Challenges of Cybercrime Legislations in Africa

There are several challenges confronting Africa in its quest to effectively establish and enforce of cybercrime legislations. Ndubueze (2019) discussed some of the challenges as follows:

i.) The Slow Pace of Processing Legislations: The process of enacting new legislations in some African countries can be very protracted especially in countries with bi-cameral legislature such as Nigeria. Bills are usually presented and passed in both the upper and lower legislative houses; public hearings are conducted on the bills. Where there are different versions of a bill, they are harmonized, passed by the legislative houses and sent to the President for assent. These processes, though statutory and required to ensure that all relevant stakeholders make necessary inputs to the bill, can be time-consuming. This perhaps explains the delay in passing the first comprehensive cybercrime legislation in Nigeria; Cybercrime (Prohibition, Prevention, etc.) Act, 2015.

ii.) Gaps in Law Enforcement Knowledge/Skills: Arguably, law enforcement have not been able to keep pace with the growing complexity of cybercrime.

Cybercriminals are inventing new ways of bypassing security barriers in networks and systems, but such ingenuity is not replicated by law enforcement.

Law enforcement efforts to combat emerging cybercrimes have, for the most part, being reactive. Marcum (2014) underscores this challenge when she asserts that the most challenging aspect of fighting cybercriminals is that they are often one step ahead of law enforcement in the area of knowledge and skills. A working knowledge of the issues around information and communication technology is required for an effective and efficient establishment and enforcement of cyber crime legislations in Africa. For

153

example, criminal justice professionals require an above average Information and Communication Technology-related security knowledge to satisfactorily enforce cybercrime laws.

iii.) Low Tempo of Enforcement Activities: Enforcement of cybercrime legislations in many African countries seems relatively low. This may be as a result of several factors. First, the reporting rate of cybercrime when compared to offline crimes is low. Again, this may be because of the low level of awareness of cybercrime in the continent. Many Internet users may fall victim of cybercrime without knowing immediately. For example, a person may not know that his/her identity has been stolen online until the perpetrator uses it to commit a crime. Second, due to its technical nature, not so many law enforcement personnel understand some technical provisions in the extant legislations. Third, the process of search and seizure of digital evidence require forensic expertise, a skill that is not so common among law enforcement personnel.

iv.) Security versus Privacy Debate: The dichotomy between security and privacy especially with respect to the use of electronic surveillance remains of the most discussed challenges of policing cybercrime (Nhan and Bachman, 2015). The foregoing holds true for Africa as well. For example in 2015, a draft bill titled “Frivolous Petition Bill” which proposed two years imprisonment, or a fine of $10,000 (N3.6m) or both for anyone who post

“abusive statement” via text message, Twitter, WhatsApp or any other form of social media which passed the second reading in the 8^th Nigerian Senate was withdrawn following public out-cry against it (Punch Newspaper, 2018).

v.) Jurisdictional Issue: It is well acknowledged that jurisdiction is difficult to establish in the cyberspace and this is one of the major challenges of enforcing cybercrime legislation. This is particularly so because African countries, like

154

their counterparts in other continents would normally encounter some difficulty in determining the jurisdiction of cybercrime cases that cut across many countries of the world.

vi.) Extradition Issues: The process of extradition may be tortuous and complicated if the offense for which extradition is sought does not meet the requirement of dual criminality (this means that the offense must be a crime in both concerned countries). This explains why there have been some efforts to address this challenge under the auspices of the African Union. For example, Article 28:2 of the African Union Convention on Cyber Security and Data Protection (2014) provides that:

State parties that do not have agreement on mutual assistance in cybercrime shall undertake to encourage the signing of agreement on mutual legal assistance in conformity with the principle of double criminality, liability, while promoting the exchange of information as well as the efficient sharing of data between the organization of State Parties on a bilateral and multilateral basis.

vii.) Dearth of Cybercrime Research Centres: There is a dearth of cybercrime research centres in Africa when compared to the western world (see, Ndubueze, 2016). The academia and practitioners may be required to make their inputs during public hearings on cybercrime bills. Law makers may require evidence-based, domesticated and well documented research on the cybercrime problem to formulate appropriate legislations that will fit into the peculiarity of each nation-state. But where such research is not sufficiently and readily available, they may be somewhat handicapped. Thus, there is need for African governments to establish and fund cybercrime and cyber security research centres.

155

viii.) Low Regional Response: Overall, there seems to be low response across the spectrum to the problem of cybercrime in Africa. When compared to the developed regions of the world such as America, Australia, Europe and so on, there are not so many conversations going on around the problem of cybercrime. There are not so many regional conferences, seminars, debates, on cybercrimes and criminality. There is no doubt that such activities would ultimately create more awareness on the scope of the problem and underscore the need for more regional cooperation in the efforts to combat it. For example, the African Union Convention on Cyber Security and Personal Data Protection was adopted by the Twenty-third Ordinary Session of the Assembly held in Malabo Equatorial Guinea on 27^th June 2014. However, only 11 countries have signed it as at 5^th February, 2019 (African Union, 2019). This low response will undoubtedly affect the level of cooperation among member states in the establishment and enforcement of cybercrime legislation in Africa.

ix.) Weak Voices in Global Internet Governance: The African Union Commission (2016) has decried the weak voices of Africa in global Internet governance. African needs strong voices in global internet governance as this is critical to the effective enforcement of cybercrime legislations in Africa.