87 UNLAWFUL USE OF COMPUTER/INTERNET/ELECTRONIC DEVICES TO AVOID IN NIGERIA

A. Introduction

This edition of Akintunde Esan’s Legal Illumination is focused on drawing attention to the things done on computer networks (whether on the internet or intranet) which in Nigeria are regarded as cybercrimes also referred to as computer crimes or frauds which the offenders are liable on conviction to imprisonment or fine or both and other penalties such as forfeiture of assets, listed below in this Legal Illumination.

B. Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 

The principal legislation that has majorly penalised acts or activities categorised as computer crimes whether on an intranet or on the internet in Nigeria is known as the Cybercrimes (Prohibition, Prevention, Etc.) Act, 2015 (the Act). 

The Act provides an effective, unified and comprehensive legal, regulatory and institutional framework for the prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria. The Act also ensures the protection of critical national information infrastructure, and promotes cybersecurity and the protection of computer systems and networks, electronic communications, data and computer programs, intellectual property and privacy rights.

C. Definition of Computer, Electronic Device and Network

Basically, an internet is computer network consisting of a worldwide network of computer networks that use the transmission control protocol (TCP) and  Internet protocol  (IP) network protocols to facilitate data transmission and exchange.However, in order to have a proper understanding of computer/electronic/internet crimes under Nigerian law, it is essential to take note of the statutory definition of computer, electronic device and other computer related terminologies in the Cybercrimes Act. 

The Act defines a “computer” for the purpose of computer and electronic crimes as: 

“an electronic, magnetic, optical, electrochemical or other high speed data processing device performing logical, arithmetic, or storage functions and includes any data storage facility. All communication devices that can directly interface with a computer through communication protocols shall form part of this definition. This definition excludes the following; portable hand-held calculator typewriters and typesetters or other similar devices” 

A “computer system” is referred to as:

“any device or group of interconnected or related devices, one or more of which, pursuant to a program, performs automated or interactive processing of data. It covers any type of device with data processing capabilities including, but not limited to, computers and mobile phones. The device consisting of hardware and software may include input, output and storage components which may stand alone or be connected in a network or other similar devices. It also includes computer data storage devices or media” 

An “electronic device” means: 

“a device which accomplishes its purpose electronically. This includes, computer systems, telecommunication devices, smartphones, access cards, credit cards, debit cards, loyalty cards etc.”

Electronic communication includes: 

“communications in electronic format, instant messages, short message service (SMS), e-mail, video, voice mails, multimedia message service (MMS), Fax, and pager.”

Network means: 

“a collection of hardware components and computers interconnected by communications channels that allow sharing of resources and information.”

D. 87 Computer/Internet/Electronic Crimes/Fraud

The following acts and activities have been penalised as criminal under the Act:

1. Obtaining data vital to national security from a computer without authorised access

2. Obtaining business secrets and classified information from a computer with authorised access

3. Using electronic devices to evade detention of unauthorised access to a computer

4. Trafficking of computer password.

5. Using a Cybercafé computer for electronic or online Fraud.

6. Hindering of the functioning of a computer System.

7. Intercepting electronic messages, emails and electronic money transfers.

8. Tampering with critical infrastructure/emails.

9. Willful misdirection of electronic messages.

10. Unlawful interceptions of the function of a computer system or communications network.

11. Holding back electronic mails or payments received in error/ theft of electronic devices.

12. Manipulating data in  a computer

13. Sending fraudulent electronic messages

14. Fraudulent franking of electronic messages

15. Manipulation of computer or electronic payment devices

16. Diverting of electronic mails by employees of banks or financial institutions.

17. Conspiring to perpetrate fraud using computer network.

18. Theft of electronic devices.

19. Stealing of terminal.

20. Stealing Automated Teller Machine (ATM).

21. Attempts to steal Automated Teller Machine (ATM).

22. Unauthorized modification of computer systems and network data.

23. Unauthorized Modification hindering the functioning of a computer system.

24. Forging of electronic signature.

25. Cyber Terrorism: Using a computer system/network for terrorism.

26. Financial institutions authorising more than one Access

27. Issuance of  false electronic or verbal messages by employees of financial institution

28. Failure to reporting of cyber threats to National Computer Emergency Response Team (NCERT)

29. Identity theft and impersonation

30. Identity theft of employer, staff, service providers and consultants

31. Fraudulent or dishonest use electronic signature, password or unique Identification Feature.

32. False statement on identity for procuring the issuance of a card. 

33. Producing, offering, distributing, procuring or possessing child pornography.

34. Unsolicited electronic distribution of pornographic images.

35. Engaging in sexual activities with a child through a computer network.

36. Recruiting, inducing, coercing, exposing, or causing a child to participate in pornographic performances.

37. Cyberstalking: Sending of offensive electronic images and messages.

38. Electronic Assault: Transmission of communication containing threat to life, kidnap or harm.

 

39. Cybersquatting: Electronic and Online Passing Off and Infringement of Intellectual Property

40. Racist or xenophobic contents

41. Making available, through a computer system or network, to the public, material which denies or approves or justifies acts constituting genocide or crimes against humanity.

42. Attempt to commit any of the offences listed.

43. Conspiracy, aiding and abetting the committing of any of the offences listed.

44. Connivance of employee of a financial institution with anyone to perpetrate fraud using computer system(s) or network

45. Making a computer device or program available to commit an offence under the Act

46. Providing password or access code to access a computer to  commit an Offence under the Act

47. Making available device or program designed to counter security measures in order to commit any of the offences listed or under the Act.

48. Possessing device or program with intent to commit an offence under the Act 

49. Unauthorised disclosure of password for any unlawful purpose or gain.

50. Providing of device, program, password or access code used in committing any of offences listed or under the Act which results into loss or damage.

51. Using electronic tools to retrieve password illegally.

52. Making, forging, altering, or counterfeiting of electronic devices.

53. Forging and  illegal use of consumers security codes  by Service Providers – 

54. Breach of confidence by service providers.

55. Corporate offence occasioned by the commission or omission of a management staff.

56. Manipulation of ATM/POS Terminals.

57. Connivance to defraud using ATM or Point of Sales Device.

58. Failure of employee to relinquish or surrender all codes and access rights.

59. Failure to surrender all codes and access rights.

60. Phishing: This is the criminal and fraudulent process of attempting to acquire sensitive information such as usernames, passwords and credit card details, by masquerading as a trustworthy entity in an electronic communication  through emails or instant messaging either in form of an email from what appears from your bank asking a user to change his or her password or reveal his or her identity so that such information can later be used to defraud the user.

61. Spamming: This is an abuse of electronic messaging systems to indiscriminately send unsolicited bulk messages to individuals and corporate organizations.

62. Spreading of computer virus.

63. Using electronic card to fraudulently obtain cash, credit, goods or service. 

64. Using counterfeit or unauthorised access device or access device of another. 

65. Stealing of an electronic card.

66. Possession of lost electronic card.

67. Using electronic card as a fraudulent security for a debt.

68. Signing for a electronic card.

69. Use of forged or expired electronic card or card obtained fraudulently or used without Consent. 

70. Accepting a forged or expired electronic card or card obtained illegally to pay for goods or services.

71. Failure to furnish good or services paid for with electronic card.

72. Employee/agent of a creditor issuing to an electronic cardholder a card transaction Record of Sale for a sale which was not done or made.

73. Authorising the remitting of an electronic card transaction Record of Sale to a creditor for a sale which was not done or made.

74. Possession of a counterfeit of the electronic card of another person.

75. Involvement in the manufacturing of counterfeit electronic cards

76. To falsely alter any invoice for money, goods or services, obtained by use of an electronic card after the Invoice has been signed by the cardholder.

77. Making available the particulars of an electronic cardholder without the prior written permission of the Cardholder.

78. Possession of stolen electronic card. 

79. Purchase or sale of electronic card of another.

80. Use of fraudulent device or attachment, e-mails or websites to obtain electronic card particulars.

81. Fraudulent redirection of funds transferred electronically.

82. Failure of financial institutions to establish Identity of customers before executing electronic instructions. Unauthorized debit to be reversed within 72 Hours.

83. Committing any of the offences listed or under the Act against any information infrastructure designated as a critical national information infrastructure in Nigeria.

84. Failure to retain traffic data and subscriber information for 2 years by service providers. 

85. Failure of law enforcement agency bound to use released subscriber’s data for legitimate use only.

86. Failure of law enforcement agents/service providers to respect right to privacy under the constitution.

87. Failure of service provider to disclose Information requested by any law enforcement agency. 

E. Penalties for Computer / Internet / Electronic Frauds/Crimes in Nigeria

The penalties for all the computer /internet/ electronic crimes/frauds listed above are as follows:

(1) Generally, offenders are liable on conviction to imprisonment or fine or both; and including:

(a) Forfeiture of Assets to the Federal Government of Nigeria:

(i) Assets traceable to Proceeds of Computer Crime.

(ii) Computers used to commit an offence.

(iii) Assets or Properties in a Foreign Country acquired with Proceeds of Computer Crime.

(b) Winding Up of Convicted Corporate Service Provider. 

(c) Cancellation/Withdrawal of International Passport of any person convicted under the Act.

(d) Payment of Compensation or Restitution to Victim.

i) Refund of the Money obtained by Fraud.

ii) Return of the Property obtained by Fraud.

iii) Pay Monetary Equivalent of the Property where return is impossible.

iv) Enforcement of Order of Restitution in a Civil Action.

F. Conclusion

Employees in charge of computers used for office businesses should beware that employers can get them prosecuted and jailed or fined for the damages caused to their business or company due to their unlawful operations or activities on their office computer network. Ignorance of the law will not excuse an offender from the punishment for engaging in a penalised act. Forewarned is forearmed.

If you or your organisation is in need of further legal illumination on computer/internet/electronic crimes/frauds or on a dispute on an electronic transaction/contract, you may contact Akintunde Esan the author of 86 UNLAWFUL USE OF COMPUTER/INTERNET/ELECTRONIC DEVICES TO AVOID IN NIGERIA and E-COMMERCE: FORMATION, VALIDITY AND ENFORCEMENT OF ONLINE AND ELECTRONIC CONTRACTS IN NIGERIA for further legal illumination.

Akintunde Esan (The Legal Adviser Online) is a Legal Practitioner/Consultant and Chartered Mediator. He is the Managing Partner at Ase Olodumare Chambers a Lagos, Nigeria based Law Firm, providing online and offline legal advice, services and solutions to legal issues.

87 UNLAWFUL USE OF COMPUTER/INTERNET/ELECTRONIC DEVICES TO AVOID IN NIGERIA is a legal illumination of AKINTUNDE ESAN known as The LEGAL ADVISER ONLINE. Akintunde Esan is the Managing Partner & Principal Consultant @ ASE OLODUMARE CHAMBERS (Legal Practitioners/Consultants & Chartered Mediators)

Click the link below to view:

E-COMMERCE: FORMATION, VALIDITY AND ENFORCEMENT OF ONLINE AND ELECTRONIC CONTRACTS IN NIGERIA