October, 2006

Legal Alert: New Wire Tapping, Cyber Crimes & Anti-Terrorism Bill In Nigeria

Introduction

There is an important executive Bill before the Nigerian National Assembly called the “Computer Security & Critical Information Infrastructure Protection Bill” (“the Bill”). Because of the importance of this Bill, we would consider in this paper, the highlights of the provisions of the Bill, share the highlights of other similar legislations in the United Kingdom, the United States of America, Australia, South Africa, Canada and Switzerland in the greater expectation that the laws in these other jurisdictions would further assist the Nigerian National Assembly and the Nigerian people in having a better Law on wire tapping, computer and cyber crimes, and anti-terrorism.

Wire Tapping, Cyber Crimes & Anti-Terrorism Bill

The introductory part of the Bill describes its objectives to include “… secure computer systems and networks and protect critical information infrastructure in Nigeria by prohibiting certain undesirable computer-based activities …..”. This Bill seeks to create legal liability and responsibility for modern global crimes carried on over a computer or computer systems, i.e. the internet.

Some of these crimes, which carry penalties of fines ranging from the average sum of N100,000.00 (One Hundred Thousand Naira) to terms of imprisonment ranging on the average from six months imprisonment, include: -

1. Hacking and unlawful access to a computer or a computer network.
2. Spamming - this is unsolicited mails – fraudulent electronic mails, etc.
3. Computer fraud, computer forgery, system interference.
4. Identity theft and impersonation on the internet.
5. Cyber-terrorism, cybersquarting, misuse of computer for unlawful sexual purposes, etc.

Unlawful Interception of Communications & Mandatory Retention

Section 3 of this Bill makes it an offence for any person, without authority or in excess of such authority where it exist, to access any computer or access a computer for an unlawful purpose. It is also an offence for any person to disclose any password, access code or disclose any other means of access to any computer program without lawful authority.

Section 12 of this Bill requires every service provider to keep a record of all traffic and subscriber information on their computer networks for such a period as the President of the Federal Republic of Nigeria may by Federal Gazette, specify. Service Providers are further required to record and retain any related content at the instance of any Law Enforcement Agency.

This Bill also allows any Law Enforcement Agency in Nigeria, on the production of a warrant issued by a Court of competent jurisdiction, to request a service provider to release any information in respect of communications within its network, and the service provider must comply with the terms of the warrant.

This Bill seeks to ensure the protection of the privacy and civil liberties of persons by requiring that all communications released by a service provider shall only be used for legitimate purposes authorised by the affected individual or by a Court of competent jurisdiction or by other lawful authority.

All law enforcement agencies carrying out their duties under this Bill must also have due regard to the constitutional rights to freedom of privacy guaranteed under the 1999 Nigerian Constitution and “ … take appropriate technological and organisational measures to safeguard the confidentiality of the data retained, processed or retrieved for the purposes of law enforcement”.

To ensure compliance by the service providers or body corporate, who are the providers of all form of telecommunication services in Nigeria, this Bill recommends that any breach of the provisions of the contemplated Law, by these persons, shall on conviction be liable to the payment of a fine of not less than N5Million. In addition, each Director, Manager or Officer of the service provider shall be liable to a fine of not less than N500,000 or imprisonment for a term of not less than three years or to both the fine and the term of imprisonment.

Wire Tapping & Unlawful Interception of Communications

Wire tapping, which in modern parlance is known as Lawful Interception, is described as the “ … monitoring of telephone and internet conversations by a third person, often by convert means”.

It is unlawful, under the Bill, for any person to intercept any communication without the authority of the Owner of the communication. A conviction for a breach of this provision is a fine of not less than N5Million or imprisonment for a period of not less than ten years or to both the fine and the term of imprisonment.

It is mandatory under this Bill for all Service Providers to ensure that their networks are accessible and available to enable law enforcement agencies, on the production of an Order of a Court of Law or of any other lawful authority, to intercept and monitor all communications on their networks, access call data or traffic, access the content of communications, monitor these communications uninterrupted from locations outside those of the Service Providers, provided that these convert activities are for the purpose of law enforcement. The meaning of “... any other lawful authority  ...” is not defined in this Section or in the other Sections of the Bill neither is the responsibility of who bears the added technological costs of complying with these very stringent provisions indicated in the Bill.

Any Service Provider that breaches the above provisions on cooperation with the law enforcement agencies would on conviction incur a fine of not less than N10Million. As corporate bodies are artificial persons, additional liability is provided for each responsible Director, Manager or Officer of the Service Provider who allows any breach of the provisions of the Bill. A conviction of this group of individuals attracts a fine of not less than N500,000 or imprisonment for a term of not less than three years or to both the fine and the term of imprisonment.

Further Duties & Assistance of Service Providers to Cyber Crimes Enforcement

This Bill requires all Service Providers and other relevant body corporate to provide all assistance to law enforcement agencies in the prosecution of the crimes provided for under this legislation. Some of the assistance expected include:

1. Identification, apprehension and prosecution of the offenders.
2. Identification, tracing and confiscation of proceeds of any offence or property, equipment or device used in the commission of any cyber offence.
3. Freezing, removal, erasure or cancellation of the services of the offender from the network of the Service Provider.

Other Cyber Crimes

Cybersquatting.

Cyber squatting is the assuming of the name or personality of another person without the consent or authority of such a person.

It is a criminal offence under this legislation for any person, without the prior authority or consent of the Owner, to intentionally use or assume the name, trade or business name, trade mark, domain name or other name registered to or belonging to another person or to a registrant or a legitimate prior user of such a name, or of the names of either the federal, state or local governments in Nigeria. The penalty for breaching this provision on conviction is a fine of not less than N100,000 (One Hundred Thousand Naira) or a term of imprisonment of not less than one year or to both the fine and the term of imprisonment.

Cyber-Terrorism

Terrorism is described by this Bill to include any act which is a violation of the Nigerian Criminal Code or Penal Code, endangers life, the physical integrity or freedom of any person or causes serious injury or death, causes loss or damage to public property, natural resources, damages the environment, cultural heritage, intimidates, uses fear, coercion, promotion or sponsorship of, contribution to terrorism, or commands and incites, conspiracy to commit acts of terrorism, etc.

Also, Cyber Terrorism can be described as the use of a computer, computer networks or the internet to commit or promote terrorist crimes. This legalisation seeks to make it an offence, once the Bill becomes Law, for any person, group or organisation that accesses or uses any computer or computer networks for purposes of terrorism or terrorist related activity.

The penalty on conviction for acts of terrorism is a fine of not less than N10Million or a term of imprisonment for not less than 20 years or to both the fine and the term of imprisonment.

Other Cyber Crimes under the Bill

1. Violation of Intellectual Property Rights with the use of a computer or computer networks without the authority or consent of the proprietor of the Rights.
2. Using any computer for unlawful sexual purposes, child pornography or other related acts with minors. This attracts an average fine of over N1Million and an average term of imprisonment of not less than five years.

Other General Provisions of the Cyber Crime Bill

1. The High Court of a State or of the Federal High Court is conferred with jurisdiction to try offenders under this legislation.
2. Any authorised officer of any law enforcement agency is allowed, upon reasonable suspicion, the powers to search and arrest any person or body corporate or require any person having charge or control of the operations of a computer or computer networks, to produce it/them. In an emergency, this can be done without a warrant
3. Electronic evidence is admissible as primary evidence under the Evidence Act provided that such evidence can be reproduced in hard copies.
4. Criminal proceedings under this legislation are to be instituted by or with the authority or consent of the Attorney General of the Federal Republic of Nigeria.
5. Assets used, acquired or derived from illegal computer or computer network activities are permitted to be forfeited to the Federal Government of Nigeria after the conviction of the offender.
6. A convicted felon is required under this legislation to forfeit his/her international traveling documents until he/she has paid the fines and served the sentence imposed on conviction.
7. The Attorney General is allowed to enter into some form of plea bargaining with an alleged offender where the offender admits to the crime in return for the payment of the fine imposed.
8. In addition to the fine and or term of imprisonment, the Court is allowed to further order the payment of compensation to injured persons or body corporate of a terrorist activity.

Similar Legislations in the United Kingdom, United States of America, Australia, South Africa, Canada & Switzerland.

According to a Report prepared in year 2005 by Mr. Thomas Wong of the Research & Library Services Division, Legislative Council Secretariat, Hong Kong, various safeguards are in place in the United States, the United Kingdom and Australia to ensure that wire tapping or lawful inception activities guarantees the civil liberties of citizens of these countries. This Report was prepared to analyse “… whether lawful interception of communications in these jurisdictions requires a Court Warrant or an Executive Order?”

The above Report by Mr. Thomas Wong discloses that in the United Kingdom, Warrants are issued by the Home Secretary on the application of the heads of the securities agencies in the United Kingdom. These warrants must meet the test of necessity and proportionality, and the warrants are for a limited period of time. Further, the law enforcement agencies and the officers to whom lawful interception powers are allowed the liberty to exercise such powers as are expressly specified in the applicable legislation.

It is also the case in the United Kingdom that the powers of the Home Secretary and the law enforcement agencies are monitored by an Interception Communication Commissioner, who is presently a retired judicial officer. The Interception Communication Commissioner presents an annual report of all cyber activities to the Prime Minister who in turn is required to table the report to the Parliament and then to members of the public. Members of the public can lodge a complaint to an Investigatory Powers Tribunal which has the powers to cancel the warrant and award compensation to a complainant.

In the United States, all Interception Orders are issued by Judges who would only issue such a warrant where the facts meet the “probable cause test”. The Head of the Department of Justice is required by all the three principal legislations to submit annual reports to Congress in Washington DC.

It is further essential to note that in the United States, in spite of the PATRIOTS Act, which is also called the “911 Law” all lawful interception (wire tapping for old) agencies are accountable to parliamentary committees.

In Australia, national security warrants are applied for by the Director General of Security to the Australian Attorney General. The warrants themselves are issued by Judges or nominated members of a Tribunal for the investigation of specific offences. The Attorney General is required to table before the Australian Parliament details of all telecommunication interceptions for law enforcement purposes. The requisite Law Enforcement Agencies have been identified in the applicable Laws and are also accountable to two statutory parliamentary committees.

The applicable Law in South Africa, which came into effect on the 30th day of September 2006, is the Regulation of Interception of Communication & Provision of Communications Related Information Act. By this Law, all Interception of communication activities must be sanctioned by an Order of a Court of Law. There are a number of provisions in this Law which have been criticised for breaching civil liberties of citizens and placing burdens on service providers to the ultimate disadvantage of the customers.

In Canada, all lawful interception activities must be sanctioned by a Judge who would only issue the Warrant upon being satisfied that there are reasonable grounds to believe that an offence has been or will be committed. A time limit of sixty (60) days is granted for the interception activities unless exceptional circumstances are shown. The subject of the lawful interception must be informed within ninety (90) days of the end of the lawful interception activity. There are oversight bodies to whom the law enforcement agencies must report to.

According to an article by Mr. David Rosenthal of the Law Firm of Homburger in Switzerland, all service providers in Switzerland are as from the 1st day of April 2003 required to allow law enforcement agencies, who beforehand must obtain a Court Order, to have access to certain communications for a period of six (6) months. The subject of the surveillance must be informed after the surveillance that his/her communications were lawfully intercepted for security reasons. Criticisms on the possibilities of infringements of the civil liberties of citizens and the costs burden on the service providers and ultimately the customers is on-going in this jurisdiction.

Concerns & Improvements on the Cyber Crimes Bill

The intention of Wire Tapping, Cyber Crimes and Anti Terrorism Bill is in the most part a commendable one. However it is not a complete or “perfect” document as there are various sections of this Bill which if passed into Law, in its present form, would infringe the civil liberties of individuals to privacy, in breach of the United Nations Universal Declarations on Human Rights and the African Charter on Human Rights to which Nigeria is a signatory.

The first and fundamental concern with this Bill is that there are no internal and external checks and balances provisions whatsoever in the Bill. There are no mandatory reporting procedures to either the Nigerian parliament or the Nigerian judiciary on the activities of law enforcement agencies in carrying out these wire tapping or lawful interception activities. The law enforcement agencies that have the responsibility of carrying out the provisions of this Bill are not enumerated in the Bill. There is no independent commissioner to monitor these activities.

There is also no provision for award of compensation where the civil liberties of individuals are breached neither is there provision for reporting to the citizens after the wire tapping activities have ceased. In jurisdictions with a longer history of democracy and wire tapping activities, where these checks and balances are regulated by Statutes, allegations and investigations of abuses continue to occur.

There is secondly, in the matter of obtaining a warrant or release of information for legitimate reasons, a recurring reference to either a Court of Law or “… any other lawful authority …” for obtaining either the warrant or the information. There is no enumeration or definition anywhere in the Bill, as has been done in other jurisdictions, of whom or what constitutes “lawful authority”. It is recommended that this is a very good loophole for a breaching government to avoid an independent judiciary and constitute itself into “.. any other lawful authority” from where the civil liberties of individuals would be continuingly breached.

The treatment of evidence obtained from wire tapping activities in criminal proceedings are not described anywhere in this Bill. While there are civil law provisions requiring that illegally obtained evidence are not admissible without special circumstances been disclosed, this Bill would do well to emulate the laudable provisions in wire tapping legislations in the United Kingdom and the United States of America on the treatment of evidence obtained from wire tapping activities in criminal proceedings.

There is further a problem with the definition of what constitutes traffic information under this Bill? What also is “content” under this Bill? Would traffic information also include the recording of voice communication by service providers? If traffic information would include voice communication, who would be responsible for the huge storage and preservation costs of these voice communication? In the United States, statutes on wire tapping or lawful interception require that the government reasonably compensates individuals for expenses incurred for providing facilities and technical assistance in wire tapping activities. In Canada, service providers are provided with some costs savings for their networks whilst in Netherlands, the government had to grant some moratorium on compliance and waiver when some service providers faced bankruptcy as a result of the huge technological costs of ensuring compliance. Requiring the service providers to alone bear these expected huge costs would mean that the customers in Nigeria would ultimately bear the costs.

A fifth concern is the requirement by this Bill for service providers to deliver intercepted communications and data to locations of law enforcement agencies which naturally would be outside those of the service provider. There are no procedures for securing and or guaranteeing that these external deliveries would not compromise the network of the service providers or the civil liberties of individuals by persons other than the authorised service providers. There is currently no available evidence of serious hacking into the networks of the service providers in Nigeria even though there is available literature on the internet that there are technologies with which GSM communications can be monitored without the knowledge of the parties or of the service providers.

A sixth major concern with this Bill is that it imposes further duties of assistance in the identification, apprehension, legal prosecution, trailing and confiscation of proceeds of offenders for cyber crimes and unlawful interference with communications on the service providers and other relevant body corporate. These are onerous law enforcement responsibilities sought to be imposed on private businesses especially as there are also serious security risks of injury from the offenders that service providers and relevant body corporate may be ill equipped to provide for themselves.

A seventh concern is the requirement that in special circumstances a service provider or body corporate could be required to release information without a court warrant. There are no procedures for ensuring that this would only occur in cases of extreme emergencies and that immediately information is obtained, an equally urgent effort would be made to secure a court warrant as is done in the United States for example.

An eight concern with this Bill is the provision that the President of the Federal Republic of Nigeria could direct the law enforcement agencies to make such rules and regulations giving effect to the provisions of this Bill. This provision appears to be an over concentration of powers on the executive arm of government. Also, this provision appears to be making the law enforcement agencies both the accusers and the judge in relation to their own procedures? An independent body should be constituted for this and other aspects of giving full effect to this Bill.

Conclusion

^ Return to top

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------

DISCLAIMER: This Newsletter is a free educational material, for general information ONLY. By itself, it does not create a Client-Attorney relationship.

Recipients are advised to seek professional legal counselling to their specific situations when they arise. Comments, criticisms, suggestions, ideas, contributions, etc are always welcomed.

This Newsletter is protected by Intellectual Property Laws. It may however be shared with other parties (third parties) provided the Author is acknowledged as the Originator/Creator of the work and this Disclaimer Notice is attached..

EHIJEAGBON O. OSEROGHO
October, 2006.

Your Name: Email Address: