INTRODUCTION
Cyber law also known as internet law or digital law, signifies the legal regulations and frameworks governing digital activities. It covers a large range of issues, including online communication, e-commerce, digital privacy, the prevention and prosecution of cybercrimes. As the internet has become a fundamental part of our daily lives, cyber law has become crucial in ensuring digital spaces’s orderly and secure functioning. Furthermore, cyber law lies in its capacity to navigate and regulate the intricate challenges that arise from the pervasive use of technology. Cyber law provides a framework for protecting individuals and organizations from cyber threats, ensuring the privacy and security of digital transactions, and establishing guidelines for ethical and legal conduct in cyberspace. As the digital world evolves, the importance of cyber law becomes more pronounced, serving as a cornerstone for the responsible and lawful utilization of digital resources.
CYBER SECURITY LAWS
Herein, we shall consider the laws that regulate cybersecurity in Nigeria. They are as follows:
- The 1999 Constitution of the Federal Republic of Nigeria (as amended) (“CFRN”).
- The Cybercrimes (Prohibition and Prevention, etc.) Act, 2015.
- Nigeria Data Protection Act, 2023 (“NDPA”).
- Nigeria Data Protection Regulation, 2019 (“NDPR”).
- Nigeria Data Protection Regulation Implementation Framework, 2020.
- The Advance Fee Fraud and other Related Offences Act, 2006.Terrorism (Prevention and Prohibition) Act, 2022.
- The NCC Guidelines for the Provision of Internet Service.Risk-Based Cybersecurity Framework and Guidelines for Other Financial Institutions, 2022.
- The Economic and Financial Crimes Commission (Establishment, etc.) Act, 2004.
- The Money Laundering (Prevention and Prohibition) Act, 2022.Nigerian Communications Communication Act, 2003.
CYBERCRIME
OBJECTIVES OF THE CYBERCRIMES (PROHIBITION, PREVENTION, ETC) ACT, 2015
“It will thus be worth the while to first of all look at the objectives of the Cybercrimes Act. In order to achieve this, I shall have recourse to the provisions of Section 1 thereof which deals with the objectives of the Act and same is hereby reproduced: 1. (1) The objectives of this Act are to – (a) provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria; (b) ensure the protection of critical national information infrastructure; and (c) promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.” Per CORDELIA IFEOMA JOMBO-OFO, JCA (Pp 14 – 14 Paras A – E)
SEE: JULIUS v. FRN (2021)LPELR-54201(CA)
THE DIFFICULTIES IN ASCERTAINING PRECISELY THE PERPETRATOR(S) OF CYBERCRIMES
“The difficulties that can be encountered in ascertaining precisely the perpetrators of impersonation for criminal activity was adroitly observed by Ajayi, E.F.G. in his article: Challenges to enforcement of cyber-crimes laws and policy published in the Journal of Internet and Information Systems, August, 2016, thus: “One other practice engaged by cybercriminals which compound evidence in cyberspace is impersonation or identity theft; this is intentionally done to sway and steer off investigation as to the real identity of cybercriminals, more often than not, innocent persons are arrested and prosecuted for offences they know nothing about. In other words, digital technologies provide ample opportunities for impersonation by way of identity disguise so as make it difficult if not impossible to ascertain who the perpetrator of cybercrimes is.” I completely agree that there may be difficulties in ascertaining precisely who the perpetrators of a cybercrime. I am also mindful of the caution on the dangers of having innocent people arrested and prosecuted for something they know absolutely nothing about.” Per ONYEKACHI AJA OTISI, JCA (Pp 23 – 24 Paras B – B)
SEE: SUINNER v. FRN(2021) LPELR-53404(CA).
WHETHER SECTION 24(1) OF THE CYBERCRIMES (PROHIBITION, PREVENTION ACT, 2015) IS INCONSISTENT WITH THE PROVISIONS OF THE CONSTRUCTION
The Court is faced with a consideration and construction of the provisions of Section 24(1) of the Cybercrime Act, 2015 which contends to be inconsistent with Section 36(12) and section 39 of the 1999 Constitution. Section 24(1) of the Act reads: 1. A person who knowingly or intentionally sends a message or other matter by means of computer systems or network that – 1. is grossly offensive, pornographic or of an indecent, obscene or menacing character or causes any such message or matter to be sent, or 2. he knows to be false, for the purpose of causing annoyance, inconvenience danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, ill will or needless anxiety to another or causes such a message to be sent, commits an offence under this Act and is liable on conviction to a fine of not more than N7,000,000.00 or imprisonment for a term not more than 3 years or both. Whereas Section 36(12) of the 1999 Constitution (as amended) provides that: “(12) Subject as otherwise provided by this Constitution, a person shall not be convicted of a criminal offence unless that offence is defined and the penalty therefore is prescribed in a written law, and in this subsection, a written law refers to an Act of the National Assembly or a Law of a State, any subsidiary legislation or instrument under the provisions of a law.” Section 39 of the Constitution on the other hand provides that: 1. Every person shall be entitled to freedom of expression, including freedom to hold opinions and to receive and impart ideas and information without interference. 2. Without prejudice to the generality of Subsection (1) of this section, every person shall be entitled to own, establish and operate any medium for the dissemination of information, ideas and opinions; Provided that no person, other than the Government of the Federation or of a State or any other person or body authorized by the President on the fulfillment of conditions laid down by an Act of the National Assembly, shall own, establish or operate a television or wireless broadcasting station for, any purpose whatsoever. 3. Nothing in this section shall invalidate any law that is reasonably justifiable in a democratic society – 1. for the purpose of preventing the disclosure of information received in confidence, maintaining the authority and independence of Courts or regulating telephony, wireless broadcasting, television or the exhibition of cinematograph films; or 2. imposing restrictions upon persons holding office under the Government of the Federation or of a State, members of the armed forces of the Federation or members of the Nigeria Police Force or other Government security services or agencies established by law.” Without any particle of doubt, under our constitution, liberty of thought and freedom of expression is paramount. In DIN Vs. AFRICAN NEWSPAPERS OF NIG. LTD (1990) LPELR – 947 (SC), the Supreme Court of Nigeria, per KARIBI-WHYTE, JSC held that the “right to comment freely on matters of public interests is one of the fundamental rights of free speech guaranteed to the individual in our Constitution. It is so dear to the Nigerian and of vital importance and relevance to the rule of law which we clearly treasure for our personal freedom…” See also AVIOMOH Vs. COP & ANOR (2014) LPELR – 23039 (CA); OKAFOR & ORS Vs. NTOKA & ORS (2017) LPELR – 42794 (CA). The provisions of Section 39 of the Constitution are clear and unambiguous to the effect that it guarantees that every citizen of this country shall be entitled to freedom of expression which was extended to include the freedom to hold opinion and pass information without interference. This freedom presupposes free flow of opinion and ideas essential to sustain the collective life of the citizenry. It is very important for me to stress that the right provided under Section 39 is not an open-ended or absolute right, the right is qualified, and therefore subject to some restrictions by the provisions of Section 45 of the Constitution of the Federal Republic of Nigeria 1999 (as amended), the section provides as follows: 1. Nothing in Sections 37, 38, 39, 40 and 41 of this Constitution, shall invalidate any law that is reasonably justified in a democratic society- 1. in the interest of defense, public safety, public order, public morality or public health; or 2. for the purpose of protecting the rights and freedom of other persons…” From the above provisions, it is obvious that the legislature has the power to enact laws that are reasonably justifiable in a democratic society and such laws shall not be declared invalid merely because they appear to be in conflicts with the rights and freedom extended to citizens under the Constitution. It is therefore within the powers of the legislature, in the interest of the public, to place restrictions and introduce safe-guards upon the constitutional right of a citizen, I must be quick to add that, in the light of the wordings in Section 45(1) supra is not open to the legislature to achieve this object by directly or immediately curtailing the right of the Nigerian citizens unless such restriction accords with the circumstances enumerated under Section 45(1)(a) and (b) supra. Therefore, as in the case at hand, the right of freedom of speech guaranteed under Section 39 cannot be taken away except for purposes of preserving the interest of defense, public safety, public order, public morality, public health or for the purpose of protecting the rights and freedom of other persons. The Appellant argued that Section 24(1) of the Cyber Crime Act is vague, overbroad, and that the words used therein are not defined, and is therefore in conflict with the provisions of Section 39 of the Constitution of the Federal Republic of Nigeria 1999 (as amended) therefore leaving room for various manner of constructions. The Appellant particularly dwelt on the failure to clearly provide the definition of what constitutes a message that is ‘grossly offensive’, ‘indecent’, ‘obscene’ or ‘menacing character? and, who and what is the boundary for determining what character of messages cause ‘annoyance’, ‘inconvenience’, ‘needless anxiety’? Appellant said there is no clear definition of all these words from the provisions of the law. Taking guidance from the decision of the Supreme Court of Nigeria in MARWA & ORS Vs. NYAKO & ORS (Supra), the Court faced with the challenge of resolving allegations of conflict between existing legislations has a duty to identify the purpose which the framers of the Constitution sought to achieve, and ascribe that purpose to the provisions of the statute. I must state without any reservations that Section 39 of the Constitution is made subject to the provisions of Section 45 which gives room for derogation from the provisions of Section 39 of the Constitution. Before I address the perceived conflict, let me set the records straight by determining the purpose of the Cybercrimes (Prohibition & Prevention etc.) Act 2015, the objectives sought to be achieved by the enactment is found in Section 1 of the Act and the section provides as follows: The objectives of this Act are to – (a) provide an effective and unified legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria; (b) ensure the protection of critical national information infrastructure; and (c) promote cyber security and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights. This section conveys the determination of the legislature to protect several rights including privacy rights of citizens. A clear analysis of Section 45 of the Constitution will show that the section sets out to protect the interest of defense, public safety, public order, public morality or public health; or the rights and freedom of other persons. Both provisions of the cybercrimes Act and Section 45 of the Constitution set out to protect the privacy rights of citizens. I have no difficulty in coming to the conclusion that the intention of the legislature in enacting the Cybercrimes Act 2015 is in accord with the provisions of Section 45 of the Constitution. The Appellant also cited Section 36(12) of the Constitution of the Federal Republic of Nigeria 1999 (as amended) to contend that a person cannot be tried and convicted for an offence unless the offence is clearly provided for under a written law. The section provides that “(12) Subject as otherwise provided by this Constitution, a person shall not be convicted of a criminal offence unless that offence is defined and the penalty therefore is prescribed in a written law, and in this subsection, a written law refers to an Act of the National Assembly or a Law of a State, any subsidiary legislation or instrument under the provisions of a law.” The Appellant said Section 24 of the Act does not satisfy the requirements of Section 39 (12) of the Constitution, it is therefore unconstitutional. In my humble understanding of the provisions of Section 24 (1) of the Cybercrimes Act 2015, the words are explicit and leave no room for speculation or logical deductions. The section is again reproduced as follows and I quote: Section 24(1) of the Act reads: 3. A person who knowingly or intentionally sends a message or other matter by means of computer systems or network that – 4. is grossly offensive, pornographic or of an indecent, obscene or menacing character or causes any such message or matter to be sent, or 5. he knows to be false, for the purpose of causing annoyance, inconvenience danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, ill will or needless anxiety to another or causes such a message to be sent, commits an offence under this Act and is liable on conviction to a fine of not more than N7,000,000.00 or imprisonment for a term not more than 3years or both. Section 24 Sub-section 2 of the Act provides for causing to be sent materials that are grossly offensive, pornographic, indecent, obscene or of menacing character, or knowing them to be false for the purpose of causing annoyance, inconvenience, danger or obstruction, insult, enmity hatred ill will or needless anxiety. With all due respect to the Appellant in the instant appeal, the language of the law is explicit and admits of no recourse to undue technicalities, the words are plain and ordinary. For the purpose of setting the ball rolling in bringing the defendant to justice, I think the legislation has the capacity to convey to the defendant in reasonably substantial details what he is coming to meet in Court. Again the penalty, if found guilty at the conclusion of trial is also specifically provided for. I would not like to say that the Appellant in this appeal is unduly resorting to game of wits, but such acrobatic scheming by the Appellant is totally uncalled for, they seem to be a designed to scramble the understanding of the Court. The offence is clearly defined and the punishment is also clearly stated in the law. In my humble understanding therefore the provisions of Section 24(1) of the Cybercrimes Act 2015 are not in conflict with the provisions of Sections 36 (12) and 39 of the Constitution of the Federal Republic of Nigeria 1999 (as amended).” Per TIJJANI ABUBAKAR, JCA (Pp 28 – 38 Paras A – A)
SEE: OKEDARA v. A.G FEDERATION(2019) LPELR-47298(CA).
TYPES OF CYBERCRIME AND THE LAWS REGULATING THEM
Hacking
Section 6 (1) of the Cybercrimes (Prohibition & Prevention Act) 2015 (a.k.a. “Cybercrimes Act”) provides for persons without authorisation to intentionally access a computer system in whole or in part, for fraudulent purpose in order to obtain data vital to national security. The maximum penalty for this offence in Nigeria is imprisonment for a term of not more than seven years, a fine of not more than N7 million, or both such fine and imprisonment.However, any person who, with the intent to commit an offence, uses any device to avoid detection or otherwise prevent identification or attribution with the act or omission will be liable, on conviction, to imprisonment for a term of not more than seven years, a fine of not more than N7 million or both. Where a person or organisation knowingly and intentionally traffics in any password or similar information through which a computer may be accessed without lawful authority, if such trafficking affects public, private and or individual interest within or outside the federation of Nigeria, such person or organisation would be held to have committed an offence and shall be liable, on conviction, to a fine of not more than N7 million, imprisonment for a term of not more than three years, or both such fine and imprisonment.
Examples of prosecution of this offence.
In July 2023, two suspected fraudsters were arrested and are being prosecuted by the Zone 2 Command of the Nigeria Police Force (“NPF”) for hacking into over 1,000 bank accounts of different victims and unlawfully withdrawing large sums of money from their accounts.
Two fraudsters were convicted in 2021, following their prosecution by the Economic and Financial Crimes Commission (“EFCC”), for business email compromise/hacking the systems of various corporate organisations, including KLM, Turkish Airways and British Airways and unlawfully earning over US$1million from their victims.
Denial-of-Service Attacks
Section 8 of the Cybercrimes Act provides for any person without lawful authority, intentionally or for fraudulent purposes to carry out an act that causes directly or indirectly, the serious hindering of the functioning of a computer system by inputting, transmitting, damaging, deleting, deteriorating, altering or suppressing computer data or any other form of interference with the computer system, which prevents the computer system or any part thereof, from functioning in accordance with its intended purpose.The maximum penalty for such offence is imprisonment for a term of not more than two years, a fine of not more than N5 million, or both such fine and imprisonment.
Phishing
Section 32 of the Cybercrimes Act for any person to engage in computer phishing knowingly or intentionally. It is prohibited to engage in the criminal and fraudulent process of attempting to acquire sensitive information like usernames, passwords and credit card details, by masquerading as a trustworthy entity in electronic communication through emails or instant messaging, such as an email from what appears to be from your bank asking a user to change his or her password or reveal his or her identity so that such information can later be used to defraud the user.The maximum penalty for this offence is a term of three years’ imprisonment, a fine of N1 million or both.
Examples of prosecution of this offence
On 1 September 2023, EFCC arraigned over 40 suspected internet fraudsters for being involved in various forms of online fraud, such as romance scams, identity theft, phishing and money laundering.In May 2021, a suspected fraudster was convicted, following his arrest by EFCC, for impersonation, phishing and hacking of email accounts.
Infection of IT Systems with Malware
Section 32 (3) of the Cybercrimes Act provides for any person who engages in the malicious or deliberate spread of viruses or any malware that causes damage to critical information in public, private or financial institution’s computers. The maximum penalty for this offence is three years’ imprisonment, a fine of N1 million or both.
Example of the prosecution of this offence
In June 2022, a suspected fraudster was convicted by a High Court Judge in Lagos, following the prosecution of the offender by EFCC, which received an intelligence report from the Interpol Global Complex Innovation, Singapore, about a syndicate of internet fraudsters in Nigeria, who use malware to steal information and credentials of individuals and then utilize the stolen information to defraud unsuspecting victims.
Distribution, sale or offering for sale of hardware, software or other tools used to commit cybercrime
Section 28 (1) of the Cybercrimes Act provides for any person to unlawfully produce, supply, adapt, manipulate, or procure for use, import, export, distribute, offer for sale, or otherwise make available: (a) any device, including a computer program or a component designed or adapted for the purpose of committing an offence under the Act; (b) a computer password, access code or similar data by which the whole or any part of a computer system or network is capable of being accessed for the purpose of committing an offence under the Act; (c) the importation and fabrication of E-Tools; or (d) any device, including a computer program designed to overcome security measures in any computer system or network with the intent that the devices be utilised for the purpose of violating any provision of the Act.The maximum penalty for this offence is imprisonment for a term of not more than three years, a fine of not more than N7 million or both.Possession or use of hardware, software or other tools used to commit cybercrime Section 28 (2) of the Cybercrimes Act provides for any person who, with intent to commit an offence under the Act, has in his possession any device or program used in committing a cybercrime.The maximum penalty for this offence is imprisonment for a term of not more than two years, a fine of not more than N5 million or both such fine and imprisonment.
Identity theft or identity fraud
Section 22 (1) of the Cybercrimes Act provides makes its an offence for any person who is engaged in the services of any financial institution and, as a result of acquired special knowledge, commits identity theft of an employer, staff, service providers and consultants with the intent to defraud. Upon conviction of such person, he/she shall be sentenced to seven years’ imprisonment, a fine of N 5million, or both. Furthermore, Section 22 (2) – (4) makes it an offence for any person who:22(2) fraudulently or dishonestly makes use of the electronic signature, password, or any other unique identification feature of any other person;22(3) fraudulently impersonates another entity or person, living or dead, with intent to: (a) gain advantage for himself or another person; (b) obtain any property or an interest in any property; (c) cause disadvantage to the entity or person being impersonated or another person; or (d) avoid arrest or prosecution or to obstruct, pervert or defeat the course of justice; or22(4) make or cause to be made, either directly or indirectly, any identity theft or impersonation, or false statement as to a material fact in writing, knowing it to be false and with intent that it can be relied upon respecting his identity or that of any other person or his financial condition or that of any other person for the purpose of procuring the issuance of a card or other instrument to himself or another person. The maximum penalty for these offences is an imprisonment term of not more than five years, a fine of not more than N7 million or both such fine and imprisonment.
Example of the prosecution of this offence
In February 2023, the EFCC arraigned one Emmanuel Bassey before the Federal Capital Territory High Court, Kuje, Abuja on a one count charge bordering impersonation. The suspect, pretending to be a porn star, used the name Natasha on the platform Reddit to fraudulently extort money from his victims while posing as female.
Electronic Theft
Section 9 of the Cybercrimes Act provides for any person who unlawfully destroys or aborts any electronic mail or processes through which money and or valuable information is being conveyed. The maximum penalty for this offence is seven years in the first instance and upon second conviction, 14 years’ imprisonment. Furthermore, Section 11 of the Cybercrimes Act makes it an offence for any person who misdirects electronic messages with either the intention to fraudulently obtain financial gain as a result of such act or with the intention of obstructing the process in order to cause delay or speeding up the messages with a view to cause an omission or commission that may defeat the essence of such messages. Such person, if found guilty, is liable to imprisonment for three years or to a fine of N1 million or both.
Unsolicited Penetration Testing.
Although there is no specific provision for unsolicited penetration testing under the Nigerian law, an action can be brought against a person or organisation for actions of this nature under Section 6 of the Cybercrimes Act. Under Section 6 (3) of the Act, any person who, with the intent to commit an offence unlawfully gains access to a computer by using any device to avoid detection or otherwise prevent identification or attribution with the act or omission will be liable, on conviction, to imprisonment for a term of not more than seven years, a fine of not more than N7 million or both. Any other activity adversely affecting or threatening the security, confidentiality, integrity or availability of any IT system, infrastructure, communications network, device or data
OTHER ACTIVITIES INCLUDE
CyberStalking: it is an offence under Section 24 (1) of the Cybercrimes Act for any person to knowingly or intentionally send a message or other matter by means of computer systems or networks that: (a) is grossly offensive, pornographic or of an indecent, obscene or menacing character or causes any such message or matter to be so sent; or (b) he knows to be false, for the purpose of causing annoyance, inconvenience, danger, obstruction, insult, injury, criminal intimidation, enmity, hatred, ill will or needless anxiety to another or causes such a message to be sent. The maximum punishment for this offence is a fine of not more than N7 million or imprisonment for a term of not more than three years, or both such fine and imprisonment.
CyberSquatting: it is an offence under Section 25 (1) of the Cybercrimes Act for any person to, intentionally take or make use of a name, business name, trademark, domain name or other word or phrase registered, owned or in use by any individual, body corporate or belonging to either the Federal, State or Local Governments in Nigeria, on the internet or any other computer network, without authority or right, and for the purpose of interfering with their use by the owner, registrant or legitimate prior user. The maximum punishment for this offence is imprisonment for a term of not more than two years, a fine of not more than N5 million, or both such fine and imprisonment. The Court is also empowered to give an order directing the offender to relinquish such registered name, mark, trademark, domain name, or other word or phrase to the rightful owner.
Cyber Terrorism: it is an offence under Section 18 of the Cybercrimes Act for any person to access or cause to be accessed, any computer or computer system or network for purposes of terrorism. Such person is liable on conviction to life imprisonment.Manipulation of ATM/POS Terminals: it is an offence under Section 30 of the Cybercrimes Act for any person to manipulate an ATM or Point of Sales (“POS”) terminals with the intention to defraud. Such person shall be liable upon conviction to five years’ imprisonment, a N5 million fine or both.Breach of Confidence By Service Providers: it is an offence under Section 29 of the Cybercrimes Act for any person or organisation that is a computer-based service provider and or vendor to carry out any act with the intent to defraud and, by virtue of his position as a service provider, forge illegally used security codes of the consumer with the intent of gaining any financial and or material advantage or with intent to provide less value for money in his or its services to the consumer. If the corporate organisation is found guilty, it shall be liable to a fine of N5 million and forfeiture of further equivalent of the monetary value of the loss sustained by the consummation .
DOES ANY OF THE ABOVE-MENTIONED OFFENCES HAVE EXTRA-TERRITORIAL APPLICATION
Yes, the Cybercrimes Act has an extraterritorial application. Section 50 of the Cybercrimes Act empowers the Federal High Court of Nigeria to try offences under the Act committed in Nigeria and outside Nigeria.
LITIGATION
Could there be civil or other private actions that may be instituted in relation to cybercrime incidents include: negligence (proof of duty of care, breach of duty, causation, and damages); breach of contract; and data breach/violation incident.Upon the occurrence and publicity of a cyber incident, affected persons could also bring a class action either against such organisation (victim of the cyber incident) and/or regulatory agencies/tier of government having supervisory oversight with respect to cybersecurity compliance. Class actions may be based on a multiplicity of legal possibilities including breach of fiduciary duty (where top executives are found to be dishonest) and other express or implied contractual terms (where the victim organisation specifically undertakes to take reasonable steps to forestall a data breach, or where the service supplier-client relationship involves an express or implied duty of privilege, confidentiality, and careful handling of personal information), negligence on the part of either/both the organisation and the government, violations of relevant laws including the Nigeria Data Protection Act, the Companies and Allied Matters Act, the Federal Competition and Consumer Protection Act, etc.Under the Nigeria Data Protection Act, a data subject who suffers injury, loss, or harm because of a violation of the data protection law by a data controller or data processor, may recover damages from such data controller or data processor in civil proceedings. Notwithstanding anything to the contrary, the NDPA and the Cybercrime Act provides that the Court may also make an order of forfeiture against a convicted data controller, data processor, or individual in accordance with the Proceeds of Crime (Recovery and Management) Act.Can an action be maintained under fundamental rights?Also, an affected person whose right has been violated can institute an action for the enforcement of his/her fundamental human right under Section 39 of the 1999 Constitution.In the case of Olumide Babalola Esq. v. Sunday Egede & David Chukwuma Ojei (both trading under the name and style of Prince Ebeano Supermarket) (Suit No: LD/15873MFHR/2023), an action was filed against the mega mart giant for the inappropriate processing and storage of the applicant’s data through an undisclosed software, failure to comply with the controller’s obligations under the NDPA, and absence of a privacy notice on its website to inform its customers of how the company handles and processes their data, amongst other claims.In the case of Incorporated Trustees of Paradigm Initiative for Information Technology (“PIIT”) & Sarah Solomon-Eseh v. National Identity Management Commission (“NIMC”) & Anor (Suit No: FHC/ABJ/CS/58/2019) – a.k.a. “the digital identity case” – the applicants instituted an action following the discovery of a breach in the security system of the National Identification Number (“NIN”) retrieval USSD code. The Code’s protocol allowed for anyone to access anyone’s NIN as long as they can provide their date of birth and surname. This not only put public figures at risk but also the general public. The Court held that the NIMC needs to do more in the area of security to avoid a breach of citizens’ rights to privacy. It stated that it is not sufficient to have lofty policies; it must be married with an overall interest of the general public and that protective laws and parameters must be in place for adequate implementation of the policies.In the case of UBA PLC v. VERTEX AGRO LTD LPELR-48742(CA) (2019), the Nigerian Court of Appeal found the appellant (UBA PLC) negligent in the maintenance of the respondent’s (VERTEX AGRO LTD) current bank account held with it. The Court held that the appellant clearly breached its duty of care to the respondent to ensure that the respondent’s monies in its custody and control were safe and secure. The Court further held that the appellant negligently allowed the unauthorized withdrawal of the respondent’s money in its custody.
CONCLUSION
Cyber security laws has served as a deterrent to ensure that internet fraudsters do not cause more harvoc to the internet world. A strict adhere and compliance of the above laws regulating cybercrimes in Nigeria would help sanitize our internet world both in Nigeria and outside.
Thanks for the tremendous support, I am grateful for the opportunity.
C.K. ANYANWU ESQ
08033372101