1.

1 Introduction

The world has become a global village mainly due to advancement in technology. Indeed, human

life is continuously influenced by defining technological inventions. The computer which is

regarded as one of man’s excellent achievements coupled with the surge in interconnectedness

heralded by the internet has advanced the frontiers of communication beyond the borders of

geographical space. However, the progress witnessed in the past two decades has also given rise

to new challenges ranging from manipulation of information, cyber – thefts, cyber-laundering,

spamming, hacking and several other human excesses on the internet and the means of

surmounting these challenges have remained a matter of abiding interest to National

Governments, International Organization and other relevant stakeholders.

The aim of this paper is to examine the offences provision of the Cybercrimes Act 2015 with a

view to identify the strength and shortcomings of these provisions and consequently to make

recommendations on how to improves on the existing law. In order to achieve the above aim, the

paper has the objectives of highlighting the intendment of the Act and also review some criticism

leveled against the Act.

1.2 Brief History of the Cybercrimes Act

The first attempt by Nigeria to criminalize cybercrime was in 1995 through the Electronic

crimes, Telecommunications and postal offences Decree1. Subsequently in 1999, there was a

review of draft legislations which includes the Computer Security and Infrastructure Bill of

2005; Electronic provisions Bill of 2008, Cyber – Security Bill of 2011, Criminal Code

1
Tomiwa, I. (2016) The Nigerian Cybercrimes Act 2015: is it Uhuru Yet? at www.orderpaper.ng accessed on 24
October, 2018.
Amendment for Offences Relating to Computer Misuse and Cyber Crimes of 20112. However,

while these bills shows the concern of the Nigerian government on issues of cybercrime, the lack

of commitment and follow through accounted for the death of many of the bills.

By far, the most concrete evidence of the desire of the government to effectively combat cyber-

crime came in July 2011 when what is today known as the Cyber-crimes (prohibition, prevention

e.t.c.) Act was introduced to the Nigerian parliament by the executive. The Bill was passed into

law on the 23rd of October 2014.

1.3 Aim and Objective of the Cybercrime Act

The objective of the cybercrime is to among other things provide an effective and unified legal,

regulatory and institutional framework for the prohibition, prevention, detection, prosecution and

punishment of cybercrime in Nigeria3. Furthermore, the Act also has the objective of ensuring

the protection of critical national information and infrastructure and in addition to “promote

cyber security and the protection of computer systems and networks, electronic communications,

data and computer programs, intellectual property and privacy rights”4.

1.4 The Offences under the Cybercrime Act

The sections that set out the offenses in the Cybercrime Act are the criminal law part of the Act.

The Section captures a very broad range of criminal activities numbering up to 23. Some of the

key offences under the Act are briefly examined below:

(i) Offences against Critical National Information Infrastructure.

The section provides as follows:

2
ibid
3
See PART 1 Cybercrimes (Prohibition, Prevention, etc) Act, 2015
4
ibid
 Any person who with intent, commits any offence
punishable under this Act against any critical national
information infrastructure, designated pursuant to section 3
of this Act, shall be liable on conviction to imprisonment
for a term of not more than 10 years without an option of
fine.5
However, the section further provides that if the foregoing offence is committed and it results in

grievous bodily harm to any person, the offender shall be liable upon conviction to a term not

exceeding 15 years without option of fine6. Furthermore, if the offence results in the death of a

person or persons, then the punishment will be life imprisonment.7

(ii) Unlawful Access to a Computer

The Act provides that:

Any person who without authorization, intentionally

accesses in whole or in part, a computer system or network
for fraudulent purposes and obtain data that are vital to
national security, commits an offence and shall be liable on
conviction to imprisonment for a term of not more than 5
years or to a fine of not more than N5,000,000.00 or to both
fine and imprisonment8.
However, in a situation whereby the above offence is committed with the intent of obtaining

computer data security access to any program, commercial or industrial secrets or classified

information, then the offender shall be liable for a term of imprisonment not exceeding 7 years or

a fine of not more than N7,000.000;00 or to both fine and imprisonment 9. In addition, where a

person or an organization is found guilty of knowledgably and intentionally trafficking in any

password or similar information through which a computer may be accessed without lawful

authority and if such trafficking affects public, private and or individual interest without or

5
Section 5, Cybercrimes Act, 2015
6
S. 5 (2) ibid
7
S. 5 (3) ibid
8
S. 6 ibid
9
S. 6 (2) ibid
outside Nigeria, the punishment would be a fine of not more than N7,000,000.00 or

imprisonment not exceeding three years or both fine and imprisonment10.

(iii) System Interference

The Act provides that:

Any person who without lawful authority, intentionally or for

fraudulent purposes does an act which causes directly or indirectly
the serious hindering of the functioning of a computer system by
imputing, transmitting, damaging, detecting, deteriorating, altering,
or suppressing computer data or any other form of interference
with the computer system which prevents the computer system or
any part thereof, from functioning in accordance with its intended
purpose, commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 2 years or to a fine of not
more than N5,000,000.00 or to both fine and imprisonment11.

(iv) Intercepting Electronic Messages, Emails, Electronic Money Transfers

This section punishes with 7 years’ imprisonment or 14 years without an option of

fine. The section provides:

Any person who unlawfully destroys or aborts any

electronic mails or processes through which money and or
valuable information is being conveyed is guilty of an
offence and is liable to imprisonment for 7 years in the first
instance and upon second conviction shall be liable to 14
years imprisonment12.

(v) Willful Misdirection of Electronic Messages

The section provides:

Any person who misdirects electronic messages with either the

intention to fraudulently obtain financial gain as a result of such act
or with the intention of obstructing the process in order to cause
delay or speeding the messages with a view to cause an omission or

10
S. 6 (4) ibid
11
S. 8 ibid
12
S. 9 ibid
 commission that may defeat the essence of such messages is guilty
of an offence and is liable to imprisonment for three years or a fine
of N1,000,000.00 or both.13
Where however, a person is convicted of intentionally and without authorization, intercepting by

technical means, non-public transmissions of computer data, content or traffic data, including

electromagnetic emissions or signals from a computer, such a person will be liable to a

punishment of imprisonment for a term of not more than 2 years or to a fine not exceeding

N5,000,000.00 or both fine and imprisonment14.

(vi) Theft of Electronic Devices

This section goes thus:

(a) Any person who steals a financial institution of public infrastructure terminal
commits an offence and shall be liable on conviction to imprisonment for a
term of 3 years or a fine of N1,000,000.00 or to both fine and imprisonment.

(b) Any person who steals an Automated Teller Machine (ATM) commits an
offence and shall liable on conviction to imprisonment for a term of not more
than 7 years or a fine of not more than N10,000,000.00 or to both fine and
imprisonment. All proceeds of such theft shall be forfeited to the lawful
owners of the ATM.
However, an attempt to commit the above offence is punishable with a term of imprisonment not

exceeding 1 year or a fine not exceeding N1,000,000.00 or both fine and imprisonment.

(vii) Cyber Terrorism

The Act did not define what terrorism means. It however adopted the definition of

terrorism in the Terrorism (prevention) Act, 201115. The Act provides that where

person accesses or causes to be accessed any computer or computer system or

13
S. 11 ibid
14
S. 12 ibid
15
S. 18 (2) ibid
 network for purposes of terrorism, such a person commits an offence and is liable on

conviction to life imprisonment16.

(viii) Identity theft and Impersonation

The Act provides that:

Any person who is engaged in the services of any financial institution and
as a result of his special knowledge commits identity theft of its employer,
staff, service providers and consultants with the intent to defraud is guilty
of an offence and upon conviction shall be sentenced to 7 years
imprisonment or N5,000,000.00 fine or both17.
The Act further stipulates that where a person fraudulently or dishonestly makes use

of the electronic signature, password or any other unique identification feature of any

other person; or

Fraudulently impersonates another entity or person, living or dead, with intent to:

(a) Gain advantage for himself or another person;

(b) Obtain any property or an interest in any property;

(c) Cause disadvantage to the entity or person being impersonated or another person;

or

(d) Avoid arrest or prosecution or to obstruct, parent, or defeat the course of justice.

Whoever commits the above offence shall be liable on conviction to

imprisonment for a term of not more than 5 years or a fine of not more than

N7,000,000.00 or both such fine and imprisonment18.

(ix) Child Pornography and Related Offences

16
S. 18 (1) ibid
17
S. 22 ibid
18
S. 22 (2, 3 and 4) ibid
 The punishment for this offence is stated to be imprisonment for a term of 10 years or

a fine of not more than N20,000,000.00 or both fine and imprisonment19. This

punishment applies to the following offences:

(a) Producing child pornography

(b) Offering or making available child pornography

(c) Distributing or transmitting child pornography

When however, a person is convicted of procuring child pornography for oneself or for another

person or possessing child pornography in a computer system or on a computer-data storage

medium, the person shall be liable to imprisonment for a term of not exceeding 5 years or a fine

of not more than N10,000,000.00 or both such fine and imprisonment.

Child pornography is defined by the Act to include pornographic material that visually depicts

(a) A minor engaged in sexually explicit conduct

(b) A person appearing to be a minor engaged in sexually explicit conduct; and

(c) Realistic images representing a minor engaged in sexually explicit conduct.

The term “child” or ‘minor’ is said to mean a person below 18 years of age.

(x) Cyber Stalking

The Act criminalizes the intentional dissemination of messages that are grossly

offensive, pornographies or of an indecent, obscene or menacing character. In the

same vein the Act proscribes sending or message which a person knows to be false,

for the purpose of causing annoyance, inconvenience, danger, obstruction, insult,

injury, criminal intimidation, enmity, hatred, it will or needless anxiety to another or

19
S. 23 ibid
 causes such a message to be sent. Any person who commits the foregoing is be liable

for conviction to a fine of not more than N7,000,000.00 or imprisonment for a term of

not more than 3 years or both such fine and imprisonment20.

(xi) Cybersquatting

The Act provides that;

Any person who intentionally takes or makes use of a name,

business name, trademark, domain name or other word or phrase
registered, owned or in use by any individual, body corporate or
belonging to either the Federal, State or Local Governments in
Nigeria on the internet or any other computer network, without
authority of right and for the purpose of interfering with their use
by the owner, registrant or legitimate prior user. Commits an
offence under this Act and shall be liable on conviction to
imprisonment for a term of not more than 2 year or a fine of not
more than N5,000,000.00 or both fine and imprisonment21.

The section further stipulates that the court should be guided in awarding any penalty

against an offender by the refusal of the offender to relinquish such name, business

name, trademark, etc upon request by the rightful owner and any attempt by the

offender to obtain compensation in any foreign from the rightful owner to relinquish

such name, business name22, etc.

(xii) Other Offences Created by the Act

The Act also contains other offences which include Racist and Xenophobic

offences23, crime against humanity, Attempt, conspiracy, aiding and abetting24,

20
S. 24 ibid
21
S. 25 ibid
22
S 25 (2 and 3) ibid
23
S. 26 ibid
24
S. 27 ibid
 importation and fabrication of E – Tools25, Breach of Confidence by service

providers26, Manipulation of ATM/POS Terminals27, Phishing, Spamming, Spreading

of Computer Virus28, Electronic Cards related fraud29 and use of Fraudulent Device

or Attached E – Mails and websites30. The punishment for these offences are basically

terms of imprisonment or the payment of fine and in some instances the imposition of

both imprisonment and fine.

1.5 A Review of the Offences under the Cybercrime Act

The cybercrime Act, by virtue of the criminal law sections can be said to represent a serious

attempt at sanitizing the Nigerian cyber space. However, there are some short comings that have

been noted in the Act. The criticisms that have been leveled against the Act have made many

experts to call for the urgent review of the Act. Recently, the senate committee on ICT and

Cybercrime organized of three-day conference on ICT and cyber-crime. The conference was

organized towards a review of the cybercrime Act31. We shall now examine some of the draw

backs of the Act.

1.5.1 It has been pointed out that the offences sections of the Act have been largely adopted

from the work of Professor Susan Brenner of the University of Dayton School of law32. This

work was published in a web site and it is titled ‘Model State Computer Crime Code”. The site

provides a model for various computer crime laws that serves as template for countries wishing

25
S. 28 ibid
26
S. 29 ibid
27
S. 30 ibid
28
S. 32 ibid
29
S. 33 ibid
30
S. 36 ibid
31
Kemi, Busari (2017) Nigeria’s Cybercrime Act Needs Review- Senate Committee at www.
Premiumtimesng.com/news accessed on 21 October, 2018.
32
Femi, Oyesanya. Review of Draft Nigerian Cybercrime Act at www.gamji.com/article3000/news3561.html
accessed on 20 October, 2018
to implement cybercrime laws. It is alleged that some sections of the Cybercrime Act were

copied word for word from the site. While it is demeaning that a country like Nigeria with an

avalanche of good draftsmen be found to have copied from a website, the issue is further

compounded by the absence of any form of acknowledgement of the learned Professor. This, it

has been observed amounts to acts of plagiarism even if the original author does not mind the

duplication of her work.

1.5.2 Critics have observed the gross inadequacies inherent in some section of the Act. For

example, one of the main objectives of the cybercrimes Act is the protection of Critical National

Information Infrastructure. However, the Act in all of its section did not define what Critical

National Information is. The Email Bombing section failed to take into cognizance the fact

legitimate Email marketing may produce the same effect of mail bomb to a single system. In

addition the Act also did not provide the meaning of “National Security’ as contained in section

6 of the Act.

1.5.3 There is also a fundamental question that has been raised about the operation of the Act.

The question basically is, who do you call when a cybercrime occurs? Or to put it differently,

who enforces the Act – the police or a special force? And how e-prepared are the enforcers.

Cyberspace is not like other known spaces of land, air or sea. Fighting cybercrime requires a

good technical know-how and familiarity with the cyberspace. The Act did not mention the law

enforcement agency that should enforce the Act. While this is a serious lacuna in the law, what

is more worrisome is that most of our existing law enforcement agencies lack the requisite

capacity and competence to handle matters relating to cybercrime.

1.5.4 Section 7 of the Act confers exclusive jurisdiction on the Federal High Court relating to

matters arising from the Act. There is a fear that the Federal High Court will be overburdened

because of the exclusive nature of their jurisdiction on matters of the Act.

1.5.5 The Act has been criticized for not carrying everyone along. Some Nigerians are digital

literate, while others are not quite digitally literate and we have the majority of Nigerians as

totally digitally ignorant. The effect of the technical nature of the Act is far – reaching. In

addition, the law is not widely – known and as such, criminals have taken advantage of the fact

that most people know nothing about the law to continue to perpetrate cybercrimes.

1.5.6 Though the Act is generally seen by experts as a fair attempt at sanitizing the Nigerian

cyber – space, the Act has been described as a radical piece of legislation that is not only scanty

and inadequate but also structurally deficient33.

1.6 Conclusion

This part relates the finding and recommendation of this paper.

1.6.1 Findings

The following are some of the major findings of this paper.

a. The Cybercrimes Act has low publicity as most people even in the legal profession are

not aware of the existence of and the content of the Act.

b. The Act is defective in that it did not mention the law enforcement agent that will

implement the Act. It did not state whether the Police or any special agency will perform

the duty of detection, prevention and arrest of offenders.

c. There are some gaps that have been identified in the Act

33
See the comments of panelist at the Technology Times Outlook Review of Nigeria Cybercrimes Act, 2015 at
https:/technologytimes.ng/analysis-nigeria-cybercrimes- act-2015-issues/.
1.6.2 Recommendations.

The following are the major recommendations of this paper:

a. There should be a widespread and dedicated sensitization and awareness campaign to

promote knowledge of the existence and intendment of the Act. This could be done the

electronic and print media as well as through organizing seminars and workshop to educate

the relevant stakeholders about the Act.

b. The Act should be amended to designate a specific law enforcement agency to implement

the Act and if the designated agency should have well trained personel to carry out

cybercrime prevention detection and prosecution effectively.

c. The Act should also be amended to take care of the lapses identified in this paper.