Internet Security: A Case For A Unified And Specialized Institutional Framework In Nigeria By Victor Obinna Chukwuma

ABSTRACT

Internet crimes are arguably the most trending crimes in the world today. This owes greatly to the global paradigm shift from old-school style of transactions to digital/paperless transactions traceable to the fast-growing and apparently unstoppable technological advancement all over the world. Contrary to the innocuous brain behind its innovation, the internet has become the largest forum for the perpetration of various criminal activities, thereby demanding urgent legal and institutional security attention.

It is apposite to underscore that unlike the developed countries, most developing countries of the world today still battle with the technical know-how to address the growth and escalation of these trending crimes. Nigeria which happens to be amongst the countries reportedly topping the list of cybercrime-infested countries, had only formally criminalized these acts in 2015 vide the Cybercrime Act. Despite the criticisms of the Act, its enactment has been widely celebrated by various stakeholders including academic writers and law enforcement agencies as a milestone achievement in the war against internet criminals in Nigeria. This research work however weighs the sufficiency of the Act to curb cybercrimes in Nigeria vis-à-vis the present cyber-security institutional framework and finally makes a case for a robust institutional framework for fighting cybercrimes in Nigeria as the winter is here already and the impending world war appears to be a cyber-war[1]

Keywords: Crime, internet, cybercrime, cyber-security, institutional framework

Introduction

Internet crime has been defined as any breach of criminal law that involves the knowledge of computer technology for their perpetration, investigation or prosecution[2]. It is an offence which involves the computer as a tool and/or the object of the crime[3].  Cyber security or prevention is the act of restricting, suppressing, destructing, destroying, controlling, removing, preventing the occurrence of cyber-attacks, in either computer systems (both hardware and software systems), networks and data, or any other electronic devices capable of being a computer[4]. In as much as traditional crimes like robbery and armed robbery are slowly fading away, it is doubtful whether such reduction can be safely traced to the vigilance and gallantry of local security agents. It is not hazarding to guess that the gradual reduction in those traditional crime cases traces chiefly to the discovery by these criminals of the relative advantages and opportunities availed by the internet, hence the need for an upgrade in tactics. The war against cybercrimes therefore is not a war of bullets, rifles, bombs and other diabolic weapons. Cyber security requires the availability of both legal and formidable institutional frameworks. A system devoid of a strong cyber-security institutional framework renders its cyber laws toothless before the menace of internet crimes. This research work comprises of four segments:

1. A Cursory Look at the Nigerian Cyber Crime Act and its Cyber-Security Institutional Framework
2. Other Cyber-Security Institutional Framework in Nigeria
3. International Comparative Analysis
4. Comments/Recommendations

1. A Cursory Look at the Nigerian Cybercrime Act and its Cyber-Security Institutional Framework

The Cybercrimes (Prohibition, Prevention) Act, 2015 is the current law specifically criminalizing internet crimes in Nigeria. The Act is divided into eight parts and contains 59 sections. One of the positive achievements of the Act is the comprehensive codification and punishment of all such acts and omissions that amount to internet crimes. These include offences such as unlawful access to a computer, system interference, cyberstalking, cyber terrorism, cybersquatting, child pornography, phishing, cyber forgery, spamming, etc.[5] With the designation of these offences, possible contentions that may arise from the fundamental right of a person to be tried only of an offence known to law have been put to rest.[6] Section 3 of the Act empowers the president to designate certain computer systems or networks as critical national information infrastructure. These are computer systems or networks whose incapacity or destruction of, or interference with, would have a debilitating impact on the security, national or economic security, national public health and safety of the nation. Section 5 of the Act goes ahead to prescribe a ten years imprisonment (without the option of fine) for any form of cyber offence committed in respect of the designated critical national information infrastructure. Another landmark provision of the Act is section 39 (a) which empowers the court to make an order for the interception of any electronic communication, where there are reasonable grounds to suspect that the content of such communication is reasonably required for the purposes of a criminal investigation or proceedings[7]. This will surely be of great assistance to cybercrime investigators and prosecutors as it relates to the provision of relevant evidence requisite for the successful prosecution of cyber criminals. There are quite a number of other innovations introduced by the Act but attention shall now be diverted to a discussion on the cyber security institutions contained in the Act for its proper implementation:

1. Office of the National Security Adviser

The National Security Advisor is a senior aid in the cabinet of the president of Nigeria who serves as the chief advisor to the president on national security issues. The office of the NSA is responsible for the overall coordination and enforcement of the Act. The office is charged with the following responsibilities:[8]

1. To provide support to all relevant security, intelligence, law enforcement agencies and military services to prevent and combat cybercrimes in Nigeria.
2. To ensure formulation and effective implementation of a comprehensive cyber security strategy and a national security policy for Nigeria.
3. To establish and maintain a National Computer Emergency Response Team responsible for managing cyber incidences in Nigeria.
4. To establish and maintain a National Computer Forensic Laboratory and coordinate utilization of the facility by all law enforcement, security and intelligence agencies.
5. To build capacity for the effective discharge of the functions of the relevant agencies under the Act or any other law on cybercrime in Nigeria.
6. To establish appropriate platforms for public private partnership.
7. To coordinate Nigeria’s involvement in international cyber security cooperation.

As comprehensive as the list above appears, it is unfortunately doubtful whether the provision has been given adequate implementation by the NSA despite the fact that the Act came into force since 2015.

2. Cybercrime Advisory Council

This is a body set up under section 42 (1) of the Cybercrimes Act and comprises of one representative each from the ministries, departments, agencies and associations contained in the First Schedule to the Act. The representatives appointed must be officers not below the Directorate cadre in the public service or its equivalent. The council is to meet four times in a year and the meetings are to be convened and presided over by the national security adviser[9]. The duties of the council inter alia includes the creation of an enabling environment for members to share knowledge, experience, intelligence and information on a regular basis, the provision of recommendations on issues relating to the prevention  and combating of cybercrimes and the promotion of cyber security in Nigeria[10]. Apart from the fact that the impact of this council is yet to be felt in the war against cybercrimes in Nigeria, the researcher extrapolates that the criterion for qualification of its membership is unfair as it appears to shut the door against knowledgeable persons who are below the directorate cadre in the public service or its equivalent. The role of the council is highly advisory and as such, profound knowledge of cyber security matters should be the basic criterion for the qualification of its membership.

3. The Federal High Court

Section 50 of the Act vests the Federal High Court with the jurisdiction to try the offences contained in the Act. All offenders arrested pursuant to the Act are to be prosecuted at the federal high court where the matters shall be given an accelerated hearing[11]. It is however not clear whether the jurisdiction of the federal high court in this connection is exclusive. There is no place in the Act where it was the stated that the federal high court has exclusive jurisdiction over the offences contained in the Act. It is a canon of statutory interpretation that clear and unambiguous words are to be given their ordinary meaning[12]. The absence of the word “exclusive” implies the intention of the draftsman that the jurisdiction is not limited to the federal high court alone[13]. It follows that the state high court may also have jurisdiction to entertain such offences since it is a court of unlimited jurisdiction.[14] This line of thought seems to have been favoured by the former chief judge of Lagos state during the inauguration of the Special and Sexual Offences Court in 2018, when the learned judge reportedly remarked with respect to offences prosecuted at the Lagos State High Court, that the Special Offenses Court will “exclusively handle corruption and financial crime cases including cybercrime and other related offences.”[15] Therefore, although in practice, the prosecution of cyber offences is taken to the federal high court there is nothing in the Act that specifically shows that the jurisdiction is exclusive.

4. Financial Institutions

Financial institutions are also amongst the institutions envisaged under the Act in the fight against cybercrimes. What is basically required of the financial institutions is to obtain a proper identity of their customers before executing or carrying out electronic financial transactions with them[16]. It is worthy of note here that the scope of term financial institutions as used under the Act is wide and goes beyond banks to include legal practitioners, hotels, supermarkets, casinos, bureau de change, insurance institutions, to mention but a few[17]. Failure of a financial institution to comply with the above requirement is an offence which attracts the fine of five million naira[18].

5. Service Providers

The Act apparently provides a twofold duty for service providers in relation to the fight against cybercrimes. First, service providers are required to preserve, hold and retain all traffic data and information of its subscribers. Second, the service providers are to disclose such data or information where requested for by any law enforcement agency or on its own initiative, for the purposes of the identification, apprehension and prosecution of offenders under the Act[19]. It is perhaps pursuant to this provision that the Economic and Financial Crime Commission (EFCC) wrote to Mastercard Inc. and Visa Inc. requesting that it be furnished with the transaction history or details on the credit cards used by a popular Nigerian musician, Azeez Fashola (Naira Marley) in respect of an investigation for the offences of identity theft and credit card fraud[20]. It is apposite to equally underscore that failure on the part of a service provider to comply with its duties under the Act is an offence attracting a fine of not more than ten million naira[21].

6. Office of the Attorney-General of the Federation

The Attorney-General of the federation is the chief law officer of the federation and is required under the Act to strengthen and enhance the existing legal framework so as to ensure[22]:

1. the conformity of Nigeria’s cybercrime and cyber security laws and policies with regional and international standards.
2. the maintenance of international cooperation required for preventing and combating cybercrimes and promoting cyber security; and
3. the effective prosecution of cybercrimes and cyber security matters.

The powers of relevant law enforcement agencies to prosecute offences under the Act are limited to the power of the Att. General to take over or discontinue any such criminal proceedings[23]. It appears that the power to take over and discontinue criminal proceedings under the Act is not limited to the Att. General of the Federation alone. Section 47 of the Act provides that subject to the powers of the Attorney General, relevant law enforcement agencies shall have the power to prosecute offences under the Act. In as much as section 41 of the Act specifies the functions of the Att. Gen of Federation in relation to the Act, it is not the appropriate section to look at when considering the powers of the Att. General so as to be read together with section 47 of the Act and to limit the application of the latter section to the Att. General of the Federation alone[24]. If it was the intention of the draftsman to limit that section to the AG federation alone, the provision would have clearly stated same[25]. It is no longer plausible to argue that the Att. Gen of a state cannot exercise his powers in relation to offences contained in an Act of the National Assembly where, by the tenor of the Act, it is intended to operate as a state law[26]. In any case, this argument will however partially stand on the outcome of the controversy surrounding the jurisdiction of the state high courts to try the offences contained in the Act and whether by the tenor of the Act, it is intended to also operate as a state law.

7. Law Enforcement Agencies

Section 58 of the Act defines “law enforcement agencies” to include any agency for the time being responsible for the implementation and enforcement of the provisions of the Act. They are responsible for the investigation of cybercrime complaints and prosecution of the suspects. They have several powers under the Act including the powers to make an arrest, search any person or place, request from a service provider the data or information of any of its subscribers required for the purposes of a criminal investigation, etc. One problem to underscore here is that there are several law enforcement agencies in Nigeria but the Act does not specify which particular agency is to implement the Act. In this connection, it seems that the Act intends that all the several law enforcement agencies in the country shall have similar powers to enforce or implement the Act as regards investigation and prosecution of cybercrimes. Section 41 (3) of the Act provides that “All law enforcement, security and intelligence agencies shall develop requisite institutional capacity for the effective implementation of the Act”. However, section 50 (3) of the Act talks of “the Commission” as regards bringing proceedings under the Act before the federal high court for expedited hearing. The Act does not define who “the Commission” is and therefore creates room for one to think whether the Economic and Financial Crimes Commission is the appropriate body envisaged by the Act to implement its provisions. Although in practice, it is usually the EFCC that pursues the implementation of the Act, there is still some confusion as to the appropriate body responsible for its implementation, and this informs part of the reasons why this research work calls for a unified and specialized institutional framework.  Research has revealed that one of the basic problems hampering the creation of a special cybercrime agency in Nigeria is the confusion as to whether the agency should be independent of other agencies or under a particular agency. While other institutions like the National Information Technology Development Agency (NITDA) claims that the agency should be instituted under it, the EFCC also wants the agency to be incorporated into its commission[27]. It is perhaps owing to this confusion that the Act seems not to focus on any particular agency but instead requires each of the agencies to develop its own institutional capacity for the implementation of the Act.

1. Other Cyber Security Institutional Framework in Nigeria

Apart from the institutions discussed above it is interesting to note that there are other institutions established in Nigeria for the specific purpose of tackling cybercrimes. In 2004, the Nigerian Federal Government established a cybercrime working group known as the Nigerian Cybercrime Working Group (NCWG) with the purpose of embattling the hydra-headed monster incidence of cybercrime. The NCWG is an inter-agency made up of all key law enforcement, security, intelligent and ICT agencies of the government plus the private organization in ICT sector. The duty of the working group includes: engaging in public enlightenment programs amongst existing agencies, providing technical assistance to the National Assembly in cybercrime, and in the drafting of the cybercrime act, laying the groundwork for cybercrime agency that will eventually emerge to take charge of fighting cybercrime in Nigeria[28]. However, it appears that the basic goal of the group was to produce a cybercrime bill[29]. Nothing has been heard of the group since the passage of the cybercrime bill into an Act in 2015 and the Act also does not recognize the existence of the group. Another institution to consider is the Nigerian Cyber Security Incident Centre (NCSIC). This is a virtual facility for online control of incidences of cybercrimes. The centre is established under the NCWG pursuant to the National Cyber Security Initiative. It is designed as the first ever national repository for all computer related incidents in the country. Victims of cybercrimes could log on and report their cases[30]. The problem however is the doubt cast upon the existence of this centre and the NCWG after the passage of the Cybercrimes Act in 2015[31]. It is not hazarding to guess that their silence all this while could trace to governmental neglect and lack of maintenance.

1. International Comparative Analysis

In the previous unit, this research work attempted to discuss the cybercrime institutional framework in Nigeria. Under this unit, we shall be looking at the position as it relates to the cybercrime institutional framework in other countries like the USA, UK, and China:

1. i) The United States of America Cybercrime Institutional framework

Unarguably one of the most technologically advanced and sophisticated countries of the world, the United States of America is a prime target of cyber criminals. The U.S government is clearly aware of this and therefore has taken strategic institutional steps towards thoroughly combating the menace of cybercrime out of the nation’s cyber space.

The Federal Bureau of Investigation (Cyber Division) is the lead agency for investigating cyber-attacks by criminals, overseas, adversaries, and terrorists[32]. There are specially trained cyber squads at the FBI headquarters and in each of the FBI’s 56 field offices, staffed with over 1000 agents and analysts who protect against and investigate computer intrusions, theft and intellectual property, etc.[33] The FBI’s Cyber Division has an Internet Crime Complaint Centre that accepts online internet crime complaints from either the victims or third parties. Under the FBI there is also the Cyber Action Team which was established in 2006 to provide rapid response against major computer intrusions and cyber related emergencies^[34].

There is also a National Cyber Forensics and Training Alliance (NCFTA) which was created in 1997 to deal with threats from transnational groups including spam, botnets, IP thefts and other financial fraud schemes that result in the loss of billions of dollars. The NCFTA works with FBI’s Cyber Initiative and Resource Fusion Unit to ensure the maintenance of a synergy amongst relevant cyber security bodies.

Under the U.S Department of Homeland Security, there is a National Cyber Security Division which was created in 2004. It partners with government, industry, and academia as well as the international community to make cyber security a national priority and to reinforce that it is a shared responsibility. Some of its programs include the National Cyber Response Coordination Group and the U.S Computer Emergency Readiness Team, etc.[35] Similarly, under the U.S Department of Defense, there is a Cyber Command (CYBERCOM) which defends and protects the information networks of the U.S Department of Defence from cyber threats.

Apart from the Office of the Deputy Assistant Secretary of Defence for Cyber Policy which basically develops and oversees the implementation of cyber-related policies and strategies, there is also the National Office of Cyber Security and Communications (CS & C) that is saddled with the responsibility of enhancing the security, resilience, and reliability of the nation’s cyber and communications critical information infrastructure[36].

Finally, there is also a National Cyber Investigative Joint Task Force which was established in 2008 and comprises of over 20 partnering agencies from across the law enforcement, the intelligence community and the Department of defence. Its primary responsibility is to coordinate, integrate, and share information to support cyber threat investigations and to pro value to other ongoing efforts in the fight against cyber threat in U.S.A.[37]

1. ii) The U.K Cybercrime Institutional Framework

The principal guidance for U.K cyber security is provided by the National Cyber Security Strategy (NCSS) published in 2016. Pursuant to the strategy, the government aims at ensuring that by 2021, the U.K is secure and resilient to cyber threats and confident in the digital world.[38]

The National Crime Agency is the U.K’s national law enforcement body which works closely with various law enforcement bodies such as the U.K police, regional organized crime units, and partners in international law enforcement such as Europol, the FBI and the U.S law enforcement agencies to share intelligence and coordinate actions. It also has a cybercrime unit which acts as a centre of expertise and tackling cybercrime[39].

There is also the National Cyber Security Centre (NCSC) which began operating in 2016 but was formally opened in February, 2017. The NCSC is part of Government Communications Headquarters (GCHQ), the U.K’s Sovereign Signals Intelligence (SIGINT) and Information Assurance Agency. Its responsibilities include countering and investigating online digital crimes, and to ensure the security of U.K’s Critical National Infrastructure. It is apposite to note that the NCSC brought under one roof pre-existing anti-cybercrime bodies such as the Centre for Cyber Assessment, Computer Emergency Response Team U.K, and the national technological authority for information assurance (I.A). This institutional reorganization provides government agencies and departments, firms and citizens with a single point of contact for cyber security expertise and guidance[40].

The U.K Get Safe Online is another important institution in reckon with here. It is a public/private organization with the backing of both the U.K government and leading organizations in banking, retail, internet security and other sectors. It maintains a rich a website which forms a unique resource of advice on how to protect computers and mobile phones from fraud, identity theft, viruses and other online hazards. It also partners with law enforcement agencies and other bodies in support of their outreach activity, internal awareness and customer online safety[41].

Apparently, the U.K appreciates the importance of publicity and sensitization as it relates to cyber security measures. Apart from the Get Safe Online, there is also the Cyber Aware (Formerly Cyber Streetwise) organization which basically aims at driving behavior change among small businesses and individuals so that they adopt simple secure online behaviors to help protect themselves from cyber criminals.[42] Finally, report has shown that U.K is also planning to establish a new cyber force of over 2000 operatives which will cost hundreds of millions of pounds.[43]

iii) China Cybercrime Institutional Framework

The Chinese Cyber Police Force is basically the institution responsible for ensuring cyber security in the nation’s cyber space through the investigation, arrest and prosecution of cyber criminals. It is the internet crime division of the Ministry of Industry and Infrastructure Technology. It has focused a good deal of its attention on pornographic websites, internet fraud, and internet businesses.[44] Other Chinese public and private security agencies also have institutional capacities for tackling cybercrimes but the Cyber Police is comparatively the most specific and strongest among all the agencies with the task of tackling malicious online conducts.[45] Worthy of emphasis here is the numerical strength of china cyber police. The Chinese cyber police force is over a million and as at 2013, it was reported that the country recruited 2 million people into its internet police.[46] The reason behind this numerical strength ranges beyond the fact that there are many internet users in China to the fact that the Chinese government has a full grasp of the intricacies of cyber security in this digital world. There is also the Cyberspace Administration of China (CAC) established in 2014 which is the central internet regulator, censor, oversight and control agency for the Republic of China.[47] Its range of work includes launching the annual propaganda week of national security to improve security awareness, launching special campaigns aimed at regular detection of internet crime; releasing plans pertinent to education and talent cultivation; providing funding support and promoting security law, etc. Worthy of note finally is the Internet Society of China (ISC) which was formed in May 2001 and is apparently a normative institutional framework backed by and often used by the Chinese government to mount pressure on organizational constituents to comply with certain internet standards set by the government.

1. Comments/Recommendation

A look at the institutional frameworks of the three countries considered above shows clearly that Nigeria has a lot of work to do in relation to cyber security institutional measures. In as much as the three selected countries are not the best in cyber security in the world, there are quite some tips that can be borrowed from them. According to a recent cyber security report which analyzed the cyber security status of 60 selected countries and ranked them starting from the least cyber-safe to the most cyber-safe, Nigeria was ranked 11^th while U.S.A, U.K and China were ranked 53^rd, 57^th and 13^th respectively, with Japan rated 60^th as the most cyber-secure country amongst the list.[48] The most striking aspect of the report in relation to this research work is how the countries were assessed on their current readiness for cyber-attacks – Nigeria scored 0.569 while U.S.A, U.K and China scored 0.919, 0.783 and 0.624 respectively. This clearly shows that these countries have better cyber security institutional framework than Nigeria. Although China was ranked 13^th in the list, the report shows that they are even more ready to deal with cyber-attacks than Denmark which ranked 57^th but scored 0.617 on cyber-attack readiness.

The existence of several cyber-specialized bodies coupled with their organization and numerical strength are factors present in the criminal justice response of the three countries considered above which this research finds lacking to some extent in Nigeria. Institutional/Regulative permissiveness is a driving force behind the growth of the cybercrime industry. Little wonder, weak law enforcement machinery has been cited as a contributory factor why cyber criminals in developing countries (like Nigeria) feel more confident than their like-minds in developed countries.[49]

A careful perusal of the Nigerian Cybercrimes Act as it relates to specific cyber security institutions shows that the Act adopts an approach whereby all relevant law enforcement agencies are each envisaged to have a cybercrime unit attached to them, while the office of the National security adviser shall be the coordinating body. The Act also envisaged the creation of cyber-security institutions such as the National Computer Emergency Response Team (CERT) Coordination Centre to manage cyber incidences, a Computer Forensic Laboratory to assist the law enforcement agencies and a Cyber Security Research Centre. Unfortunately, the physical presence of these bodies is yet to be felt.

Of all the relevant law enforcement agencies in Nigeria, it appears that only the EFCC is making efforts towards fighting cybercrimes though it is not certain whether the agency has a formidable cybercrime unit. However, allocating the function of investigating and prosecuting cybercrimes to the EFCC alone will be misleading because not all cyber offences are economic or financial in nature, e.g. child pornography, cyber stalking, xenophobic offences, etc. The Nigerian police force which has more general and wide powers than the EFCC also does not have a specialized unit for handling cyber security. These institutional lapses constitute a huge setback in Nigeria’s fight against cybercrimes. In this connection, this research work recommends as follows:

• There is need for the creation of a specialized cybercrime agency which will bring under one roof all those cyber security units and teams envisaged under the Cybercrimes Act. The agency should be independent of other law enforcement agencies but will cooperate with the various cybercrime units of those law enforcement agencies to track down, investigate and prosecute cybercrime suspects. Creating a specialized cybercrime agency will promote effectiveness, efficiency and accountability. Specialization in this sense will be different from monopolization of the cyber security task as the agency will partner with other existing law enforcement agencies at all times.
• All other relevant law enforcement agencies should as well comply with the Cybercrimes Act by establishing institutional capacities to handle cybercrime matters. This can be achieved by either recruiting graduates who are knowledgeable in computer science and acquainting them with the practical rules and procedures of law enforcement or by training existing members who already know the workings of the law to become cyber security experts. The former method is better because it will promote employment and it appears that existing members of various agencies find it difficult to adapt novel responsibilities different from what they are used to – carrying guns, tracking down suspects, physical arrest, interrogation, prosecution, detention, etc.
• There should be an internet crime complaint centre.[50] Cybercrimes are committed online and the victims who learn of the violations may wish to lodge a complaint to the relevant authority for investigation. This problem can be solved by creating an internet crime complaint centre which shall be under the suggested Cybercrime agency with an online presence for the receipt and investigation of cybercrime complaints.
• There is need for a cybercrime research centre which shall be an educational institution on its own with physical presence in various universities in the federation. It will be a centre for research and training of interested candidates including those working in the cyber security units of various law enforcement agencies. Government should show a massive support to the centre by awarding scholarship to the interested candidates and offering them employment in the cyber units of key parastatals and agencies.
• There should be special judges in various courts with the specific mandate of hearing internet crime matters. In other words, both the federal high court and the state high court should establish special courts in each of their divisions for this purpose. In this connection, this research argues that the jurisdiction to try cyber offences should not be limited to the federal high court alone.
• Finally, in as much as Nigeria boasts of numerous land army, navy and air force, etc. for its national security, it is pertinent for the country to build a cyber-army of experts to defend the nation’s cyber sovereignty against intruding cyber terrorists as the winter is here already and the impending world war appears to be a cyber-war.

[1] Victor Obinna Chukwuma Esq. LLB ( Unizik), BL (Nigerian Law School, V.I Lagos) Counsel at Adekunle Ojo & Associates, Ikeja, Lagos. The writer can be contacted through his email: obinnaonwa132@gmail.com or his phone number: 07069182735)

[2] Gottschalk, P “Policing Cybercrime” Published by Book boon, 2010 pg. 9 (1-137)

[3] Sheala, S “Cybercrime – Definition, Challenges and the Cost” International Journal of Computer & Mechanical Science (2014) Vol. 3 No. 2 pg. 34 (pp. 34-38)

[4] Madhu, T “Security Against Cybercrime: Prevention and Detect” Published by Horizon Books (A Division of Ignited Minds Edutech P Ltd) 2017 pg. 40 (pp. 1- 216)

[5] See Part III of the Act

[6] See Section 36 (12) of the Constitution of the Federal Republic of Nigeria, 1999 ( as amended in 2011)

[7] See also Section 29 (1) of the Nigerian Terrorism Prevention Act, Official Gazette No. 25 Vol. 100 (2013) A27 and Section 148 of the Nigerian Communications Commission Act, 2003 Cap N97 LFN 2004

[8] See Section 41 (1) of the Cybercrimes (Prohibition, Prevention) Act, 2015

[9] Section 42 (3) (4) and (5) of the Act

[10] See Section 43 of the Act

[11] Section 50 (3) of the Act

[12] See Garba v Federal Civil Service Commission (1998) 1 NWLR PT. 107 at 68

[13] This is more of legislative inelegance – While a comparison with section 26 (1) of the Nigerian Drug Law Enforcement Agency Act, Cap E30, LFN 2004 lends support to this argument as the jurisdiction of the federal high court to try offences under that Act was expressly stated to be exclusive, another comparison with the section 18 of the EFCC Act shows the contrary as that section more comprehensively stated that the federal high court and the state high shall both have jurisdiction to try offences under the Act.

[14] See Eze v FRN (1987) 2 SC 320

[15] Yetunde A, O “All Eyes on Special, Sexual Offences Court” Published by the Guardian News, 06 Feb, 2018 available at https://www.google.com.ng/amp/s/guardian.ng/features/all-eyes-on-special-sexual-offences-court/amp accessed on 2nd June, 2019

[16] Section 37 of the Act

[17] See section 58 of the Act

[18] Section 37 (3) of the Act

[19] Sections 38 to 40 of the Act

[20] Alagbe J “Give us Naira Marley’s transaction history, EFCC tells Mastercard, Visa”  PUNCH, June 1, 2019 available at https://punchng.com/give-us-naira-marleys-transaction-history-efcc-tells-mastercard-visa/ accessed on 3^rd June 2019

[21] Section 40 (3) of the Act

[22] Section 41 (2) of the Act

[23] Section 47 of the Act

[24] See sections 174 and 211 of the CFRN, 1999 (as amended)

[25] See for instance sections 52, 55 (3), 57 of the Act where the draftsman apparently intended that those provisions are to apply to the AG Federation alone.

[26] Emelogu v State (1988) NWLR (PT 78) 524

[27] See Berlastsky, N “Cybercrime” Published by Greenhaven Publishing LLC, 2003 Pg. 83 (pp. 1-216)

[28] See Adomi, E, E “Security and Software for Cybercafés” Published by IGI Global, 2008 Pg. 209 (pp. 1-360)

[29] Berlastsky, N Opcit pg. 82

[30] Adomi E, E Opcit pg. 209

[31] Please note that Act never outlawed them but they seem to have gone into hiding after the Act came into force.

[32] Morgan S “Directory of U.S State and Local Cyber Crime Law Enforcement: How to report a cyber-attack, data breach, or hack to the authorities” (published by Cyber Security Ventures) available at https://www.cybersecurityventures.com/directory-of-u-s-state-and-local-cybercrime-law-enforcement/ accessed on June 5^th 2019.

[33] Michael K and Edward M “U.S Government Counterterrorism: A Guide to Who Does What” Published by CRC Press, 2016 pg. 122 (pp. 1-407)

[34] Morgan S Opcit

[35] Michael K and Edward M Opcit pg. 118

[36] Ibid pg. 118

[37] FBI, National Cyber Investigative Joint Task Force available at https://www.fbi.gov/investigate/cyber/national-cyber-investigative-joint-task-force accessed on June 5th 2019.

[38] Stevens, T etal “U.K Active Cyber Defence: A Public Good For the Private Sector” Published by King’s College London, January 2019 pg. 7 (pp.1-40)

[39] House of Commons – Home Affairs Committee: E-Crime – HC-70: Fifth Report of Session 2013-2014 Published by The Stationery Office, 2013 pg. 69

[40] Stevens, T etal Opcit pg. 8

[41] Adopted from https://www.getsafeonline.org/about-us/ last accessed on 6^th June 2019

[42] Adopted from https://www.cyberaware.gov.uk/about-us last accessed on 6th June 2019

[43] See Ana Bera “Cyber Warfare Statistics” Published by Safeatlast on March 14, 2019  available at https://safeatlast.co/blog/cyber-warfare-statistics last accessed on 6th June 2019

[44] Richard J, T “World Criminal Justice System: A Comparative Survey” 9^th Edn Published by Routledge, 711 Third Avenue, New York, 2015 pg. 492 (pp. 1-752)

[45] Xingai, L “Regulation of Cyber Space: An Analysis of Chinese Law on the Cyber Crime” International Journal of Cyber Criminology Vol.9 Issue 2 July-December 2015 pg. 198 (pp. 185-204)

[46] See Katie, H & Xu, C “China Employs 2 Million to Police Internet” CNN News, Oct 7, 2013 available at https://www.cnn.com/2013/10/07/world/asia/china-internet-monitors/index.html accessed on 7th June, 2019.

[47] Bixing F “Cyberspace Sovereignty: Reflections on Building on a Community of Common Future in Cyberspace” Published by Springer, Singapore, 2018 pg. 178 (pp. 1-482)

[48] See Rebecca M “Which Countries Have the Worst (and best) Cyber Security?” published by Comparitech, Feb 6, 2019 available at https://www.comparitech.com/bog/vpn-privacy/cybersecurity-by-country/ accessed on June 8, 2019

[49] Kshetri N “The Global Cybercrime Industry: Economic, Institution and Strategic Perspectives” Published by Springer Science & Business Media, 2010 pg. 172 (pp. 1-252)

[50] This was envisaged under section 21 of the Nigerian Cybercrimes Act