Udotai, who is the Managing Partner at Technology Advisors, a law firm with specialisation in Information and Communication Technology (ICT) law practice, spoke with journalists in Lagos at a seminar by the Financial Services Group of the Lagos Chamber of Commerce and Industry, where he was a guest speaker. The lawyer said an existing security agency, such as the police, could be equipped to set up a dedicated cybercrime and cyber security unit for effective enforcement because of the cost involved in having multiple units. According to him, a special entity can also be created by regulation, which the Act allows, to enforce the Act. “It will be legal if the Attorney-General of the Federation (AGF) adopts a regulation under the Act and creates a special dedicated unit to tackle cybercrime. Part of the reason that should be the way to go is because the resources to set up a cyber crime investigative environment are very high. “I don’t think government thought about this properly, because where will you get the money with falling oil prices? It costs millions of dollars to set up cybercrime investigation systems and to replicate it across all law enforcement agencies. It doesn’t make any kind of sense,” he said. Udotai, who is the immediate past Director of Cybersecurity and pioneer Head of the Directorate for Cybersecurity, Office of the National Security Adviser (NSA), said the Act will need a review in the future. “In the long run, the law needs to be amended. The law is already in force. I guess part of the reason the law is not so overwhelmingly enforced now is because there is really no single entity that is giving the leadership. When there are several law enforcement agencies, who is the boss? So there is a terrible oversight. Nobody knows who to go to,” he said. In his paper, Udotai criticised the law as it relates to the financial services sector, saying technology laws are supposed to be technology-neutral, not technology-specific. He added that Cybercrime laws are supposed to be generic in provisions, not particular, as is the case. He said all provisions specific to technologies and particular to processes in the financial sector can be removed from the Act, without any impact on the substance of the law; adding that leaving those provisions intact is guaranteed to cause severe harm to the sector – especially banks and payment services providers. Besides, he said the law challenges the regulatory integrity of the Central Bank of Nigeria (CBN) and the CBN Act by criminalising certain internal procedures of the banking system, thereby creating “chilling effect” on investments in creative and innovative solutions in the sector. Udotai, who served as Coordinator of the Nigerian Cybercrime Working Group (NCWG) for two years, urged financial services players to petition the President on the provisions they consider onerous and which can affect their transactional and compliance burden. “The Cybercrime Act though long in coming and beset with major challenging components, may be applied to effectively tackle cybercrime and cybersecurity issues in the country. However, the chances of this happening naturally are slim to zero. “Thus, deliberate efforts must be made by the key players – Office of the NSA and the Office of the AGF, working with stakeholders, to strategically position this law to take us to this highly desirable end. “Those efforts must aim, amongst others, in seeking to – in the short run: create a single enforcement authority; prevent the enforcement of technology specific and industry particular provisions (financial sector mostly); while proposing a comprehensive amendment in collaboration with the National Assembly,” Udotai said.]]>