15

CHAPTER TWO
CYBER-CRIME IN NIGERIA
2.1 INTRODUCTION
The first attempt at introducing Internet in Nigeria was made through the UNESCO
1

sponsored RINAF
2
project in 1995. At one of the several workshops that were held to
propagate the idea of the Internet, the Nigeria Internet Group (NIG) was formed as a non-
profit, non-governmental organisation with the primary aim and objective of promoting and
facilitating access to the Internet in Nigeria
3
. The Internet became a reality in Nigeria in the
late 90's. Obafemi Awolowo University was the first university in Nigeria to have its own
VSAT internet link.
4
In between the year 1996-2000 many internet service providers came up
in Nigeria, like Linkserve, Cyberspace, Skannet, etc.
5
From 1995 till date the number of
internet users in Nigeria as risen to 55.9 million which makes Nigeria the 7
th
largest nation
with the internet users in the world.
6
Among the 55.9million Nigerians who use the internet,
34 million access the internet through their phones
7
. This goes to show how Nigeria has
grown in the area of ICT.
Prior to the year 2001, the phenomenon of internet criminal fraud was not globally associated
with Nigeria. Since then, however, the country had acquired a world-wide notoriety in
criminal activities, especially financial scams, facilitated through the use of the Internet. In
2010 Nigeria occupied the number three position in the worldwide cybercrime trends index
8
,

1
United Nations Educational, Scientific and Cultural Organisation. 1945
2
Regional Information Society Network for Africa. 1992
3
A. SONIA History of Internet in Nigeria Available at:
http://introductiontomasscommunication2.blogspot.com/2010/05/history-of-internet-in-nigeria.html Accessed:
(28/5/2013)
4
Ibid
5
Ibid
6
The statistics is available at: http://en.wikipedia.org/wiki/List_of_countries_by_number_of_Internet_users
7
The Internet Subscriber Data released by the Nigerian Communications Commission (NCC) on its website
showed that only 34,471,520 customers out of the 114.172 million active subscribers on the Global System for
Mobile Communications (GSM) networks use data. Available at http://www.vanguardngr.com/2013/06/ncc-
says-34-5m-subscribers-in-nigeria-use-data-on-internet/ Accessed: (1/7/2012)
8
E. Nkerreuwen, Nigeria comes 3rd in global cybercrimes survey Available at:
http://www.abujacity.com/abuja_and_beyond/2010/11/nigeria-comes-3rd-in-global-cybercrimes-survey-.html
Accessed: (4/7/2013). Also See: WikiNews, Cybercrime ratings,
at: http://en.wikipedia.org/wiki/cybercrimerating, (4/7/2013). Cyber Crime Statistics: 25% cybercrime remains
unresolved. 75 Million Scam Emails are sent every day claiming 2,00 victims. 73% of Americans have
experienced some form of cyber crime and (65% globally) do the same. 10.5% of the worlds Hackers from the
UK 66% of the worlds hackers are American. 7.5% are Nigerian. Brazil suffers more than any other country
with 83% of the population having suffered from internet crime. Available at:
http://www.cybercrimeswatch.com/cyber-crime/cyber-crime-statistics.html Accessed: (4/7/2013)

16
with the United State of America and the United Kingdom above Nigeria. The common type
of cybercrime attributed to Nigeria is the Advance Free Fraud also known as 419 or yahoo
yahoo. Cyber criminals unarmed but very lethal are the prowl in Nigeria. The unchecked
activities of these thieves are near plague. The threat from cybercrime is multi-dimensional,
targeting citizens, businesses, and governments at a rapidly growing rate. They hide under the
anonymity of the internet and mobile phones to perpetuate atrocities which has earned
Nigeria notoriety as haven of cybercrime. Reports says that Nigeria lost over 2 trillion naira
to cybercrime alone in 2012
9
and $200 million annually
10
, which shows the serious impact of
cybercrime in Nigerias economic, especially as most business and commercial activities are
now being done electronically or through the internet. The bad after taste of cybercrime and
the unseriousness of Nigeria to address the monster has continued to haunt the country both
economically and social-politically.
The high rate of cybercrime in Nigeria has been attributed to the inadequacies of existing
laws in tackling cybercrime, as most of the laws are seen as out-dated. As Nnaemeka
Ewelukwa
11
rightly said it is not good for technology to run faster than law. Whenever,
technology moves faster than law, what you will have is a legal vacuum.
12
In Nigeria there
is no single law used to tackle the menace of cybercrime, and as stated earlier,
13
before an act
or omission can be criminalised, one of its requirements is that the Offence must be capable
of precise definition, which is reiterated by the Section 36(12) of the 1999 Constitution.
14

This means an uncodified crime is not punishable in Nigeria. It is obvious that Nigeria in the past
decade as evolved technologically which should been met by regular up date of existing laws
to tackle such change. Also the eminent rise of cybercrime in Nigeria has been traced to the

9
The report of a study by Paradigm Shift Initiative Nigeria (PIN) a social enterprise committed to connecting
Nigerian youths with ICT opportunities as well as establishing the link between cybercrime and youth
contribution to the economy for University of Toronto-based Cyber Stewards Network Project of the Citizens
Lab Munk School of Global Affairs has established that Nigerian consumers lost a total of N1.246trn to
cybercrime in 2012. Available at: http://www.flairng.com/index.php/technology/item/490-nigeria-lost-over-
n2trn-to-cybercrime-in-2012-%E2%80%94-pin Accessed: (4/7/2013)
10
S. Adekoye Cyber Crime Costing Nigerian Economy Available at:
http://www.itnewsafrica.com/2012/04/cyber-crime-costing-nigeria-economy/ Accessed: (4/7/2013)
11
Nnaemeka Ewelukwa is a Senior Teaching Fellow in International Trade Law at the School of Oriental and
African Studies, University of London. He also manages African Legal Consulting Limited, London UK, a firm
that consults on the legal aspects of investing or doing business in Africa.
12
Excerpts from an interview by Vanguard newspaper titled Why cyber crime thrives in Nigeria Available at:
http://www.vanguardngr.com/2011/04/why-cyber-crime-thrives-in-nigeria-by-ewelukwa/ Accessed: (4/7/2013)
13
Jeremy Bentham, An Introduction To The Principles Of Morals And Legislation, (New York: Hafner
Publishing Co, 1948) Op.cit. Supra note 31 pp.10
14
Section 36(12) of the 1999 Constitution of the Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004,
States that: a person shall not be convicted of a criminal offence unless that offence is defined and the penalty
thereof prescribed in a written law; and a written law refers to an Act of the National Assembly or a law of a
State.

17
direct consequence of the lapses in the 2001 National Policy for Information Technology
(NPFIT)
15
, as it empowered Nigerians, especially the youths with cyber capacity. The honest
intention of the Federal Government of Nigeria in making the policy for information
technology in 2001 must have been to empower Nigerians to join the rest of the developed
world to benefit from the multiple advantages of the Internet in a variety of positive ways. It
could, therefore, not have been the intention of either the government or the authors of the
policy that it should become an instrument for committing crimes. That is to say that it cannot
be fairly claimed that the objective of the policy, from the onset, was to empower Nigerians
for the commission of Internet crimes. However, it will not stop to appear curious that the
introduction of the Policy was quickly followed by the then new phenomenon of online fraud
of various kinds, most pernicious of which are those popularly known as 419 or Nigerian
cyber-scams
16
, etc., and software piracy, which have adversely affected the economy and
profile of the nation. According to the authoritative account of Nuhu Ribadu, former
Executive Chairman of Nigerias Economic and Financial Crimes Commission, (EFCC), the
country became fully aware of this pattern of crime in 2002.
17

It is in this light that this Chapter aims to examine the various provisions of the NPFIT and its
inadequacies, and also the provisions of the existing Legal Framework in Nigeria used in
tackling cybercrime and their effectiveness.

2.2 NATIONAL POLICY FOR INFORMATION TECHNOLOGY
18

This policy was expected to deal with all emerging issues in the information and
communication technology fields. It is however to be noted that the resultant policy does not
offer much for the understanding, prevention and eradication of criminal activities in
cyberspace. In effect, the policy has not shown a sufficient commitment on the part of

15
R. O. Moses-k Cyber Capacity without Cyber Security: A Case Study of Nigerias National Policy for
Information Technology (NPFIT) Available at:
http://www6.miami.edu/ethics/jpsl/archives/all/CyberSecurity.html Accessed: (4/7/2013)
16
E. E. Adomi and S. E. Igun Combating cybercrime in Nigeria, The Electronic Library, vol.26, no.5 (2008):
pp. 716 725; M. Chawki, Nigeria Tackles Advance Fee Fraud, Journal of Information, Law and Technology
(JILT), (2009), Available at: http://www.go.warwick.ac.uk/jilt/2009_1/chawki Accessed: (5/7/2013)
17
N. Ribadu, Cybercrime and Commercial Fraud: A Nigerian Perspective (Modern Law for Global
Commerce Congress to celebrate the fortieth annual session of UNCITRAL Vienna, 9-12 July 2007,
at:http://www.cnudmi.org/pdf/english/congress/Ribadu_Ibrahim.pdf, Accessed: (5/7/2013)
18
Nigerian National Policy for Information Technology, Abuja: Federal Ministry of Science and Technology,
2001 (To be subsequently referred to in this paper as: NPFIT, 2001). Available at:
http://forum.org.ng/system/files/Nigeria_IT_Policy.pdf Accessed: (1/7/2013)

18
government to deal with the problem of cyber-criminality in the country. In particular, the
task of the IT Task Force that was recommended in the Policy is not specified, while no
financial allocation was provided for the Task Force in the spending profile of the policy for
combating crimes on the Internet.
19
This observation is without prejudice to the correct
perception of the Policy that Information Technology (IT) is the bedrock for national survival
and development in a rapidly changing global environment, and challenges us to devise bold
and courageous initiatives to address a host of vital socio-economic issues such as reliable
infrastructure, skilled human resources, open government and other essential issues of
capacity building.
20

A close study of the General Objectives of the Policy was carried out which revealed the
Policys weakness in dealing with the menace of cyber-criminality
21
. The sections of the
Policy that pertain directly or in some indirect way to cyber-criminality are discussed below.
General Objectives section (vii): To improve judicial procedures and enhance the
dispensation of justice
22
; (xv) to empower the youths with IT skills and prepare them for
global competitiveness
23
and (xvii) To create IT awareness and ensure universal access
in order to promote IT diffusion in all sectors of our national life
24

Considering the high rate of cyber-criminality in Nigeria today, the three objectives above
rather than forestall or address the issues of cyber-criminality appear to be contributory to the
commission of cybercrimes
25
. The improvements of judicial procedures and enhanced
dispensation of justice, on their own, do not address the commission or prevention of crimes
as such. On the other hand, the empowerment of the youths with IT skills and the diffusion of
IT have exposed the youths to the possibilities and ease of committing financially lucrative
and hard-to-detect criminal activities on the Internet.
To a very large extent, the promises of the Policy were substantially fulfilled, albeit, in a
negative way in certain instances. The fulfilment of General Objective (xv) of the Policy
26
is
a particularly pertinent case in support of this view. The youths were indeed empowered

19
NPFIT, 2001: pp. 44.
20
NPFIT, 2001: Preamble p. ii
21
R. O. Moses-k Cyber Capacity without Cyber Security: A Case Study of Nigerias National Policy for
Information Technology (NPFIT) op cit. note 15 supra
22
NPFIT, 2001
23
Ibid
24
Ibid
25
N. Ribadu, Cybercrime and Commercial Fraud: A Nigerian Perspective, op cit. 16
26
NPFIT, 2001

19
with IT skills, but many of them quickly turned their newly acquired skills into tools for
online criminal activities. These criminal activities, also negatively, created wealth for the
youths; negatively because such wealth was illegitimate, being proceeds of fraud, and
detrimental to the economy and the external image of the country.
27
There is no evidence that
the skills so acquired were substantially used for the advancement of software development
or other IT engineering tools and techniques, or credible economically viable and lawful
online products.
The objective (xxi) of enhancing national security and law enforcement appears to be
vacuous with respect to cyber-criminality. The Policy also has an objective (xxiii) of
promoting legislation (Bills and Acts) for the protection of online business transactions,
privacy and security. This is said to be the most pertinently framed objective of the policy
but, however, this objective is said to be no more than a gratuitous inclusion in the Policy as
shown in the failure of the government to enact the Cyber Crime Bill that had been in the
National Assembly since 2004
28
. Moreover, to date, the country does not have any
cybercrime-specific law that had been enacted since the advent of the NPFIT and its attendant
cyber-criminality.
In further clarifying its objectives, the policy defined Information Technology to mean
computers, ancillary equipment, software and firmware (Hardware) and similar procedures,
services (including support services) and related resources. The term IT is also defined to
include any equipment or interconnected system or sub-system of equipment, that is used in
the automatic acquisition, storage, manipulation, management, movement, control, display,
switching, interchange, transmission or reception of data or information. This
comprehensive definition captures well all imaginable uses, and abuses, of the cyberspace.
Also Chapters 9, 12, 13, 14, 16 and Appendix B of the policy are further relevant to Cyber-
criminality and also explanation of the policy.
In Chapter 9
29
, section 9.3 states: (i) Provide a sound responsible and efficient regulatory
environment. In (4), it states: providing legal safeguards for the privacy of individuals and

27
Supra note 25 pp.18
28
Ibid
29
Strategies of the IT policy

20
the confidentiality of transactions against misuse. In Chapter 12
30
, the pertinent issues are in
Section 12.3 of the NPFIT. These are
i. to use IT to combat contemporary and emerging security threats and challenges that
are being re-defined by Information Technology; and
ii. to promote the awareness and education of all those engaged in National Security
and law enforcement duties on the use, benefit and risks of new IT environment. The
policy also proposed
iii. To inform and protect Nigerians, the government, infrastructure and assets from
illegal and destructive activities found in the global environment in order to boost the
confidence of Nigerians and the international community in the country. In (iv) the
policy says: Government will frame appropriate legislation.
Chapter 13 of the IT policy, on legislation, reiterates the proposition in Chapter 12.3. It states:
The nation shall promote and guarantee freedom and rights to information and its use,
protect individual privacy and secure justice for all by passing relevant Bills and Acts.
The objectives of legislation, as stated in the policy, are to facilitate e-governance, e-
commerce, secure e-fund transfer and electronic payment system, and protection of
governments digitalized records and information. Other objectives include establishing and
enforcing cyber laws to deal with computer crime. Cyber legislation, according to the
Policy, shall also encourage public confidence in IT and its proper usage, enhance freedom
and access to digital information at all levels while protecting personal privacy, promote
intellectual property rights and copyrights, and address other issues arising from the digital
culture and protect the rights of the vulnerable groups.
31

To realize the foregoing legislative objectives, the strategies of the IT policy are stated as
follows: The National Information Technology Development Agency (NITDA) and the
Federal Ministry of Justice are to work out Bills and Acts that would bring about free access
and rights to information, and other on-line transactions, with due protection, security and
property rights, for individuals as well as for groups. The policy would also seek to introduce
the necessary machinery for verifying and admitting in evidence electronically generated
records and digital evidence in the event of administrative and legal proceedings, which will

30
National Security and Law Enforcement
31
Supra note 20

21
be digitalized as much as possible
32
. An important part in the policy is the plan to review
relevant existing laws to make the implementation of the IT policy unhindered. The policy
also stated in addition, it will see to the passage of Computer Crime and Cyber Laws
(CCCL). In chapter 16
33
, the policy at 16.3 (xxi)
34
restates that it will see to the enactment of
Bills and Acts to stimulate and protect the right of users and developers including
intellectual property rights. Towards realizing the above objectives, the policy, in Appendix
B
35
, states inter alia: Government through the Federal Ministry of Justice, after due
deliberation with IT and sectorial experts, will frame appropriate legislation, using
technology-neutral statutory definitions. The legal mechanisms so framed are to apply in the
following areas: computer crimes, information technology law, and amendment of non-
specific provisions in existing laws. Other areas of application are personal privacy and
digital signature.
Significant as the IT policy is, it is noteworthy that the Nigerian state did not take any definite
regulatory step on it until 2003
36
, whereas the ICT media proposed in the Policy had become
widely available since 2001. It was not until a murder incident at a Nigerian embassy in 2003,
which was connected to an Internet crime, that the Federal Government was moved to
constitute a cybercrime working group, the Nigeria Cybercrime Working Group (NCWG)
37
,
to examine all associated problems of cyber-criminality as related to Nigeria and make
appropriate submissions to government on how to nip them in the bud. This body was
formally launched on 31st March 2004, sequel to the recommendations of the Presidential
Committee on Illegal On-line activities led by the National Security Adviser to former
President Olusegun Obasanjo (1999-2007). The NPFIT has been noted to develop cyber
capacity in Nigeria without a cyber-security as the policy focused on only the projected
possible benefits of ICT, without being critically sensitive to the possibility of IT abuse, and
thus failing to be pro-active against IT abuses that were already been experienced and being

32
The provision for the admission of Electronic Evidence was not provided for, until the New Evidence Act of
2011 in Section 84 allowed for the admission of Electronically Obtained Evidence.
33
Policy Implementation
34
NPFIT, 2001: pp.40.
35
Details on the Legal Areas that must be addressed
36
Supra note 15 pp.17
37
The NCWG is an inter-agency Body of Law Enforcement, intelligence, security and ICT Institutions
including Private Sector Organizations. It is meant to be the Central Agency for the enforcement of Cybercrime
in Nigeria or situate responsibility within the existing Law Enforcement Institution. Their responsibilities
include public enlightenment, building institutional consensus amongst existing Agencies, providing technical
assistance to the National Assembly on cybercrime and the Draft Act, laying the groundwork for the Cybercrime
Agency, Commencement of Global cybercrime enforcement relations.

22
combated in other places.
38
Although other countries, including the most ICT-advanced
countries, also have cyber security challenges, Nigeria, being a latecomer into the technology,
ought to have started right in the formulation of a Policy that benefited from the experiences
of others whilst still planning to enter into the global cyber community. Failure to do this has
resulted in the unstoppable life of cybercrime that some Nigerians have chosen as a
profession.

2.3 CURRENT LEGISLATIVE FRAMEWORK
2.3.1 THE 1999 CONSTITUTION OF THE FEDERAL REPUBLIC OF NIGERIA
By virtue of Section 36(12)
39
no person shall be convicted of a criminal offence except it is
defined and the penalty therefor is prescribed in a written law. It is obvious from the above
provision that a person cannot be convicted of a non-statutory offence and in this view; no
one in Nigeria can be convicted for committing cybercrime, as the Constitution and any other
enacted Law in Nigeria defines or penalise the offence. The word cybercrime is not even
mentioned in any law in Nigeria. However, it is important to note that there have been
convictions of offences which are considered as classifications or types of cybercrime
40
, not
because cybercrime is penalised in Nigeria but such acts are stated in and penalised by
various Laws in Nigeria.
As the Constitution of the Federal Republic
41
does not specifically state anything related to
cybercrime, it however, empowers the National Assembly to make laws with respect to any
matter included in The Exclusive Legislative List
42
. The Exclusive Legislative List consist of
various items most of which are related directly or indirectly to Commerce. The items
itemised in the list include; Commercial and Industrial Monopolies
43
, currency coinage and
legal tender
44
and even Trade and Commerce
45
amongst many others
46
. It is quite clear from
this foregoing that it is the National Assembly that has the power to make laws regulating
Commerce in Nigeria. Also, Section 251 also gives the Federal High Court the Exclusive

38
Supra note 14
39
Constitution Of The Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004
40
See the classifications of cybercrimes by the OECD in Chapter One. Supra notes 51-54 pp. 14
41
Supra
42
S. 4(2) 1999 CAP. C23 L.F.N. 2004
43
Item 10 of The Ell Constitution Of The Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004
44
Item 15 of The ELL
45
Item 62 of The ELL
46
Including Maritime Shipping (Item 36), Patents, trademarks, trade or business names, industrial designs and
merchandise trademarks (Item 43) and many more

23
jurisdiction to adjudicate upon matters which are directly and indirectly related to Commerce
by listing them. Though the Constitution does not say anything about Electronic Commerce,
it can however be implied that Electronic Commerce is also a branch of Commerce and thus
the same laws also regulate it. Thus, the National Assembly would have the Exclusive right
to legislate E-Commerce matters as relating to cybercrime. Item 69
47
goes further to state that
any matter incidental or supplementary to any matter mentioned elsewhere in this list.

2.3.2 THE CRIMINAL CODE
48

The Criminal Code by virtue of Section 2 also makes it clear that an offence must be under
this code, or under any Act, or Law
49
. The criminal code does not mention, define or
criminalise cybercrime but it prohibits some traditional crimes which are associated to the
cyber world and they fall under the classifications of cybercrime, such as computer relate-
forgery and computer-related fraud. These offences cannot be prosecuted through the
criminal code under the heading of cybercrime as cybercrime is not stated in the Code.
Such traditional offences related to cybercrime which can be done in the cyber word, for
example, include the offence of stealing.
50
This offence may be used to prosecute people who
steal credit cards or information. Though the Act does not specifically state or list things that
are capable of being stolen, but it provided that:
Every inanimate thing whatever which is the property of any person, and which is
movable, is capable of being stolen. Every inanimate thing which is the property of
any person, and which is capable of being made movable, is capable of being stolen
as soon as it becomes movable, although it is made movable in order to steal it.
51

Section 383
52
prohibits the act of stealing anything capable of being stolen. It states that:
A person who fraudulently takes anything capable of being stolen, or fraudulently
converts to his own use or to the use of any other person anything capable of being
stolen, is said to steal that thing.

47
The ELL Constitution of The Federal Republic Of Nigeria 1999 Cap. C23 L.F.N. 2004
48
Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004
49
Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004
50
S 383 CAP. C38 L.F.N. 2004
51
Section 383 Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004
52
Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004

24
It further states that: A person shall not be deemed to take a thing unless he moves the thing
or causes it to move.
53
This leads to the confusion as to the state of information or trade
secrets stolen online through Hacking or cracking;
54
can they be classified as inanimate
things capable of being stolen? According to Wada and Odulaja, although cybercrime is not
mentioned in the Act, it is a type of stealing punishable under the criminal code
55
.
There is also the offence of Obtaining by False Pretences as stated under Section 419
56
of the
Criminal Code. This offence popularly known as 419 is the most popular Cybercrime offence
committed in Nigeria
57
. Section 418
58
gives a clear representation as to the definition of the
offence. Though the definition does not in any way limit the commission of the crime to the
real world only as it also predicts a situation through words, writing or conduct where it can
be committed in the cyber world. Thus offences such as Advance Fee Fraud can come within
the ambit of this section. This section, alongside the Advanced Free Fraud Act, has been
proved to be effective in tackling computer-related frauds, a classification of cybercrime, in
Nigeria.
59

The Code also makes provisions for injury to the property of another without consent
60
and
injury with intent to defraud.
61
It is worthy of note that Section 1
62
defines property to include
everything, animate or inanimate, capable of being the subject of ownership. This therefore
eliminates the need for the property being capable of being stolen. Section 451
63
further

53
Section 383(6) Criminal Code Act Cap. 77 L.F.N. 1990 Act Cap. C38 L.F.N. 2004
54
The offence described as hacking refers to unlawful access to a computer system. It is one of oldest
Computer-related crimes. Following the development of computer networks (especially the Internet),
this crime has become a mass phenomenon, most especially in the USA. Examples of hacking offences include
breaking the password of password-protected websites and circumventing password protection on a computer
system. But acts related to the term hacking also include preparatory acts such as the use of faulty hardware or
software implementation to illegally obtain a password to enter a computer system, setting up spoofing
websites to make users disclose their passwords197 and installing hardware and software-based keylogging
methods (e.g. keyloggers) that record every keystroke and consequently any passwords used on the
computer and/or device.
55
Wada & Odulaja Assessing Cyber Crime and its Impact on E-Banking in Nigeria Using Social Theories
(2012) African Journal on Computer & ICT Vol 4. No. 3. Issue 2 pp. 75
56
CAP. C38 L.F.N. 2004
57
It is regarded as a Computer-related offence which is under the classification of cybercrime earlier discussed
in Chapter One. See note 52 pp.14
58
Ibid
59
See the case of Mike Amadi Vs. Federal Republic Of Nigeria 2008 12 SC (pt3)
60
See S.440 CAP. C38 L.F.N. 2004
61
See s. 441 C38 L.F.N. 2004
62
C38 L.F.N. 2004
63
Ibid

25
prescribes an offence of a person wilfully and unlawfully destroying or damaging any
property
64
with a punishment of two years imprisonment.
There are also a lot of traditional offences which can still be brought within the ambit of the
criminal code such as Forgery which has a punishment of three years in prison.
65
Unlike the
offence of stealing, nothing in Sections 463, 464 and 465 which defines forgery, limits the
offence only to the real world as it can be committed with any negotiable instrument,
document, seal or writing which further includes a mere signature or mark of any kind. This
section can be used in tackling computer-related forgery a classification or type of
cybercrime. There are also quite a number of offences relating to Posts and
telecommunications that can fall under cybercrime. These offences are taken care of under
the Criminal Code by virtue of chapter 17. As the definition of mails include any
conveyance of any kind.
66
The act also defines telegraphs to include any apparatus for
transmitting messages or any other communications by means of electric signals, whether
with or without the aid of wires. Thus, these provisions can be sufficiently used to prosecute
cybercrimes such as illegal interception of data in mails, illegal data acquisition, system
interference, sending viruses
67
and the likes. Although, some of the offences here have stiffer
penalties than the others.
68


2.3.3 THE ECONOMIC AND FINANCIAL COMMISSIONS ACT (EFCC)
69

The EFCC Act also does not mention cybercrime; however it can still be used to prosecute
traditional offences which fall within the purview of the definition and classification of
cybercrime. Economic crime is defined by the Act as
the nonviolent criminal and illicit activity committed with the objectives of earning
wealth illegally, either individually or in a group or organized manner thereby
violating existing legislation governing the economic activities of government and its
administration to include any form of fraud, narcotic drug trafficking, money

64
An example of such act is Hacking of computers and inflicting damage on the computer either by deleting
files or putting a virus into the system, to render the computer unusable for the time being.
65
See Section 467
66
S. 1
67
See Section 170 which includes the sending of obscene things
68
For example S 171 (stopping mails) carries a Life sentence while s 172 (Obstructing mails) carries a fine of
hundred naira.
69
NO. 5 2002. ACT CAP. E1 L.F.N. 2004. To be further referred to as the EFFCC ACT

26
laundering, embezzlement, bribery, looting, and any form of corrupt malpractices,
illegal arms deal, smuggling, human trafficking and child labour, oil bunkering and
illegal mining, tax evasion, foreign exchange malpractices including counterfeiting of
currency, theft of intellectual property and policy, open market abuse, dumping of
toxic wastes and prohibited goods.
70

Some of these offences are listed in the responsibilities of the Commission. According to part
2 of the Act, they include:
- the investigation of all financial crimes, including advance fee fraud, money
laundering, counterfeiting, illegal charge transfers, futures market fraud, fraudulent
encashment of negotiable instruments, computer credit card fraud, contract scam, etc.;
- Taking charge of, supervising, controlling, and coordinating all the responsibilities,
functions, and activities relating to the current investigation and prosecution of all
offences connected with or relating to economic and financial crimes, in consultation
with the Attorney- General of the Federation.

2.3.4 THE ADVANCE FEE FRAUD ACT
According to Section 23 of the Advance Fee Fraud Act
71

False pretence means a representation, whether deliberate or reckless, made by word,
in writing or by conduct, of a matter of fact or law, either past or present, which
representation is false in fact or law, and which the person making it knows to be false
or does not believe to be true.
The law also helps in tracking offenders as any person or entity, providing an electronic
communication service or remote computing service either by e-mail or any other form shall
be required to obtain from the customer or subscriber, full names; residential address, in the
case of an individual; corporate address, in the case of corporate bodies.
72

Also any person or entity providing the electronic communication service or remote
computing service either by e-mail or any other form, who fails to comply with the provisions
of subsection (1) of section 12, commits an offence and is liable on conviction to a fine of N

70
Section 40 Economic And Financial Crimes Commission (Establishment) Act, No. 1 2004.
71
Advance Fee Fraud And Other Fraud Related Offences Act, 2006
72
Section 12(1).

27
100,000 and forfeiture of the equipment or facility used in providing the service.
73
Finally,
Section 13(1) provides that
notwithstanding the provisions of the Nigerian Communications Commission Act
2003 or the provisions of any other law or enactment, any person or entity who in the
normal course of business provides telecommunications or internet services or is the
owner or person in the management of any premises being used as a telephone or
internet cafe or by whatever name called shall be registered with the Economic and
Financial Crimes Commission;
74
maintain a register of all fixed line customers which
shall be liable to inspection by any authorized officer of the Commission; and submit
returns to the Commission on demand on the use of its facilities.
75

Advance Fee Fraud and Other Fraud Related Offences Act 2006 is currently one of the only
laws in Nigeria that deals with internet crime issues, and it only covers the regulation of
internet service providers and cybercafs, it does not deal with the broad spectrum of
computer misuse and cybercrimes.

2.3.5 NIGERIAN COMMUNICATION COMMISSION ACT
76

The Act created the Nigerian Communication Commission (NCC)
77
headed by an executive
vice Chairman
78
and saddled with the responsibility of overseeing the regulation of the
telecommunication sector in the country. It provides an elaborate and comprehensive legal
regime for the establishment control and management of telecommunication services in the
Country.
The NCC Act stipulates no specific provision or penalty for telecommunication offences save
that it provides for the immunity of the service providers in cases of disclosure of customers
information in furtherance of national security.
79
Section 146(1) of the Act provides that A
licensee shall use his best endeavour to prevent the network facilities that he owns or
provides or the network service, applications service or content application service that he
provides from being used in, or in relation to, the commission of any offence under any law
in operation in Nigeria. The act only allows an authorised interception of

73
Section 12(3).
74
Para. (a).
75
Para. (b).
76
Nigerian Communications Commission Act No. 19 2003
77
See: section 3
78
Section 5
79
Section 146

28
communication
80
, which means any unauthorised interception of communication is prohibited
by the act. Section 147 states that:
The Commission may determine that a licensee or class of licensee shall implement
the capability to allow authorised interception of communications and such
determination may specify the technical requirements for authorised interception
capability.
In section 157 of the act, it states that: Authorised interception means interception by the
licensee of any network facilities, network service or applications service permitted under
section 148 of this Act. It further states that Intercept means the aural or other acquisition
of the contents of any communications through the use of any electronic, mechanical or
other equipment, device or apparatus. The implication of the foregoing section is that wire-
tapping by the government is legal in Nigeria unless it is permitted under s.148 and it does
not state the procedures in which law enforcement need to take before they can intercept
communication, like a court order

2.3.6 THE CRIMINAL PROCEDURE ACT (CPA)
81

The Act was enacted June 1, 1945 decades before the Internet was invented and scores before
Internet licenses were granted in Nigeria. It makes provisions for the mode of prosecuting
criminals including certain fundamental issues like jurisdiction, examination of witnesses and
admissibility of evidences.
Under the CPA, witnesses are expected to be physically present in court during trials and
witness who fail to appear personally could be subpoenaed and even detained and may be
released on bail upon the same bail conditions available to the accused person
82
. Children,
infants and young persons (below 17 years) who may need to give evidences in court in
camera for security and other reasons would still have to be physically present or their
testimonies would not be accepted.
Cybercrime offences are usually trans-border and the needed witness who would give the
very material evidence may not be in Nigeria to attend the proceedings. Upon that ground,

80
Section 147
81
Criminal Procedure Act Cap. 80 L.F.N. 1990 Act Cap. C41 L.F.N. 2004
82
Part 20 Criminal Procedure Act Cap. 80 L.F.N. 1990 Act Cap. C41 L.F.N. 2004

29
the accused may be acquitted for failure to establish a prima facie case against him by reason
of insufficient evidence. He may also be discharged for want of diligent prosecution.
Another insufficiency evidenced in the CPA is the provision of Section 171
83
which
discourages the conviction of an offence twice. According to David Ashaolu,
the rationale behind this provision hangs in the balance of reasoning as the effect of a
crime being committed eventually and the resultant damage is far greater than that of
its attempt. For example, a person convicted of attempting to disseminate a virus or
malicious code will definitely serve a lesser punishment than if he had actually
disseminated it. Where, unknown to the law enforcement agents at the time of his
arrest, he had released the virus and the brutal effect had been found out later, he
technically escapes proper punishment
84


2.3.7 CRIMINAL JUSTICE (MISCELLANEOUS PROVISIONS) ACT
85

This Act serves as a supplement to the Criminal Code and the Criminal Procedure Act. It is
an Act to impose stiffer penalties on persons who damage, disrupt or destroy
telecommunications, electrical transmission lines and oil pipelines
86
. For example, a person
who prevents or obstructs the sending or delivering of communications by means of
telecommunications is guilty of an offence.
87
The penalty is a fine of N500 or 3 years
imprisonment or both. Thus, hacking, where interception is occasioned, can come under this
heading, since a hacker uses the telecoms. This will also sufficiently cover offences like
illegal interception, which is under the classification of cybercrime
88
. Dissemination of
viruses and other malicious codes, especially where the motive is a DDoS (Denial of Service
attack), will naturally prevent or obstruct the to and fro movement of communication
codes. All these can be tried under this statute.
Section 9 defines telephone works as meaning
wire or wires used for telegram and telecommunications, with any casing, coating,
tube, pipe, insulator, etc and including any apparatus for transmitting messages or
other matters including the television, by means of electronic signals whether by

83
Criminal Procedure Act Cap. 80 L.F.N. 1990 Act Cap. C41 L.F.N. 2004
84
David Ashaolu Combatting Cybercrimes in Nigeria. Electronic copy available at:
http://ssrn.com/abstract=2028154 (Accessed: 29/5/2013)
85
Criminal Justice (Miscellaneous Provisions) Act Cap. 78 1990 Act Cap. C39 L.F.N. 2004
86
See Sections 1-3
87
Section 1(1) (b)
88
See note 52 supra pp.14

30
overhead lines or underground cables or cables lying under water and any apparatus
for transmitting messages with or without wires.

2.3.8 TELECOMMUNICATIONS AND POSTAL OFFENCES ACT 1995.
89

This law like the others also does not mention cybercrime but it helps in regulating persons
engaging in computer fraud or doing anything relating to fake payments. Under the Act,
whether or not the payment is credited to the account of an operator or the account of a
subscriber is irrelevant and where the person is guilty of the offence, such person would be
liable to imprisonment for a term of not less than 5 years without the option of a fine, in the
case of an individual; and if the person is a body corporate, such person would be liable to
pay a fine of N500, 000.
90
It also prohibits the wilfully or maliciously stopping, dumping,
intercepting, tampering or meddling, with or otherwise retarding the delivery electronic mails
with an imprisonment term of not less than 5 years without the option of a fine.
91
It generally
regulates transactions done by electronic mails which are regularly used in Electronic
Commercial Transactions and are subject to hacking, classified as a cybercrime under illegal
access to data
92
. Section 9 of the Act states that:
if any person without lawful authority, fraudulently, wilfully or maliciously stops,
delays, intercepts, tampers or meddles with any postal matter or electronic mail with
intent to search or pilfer it,
93
or secretes, destroys or defaces any postal matter,
electronic mail or any part thereof or evidence of the existence of the postal matter,
electronic mail or part thereof, whether or not the postal matter, electronic mail or part
thereof so secreted, destroyed or defaced, contains money or other thing whatsoever,
is guilty of an offence and liable on conviction to imprisonment for a term of not less
than 7 years.
94

The Act further states that: a person who steals any postal matter or electronic mail is guilty
of an offence.
95
As stated earlier, these provisions can be used to prohibit illegal tampering,
access or interception of emails which can be done electronically, and this act can be
regarded as a cybercrime. Also the act of transferring emails is also prohibited by the act, but

89
Cap. T4 L.F.N. 2004
90
Section 4(h).
91
Section 9(a).
92
See note 52 pp. 14 Chapter 1
93
Section 9(b)(i).
94
Section 9(b)(ii).
95
Section 10.

31
is limited to a person charged with the delivery of such emails.
96
The provision related to that
states that:
a person who, being charged with the delivery of any postal matter or electronic
mail, without lawful authority, fraudulently, wilfully or maliciously, dumps it or
delivers it to a person or address other than the person or address stated on the postal
matter or electronic mail is guilty of an offence.
97


2.3.9 THE MONEY LAUNDERING ACT
98

This Act makes provisions for the prevention and punishment of money laundering, among
other things, to regulate over-the-counter exchange transactions and empower the National
Drug Law Enforcement Agency to place surveillance on Bank Accounts. Although, this act ,
like all other Acts, did not mention some cyber activities as cybercrimes, but certain
provisions of the Act such as Section 6 and Section 15(e)
99
can be used to reduce money
laundering which is usually now done via electronic means. Money Laundering has been
classified as a cybercrime.

2.3.10 COPYRIGHT ACT
100

Generally all the provisions of the Copyrights Act can be effectively used in tackling offences
related to infringements of copyright and related rights, a classification of Cybercrime.
Furthermore the Act confers copyright on musical works, artistic works, cinematograph
films, sound recordings and broadcasts. It further states that literary work includes
101
,
irrespective of literary quality, any of the following works or works similar thereto
a) novels, stories and poetical works;
b) plays stage directions, film scenarios and broadcasting scripts;
c) choreographic works;
d) computer programmes;
e) text-books, treatises, histories, biographies, essays and articles;

96
Section 12.
97
Ibid
98
CAP M18
99
This section deals with the special surveillance of certain transactions
100
CAP. 68 LFN 1990 ACT CAP. C28 L.F.N. 2004
101
Section 51

32
f) encyclopedias, dictionaries, directories and anthologies;
g) letters, reports and memoranda;
h) lectures, addresses and sermons;
i) law reports, excluding decision of courts;
j) written tables or compilations;

2.3.11 THE INVESTMENTS AND SECURITIES ACT, 2007
This Act like all other laws stated above does not mention, define or penalise cybercrime, but
it deals with the offence of Advance Fee Fraud by electronic means in the cyber world, which
can be classified as a Cybercrime. Section 108 (1) (d) of the Act provides that:
No person shall record or store in, or by means of any mechanical, electronic or
other device, create information which he knows to be false or misleading in a
material particular with intent to induce or attempt to induce another person to deal in
securities
The above provision deals with Advance Free Fraud in the dealing of securities and which
could be done electronically, thus falling under the classification of cybercrime.

2.3.12 NATIONAL INFORMATION TECHNOLOGY DEVELOPMENT AGENCY ACT
102

This act does not prohibit any act or omission, but empowers the National Information
Technology Development Agency (NITDA) with the power to make policy, guidelines and
bills, basically making the NITDA an advisory body. Section 6 of the Act states that the
NITDA shall:
(a) Create a frame work for the planning, research, development, standardization, application,
coordination, monitoring, evaluation and regulation of Information
Technology practices, activities and systems in Nigeria and all matters related thereto and for
that purpose, and which without detracting from the generality of the foregoing shall include
providing universal access for Information Technology and systems penetration including
rural, urban and under-served areas.
(b) provide guidelines to facilitate the establishment and maintenance of appropriate
infrastructure for information technology and systems application and development in
Nigeria for public and private sectors, urban-rural development, the economy and the
government;

102
NO. 28 ACT 2007

33
(c) develop guidelines for electronic governance and monitor the use of electronic data
interchange and other forms of electronic communication transactions as an alternative to
paper- based methods in government, commerce, education, the private and public sectors,
labour, and other fields, where the use of electronic communication may improve the
exchange of data and information;
(d) develop guidelines for the networking of public and private sector establishments;
(e) develop guidelines for the standardization and certification of Information Technology,
Escrow Source Code and Object Code Domiciliation, Application and Delivery
Systems
Section 34 of the Act helps in defining a lot of technical terms which can be helpful in future
legislative laws on cybercrime. The Act in its interpretation section defines computer as:
any electronic device or computational machinery using programmed instructions
which has one or more of the capabilities of storage, retrieval, memory, logic,
arithmetic or communication and includes all input, output, processing, storage,
software, or communication facilities which are connected or related to such a device
in a system or network or control functions by the manipulation of signals, including
electronic, magnetic or optical, and shall include any input, output, data storage,
processing or communication facilities directly related to or operating in conjunction
with any such device or system or computer network
It further defines Computer Network as the interconnection of one or more computers
through a computer system."
103

It also defines a Computer system as:
a device or collection of devices, including input and output support devices and
excluding calculators which are not programmable and capable of being used in
conjunction with external files, which contain computer programmes, electronic
instructions, input data and output data, that performs logic arithmetic, data storage
and retrieval, communication control and other functions
104

It also defines data as:
a representation of information, knowledge, facts, concepts or instruction which are
being prepared or have been prepared in a formalised manner, and is intended to be
processed, is being processed or has been processed in a computer system or
computer network, and may be in any form (including computer printout, magnetic or
optical storage media, punched cards, punched tapes) or stored internally in the
memory of the computers
105

It further defined electronic form, with reference to information, any information generated,
sent, received or stored in media, magnetic, optical, computer memory, micro film, computer

103
See Section 34
104
Ibid
105
Ibid

34
generated, micro fiche or similar device. Also Electronic record is defined as any data,
record or data generated, image or sound stored, received or sent in an electronic for or
micro film or computer generated micro fiche
106


2.3.13 THE EVIDENE ACT 2011
107

Section 84 of the Act allows for the admission of electronic evidence. This provision is a big
step in prosecuting acts of Cybercrime in Nigeria. The section allows facts for which direct
oral evidence can be given can equally be evidenced by a computer-produced document
containing such facts, subject however to condition precedents as to the document, the
computer from which it was generated and the person who generated it or manages the
relevant activities captured in the document
108
, for instant, Cybercaf Managers, Secretaries,
ATM Card User or experts the list is endless. The conditions are that
109
:
i) The document is an output of information stored or processed regularly, over a period
of time by a computer. Such information been for certain activities, profit or non-
profit, by any body, corporation or individual;
ii) The storage or processing above was in the ordinary course of the said activities and
the statement replicates or derives from the information stored or processed over that
period;
iii) That for the time material, the computer was functioning properly or that though non-
functional or malfunctioning at some material time; such had not prevented the
production of the document nor affected its accuracy; and
iv) The output clearly represents the input, or is a derivative of the input stored or
processed.
It should be noted that where a document is stored and processed in a manner involving
more than a computer via internet or network or even data transmission by whatever means -
Wifi, Bluetooth, Infrared and external storage chips (with or without human intervention,
directly or indirectly), the final output shall be treated as having been generated by a single

106
Ibid
107
Cap E14 Laws of the Federation 2004
108
Section 84(1)
109
Section 84(2)

35
computer
110
. So far as the conditions for its admissibility as stated above shall apply to all the
computers and devices put to use. Before it is given in evidence, the law requires a
Certificate of Authenticity of a computer-produced document, duly signed by the person who
produced it or manages the relevant activities captured in the document
111
. Such person must
certify that they identify the document and state the manner in which it was produced; that
the document was produced by a computer, by giving vital particulars of the device(s)
deployed; and make any other disclosure as to the satisfaction of the preconditions stated
above
112
. Such certification will be sufficient with a statement therein that the matters so
stated in it are to the best of the knowledge and belief of the maker correct.
Section 258
113
implies that such things as information in computer memory or in diskettes,
CD ROMs, video and audio tapes, movies, as well as telefaxes, computer printouts or
printouts of electronic mails can be called documents. So also can GSM text messages and
voice mails, bank electronic transfers or other internet transactions be called documents?
They can therefore be attached to affidavits as documentary exhibits. They, like other
documents, can even be attached to affidavits as objects and not documents when the aim is
to prove not their written or language contents but of their physical nature or state. Other
materials are also sometimes attached as exhibits. Damaged sunglasses, torn dresses etc have
been tendered before courts through affidavit evidence in fundamental rights enforcement
proceedings where the plaintiff or claimant was assaulted and his/her belongings damaged by
the defendant.
In Esso West Africa Inc v. T. Oyegbola
114
, the issue for decision was whether or not computer
statements of account and their ledger copies were receivable in evidence as books of
account under Section 37 of the old Act. Section 51 in the revised Act
115
which was
previously Section 37 in the old Evidence Act provides that entries in books of account,
regularly kept in the course of business, are relevant whenever they refer to a matter into
which the court has to inquire, but that such statements shall not alone be sufficient evidence
to charge any person with liability. In proof of a claim for the balance of an amount due and
owing for petroleum products sold to the respondent, the appellants stated that they normally
kept the respondents accounts and that at the end of each month statements of account were

110
Section 84(3)
111
Section 84(4)
112
Ibid
113
Nigerian Evidence Act 2011
114
(1969) 1 NMLR 194, SC
115
Cap E14 Laws of the Federation 2004

36
made out and sent to the respondent. The appellants attempt to tender the ledger copies of
the statements of account already sent to the respondent in the manner stated above was
rejected by the trial court on the ground that they did not constitute the type of books of
account contemplated by the law; that the ones contemplated by the law were usually bound
and the pages are not easily replaced. In rejecting that line of thought, the Supreme Court
stated at p. 198 of the report that:
Besides, section 37 of the Evidence Act does not require the production of books of
account but makes entries in such books relevant for purposes of admissibility. The Law
cannot be and is not ignorant of modern business methods and must not shut its eyes to the
mysteries of the computer. In modern times reproduction or inscriptions on ledgers or other
documents by mechanical process are common place and section 37 cannot therefore apply to
books of account so bound and the pages not easily replaced.
Considering the nature of affidavits in Nigeria, any document or material (electronically
generated or not) attached to an affidavit automatically becomes part of the affidavit and gets
entitled to the waivers and exemptions from certain rules of evidence which affidavits and
their exhibits are entitled to. One of such is the waiver of the rule that requires only originals
of exhibits and not copies to be produced in court except in very rare cases
116
.
Subject to the rules on admissibility of documents, generally a document (electronically
generated or not) attached to an affidavit as an exhibit forms part of the affidavit and should
be considered together with the affidavit. As a document, it is even of greater evidential value
and persuasive potential than the ordinary depositions in the affidavit. If there is a conflict
between the depositions and the document, the document takes priority in matters of
weight.
117


116
L. Adedeji Electronically Generated Exhibits In Affidavits Available at:
http://thelawyerschronicle.com/index.php?option=com_content&view=article&id=144:electronically-generated-
exhibits-in-affidavits&catid=34:law-a-practice&Itemid=56 Accessed: (29/7/2013)
117
Ibid