#CorporateLeaders #cybercrime #government #law #intellectualproperty
The objective of the Cybercrimes Act which took effect on 5th May 2015 is the protection of critical national infrastructure. This was deduced from the preamble which states: “An Act to provide for the prohibition, prevention, detection, response, investigation and prosecution of cybercrimes; and for other related matters 2015.” Critical national infrastructure includes the promotion of cyber security, protection of computer systems as well as their networks; electronic communication, data and computer programmes, intellectual and privacy rights. The Act no doubt tries to be as encompassing as possible considering that all these vital provisions are found in s. 1 of the Act. It is such a sensitive piece of legislation that national information infrastructure comes under the Presidency and advice of the National Security Adviser. It is an Act that places Nigeria with the global community on the thorny issue of policing the internet. Having localized this duty to the national level it is only a matter of time to see the efficacy of these efforts.
For quite obvious reasons s. 7 of Cybercrimes Act prescribes the registration of Cybercafés with the Corporate Affairs Commission as well as Computer Professionals and Registration Council. Cybercafés shall maintain a register of users through a sign-in register, However, the Act made no provision for sanctions if the section is violated. Cybercafés may be guilty of connivance in the case of crimes committed by users, the proof of which lies with the prosecutor. For instance does connivance include docility on the part of such operators?
Enacted in a strange way s.10 prohibits a crime called “tampering with critical infrastructure”. Those who are likely to commit this offence are local government staff, private organisations or financial institutions with respect to working with any critical national infrastructure, electronic mails when not authorized by the worker’s contract of service. This offence attracts a fine of N2m or 3 years imprisonment on conviction. However, one wonders, why the Act did not use the words “Civil Servants” to extend the net beyond local government workers to all workers in government employment. In effect when any government worker who is not in the employ of the local government commits this offence, a defense may be available that the accused is neither employed by a local government, private company nor financial institution.
The Act in its part IV specifically stipulates the “Duties of Financial Institutions”. S. 37 (3) it provides that; “Any Financial Institution that makes unauthorized debit on a customer’s account shall upon written notification by the customer, provide clear legal authorisation for such debit to the customer, or reverse such debit within 72 hours. Any financial institution that fails to reverse such debit within 72 hours shall be guilty of an offence and liable on conviction to restitution of the debit and a fine of N5m”. How many financial institutions have not breached this provision? Where then lies the efficacy of the Act when s. 19 (3) Cybercrimes Act shifts the burden to the bank customer “to prove the financial institution in question could have done more to safeguard it’s information integrity”. I shall comment further on the experiences of an average beneficiary of the Cybercrimes Act later.
S. 38 states that the duties of service providers include records retention and protection of data, subsection (5) is very apt and reflects the protection available under the law, it states that : “Anyone exercising any function under this section shall have due regard to the individual’s right to privacy under the constitution of the Federal Republic of Nigeria 1999 and shall take appropriate measures to safeguard the confidentiality of the data retained: processed or retrieved for the purpose of law enforcement”. One wonders if such assurances can make a bank customer regard his data as being adequately protected by the bank. S.40 of Cybercrimes Act places an obligation on service providers to render assistance to the law enforcement agencies with their duties to track offenders especially when the alleged crimes were committed. It takes the spirit of a patriotic National Security Adviser which has proved scarce, to comply with these provisions. If not, why have Nigerian GSM network providers not assisted the Federal government in its onslaught against Boko Haram who have been using mobile phones, videos and internet communications without detection.
S. 42 establishes the Cybercrimes Advisory Council to perform various functions and its powers are listed in s. 43 of the Act. S. 44 establishes the “National Cyber Security Fund” which is the Cybercrimes Advisory Council’s major source of revenue, it includes funds from “grants in-aid and assistance from donors, bilateral and multilateral agencies. For an organisation that receives donations one would have expected donor agencies to qualify to attend quarterly meetings of the council stipulated by s. 42 (5) of the Act. But the First Schedule to the Act does not mention that any agency or organization should attend any meeting. Do they not have any interest for the cause for which money is donated? Since the offences under the Act are global and extraditable, giving an option to attend the meetings would have been most appropriate because these organisations have been in the battle longer than developing knowledge economies.
Any attempt to assess the impact of this act would acknowledge the first casualty to be Lagos social media commentators/ bloggers arrested for comments alleged to have breached the provision of s. 24 (2) which provides: “a person who knowingly or intentionally transmits or causes the transmission of any communication through a computer system or network (a) to bully, threaten or harass another person, where such communication places another person in fear of death, violence or bodily harm to another” and “(c) containing any threat to harm the property or reputation of a deceased person, firm, association or corporation, any money or other things of value”. This section punishes an offender on conviction with a fine of N25m, however in the case of paragraph (c) the offender faces the imprisonment of 5 years or minimum of N15m. If this is a preview of the Act, then George Orwell’s book “1984” is about to manifest, because the state would have taken away the freedom of expression guaranteed under the 1999 constitution.
Some commentators have argued that Nigeria’s communication policy does not carry everyone along especially those not conversant with modern information technology. No one can say categorically whether the 8th Assembly is keen on considering the proposed “Nigerian Electronic Communications Bill” which was not passed by the 7th Assembly. One of the provisions, s. 15 (1) criminalizes unsolicited and irritating messages which is common with most communication operators. Indeed a jail term of not less than 1 year or a fine of N2m, as well as a death sentence are imposed. The highest sentence applied to “offenders who commit crimes against the law by penalizing any person who, by means of public electronic communication network, persistently sends a message or other matter that (a) is grossly offensive or causes any such message or matter to be so sent; (in this case telecom operators) or (b) sending electronic messages that are known to be false, and could cause annoyance, inconvenience or needless anxiety to another or cause”.
One of the principal objectives of the passage of Cybercrimes (prohibition, prevention etc) Act 2015 is the protection of critical National Information Infrastructure which may include taxes and levies.
I welcome your opinions, critiques and inquiries. https://wa.link/60jvdu
I remain Ikechukwu Odoemelam l IPlawyer l Copywriter l Author l Digital Marketer l Graphic Designer l Blogger
No comments:
Post a Comment