Octopus Cybercrime Community

From 2005 onwards, attempts had been made to enact legislation on cybercrime and related issues, including:

• Computer Security and Critical Infrastructure Bill (2005); Electronic Service Provision Bill (2008)
• Interception and monitoring Bill (2009); Cyber Security Bill (2011); Criminal Code Amendment for Offences Relating to Computer Misuse and Cybercrimes (2011); Electronic Transfer of Funds Crime Bill (2011) - None of these bills passed the complex process of law making in Nigeria.

However, in 2011, the Evidence Act was amended to allow for the admissibility of electronic evidence.

Important progress was made in 2015 when the Cybercrimes (Prohibition, Prevention, Etc) Act, 2015 was enacted and entered into force on 15th May 2015. It has substantive criminal provisions, procedural rules and provisions on International cooperation.

The Cybercrime (Prohibition, Prevention, Etc) Act, 2015 in Part III – Offences & Penalties (comprised of Sections 5 to 36) criminalizes specific computer and computer – related offences and spells out the penalties.

These include: Unlawful access to a computer; Unauthorized disclosure of access code; Data forgery; Computer fraud; System interference; Misuse of devices; Denial of service; Identity theft and impersonation; Child Pornography, Grooming; Cyberstalking; Unlawful Interception; Cybersquatting; Cyber-terrorism; Failure of Service Providers to Perform certain Duties; Racist and xenophobic Offences; Attempt, conspiracy and abetment; and Corporate Liability.

The Administration of Criminal Justice Act, 2015 provides a general framework of procedural measures applicable to all criminal investigations (e.g. Sections 15(4), 18,37-39, 43 – 44, 106, 143, etc).

Evidence Act, 2011 – Sections 84 and 258 - deals with Admissibility of electronic evidence.

The Cybercrime (Prohibition, Prevention, Etc) Act, 2015 also establishes the procedural powers/ rules for cybercrime investigations and the collection of evidence in electronic form of a criminal offence.

These include: Expedited Preservation of Stored Computer Data – S. 38, Production Orders – S. 38, Search and Seizure of Stored Computer Data – S.45, Real Time Collection of Traffic Data –S.39, Interception of Content Data –S.39, etc.

There are constitutionally laid down safe guards enshrined as fundamental rights in Chapter IV of the Nigerian Constitution of 1999 (As Amended) which apply generally.

The Administration of Criminal Justice Act, 2015 also provides a framework of safe guards.

The Cybercrime (Prohibition, Prevention, Etc) Act, 2015 also has safe guards in Section 45 relating to Power of arrest, search and seizure.

• Evidence Act 2011
• Administration of Criminal Justice Act 2015

The legal competence to begin and direct criminal investigations is vested in the Police and other law enforcement/security agencies to the extent of their statutory mandates – Section 41(3) CPPA, with the technical support from police.

Section 41(2)(b) CPPA vests the Attorney General of the Federation with responsibility/competence for international cooperation. This responsibility is carried through the Cybercrime Prosecution Unit, working in coordination with the Central Authority Unit which is responsible for international cooperation in criminal matters generally.

Complying with Article 35 of the Budapest Convention, a 24/7 point of contact is established, and it is based in the Police and ng-CERT. The same functionality is also used for the Interpol Network.

The 24/7 point of contact has specific competence to take urgent measures regarding expedited preservation of traffic data and urgent searches and seizure of data. The general cybercrime requests depend on the directions of the prosecutors and an authorisation from a judge.

Evidence sharing with the EFCC resulted in the arrest of the head of the Organised Crime Group, based in Nigeria, by the EFCC and the arrest and conviction of the two UK heads of the group and the individuals responsible for the laundering of the proceeds in the UK.

The groups’ assets – bank accounts and houses in Nigeria – were identified by the EFCC and have subsequently been seized with a UK court ordering they be confiscated and sold in order to reimburse the victims of the fraud.

For many years, Nigeria has cooperated with the United States on criminal investigations involving computer-related forgery, computer-related fraud, and other computer-enabled financial crimes. Notably, the EFCC and US law enforcement agencies have worked together on complex financial crimes with perpetrators in Nigeria, the US, and elsewhere. With assistance from the US and other international partners, the EFCC has developed some capability and competence to identify, collect, and analyse electronic evidence, to integrate that evidence into criminal investigations, and to use it in successful prosecutions of financial fraud and corruption cases. Nigeria and the US have also cooperated on investigations of intellectual property, child pornography and other computer-related crimes.