AN APPRAISAL OF THE LEGAL FRAMEWORK OF CYBERCRIME IN NIGERIA
by Deborah in Case Summary
AN APPRAISAL OF THE LEGAL FRAMEWORK OF CYBERCRIME IN NIGERIA
Ms Tomilehin obtained a 1st Class in the Bachelor of Law at the Afe Babalola University and is a Legal Practitioner and member of the Nigerian Bar. She currently practices law at the Law Firm of G.E. Elias. Her contact email is Tomilehin Babafemi email@example.com
This Long Essay is dedicated to the perfect God – the alpha and omega, the author and finisher of life, the omniscience, omnipotent, omnipresent, my all in all, my Father, my strength, my backbone, the rock on whom I stand, the pillar of my life, the only one that creates what other discovers, the Joy of the world, the sender of the comforter, the head of the trinity, and the giver of breath of life.
My utmost acknowledgement goes to my Parents, Pastor Ola Babafemi and Mrs Peju Babafemi for their support, advice and unquantifiable contributions to this project and in my life. The quality of the depth of my gratitude cannot be expressed in words, but just to say a BIG THANK YOU.
My appreciation also goes to Dr. Abdulsalam Ajetunmobi (my supervisor), whose dedication and thoroughness in the area of ‘application of computer to law’ motivated me to research in a topic that falls within the course. And also for his supervision, which did not only make this project a better research paper, but also made me a better person. My special acknowledgment goes to the Provost College of Law, Assoc. Prof Smaranda E. Olarinde for the constant mentorship and guardianship throughout the course of my study.
I am also sincerely grateful to Barrister Ayobami Olaniyan, Barrister Aladejare, Barrister Ifeoluwayimika Bamidele for being there for me always; Barrister Okafor, whose speech always leave me with the renewed zeal to be a better person; Justice Olateru Olagbegi, Barrister Damilola Olawuyi, Barrister Oyeniyi Abe, Barrister Ifeolu Koni and Professor Chris Ohurugu for their constant words of advice.
My special appreciation equally goes to my siblings whom God has blessed me with: My sisters, Joy and Eniola for their unfailing love, and my brother Ibukun Babafemi, who is not only my brother but a friend in million ways. His contributions, especially as a Computer Engineer was of immense importance to the successful completion of this project.
My special gratitude goes to my special friend, Fawehinmi Adeolu, who was a driving force and a source of motivation to the successful completion of this project.
My gratitude also goes to the entire staff of the Law Department and to the Vice-Chancellor of Afe Babalola University, Professor Ajisafe.
My appreciations would not be complete without acknowledging my friends, course mates and everyone who has contributed to the success of this research work in one way or the other. I love you all.
TABLE OF CONTENT
COVER PAGE……………………………………………………………………………. i
TABLE OF CONTENT…………………………………………………………………….vii
TABLES OF CASES………………………………………………………………………..x
TABLE OF STATUTES…………………………………………………………………….xi
CHAPTER ONE: GENERAL INTRODUCTION ……………………………………….1
- RESEARCH QUESTIONS……………………………………………………………….4
- OBJECTIVE OF STUDY………………………………………………………………….4
- DEFINTION OF TERMS…………………………………………………………………5
CHAPTER TWO: CONCEPTUAL ANALYSIS………………………………………….7
2.1 INTRODUCTION …………………………………………………………………………7
2.2.1 CHARACTERISTICS OF CYBERCRIMES……………………………………10
2.2.2 CLASSIFICATION OF CYBERCRIMES………………………………………13
220.127.116.11 COMPUTER RELATED-CRIMES……………………………………………14
18.104.22.168 COMPUTER ENABLED-CRIMES……………………………………………18
2.3 CYBERCRIMES AND OTHER RELATED CONCEPTS…………………………………19
2.3.2 CYBER-ATTACKS ………………………………………………………………19
CHAPTER THREE: INTERNATIONAL LEGAL FRAMEWORK ON CYBERCRIME
3.2 COUNCIL OF EUROPE CONVENTION ON CYBERCRIME (THE CONVENTION)…24
3.2.1 DEFINITIONS PROVIDED BY THE CONVENTION………………………….25
3.2.2 CYBERCRIME OFFENSES PROVIDED BY THE CONVENTION……………25
3.2.3 INVESTIGATIVE PROCEDURES UNDER THE CONVENTION…………….27
3.2.4 INTERNATIONAL COOPERATION UNDER THE CONVENTION………….27
3.3 LEGAL FRAMEWORK ON CYBERCRIME IN CANADA……………………………..28
3.4 LEGAL FRAMEWORK ON CYBERCRIME IN UNITED STATES OF AMERICA ……31
3.5 ENGLAND LEGAL FRAMEWORK ON CYBERCRIME…………………………………38
CHAPTER FOUR: LEGAL FRAMEWORK ON CYBERCRIME IN NIGERIA……41
4.2 LEGISLATION REGULATING CYBERCRIMES IN NIGERIA………………………42
4.2.1 ECONOMIC AND FINANCIAL CRIMES COMMISSION (ESTABLISHMENT) ACT……………………………………………………………………………………42
4.2.2 ADVANCED FEE FRAUD AND OTHER FRAUD RELATED OFFENCES ACT………………………………………………………………………………………44
4.2.3 MONEY LAUNDERING (PROHIBITION) ACT……………………………….45
4.2.4 CRIMINAL CODE…………………………………………………………………46
4.2.5 NIGERIAN EVIDENCE ACT……………………………………………………49
4.2.6 CYBERCRIME ACT……………………………………………………………51
4.3 INSTITUTIONS REGULATING CYBERCRIME IN NIGERIA……………………….56
4.3.1 ECONOMIC AND FINANCIAL CRIMES COMMISSION (EFCC)…………56
22.214.171.124 NIGERIAN FINANCIAL INTELLIGENCE UNIT (NFIU)…………57
4.3.2 NIGERIAN CYBERCRIME WORKING GROUP (NCWG)…………………..58
4.4 COMPARATIVE ANALYSIS OF THE NIGERIAN LEGAL FRAMEWORK ON CYBERCRIME WITH OTHER JURISDICTIONS…………………………………………….58
CHAPTER FIVE: SUMMARY, RECOMMENDATIONS AND CONCLUSION…………………………………………………………………………………62
TABLE OF CASES
- ABRAHAM V. COUNTY OF GREENVILLE, (2001) 237, FEDERAL REPORTER, 3RDSERIES 386
- ESSO WEST AFRICA INC. V. T. OYEGBOLA (1969) NIGERIAN MONTHLY LAW REPORT 194
- FEDERAL REPUBLIC OF NIGERIA V. CHIEF EMMANUEL & ORS SUIT NO: CA/245/05
- PEAVY V. HARMAN, (1999) 37 FEDERAL SUPPLEMENT, 2NDSERIES 495
- R V. JOHN ERIC SPIBY (1991) CRIMINAL APPEAL REVIEW, 199
- REGINA V. STEWART (1983) 42 ONTARIO REPORTS. 2D 225
- TURNER AND THE QUEEN (1984) 13 CANADIAN CRIMINAL CASES 3D 430
- UNITED STATES V. VILLANUEVA, (1998) 32 FEDERAL SUPPLEMENT, 2NDSERIES 635
- UNITED STATES V. PERVAZ, (1997) FEDERAL SUPPLEMENT, THIRD SERIES 118
TABLE OF STATUTES
- COUNCIL OF EUROPE CONVENTION ON CYBERCRIME
- ADVANCED FEE FRAUD AND OTHER FRAUD RELATED OFFENCES ACT CAP A6, LFN 2010
- CONSTITUTION OF THE FEDERAL REPUBLIC OF NIGERIAN CAP C23, LFN 2010
- CRIMINAL CODE CAP C38, LFN 2010
- CYBERCRIME ACT 2015
- ECONOMIC AND FINANCIAL CRIMES COMMISSION (ESTABLISHMENT) ACT CAP E1, LFN 2010
- EVIDENCE ACT 2011
- MONEY LAUNDERING (PROHIBITION) ACT CAP. M18, LFN 2010
CRIMINAL CODE, REVISED STATUTES OF CANADA, 1985
- CONTROLLING THE ASSAULT OF NON-SOLICITED PORNOGRAPHY AND MARKETING ACT 2003
- COMPUTER FRAUD AND ABUSE ACT 1986
- IDENTITY THEFT AND ASSUMPTION DETERENCE ACT 1998
- ELECTRONIC COMMUNICATIONS PRIVACY ACT 1986
- WIRETAP ACT 1986
- COMPUTER MISUSE ACT 1990
- COPYRIGHT, DESIGNS AND PATENT ACT 1998
- CRIMINAL JUSTICE ACT 1988
- OBSCENE PUBLICATIONS ACT 1964
- POLICE AND JUSTICE ACT 2006
- PROTECTION OF CHILDREN ACT 1978
- PUBLIC ORDER ACT 1986
- RACIAL AND RELIGIOUS HATRED ACT 2006
- TELECOMMUNICATIONS ACT 1984
CAN-SPAM Act….Controlling the Assault of Non-Solicited Pornography and Marketing Act
CCIRC……………Canadian Cyber Incident Response Centre
CDPA ……………Copyrights, Designs and Patents Act
CFAA …………….Computer Fraud and Abuse Act
CMA ………………Computer Misuse Act
COE ……………….Council of Europe
ECOWAS………….Economic Community of West African States
EFCC ………………Economic and Financial Crimes Commission
GSM ………………Global System for Mobile Communications
IBID ……………….Same as above
ICT …………………Information and Communication Technology
IOSCO………………International Organization of Securities Commissions
ITU…………………..International Telecommunications Union
NCWG ………………Nigerian Cybercrime Working Group
NFIU ……………….Nigerian Financial Intelligence Unit
LFN …………………Laws of the Federation of Nigeria
- ………… …Previously Cited
OCIPEP ……………Office of Critical Infrastructure Protection and Emergency Preparedness
UNODC ……………. United Nation on Drugs and Crime
Cybercrimes refer to crimes committed by individuals using computers and internet. With the arrival of Information Communication and Technology (ICT), the world has now become a digital word. The advent of this technology has made communication and economic transactions easier. Notwithstanding the advantages, the development of the internet and the widened access to computer technology has not only granted new opportunities for economic activities, but has also created opportunities for those involved in illegal activities. The flourishing connection between organized crimes and the internet has increased the insecurity of the digital world. Consequently, legislatures have been struggling to redefine laws that fit crimes committed by cyber criminals. This research work reveals that the legal framework regulating cybercrime in Nigeria is not effective enough. This research work further reveals that law enforcement agencies cannot on their own combat cybercrime. This research work further identifies certain loopholes in the Cybercrime Act that needs to be remedied. The researcher recommends among others, that the information technology professionals should get involved at the investigative level as consultants to law enforcement agencies.
Keywords: Cybercrime, Internet
With the advancement of technology in this 21st century, the world has now become more or less a digital world. Technology has brought together nations and the world has now become a global village. The economy of most nations in the world is accessible through the aid of electronic via the internet. The arrival of Information Communication and Technology (ICT) into many aspects of everyday life has led to the development of the modern concept of the information society. Currently, there are nearly 2 billion internet users and over 5 billion mobile phone connections worldwide. According to a report given by the International Telecommunications Union (ITU), as at 2011, there were more than 45 million internet users in Nigeria, which is 26.5% of the population.
We continue to live in the information Age-an age where our economy’s greatest assets are not steel and coal, but ideas and their practical applications. The economic activities and national security depend largely on a secured cyberspace. Through cyberspace, one is able to communicate with virtually everyone in the world and economic transactions have now become relatively easier. Goods and services are routinely purchased and delivered electronically leading to significant changes in industries like journalism, travel and banking.
Notwithstanding these advantages, it is through this same cyberspace that the economy, privacy and social interactions have become unsecured. The growing convenience of the cyberspace comes at a cost. The development of the internet and the widened access to computer technology has not only granted new opportunities for economic activities, but has also created opportunities for those involved in illegal activities. The flourishing connection between organised crimes and the internet has increased the insecurity of the digital world. The arrival of the internet has been pointed as the remote cause for lots of ingenious crimes hitherto unknown to our criminal law like the online credit card scheme. Some scholars have interestingly argued that ‘in the internet nobody knows you are a dog’. Internet connected activities are susceptible to crime and can lead to victimization as effectively as common physical crime.
As a result of this development, criminal and other harmful acts aimed at computers – so called ‘cyber-crimes’ are on the rise. Crimes like online fraud and hacking attacks are just some example of cybercrimes that are committed in a very large form every day. The internet has now created a fertile ground for false pretences, fraud and other fraud related crime. And one reason why the issue of cybercrime remains challenging is the constant technical development, and also the changing means and ways in which the offences are committed. Cybercrimes have been described as one of the fastest growing criminal activities on the planet. Cybercrimes range from content-related offences, copyright and trademark related offences, computer-related offences, offences against the confidentiality, integrity and availability of computer data and systems
In Nigeria today, many internet assisted crimes are committed daily in various forms such as identity theft, desktop counterfeiting, cyber harassment, fraudulent electronic mails, Automated Teller Machine spoofing, pornography, piracy, hacking, phishing and spamming. Some perpetrators of the online fraud in Nigeria usually referred to as ‘yahoo boys’ are taking advantage of e-commerce system available on the internet to defraud unsuspected victims. To underscore the high rate of cybercrime in Nigeria, Nigeria is the third jurisdiction after China and United States of America, where the world records the highest number of cybercrimes.
The increasing rates of cyber crime in the society have now become a strong threat to Nigeria’s e-commerce growth and the security of Nigeria as a whole. Thus, giving rise to the imperative need for a very efficient legal framework on cybercrimes in Nigeria.
1.2 RESEARCH QUESTIONS
According to a survey that was conducted in 2010, it was indicated that Nigeria is the most internet fraudulent country in Africa, and occupies the number three position in the worldwide cybercrime trends index. Nigeria is a country that has suffered a major blow as a result of the effects of cybercrime in the country. This has not only affected the security of human lives but has also affected the economy of the country.
Therefore, there is need for the following questions to be answered:
- Is there a present legal framework on cybercrime in Nigeria?
- If there is a present legal framework, how effective is the present legal framework in combating and preventing cybercrime in Nigeria?
- How effective is the legal framework in combating and preventing cybercrime in Nigeria in comparison with other progressive jurisdictions like United States of America (USA), United Kingdom (UK), and Canada?
- OBJECTIVE OF THE STUDY
- To ascertain the effectiveness of the present legal framework on cybercrime in Nigeria
- To comparatively appraise the situation in Nigeria with other jurisdictions with developed legal regime on cybercrime
- To proffer recommendations and solutions to identified problems and loopholes.
The methodology for this research project is qualitative analysis rather than quantitative. The main authoritative sources of the work would be legislation, Journal articles and Textbooks. The research would also make use of comparative appraisal by comparing the Nigerian jurisdiction with the jurisdiction of other developed countries.
DEFINITION OF TERMS
Cyber: involving, using or relating to computers especially the internet.
Crime: An act that the law makes punishable; the breach of a legal duty treated as the subject-matter of a criminal proceeding
Cybercrime: A crime involving the use of a computer, such as sabotaging or stealing electronically stored data.
Cyberspace: This is a general network which connects other gadgets and equipments to each other, and where necessary, to the internet.
Computer: An electronic machine which is used for storing, organizing and finding words, numbers and pictures, for doing calculations and for controlling others machines.
Digital: This is information, music, an image, etc. that is recorded or broadcasted using computer technology.
Internet: The large system of connected computers around the world which allows people to share information and communicate with each other.
Network: A large system consisting of many similar parts that are connected together, to allow movement or communications between or along the parts; or between the part and a control centre.
CYBERCRIME: CONCEPTUAL ANALYSIS
The previous chapter of this work discussed the background information to this work, gave the research questions that the work seeks to answer, the objectives of the study, etc. This present chapter seeks to give a conceptual analysis on ‘cybercrime’. The chapter is divided into five parts. The first part seeks to define cybercrime, the second part would delineate the characteristics of cybercrimes and how it is distinct from traditional crimes. The third part would discuss the different classifications of cybercrime. The fourth part would discuss cybercrime and other related concepts. And the last part would give the conclusion to this chapter
There has been a great dispute among scholars and experts on just what constitutes a cybercrime or a computer-related crime. A universal agreed-upon definition of cybercrime does not exist. At the basic level of analysis, there is no discernible control mechanism in place in so far as terminology is concerned. Thus, one might speak of ‘cybercrime’, ‘high tech crime’, ‘computer crime’, ‘technology crime’, ‘digital crime’ and ‘IT crime’ and be discussing the same and/or different concepts, respectively. Consequently, the term ‘cybercrime’ has rapidly become a generic descriptor for any online wrongdoing (whatever the relative differences in complexity and seriousness) ranging from spam emails and denial of service attacks to malware. Also, it has become especially common when dealing with computers to coin new words simply by placing the word ‘cyber’ ‘computer’, or ‘information’ before another word. Thus, this has led to creation of confusion among the related yet different concepts.
Nevertheless, cybercrime has been described as any activity in which computers or networks are a tool, a target or a place of criminal activity. But the problem with this definition is that it is too broad. For example, if one uses a keyboard to commit battery, it does not mean that a cybercriminal act has been committed. Also, according to the National Crime Prevention Council, cybercrime is any activity involving computers and networks. This definition is not very explicit because ‘any activity’ could also include an activity that is legal.
Computer crime has also been referred to as a crime where a computer system itself is the target. This definition is too narrow. Some cyber-crimes do not involve a computer system being the target of the operation. Sometimes, the computer system could just be a mere instrument in the commission of the crime. Another scholar defines computer crime as any violation of criminal law that involves knowledge of computer technology for its perpetration, investigation, or prosecution. Knowledge of computer technology is always but not necessarily needed for the commission of computer crime. Crimes like child pornography do not necessarily require knowledge of computer technology.
According to Sean Hoar, cybercrime is defined as a crime committed on a computer network, especially the internet. Loader also opines that, cybercrimes are computer-mediated activities which are either illegal or considered illicit by certain parties and which can be conducted through global electronic networks. This definition is quite flawed in the sense that cybercrimes are not always conducted through global electronic networks. Cybercrimes, like hacking, do not require global electronic networks for them to be perpetrated.
Furthermore, it has been argued that cybercrimes can either be defined in narrow terms or in broad terms. During the 10th United Nations Congress on the Prevention of Crime and the Treatment of Offenders, two definitions in terms of narrow and broad sense were developed. Cybercrime in a narrow sense was defined as any illegal behaviour directed by means of electronic operations that target the security of computer systems and the data processed by them. While cybercrime in a broader sense (computer-related crimes) is any illegal behaviour committed by means of, or in relation to, a computer system or network, including such crimes as illegal possession and offering or distributing information by means of a computer system or network.
The USA department of Justice in its Criminal Justice Resource Manual defines computer related crime as ‘any illegal act for which knowledge of computer technology is essential for successful prosecution. Sood also opines that cybercrime is crime that requires a computer, a network, and a human interface.
Toby Finnie defines cybercrime as any criminal offense that is committed or facilitated through the use of the communication capabilities of computers and computer systems. The IOSCO Research Department tentatively defines cybercrime as a harmful activity, executed by one group (including both grassroots groups or nationally coordinated groups) through computers, IT systems and/or the internet and targeting the computers, IT infrastructure and internet presence of another entity.
It is in the opinion of this writer that cybercrime is synonymous with computer crime and can be defined as the crime that is committed through a computer or computer network or crime that is targeted towards a computer system or data or a crime that is perpetrated through the use of a computer network.
2.2.1 CHARACTERISTICS OF CYBERCRIMES
There is need to identify the substantive and substantial characteristics of cybercrime, in order to show that it is a distinct phenomenon from what is known as traditional crimes. If the substantive and substantial differences between cybercrimes and traditional crimes can be identified, one would be able to show how and why these differences are actually realized when the criminal act takes place and define a category of cybercrime. However, if one is unable to determine distinct material differences between cybercrimes and traditional crimes, then the conclusion would be that cybercrimes and traditional crimes are indeed not distinct categories, and that cybercrimes are simply a variation of the existing criminal environment attracting no special need for change to the law or legal process.
One way of viewing cybercrimes is that they are digital versions of traditional offenses. It seems as though many cybercrimes could be considered traditional, or real world, crimes if not for the incorporated element of virtual or cyberspace. The notion of location as it relates to cybercrime involves both the physical and digital domains. The relatively clear borders and locations within the physical world, however, do not exist in the virtual realm.
One nature of cybercrime is that they are crimes that are always specific to cyberspace. Cyberspace has been defined as ‘the interdependent network of information technology infrastructures, and includes the internet telecommunications networks, computer system, and embedded processors and controllers in critical industries.’ In other words, cyberspace is the virtual environment of information and interactions between people. It should be noted that criminal actors do not exist in cyberspace. Rather, they exist in the physical world and their actions traverse the real world as well as cyberspace, impacting victims in the real world. Thus, criminals may act through cyberspace as an environment to carry out malicious activities, but they and their victims remain in the physical world.
According to certain scholars, an act is only a cyber crime when a non-state actor commits an act that is criminalized under state or international law. Another characteristic of cyber crime is that there is not always a crime scene in the traditional sense, as opposed to real-world crime. More often than not, for computer crimes, evidence is scattered over several locations, including the computer the offender used, the victim’s computer and the several computers and computer servers the offender used to accomplish the offense. Perpetrators of cybercrime use computers to cross national boundaries electronically, thus complicating investigations. Furthermore, the evidence of these crimes is neither physical nor human but, if the evidence exists, it is little more than electronic impulses and programming codes.
It should also be noted that computer crime is not a discrete type of crime, such as kidnapping or rape. Computer crime denotes the use of computer technology to achieve illegal ends. Cyber crime can involve criminal activities that are traditional in nature, such as theft, fraud, forgery, defamation and mischief, all of which are already subject to the Criminal Code. Cyber crime is a borderless crime. The offender does not have to be at the same location with the victim to attack the victim’s computer or property. Thus, the constraints that affect real-world criminal do not necessarily affect perpetrators of cybercrime.
2.2.2 CLASSIFICATION OF CYBER CRIMES
Some scholars have classified cybercrimes into three categories which are crimes against the person, property and the government. Under this classification, cyber crimes against person include various crimes like harassment of any one with the use of a computer such as e-mail phishing, distribution, posting and dissemination of obscene materials among others. Cyber crimes against property include cyber crimes against all forms of property. These crimes include computer vandalism, transmission of harmful programmes such as virus or denial of the entire service. Under the third category, which is cyber crimes against government, cyber terrorism is seen as a distinct kind of crime in this category. This is the use of cyberspace by individuals and groups in threatening the international governments as also to terrorize the citizens of a country.
While according to another scholar, cybercrimes can be classified into four major categories and they are cyber crime against individuals, cybercrime against property, cybercrime against organization and cybercrime against society. Poonia also follows the previous scholar’s classifications and classifies cyber crime into four categories.
Another scholar has classified computer crimes into two main categories. The first are traditional crimes, where the use of computer is not intrinsic to the crime itself, but is simply a tool used to commit an offence. For example, a case when a computer is used to send blackmailing messages to a victim, rather than the use of a letter. The second category is computer-specific crimes such as hacking, modification of computer data etc.
Another scholar has also divided cyber-crime into three categories. The first includes crime where a computer is the target of the crime, the second involves crimes where a computer is a tool of the crime, and crimes where a computer is incidental.
Another classification can be found in the Convention on Cybercrime, which distinguishes between four different types of offences: offences against the confidentiality, integrity and availability of computer data and systems, computer-related offences, content-related offences and copyright-related offences. It has been argued that this classification is not wholly consistent, as it is not based on a sole criterion to differentiate between categories. While the first one focuses on the object of legal protection, the remaining three categories focus on the object of the crime.
Computer crime has also been divided into two types of unlawful activity. The first type is computer-related crime which consists of conducts that targets a computer or a computer system and the second category is computer-enabled crime, which involves a computer being used as an ‘instrument’ to commit traditional crimes. The aforementioned classification would be used in this work.
- COMPUTER RELATED-CRIMES
Phishing has been described as a form of social engineering in which an attacker, also known as a phisher, attempts to fraudulently retrieve legitimate users’ confidential or sensitive credentials by mimicking electronic communications from a trustworthy or public organization in an automated fashion. It describes acts that are carried out to make victims disclose personal/secret information.
It has been defined as a kind of malicious attack where cybercriminals create a fake website – meant to look like a popular online resource (a social network, online banking services, or online games) and use various social engineering methods to attempt to lure users to the website. This aforementioned definition can be said to be too restrictive, as it only covers one of the various ways by which phishing attacks can be carried out. However, the email-phishing contains three phases. In the first phase, offenders identify legitimate companies offering online services and electronically communicating with customers whom they can target. An example is financial institutions. The second phase consists of the offenders sending out a large number of fraudulent emails, which direct users to fraudulent websites, resembling the legitimate websites the last phase consists of the offenders using the confidential information typed in by the victims to achieve a pay-out.
Hacking can be defined ‘as gaining unauthorized access to a computer system either for the purpose of exploration or for causing damage once inside. This involves using technology to gain unauthorized access to a computer system, program, or data.
Illegal interception describes the act performed by offenders which involves intercepting communications between users (such as e-mails) or other forms of data transfers (when users upload data onto web-servers or access-web based external storage media) in order to record the information exchanged.
- CYBER-STALKING AND ONLINE HARASSMENT
Cyber-stalking and online harassment are two related terms albeit still distinct. Online harassment can take different forms. A direct form of internet harassment may involve the sending of unwanted e-mails which are abusive, threatening or obscene from one person to another. Another form may involve electronic sabotage, by sending the victim hundreds or thousands of junk e-mail messages (commonly known as spamming) and could include sending computer viruses. The third form occurs in live internet relay chat sessions, message boards or news groups or by way of instant messaging.
Online harassment is distinct from cyberstalking. There is no single accepted definition of cyberstalking. But cyberstalking refers ‘to the use of the internet, e-mail or other electronic devices to pursue another person’. Cyberstalking also refers ‘to the use of electronic communications or tracking technologies to pursue another person repeatedly to the point of inducing fear’. This occurs where an individual follows or make continuous attempt to contact someone through the internet. Online harassment is distinct from cyberstalking by the fact that cyberstalking is characterized by pursuit and fear.
These are computer software programmes that are deliberately designed to facilitate or allow interference with a computer system. They may damage programs or delete files or just replicate and thereby take up space on a hard drive.
Cyber-squatting has been described as an act which occurs when an individual or a corporation registers a domain name that is spelled the same as a pre-existing trademark, and demands money from the trademark owner before the registrant will release the domain name. Cybersquatters have also been characterized as ‘individuals who attempt to profit from the internet by reserving and later reselling or licensing domain names back to the companies that spent millions of dollars developing the goodwill of the trademark’ It should be noted that individuals who register names similar with trademarks differ in character. There are the innocent characters that are not guilty of cybersquatting. These innocent characters register the domain name based on some unrelated interest in the word itself, without intending harm to a trademark owner. The other character of cybersquatters who are the guilty ones are ransom grabbers and competitor grabbers. Ransom grabbers are the paradigmatic cybersquatters; they strategically register trademarks as domain names with the aim to sell it to the legitimate trademark holders. Competitor grabbers are individuals or corporations that register a domain name corresponding to a competitor‘s trademark in order to sell their own goods on it or merely to hinder the legitimate trademark holder’s use of the domain name.
- COMPUTER-ENABLED CRIMES
- CHILD PORNOGRAPHY
This crime is majorly committed in two ways. The first is by sharing child pornography over the internet and the second is by using a computer to entice children into meetings for illicit sexual encounters.
- COMPUTER RELATED FRAUD
Computer-related fraud has been described as one of the most popular crimes on the internet. This crime entails the offender using an automation and software tools to mask criminals’ identities. The large volume of information stored on the internet makes the networked computer a natural fit for the commission of fraud.
- CYBERCRIMES AND OTHER RELATED CONCEPTS
Cybercrime is a wide concept that covers all crimes committed through computer networks. Related concepts like cyber-attack, cyber-warfare and cyber-terrorism are among the crimes covered by cybercrimes. Often these related concepts are used interchangeably, a fact which brings confusion to people unfamiliar with details on that matter.
Just as it is with the case of cybercrime, there is no universally accepted definition of cyber-attack. One definition of cyber attack given by a scholar is that ‘a cyber-attack consists of any action taken to undermine the functions of a computer network for a political or national security purpose’. This definition pinpoints two basic peculiarities of cyber-attack. The objectives of a cyber-attack must be to undermine the function of a computer network, while also having a political or national security purpose.
A cyber-attack can include hacking, virus infection among others, but the objective can only be to undermine or disrupt the function of a computer. However, computer crimes that are not carried out for a political or national security purpose, such as internet fraud, identity theft, and intellectual property piracy do not fit the requirements of a cyber-attack though they are cybercrimes. The thin line drawn between cybercrime as a broad concept and cyber-attack is synonymous to the line drawn between violent crime and terrorism.
A typical example of a cyber-activity that is a cybercrime, but not a cyber-attack would be given here. Consider a bank data hacker, who succeeds to undermine the bank’s online account system but whose only purpose is economic gain. This would constitute a cybercrime, but not a cyber attack. The reason is because the cyber-activity had no political or national security purpose, even though the act undermined the computer network of the bank. While a cyber-activity may constitute only cyber-attack, a major proportion of cybercrimes are also cyber-attacks. An example can be seen where a non-state actor commits an illegal act by means of a computer network, undermines a computer network, and has a political or national security purpose. Consider this scenario, where ‘boko haram’ hacked into the Nigeria government’s State Department Server, out of hatred for the Nigerian government. This scenario would fall within both the category of cybercrime and the category of cyber-attack given that a non-state actor committed the act, for a political or national security purpose, and it undermined a computer network.
Thus, though all acts of cyber-attacks are acts of cyber-crime, not all acts of cybercrime are acts of cyber-attack.
Cyber-warfare is substantially different from cybercrime as a whole, but unfortunately, computer networking technology has also blurred the boundaries between cyber-warfare and cybercrime. Cyber-warfare according to a scholar, is a cyber-activity which consist of any action taken to undermine the functions of a computer network for a political or national security purpose, of which the effects must be equivalent to an ‘armed attack’ or activity must occur in the context of armed conflict. From this definition, it can be seen that cyber-warfare always meets the conditions of cyber-attacks. The element that differentiates it from cyber-attack is that the effect of the cyber-activity must also be equivalent to an ‘armed attack’ or the activity must occur in the context of armed conflict. Cyber-warfare is also a distinct concept because cyber-warfare must also constitute a cyber-attack. But it should be stated here, that cyber-warfare can also constitute both cyber-attack and cybercrime.
Cyber-terrorism has been defined as the convergence of cyberspace and terrorism. It refers to the unlawful attacks and threats of attack against computers, networks and the information stored therein when done to intimidate or coerce a government or its people in furtherance of political or social objectives. Further to qualify as cyber-terrorism, an attack should result in violence against persons or property, or at least cause enough harm to generate fear.
The distinction between cybercrime and other cyber-based malicious acts such as cyber-terrorism is the actor’s motivation or intent. Cyber criminals can exhibit a wide range of self interests, deriving profit, notoriety, and/or gratification from activities such as hacking, cyber stalking, and online child pornography. Thus, without knowing the criminal intent or motivation, activities of cyber criminals may appear on the surface to be similar, thereby causing confusion as to whether a particular action should be categorized as cybercrime or not. It has been noted that the speed and anonymity of cyber attacks makes distinguishing among the actions of terrorists, criminals, and nation states difficult, a task which often occurs only after the fact, if at all.
This chapter has dealt with the review of literature in the purview of cybercrime as a broad concept. And cybercrime is synonymous with computer crime, and can be defined as the crime that is committed through a computer or computer network or a crime that is targeted towards a computer system or computer data. The next chapter would discuss the international legal framework regulating cybercrime.
INTERNATIONAL LEGAL FRAMEWORK ON CYBERCRIME
As a result of the nature of cybercrimes and an undeveloped national legal framework on the topic, cybercrimes often occur internationally. Cybercrime legislation is plagued by a lack of geographically based jurisdictional boundaries. As Professor James Boyle noted, if the King’s writ reaches only as far as the King’s sword, then much of the content on the internet might be presumed to be free from the regulation of any particular sovereign. For instance, cyber criminals across the United States and Europe were indicted by a federal grand jury in May, 2000 for allegedly conspiring to infringe the copyright of more than 5000 computer software programs. These programs were made available through a hidden internet site located at a university in Quebec, Canada.
The jurisdictional problem of cybercrime manifests itself in three ways: (i) lack of criminal statutes; (ii) lack of procedural powers; (iii) lack of enforceable mutual assistance provisions with foreign states. The aim of this chapter is to discuss the international legal framework on cybercrime using the ‘convention on cybercrime’ and the legal framework on cybercrime in other foreign jurisdictions specifically, USA, UK and Canada.
3.2 COUNCIL OF EUROPE CONVENTION ON CYBERCRIME
The Council of Europe convention on cybercrime (or simply called, Convention on Cybercrime) is the leading international convention designed to combat computer technology attacks. It was drafted by the forty-one nation Council of Europe in Strasbourg, France. The convention was signed in Budapest in 2001 and entered into force in 2004. It was developed in response to a growing concern about the inadequacy of legislation criminalizing certain activities occurring over computer networks.
This is an important international legislation because it binds countries in the same way as a treaty. The duty of a state to perform its obligations under a treaty is clearly provided for in Article 26 of the Vienna Convention on Law of Treaties which provides for the ‘pacta sunt servanda principle; every treaty in force is binding upon the parties to it and must be performed by them in good faith’. Treaties are the only machinery that exist for adapting international law to new conditions and strengthening the force of a rule of law between states.
The convention aims mainly at (i) harmonizing the domestic criminal substantive law elements of offences and connected provisions in the area of cybercrime. (ii)providing for domestic criminal procedural law powers necessary for the investigation and prosecution of such offences as well as other offences committed by means of a computer system or evidence in relation to which is in electronic form (iii) setting up a fast and effective regime of international co-operation.
3.2.1 DEFINITIONS PROVIDED BY THE CONVENTION
Article 1 of the convention provides for definitions to four terms that are important to the treaty. The treaty first defines ‘computer system’ as a device consisting of hardware and software developed for automatic processing of digital data. On the second term, ‘computer data’, it provides that the data must be ‘in such a form that it can be directly processed by the computer system.’ In other words, the data must be electronic or in some other directly processable form. The third term ‘service provider’ includes a wide category of entities that play particular roles ‘with regard to communication or processing of data on computer systems.’ This definition not only includes public or private entities, but it also extends to include ‘those entities that store or otherwise process data on behalf of’ public or private entities.
3.2.2. CYBERCRIMES PROVIDED BY THE CONVENTION
The convention requires parties (that is, ratifying states) to ‘adopt such legislative and other measured as may be necessary to establish as criminal offences under its domestic law, when committed intentionally, aiding or abetting the commission of any offences against the confidentiality, integrity and availability of computer data and systems and offences related to infringements of copyright and related rights with intent that such offence be committed.’
By virtue of Article 11, it is required for the ratifying states to obey the convention in good faith and domesticate all the substantive crimes prescribed in the convention. The crimes provided by the convention include:
- The access to the whole or any part of a computer system without right with the intent of obtaining computer data or other dishonest intent, or in relation to a computer system that is connected to another computer system. The term ‘without right’ is meant to ‘refer to conduct undertaken without authority (whether legislative, executive, administrative, judicial, contractual or consensual) or conduct that is otherwise not covered by established by legal defences, excuses, justifications or relevant principles under domestic law’. Thus where is an authority to obtain such computer data or access the computer system, this provision will not apply.
- The interception without right, made by technical means, of non-public transmissions of computer data to, from or within a computer system, including electromagnetic emissions from a computer system carrying such computer data
- The damaging, deletion, deterioration, alteration or suppression of computer data without right, though the convention provides that a party may reserve the right to require that the conduct results in serious harm.This provision could be used to prosecute criminal acts that involve the use of malicious malwares and viruses for the destruction of computer data.
- The serious hindering without the right of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data.This provision could also be used to prosecute criminal acts that involve the use of malicious malwares and viruses for the destruction and damage of computer systems.
Other offences provided by the convention include misuse of devices, computer-related forgery, computer-related fraud, offences related to child pornography, offences related to infringements of copyright and related rights.
3.2.3 INVESTIGATIVE PROCEDURES
The second main part of the Convention requires Parties to enact certain procedural mechanisms and procedures to facilitate the investigation of cybercrime or any crimes committed with a computer or for which evidence may be found in ‘electronic form’. The provisions in this part require ratifying states to ‘adopt such legislative and other measures as may be necessary’ for the empowerment and enablement of its authorities to carry out the necessary investigations in relation the crimes provided by the Convention.
3.2.4 INTERNATIONAL COOPERATION
The third principal part of the Convention sets out mechanisms by which parties to the convention will assist each other in investigating cybercrimes and other crimes involving electronic evidence.
3.3. LEGAL FRAMEWORK ON CYBERCRIME IN CANADA
Canada was one of the first countries to enact criminal laws in the area of computer crime. According to a study by a United Nations-sponsored network of internet policy officials, Canada is ahead of nearly two-thirds of the 52 countries surveyed in enacting laws to crack down on cybercrimes.
Canada is a signatory to the Convention on Cybercrime. It requires that each state party prosecute cybercrimes committed within its territory. This translates that a country could claim territorial jurisdiction in a case where the computer system attacked is on its territory, even if the perpetrator of the attack is not.
One of the major challenges faced by legal authorities is the difficulty of applying existing legislation to criminal activities involving new technologies. Legislation in this area is confronted with the protecting internet users without placing unnecessary restrictions on the trans-border flow of data. Existing law has been used and amended to deal with criminal misuse of information technology. The general philosophy is that, it did not matter whether a computer was used to commit a crime; the crime is still the same. The Criminal Code of Canada, as last amended at 2005 makes provisions of crimes relating to the use of computer and computer networks.
In Canada, a crime is a computer if it falls under Section 430 or 342.1 of the Canadian Criminal Code that is where a computer or data is object of the crime. The code makes provision for mischief in relation to computer data. It provides for computer sabotage which include destruction of hardware, erasure or alteration of data, logic bombs. The Section provides that everyone commits mischief who willfully destroys or alters computer data; renders computer data meaningless, useless or ineffective; obstructs, interrupts or interferes with the lawful use of computer data or obstructs, interrupts or interferes with a person in the lawful use of computer data or denies access to computer data to a person who is entitled to access to it is liable to imprisonment for life if the mischief committed caused actual danger to life or to a term of ten years or two years depending on the degree of crime committed.
Thus under Section 430(1.1), an offence occurs when viruses are used to cause mischief to data. Under the code, there is no law expressly prohibiting the creation or dissemination of computer viruses. Although under Section 430(5.1) of the criminal code, distribution of virus might constitute an offence even if the virus has yet to be activated. The Section provides for that an act or omission is an offence if that act or omission is likely to constitute mischief causing actual danger to life, or to constitute mischief in relation to property or computer data.
The Criminal Code also provides for computer fraud and other economic crimes. These include misuse of credit or bank cards, breach of trust or abuse of confidence, forgery and related offences. Canadian courts have held that anything that can be considered property can be the object of theft or fraud. In the case of Regina v. Stewart, the Ontario Court of Appeal held that copying a confidential list of hotel union employees from a computer printout constituted theft of property. In the most recent Canadian case involving computer-related crime, Turner and the Queen, the Ontario High Court reconciled the absence of Parliamentary action with judicial expansion of the definition of property. In Turner, the defendants had accessed computer tapes and tampered with the program stored on the tapes so that other users were unable to use the program without first obtaining the new program code. The court found that the defendants, by their actions, had interfered with the retrieval of data off the tape, making it impossible for other users to process their work. If the Turner case is followed, Canadian courts will treat alteration or destruction of computer data specifically as an interference with property.
The code also makes provision for fraud in relation to computer, by penalizing acts which involves a person falsely representing himself as having the authority to access an account. Also, it is an offence for a person to falsely assume the identity of a lawful user. The code also creates the offence of dishonest acquisition of computer services and provides that where services are acquired fraudulently and without right, directly or indirectly, then a crime is committed.
Combating cybercrime in Canada comes under the jurisdiction of the Office of Critical Infrastructure Protection and Emergency Preparedness (OCIPEP) a division of Public Safety Canada. Under the OCIPEP umbrella is the Cyber Security division responsible for the Canadian Cyber Incident Response Centre (CCIRC), Canadian Cyber Incident Response Centre Partners, Cyber Security Technical Advice and Guidance, and Cyber Security in the Canadian Federal Government. OCIPEP facilitates communication and networking amongst Canadian organizations and businesses, provides updates and advisory tools, provides training and workshops, and acts in conjunction with similar departments of foreign government
3.4. LEGAL FRAMEWORK ON CYBERCRIME IN UNITED STATES
The United States (US) has certain federal laws that relate to computer crimes. In the early 1980s, law enforcement agencies in the US faced the dawn of the computer age with developing issues about the lack of criminal laws available to fight emerging computer crimes. Although there existed in the federal criminal code, provisions relating to the wire and mail fraud, they were incapable of combating the new computer crimes. This led to the enactment of laws to deal with computer crimes. In doing so, Congress opted not to add new provisions regarding computers to existing criminal laws, but address federal computer-related offences in a single, new statute.
The attempts to make a new statute culminated in the Computer Fraud and Abuse Act (CFAA), enacted by Congress in 1986. It is a cyber security law. It protects federal computers, and computers connected to the Internet. It protects them from trespassing, threats, damage, espionage, and from being corruptly used as instruments of fraud. It is not a statute which is broad in scope, but instead it fills cracks and gaps in the protection afforded by other federal criminal laws. The offences provided for by the Act include obtaining national security information, accessing a computer and obtaining information, trespassing in a government computer, accessing a computer to defraud and obtain value, intentionally damaging by knowing transmission, recklessly damaging by intentional access, negligently causing damage and loss by intentional access, trafficking in passwords, and extortion involving computers.
In some situations, the Act allows victims who suffer specific types of loss or damage as a result of violations of the Act to bring civil actions against the violators for compensatory damages and injunctive or other equitable reliefs. The situations in which a victim could bring an civil action for any equitable relief include physical injury to any person; a threat to public health or safety; damage affecting a computer system used by or for a government entity in furtherance of the administration of justice, national defence, or national security; loss to one or more persons during any 1-year period (and, for purposes of an investigation, prosecution, or other proceeding brought by the US only, loss resulting from a related course of conduct affecting one or more other protected computers) aggregating at least $5,000 in value; the modification or impairment, or potential modification or impairment, of the medical examination, diagnosis, treatment, or care of one or more individuals; and damage affecting 10 or more protected computers during any one-year period. As long as a victim is able to prove that he has suffered any type of loss or damage aforementioned, such will suffice for a victim to bring a civil action against the violator.
Another US federal law used for combating computer crimes is the Wiretap Act. The federal Wiretap Act, as amended in 1986 by the Electronic Communications Privacy Act, protects the privacy of wire, oral, and ‘electronic communications’, a broad term that includes computer network communications. It is both procedural and substantive. It prohibits not just law enforcement, but ‘any person’ from making an illegal interception or disclosing or using illegally intercepted material.
The prohibition crux of the Wiretap Act is found in Section 2511(1)(a), which prohibits ‘any person’ from intentionally intercepting, or attempting to intercept, any wire, oral or electronic communication. From the aforementioned Section, it must be shown that the interception of the communication be intentional. In a civil Wiretap Act case, the Fourth Circuit approved of the following familiar jury instruction defining ‘intentional.’ ‘An act is done intentionally if it is done knowingly or purposely. That is, an act is intentional if it is the conscious objective of the person to do the act or cause the result. An act is not intentional if it is the product of inadvertence or mistake. However, the defendant’s motive is not relevant and the defendant needs not to have intended the precise results of its conduct or have known its conduct violated the law.’
Thus, it can be stated here that where an interception is done negligently by any person, Section 2511(1)(a) will not apply.
Section 2511(1)(c) of the Act also provides that ‘Except as otherwise specifically provided in this chapter any person who intentionally discloses, or endeavours to disclose, to any other person the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this shall be punished as provided in subsection (4).’ This Section provides for two mental state requirements. The act of disclosing a communication must be done ‘intentionally’ and it must also be proved that the disclosing individual knew or had reason to know that ‘the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection.’
The Act also prohibits the use of intercepted communication. Section 2511(1)(d) provides that ‘Except as otherwise specifically provided in this chapter any person who…(d) intentionally uses, or endeavours to use, the contents of any wire, oral, or electronic communication, knowing or having reason to know that the information was obtained through the interception of a wire, oral, or electronic communication in violation of this subsection… shall be punished as provided in subsection (4).’
On the surface, ‘use of the contents’ of the intercepted communication appears extremely broad. However, ‘use’ does require some ‘active employment of the contents of the illegally intercepted communication for some purpose.’
While the Wiretap Act has provided for wide prohibitions in Section 2511(1), it has also provided for many exceptions in subsection 2511(2). The exceptions that are particularly relevant in the context of network crimes would be briefly discussed here. One exception is where the consent of a party has been given. Thus an interception is lawful if the interceptor is a party to the communication or if one of the parties to the communication consents to the interception.
Another exception provided by the Act is the exception given to providers of wire or electronic communication services. Thus, it would not be unlawful for an operator of a switchboard, or an officer, employee, or agent of a provider of a wire or electronic communication service, whose facilities are used in the transmission of a wire or electronic communication, to intercept, disclose, or use that communication in the normal course of his employment while engaged in any activity which is a necessary incident to the rendition of his service or to the protection of the rights or property of the provider of that service, except that that a provider of wire communication service to the public shall not utilize service observing or random monitoring except for mechanical or service quality control checks.
The Section grants providers the right ‘to intercept and monitor communications placed over their facilities in order to combat fraud and theft of service.’ For examples, employees of a cellular phone company could intercept communications from an illegally ‘cloned’ cell phone in the course of locating its source.
Section 2511 (2)(g)(i) permits ‘any person’ to intercept an electronic communication made through an electronic communication system that is configured so that the communication is readily accessible to the general public.
Another network crime statute is the Unlawful Access to Stored Communications. And its main focus is to protect email and voicemail from unauthorized access. Section 2701 protects the confidentiality, integrity, and availability of these communications stored by providers of electronic communication services pending the ultimate delivery to their intended recipients. The Section provides thus ‘Except as provided in subsection (c) of this Section whoever… (1) Intentionally accesses without authorization a facility through which an electronic communication service is provided; or (2) intentionally exceeds an authorization to access that facility; and there obtains, alters, or prevents authorized access to a wire or electronic communication while it is in electronic storage in such system shall be punished as provided in subsection (b) of this Section.
A charge under Section 2701 has four essential elements. Which are (i) intentional access (ii) without or in excess of authorization (iii) a facility that provided an electronic communication service and (iv) obtained, altered, or prevented authorized access to a communication in electronic storage. A felony conviction requires proof of one additional element which is act done for commercial advantage, malicious destruction or damage, private commercial gain, or in furtherance of a criminal or tortuous act.
Section 2701 (c) provides three statutory exceptions to a violation. First, the Section does not apply to ‘the person or entity providing a wire or electronic communication service.’ The second exception is that the Section does not apply to conduct authorized by a user ‘with respect to a communication of or intended for that user.’ And the third exception is that the Section does not apply to conduct authorized by other Sections of the Act or the Wiretap Act.
Another US federal law in relation to computer crime is the Identity Theft. Section 1028 criminalizes certain types of conduct involving fraudulent identification documents or the unlawful use of identification information. Another US law is the Access Device Fraud. Prosecutors commonly bring charges under Section 1029 in many types of ‘phishing’ cases, were a defendant uses fraudulent emails to obtain bank account numbers and passwords, and ‘carding’ cases, where a defendant purchases, sells, or transfers stolen bank account, credit card, or debit card information. Penalties for violations of Section 1029 range from a maximum of 10 or 15 years of imprisonment depending on the subsection violated.
The CAN-SPAM Act 2003 is also another US law which provides a means for prosecuting those responsible for sending large amounts of unsolicited commercial email (also known as ‘spam’). Although civil and regulatory provisions are the Act’s primary enforcement mechanisms, it also created several new criminal offenses. Section 1037 provides as offences transmission of multiple commercial emails by (i) accessing a protected computer, without authorization, to send them or (ii) sending them through a protected computer with the intent of hiding their origin or (iii) materially falsifying header information or (iv) falsifying registration information for five or more email accounts or two or more domain names or (v) falsely representing oneself as the registrant of five or more intellectual property addresses (or conspiring to do so).
The penalty for a violation of Section 1037 depends on aggravating factors and prior convictions. It ranges from one year to five years.
3.5. LEGAL FRAMEWORK ON CYBERCRIME IN ENGLAND
In England, criminal law generally applies to illegal acts regardless of the medium used to commit the act. An exception however, is the Computer Misuse Act (CMA) 1990 (and now amended by the Police and Justice Act 2006) which its main focus is on computers. The CMA is the only legislation that explicitly and mainly focuses on computer crime. The Act creates three main offences: (i) unauthorized access to computer material, (ii) unauthorized access to a computer system with intent to commit or facilitate further offences, and (iii) unauthorized modification of computer material. Maximum sentences for these offences range from six months imprisonment and/or a 500 Euros fine to ten years imprisonment and/or an unlimited fine. The current Police and Justice Act contains amendment to the CMA under the Section called ‘Miscellaneous Part 5 Computer Misuse amendments’. For example, Clause 39 doubles the maximum jail sentence for hacking into computer systems from five years to ten years.
Also, the Obscene Publications Act 1964 makes it illegal to publish material that tends to deprave and corrupt those viewing it. The law’s approach to child pornography is that it is so offensive that possession as well as circulation of offending images is criminalized. The primary legislation consists of the Protection of Children Act 1978 and the Criminal Justice Act 1988. It is an offence to possess indecent images involving children.
Incitement to racial and religious hatred is also governed by Section 21 of the Public Order Act 1986 which states that it is an offence for a person to publish or distribute material which is threatening or abusive or insulting if it is intended thereby to stir up racial hatred, or having regard to all the circumstances, racial hatred is likely to be stirred thereby. The Racial and Religious Hatred Act 2006 gained Royal Assent on 16 February 2006. The Act makes it illegal to threaten people because of their religion, or to stir up hatred against a person because of their faith.
Furthermore, in England, under Section 1 of the Malicious Communications Act 1988, it is an offence to send an indecent, offensive or threatening letter, electronic communication or other article to another person and under Section 43 of Telecommunications Act 1984, it is a similar offence to send a telephone message which is indecent, offensive or threatening.
The England copyright law also provides for criminal sanction in certain situations. In England generally, civil remedies provide compensation to wronged intellectual property right holders and most of the copyright criminal offences contained in the Copyright, Designs and Patent Act 1998 (CDPA), are concerned with commercial activity.
This chapter has discussed the international legal framework on cybercrime and the legal framework on cybercrime in US, UK and Canada. Though the convention on cybercrime would go a long way in curbing cybercrime internationally, there is a main reason why the value of the convention on cybercrime may be questioned. The reason being that as a result of the nature of cybercrime that is continuously changing, the required cumbersome amendment process of treaties would risk a premature fixation of the law. It can also be clearly seen from this chapter that the jurisdictions of US, UK and Canada, especially US, have effective legal framework in place to combat cybercrime within their jurisdictions. The next chapter would discuss the legal framework on cybercrime in Nigeria and also engage in a comparative analysis with the foreign jurisdictions, with particular reference to the US jurisdiction.
LEGAL FRAMEWORK ON CYBERCRIME IN NIGERIA
In Nigeria today, the activities of cyber criminals have become a threat to the society. With the arrival of information age, legislatures have been struggling to redefine laws that fit crimes committed by cyber criminals. Initially, there were no specific laws in Nigeria for combating computer crimes. This led to the creation of an ideal environment for criminals to freely operate without any law to combat their criminal activities. It is a general principle of law that an uncodified crime is not punishable, as provided in Section 36 (12) of the 1999 Constitution of the Federal Republic of Nigeria (as amended) which state thus
‘a person shall not be convicted of a criminal offence unless that offence is defined and the penalty thereof prescribed in a written law; and a written law refers to an Act of the National Assembly or a law of a State’
The factors involved in the prosecution of a crime under the Nigerian law emanates from one major source: legislation. As a result of this, the Cybercrime Act 2015 has been enacted for the prohibition, prevention, detection, response and prosecution of cybercrimes and for other related matters. Aside the new Cybercrime Act, there are laws that indirectly relate to the prosecution of cybercriminals. These laws include Economic and Financial Crimes Commission (Establishment) Act 2004, Advanced Fee Fraud and other Fraud Related Offences Act, Nigerian Criminal Code, Money Laundering Prohibition Act and the Nigerian Evidence Act.
The aim of this chapter is to discuss the legal framework on cybercrime in Nigeria and also engage in a comparative analysis with other foreign jurisdictions discussed in the previous chapter, particularly the US with reference to the Cybercrime Act.
4.2 LEGISLATION REGULATING CYBERCRIME IN NIGERIA
The various statutes regulating cybercrime in Nigeria which include Economic and Financial Crimes Commission (Establishment) Act, Advanced Fee Fraud and other Fraud Related Offences Act, Nigerian Criminal Code, Money Laundering Prohibition Act, the Nigerian Evidence Act and the Cybercrime Act would be discussed below.
4.2.1 ECONOMIC AND FINANCIAL CRIMES COMMISSION (ESTABLISHMENT) ACT
This Act was enacted to repeal the Financial Crimes Commission (Establishment) Act, 2002. Section 1 of the Act establishes a body known as the Economic and Financial Crimes Commission (EFCC).
Section 5 of the Act charges the commission with the responsibility of the enforcement and the due administration of the Act, the investigating of all financial crimes including advance fee fraud money laundering, counterfeiting, illegal charge transfers and also the prosecution of all offences connected with or relating to economic and financial crimes, in consultation with the Attorney-General of the Federation. Criminal activities that would come under these economic crimes would include the activities of the ‘Yahoo boys’ whose activities are sabotage on the economy of the country.
Section 5 has been the basis for various actions of EFCC including Emmanuel Nwude (the accused) in the case of Federal Republic of Nigeria v. Chief Emmanuel & Ors. The accused in the case was reputed to have carried out the third world biggest single scam with numerous others pending in count. In this case, the accused persons were charged to the High Court of Lagos State. A 57 count charge was proffered against the accused persons including the scamming to the tune of US $181.6 million and they were all found guilty and sentenced accordingly. In addition to this sentence, their assets were forfeited to the Federal Government of Nigeria and the sums of money recovered and returned to their owners.
Sections 14-18 stipulate offences within the remit of the Act. This includes offences in relation to financial malpractices, offences in relation to terrorism, offences relating to false information and offences in relation to economic and financial crimes.
Section 46 of the Act defines ‘economic crime’ as the non-violent criminal and illicit activity committed with the objectives of earning wealth illegally either-individually or in a group or organised manner thereby violating existing legislation governing the economic activities of government and its administration and includes any form of fraud, narcotic drug trafficking, money laundering, embezzlement, bribery, looting and any form of corrupt malpractices, illegal arms deal, smuggling, human trafficking and child labour, oil bunkering and illegal mining, tax evasion, foreign exchange malpractices including counterfeiting of currency, theft of intellectual property and policy, open market abuse dumping of toxic wastes are prohibited.
From the aforementioned provisions, it can be clearly seen that though the EFCC act effectively deals with internet related fraud, the Act still does not go a long way in dealing with cybercrimes. This is because internet related fraud is only a piece of the puzzle. Cybercrime encompasses internet-related fraud and involves other crimes such as hacking, cyber-stalking, child pornography among other crimes.
4.2.2 ADVANCED FEE FRAUD AND OTHER FRAUD RELATED OFFENCES ACT
The Act was enacted to prohibit and punish certain offences pertaining to advance fee fraud and other fraud related offences and to repeal other Acts related therewith. Advance fee fraud is a vexing threat and a major problem in Nigeria today. The Act provides for ways to combat cybercrime and other related online frauds. The Act provides for a general offence of fraud with several ways of committing it, which are by obtaining property by false pretence, use of premises, fraudulent invitation, laundering of fund obtained through unlawful activity, conspiracy, aiding among other crimes.
Section 2 makes it an offence to commit fraud by false pretence. This Section can be used to prosecute criminals who commit cybercrimes like computer related fraud, where the offender uses an automation and software tools to mask criminals’ identities, while using the large trove of information on the internet to commit fraud.
According to Section 7, a person who conducts or attempts to conduct a financial transaction which involves the proceeds of a specified unlawful activity with the intent to promote the carrying on of a specified unlawful activity with the intent to promote the carrying on of a specified unlawful activity; or where the transaction is designed to conceal or disguise the nature, the location, the source, the ownership or the control of the proceeds of a specified unlawful activity is liable on conviction to a fine of N 1 million and in the case of a director, secretary or other officer of the financial institution or corporate body or any other person, to imprisonment for a term, not more than 10 years and not less than five years.
However, while in previous laws the onus was on the government to carry out surveillance on unlawful activities of criminals, the new law by virtue of Section 13 vests this responsibility on industry players, including internet service providers (ISPs) and cybercafé operators, among others. While the EFCC is the sub-sector regulator, the Act by virtue of Section 12 prescribes that henceforth, any user of internet services shall no longer be accepted as anonymous. Through what has been described as due care measure, cybercafés operators and ISPs will henceforth monitor the use of their systems and keep a record of transactions of users. These details include, but are not limited to, photographs of users, their home address, telephone, email address, etc. So far, over 20 cybercafés have been raided by the EFCC as of August 7, 2007. The operators appear set to comply with the law by notifying users of the relevant portion of the law, corporate user policy, firewall recommendation, protection procedure, indemnity and right of disclosure, among other things.
4.2.3 MONEY LAUNDERING (PROHIBITION) ACT
Another related law regulating internet scam is the Money Laundering (Prohibition) Act 2004. It makes provisions to prohibit the laundering of the proceeds of crime or an illegal act. Section 14 (1) (a) of the Act prohibits the concealing or disguising of the illicit origin of resources or property which are the proceeds of illicit drugs, narcotics or any other crime. Section 17 and Section 18 of the Act also implicates any person corporate or individual who aids or abet illicit disguise of criminal proceeds. Section 10 makes life more difficult for money launderers by mandating financial institutions to make compulsory disclosure to National Drugs Law Enforcement Agency in certain situations prescribed by the Act. In the same way, if it appears that a customer may not be acting on his own account, the financial institution shall seek from him by all reasonable means information as to the true identity of the principal.
This enables authorities to monitor and detect suspicious cash transactions and these Sections can be used against criminals who use the internet as a means of unlawfully transferring large amount of money from one account to another.
- CRIMINAL CODE
This Act was enacted to establish a code of criminal law in Nigeria. The criminal code criminalizes and sanctions any type of stealing of funds, in whatever form and also false pretences. Although, cybercrime is not specifically mentioned here, crimes such as betting, theft and false pretences performed through the aid of computers and computer networks is a type of crime punishable under the criminal code. Section 239(2) (a) and 240A of the code prohibit betting and public lotteries respectively. Section 239(2)(a) provides that any house, room or place which is used for the purpose of any money or other property, being paid or received therein by or on behalf of such owner, occupier, or keeper or person using the place as or for an assurance, undertaking, promise, or agreement, express or implied, to pay or give thereafter any money or other property on any event or contingency of or relating to any horse race or other fight, game, sport or exercise, of any house, room, or place knowingly and willfully permits it to be opened, kept or used or any person who has the use or management of such business of a common betting house is guilty and liable to imprisonment for one year, and to a fine of one thousand naira. This Section can be used by law enforcement agencies to regulate ‘Online Betting’ or prosecute such persons as would contravene this Section.
Section 240 also defines ‘public lottery’ to mean a lottery to which the public or any class of the public has, or may have access and every lottery shall, until contrary is proved be deemed to be a public lottery. ‘Lottery’ includes any game, method or device whereby money or money’s worth is distributed or allotted in any manner depending upon or to be determined by chance or lot.
Section 240A(c) provides that every person who writes, prints, publishes or causes to be written, printed or published, any lottery ticket or any announcement relating to public lottery shall be liable to a fine not exceeding six (6) months. This Section also covers lotteries done with the use of computers or on the internet as being an offence and can be used to combat this crime.
Section 418 defines false pretence as any representation made by words, writing, or conduct of a matter of fact, either past or present, which representation is false in fact and which the person making it knows to be false or does not believe to be true.’ Cybercrime that would fall under this Section would mainly bother on computer related fraud. By their fraudulent action, cybercriminals deceive their victims by pretending to have abilities or skills which ordinarily they do not have or possess.
Most of the activities of these cyber criminals bother on false pretences and cheating which Section 419 and 421 of this Act prohibit respectively. Section 419 states that ‘any person who by any false pretence, and with the intent to defraud, obtains from any other person anything capable of being stolen or induces any other person deliver to any person anything capable of being stolen, is guilty of a felony and is liable to imprisonment for three years.’
Furthermore, a suspect could also be charged under Section 421 of the Act which provides that ‘any person who by means of any fraudulent trick or device obtains from any other person anything capable of being stolen, or induces any other person to deliver to any person anything capable of being stolen or to pay or deliver to any person any money or goods, or any greater sum of money or greater quantity of goods than he would have paid or delivered but for such trick or device, is guilty of a misdemeanour, and is liable to imprisonment for two years. A person found committing the offence may be arrested without warrant’
Unfortunately, the criminal code is a British legacy which predates the Internet era and understandably does not specifically address email scams. For example, notwithstanding that Section 419 of the Criminal Code criminalizes computer-related fraud; the position that a suspect cannot be arrested without a warrant, unless found committing the offence, does not reflect the crime’s presence or perpetration in cyberspace. Only in exceptional circumstances could a suspect be caught in the act, especially with the advancement of technology in the information world of today.
Furthermore, aside from the fact that Nigeria lacks the resources to police activities of Nigerians on cyberspace, doing so could actually raise privacy or other rights issues. Also, the punishment for an internet fraudster which is three years imprisonment or seven years if the value of stolen property exceeds one thousand naira is to say the least paltry compared to the enormity of the crime and unjust rewards that usually run into millions of dollars. Moreover, in criminal trials, the state is the complainant. And under the Nigerian criminal justice system, there is hardly any form of compensation for the victims of the crime.
4.2.5 NIGERIAN EVIDENCE ACT
This Evidence Act repeals the old Evidence of 1945. As opposed to the old Evidence Act, this Act allows for admissibility of digital and electronic evidence. Before the enactment of the Act, electronically generated evidence was not admissible in Nigerian courts, thereby creating a serious impediment in the prosecution of cybercrimes. In the case of Esso West Africa Inc. v. T. Oyegbola , the court had a foresight when it stated that:
The law cannot be and is not ignorant of the modern business methods and must not shut its eyes to the mysteries of computer. In modern times reproduction and inscriptions on ledgers or other documents by mechanical process are common place and Section 37 cannot therefore only apply to books of account
This Act is therefore a big step in the right direction towards the prosecution of cybercrime activities in Nigerian courts. Following age-long need for review of evidence laws to become age compliant, digital evidence is now admissible on Nigerian courts. The Act provides for the definition of a Computer which was not included in the 1945 Evidence Act. Under the Act, a computer is defined as ‘as any device for storing and processing information, and any reference to information being derived from other information is a reference to its being derived from it by calculation, comparison or any other process.’
Section 84(1)-(5) introduces the ‘admissibility of statements in documents produced by computers. The Section has now made it possible for facts for which direct oral can be given to be equally evidence by a computer-produced document containing such facts, subject however to condition precedents as to the document, the computer from which it was generated and the person who generated it or manages the relevant activities captured in the document, for instance cybercafé managers, secretaries, ATM card users or experts – the list is endless.
. Section 84(2) which provides for one of the conditions for the admissibility of statement in documents produced by computers is very similar to the position in England on the admissibility of computer generated evidence. This is not quite unusual considering that the Nigerian law today is more or less a hotchpotch of the English law.
Thus, in R v. Spiby the English Court of Appeal held that the trial judge had properly admitted evidence of computer printouts of a machine which had monitored hotel guests’ phone calls. Taylor LJ in this case confirmed that ‘this was not a printout which depended in its content for anything that had passed through the human mind’ and so was admissible as real or direct evidence. The court also noted here that unless there was evidence to the contrary the court would assume that the electronic device generating the evidence was in working order at the material time.
Lawyers can now rely on Section 84(5)(c) to prove that information via mobile phones and other gadgets/devices are admissible. This has made it more convenient and expedient for our courts to admit computer generated evidence
Section 93 of the Act makes provision for electronic signatures. Through the use of electronic signatures, the use of internet as an expeditious commercial tool is promoted.
4.2.6 Cybercrime Act 2015
This is an Act that provides for the prohibition, prevention, detection, response and prosecution of cybercrimes and other related matters. The Act is divided into eight parts. Part I provides for the objectives and application of the Act, Part II provides for the protection of critical national infrastructure, part III provides for offences and penalties, Part IV provides for duties of service providers, Part V provides for administration and enforcement, Part VI of the Act provides for search, arrest and prosecution, Part VII provides for jurisdiction and international co-operation and Part VIII provides for miscellaneous.
The objectives of the Act are to-
- Provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria;
- Ensure the protection of critical national information infrastructure; and
- Promote cybersecurity and the protection of computer systems and networks, electronic communications; data and computer programs, intellectual property and privacy rights.
Before the enactment of this Act, the legal and institutional framework regulating cybercrime in Nigeria was not unified. But through this Act, the legal, regulatory and institutional framework for the combating of cybercrime would be unified. The application of the provisions of the Act would also apply throughout the Federal Republic of Nigeria.
The Act looks into the position of the nation with reference to information and communication where it provides for the designation of certain computer systems or networks as critical information infrastructure. And it further provides that:
The president may on the recommendation of the National Security Adviser, by Order published in the Federal Gazette, designate certain computer systems, networks and information infrastructure vital to the national security of Nigeria or the economic and social well being of its citizens, as constituting Critical National Information Infrastructure.
The presidential order made under subsection (1) of this Section may prescribe minimum standards, guidelines rules or procedure in respect of the protection or preservation of critical information infrastructure; the general management of critical information infrastructure; access to, transfer and control of data in any critical information infrastructure, infrastructural or procedural rules and requirements for securing the integrity and authenticity of data or information contained in any critical national informational infrastructure; the storage or achieving of data or information regarded critical national information infrastructure, recovery plans in the event of disaster or loss of the critical national information infrastructure or any part of it; and any other matter required for the adequate protection, management and control of data and other resources in any critical information infrastructure.
Through this aforementioned provision of the Act, national security is secured and enhanced by the protection of critical information infrastructure.
Part III of the Act discuses the offences and penalties in relation to cybercrimes. Through these provisions, crimes committed through computer and computer networks are codified and thus punishable under Nigerian law. Before the enactment of these provisions, only internet related fraud was actually a punishable cybercrimes. But this Part of the Act provides for offences and penalties in relation to cybercrimes.
The Act provides for offences against critical national infrastructure. And any person who commits any offence against any critical national information infrastructure, pursuant to Section 3 of the Act, is liable on conviction to imprisonment for a term of not less than fifteen years without an option of fine. Where the offence committed under subsection (1) of this Section results in grievous bodily injury, the offender shall be liable on conviction to imprisonment for a minimum term of fifteen years without option of fine. Where the offence committed under subsection (1) of this Section results in death, the offender shall be liable on conviction to death sentence without an option of fine.
Critical national information infrastructure is defined as those assets (real and virtual), systems and functions that are vital to the nations that their incapacity or destruction would have a devastating impact on national economic strength, national image, national defiance and security, government capability to functions and public health and safety. The critical national infrastructure is therefore a major asset for the nation, and Section 5 (1) would therefore help in promoting national security.
The Act further criminalizes unlawful access to a computer and the crime is punishable with a term of imprisonment of not less than two years or to a fine of not less than five million naira or to both fine and imprisonment. The Act further provides that where the crime of unlawful access to a computer was committed with the intent of obtaining and securing access to any computer data, program, commercial or industrial secrets or confidential information, the offender shall be liable to a term of imprisonment of not less than three years or to a fine of not less than seven million naira or such offender shall be liable to both fine and imprisonment.
The Act discusses unlawful interception of communications, where it further provides that any person, who intentionally and without authorization or in excess of authority intercepts any data from a computer to or from a computer, computer system or connected system or network commits an offence and liable on conviction to imprisonment for a term of not less than two years or to a fine of not less than five million naira or to both fine and imprisonment.
This Section aims to secure the internet which is a collection of information, protect data and protect the privacy of individuals in relation to the information they transfer through the net.
The Act also establish numerous other crimes, including unauthorized modification of a computer program or data, system interference, misuse of devices, computer-related fraud, identity theft or impersonation, cyberstalking, and cybersquatting.
Section 17 of the Act also criminalizes cyberterrorism and provides that any person who accesses or causes to be accessed any computer system for the purpose of committing a terrorist act as defined under Terrorism (Prevention) Act 2011 as amended commits a cyberterrorism offence and he is thus liable to life imprisonment upon conviction.
The Act also criminalizes child pornography and creates two classes of offenses under this category. The first involves the use of a computer network for the purpose of, among other activities, the possession, production, and/or distribution of materials depicting a minor, a person appearing to be a minor, or images representing a minor engaged in sexually explicit conduct. The second involves the use of ‘information and communication technologies’ to engage in such acts as luring and meeting (here the crime requires two elements to exist: communicating with a child online followed by an in person meeting) with s child for the purpose of engaging in sexual activities or recruiting a child to participate in a pornographic performance. The penalties for the offences would range from a five to ten year prison term or fines ranging from ten to twenty million naira, or both, depending on the particular offense.
The use of a computer system or network to distribute racist or xenophobic materials, materials that deny, approve, or justify acts that constitute genocide or crimes against humanity, or the use of a computer system or network for racist or xenophobic insults, would constitute an offense under Section 18 of the Act, and upon conviction, the offender would be subject to a sentence of at least five years in prison and or a minimum of ten million naira fine.
Part IV of the Act which makes provision for the duties of service providers requires internet and phone service providers to retain and make available to government agencies customer information, including traffic data as well as subscriber information. If a service provider fails to cooperate with government agencies in this regard, it would be subject to a fine of at least N10 million, and its director/manager/officer would be prosecuted and, on conviction, be subject to at least three years in prison and/or a N7 million fine.
The legislation also affords law enforcement officers broad search, arrest, and seizure powers, including some that do not require judicial oversight. This occurs when there is what the legislation calls a ‘verifiable urgency’ that a cybercrime is about to be committed or that there is an ‘urgent need to prevent the commission of an offence,’ and obtaining a warrant would take time and be prejudicial to public safety order. In such a circumstance, a law enforcement officer would have the authority to enter any premises or vehicle that he reasonably suspects is being used or likely to be used for the commission of a crime or that contains evidence of the commission of a crime. Once the officer is in control of the premises or vehicle, the officer does not have to wait to obtain a warrant; he may conduct searches, seize items, or arrest persons he ‘reasonably suspects’ to be connected to the crime. Section 33 of the Act also vests authority on the Federal High Courts to try and sanction offences committed under this Act.
4.3 INSTITUTIONS REGULATING CYBERCRIME IN NIGERIA
There are certain bodies in Nigeria set up by the Nigerian government mainly involve the setting-up of special bodies by the Nigerian government to deal with cybercrime. And they include the Economic and Financial Commission (EFCC) and the Nigerian Cybercrime Working Group.
- ECONOMIC AND FINANCIAL CRIMES COMMISSION (EFCC)
The EFCC is a Nigerian law enforcement agency that investigates financial crimes such as advance fee fraud and money laundering. The commission is empowered to investigate, prevent and prosecute offenders who engage in ‘money laundering, embezzlement, bribery, looting and any form of corrupt practices, illegal arms deal, smuggling, human trafficking, and child labour, illegal oil bunkering, illegal mining, tax evasion, foreign exchange malpractices include counterfeiting of currency, theft of intellectual property and piracy, open market abuse, dumping of toxic wastes, and prohibited goods’
The commission is also responsible for identifying, tracing, freezing, confiscating, or seizing proceeds derived from terrorist activities. For example, in 2005, the EFCC confiscated at least hundred million dollars from spammers and other defendant s. 
Punishment prescribed in the EFCC Establishment Act range from combination of payment of fine, forfeiture of assets and up to five years Conviction for terrorist financing and terrorist activities attract life imprisonment. It must be stated here that EFCC has excellent working relationship with major Law Enforcement Agencies all over the world. These include United Nation on Drugs and Crime (UNODC), Economic Community of West African States (ECOWAS), Council of Europe (CoE) among other agencies.
126.96.36.199 NIGERIAN FINANCIAL INTELLIGENCE UNIT (NFIU)
This is an operative unit in the office of EFCC and was established under EFCC Act 2004 and Money Laundering (Prohibition) Act of 2004, as amended. The unit is a significant component of the EFCC. It complements the EFCC’s directorate of investigations but does not carry out its own investigation. The unit’s coordinating objective is receipt and analysis of financial disclosure of Currency Transaction Report and Suspicion Transaction. All financial institutions and designated non-financial institutions are required by law to furnish the NFIU with details of their financial transactions. The NFIU has access to records and databanks of all government and financial institutions, and it has entered into memorandums of understandings (MOUs) on information sharing with several other financial intelligence centres.
- NIGERIAN CYBERCRIME WORKING GROUP (NCWG)
The Nigerian Federal government in 2004 set up the Nigeria Cybercrime Working (NCWG) to realize the objectives of National Cybersecurity Initiative (NCI). The objectives of the NCI include public enlightenment of the Nigerian populace on the nature and danger of cybercrime, criminalization through new legislation of all on-line vices, establishment of legal and technical framework to secure computer systems and Networks, and protection of critical information infrastructure for the country. The group was created to deliberate on and propose ways of tackling the malaise of internet fraud in Nigeria.
4.4 COMPARATIVE ANALYSIS OF THE NIGERIAN LEGAL FRAMEWORK ON CYBERCRIME WITH OTHER JURISDICTIONS
Under this section, the writer would use the Nigerian Cybercrime Act 2015 as the basis for its comparison. This is because the Cybercrime Act covers virtually everything provided for by other Nigerian statutes dealing with cybercrime. Though the Cybercrime Act adequately provides for the prevention and prosecution of cybercrimes in Nigeria, there are however certain shortcomings.
Unlike America, the Cybercrime Act does not specifically provide for email spam. Section 15 of the Act only provides for the crime of sending messages that are grossly offensive, indecent, obscene, false for the purpose of causing annoyance or with intent to harm any person, property, reputation or with intent to extort. Section 42, which is the interpretation Section, defines cyberstalking to include: ‘(i) the use of the Internet or other electronic means to stalk or harass an individual, a group of individuals, or an organization. It may include false accusations, monitoring, making threats, identity theft, damage to data or equipment, the solicitation of minors for sex, or gathering information in order to harass; (ii) sending multiple e-mails, often on a systematic basis, to annoy, embarrass, intimidate, or threaten a person or to make the person fearful that she or a member of her family or household will be harmed.’
This does not extend to email spam. Email spam involves sending large amount of unsolicited commercial email, which could occur even in the absence of any intent to annoy, threaten or annoy the receiver. In our current age, spam could even contain various malware threats that the sender of the mail might not even know about. Therefore, it is suffice to say that the Cybercrime Act is not comprehensive enough in relation to cyberstalking as opposed to the American legal regime that specifically provides for email spam by virtue of its CAN SPAM Act under Section 1037. The Act also provides for sanction that ranges from one to five years, depending on aggravating factors and prior convictions.
Also, the Cybercrime Act as opposed to the American Computer Fraud and Abuse Act (CFAA), does not allow victims who suffer specific types of loss or damage as a result of violations of the Act to bring civil actions against the violators for compensatory damages and injunctive or other equitable reliefs. Section 31 of the Cybercrime Act only provides for the forfeiture of the assets to the Federal Government of Nigeria. Under the CFAA, by virtue of Subsection 1030(g), a victim could bring a civil action for any equitable relief in certain situations. The Cybercrime Act thus neglects the interests of victims that are affected by the acts of cybercriminals and does not provide them with adequate protection.
Furthermore, although Section 24(3) of the Cybercrime Act provides that law enforcement, security and intelligence agencies should undergo training programmes, the fact that the judges are not included among the people required to undergo training programmes would likely affect the effective implementation of the Act. For instance, Section 27(3)(d) of the Cybercrime Act provides that a court may not issue a warrant under subsection 2 of the Section unless the court is satisfied that there are reasonable grounds for believing that the person named in the warrant is preparing to commit an offence under this Act. If the judge in question is not well vast in matters of computer crimes and cyber security, the judge might not know exactly what constitute enough ‘reasonable ground’ to believe that a person named in the warrant is preparing to commit an offence under this Act. Thus, without adequate knowledge on the part of the judges about computer crimes and cyber security, the Act would not be effectively implemented.
More so, although Sections 8 and 9 of the Cybercrime Act prevent the modification of computer data and computer system through malicious codes such as viruses, they do not prevent the creation and distribution of computer viruses among people.
This chapter has discussed the various statutes and institutions regulating cybercrime in Nigeria. Aside the Cybercrime Act, though these various statutes and institutions are not perfectly effective, they would go a long way in combating particularly internet-related fraud. In particular, As a result of the newly enacted Cybercrime Act 2015, Nigeria can now assert of a legislation that is in place for the purpose of combating cybercrimes. Unfortunately, the Act has certain shortcomings as already aforementioned in this chapter. The next chapter would give summary and proffer recommendations to this work.
SUMMARY, RECOMMENDATIONS AND CONCLUSION
This research work has succeeded in giving a conceptual analysis on ‘cybercrime’ by discussing the different definitions on ‘cybercrime’ proffered by different scholars. It also enunciated the substantive and substantial characteristics of cybercrime, in order to depict that it is a distinct phenomenon from what is known as traditional crimes. The work also conducted an analytical distinction between ‘cybercrimes’ and other related concepts such as ‘cyber-attack’ and ‘cyber-warfare’. Furthermore, this research work examined the classification of cybercrimes and also explained the various types of cybercrime such as dissemination of viruses, ‘phishing’, computer-related fraud, cyberstalking, hacking among other cybercrimes. The research discussed the international legal framework on cybercrime focusing on the ‘convention on cybercrime’, the legal framework on cybercrime in Canada, US and UK. In addition, the research work also discussed the various Nigerian statutes and institutions regulating cybercrime, making a comparative analysis with the foreign jurisdictions, with particular reference to the US jurisdiction.
In the course of the research, certain loopholes and gaps within the legal framework regulating cybercrime in Nigeria were observed. The loopholes that were observed include the inability of the Cybercrime Act to effectively deal with the creation and distribution of viruses, the inability of the Cybercrime Act to effectively deal with email spam, etc. With respect to these loopholes, certain recommendations have been suggested to help remedy these shortcomings.
Finally, cybercrime is a great threat to the Nigerian economy and even to its national peace and security. The study has shown that the abuse of computer technology threatens national security, public safety and even devastates the lives of affected individuals. However, Nigeria like most African countries has a weak legal framework and a weak legal enforcement to effectively combat cybercrime. As shown in the research work, the legal framework regulating cybercrime in Nigeria is not as comprehensive like other developed jurisdictions particularly in reference to the US jurisdiction. The Nigerian legal system in this regard, though above average, still has certain loopholes as already identified in this work.
In this respect, it is submitted that if the succeeding recommendations in this Chapter are implemented, it would go a long way in combating cybercrimes in Nigeria, thus enhancing computer security and cyber security.
- Legislation relating to cyberspace must be enacted with much precision in order to deal effectively with the acts of the cybercriminals. Information technology professionals should be involved at the law making process so as to help make laws that would be in line with the present level of technology.
- The public should also be well enlightened on how exactly computer systems and computer data can be protected. For example, the use of anti-viruses and passwords among the public should be encouraged. There are cases where the breaking into of a computer system is made to look as if it is from an unknowing victim who is unaware of anything, which is usually due to a virus installed on the ‘unsuspecting victim’s computer or easy access to the ‘unsuspecting victim’s computer due to lack of comprehensive security such as lack of comprehensive firewall, passwords and anti-viruses. The use of anti-viruses and passwords among the public would go a long way in enhancing computer security.
- Although Section 8 of the Cybercrime Act deals with unauthorized modification of computer data which would definitely include the use of computer viruses to modify computer systems and data, it does not cover the ambit relating to creation and distribution of computer viruses. Section 8 of the Act should be widened in order to effectively deal with the distribution and creation of computer viruses so as to help enhance computer security and combat cybercrime.
- Furthermore, Section 15 of the Cybercrime Act which provides for cyberstalking should be made to extend to email spam that is, sending large amount of unsolicited commercial emails.
- Section 24(3) of the Cybercrime Act which provides for the training of the law enforcement agencies should also be extended to cover judges in the training so as to aid the effective implementation of the Act.
- Also, the Cybercrime Advisory Council established under Section 25 of the Cybercrime Act should be made to go through a periodic training relating to the combating of cybercrime, so as to enable them to get the latest development relating to cybercrime and the method of fighting it. This is very pertinent, because the nature of cybercrime and the methods by which it can be effectively prevent and prosecuted are very dynamic.
- Although Part VI of the Act provides for the search, arrest and prosecution of cybercriminals by law enforcement officers, it is in the opinion of this writer that these provisions are not enough in the prosecution of cybercriminals. Provisions should be made to provide for how information technology professionals can get involved at the investigative level as consultants to law enforcement agencies.
- The Cybercrime Act should also provide for compensatory damages and other form of reliefs to victims who suffer from the acts of these cybercriminals, just as it is provided for in the American jurisdiction, under Subsection 1030(g)of the Computer Fraud and Abuse Act.
Ashaolu, D., Combating Cybercrimes in Nigeria in Ashaolu, D., (ed) Basic Concepts in Cyberlaw, (Velma Publishers, 2012)
Brierly, J., The Law of Nations: An Introduction to the International Law of Peace (Oxford University Press, 6th ed. 1963)
Cambridge Advanced Law Dictionary (3rd ed, Cambridge University Press, 2008)
Clifford, R., Cybercrime: The Investigation, Prosecution and Defence of a Computer-Related Crime (Caroline Academic Press, 2001)
Ferrera, G., et al., CyberLaw: Texts and Cases (Southwestern College Publishing Co, 2001)
Garner, B., Blacks Law Dictionary (9th ed, Thompson Reuters Business, 2004)
Loader, B., Douglas T., Cybercrime: Security and Surveillance in the Information Age (Routledge Publishing Co. 2000)
Aditya K, ‘Dissecting the State of Underground Enterprise’ (2012) IEEE available at <https://web.cse.msu.edu/~soodadit/papers/IEEE_IC_dissecting_the_state_of_underground_ent.pdf>
CNII Portal available at <http://cnii.cybersecurity.org.my/main/about.html>
Computer Crime (2006) Postnote No 271 available at <http://www.parliament.uk/documents/post/postpn271.pdf>
Computer Crime’ Department of Computer Science available at <https://cpnnex.csc.uvic.ca/access/content/group/6a4f8ee0-590e-45c6-8333-ce5917a95d4c/web/notes/05_crime.pdf>
Computer Misuse Overview (2007) JISC legal Information available at <http://www/jisclegal.ac.uk/LegalAreas/ComputerMisuse/ComputerMisuseOverview.aspx>
Convention on Cybercrime, Explanatory Report p 38 available at <http://conventions.coe.int/Treaty/EN/Reports/Html/185.htm>
Cyberterrorism Defined (as distinct from ‘Cybercrime’)’ (Infosec Institute, 2012) available at <http://resources.infosecinstitute.com/cyberterrorism-distinct-from-cybercrime/>
Felicity, N., ‘Cyberstalking Victimization: Impact and Coping Responses in a National University Sample’ <http://drum.lib.umd.edu/bitstream/1903/8206/1/umi-umd-5402.pdf>
Introduction to Cyber Crime available at <http://wsilfi.staff.gunadarma.ac.id/Downloads/files/13309/W03-Cyber+crime.pdf>
John D. Mercer ‘Cybersquatting: Blackmail on the Information Superhighway’ available at <http://128. 197 .26.36/law/central/jd/organizations/journals/scitech/volume6/mercer.pdf>
Judge David Harvey, ‘Cyberstalking and Internet Harassment: What the Law Can Do’ available at <http://www.netsafe.org.nz/Doc_Library/netsafepapers_davidharvey_cyberstalking.pdf>
Kowalski, M., ‘Cyber-Crime: Issues, Data Sources, and Feasibility of Collecting Police-Reported Statistics’ Canadian Centre for Justice Statistics available at <http://publications.gc.ca/Collection/Statcan/85-558-X/85-558-XIE2002001.pdf>
Mali, P., ‘Classification of Cybercrimes’ August, 2009 Lawyersclubindia available at <http://www.lawyersclubindia.com/articles/Classification-Of-CyberCrimes–1484.asp>
National Strategy to Secure Cyberspace’ (2003) p. viii Department of Homeland Security, available at <http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf>
Nelson, D., ‘Cyberstalking’ at <http://www/tccmweb.com/swcm/may97/stalk.htm>
Shi J., Saleem S., ‘Phishing’ Computer Security Research Reports, University of Arizona available at <http://www.cs.arizona.edu/~collberg/Teaching/466-566/2014/Resources/presentations/2012/topic5-final/report.pdf>
Susan Brenner, ‘Thoughts, Witches and Crimes,’(2009) CYB3RCRIM3: Observations on Technology, Law, and Lawlesssness, available at <http://cyb3crim3.blogspot.com/2009/05thoughts-witches-and-crimes.html>
The Evolution of Phishing Attacks:2011-2013’ Kaspersky Lab available at <http://media.kaspersky.com/pdf/Kaspersky_Lab_KSN_report_The_Evolution_of_Phishing_Attacks_2011-2013.pdf>
Thompson, H., ‘What Do We Really Understand When We Talk About Computer Crime?’ available at <http://extranet.trusted-management.com/whitep/White-Paper-Crime.pdf>
Adomi, E., ‘Combating Cybercrime in Nigeria’ (2008) 26(5), The Electronic Library,
Aldrich, R. ‘Cyberterrorism and Computer Crimes: Issues Surrounding the Establishment of an International Legal Regime’ (2000), Paper 32 Information Operations Series USAF pp 1-135
Ani, L., “Cybercrime and National Security: The Role of the Penal and Procedural Law” (2011) Law and Security in Nigeria, pp 197-232
Boyle, J., ‘Foucault in Cyberspace: Surveillance, Sovereignty, and Hardwired Censors’ (1997) vol 66, University of Cincinnati Law Review, p 177
Brenner, S., “Towards a Criminal Law for Cyberspace: Product Liability and Other Issues” (2004) 5(1) Journal of Technology Law and Policy, pp1-113
Chawki, M., ‘Nigeria Tackles Advance Fee Fraud’ (2009) vol 1 Journal of Information, Law & Technology pp 1-20
Ehimen, O., Bola, A., ‘Cybercrime in Nigeria” (2010) 3(1) Business Intelligence Journal pp 93-98
Ellison, L., Akdeniz, Y., ‘Cyber-stalking: the regulation of Harassment on the internet.’ (1998) Criminal Law Review, December Special Edition: Crime, Criminal Justice and the Internet, pp 29-48
Finne, T., ‘Future Challenges of Cybercrime’ (2010) vol 5 Future Working Group
Goodman, M., ‘Why the Police don’t Care about Computer Crime’ (1997) 10(3) Harvard Journal of Law and Technology pp 465-494
Hathaway, O., et. al, ‘The Law of Cyber-Attack’ (2012) California Law Review, pp 817-885
Herhalt, J., ‘Cyber Crime- a Growing Challenge for Governments’, (2011) vol 8, Issue Monitor
Hoar, S., ‘Trends in Cybercrime: The Dark Side off the Internet’ (2005) 20(3) Criminal Justice pp 1-10
Johnson, D., David, G., ‘Law and Borders-The Rise of Law in Cyberspace’ (1996) vol 48, Stanford Law Review, p 1367
Keyser, M., ‘The Council of Europe Convention on Cybercrime’ (2003) 12(2) Journal of Transnational Law and Policy, pp 287-326
Kshetri, N., ‘Pattern of Global Cyber War and Crime: A Conceptual Framework’ (2005) 11(4) Journal of International Management, pp 541-562
Lewis. B., ’Prevention of Computer Crime Amidst International Anarchy’, (2004) American Criminal Law Review pp 1353-1362
McCusker, R., “Transitional Organised Cyber Crime: Distinguishing Threat from Reality” (2006) 45(4-5) Crime, Law and Social Change, pp 257-273
McGraw, D., ‘Sexual Harassment in Cyberspace: The Problem of Unwelcome E-mail’ (1995) vol 21 Rutgers Computer and Technology Law Journal, 492
Menelly, L., ‘Prosecuting Computer-Related Crime in the United States, Canada, and England: New Laws for Old Offenses’ (1985) Boston College International and Comparative Law Review, 551
Oke, R., ‘Cyber Capacity without Cyber Security: A Case Study of Nigeria’s National Policy for Information Technology (NPFIT)’ (2012) vol 12 The Journal of Philosophy, Science and Law’
Okeshola, F., Adeta, A., ‘The Nature, Causes and Consequences of Cyber Crime in Tertiary Institutions in Zaria-Kaduna State, Nigeria’ (2013) 3(9) American Journal of Contemporary Research pp 98-114
Olayemi, O., ‘A Socio-Technological Analysis of Cybercrime and Cyber security in Nigeria’ (2014) 6(3) International Journal of Sociology and Anthropology, pp 116- 125
Olusola, M., ‘Cyber Crimes and Cyber Laws’ (2013) 2(4) The International Journal of Engineering and Science pp 19-25
Oriola, T., ‘Advance Fee Fraud on the Internet’ (2005) vol 21 Computer Law and Security Report
Poonia, A., ‘Cyber Crime: Challenges and its Classification’ (2014) 3(6) International Journal of Emerging Trends and Technology in Computer Science pp 119-121
Saulawa, M., Marshal, J., ‘Cyberterrorism: A comparative Legal Perspective’ (2015) vol 33, Journal of Law, Policy and Globalization, pp 1-7
Weber, A., ‘The Council Of Europe’s Convention on Cybercrime’ (2003) 18(1) Berkeley Technology Law Journal pp 425-446
Yang, D., Hoffstadt, B., “Countering the Cyber-Crime Threat” (2006) 43(2) American Criminal Law Review
Yasin, M., “Global Nature of Computer Crimes and the Convention on Cybercrime” (2006) 3(2) Ankara Law Review, pp 129-141
Ahmed, A., ‘New Administration of Criminal Justice Act Will Ensure All Law Enforcement Agencies Work Together’ This Day Live (Nigeria, 2 June 2015)
Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress’ (2008) Congressional Report Service, Report for Congress.
Carleton, R., Smyth, S., ‘Measuring the Extent of Cyber-Fraud: A Discussion Paper on Potential Methods and Data Sources’ (2011) ‘Research and National Coordination Organized Crime Division Law Enforcement and Policing Branch Public Safety Canada’
Cyber-crime, Securities Markets, and Systemic Risks’ (2013) Joint Paper of the IOSCO Research Department and World Federation of Exchanges
Doyle, C., ‘Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws’ Congresssional Research Service
Finklea, k., Theohary, C., ‘Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement’ (2015) Congressional Research Service.
International Telecommunication Union (ITU) “Understanding Cybercrime: Phenomena, Challenges and Legal Response” (2012) September Report
Jarret, M., Bailie, M., ‘Prosecuting Computer Crimes’ (Published by Office of Legal Education Executive Office for United States Attorneys)
Woimann. G., ‘Cyberterrorism How Real Is the Threat?’ United States Institute of Peace Special Report
THESIS AND DISSERTATION
Chinedu, L., ‘Regulation of Cybercrime in Nigeria: A Critical Appraisal’ (Unpublished, LLB Thesis) Imo State University, Owerri, 2014.
Erharbor, M., ‘Cybercrime and the Youths’ (Unpublished, PGDE Thesis). Department of Education, Ambrose Ali University, Ekpoma, Nigeria, (2008)
Okeshola, F., Adeta, A., ‘The Nature, Causes and Consequences of Cyber Crime in Tertiary Institutions in Zaria-Kaduna State, Nigeria’ (2013) 3(9) American Journal of Contemporary Research 98-114 at 98
 International Telecommunication Union (ITU) ‘Understanding Cybercrime: Phenomena, Challenges and Legal Response’ (2012) September Report available at <www.itu.int/ITU-D/cyb/cybersecurity/legislation.html> accessed 7th December, 2014.
 Herhalt, J., ‘Cyber Crime- A Growing Challenge for Governments’ (2011) vol 8 issue Monitor available at <https:www.kpmg.com/Global/en/IssuesAndInsights/ArticlesPublications/Documents/cyber-crime.pdf>
 Internet World Stats available at <http://www.iternetworldstats.com/af/ng.htm> accessed 15th November 2014.
 United States Attorney, Central District of California; Chair, Attorney General’s Subcommittee on Cyber and Intellectual Property Crimes, 2005-Present
Olusola, M., ‘Cyber Crimes and Cyber Laws’ (2013) 2(4) The International Journal of Engineering and Science pp 19-25 at pp 19
 Olayemi, O., ‘A Socio-Technological Analysis of Cybercrime and Cyber security in Nigeria’ (2014) vol 6(3) Academic Journal pp 116- 125 at pp 116
 Kshetri, N., ‘Pattern of Global Cyber War and Crime: A Conceptual Framework’ (2005) 11(4) Journal of International Management, pp 541-562 at p 541
Ashaolu, D., ‘Combating Cybercrimes in Nigeria’ in Ashaolu, D., (ed) Basic Concepts in Cyberlaw, (Velma Publishers, 2012)
Brenner, S., ‘Towards a Criminal Law for Cyberspace: Product Liability and Other Issues’ (2004) 5(1) Journal of Technology Law and Policy, pp1-113 at p 35
 National Crime Prevention Council ‘cybercrimes’ 2012 available at <http://www.ncpc.org/resources/files/pdf/internet-safety/13020-Cybercrimes-revSPR.pdf> accessed 14th November, 2014.
Yang, D., Hoffstadt, B., ‘Countering the Cyber-Crime Threat’ (2006) 43(2) American Criminal Law Review
Ehimen, O., Bola, A., ‘Cybercrime in Nigeria’ (2010) 3(1) Business Intelligence Journal pp 93-98 at pp 93
ITU, op. cit
Erharbor, M., ‘Cybercrime and the Youths’ (Unpublished, PGDE Thesis). Department of Education, Ambrose Ali University, Ekpoma, Nigeria, (2008).
Okeshola, op. cit
Ehimen, op. cit
 Ahmed, A., ‘New Administration of Criminal Justice Act Will Ensure All Law Enforcement Agencies Work Together’ This Day Live (Nigeria, 2 June 2015)
 Okeshola, op. cit
 The announcement of the survey was made at the launch of the first West African Cybercrime Summit on November, 2010 available at <www.abujacity.com/abuja_and_beuond/2010/11/nigeria-comes-3rd-in-global-cybercrimes-survey-.html> accessed 5th December, 2014
 For example, According to a report given by Nigerian Inter-Bank Settlements Systems (NIBSS Plc), Nigerian banks lost a total of N159 billion to electronic fraud between the year 2000 and the first quarter of 2013. Available at <http://leadership.ng/news/375560/banks-lose-n159bn-cyber-crime> accessed 5th December, 2014
 Cambridge Advanced Learner’s Dictionary (3rd edn, Cambridge University Press, 2008) p 347
 Garner, B., Blacks Law Dictionary, (9th edn, Thompson Reuters Business, 2004) p 427
 Ibid at p 427
 Asaolu, op. cit
 Cambridge Advanced Learner’s Dictionary (3rd edn, Cambridge University Press, 2008) p 284
 Ibid at p 392
 Ibid at p 756
 Ibid at p 955
 Aldrich, R. ‘Cyberterrorism and Computer Crimes: Issues Surrounding the Establishment of an International Legal Regime’ (2000), Paper 32 Information Operations Series USAF pp 1-135 at p 9 available at <http://www.au.af.mil.au.awc/awcgate/usafa/ocp32.pdf> accessed 17/3/2015
 Finklea, k., Theohary, C., ‘Cybercrime: Conceptual Issues for Congress and U.S. Law Enforcement’ (2015) Congressional Research Service, at p 6 Available at <http://fas.org/sgp/crs/misc/R42547.pdf> accessed 21/3/2015
 McCusker, R., ‘Transitional Organised Cyber Crime: Distinguishing Threat from Reality’ (2006) 45(4-5) Crime, Law and Social Change, pp257-273.
 Woimann. G., ‘Cyberterrorism How Real Is the Threat?’ United States Institute of Peace Special Report available at <http://www.usip.org/sites/default/files/sr119.pdf> accessed 21/3/2015
 ITU, op. cit at p 26
 National Crime Prevention Council (2012) ‘Cybercrimes’ available at <http://www.ncpc.org/resources/files/pdf/internet-safety/13020-cybercrimes-revSPR.pdf>
 Clifford, R., Cybercrime: The Investigation, Prosecution and Defence of a Computer-Related crime (Caroline Academic Press, 2001) 167
 Ferrera, G., et al., CyberLaw: Texts and Cases (Southwestern College Publishing Co, 2001) 298
 Hoar, S., ‘Trends in Cybercrime: The Dark Side off the Internet’ (2005) Criminal Justice. Vol20(3) pp1-10 at pp 1
 Loader, B., Douglas T., ‘Cybercrime: Security and Surveillance in the Information Age’ (2000 Routledge)
 Crimes related to computer networks, Background paper for the workshop on crimes related to the computer network, 10th UN Congress on the Prevention of Crime and the Treatment of Offenders, 2000, A/CONF. 187/10, page 5; available at <www.uncjin.org/Documents/congr10/10e.pdf> accessed 12/6/2014
 National Criminal Justice Information and Statistics Service (now Bureau of Justice Statistics), U.S. Department of Justice, Computer Crime: Criminal Justice Resource Manual, 1979.
Aditya K, ‘Dissecting the State of Underground Enterprise’ (2012) IEEE available at <https://web.cse.msu.edu/~soodadit/papers/IEEE_IC_dissecting_the_state_of_underground_ent.pdf> accessed 12/6/2014
Finne, T., ‘Future Challenges of Cybercrime’ (2010) Vol 5 Future Working Group available at <http://futuresworkinggroup.cos.ucf.edu/publications/FWGV5Cybercrime.pdf> 12/19/2014
 ‘Cyber-crime, Securities Markets, and Systemic Risks’ (2013) Joint Paper of the IOSCO Research Department and World Federation of Exchanges available at <http://www.iosco.org/research/pdf/swp/Cyber-Crime-Securities-Markets-and-Systemic-Risk.pdf> accessed 12/19/2014
Thompson, H., ‘What Do We Really Understand When We Talk About Computer Crime?’ available at <http://extranet.trusted-management.com/whitep/White-Paper-Crime.pdf> accessed 3/9/2015
Brenner S., ‘Thoughts, Witches and Crimes,’(2009) CYB3RCRIM3: Observations on Technology, Law, and Lawlesssness, available at <http://cyb3crim3.blogspot.com/2009/05thoughts-witches-and-crimes.html> accessed 3/21/2015
 ITU, op. cit at p 7
 ITU, op. cit at p 6
Thompson, H., ‘What Do We Really Understand When We Talk About Computer Crime?’ available at <http://extranet.trusted-management.com/whitep/White-Paper-Crime.pdf> accessed 3/9/2015
 National Security Agency, Statement for the Record, Lieytenant General Keith Alexander, Commander, Joint Functional Component Command for Network Warfare, Before the House Armed Services Committee, Terrorism, Unconventional Threats, and Capabilities Subcommittee, May 5, 2009 available at <http://www.nsa.gov/public_info/speeches_testimonies/5may09_dir.shtml>
 Finklea, op. cit at p 10
 Hathaway, O., et. al, ‘The Law of Cyber-Attack’ (2012) California Law Review, pp 817-885, available at <http://www.law.yale.edu/documents/pdf/cglc/LawOfCyberAttack.pdf> accessed 3/8/2015
Smith, G., et al., Cybercriminal on Trial note 2, at 46 (2004)
 Brenner, S., ‘Towards a Criminal Law for Cyberspace: Product Liability and other Issues’ (2004) Journal of Technology Law and Policy pp 1-113 at pp 18
Thompson. H., ‘What Do We Really Understand When We Talk About Computer Crime?’ available at <http://extranet.trusted-management.com/whitep/White-Paper-Crime.pdf> accessed 3/9/2015
 Yasin, M., ‘Global Nature of Computer Crimes and the Convention on Cybercrime’ (2006) 3(2)Ankara Law Review, pp.129-142 at pp 132
 ‘Introduction to Cyber Crime’ available at <http://wsilfi.staff.gunadarma.ac.id/Downloads/files/13309/W03-Cyber+crime.pdf> accessed 13/3/2015
 Razali, H., et. al, ‘What is Cyber Crime?’ available at <https://docs.google.com/document/d/1xrvPA7kAloSa9n_HEC_ZtxZQDCQYbVBNRUd_PW61OoU/edit> accessed 3/3/2015
Mali, P., ‘Classification of Cybercrimes’ August, 2009 Lawyersclubindia available at <http://www.lawyersclubindia.com/articles/Classification-Of-CyberCrimes–1484.asp>
 Poonia, A., ‘Cyber Crime: Challenges and its Classification’ (2014) vol3(6) International Journal of Emerging Trends and Technology in Computer Science pp 119-121 at pp 120
Emm, D., ‘Cybercrime and the law: a review of UK computer crime legislation’ 29th May 2009, Secure list available at <https://securelist.com/analysis/publications/36253/cybercrime-and-the-law-a-review-of-uk-computer-crime-legislation/> accessed 16/3/2015
 Goodman, M., ‘Why the Police don’t Care about Computer Crime’ (1997) 10(3) Harvard Journal of Law and Technology pp 465-494 at pp 469
 Council of Europe Convention on Cybercrime (CETS No. 185), available at <http://conventions.coe.int.Regarding the Convention on Cybercrime>
 ITU, op. cit at p 132
Shi J., Saleem S., ‘Phishing’ Computer Security Research Reports, University of Arizona available at <http://www.cs.arizona.edu/~collberg/Teaching/466-566/2014/Resources/presentations/2012/topic5-final/report.pdf> accessed 3/22/2015
 ITU, op. cit at 30
 ‘The Evolution of Phishing Attacks:2011-2013’ Kaspersky Lab available at <http://media.kaspersky.com/pdf/Kaspersky_Lab_KSN_report_The_Evolution_of_Phishing_Attacks_2011-2013.pdf> accessed 3/22/2015
 ITU, op. cit at 30
 ITU, op. cit at p 20
 Lewis. B., ’Prevention of Computer Crime Amidst International Anarchy’, (2004) American Criminal Law Review pp 1353 at pp 1359
 Ibid at pp 1354
 ITU, op.cit at p 50
 Judge Harvey, D., ‘Cyberstalking and Internet Harassment: What the Law Can Do’ available at <http://www.netsafe.org.nz/Doc_Library/netsafepapers_davidharvey_cyberstalking.pdf> accessed 3/23/15
 Nelson, D., ‘Cyberstalking’ at <http://www/tccmweb.com/swcm/may97/stalk.htm>
 McGraw, D., ‘Sexual Harassment in Cyberspace: The Problem of Unwelcome E-mail’ (1995) Rutgers Computer and Technology Law Journal, 492
 Ellison, L., Akdeniz, Y., ‘Cyber-stalking: the regulation of Harassment on the internet.’ (1998) Criminal Law Review, December Special Edition: Crime, Criminal Justice and the Internet, pp29-48
 Judge Harvey, D., ‘Cyberstalking and Internet Harassment: What the Law Can Do’ available at <http://www.netsaffe.org.nz/Doc_Library/netsafeppers_davidharvey_cyberstalking.pdf> accessed 3/23/15
 Felicity, N., ‘Cyberstalking Victimization: Impact and Coping Responses in a National University Sample’ <http://drum.lib.umd.edu/bitstream/1903/8206/1/umi-umd-5402.pdf> accessed 3/23/2015
 ‘Cybercrime: Issues’ Background Paper, Library of Parliament. Publication No. 2011-36-E, 5 April 2011
Mercer, J., ‘Cybersquatting: Blackmail on the Information Superhighway’ available at <http://128. 197 .26.36/law/central/jd/organizations/journals/scitech/volume6/mercer.pdf> accessed 3/23/2015
Mercer, J., ‘Cybersquatting: Blackmail on the information Superhighway’ available at <http://128. 197 .26.36/law/central/jd/organizations/journals/scitech/volume6/mercer.pdf> accessed 3/23/15
 Yasin, M., ‘Global Nature of Computer Crimes and the Convention on Cybercrime’ (2006) vol3(2)Ankara Law Review), pp.129-142 at pp 135
 ITU, op. cit at 87
 Hathaway, O., et. al, ‘The Law of Cyber-Attack’ (2012) Faculty Scholarship Series, pp 817-885 at pp 833
 ‘Cyberterrorism Defined (as distinct from ‘Cybercrime’)’ (Infosec Institute, 2012) available at <http://resources.infosecinstitute.com/cyberterrorism-distinct-from-cybercrime/>
 Hathaway, op. cit at 826
 Hathaway, op. cit at 836
 Hathaway, op. cit at 830
Hathaway, op. cit at 831
 Hathaway, op. cit at 834
 This is a militant islamist group in Nigeria officially called Jama’ tu Ahlis Sunna Lidda’Awati Wal-Jihad
 ‘Botnets, Cybercrime, and Cyberterrorism: Vulnerabilities and Policy Issues for Congress’ (2008) Order Code RL32114 CRS REPORT FOR CONGRESS, Available at <http://fas.org/sgp/crs/terror/RL32114.pdf>
 Hathaway, op. cit at p 833
 Hathaway, op. cit at p 834
 Weimann, G., ‘Cyber-terrorism How Real is the Threat?’ United States Institute of Peace Special Report available at <http://www.usip.org/sites/default/files/sr119.pdf> accessed 21/3/2015
 ITU, op. cit at p 10
 ‘National Strategy to Secure Cyberspace’ (2003) p. viii Department of Homeland Security, available at <http://www.dhs.gov/xlibrary/assets/National_Cyberspace_Strategy.pdf>
Keyser, M., ‘The Council of Europe Convention on Cybercrime’ (2003) 12(2) Journal of Transnational Law and Policy, pp 287-326 at p 287
 Johnson, D., David, G., ‘Law and Borders-The Rise of Law in Cyberspace’ (1996) vol 48, Stanford Law Review, p 1367
 Boyle, J., ‘Foucault in Cyberspace: Surveillance, Sovereignty, and Hardwired Censors’ (1997) vol 66, University of Cincinnati Law Review, p 177 at 178
Keyser, op. cit, at 294
 Weber, A., ‘The Council Of Europe’s Convention on Cybercrime’ (2003) 18(1) Berkeley Technology Law Journal pp 425-446 at p 426
 Council of Europe, Convention on Cybercrime [Convention], 23 November 2001
 Keyser, op. cit at 296
 Weber, op. cit at 429
 Keyser, op. cit at 296
 Olawuyi, D., ‘The Principles of Nigerian Environmental Law’ (2013, Business Perspectives Publishing) at p 150
 Brierly, J., ‘The Law of Nations: An Introduction to the International Law of Peace (Oxford University Press, 6th ed. 1963) p 57
 Keyser, op. cit at 298
Covention on Cybercrime, Article 11
 Convention on Cybercrime, Article 2
 Convention on Cybercrime, Explanatory Report ,p 38 available at <http://conventions.coe.int/Treaty/EN/Reports/Html/185.htm>
 Convention on Cybercrime, Article 3. However ‘[a] party may require that the offence be committed with dishonest intent, or in relation to a computer system that is connected to another computer system.’
 Convention on Cybercrime, Article 4
Convention on Cybercrime, Article 5
Convention on Cybercrime, Article 6
 Convention on Cybercrime, Article 7
 Convention on Cybercrime, Article 8
Convention on Cybercrime, Article 9
Convention on Cybercrime, Article 10
Convention on Cybercrime, Article 14
 Convention on Cybercrime, Articles 14-21
Covention on Cybercrime, Articles 23-35
 Kowalski, M., ‘Cyber-Crime: Issues, Data Sources, and Feasibility of Collecting Police-Reported Statistics’ Canadian Centre for Justice Statistics available at <http://publications.gc.ca/Collection/Statcan/85-558-X/85-558-XIE2002001.pdf>
 Ibid, Article 22
 Carleton, R., Smyth, S., ‘Measuring the Extent of Cyber-Fraud: A Discussion Paper on Potential Methods and Data Sources’ (2011) ‘Research and National Coordination Organized Crime Division Law Enforcement and Policing Branch Public Safety Canada’
‘Computer Crime’ Department of Computer Science available at <https://cpnnex.csc.uvic.ca/access/content/group/6a4f8ee0-590e-45c6-8333-ce5917a95d4c/web/notes/05_crime.pdf> accessed June, 2015.
 Criminal Code, Revised Statutes of Canada, c. C-46
 Criminal Code of Canada, Section 430
 42 Ontario. 2d 225 (1983)
 13 Criminal Code of Canada 3d 430 (1984)
 Ibid at p 434
 Menelly, L., ‘Prosecuting Computer-Related Crime in the United States, Canada, and England: New Laws for Old Offenses’ (1985) Boston College International and Comparative Law Review, 551. Available at <http://lawdigitalcommons.bc.edu/iclr/vol8/iss2/9>
 Criminal Code of Canada, Section 380
 Criminal Code of Canada, Section 403
 Criminal Code of Canada, Section 342.1(1)
 ‘Cybercrime in Canada: Strategies, Reforms, and Amendments in the Canadian Judicial and Law Enforcement Systems’ available at <http://s3.amazonaws.com/academia.edu.documents/33973508/CYBERCRIME_IN_CANADA-_STRATEGIES_REFORMS_AND_AMENDMENTS_IN_THE_CANADIA_JUDICIAL_AND_LAW_ENFORCEMENT_SYSTEMS.pdf?>
 Jarret, M., Bailie, M., ‘Prosecuting Computer Crimes’ (Published by Office of Legal Education Executive Office for United States Attorneys) available at <http://www.justice.gov/sites/default/files/criminal-ccips/legacy/2015/01/14/ccmanual.pdf>
 Ibid at p 1
 Doyle, C., ‘Cybercrime: An Overview of the Federal Computer Fraud and Abuse Statute and Related Federal Criminal Laws’ Congresssional Research Service available at <http://www.fas.org.sgp/crs/misc/97-1025.pdf> accessed June, 2015.
 CFAA, Section (a)(1)
 CFAA, Section (a)(2)
 Section (a)(3)
CFAA, Section (a)(4)
 CFAA, Section (a)(5)(A)
 CFAA, Section (a)(5)(B)
 CFAA, Section (a)(5)(C)
 CFAA, Section (a)(6)
 CFAA, Section (a)(7)
 CFAA, Subsection 1030(g)
 CFAA, Subsection 1030(c)
 Title 18 United States Code SS 2510-2522 , The Wiretap Act
 Jarret, op. cit
 Wiretap Act, Section 2511(1)
 Abraham v. County of Greenville, 237 F.3d 386 at 391 (4th Circuit, 2001)
 Jarret, op. cit at 77
 Peavy v. Harman, 37 F.Supp. 2d 495 at 513
 Wiretap Act, Section 2511(2)(c)
 Wiretap Act, Section 2511(2)(a)(i)
 United States v. Villanueva, (1998) 32 F. Supp. 2d 635 at 639
 United States v. Pervaz, 118 F.3d p1 at p5 (ist Circuit. 1997)
 Unlawful Access to Stored Communications: 18 U.S.C S 2701
 Wiretap Act, Section 2701 (c)(1)
 Wiretap Act, Section 2701 (c)(2)
 Wiretap Act, Section 2701 (c)(3)
 Identity Theft: Title 18 United States Code S 1028(a)(7)
 Access Device Fraud: Title 18 United States Code, S 1029
 Jarret, op. cit at 102-103
 Access Device Fraud, Section 1029 (c)(1)(B)
 CAN-SPAM Act : 18 U.S.C S 1037
 Jarret, op. cit at 105
 CAN-SPAM Act, Section 1037 (b)
 ‘Computer Crime’ (2006) Postnote No 271 available at <http://www.parliament.uk/documents/post/postpn271.pdf>
 CMA, Section 1
 CMA, Section 2
CMA, Section 3
 (Commencement No 9) Order 2008
 ‘Computer Misuse Overview’ (2007) JISC legal Information available at <http://www/jisclegal.ac.uk/LegalAreas/ComputerMisuse/ComputerMisuseOverview.aspx>
 Oke, R., ‘Cyber Capacity without Cyber Security: A Case Study of Nigeria’s National Policy for Information Technology (NPFIT)’ (2012) The Journal of Philosophy, Science and Law’ vol 12,
 Ani, L., ‘Cybercrime and National Security: The Role of the Penal and Procedural Law’ Law and Security in Nigeria, pp 197-232 at p 197
 Ehimen, R., Bola, A., ‘Cybercrime in Nigeria’ (2010) Business Intelligence Journal vol 3(1) pp 93-98
 Cap 23, LFN 2004
 Ashaolu, D., ‘Combating Cybercrimes in Nigeria 1’ (McAsh’s Thoughts, 24 December, 2011) <http://blogs.law.harvard.edu/mcash/2011/12/24/combatingcybercrimesinnigeria/> accessed 4/30/15
 Economic And Financial Crimes Commission (Establishment) Act 2002, Cap E1 LFN, 2010
 Ehimen, O., Bola, A., ‘Cybercrime in Nigeria’ (2010) 3(1) Business Intelligence Journal, pp 93-98 at pp 95
 Suit No: CA/245/05 available at <http://www.cenbank.gov.ng/419/cases.asap>
 Advanced Fee Fraud and other Fraud Related Offences Act 2006, CAP A6, LFN 2010
 Chawki, M., ‘Nigeria Tackles Advance Fee Fraud’ (2009) vol 1 Journal of Information, Law & Technology pp 1-20 at p 4
 Adomi, E., ‘Combating Cybercrime in Nigeria’ (2008) The Electronic Library vol26(5), p. 290
 Money Laundering (Prohibition) Act Cap M18, LFN 2010
 Criminal Code Act CAP 38, LFN 2010
 Chawki, op. cit at 8
Oriola, T., ‘Advance Fee Fraud on the Internet’ (2005) vol 21 Computer Law and Security Report, p 241
 (1969) NMLR 194 at pp 216-217
 Evidence Act, Section 258
 Chinedu, L., ‘Regulation of Cybercrime in Nigeria: A Critical Appraisal’ (Unpublished, LLB Thesis) Imo State University, Owerri, 2014.
 Elias, O ‘The Law in a Developing Society’ (1969, University of Lagos) p 7
 (1990) 91 Criminal Appeal Review 186
 Ibid at 192
 Cybercrime Act, Section 2
 Cybercrime Act, Section 3
Cybercrime Act, Section 3
Cybercrime Act, Section 5 (1)
 Cybercrime Act, Section 5 (2)
Cybercrime Act, Section 5 (3)
 CNII Portal available at <http://cnii.cybersecurity.org.my/main/about.html> accessed on 10 June 2015
Cybercrime Act, Section 6 (1)
Cybercrime Act, Section 6 (2)
Cybercrime Act, Section 7
 Cybercrime Act, Section 8
Cybercrime Act, Section 9
 Cybercrime Act, Section 10
Cybercrime Act, Section 12
 Cybercrime Act, Section 13
 Cybercrime Act, Section 15
Cybercrime Act, Section 16
 Cybercrime Act, Section 14
 Cybercrime Act, Section 21
 Cybercrime Act, Section 23
Cybercrime Act, Section 28
 Chawki, op. cit at 12
 Olukanmi, A., ‘Expert Group Meeting on Cybercrime’ (2011) 17-21 January, Vienna
 Saulawa, M., Marshal, J., ‘Cyberterrorism: A comparative Legal Perspective’ (2015) Journal of Law, Policy and Globalization vol 33
 Chawki, op. cit
 Maska, M., ‘Building National Cybersecurity Capacity in Nigeria: The Journey so Far’ (2009) Regional Cybersecurity Forum for Africa and Arab States, Tunis available at <http://www.itu.int/ITU-D/cyb/events/2009/tunis/docs/maska-nigeria-cybersecurity-june-09.pdf>
AN APPRAISAL OF THE LEGAL FRAMEWORK OF CYBERCRIME IN NIGERIA