic communications and transactions;
(h) ensure efficient use and management of the country domain name space; and
(i) ensure that the interest and image of the Republic are not compromised through the use of electronic communications.
Sections 5 to 24 of the Act provides for the following electronic transactions:
5. Recognition of electronic message 6. Original writing
7. Admissibility and evidential weight of electronic records 8. Retention of electronic records
9. Secure electronic records 10. Digital signature
11. Equal treatment of digital signatures 12. Signing of an electronic record
136
13. Conduct of a person relying on a digital signature
14. Recognition of electronic certificates and digital signatures 15. Notarisation, acknowledgement and certification
16. Other requirements 17. Automated transactions 18. Dispatch of electronic record 19. Receipt of electronic record
20. Expression of intent or other statement
21. Attribution of electronic records to originator 22. Acknowledgement of receipt of electronic record 23. Formation and validity of agreements
24. Variation by agreement between parties
Furthermore, Sections 107 to 140 provide for cyber offences as follows:
107. Stealing 108. Appropriation 109. Representation
110. Charlatanic advertisement 111. Attempt to commit crimes 112. Aiding and abetting 113. Duty to prevent felony 114. Conspiracy
115. Forgery 116. Intent
117. Criminal negligence
118. Access to protected computer
119. Obtaining electronic payment medium falsely 120. Electronic trafficking
137
121. Possession of electronic counterfeit-making equipment 122. General offence for fraudulent electronic fund transfer 123. General provision for cyber offences
124. Unauthorized access or interception
125. Unauthorized interference with electronic record 126. Unauthorized access to devices
127. Unauthorized circumvention 128. Denial of service
129. Unlawful access to stored communications
130. Unauthorized access to computer programme or electronic record
131. Unauthorized modification of computer programme or electronic record 132. Unauthorized disclosure of access code
133. Offence relating to national interest and security 134. Causing a computer to cease to function
135. Illegal devices 136. Child pornography 137. Confiscation of assets 138. Order for compensation
139. Ownership of programme or electronic record 140. Conviction and civil claims
There are some similarities between the cybercrime offences listed above and those listed in the Nigerian Cybercrime (Prohibition, Prevention Etc.) Act, 2015.
For example, Section 131 of the Ghanaian Electronic Transaction Act, 2008 which criminalized unauthorized modification of computer programme or electronic record, is similar to Section 16 of the Nigerian Cybercrime (Prohibition, Prevention Etc.) Act, 2015 which criminalized unauthorized modification of computer systems, network data and system interference. Also, Section 136 of the Ghanaian Electronic Transaction Act, 2008 which criminalized child pornography is similar to Section 23
138
of the Nigerian Cybercrime (Prohibition, Prevention Etc.) Act, 2015 which criminalized cyber pornography and related offenses. However, the Nigerian Cybercrime (Prohibition, Prevention Etc.) Act, 2015 seems to be more explicit on cybercrime offenses than the Ghanaian Electronic Transaction Act, 2008. This may be largely because the Nigerian cybercrime law is a more recent legislation than its Ghanaian equivalent.
Republic of Kenya – The Computer Misuse and Cybercrime Act, 2018 (Act No.5)
The Computer Misuse and Cybercrime Act, 2018 (Act No.5) of Kenya provide for offenses that relate to computer systems; to enable timely and effective detection, prohibition, prevention, response, investigation and prosecution of computer and cybercrimes; to facilitate international co-operation in dealing with computer and cybercrime matters; and for related purposes. The Act was assented to on 16th May, 2018 and it became effective from 30th May, 2018.
Sections 14 to 47 of the Act listed the several computer and cybercrime offences criminalized under it. They include:
14. Unauthorized access.
15. Access with intent to commit further offence.
16. Unauthorized interference.
17. Unauthorized interception.
18. Illegal devices and access codes.
19. Unauthorized disclosure of password or access code.
20. Enhanced penalty for offences involving protected computer system.
21. Cyber espionage.
22. False publications.
23. Publication of false information.
24. Child pornography.
139
25. Computer forgery.
26. Computer fraud.
27. Cyber harassment.
28. Cybersquatting.
29. Identity theft and impersonation.
30. Phishing.
31. Interception of electronic messages or money transfers.
32. Willful misdirection of electronic messages.
33. Cyber terrorism.
34. Inducement to deliver electronic message.
35. Intentionally withholding message delivered erroneously.
36. Unlawful destruction of electronic messages.
37. Wrongful distribution of obscene or intimate images.
38. Fraudulent use of electronic data.
39. Issuance of false e-instructions.
40. Reporting of cyber threat.
41. Employee responsibility to relinquish access codes.
42. Aiding or abetting in the commission of an offence.
43. Offences by a body corporate and limitation of liability.
44. Confiscation or forfeiture of assets.
45. Compensation order.
46. Additional penalty for other offences committed through use of a computer system.
There are several similarities between the cybercrime legislation of Kenya and that of Nigeria. For example, Sections 24, 26, 29, 32 and 33 of the Kenyan Computer Misuse and Cybercrimes Act, 2018 criminalized child pornography, computer fraud, identity theft and impersonation, willful misdirection of electronic messages, and cyber terrorism respectively. Similarly, Sections 23, 14, 22, 11, and 18 of the Nigerian Cybercrime
140
(Prohibition, Prevention, Etc.) Act, 2015 criminalized child pornography and related offences, computer related fraud, identity theft and impersonation, willful misdirection of electronic messages, and cyber terrorism respectively. Both legislations are relatively current, even though that of Nigeria was enacted three years earlier. They both capture several emerging patterns of cybercrime.
4.0 CONCLUSION
There are several cybercrime and cybercrime related legislations in Nigeria today. With these legislations especially the Cybercrime (Prohibition, Prevention, Etc.) Act, 2015 law enforcement officers and prosecutors are better equipped to more diligently prosecute cybercriminals in Nigeria. However, cybercrime laws need to be periodically amended or reviewed to accommodate some emerging patterns of cybercrime that were not anticipated when the laws were enacted. This also becomes necessary as cybercrime by its nature is always evolving. There is also the need for relevant law enforcement and regulatory agencies in Nigeria to be fully equipped with the technical knowledge required to detect and effectively enforce these laws. Cybercrime legislations in other African countries are either comprehensive or not explicit enough. This may constitute an impediment to the effective extradition and prosecution of transnational cybercriminals.
Mutual assistance and cooperation among nation-states in the fight against cybercrime may also be hampered.
5.0 SUMMARY
This unit discussed the existing cybercrime legislations in Nigeria. It specifically examined the Cybercrime (Prohibition, Prevention Etc.) Act, 2015, Advance Fee Fraud and Other Fraud Related Offences Act, 2006, The Money Laundering (Amendment) Act, 2012 and the Evidence Act, 2011. It also examined cybercrime legislations in selected African countries namely: South Africa, Ghana and Kenya.
141
6.0 TUTOR-MARKED ASSIGNMENT
Discuss the relevance of the Money Laundering (Amendment) Act, 2012 to cybercrime prosecution in Nigeria.
7.0 REFERENCES/FURTHER READING
Advance Fee Fraud and Other Fraud Related Offences Act, 2006 Cybercrime (Prohibition, Prevention Etc.) Act, 2015
Electronic Communications and Transactions Act 25 of 2002 Electronic Transactions Act, 2008 (Act No.772)
Evidence Act, 2011
Money Laundering (Amendment) Act, 2012
The Computer Misuse and Cybercrime Act, 2018 (Act No.5)
142
UNIT 2 REGIONAL AND INTERNATIONAL CYBERCRIME