37

CHAPTER THREE
PROSPECTIVE LAWS ON CYBER CRIME IN NIGERIA
3.1 INTRODUCTION
The impact on cybercrime in Nigeria, especially its economy has been proved to be
negatively huge, and the lack of a single legislation tackling this menace has largely also
contributed to the increase of this practice. In Nigeria, the major type of Cybercrime being
committed is the computer fraud, popularly known as 419 or yahoo yahoo, with the
EFCC Act, the Advanced Free Fraud Act and the Criminal Code has proved to be effective in
tackling this issue. In 2012, EFCC reported they had convicted more than 288 persons for
various cases of cybercrime
1
. In the area of computer-related offences and Money
Laundering, Nigerias Legislation has shown, to be effective but there are other types or
classifications of cybercrime which are also being committed but our laws are insufficient in
tackling them. Examples of such other classification of Cybercrimes include Hacking,
Cracking, Phishing, Data Espionage and Cyber stalking, Cyber bullying, Child pornography
etc. It is the known fact that the world keeps evolving thereby creating new kinds of trends in
the world, and Nigeria as a country is not left out in this evolution. The world is in
Technology era, where almost everything is done digitally, including the storing of High-
Class information of the Government and inadequacies of laws to protect such information
from falling into the wrong hands by Hackers and failure to punish such crime can cripple or
destabilise such a nation, as it will give such criminals the incentive to continue such crime.
This view was also expressed by the Director, New Media and Information Security, Nigerian
Communication Commission, Sylvanus Ehikioya, in an interview:
For the Nigerian government, to a very large extent, we are protecting our systems, using the
best practice. But until we pass the Cyber Security Bill, there is nothing that the Nigerian
government can really do. Because, as of now, if you hack into any computer system, you
cannot be prosecuted because there is no enabling act,
2


1
O. Adeniyi Over 288 persons jailed in Nigeria for Internet fraud, EFCC says Technology Times Online
Available at: http://www.technologytimesng.com/news/2012/04/over-288-persons-jailed-in-nigeria-for-
cybercrime-efcc-says/ Accessed: (1/8/2013)
2
The interviewed can be read online on the PREMIUM TIMES NEWSPAPER Website available at:
http://premiumtimesng.com/news/124330-nigerian-not-ready-to-fight-cyber-crime-ncc.html Accessed:
(4/7/2013)

38
This means that the major inadequacy of Nigerian laws in tackling cybercrime is the absence
of a Central Legislative Framework in tackling the crime. The Constitution clearly states that:
no person shall be convicted of a criminal offence except it is defined and the penalty
therefor is prescribed in a written law.
3
This section proves that a non-legislated crime
cannot be punished in Nigeria and the effect of this is that, crimes which are usually
prohibited in the real world, will escape liability in the Cyber world where there is no single
legislation in that area.
Another inadequacy in our Legal Framework is the out-dated laws currently in use and used
in prosecuting crimes. Nigerias current laws are mostly old and enacted before the use of the
internet in Nigeria
4
and never envisaged the use of the internet to commit specific computer
crimes such as Hacking, Phishing, Cracking, use and sale of tools for hacking and cracking.
There is also no law restricting the creation of computer viruses whether or not they are used
to exploit computer users. This view was enunciated by Adejoke Oyewumi,
The fact however, is that there is a limit to which laws, which were promulgated in a
different technological and socio-economic context, can adequately cater for the new
technological realities presented by ICTs. It thus becomes necessary for legal rules to
be developed to tackle the issues and challenges brought about by ICTs, in order to
promote public confidence, maximise the benefits of the technology and encourage
wider acceptance and use by individuals as well as private and public organisations
5
.
There are a lot of crimes that now being perpetuated through the use of the internet or ICT,
that Nigerian law are not adequately equipped in tackling them, or there are no direct laws
restricting and criminalizing the access to certain websites engaged in criminal activities such
as Child Pornography, Hate Speech and Offences against public morality. There are three

3
See Section 36(12) Constitution of the Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004
4
An example of such law is Criminal Justice (Misc. Prov) Act. The deficiencies of this Act are visible in the
provisions of Section 7(1) and (2) which puts prosecution at the instance of the Attorney-General of the
Federation. According to David Ashaolu, in Combatting Cybercrimes in Nigeria op cit. note 84 supra pp.28
With that office being more politically concerned than it is with the administration of justice, prosecution may
never happen and the hilarious fine of N500 makes it seem to me like this obsolete law is more of a toothless
dog. Another insufficiency evidenced in the Criminal Procedure Act is the provision of Section 171 which
discourages the conviction of an offence twice. According to David Ashaolu, Ashaolu, the rationale behind this
provision hangs in the balance of reasoning as the effect of a crime being committed eventually and the resultant
damage is far greater than that of its attempt. For example, a person convicted of attempting to disseminate a
virus or malicious code will definitely serve a lesser punishment than if he had actually disseminated it. Where,
unknown to the law enforcement agents at the time of his arrest, he had released the virus and the brutal effect
had been found out later, he technically escapes proper punishment
5
A. O. Oyewunmi, The Ict Revolution and Commercial Sectors in Nigeria: Impacts and Legal Interventions
(2012) British Journal of Arts and Social Sciences Vol.5 No.2 pp.235

39
main characteristics that differentiate traditionally terrestrial crimes from cybercrimes. First,
the absence of physical barriers such as customs to enter or exit the World Wide Web allow
netizens
6
to roam freely within it and to visit web pages wherever their origin. In turn, this
means that the actions and potential victims for cyber-criminals are not geographically
limited. Hence, for example, the randomness and volume of emails sent in the attempt to
perpetrate scams online, most famously the Nigerian scam involving advanced fee fraud.
Second, the cyber realm affords the cloak of anonymity, fakery and deception much more
easily than the physical realm. This is even more so if the entire criminal transaction can be
performed electronically without the need for physical manifestation
7
. Third, traditional
evidence gathering techniques are not effective because cyber-criminals can execute their
schemes without being physically present and they can do so through automatic agents. These
pose unique challenges to law enforcement and criminal investigations and forensics. They
all contribute to the electronic medium as an attractive tool for criminal activity, over and
above the speed, ease of use, low costs (e.g. no need for the middleman) and efficiency of the
digital realm.
With all these inadequacies of Nigerias current legal framework including the unavailability
of public infrastructure and personnel to fight cybercrime in Nigeria known to the
government, different Bills have sprung up to enable Nigeria rise up to the task and eradicate
or reduce the threat and rate of cybercrime in Nigeria. In the past decades more than 5
different Bills, either sponsored by the executives or the legislature, have been raised in the
National Assembly but none has been enacted. It is in this light that this chapter aims to
examine the provisions of these bills, which have been brought before the National Assembly
these past years and how they help in reduce or eradicate the threat or rate of cybercrime in
Nigeria.





6
Netizen means Internet user: somebody who uses the Internet frequently. Microsoft Encarta Microsoft
Corporation. 2009
7
For example, electronic communications can lead to online money transfers for the sale and purchase of digital
products and services that can be delivered electronically without the need for any physical contact or
movement at all

40
3.2 BILLS ON CYBERCRIME
3.2.1 DRAFT NIGERIAN CYBERCRIME ACT 2004
8

This Bill was one of the first bills proposed to the National Assembly but was never enacted.
The Draft Nigerian Cybercrime Act provides the legal framework for the establishment of an
Independent Cybercrime Agency and for the legislation concerning Cybercrime and Cyber-
Security. Basically, the Draft Nigerian Cybercrime Act was divided into eight different
sections namely: A) Preliminary, B) Offences, C) Protection & Security of Critical
Information and Communication Infrastructure, D) Ancillary and General Provisions, E)
Cybercrime & Cybersecurity Agency Establishment Of The Cybercrime Agency, Etc, F)
Functions and Powers of The Agency, G) Management and Staff Of The agency, H)
Financial Provisions.
The preliminary section of this Bill has two topics: A) The title of the Act, which it called the
Nigerian Cybercrime and Cybersecuirty Act 2004, and, B) The Interpretation sub
section. The Interpretation section attempts to provide clear legal definition
for keywords used in the body of the Act. One such definition is the word, Computer
Contaminant which was defined as:
any set of computer instructions that are designed to modify damage, destroy, record,
or transmit information within a computer, computer system, or computer network
without the intent or permission of the owner of the information. They include, but
are not limited to, a group of computer instructions commonly called viruses or
worms, which are self-replicating or self-propagating and are designed to contaminate
other computer programs or computer data, consume computer resources, modify,
destroy, record, or transmit data, or in some other fashion usurp the normal operation
of the computer, computer system, or computer network.
This definition of Computer Contaminant has been criticised and said to raise the issue of
authorized access and malicious destruction of data and computing resource
9
, for example, if
a person was granted security access to a Computer resource, and he writes a program to

8
Titled Nigerian Cybercrime and Cybersecuirty Act 2004. In 2004, the Former Nigerian President, Olusegun
Obasanjo announced the formation of a Cybercrime committee. The 15-member committee consisted of
representatives from the both Government and private sector, and were tasked with designing solutions for
Nigerian Internet based fraud and Cybercrime. The committee presented a Draft Cybercrime Act to the Ex-
President, and the committee formed the Nigerian Cybercrime Working Group (NCWG), to accelerate the
implementation of its Cybercrime research efforts, and to assist the Nigerian National Assembly in the quick
passage of a Cybercrime Bill. An essential document that came out of the closed door Presidential Committee
on Cybercrime is the Draft Nigerian Cybercrime Act.
9
F. Oyesanya Review Of Draft Nigerian Cybercrime Act Nigeria Village Square Available at:
http://nigeriavillagesquare.com/articles/femi-oyesanya/review-of-draft-nigerian-cybercrime-act.html Accessed: (
29/6/2013)

41
knowingly destroy or alter data in a manner contrary to the intended use of the data, is that
program a contaminant? Another keyword, under the Interpretation Section is the word
Computer Injury. The section defines Computer Injury as any alteration, deletion,
damage, or destruction of a computer system, computer network, computer program, or data
caused by the access. The underlying issue also raised here, is that the definition does not
seem to address the issue of Computer Injury that could result as a consequence of
unauthorized disclosure of confidential information, theft of that information, and other forms
of illegal use of data by an authorized or unauthorized person
10
. The second issue that was
also raised was about the Computer Injury term, is the harmonization of the definition with
local and Intellectual property Laws. The section, also defines, Computer Security, as
including:
software, program or computer device that: is intended to protect the confidentiality
and secrecy of data and information stored in or accessible through the computer
system; and may display a warning to a user that the user is entering a secure system
or requires a person seeking access to knowingly respond by use of an authorized
code to the program or device in order to gain access.
Generally, Computer Security is said to have three attributes: confidentiality, Integrity, and
availability, but the above definition did not take into account the other key attributes of
Computer Security
11
. The Interpretation Section also tries to define Computer Service as
including:
Any and all services provided by or through the facilities of any computer system
which is capable of allowing the input, output, examination, or transfer, of computer
data or computer programs from one computer to another.
There are three phrases of a Computer operation which are input, processing, and output, and
the definition of Computer Service has been said to somehow skip the fact that data
processing is a key component of Computer Service.
12

The Offenses Section of the Draft Cybercrime Act is the Criminal Law Part of the ACT. The
section contains a lot of provisions that criminalises a lot of acts like: Unauthorized access
to computer, electronic or ancillary devices, Access with intent to commit an offence,
Unauthorized modification of the contents of any computer, Illegal communication using
electronic messages, Illegal interception, Data interference, System interference,

10
Ibid
11
Ibid
12
Ibid

42
Misuse of devices, Denial of service, Email bombing, Computer trespass,
Computer vandalism, Computer identity theft and impersonation, Attempt, conspiracy
and abetment, Duties of Service Providers, Records Retention by Service Provider,
Cybersquatting, Computer contamination, Cyber-terrorism, Intellectual Property,
Soliciting a Minor with a Computer for Unlawful Sexual Purposes and Computer
Offences against Minors and Other sexual offences.
The System interference law, in the Offenses section declares:
Any person who unlawfully produces, sells, designs, adapts for use, distributes, or
offers for sale, procures for use, possesses any devices, including a computer program
or a component, which is designed primarily to overcome security measures for the
protection of data, or performs any of those acts relating to a password, access code or
any other similar kind of data with the intent to unlawfully utilize such item to
contravene this Act, commits an offence and liable upon conviction to a fine not less
than =N=1 million or imprisonment for a term not less than 3 years or to both such
fine and imprisonment.
This section has been criticised has failing to note that Computer Security professionals
conducting security assessments sometimes have a need to design or use products with the
capacity for System penetration
13
. According to this definition, Computer penetration testing
tools, computer forensic tools, will become a System Interference. Also, Virus Software re-
engineering process, which sometimes requires writing viruses and sometimes the
disassembly of Software virus also, will be illegal in Nigeria. In this view this law will also
hinder the Cybercrime Agency in performing its functions. Also the provisions on Email
Bombing
14
and Records Retention by Service Provider also have their criticism. The Email
Bombing Law has been said to fail to accommodate the fact that legitimate Email marketing
may produce the same effect of mail bomb to a single System. Whereas the Data Retention
Law, as suggested by this Bill, has been said to potentially become a national security issue,
15

as what would stop Political Parties from colluding with ISPs and gaining access to
confidential transactional records of political opponents? The provision states that: All

13
Ibid
14
The section provides that: Any person who uses a computer, computer network, computerized
communications system, or the Internet to purposefully: a) send or induce others to send, massive amounts of
electronic mail to a single system or person with the intent to interfere with the operating ability of recipient's
computer system; or b) send an unreasonably large file attached to electronic Mail or multiple copies of
identical messages to the recipient with intent of stopping or slowing the Recipients ability to retrieve mail; or
c) subscribe the intended recipient without authorization to multiple Internet mailing lists resulting in the
recipient d) receiving unwanted electronic mails: Commits the offence of email bombing under this Act and
liable upon conviction to a fine of not less than =N=500,000 or imprisonment to a term not less than 2 years or
both such fine and imprisonment.
15


43
service providers under this Act shall have the responsibility of keeping all transactional
records of operations generated in their systems and networks for a minimum period of 5
years
Professor Susan Brenner of the University Of Dayton School Of Law, published an Internet
Web Site titled Model State Computer Crime Code
16
. The site provides a model for various
Computer Crime Laws that serves as template for Countries wishing to implement
Cybercrime Laws. One sees a lot of word for word similarities between the Draft Nigerian
Cybercrime Act and the works of Professor Susan Brenner. For example, the Email Bombing
section of the Nigerian Cybercrime Act was essentially copied from the Web Site.

3.2.2 COMPUTER SECURITY & CRITICAL INFORMATION INFRASTRUCTURE
PROTECTION BILL 2005.
17

This Bill seeks to create legal liability and responsibility for modern global crimes carried on
over a computer or computer systems, i.e. the internet. in its self it prohibits crimes which are
considered as classifications of cybercrime. Some of these crimes, which carry penalties of
fines ranging from the average sum of N100, 000.00 (One Hundred Thousand Naira) to terms
of imprisonment ranging on the average from six months imprisonment, include: Hacking
and unlawful access to a computer or a computer network
18
; Spamming - this is unsolicited
mails fraudulent electronic mails
19
, etc.; Computer forgery
20
, Computer fraud
21
, system
interference
22
, Identity theft and impersonation on the internet
23
; Cyber-terrorism
24
,
cybersquatting, misuse of computer for unlawful sexual purposes
25
, etc.
The Bill allows for the enforcement of its provisions by any law enforcement agency in
Nigeria, to the extent of the agencys statutory powers in relation to similar offences

16
See http://cybercrimes.net/98MSCCC/MSCCCMain.html Accessed: (6/7/2013)
17
Titled A Bill For An Act To Secure Computer Systems And Networks And Protect Critical Information
Infrastructure In Nigeria By Prohibiting Certain Undesirable Computer-Based Activities And For Matters
Connected Therewith.
18
s.3
19
s.5
20
s.6
21
s.7
22
s.10
23
s.11
24
s.16
25
s.18

44
committed, with or without, the use of a computer.
26
Section 3 of this Bill makes it an offence
for any person, without authority or in excess of such authority where it exist, to access any
computer or access a computer for an unlawful purpose. This section generally prohibits
unauthorised access regardless of the intentions of the person. It is also an offence for any
person to disclose any password, access code or disclose any other means of access to any
computer program without lawful authority
27
. Section 12 of this Bill requires every service
provider to keep a record of all traffic and subscriber information on their computer networks
for such a period as the President of the Federal Republic of Nigeria may by Federal Gazette,
specify. Service Providers are further required to record and retain any related content at the
instance of any Law Enforcement Agency. It also allows any Law Enforcement Agency in
Nigeria, on the production of a warrant issued by a Court of competent jurisdiction, to request
a service provider to release any information in respect of communications within its
network, and the service provider must comply with the terms of the warrant. In the
protection of the privacy and civil liberties of persons, the Bill requires that all
communications released by a service provider shall only be used for legitimate purposes
authorised by the affected individual or by a Court of competent jurisdiction or by other
lawful authority
28
. The Bill makes it unlawful for any person to intercept any communication
without the authority of the Owner of the communication and conviction for a breach of this
provision is a fine of not less than N5Million or imprisonment for a period of not less than ten
years or to both the fine and the term of imprisonment.
29
Also it makes it mandatory for all
Service Providers to ensure that their networks are accessible and available to enable law
enforcement agencies, on the production of an Order of a Court of Law or of any other lawful
authority, to intercept and monitor all communications on their networks, access call data or
traffic, access the content of communications, monitor these communications uninterrupted
from locations outside those of the Service Providers, provided that these convert activities
are for the purpose of law enforcement.
30
The bill also makes it an offence for a service
provider to breach the above provisions on cooperation with the law enforcement agencies
and they could be convicted or fined or both
31
. This bill also confers both universal
jurisdiction and the effect doctrine jurisdiction alongside territorial jurisdiction in the

26
s.2
27
s.4
28
s.12(4)
29
s.13
30
Ibid
31
Ibid

45
prosecution of the offences criminalised in the bill.
32
The state and federal High court has
jurisdiction to try offenders under the bill.
33


3.2.3 THE CYBER SECURITY AND DATA PROTECTION AGENCY BILL 2008
34

The Bill proposes the establishment of a body to be known as the Cyber Security and
Information Protection Agency, to be charged with the duties of investigation of all
cybercrimes, adoption of measures to eradicate the commission of cybercrimes, registration
and regulation of service providers in Nigeria, and organisation of campaigns and other
activities to create public awareness on the nature and forms of cybercrimes
35
. The bill
requires the agency to maintain a liaison with the office of the Attorney General of the
Federation, and the Inspector General of the Police on the arrest and subsequent prosecution
of the offenders.
36
The Bill does not define what Cybercrime is but it also contains a number
of provisions criminalising unlawful access to computers, unauthorised disclosure of access
information or passwords, sending of fraudulent electronic mail messages and spamming,
system interference, unlawful interception, Cyber Squatting, Cyber Terrorism and other
forms of computer fraud and data forger, which are all under the various classification of
cybercrime.
As to the provision that prohibits unlawful access to computer, states that:
Any person who without authority or in excess of his authority accesses any
computer for the purpose of: (a) securing access to any program; or (b) data held in
that computer commits an offence and shall be liable on conviction: (/) in the case
of offence in paragraph (a) of this subsection, to a fine of not less than N 10,000 or
imprisonment for a term of not less than 6 months or to both such fine and
imprisonment; (ii) For the offence in paragraph (b), to a fine of not less N1 00,000 or
a term of not less than 1 year or to both such fine and imprisonment.
An issue that comes up here is that this provision seems to criminalise any form of
unauthorised access into a computer. It does not state what constitute an unauthorised access.

32
s.24
33
Ibid
34
Titled A Bill for an Act to Provide for the Establishment of the Cyber Security and Information Protection
Agency Charged with the Responsibility to Secure Computer Systems and Networks and Liaison with the
Relevant Law Enforcement Agency for the Enforcement of Cyber Crime Laws, and for Related Matters No. C
4445 (HB 154). Sponsored by HON. Bassey Etim; the major difference between this Bill and the Previous Bill
discussed is the establishment of an Agency while latter did not provide for the establishment of an Agency.
35
Proposed Section 4
36
Ibid

46
In this case, if some uses the computer of another person without the authority of the owner,
in other to use a computer program, for example Microsoft word, has committed an offence.
The interpretation section
37
of the bill does not help in resolving this vagueness in its
definition of access and computer program. The section interprets access as includes
gaining entry to, instructing, making use of any resources of a computer, computer system or
networking. Computer program" means data or a set of instructions or statements that when
executed in a computer causes computer to perform function. The definition of computer
program here will include computer software and computer codes.
The provision that prohibit the Misuse of devices is similar to that of System Interference
Law of the Draft cybercrime bill of 2004, in that they both prohibit the misuse of certain
devices. The bill states, in s.12, that:
Any person who unlawfully produces, adapts or procures for use, distributes, offers
for sale, possesses or uses any devices, including a computer program or a component
or performs any of those acts relating to a password, access code or any other similar
kind of data, which is designed primarily to overcome security measures with the
intent that the devices be utilized for the purpose of violating any provision of this
Bill, commits an offence and is liable to a fine of not less than N l ,000,000 or
imprisonment for a term of not less than 5 years or to both such fine and
imprisonment.
The criticism about the Draft Cybercrime Act on System interference also applies here
38
and
the exercise of this section will also hinder the Agency in performing its functions.
The Bill also criminalises the use of computers to violate any intellectual property rights
protected under any law or treaty applicable in Nigeria, and making such punishable upon
conviction, by payment of a fine of not less than one million naira or imprisonment for a term
of not less than five years or to both such fine and imprisonment
39
. Similarly, any person
who, on the Internet, intentionally takes or makes use of a name, business name, trademark,
domain name, or other word or phrase registered, owned or in use by any individual, body
corporate or government agency without authority or right, or for the purpose of interfering
with their use on the Internet by the owner, registrant or legitimate prior user, commits an

37
s.38
38
The criticism that the section fails to note that Computer Security professionals conducting security
assessments sometimes have a need to design or use products with the capacity for System penetration. Also
Computer penetration testing tools, computer forensic tools, will become a System Interference. Also, Virus
Software re-engineering process, which sometimes requires writing viruses and sometimes the disassembly of
Software virus also, will be illegal in Nigeria.
39
s.21

47
offence, punishable on conviction by payment of a fine and/or term of imprisonment.
40
This
provision relates to the crime of Cyber Squatting. The criminalisation of acts against
intellectual property may not be sufficient to provide succour to right holders, who may be
more interested in civil remedies which afford the opportunity of pecuniary relief and
compensation to the wronged party.
41
This bill also confers both universal jurisdiction and the
effect doctrine jurisdiction in the prosecution of the offences criminalised in the bill.
42
The
state and federal High court has jurisdiction to try offenders under the bill
43


3.2.4 THE PROHIBITION OF ELECTRONIC-FRAUD BILL 2008
44

The Bill seeks to prohibit all Electronic Fraud in Nigeria, unauthorized access to computer be
it public or private, registration of Cyber cafe to ensure monitoring of such cybercafs
45
,
interception of electronic messages
46
, wilful misdirection of E-messages for fraudulent
purposes
47
, fraudulent issuance of E-money orders.
48
, sending obscene messages,
manipulation of computer data
49
, purchase of forged E-cards
50
, falsification of E-data
51
,
diversion of E-mail for personal gains in financial institutions, E-identity theft, E-card fraud,
usage of fake E-access devices, manipulation of ATM/POS terminals, computer damage and
for other related matters.
52
Also financial institutions and their employees are criminally
liable if they directly or indirectly engage in, or authorise the unlawful diversion of electronic
mails, and they are also required to render monthly reports of attempted electronic fraud to
the appropriate security agencies
53
. In prohibiting unauthorised access into computers, the

40
s.19
41
A. O. Oyewunmi, The ICT Revolution and Commercial Sectors in Nigeria: Impacts and Legal Interventions
(2012) British Journal of Arts and Social Sciences Vol.5 No.2 pp. 241
42
s.28; The effect doctrine of Jurisdiction occurs when none of the constituent elements of the crime took
place in the territory of the state that is asserting jurisdiction; rather, it is only the effect of a crime, which is
planned and executed elsewhere, that is felt on its territory of the state that is felt on its territory. See Abass on
international law pp.532
43
Ibid
44
Titled: An Act To Provide For The Prohibition Of Electronic Fraud In All Electronic Transactions In Nigeria
And For Other Related Matters Sponsored By Senator Ayo Arise
45
s.4
46
s.8
47
s.8
48
s.13
49
s.16
50
s.19
51
s.21
52
See generally the Explanatory Memorandum
53
s.25-28

48
proposed section 3 seems to clearly state what will constitute unauthorised access. The
section states that:
Whoever intentionally accesses a computer or electronic device without authorisation
or exceeds authorised access and thereby obtains information contained in a financial
database of a financial institution or a card issuer or contained in a file of a customer
and or consumer, or information from any electronic device for any advantageous
reasons without due authorization from the administrator or owner of such a device,
or information from any department, ministry or agency of the government or obtain
information from any classified computer of government shall be guilty of an offence
and upon conviction shall be liable to a fine of 5 million Naira or imprisonment for 5
years or both.
Also the Bill prohibits any person or body corporate to access computer and or electronic
device to commit espionage; traffic in passwords for public, private and or financial
institutions computer or relevant electronic devices; traffic in any password or similar
information through which a computer may be accessed without authorisation with intent to
defraud, copy financial institutions website, email customers with intention to defraud
customers and financial institutions; and intentionally create computer worms to destroy
government computer
54
. Anybody who contravenes these acts shall be guilty of an offence
punishable with a sentence of 7 years imprisonment or a fine of 5 million Naira or both.
55


3.2.5 COMPUTER MISUSE BILL 2009
56

This Bill seeks to make provision for the safety and security of electronic transactions and
information systems; to prevent unlawful access, abuse or misuse of information systems
including computers and to make provision for securing the conduct of electronic transaction
in a trustworthy electronic environment
57
. This bill has similar provisions as that of the
previous bills discussed above. It also does not criminalise Cybercrime but criminalises acts
that are under the classification of cybercrime, such as unauthorized access;
58
Unauthorised
modification; Child pornography
59
; unlawful interception; the production, sale, procurement,
use, distribution or possession of any device including a computer program or component

54
s.1
55
Ibid
56
Titled: A Bill For An Act To Make Provision For The Safety And Security Of Electronic Transactions And
Information Systems; To Prevent Unlawful Access, Abuse Or Misuse Of Information Systems Including
Computers And To Make Provision For Securing The Conduct Of Electronic Transaction In A Trustworthy
Electronic Environment And To Provide For Other Related Matters Sponsored By Senator Wilson Ake
57
See Explanatory Memorandum
58
s. 8
59
s.17

49
which is designed primarily to overcome security measures for the protection of data, or the
performance of any of those acts with regard to a password, access code or any other similar
kind of data with the intent to unlawfully utilize such item. It further stipulates a liability on
conviction to an imprisonment for five years or to a fine of two thousand Naira or both as
penalty for the contravention of this section.
60
This Bill mainly focuses on the prohibition of
any unauthorised access or unauthorised interception into a computer, access with intent to
commit or facilitate commission offence. This Bill provides a clear instance of what securing
access is,
61
but just like the Cyber Security and Data Protection Agency Bill, it also prohibits
general unauthorised access into a computer and its criticism also applies here.
It also addresses some of the procedural deficiencies of the existing framework by making
provisions for search and seizure,
62
the admissibility of electronic evidence in criminal
proceedings
63
and; territorial jurisdiction and universal jurisdiction.
64
The Federal High Court
by virtue of this bill has jurisdiction to try any offender under this bill.
65


3.2.6 COMPUTER SECURITY AND PROTECTION BILL, 2009
66

The Explanatory Memorandum of the bill state that:
The Bill seeks to make provisions for- (a) securing computer and computer networks
as well as critical information infrastructure in Nigeria; (b) offences and penalties
relating to un lawful acts committed with the use of computers: and (c) the
establishment of the Nigeria Computer Security and Protection Agency to provide
legal basis and technical infrastructure for combating cybercrime in Nigeria.
This Bill is divided into 9 Parts, they are: PART I Establishment of the Nigerian Computer
Security and its Governing Board etc; PART II Functions and Powers of the Agency;
PART III Management and staff of the Agency; PART IV Financial Provisions; PART V
Offences; PART VI - Security And Protection Of Critical Information Infrastructure; PART
VII - General Provisions; PART VIII - Legal Proceedings; PART IX Miscellaneous.

60
s. 10
61
See: s. 2
62
s. 18
63
s. 19
64
s. 20
65
s.21
66
Titled: A Bill For An Act To Establish A Legal And Institutional Framework For Securing Computers And
Networks And Protecting Critical Information Infrastructure In Nigeria And For Matters Connected Therewith

50
The Bill provides of a Nigerian Computer Security and Protection Agency
67
and the agency
shall be a body corporate with perpetual succession and a common seal, it can sue and be
sued.
68
The provisions of this Bill are similar to that of the Cyber Security and Data
Protection Agency Bill, with the difference in the introduction of the Part VIII concerning
Legal Proceedings, for example, allowing the indemnifying of any member of the Board the
Director General or any officer or employee of the Agency against any liability incurred by
him in defending any proceeding whether civil or criminal, if the proceeding is brought
against him as his capacity an officer of the Agency. Also the Bill recognises Civil Liability
as regards acts criminalised by the bill. The proposed section 36 states that:
Notwithstanding any provisions to the contrary in any other enactment or law; any
person who contravenes any provision of this Act may in addition to the penalty
provided thereof, be liable in a civil suit.
This provision is also similar to that of the cyber security and data protection bill, as an
interested party can seek out civil remedies which will afford him/her the opportunity of
pecuniary relief and compensations especially acts against Intellectual properties. Also the
criticism also raised in the previous bill also applies here, especially that of the prohibition of
unauthorised access. The same principle of jurisdiction provided for by the cybersecurity bill
2008 is the same principle also provided in this bill.

3.2.7 ECONOMIC AND FINANCIAL CRIMES COMMISSION ACT (AMENDMENT) BILL,
2010
69
.
This Bill seeks to amend the Economic and Financial Crimes Commission Act, 2007 in order
to empower the Commission to investigate and prosecute incidence of Cybercrimes and e-
payment matters.
70
The Bill in s.2 seeks to add one more function to the EFFC, which is
stated in s.6 of the EFCC Act. The bill states that:
Section 6 of the Principal Act is amended by inserting a new subsection (c) to read
"the investigation and prosecution of all offences bordering on or connected with
Cybercrime or e-payment matters".

67
s.1
68
s.2
69
Titled: A Bill for an Act to amend The Economic and Financial Crimes Commission (Establishment Etc.) Act,
2007 to Facilitate the Investigation and Prosecution of Cyber and E-Payment Crimes and for Other Related
Matters (HB C349). Sponsored By: Hon. Abubakar Shehubunu
70
See Explanatory Memorandum

51
The principal act referred to is the current EFCC Act.
71
This bill fails to state what
cybercrime is, or list any offences that can be classified as cybercrime. The effect of this bill,
if passed, will still be in effective as cybercrime is not defined or punishable under any
written law in Nigeria.

3.2.8 CYBERSECURITY BILL, 2011
Cyber Security Bill first came to play in Nigeria in 2004 where some civil society advocated
for the passage of the bill in order to make provision for an effective legal framework for the
prohibition, prevention, prosecution and punishment of cybercrimes in the country
72
. Hence
to this effect, the Federal Ministry of Justice in collaboration with the National Security
Adviser had come up with a draft of CyberSecurity Bill in 2011. This Bill is made of 6 parts,
they are; Part I General Objectives; Part II Offences & Penalties; Part III Critical
Information Infrastructure Protection; Part IV Search, Arrest and Prosecution; Part V
International Cooperation; and Part VI: Miscellaneous.
Part 1 deals with the general objectives, the scope of the Bill and its application. The objects
and scope of this Act are to provide an effective, unified and comprehensive legal framework
for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in
Nigeria; Enhance cybersecurity and the protection of computer systems and networks,
electronic communications; data and computer programs, Intellectual property and privacy
rights. The Bill provides that its provisions will be enforced by any law enforcement agencies
in Nigeria to the extent of the agency's statutory powers in relation to similar offences.
As regard Part II of the bill, the proposed sections 2 to 18 criminalizes specific computer and
computer-related offences, which include: Unlawful access to a computer; Unauthorized
disclosure of access code; Data forgery; Computer fraud; System interference; Misuse of
devices; Denial of service; Identity theft and impersonation; Child Pornography; Records
Retention and Preservation; Unlawful Interception; Cybersquatting; Cyberterrorism; Failure
of Service Providers to Perform certain Duties; Racist and xenophobic Offences. If most of
the provisions in this part are going to be effective, it will cause a serious implication in the
administration of justice because, if someone access your system causing damage to it or a

71
S.1
72
http://www.tech360ng.com/the-nigeria-cybersecurity-2011/ Accessed (24/6/2013)

52
little malfunction, then the person is convictable under this bill. Online identity theft, in this
bill gets a punishment of N7m or 3 years jail term imprisonment, or both.
Part III provides for the security and protection of critical information infrastructure. It
further provides for the audit and inspection of critical information infrastructure and
punishment for offences against critical information infrastructure. Also Part IV deals with
issues such on jurisdiction, powers of search and arrest, obstruction of law enforcement
officers, prosecution, forfeiture of assets, compounding of offences; payment of
compensation; and the power to make regulations. Part V deals with the issues of
International Cooperation. As Cybercrime and cybersecurity issues are not restricted by
geographical boundaries and legal jurisdictions but can only be checked through international
cooperation which is covered in Sections 29 to 34 of the Bill. The issues covered include:
Extradition; Mutual Assistance Requests; Expedited preservation of data, Evidence Pursuant
to a Request; and Form of Requests. Part VI deals with issues of a general character such as
Directives of a general character; Regulations and the Interpretation section.
The above provisions of this Bill is said to have met the milestones required of legislation on
cybercrime, after it was reviewed and compared against international instruments and
standards, such as the Council of Europes Budapest Convention, 20013 and the ITU Toolkit
on Cybersecurity Legislation
73
.

3.2.9 CURRENT BILLS IN THE NATIONAL ASSEMBLY
There are three bills which centre on regulating and creating offences related to cybercrime
that are currently in the National Assembly waiting to be enacted into law. The bills are;
1. A Bill for an Act to Amend the Criminal Code Act, Cap. C38, Laws of the Federation
of Nigeria, 2004 in Order to Provide for Offences and Penalties Relating to Computer
Misuse and Cybercrimes 2012 (HB. 391)
74
"
2. A Bill for an Act to Amend the Penal Code (Northern States) Federal Provisions Act,
Cap.P3, Laws of the Federation of Nigeria, 2004 in Order to Provide for Offences and
Penalties Relating to Computer Misuse and Cybercrimes, 2012 (HB. 392)
75
"

73
T.G. George-Maria Tyendezwa, (Head, Computer Crime Prosecution Unit Nigeria) Cybercrime Legislation
Development In Nigeria An Update Octopus Conference, Strasbourg 06 June, 2012
74
The bill has been referred to the House committee on Justice
75
Ibid

53
3. A Bill for an Act to ensure the continued free flow of Business within Nigeria and
with its Global Trading Partners through secure Cyber Communications, to Provide
for the continued Development and Exploitation of the Internet and Internet
Communications for such Purposes, to Provide for the development of a Cadre of
information Technology Specialists to improve and Maintain effective Cyber Security
Defences against Disruption, 2011 (HB. 84)
76

As regard the Bills amending the criminal code and the penal code, the Chair of Africa ICT
Alliance, Dr Jimson Olufuye, while expressing his support for the passage of a Bill towards
amending the Criminal Code Act, in order to provide for offences and penalties relating to
computer misuse and cybercrimes, said that there is no need for a special cybercrime bill for
Northern Nigeria and so supported the discontinuation of the bill that will apply to Northern
states of Nigeria only.
77
The AfICTA group also recommended that on the title Records
retention and protection of data by service providers in paragraph 22 (1) be replaced with
Data preservation and protection of data by service providers in order to maintain
consistency of the subject on data rather than records
78
. Olufuye gave other reasons for the
recommended amendment to include the use of preservation instead of retention. He
explained that;
Data preservation required Communications Service Providers (including Internet
Service Providers) to store a particular individual traffic data for a finite period as
specified under the appropriate judicial authority. Whereas, data retention is requiring
all CSP to retain all of the certain types of the traffic data created by all users.
79

On lawful interception by law enforcement officer, Olufuye recommended that the action of
the law enforcement officer be backed up by judicial authorisation
80
. This, he said, was
essential to avoid any form of abuse of office by any law enforcement officer and to respect
the privacy of service providers

76
The bill has been referred to the House committee on Information Technology and Justice
77
D. Oyetola, AfICTA supports Cybercrime bill Punch Newspaper available at:
http://www.punchng.com/business/technology/aficta-supports-cybercrime-bill/ Accessed: (1/7/2013)
78
Ibid
79
Ibid
80
Ibid