For a long time, pundits have heckled the Nigerian government over cyber security laws. Attempts to set up laws to regulate cyber activities in the country have been going on since 2004 when the Nigerian government (during Olusegun Obasanjo’s administration) set up the National Cybercrime Working group, but progress on the bill didn’t begin to materialize till May this year when the Nigerian National Assembly passed the bill on to the Nigerian President (Goodluck Jonathan at the time) for executive assent which was granted 10 days later on May 15.
The regulation is the Cybercrime Act 2015 and its goal is to provide a legal framework for detection, prosecution and punishment of cybercrimes in Nigeria. However, the final draft as we have come to discover has some gaping holes that could be exploited to repress freedom over the Nigerian cyberspace and civil liberties. Some of the provisions also make for a belly full of laughter.
As shared by Gbenga Sesan, the Executive director at Paradigm Initiative Nigeria, a digital rights group and one of the vanguards in the call for the legislation, the following are some of the hang ups in the law and why revisions should be in order:
1: Limitless powers to the President
1. The National Security Adviser (President just approves) decides what is defined as Critical National Infrastructure (S3). Worrying #SIF15
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
2: Redundant registrations
2. Cybercafes must register with Computer Professionals' Registration Council of Nigeria in addition to existing NCC requirement (S7) #SIF15
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
3: Technical and fuzzy grammar
3. Technical error in S17.2 that lists "solid and liquid" means gaseous dangerous materials can be transported with electronic signature 🙁
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
4: No explicit explanation what “threat” really entails
4. If citizens fail to report what poses cyber threat, they pay fines and their Internet access get cut off. What's a threat? (S21) #SIF15
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
5: Blackmail enablers
5. This one is interesting. Unsolicited nudes attract 1 year jail term and/or N250000 fine. Loop hole for political blackmail (S23.2) #SIF15
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
6: We can’t tell dead people they messed up?
6. Section 24's cyberstalking provisions are already being exploited. Plus, you can't even speak "ill of the dead" pic.twitter.com/75DkwZC4cC
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
7: Interesting cybersquatting provisions, finally. But what about similar brands and identities?
7. There's a 2-year jail term and/or N5M fine for cybersquatting. In a case of similar identities/brands, no provision is made (S25). #SIF15
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
8: Putting a knife to a free discourse
8. Seen comments on newspaper/blog articles, then you know S26 means we need bigger jails. N10M and/or 5 years for dangerous speech #SIF15
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
9: We need clarity on how far does the enforcement goes
9. Not a red flag. Torture is rightly listed as a crime against humanity. Gets N10M fine/5 years in jail. Does that apply to DSS too? (26.2)
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
10: Where is the Ministry of Communication Technology?
11. Another guzzler, Cybersecurity Council. Surprisingly doesn't include Ministry of Communication Technology though agencies listed (S43d)
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
11: No one is talking about privacy
10. Service providers must release data to security agencies. No court warrant needed. Right to privacy is vaguely mentioned (S38,40) #SIF15
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
12: We are still paying for the National Cybersecurity Fund
12. National Cybersecurity Fund. 0.005 (no %) of all electronic transactions by telcos, ISPs, financial/insurance firms and NSE (S44). Sigh
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
The final regulation, of course, has come a long way from the initial draft in terms of “dangerous provisions” that slipped through, but obviously, there are still more holes and Orwellian double-speaks to be plugged.
Clearly, some dangerous provisions in earlier versions of the bill were taken out. Some made it through and will threaten #InternetFreedom
— 'Gbénga Ṣẹ̀san (@gbengasesan) October 20, 2015
Check out the full copy of the Act here.
