Professional Documents
Culture Documents
The opinions expressed in this publication are those of the author. They do not purport to
reflect the opinions or views or official positions of any institution or organization to which
the author is affiliated.
All rights reserved. No part of this publication may be reproduced, stored in a retrieval
system, or transmitted in any form or by any means, electronic, mechanical,
photocopying, recording, or otherwise, without written permission from the author.
II
AUTHOR BIO
III
DEDICATION
IV
PREFACE
This book is divided into two parts which are separate but interconnected. Part I focuses
on the future of e-Governance (e-Participation) in Nigeria. Part II focuses on the security of
cyberspace and vulnerability of the systems that undergird e-Governance.
V
future scenarios of social change from a policy perspective, indicating the drivers of
change and what needs to be done now to prepare for the future.
VI
CONTENTS
VII
Part II — Cybersecurity and Data Protection: Legal Regimes,
Vulnerability, and Smart Options for Improvement 48
1. Introduction 49
2. Approach, Methodology and Objectives 50
3. The Nature of Cyberattacks and Data Privacy Breaches 52
4. Definition of Terms 54
5. Constitutional Foundations of Cyber Security and Data Protection 55
6. Policy and Legal Framework for Cybersecurity and Data Protection 57
7. ECOWAS Legal Regime for Cybersecurity and Data Protection 61
Box 1: New ECOWAS Legal Regime 61
8. Vulnerability of State and Non-state Entities 64
9. Scorecard: Nigeria's Cyber Vulnerability 73
10. Conclusion 75
Box 2: Recommendations and Suggestions for Action 76
11. Smart Recommendations 77
References 82
Notes 85
VIII
BOXES, FIGURES AND TABLE
Part I
Box 1 Key Questions: Justification 5
Box 2 Recap of Likely Significant Shifts in State-Society Relationship
in Nigeria from 2018 to 2048 38
Figure 1 Demographic clusters (loci) as at 2018 15
Figure 2 Projected demographic clusters (loci) by 2033 16
Figure 3 Population of Nigeria as at 2018: male and female 17
Figure 4 Projected population of Nigeria by 2048: male and female 18
Figure 5 Distribution of loci in 2018 23
Figure 6 Projected distribution of loci by 2048 23
Figure 7 Women and youth blocs comparative to ruling party:
2015 presidential elections 30
Figure 8 The link between political awareness and political empowerment 33
Part II
Box 1 New Article 9: Legal Regime of the (ECOWAS) Community 61
Box 2 Recommendations and Suggestions for Action 76
Figure 1 Elements of risk assessment 51
Figure 2 Elements of vulnerability assessment 51
Figure 3 Elements of vulnerability assessment 74
Figure 4 Nigeria's vulnerability rating 74
Table 1 Policy and legal framework for cybersecurity and data protection
in Nigeria 57
Table 2 Vulnerability rating table 65
Table 3 Vulnerability rating key 65
IX
ABBREVIATIONS
3-D Three-dimensional
ATM Automated Teller Machine
AVS Address Verification System
CBN Central Bank of Nigeria
CCIS Committee of Chiefs of Intelligence Services
CCSS Committee of Chiefs of Security Services
CEO Chief Executive Officer
CIA Central Intelligence Agency
CSO Civil Society Organization
ECOWAS Economic Community of West African States
EFCC Economic and Financial Crimes Commission
EGDI E-Governance Development Index
EU European Union
FBI Federal Bureau of Investigations
GIABA Inter-Governmental Action Group against Money Laundering
GPS Global Positioning System
GSM Global System for Mobile Communications
ICT Information and Communication Technology
INEC Independent National Electoral Commission
INTERPOL International Criminal Police Organization
IPOB Indigenous People of Biafra
IT Information Technology
MDAs Ministries, Departments and Agencies
NBS National Bureau of Statistics
NCC Nigerian Communications Commission
NeGSt National e-Government Strategy
NIMC National Identity Management Commission
NITDA National Information Technology Development Agency
X
NITEL Nigerian Telecommunications Limited
NPC National Planning Commission
NPopC National Population Commission
POS Point-of-Sale (terminals for processing card payments)
PVC Personal Voter Card
SNC Sovereign National Conference
SNG Save Nigeria Group
WAPCCO West African Police Chiefs Committee
WAPIS West African Police Information System
YEAA Youth Earnestly Ask for Abacha
XI
PART I
1. Introduction
In our brave new world of ultra-high-speed, seamless interconnectivity of bandwidth,
ideas, peoples, finance, resources, goods and services, nearly anything is possible in
cyberspace. Not surprisingly, processes of government and governance are not spared
in the global centripetal move towards digitization and the Internet of Things. Recent
events in the Nigerian public space irrefutably point to the fact that the cyber-enabled
surge in citizen consciousness and explosion of virtual spaces for engagement inspire
and incite needed change by making increasing demands on transparency,
accountability, responsiveness, efficiency and effectiveness. Just as people and groups
increasingly lend their ideas, voices and votes to processes and decisions that were
hitherto reserved for public servants and political office holders, governments are
adapting by creating structured and digitized channels for engaging with citizens, state
and non-state entities in a participatory manner.
According to the National Bureau of Statistics, telecoms data for the second quarter of
2018 reflected that a total of 162,522,772 subscribers were active on voice (GSM and
others) and a total of 103,514,997 subscribers were active on the internet, with mobile
platforms making up over 90% of the traffic². Comparative data updated to August 2018 is
also available on the Industry Statistics page of the Nigerian Communications
Commission's website³. With Nigeria's population projected to hit over 281 million by
2033 and over 380 million by 2048⁴, ICT will increasingly become an essential part of
everyday life and ICT companies will compete to deliver goods and services to people in
the most efficient and convenient ways. Undoubtedly, ICT-driven people participation in
governance (e-Governance) will continue to grow and expand. The lesson from most ICT-
enabled processes is that the future is hardly predictable and possibilities are endless:
the trajectory of such development may go in paths not anticipated today.
2
Part I -The People's Manifesto
harnessed into a critical mass and attain critical momentum that is able to counterbalance
and overtake resistance to change.
Notably, ICT is an enabler in the disruption and remaking of state-society relationship but
not the sole factor. Working together, other factors also play a critical role in the process.
While some of the factors are virtually on autopilot, there should be a deliberate effort to
harness and direct them towards achieving desired results. Significantly, the difference in
the locus of power and authority in Nigeria is that while the mass of the people are still on
autopilot and therefore not in control of decisions, direction, destination, conditions and
outcomes, the political élite harness resources available to them (including the divided
voices and votes of the people) to achieve their desired results. The people have no
manifesto; political parties have manifestos and the élite have their gentleman's
agreements. Combined reading of open data and government datasets on ICT,
demographics, social development and political processes as presented in this book
suggests that the current reality is likely to change in significant ways in the next 15-30
years. Therefore, the inevitable task before the government and the people is to
anticipate, prepare for and adapt to the change.
3
FUTURE GOVERNANCE
raise the flag on likely outcomes and crucial measures based on a convergence of
various observable and measurable trends. Its central thesis is that cyber-enabled
disruption to political governance in Nigeria is likely to happen not in the sense of a
violent takeover of the mantle of political power from the élite by the masses, but in the
sense of a progressive realization of the power available to the people, renegotiating
present and future realities with the government and other stakeholders, and making the
transition from political consciousness to empowerment. The people will play a central
role in reshaping their relationship with the government and political stakeholders by
clearly articulating their goals and expectations and negotiating the new political reality
based on those. The process will not always be smooth; some level of friction and conflict
is inevitable and must be anticipated and managed.
In the sphere of political governance, ICT acts as a catalyst for political awareness, an
enabler of political participation and a tool for political mobilization. However, in attaining
political empowerment, the impact of ICT may be limited. This study finds that ICT
enables Level I and Level II disruption on autopilot and through its ripple effect; however,
Level III disruption and remaking of state-society relationship requires effective
leadership, unity of purpose, deliberate planning and unity of action. Although the
progression is not always linear, the various factors that engender the transition to
empowerment and the landmarks in the process are highlighted in this part of the book.⁶
The approach is not remedial but expository and future-based. It seeks to inspire
“planning from the future” by major stakeholders including governments at all levels,
government agencies, policy makers, planners, political parties, electoral umpire, civil
society organizations, traditional and informal institutions, platforms for social inclusion,
businesses, and the people. Notably, projections of likely future scenarios of ICT-enabled
disruption to “government as usual” and rise in mass political consciousness for the next
15-30 years (2033-2048) are made based on the assumptions of continuing rise in
education and innovation in the ICT sector. The methodology used in data gathering
includes examination of primary and secondary sources, interpretation of datasets and
interviews. In drawing from the vast literature on e-Governance in Nigeria, social
dynamics and people participation in governance, a multidisciplinary approach which
combines demographic, statistical, social, legal and political analyses is used to
synthesize knowledge.
4
Part I -The People's Manifesto
Part I has six objectives which are developed along the following tracks:
a) map the potential and the future development of e-Governance in Nigeria;
b) envision scenarios of ICT-enabled disruption of state-society relationship and
highlight landmarks in the process;
c) propose a new form of social contract in remaking the relationship between the
people and the government and highlight the pros and cons of people power;
d) clarify the link between political consciousness and political empowerment, and
what is needed to make the transition from awareness to empowerment;
e) challenge popular assumptions on the role if ICT and the internet in influencing
political consciousness, participation, behaviour and mobilization; and
f) present likely significant shifts in state-society relationship from 2018 to 2048 in
order to inform long term planning by major stakeholders and decision makers.
Q: What is the link between ICT, political governance and social change?
A: ICT is at the intersection of political governance and social change and it can
5
FUTURE GOVERNANCE
Q: Why should the government and the people prepare for the future and when
should they prepare?
6
Part I -The People's Manifesto
E-Government involves the use of ICT by governments to enhance the range and quality
of information and services provided to citizens, CSOs, businesses, and ministries,
departments and agencies (MDAs) in an efficient, cost-effective and convenient manner.
E-Governance involves the use of ICT by both governments and the governed to enhance
the range and quality of people participation in their government in a manner that
strengthens democracy by making governance processes more responsive, responsible,
transparent and accountable. E-Governance is often referred to as e-Participation.
Digitization is broader and finds application across virtually all sectors and processes. In
essence, it can be applied to the banking sector, oil and gas, telecoms, transportation,
7
FUTURE GOVERNANCE
In the views of Hai and Ibrahim,⁸ e-Government consists of digital interactions between
the following: a citizen and their government (C2G), governments and other government
agencies (G2G), government and citizens (G2C), government and employees (G2E), and
government and businesses/commerce (G2B). The above spheres of interactions have
come to be known by some as “models of e-Government”. Although the classification
offers a good starting point for analysis, it has several limitations. First, e-Governance is
not a one-way traffic. Rather it is multi-directional and includes initiatives by the citizen
sector in adding voice to matters of concern to the citizenry, expanding participation in
governance and providing input and feedback for policy and law formulation or reforms.
Secondly, the five business models above do not sufficiently capture the complexities of
interactions in society which often involves stakeholders and intermediaries,
unstructured networks and multiple channels of influence.
8
Part I -The People's Manifesto
Dalal Ibrahem Zahran, et al. capture it better:⁹ “The common limitations of most models
are focusing on the government and not the citizen, missing qualitative measures,
constructing the e-equivalent of a bureaucratic administration, and defining general
criteria without sufficient validations.”
Notably, any attempt at modeling may become limiting in the light of emerging
developments and greater ICT-life integration. Processes that enable citizens to
participate in a transparent manner and to engage in real-time feedback to the
government include electronic voting, voter registration, online referendum, e-
Rulemaking, e-payments of bills and rates, online tax return, online registration of
businesses, complaints and grievance-remedial procedures, submission of legislative
proposals and petitions by private citizens, scholarships for students, etc. Such processes
have the potential to demystify and simplify the process of governance, and to reduce the
cost of governance by eliminating physical barriers.
Expanded channels of e-Governance include the following. The list is not exhaustive.
Such channels use customer relationship management principles for public service
where citizens are seen as customers or consumer. For instance, SERVICOM (described
as a service compact between the federal government including all its organs and the
Nigerian people), the Nigerian Communications Commission and the Nigerian
Immigration Service portals.
These include state-owned and non-state platforms for citizen feedback, citizen
participation in government and influencing public policy. For instance, Public Complaints
Commission, filing tax returns online through the Federal Inland Revenue Service portal,
and #Not-Too-Young-To-Run campaign.
Government transactions dealing with contractors and the organized private sector. For
instance, the Nigerian Stock Exchange portal, Central Bank of Nigeria portal, Corporate
Affairs Commission, E-payment systems.
Platforms of the organized private sector for advancing sectoral interests and influencing
9
FUTURE GOVERNANCE
policy. For instance, National Association of Chambers of Commerce, Industry, Mines and
Agriculture, Manufacturers Association of Nigeria.
Some government MDAs operate to regulate or supervise relations between the citizens
and businesses. For instance, Consumer Protection Council, National Communications
Commission, National Agency for Food and Drug Administration and Control, etc. Citizen
feedback may be enabled for better regulation and service provision.
Government services provided in relationship to its civil service and public sector
workforce. For instance, the Nigeria Pension Scheme system, Public Service Commission.
Employee organizations for collective bargaining with the government, such as the
Nigerian Labour Congress, National Union of Teachers, National Union of Local
Government Employees.
This often takes the form of unified communication via a structure dedicated Virtual
Private Network among state agencies or between the foreign agencies of various states.
Although e-Governance in Nigeria is still inchoate, the above options and combinations of
options offer directions for future development. Potential future applications of ICT to
governance and possibilities for the next 15-30 years are virtually endless.
10
Part I -The People's Manifesto
Back in 2003, NITEL telephone booths and banking halls with agonizingly long queues
and cybercafés with snail-paced internet connections were the norm. If one needed to
browse the internet to research on a topic or to call one's relations overseas, one had to
go for “night browsing”. Between 2003 and 2018, the power of mobile telephony, GSM
and the internet—which have more computing power than NASA used to land a man on
the moon in 1969—has been put in the hands of over 100 million more Nigerians. Beyond
the numbers and the convenience of person-to-person communication, ICT applications
have revolutionized entire sectors: media and broadcasting, banking,
telecommunications, trade and commerce, defence and intelligence, entertainment,
education, etc. Some things that never existed before have now become the norm. Think:
mobile and internet banking, electronic transactions, online shopping, online trading,
social media, automated reminders, live video and music streaming, unlimited
downloads, face-timing, live chat, activity tracking, GPS navigation, vehicle tracking and
anti-theft, cloud computing, real-time language translation and interpretation, mobile
gaming, online betting, online poll, online learning, e-books. More so, there are no special
admission criteria or induction ceremony in cyberspace; anyone with a cyber-enabled
device can create or recreate their own virtual reality.
And it gets better. With immense power in the hands of over 100 million more Nigerians,
the next question becomes: what will the people do when they realize the potential in
their hands and how do they wield such power to achieve the outcomes they desire? In
the future, ICT applications will expand to improve service delivery in the health sector,
education, transportation, agriculture, tourism and hospitality, micro- and macro-
economy, security and governance. Self-driving and electric cars will become the norm
globally by 2033. The impact of self-driving electric cars will not only be measured by the
millions of people who will switch from fossil fuel to digital reality, it will disrupt entire
sectors. Over time, the impact will also be felt in the global collapse and phasing out of the
fossil-fuel-powered auto industry, loss of millions of jobs that supported the industry,
shrinking of the auto insurance industry due to improved safety standards, reduction in
death and injury caused by auto accidents, freefall in oil prices, possible economic slump
in oil-producing countries, global reduction in carbon emission, seamless connectivity
and communication between the new-age cars and other systems and devices.
Interestingly, self-driving and electric cars will not be the only new things. Ongoing
11
FUTURE GOVERNANCE
research and development in artificial intelligence and computer learning including drone
technology, space travel, cyberspace weaponization, virtual reality, big data, 3-D printing,
all point to a 2033 which will bear little or no semblance to 2003. Certainly, the trend is
irreversible and the future is as promising as it is unpredictable.
In the sphere of governance, ICT-driven disruption will likely be witnessed in the form of
rise in political consciousness, political participation and political mobilization. Various
processes of governance will be conducted through online and cyber-enabled platforms.
For instance, there will be a shift from manual voting at polling stations to online voting,
online voter registration and online registration of political party membership.
Furthermore, the nature, structure, constitution and internal governance of political
parties will likely be reconfigured. The youth will have greater voice in political decision
making. Informed citizens will make greater demands on their governments to improve
delivery of public goods and services, to increase efficiency, transparency and
accountability in governance, and improve responsiveness to the needs of the people. A
likely consequence of the waning of “oil money” will be leaner governments and leaner
budgets for government projects and structures, and diversification of the economy into
more productive sectors. ICT-driven disruption is happening at a pace that governments
at all levels could never keep up with. To bring home the point, governments in Nigeria still
struggle with establishing efficient refuse disposal systems, potable water and public
transportation systems. In fact, our “systems” are anything but systems—if a system is
understood to mean different parts working harmoniously together to become greater
than the sum of the parts. Over time, it will no longer be enough for governments to focus
on aspects of development that are relevant and important to the political class only. The
sharp contrast will likely force governments to adapt and renegotiate the new reality or
become obsolete.
5.4 E-Governance
12
Part I -The People's Manifesto
celebrating the most honest public officials. As reported by CNN, Integrity Idol started in
Nepal in 2014 and the competition is now conducted by volunteers in Liberia, Pakistan,
Mali and South Africa. Although early trials of the show have not attracted massive traffic
compared to celebrity shows and entertainment, this is only an indication of what is
possible in the next 15-30 years with explosion in creativity and innovation. Also,
online/mobile voting is likely to be tested at the local and state levels before being
adopted for nationwide elections.
E-Governance is inevitable but also inevitable are actual and potential risks that undergird
the systems that support e-Governance. In the case of online/mobile ballot, the risks of
cyberattacks, hacking, system failure or shutdown, systematic disenfranchisement of
specific segments of the population, are real and the impact will be high. ICT
compromised can also enable massive rigging at the click of a button and distortion or
manipulation of results. In theory, online/mobile voting will also have many good sides. It
will reduce bribery (money-for-votes), undue influence, and voter apathy caused by long
queues at polling stations. Introduction of early online voting will likely improve voter
participation. It will also remove the inconvenience of having to travel out of one's state of
residence to one's state of origin/registration in order to vote during elections, and the
collateral disenfranchisement of millions of Nigerians in the diaspora. Furthermore, by
limiting physical exposure of people and voting materials, it will reduce political thuggery
and violence and will drastically shrink the heavy financial costs and logistic nightmare
associated with organizing and conducting elections in Nigeria.
Public service leadership and political authority in Nigeria currently resides in the age
brackets 45-60 years and 60-75 years. This is the locus of authority and power. In terms of
making things happen on a society-wide scale, all the other loci feed into this one. Reality
13
FUTURE GOVERNANCE
check: the flagbearers of the two main political parties in Nigeria for the 2019 presidential
election are both over 70 years old. An overwhelming majority of political influencers are
also in the 60-75 years bracket and have had a relentless hold on political power for
decades.
Ü Locus of service/impact
To a large degree, the age brackets 30-45 and 45-60 years currently represent the
generation of change-makers. More or less, they have learned to channel their creativity
and innovation to enabling social change and achieving desired result. Service and
impact are their credo. Career and job satisfaction are strongly linked to meaningful work
that impacts the community or has potential for impact. This is the locus of influence. While
they are not yet in top decision-making positions, their influence is likely to ripple out and
expand.
Ü Locus of creativity/innovation
The age brackets 15-30 years and 30-45 years house the creators and innovators of our
time. These are not only active on social media but are learning to harness the power of
ICT and online interactions to solve problems in various sectors. This is the locus of
potential and personal power. Well cultivated and nurtured potential and personal power
often matures into influence and social impact.
0-15 years and 15-30 years are virtual explorers. By 2013 figures, almost half of the
Nigerian population of around 182 million people was under 15. These are the most
active social learners and currently the most active on social media and online platforms.
This is the locus of learning and formation. Games, fun, chat, live videos and photo sharing
is the norm. Snapchat and Instagram are their tribe. Because this bracket operates mostly
on autopilot, guidance and demonstration are essential in their learning curve.
While the above clusters depict the big picture, the age brackets should not be seen as
water-tight compartments. Also, some people are able to make the exceptional upward
leap beyond their age bracket. The above loci are represented in the pyramid below.
14
Part I -The People's Manifesto
Projecting from the above demographics and social dynamics, a combination of the
following changes will produce the generational shift in governance in the next 15-30
years (by 2033-2048).
6.1 Youth
Those currently in the loci of social learning and creativity/innovation will naturally
transition into the loci of decision making and service/impact to various degrees.
Concurrent with the upward movement will be a deepening of the internet and ICT
penetration in government and all other sectors. The growth will be significant in many
dimensions. First, the next 15-30 years will witness a massive youth bulge but also an
explosion of creativity, innovation and social enterprise. While this represents an upward
movement in age and responsibility, it will also come with heightened political
consciousness and political participation, personal power, greater demands for better
governance. The youth bulge will also bring along with it challenges that are likely to
overwhelm many sectors of the government and the society if we do not plan and prepare
for them now. Currently, ICT favours the youth. Most Nigerians aged 40 and above did not
use computers in high school and university and did not start using smartphones until they
were 25-30 years. They are therefore less likely to be ICT-savvy. This creates a digital
divide which in the next fifteen years will shift the locus of decision making more than any
other factor. It will also come with a fundamental shift in orientation: leadership will
15
FUTURE GOVERNANCE
become more distributed due to the push-and-pull factors of increased personal power,
leverage of social influence, greater social and political consciousness and the desire to
participate in decision making. Decision making will be flipped on its head and brought
closer to the people. The likely transitional scenario is represented below.
6.2 Attrition
A related change will be that the age brackets in each locus will shrink in the upper sphere
and expand in the lower sphere. For instance, by 2033 the locus of decision making is
more likely to shrink in the 60-75 bracket and expand in the 45-60 bracket. In comparison
to 2018, by 2033 there will be more people in positions of authority and power between
ages 45-60, and less people in such positions between ages 60-75. Attrition will lead to
greater age diversity, balance and opening up of spaces in government for the youth.
Authority and power will progressively shift away from the older generations and towards
the younger. Political participation and decision making will become part of everyday lives
of the people and interwoven with other spheres. This current of change will likely
16
Part I -The People's Manifesto
normalize around 2048. Also by 2048, a combined result of the expanding middle class,
social awareness and social learning, government policy and education is that families will
mostly be characterized by fewer offspring, and greater cultural acceptance of family
planning pathways is likely to lead to lower birth rates. The federal government of Nigeria
is considering deeper family planning and child spacing sensitization as part of the
Economic Recovery and Growth Plan. Significantly, the percentage of Nigerians aged 0-
15 will shrink from around 43.7% in 2018 to a projected 35.8% in 2048. This dynamic will
more or less balance out the distribution of the loci.
17
FUTURE GOVERNANCE
Figure 4. : Projected population of Nigeria by 2048: male and female. Source: PopulationPyramid.net
6.3 Gender
18
Part I -The People's Manifesto
and cultural sensitization, the country is primed to witness greater participation of women
in politics in the next 15-30 years. Also, women are increasingly forming platforms for
social cohesion, social learning and self-help which will translate to greater voice,
consciousness and empowerment.
The National Population Commission has put Nigeria's current population as at 2018 at
198 million, with urban population growing at an annual rate of about 6.5%. According to
the World Urbanization Prospects: The 2018 Revision, the urban population of Nigeria
as at 2018 (at mid-year) as a percentage of the total population is 50.3%. That percentage
is projected to rise to 61% by 2033 and 68.9% by 2048. Translated in real terms, of the 198
million people in Nigeria, around 99.6 million reside in urban centres as at 2018. That
number is projected to jump to 196.7 million by 2033 and 293.8 million by 2048. The
statistics is staggering and its likely implications even more so. Politicians and political
parties understand this dynamic. This is why they focus on “swing states” during
electioneering campaigns.
19
FUTURE GOVERNANCE
6.5 Education
For over two decades, it has been widely acknowledged that the education sector in
Nigeria is in crisis. Despite such acknowledgement, needed change in the sector is not
happening at a pace and on a scale that would avert catastrophe. The youth are central to
our education model, yet they are hardly if ever involved in designing their own curriculum
or in influencing the teaching and learning ecosystem that suits their needs. There is
hardly any long term vision and long term commitment to incentives for both teaching and
learning. There is scarcely any comprehensive, long term study involving the youth,
students, pupils, out-of-school children, and communities underserved and unserved by
the formal schools system to determine what works for them or what might work better if
done differently. For instance, given that pupils and students are more ICT savvy today
than 15 years ago and that the way they are socialized to learn is widely different from the
learning environment of the 1960s to 1980s, it is surprising that there is yet to be a focused
attempt at or large-scale experiment with gamification models for learning. Also, given the
rise of real and virtual social networks in the age brackets, schools are yet to introduce
social networking models for problem solving, group projects and take-home
assignments.
The scenario is likely to change in growing and increasingly connected spurts with the rise
of the locus of social learning and the locus of creativity/innovation into service/impact.
Their rise will not only bring about change in the education sector but will also bring about
crosscutting change in other sectors. Curriculum design will become more future-based,
so that what is taught in schools at any time would be relevant to the labour market 10-15
years thence. Education will necessarily move away from the old colonial paradigm of the
3Rs (reading, writing, arithmetic) to a new paradigm which prioritizes life skills and
practicable knowledge relevant within and outside the workplace of the twenty-first
century. Life skills in the schools' curriculum at various levels will likely expand to include
civic education, governance, social studies, decision making, goal setting, problem
solving, dispute resolution, family planning, national development, history, political
economy, entrepreneurship, astronomy, astrology, quantum physics, medical and health
sciences, meditation, local languages, foreign languages, business administration, ICT
and its multifarious applications, coding, software engineering, e-Governance,
performing arts, and technical or vocational skills. A major challenge for Nigeria for the
next 15-30 years is to pool together a critical mass of teachers and educators with the right
balance of knowledge, skills and commitment to drive change in the sector, backed up by
positive policy, action and incentives for learning.
20
Part I -The People's Manifesto
6.6 Economy
The economy, jobs, livelihoods and survival are key factors likely to make people demand
for better governance. A slow, diminishing or unstable economy is bad news for the
political class. The Nigerian polity is already overburdened with multifarious economic
challenges and a restive youth population half of which is either unemployed or
underemployed. The country is just recovering from the economic recession of 2016 and
many state governments are battling with unsustainable recurrent expenditure. The
national economy is remains largely susceptible to both external and internal shocks and
a double dip in the near future would be much harder to recover from. The picture is not so
bright. The country needs able managers of the economy to steer it away from likely
depression, and people-oriented initiatives to tackle present challenges and invest in the
future. Following the trajectory of development in key sectors of the economy since
independence, including power, oil and gas, education, rural development, it is obvious
that the country needs a new generation of leaders who are able and willing to do things
differently.
The illusion of invisible money and transfer of intangible wealth facilitated by ICT poses a
problem to the global economy much like the fated Ponzi schemes. The economy of most
“advanced” countries has been based on credit since the 1950s and forms a cyclical
credit bubble. Cashless economy supports the credit economy, the effect of which is
stupendous overdrafts on value that may have never existed in the first place. In 2008,
governments bailed out banks and financial institutions in the United States (US) and in
the European Union (EU). Today, many governments all over the world have borrowed up
to unsustainable levels, up to 250% and 300% debt to GDP ratio in Japan and China and
150% in some EU countries and the US. The coming phenomenon will likely be
catastrophic since there is nobody to bail out the governments. Any external shocks is
likely to affect Nigeria in one or more ways: wiping out of significant foreign direct
investment (FDI), drying up of development funding, crashing of the stock market, loss of
value of government bonds, exposure of non-viable state, and deepening of lack of trust
and confidence in governments. Internally generated revenue and capital investments
will also dip due to cash crunch. With loss of jobs and loss of hopes, the people will seek
alternatives to government and the informal economy will expand. These will likely come
to a head between 2020 and 2022.
21
FUTURE GOVERNANCE
entrepreneurship with social impact. A significant wave of development since 2000 is the
rise of social enterprise, private foundations and online platforms for crowdsourcing and
crowdfunding. By “demonstration effect”, these entities and channels are likely to play a
greater role in political development in the future since they provide public goods,
services and finance much faster, cheaper and often better than most governments. Their
methods of decentralized and participatory decision making and delivery sharply contrast
with centralized and top-heavy government structures and channels. In 2017 alone, the
Bill and Melinda Gates Foundation contributed over 4 billion dollars as total direct grantee
support mostly to developing countries for global development, global health, global
growth and opportunity, and global policy and advocacy. The amount dwarfs the annual
budgets of most African countries for the same year. Furthermore, the multi-billion dollar
model of crowdfunding ensures that capital follows potential in both non-profit and for-
profit projects, instead of capital following few projects pre-selected by the élite often
based on criteria that do not resonate with the needs and desires of the people.
Social enterprise will expand in the next 15-30 years as the people aspire towards better
services and greater impact in society. The people will become more empowered when
they realize that they do not have to wait for the government to solve most of their
problems, thus leading to a push towards greater self-governance. The demonstration
effect of social enterprise is rubbing off not only on the Nigerian people and communities
of social inclusion but also on governments at the federal and state levels. This is because
social enterprise offers a nuanced model of governance which will likely improve
transparency, accountability, efficiency, effectiveness and responsiveness to the needs of
the people. It is likely that governments will adapt and adopt models of social enterprise in
the future. Interestingly, governments are increasingly partnering with and even
outsourcing the provision of public goods and services to these entities instead of
integrating their good practices into governance. From another perspective, these
developments may in fact be less a challenge to government and the notion of statehood
and more a return to paths of socialism and communalism which formed the basis of many
African societies long before the foreign notions of statehood and liberal democracy were
foisted on the people.
22
Part I -The People's Manifesto
Projected distribution of loci by 2048 would look more like the following.
23
FUTURE GOVERNANCE
To place the people at the centre of renegotiation of power and adjusting to a new reality,
a reconsideration of the ideas of sovereignty and legitimacy is apposite.
Political theory has long established that sovereignty—supreme power and authority—is
one of the attributes of a state. While this is not erroneous, it requires some clarification.
The first point of clarification is the dividing line between sovereignty and legitimacy.
Section 14(2) of the Constitution of the Federal Republic of Nigeria 1999 (1999
Constitution) is central to this point because it touches of sovereignty, security and people
participation in their government. Section 14(2) is reproduced hereunder:
14. (1) The Federal Republic of Nigeria shall be a State based on the principles of
democracy and social justice.
(a) sovereignty belongs to the people of Nigeria from whom government through
(b) the security and welfare of the people shall be the primary purpose of
government; and
24
Part I -The People's Manifesto
Let us x-ray the three limbs of Section 14(2). Sovereignty belongs to the people.
Essentially, the people in exercise of that sovereignty, bestow legitimacy on a
government/administration during periodic democratic elections. The combined effect of
the Preamble and Chapter I to the 1999 Constitution is that the people of the Federal
Republic of Nigeria, through the Constitution which is the grundnorm, bestow legislative,
executive and judicial powers on institutions of state at the federal, state and local
government levels. That act thereby delegates the people's powers to the institutions and
clothes them with the legitimacy to act on behalf of the people and in accordance with the
will of the people. Through Chapter II of the 1999 Constitution, the people go further to
prescribe in what manner and towards which objectives the state shall direct its affairs in
exercise of the delegated powers. To leave no room for doubt, the people, by virtue of
Section 13 of the 1999 Constitution, place the duty and responsibility on “all organs of
government, and all authorities and persons, exercising legislative, executive or judicial
powers”, to not deviate from Chapter II of the Constitution.
Although authority and legitimacy are delegated to institutions of state (what we often
refer to as government), sovereignty resides in people and cannot be delegated. For the
avoidance of doubt, sovereignty does not reside in the National Assembly of Nigeria or in
the Presidency or in any other state institution. As a representative body, the National
Assembly has delegated authority and the legitimacy to act on behalf of the people. Due
to the fact that processes of state administration and the machinery of government would
grind to a halt if the people were to exercise their sovereignty directly on a regular basis
every day, it makes sense to delegate to and to legitimize “agencies” for the people. To
catch up with reality, the interpretation of paragraph (b) of Section 14(2) above on security
and welfare of the people extends to cybersecurity and data protection, security of e-
Governance platforms and digitization of services that touch on the welfare of the people.
The National Cybersecurity Policy and the National Cybersecurity Strategy of 2014, and
the Cybercrime (Prohibition) Act of 2015 were made to fill this vacuum. Future legal and
extralegal developments are envisaged to keep up to speed with the changing reality.
With respect to paragraph (c) of Section 14(2), the arrangements elucidated above
regarding the agency of institutions of state between the people and their governance
are presently in a state of disruption. It is a paradox that the people are sovereign and yet
are disempowered; political participation by the people in determining their own destiny
has mostly shrunken to voting during four-yearly election cycles. The current reality is
likely to change in the next 15-30 years when the people realize their power. As a matter of
25
FUTURE GOVERNANCE
necessity, the social contract between the people and their political leaders will be
renegotiated. Such renegotiation would entail significant review of the Constitution or the
adoption of an autochthonous constitution which will be truly owned by the people. The
walls of state agencies and structures will either change, recede or fast become obsolete.
In the future, direct exercise of sovereignty will become a matter of course in the lives of
the people. Public opinion, feedback, dialogue, discussions, rallies, decisions and even
voting will likely be expressed and conducted in real time. Whereas much of the
controversy surrounding passage of the Electoral Act (Amendment) Bill in 2018 has been
on compulsory use of card reader, in the future the Electoral Act will likely be reviewed to,
among other things, enable online voting, the emergence of independent candidates
with greater emphasis on service and impact, and to consider staggered elections and
midterm elections to promote continuity and reduce logistic nightmare. It is conceivable
that in the near future, there would be no need to wait for four-yearly election cycles for
the renewal or impeachment of legitimacy and authority of state administrators. Through
the instrument of e-Governance, democracy as we know it will be on steroids. Importantly,
the phenomenon will demand legal, policy and practical reviews and adjustments by the
government to better enable and expand participation of the people in their governance.
Since the country's return to democratic rule in 1999, Nigerians from all walks of life have
advocated for the convocation of a Sovereign National Conference (SNC). According to
most advocates, the SNC would have the task to renegotiate restructuring of the Nigerian
state so as to truly reflect the political, economic, social, cultural, religious and multifarious
realities of the country. In essence, what the advocates clamour for is a People's National
Conference to trigger a disruption and remaking of the relationship between the Nigerian
state and the society. Indeed, a National Conference was convoked by the Goodluck
Jonathan administration in 2014. The 492-member National Conference took four
months to deliberate, articulate its positions and submit its report to the federal
government. To its credit, the report of the National Conference contains far-reaching
recommendations which, if implemented, could form the bases for a new Nigeria.
However, it appeared that the process was set up to fail from the outset. The main reason
is that it was largely based on the same calibrations of the status quo which it sought to
disrupt. Delegates to the National Conference were appointed by the federal government
without heed to the wishes of the people, it was funded by the federal government, and
was not a true reflection of the voices of the Nigerian society given the low ratio of its
26
Part I -The People's Manifesto
youth and women membership. It was clearly not people-driven but government-driven.
Moreover, a people's conference should be dynamic, not static. The assumption that a
handpicked conference would deliberate and resolve the existential issues that have
bedeviled Nigeria for so long in four months and then is functus officio, and thereafter
hand over the baton to a government willing and ready to self-disrupt was poorly
conceived from the start. Not surprisingly, some segments of the Nigerian society
rejected and disassociated themselves from the National Conference and its report.
27
FUTURE GOVERNANCE
between pactum summae potestatis and pactum subjectionis, sovereignty prevails and
the government may become replaced or rendered obsolete. The Arab Spring of 2010-
2012 which swept through Tunisia, Egypt, Libya, Yemen, Syria, Kuwait, Lebanon, Morocco
and other countries in the Middle East and North Africa is a locus classicus of the
manifestation of such conflict.
With continuing advances in ICT, the Internet of Things and near-seamless ICT-life
integration—coupled with the demographic and political dynamics and projections
above—the years 2033 to 2048 will witness a ground shift in political processes, political
governance and political decision making in Nigeria. A clear demonstration of the rise in
political consciousness of the people and a landmark on the path to remaking of state-
society relationship will be articulation and adoption of the People's Manifesto, an
invocation of pactum summae potestatis. The coming era will be marked by keen
awareness of the contrast between the people's current state (Point A) and their desired
state (Point B), clear articulation of what needs to happen to get from Point A to Point B,
and greater unity of action in moving from Point A to Point B.
First, a social contract is dynamic, not static. It is not time-limited. If the idea and principles
are reduced in a document, such document should be organic and not rigid. The needs,
goals and expectations of a people often change with changing times and should
therefore be adapted and renegotiated to bring them into alignment with the times as
much as possible. Secondly, a social contract is process-based. The process is just as
important as the outcome. The people do not become functus officio once The People's
Manifesto is adopted or once a report is submitted or a negotiated agreement is reached
with a political stakeholder. The people are to represent, accompany and defend their
manifesto. Negotiations and interface with the state is a continuing engagement and the
people should carry out continuous oversight of the social contract to ensure that the
state is guided by its fundamental objectives and principles in taking action on behalf of
the people. Thirdly, a social contract is people-driven. Ideally, there should be open
membership or subscription to all Nigerians which cut across ethnic, regional, religious,
income and party lines. However, it is important to have credible and widely accepted
guardians or conveners to kick-start the process. For practical reasons, there should also
be a steering committee and a platform for dialogue. ICT will play a key role in mass
mobilization and mass participation in the platform for dialogue. Fourthly, the people
should be bound together in unity of purpose and unity of action. This also means that the
28
Part I -The People's Manifesto
people play a more direct role in governance even if they choose to surrender part of their
freedom and delegate authority to a government. That will be the true test of sustainability
of The People's Manifesto.
When the people clearly articulate their manifesto, it will become a basis for renegotiation
of the new reality with multiple stakeholders including governments and political parties.
Elements of the new social contract which needs to be renegotiated in Nigeria today
include access to quality education and healthcare, security of lives and property, access
to justice, infrastructural development, economic diversification and sustainable
livelihoods. The focus will be on good governance to deliver human development. In the
coming era, the People's Manifesto will likely supersede Party Manifesto. Party
Manifestos will reflect the principles, visions, goals and expectations elaborated in the
People's Manifesto; electioneering campaigns will be based on the People's Manifesto.
As such, political parties will have to sign up to the People's Manifesto or risk losing mass
support and mass votes. Consequently, political parties in power will have to deliver on
the People's Manifesto or risk being voted out. This will likely happen in Nigeria in the next
15 years. Early glimpses of what may be possible are already manifesting.
With the generational shift in loci (above) and social dynamics, new forms of alliances and
shifting of spheres of influence will likely lead to an awakening where voting patterns will
tilt towards considerations that cut across ethnic, regional, religious, income and party
lines. It is instructive that the ruling party as at 2018, the All Progressive Congress (APC),
was formed in February 2013 from a merger of three ethnically and regionally based
political parties. Before then, opposition parties were mostly fragmented along regional
and ethnic lines, making it impossible for them to mount a credible challenge to the
formerly ruling party, the People's Democratic Party (PDP). The youth and women in
Nigeria, if they will lay aside differences and galvanize their voices and potential into
action, will become more influential than any one political party and will have the power in
the palm of their hands to vote in or vote out any party or government. An alternative
scenario is that the youth and women may sponsor independent candidates or form their
own political parties and enter into alliances with other parties that subscribe to their
manifesto.
During the 2015 presidential elections, the Nigerian population was around 182 million
people, total number of registered voters stood at 67,422,005 while actual votes cast
stood at 29,432,083 representing a turnout of 43.65%. This means that over 50% of
29
FUTURE GOVERNANCE
registered voters were either unwilling or unable to vote. Total votes cast to give the ruling
party APC victory was 15,424,921 reflecting the combined support of the merger of three
political parties. With the rise in political consciousness added to the use of online and
mobile voting platforms which will likely increase political participation in the next 15
years, it is conceivable that the Nigerian youth (18-35 years) whose projected population
for 2018 stand at over 64.8 million and women in Nigeria (females 18-75 years) whose
projected population stand at over 46 million—if they devise a definite strategy and take
the necessary steps to actualize their objectives—will constitute formidable negotiating
blocs in the future. The above data is captured in the graph below.
Based on statistics for 15-30 years, any political party that devises and pursues a definite
strategy to capture the hearts and votes of half of Nigerian youth and half of Nigerian
women will likely win the presidential elections, other factors considered. It is instructive
that political organization and political alignment have started to occur along these lines.
Some of the newly-registered political parties— New Generation Party of Nigeria, Young
Democratic Party, Young Progressive Party, Youth Party, etc.—and their manifestos are
indicators of such new forms of alliances and political alignment needed to tilt the
30
Part I -The People's Manifesto
A missed opportunity to put the idea of the People's Manifesto to test was the case of the
Indigenous People of Biafra (IPOB) led by Nnamdi Kanu. Sustained efforts by the
movement to galvanize the teeming youth and to raise their political consciousness
through propaganda broadcast on the London-based Radio Biafra and social media
campaigns bore fruits, even if IPOB was seen by the élite as a misguided venture of a
separatist. Radio Biafra broadcasts live through multiple online streaming platforms. IPOB
identified with the challenges and sufferings of the masses. It also tapped into the
emotional well of unaddressed grievances from the Nigeria-Biafra Civil War of 1967-1970.
In the aftermath of his arrest and incarceration by the Department of State Services in
October 2015 on accusations of criminal conspiracy, intimidation and membership of an
illegal organization and his release in April 2017, Nnamdi Kanu had become something of
a martyr to millions of youth from the South-East and South-South geopolitical zones of
Nigeria who felt disenchanted with long years of poor governance and disconnected from
the dividends of democracy. His arrest led to protests in parts of Abuja, Abia, Anambra,
Cross River, Delta, Enugu, Imo and Rivers States, and in Germany, the United Kingdom and
the United States. In two years, IPOB support spread like wildfire and Nnamdi Kanu rose
from a political commentator and activist to a leader who enjoyed near-cult worship by a
significant portion of the people.
In the run-up to the gubernatorial elections in Anambra state in November 2017, IPOB was
strongly positioned to articulate a People's Manifesto and to put the goals and
expectations of the teeming youth and communities on the front burner in negotiating
with frontline political parties and stakeholders. As its bargaining chip, it could have
pledged the support of the millions of its members and followers for the party or parties
that adopt their manifesto, and mobilize them to vote on election day. IPOB was also
31
FUTURE GOVERNANCE
strongly positioned to negotiate to get some of its leaders elected into office. Political
power and planning for the long term could have given the movement greater leverage to
expand its base, make its demands and achieve its objectives through legitimate
means. Instead, it ordered its supporters to boycott the elections on the reason that
IPOB was clearly a secessionist movement, not a political one: it would therefore not
entertain any government-organized election in the entire Biafra land until referendum on
Biafra independence was conducted. Even though IPOB made no overt moves to parley
with political parties, some parties and their candidates—perceiving the advantage of
IPOB mass support—made attempts to ride the wave by endorsing the movement,
advocating for the right to self-determination, acknowledging IPOB grievances and
adopting a people-oriented manifesto. By being rooted in a separatist ideology, IPOB
missed an opportunity to transition from political consciousness and mobilization to
political participation and empowerment.
Another movement of human rights and pro-democracy organizations is the Save Nigeria
Group (SNG). It was formed in January 2010 in response to the crisis associated with late
President Umaru Musa Yar'Adua's sickness at the time, and played a strong role in
mobilizing for mass rallies across major cities in the country and sensitizing Nigerians
through mass media, social media and ICT platforms. The group was also active and
visible in the buildup to the 2011 presidential elections. SNG describes itself as “a non-
profit, cross party, non-partisan and non-governmental organisation at the heart of the
movement for the promotion of fundamental human rights, freedoms, constitutionalism,
peace and good governance in the country”. SNG did not articulate a People's
Manifesto but was adept in organizing protests against unjust and oppressive policies of
the government. It also held strong positions on restructuring the Nigerian federation and
crowdfunded for people-oriented projects and causes. The convener of SNG, Pastor
Tunde Bakare, was later adopted by Muhammadu Buhari of the Congress for Progressive
Change as his running mate for the 2011 presidential elections—a clear move to transition
from political mobilization to empowerment.
32
Part I -The People's Manifesto
Ü Consciousness entails being aware of the contrast between one's current state
(Point A) and one's desired results (Point B) and of what needs to happen to get
from Point A to Point B.
However, the transition is not a one-step process and the progression is not always
linear. It involves applied strategy which may be overt or covert, and requires
navigating through various levels of political involvement. A simplified illustration is
given below.
33
FUTURE GOVERNANCE
For good reason, the Arab Spring has become a perennial reference point for the role of
ICT in political mobilization and disruption. With regard to remaking of state-society
relationship or renegotiating a new reality after disruption, the extent of the role of ICT is
debatable. This is because remaking cannot result from autopilot; it requires clear vision,
definite strategy and deliberate effort. Disruption which is not matched by the above trio
can be catastrophic. In Egypt and Libya for instance, it may be said that ICT-enabled
disruption happened without a common vision by the people of the future they wanted to
create. For the most part, majority of the people were preoccupied with getting rid of their
unresponsive or repressive rulers. Although the path taken by each of the countries of the
Arab Spring in forging a new social contract has varied widely and has met with varying
levels of success, it is beyond dispute that leadership plays a central role in midwifing a
new reality.
To further test the limits, it is relevant to consider the question: to which extent has ICT and
the internet influenced political consciousness, behaviour, participation and mobilization
in Nigeria? From the findings of this study, the answer would be a qualified: to a significant
degree, directly or indirectly, although other critical factors are also at play. Twenty years
34
Part I -The People's Manifesto
ago, long before the GSM and internet revolution, a mass movement successfully
mobilized millions of Nigerian youth towards a political cause. That movement was
tagged “Youth Earnestly Ask for Abacha” (YEAA). The convener of YEAA, Daniel Kanu,
and the campaign tapped into the power of traditional media: TV, radio, billboards, and
newspaper adverts. YEAA was in the news every day and in no time General Sani Abacha
became the single story. YEAA also tapped into other existing youth networks to organize
a two-million-man march in 1998. The antecedents of late General Sani Abacha are well
documented elsewhere, and it appears that four key factors were at play in influencing
political behaviour and political mobilization during that era without significantly
expanding political consciousness and political participation in any sustainable way. The
factors are:
Ü The bandwagon effect of following the cause most likely to succeed in the
absence of credible alternatives;
To its advantage, YEAA had a definite strategy and was able to harness resources towards
achieving a political objective. The likely result was aborted only by the untimely death of
Sani Abacha in June 1998.
35
FUTURE GOVERNANCE
curated nor regulated, to enable a realistic assessment of its influence and impact.
Random sampling and observation point to the fact that most youth in Nigeria between 15-
30 years—who will transition mainly into the locus of influence by 2033—are highly
engaged on Facebook, Instagram, WhatsApp, Twitter and other social media platforms
but more on matters of fashion, gossip, lifestyle, sports, gaming, chat and fun, and less on
political news, issues and debates. Instant gratification seems to be the order of much of
social media engagement. A limited study which involved the youth population of a
federal university in Nigeria reveals that “The youth's social media usage thus disengages
rather than makes for active engagement with their expected role in social transformation
and development”. The trend may change in the future with age, responsibility and
other dynamics, but it raises a yellow flag.
Another important observation here is that, although the level of political expression on
the internet, blogs and social media platforms has skyrocketed especially on issues
around elections and the electoral cycle, such political expression may not necessarily
translate to rise in political consciousness and political participation. Some of the factors
at play in the YEAA case above may still be at play today, twenty years later, only
transmuted to cheaper, faster and unbounded alternative platforms for delivery and
engagement.
While riding the crest of people power, it is critical to also consider scenarios of “tyranny of
the majority” which is equally likely in a future ICT-enabled disruption of state-society
relationship. This is important to guard against social imbalance, prevalent instability and
the crippling of governance. Today, mass mobilization for public protests or campaigns to
condemn or vote out an under-performing government are done in real-time, thereby
compressing the time, space and resources needed to do such in the past. By extension,
civil disobedience in the future may take less and less the form of violent public protests
and increasingly take the form of passive non-compliance and sabotage such as
withholding taxes and rates due to the government or sit-at-home order by organized
labour. Essentially, when people realize that they have the power and they have a choice,
they may rescind a false social contract if the government fails to hold up its own side of
the bargain. Other forms of negative behavior which have been enabled by ICT include
the rise in “fake news”, hate speech and manipulation of content to influence political
behaviour.
36
Part I -The People's Manifesto
When the majority or major stakeholders realize their power which can be wielded on a
day-to-day basis and not only during four-year election cycles, such power will likely be
exploited and extended to its possible limits before some form of balance is restored. To
avoid decimation of the minority, it will be necessary to institute and safeguard processes
for receiving and analyzing minority reports and dissenting opinions, and integrating
tested parts of it into wider governance processes.
11. Conclusion
The likely future scenarios of ICT-enabled disruption of state-society relationship
expounded above are tenable, but they would seem to be something cut out of a
Hollywood movie if the story ended there. ICT is an essential life management tool and
finds application in all facets of life. It will become indispensable as the world moves into
greater interconnectivity of the Internet of Things. Furthermore, ICT represents an
important piece of the jigsaw in unity of consciousness since life itself may be seen as a
virtual simulation. As far as political governance goes, ICT applications in e-Governance
will expand. It is a catalyst for political awareness, an enabler of political participation and
a tool for political mobilization. The above trio are landmarks on the pathway to political
empowerment. However, in attaining political empowerment, the impact of ICT is limited
and a wide gap remains between the future we desire and the desires we realize. To fill
that gap requires both unity of purpose and unity of action: ability to set aside differences,
envision a common objective, devise a definite strategy for action, and willingness to take
the necessary steps towards political empowerment. A significant step in that direction is
articulation of The People's Manifesto. Working together with ICT-enabled disruption and
other critical factors, the People's Manifesto will play a major role in remaking of state-
society relationship in many contexts.
The outcomes of this study have significant implications for national development and
national planning. It is important for major stakeholders—including governments at all
levels, government agencies, policymakers, planners, political parties, electoral umpire,
civil society organizations, traditional and informal institutions, platforms for social
inclusion, businesses, and the people—to envision, anticipate and prepare NOW for
how to make the best of and manage the worst of the future scenarios of combined
ICT advancement, demographic change, social dynamics and political development,
even if they will all not play out by the book.
37
FUTURE GOVERNANCE
38
Part I -The People's Manifesto
39
FUTURE GOVERNANCE
REFERENCES
Abdulkareem, Kayode Abdulrasaq. “Challenges of E-Government Implementation in the
Nigerian Public Service,” Journal of Writing in Creative Practice 1, no. 4 (2015): 45-
56.
Adibe, Jideofor. “The 2015 Presidential Elections in Nigeria: The Issues and Challenges”,
Foresight Africa: Top Priorities for the Continent in 2015, (2015): 3-9.
Arbib, James and Tony Seba. Rethinking Transportation 2020-2030: The Disruption of
Transportation and the Collapse of the Internal-Combustion Vehicle and Oil
Industries, a RethinkX Sector Disruption Report, 2017.
http://www.ourenergypolicy.org/wp-
content/uploads/2017/05/RethinkingTransportation_May_FINAL.pdf.
Babate, Alhaji Idi. “State of Cyber Security: Emerging Threats Landscape,” International
Journal of Advanced Research in Computer Science & Technology 3, no. 1 (2015):
113-119.
Bernholz, Lucy, et. al. Good Fences: The Importance of Institutional Boundaries in the
New Social Economy, Project on Philanthropy, Policy and Technology. Stanford:
Stanford PACS, 2013. https://pacscenter.stanford.edu/publication/good-fences/.
Branch, Adam and Zachariah Mampilly. Africa uprising: Popular protest and political
change. London: Zed Books, 2015.
Carter, Lemurla and France Belanger. “The utilization of e-government services: citizen
trust, innovation and acceptance factors,” Information Systems Journal 15,
(2005): 5-25.
40
Part I -The People's Manifesto
Demadiur Systems Limited & Serianu Ltd. Nigeria Cyber Security Report 2016. Lagos:
2016.
http://www.serianu.com/downloads/NigeriaCyberSecurityReport2016.pdf.
Farina, Cynthia, et. al. “Designing an Online Civic Engagement Platform: Balancing
'More' vs. 'Better' Participation in Complex Public Policymaking”, International
Journal of E-Politics 5 (2014): 16-40.
Laskar, Manzoor Elahi. “Summary of Social Contract Theory by Hobbes, Locke and
Rousseau”, SSRN Electronic Journal (2013): 1-7.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=2410525
41
FUTURE GOVERNANCE
National Population Commission (Nigeria) and Health Policy Project. Nigeria's 2004
National Policy on Population for Sustainable Development: Implementation
Assessment Report. 2015. Washington, DC: Futures Group, Health Policy
Project.
OECD: Digital Government Strategies for Transforming Public Services in the Welfare
Areas: OECD Comparative Study. 2016. http://www.oecd.org/gov/digital-
government/Digital-Government-Strategies-Welfare-Service.pdf.
Olukotun, Ayo. Repressive State and Resurgent Media under Nigeria's Military
Dictatorship, 1988-98, Research Report No. 126. Uppsala: Nordiska
Afrikainstitutet, 2004. 136 pp. https://www.files.ethz.ch/isn/95523/126.pdf
Persily, Nathaniel. “Can Democracy Survive the Internet? The 2016 U.S. Election,”
Journal of Democracy 28, no. 2 (2017): 63-76.
Power, Wogu and Fadeke Olu-Owolabi. Much Ado about the Idea of E-Governance in
Nigeria's Democracy: Myth or Reality?
http://eprints.covenantuniversity.edu.ng/6013/1/MUCH%20ADOABOUT%20E-
GOVERNANCE%20IN%20NIGERIA%20-%20for%20Conferencey%20pdf.pdf
42
Part I -The People's Manifesto
SOPHOS and Centre for Internet Security. Threatsaurus: The A-Z of computer and
data security threats. Oxfordshire, UK: Sophos, 2013.
https://www.sophos.com/en-
us/medialibrary/PDFs/other/sophosthreatsaurusaz.pdf?la=en.
Uzochukwu, Chinwe E. and Uche P. Ekwugha. New Media and Youth's Online Civic
Engagement in Nigerian Politics: Potentials and Challenges, European
Scientific Journal 10, no. 19 (2014): 203-221.
Wooldridge, Frosty. “The Ticking 'Population Bomb' in Africa, India, and China: The
ramifications of overpopulation for the West”, The Social Contract, Summer
(2018): 22-29.
World Bank Group. Digital Dividends: World Development Report 2016. Washington,
D.C.: 2016.
http://documents.worldbank.org/curated/en/896971468194972881/pdf/102725
-PUB-Replacement-PUBLIC.pdf.
43
FUTURE GOVERNANCE
NOTES
¹ Information and data backing up this study has been collated from open sources and
from six (6) government agencies: Independent National Electoral Commission (INEC),
National Bureau of Statistics (NBS), National e-Government Strategy (NeGSt), National
Planning Commission (NPC), National Population Commission (NPopC) and Nigerian
Communications Commission (NCC).
⁵ ICT advancements can be measured in micro units of days or months but the
impacts of ICT on social change and human development are easier measured in
macro units of decades or generations (10-15 years).
James Arbib and Tony Seba (2017), Rethinking Transportation 2020-2030: The
Disruption of Transportation and the Collapse of the Internal-Combustion Vehicle and
Oil Industries, a RethinkX Sector Disruption Report.
http://www.ourenergypolicy.org/wp-
content/uploads/2017/05/RethinkingTransportation_May_FINAL.pdf. Although the
report predicts that self-driving electric cars will become the norm in the United States
in eight years, the shift for Nigeria and much of Africa will taper into 2033 due to
challenges in the energy (electricity) sector and continuing reliance on fossil fuel.
11 Currently, the volatile oil industry comprises nearly three-quarters of Nigeria's $521
billion economy. Every month, the federal government, 36 states and the FCT, and 774
local government areas share an allocation from the federation account based on
revenue generated. About three-quarters of that revenue comes from the oil industry
regulator, the Nigerian National Petroleum Corporation. The revenue sharing formula
44
Part I -The People's Manifesto
is: 52.68% to the federal government; 26.72% to the states; and 20.60% to the local
governments.
Chris Giles (2018), “Nigeria Integrity Idol: Reality TV show celebrates most honest
public officials”, CNN African Voices, 1 February 2018.
https://edition.cnn.com/2018/02/01/africa/nigeria-integrity-idol-reality-tv-show-cnn-
africa/index.html
From a 2013 survey, while over 30% of married women in southern Nigeria use
contraceptives and methods of family planning, less than 5% of women from North
West and North East Nigeria use such, pointing to cultural factors and correlated with
lower levels of education. https://www.dhsprogram.com/pubs/pdf/GF34/GF34.pdf
National Population Commission (2013), Gender in Nigeria: Data from the 2013
Nigeria Demographic and Health Survey.
https://dhsprogram.com/pubs/pdf/DM52/DM52.pdf
Ibid.
Wale Odunsi (2018), “FG Reveals Nigeria's Current Population”, Daily Post, 11 April
2018. http://dailypost.ng/2018/04/11/fg-reveals-nigerias-current-population/
Robert D. Kaplan (1994), “The Coming Anarchy: How scarcity, crime, overpopulation,
tribalism, and disease are rapidly destroying the social fabric of our planet”, The
Atlantic, February 1994 Issue.
https://www.theatlantic.com/magazine/archive/1994/02/the-coming-anarchy/304670/
45
FUTURE GOVERNANCE
https://onlinelibrary.wiley.com/doi/epdf/10.1111/joms.12201
Emphasis mine.
The People's Manifesto will likely not be one single document signed or adopted by
all, but is an idea which will encapsulate fundamental principles, goals and
expectations addressed to political stakeholders.
Jideofor Adibe (2015), “The 2015 Presidential Elections in Nigeria: The Issues and
Challenges”, Foresight Africa: Top Priorities for the Continent in 2015, pp.3-9. The
Brookings Institution.
Pjilip Nwosu (2016), “Biafra: IPOB to hold mass protest against Nnamdi Kanu's
detention”, The Sun, 18 September 2016. http://sunnewsonline.com/biafra-ipob-to-
hold-mass-protest-against-nnamdi-kanus-detention/
SBM Intels (2017), IPOB's Lost Chance: What the Separatist Movement Could Have
Done Differently, p. 5. http://sbmintel.com/wp-content/uploads/2016/03/201711_IPOB-
lost-chance.pdf
Sam Egburonu (2017), “Anambra polls and IPOB's boycott threat”, The Nation, 12
November 2017. http://thenationonlineng.net/anambra-polls-ipobs-boycott-threat/
My Nation News (2017), “Chidoka Support IPOB, Says Buhari Wrong on IPOB,
Nnamdi Kanu”, My Nation News, 9 November 2017.
46
Part I -The People's Manifesto
http://mynationnews.com/2017/11/09/chidoka-support-ipob-says-buhari-wrong-on-ipob-
nnamdi-kanu/
47
PART II
1. Introduction
Long before Boko Haram, Nigeria could be said to have been highly vulnerable to
terrorism and violent extremism. However, there was no real or perceived threat of
terrorism to the people, the government and society. The potential risk of acts of terrorism
and its potential impact on society in terms of loss of lives and livelihoods, disruption of
social order and community, and destruction of built infrastructure was enormous for the
fact that the country did not anticipate and prepare for it. Nigeria's security services did
not have the capacity, the training and the tools to prevent, contain or counter terrorism
and its effects. Because there was no real or perceived threat of terrorism at the time,
serious attention was not given to building resilience for state institutions, the people and
communities so as to deter and cope with radicalization and violent extremism.
Therefore, no contingency plans were put in place to rebuild societies after multiple
cycles of vicious terrorist acts. Taking the above factors together, one can deduce that
Nigeria's vulnerability to terrorism was undeniable but it was latent. Put simply, the
country was never ready for what hit her though she could have seen it coming. That is
how we got here.
The above scenario relates to the security of our physical space; a similar narrative could
be related to the security of our cyberspace. Almost anything is possible in cyberspace
and that includes the good, the bad and the downright ugly. The internet is a great,
unbounded channel of energy and energy can be manipulated to create or recreate
reality. Imagine for a minute that a virtual version of Boko Haram emerges and begins to
attack millions of people, communities, businesses, the state and institutions of
democratic governance. Such attacks would happen in an environment where the risk is
very high, the threat is real, but the capacity of state and non-state entities to resist or deal
with the threat and its effects is very low. In such situation, the country's cyberspace
would be said to be highly vulnerable. Beyond imagination, the above scenario is already
playing out in mini episodes in Nigeria and all around the world.
In August 2012, personnel records of former and current details of Nigeria's national spy
agency, the Department of State Services, were reportedly hacked and leaked online in a
threatening message that claimed to originate from the radical Islamist sect Boko
Haram.² That incident served as a realization of the potency of cyberattacks and an
indication of the vulnerability of supposedly secure institutions. It also signified a red flag
49
FUTURE GOVERNANCE
to strengthen cybersecurity across state and non-state entities. Since that time, the
official websites and some operations of various federal ministries, departments and
agencies (MDAs) have also been reportedly compromised. In the aftermath of the
attacks, Nigeria has strengthened its policy and legal regimes on cyber security, adopting
the National Cybersecurity Policy and the National Cybersecurity Strategy in 2014, and a
Cybercrime (Prohibition) Act in 2015. These measures offer useful bases for action but
are by no means an elixir to Nigeria's vulnerability to cyberattacks and breaches.
a) consider the constitutional foundations and the adequacy of the existing legal
regime for cybersecurity and data protection in Nigeria;
c) assess the vulnerability of critical state and non-state entities to cyberattacks and
data privacy breaches;
It seeks to achieve the above objectives by considering level of risk, scope of potential
threats, degree of vulnerability, resilience in the face of attacks, and capacity to mitigate
the impacts of cyberattacks and data privacy breaches. Corollary to the above is an
examination of legal and extra-legal measures to boost cybersecurity and data
protection, and the effect of those measures in reducing vulnerability. Its approach is
expository, exploratory and remedial. The following equation from the humanitarian
sector is adapted to present a scorecard on the degree of cyber vulnerability:
50
Part II - Cybersecurity and Data Protection
The next section exposes the nature of cyberattacks and privacy breaches and highlights
the need for cybersecurity and data protection in the face of new and emerging threats
and vulnerability. Section 4 offers a definition of key terms and concepts which appear
regularly in this part of the book. Sections 5 and 6 examine relevant statutory, legal and
policy frameworks for cybersecurity and data protection in Nigeria. Section 7 offers a
comparative analysis of ECOWAS legal regime on cybersecurity and data protection to
identify gaps, complementarities and areas of convergence. Section 8 zooms into user
groups of cyberspace including state and non-state entities, analyzes why and how they
may be vulnerable, and considers the degree of vulnerability. Vulnerability is assessed as
a factor of threat, risk and impact, and a simple technique for vulnerability rating is
proposed. Finally, a scorecard on cyber vulnerability in Nigeria is presented, touching on
51
FUTURE GOVERNANCE
3.1 All cyberattacks and data privacy breaches are planned, perpetrated and/or
sponsored by criminals or criminal groups (fallacy of the usual suspects).
Not always so. Non-criminal groups including governments, law enforcement agencies,
political groups, special interest groups, ICT companies, businesses, corporations and
even individuals also sponsor or carry out such attacks and breaches. Government-
sponsored cyberattacks and espionage is on the upswing as the big powers compete for
cyberspace supremacy and strategic advantage. It appears that the criminal element
here is not the nature of the entity perpetrating it but the actual use or intention behind
such acts. For instance, hacking has become a veritable means of gathering information
for strategic planning, strategic use, collecting intelligence, aiding crime prevention and
52
Part II - Cybersecurity and Data Protection
law enforcement, influencing public opinion, decisions and policies, market survey,
gaining business advantage or blackmail.
3.2 All forms of cyberattack and data privacy breaches are criminalized and
therefore punishable in many jurisdictions (nullum crimen sine lege, nulla poena sine
lege).³
Not always so. In many cases, the law is very slow to catch up with fast-paced advances in
ICT, therefore many gaps exist. This situation leaves a potentially infinite and shifting grey
area with weak regulation regimes that can be explored by anyone or group for various
purposes. For instance, while Nigeria has a Cybercrime Act, the country is yet to enact a
law prohibiting data privacy breaches and gaps remain on espionage, data harvesting,
information sabotage, etc.
3.3 All cyberattacks and data privacy breaches are financially profitable or are done
with the intention of financial profit.
Again, not always so. Such acts may be carried out primarily for non-financial benefit.
Benefit may be political, strategic, commercial, ideological or other advantage. Attacks to
undermine intellectual property, business secrets, national security information, missile
defence codes, personal health information, insurance or pensions data, or to manipulate
consumer behaviour or voter behaviour may go beyond immediate financial profit. Some
attacks or breaches may even be motivated by mischief, blackmail or intimidation.
Significantly, processes of government and democratic governance are not spared in the
global move towards digitization (e-Government), cyber-enabled people participation in
governance (e-Governance) and the Internet of Things. E-Governance is inevitable but
also inevitable are actual and potential risks that undergird the systems that support e-
Governance. E-Governance without cyber security and data protection is futile. As such
the design of e-Governance systems and data protection should essentially incorporate
advanced and upgradable cybersecurity measures from scratch.
The now famous United States Democratic National Committee email leak in 2016 and
several reports of the hacking of the Central Intelligence Agency (CIA) are indicators that
no person or institution is immune from the phenomenon. Cyberattacks that target
democratic processes and institutions of democratic governance can disrupt or cripple
societal progress. The vulnerability of governments, entities, groups, virtual
communities, families and individuals to cyberattacks—malicious or otherwise—and the
potential scale, cost and impact of such attacks underlines the need for all stakeholders
53
FUTURE GOVERNANCE
to invest attention, time, money, technology and effort in strengthening cybersecurity and
data protection measures and plugging vulnerability. Vulnerability exposes not only
individuals and homes to attacks but also exposes communities of social inclusion,
efficacy of commercial transactions, financial institutions, institutions of democratic
governance, and national security and defence systems.
4. Definition of Terms
Remarkably, cyber vulnerability and data privacy breaches go beyond cyberattacks
which are premeditated and targeted attempts to damage or compromise the reputation,
integrity, interest or security of an idea, person, group, corporation, institution or
government through activities in cyberspace. Insecurity or vulnerability in cyberspace
may also result from inherent weakness in an ICT infrastructure or platform, or
inefficiency in operating an ICT system.
To give a clear picture of the various dimensions of the subject matter and how they are
related, it is important to define key terms and concepts which appear regularly in this
part of the book. Glossaries of ICT terms abound.⁴
Ü Attack
[1] Any kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy
information system resources or the information itself.
Ü Cybercrime⁵
Offences that are committed against individuals or groups of individuals with a criminal
motive to intentionally harm the reputation of the victim or cause physical or mental harm,
or loss, to the victim directly or indirectly, using modern telecommunication networks
such as the internet and mobile phones or other cyber-enabled devices.
Ü Cybersecurity
54
Part II - Cybersecurity and Data Protection
[1] The aspect of information technology that deals with the ability an organization or
individual has to determine what data in a computer system can be shared with third
parties.
[2] The relationship between the collection and dissemination of data, technology, the
public expectation of privacy, and the legal and political issues surrounding them.
Ü Data loss
Ü Threat
[1] Any circumstance or event with the potential to adversely impact organizational
operations (including mission, functions, image, or reputation), organizational assets,
individuals, other organizations, or the nation through an information system via
unauthorized access, destruction, disclosure, modification of information, and/or denial
of service.
[2] A possible danger to a computer system, which may result in the interception,
alteration, obstruction, or destruction of computational resources, or other disruption to
the system.
Ü Vulnerability
[2] A flaw or weakness in a computer system, its security procedures, internal controls, or
design and implementation, which could be exploited to violate the system security
policy.
55
FUTURE GOVERNANCE
14. (1) The Federal Republic of Nigeria shall be a State based on the principles of
democracy and social justice.
(b) the security and welfare of the people shall be the primary purpose of
government.
Obviously, the drafters of the Constitution did not foresee the pervasive reality of
cyberspace in Nigeria today. To catch up with reality, the interpretation of “security and
welfare” in paragraph (b) of Section 14(2) above is extended in this book to include
cybersecurity and data protection, security of e-Governance platforms and digitization of
services that touch on the welfare of the people. By extension, cybersecurity and data
protection are also part and parcel of the primary purpose of the government. The
National Cybersecurity Policy and the National Cybersecurity Strategy of 2014, and the
Cybercrime (Prohibition, Prevention, etc.) Act of 2015 were adopted to fill this vacuum. It is
envisaged that future legal and extra-legal developments will evolve to keep up with the
changing reality.
Data protection and data privacy also relate to the right to private and family life which is a
fundamental right under Chapter IV of the 1999 Constitution. Section 37 of the 1999
Constitution states that: “The privacy of citizens, their homes, correspondence,
telephone conversations and telegraphic communications is hereby guaranteed and
protected.” Although this provision was promulgated long before the explosion of the
internet and electronic communication in Nigeria, it has become even more relevant
today, mutatis mutandis. By extension, the provision also means that citizens can take
action to protect against violation of their fundamental right under Chapter IV, or seek
redress where violation has occurred. Any unauthorized or illegal acquisition and use of
private data or information, whether for gains or for other purposes, is a breach of the
right to private and family life guaranteed under Section 37.
Notably, the constitution also makes restrictions on and permits derogation from
fundamental human rights under certain conditions. Thus, Section 45 of the 1999
Constitution permits any law that is reasonably justifiable in a democratic society: (a) in
the interest of defence, public safety, public order, public morality or public health; or (b)
for the purpose of protecting the rights and freedoms of other persons. Parts IV and VI of
the Cybercrime (Prohibition, Prevention, etc.) Act 2015 are some provisions enacted
under this permission of the Constitution.
56
Part II - Cybersecurity and Data Protection
Table 1. Policy and legal framework for cybersecurity and data protection in Nigeria. Source: Author
The above table reveals some points of convergence and divergence which call for
clarification.
For instance, the Cybercrime Act contains provisions that touch on both cybersecurity
and data protection. In a bid to balance privacy and security, cybersecurity laws generally
permit some degree of derogation from personal data protection. Data protection
57
FUTURE GOVERNANCE
applies to the narrow area of safeguarding the privacy of personal information. However,
the meeting point between cybersecurity and data protection is cyber vulnerability:
unauthorized access or violation of security procedure on the internet, electronic
communication, electronic transactions and electronic data due to a flaw or weakness in
an information system.
Secondly, while the country has a Cybercrime Act, there is no act of parliament on
cybersecurity which is broader in scope. Not surprisingly, the Cybercrime Act—which by
default pitches the state against suspected cybercriminals—focuses more on the
protection of critical national information infrastructure, criminalizing and prescribing
punishment for offences, enabling the protection and gathering of evidence, conduct of
investigations and prosecution, administration and enforcement. This leaves a vacuum in
the form of absence of a binding and proactive law to authorize the taking of measures to
prevent, manage and respond to broader cybersecurity threats and incidents which may
not be criminalized, to enhance cybersecurity of state and non-state entities, to enhance
sharing of information about cybersecurity threats, to regulate owners of critical
information infrastructure, and to regulate cybersecurity service providers. Acts that have
wider implications on cybersecurity and related matters exist in advanced jurisdictions.⁶
With respect to data protection, although the above table shows a plethora of acts,
policies, guidelines and regulations which touch on data protection, there is yet no
comprehensive legislation on data privacy and data protection. Notably, a Data
Protection Bill and an Electronic Transactions Bill have been before the Senate of the
National Assembly since 2015. Such comprehensive legislation will not only engender
clarity and certainty on the subject matter but will ensure that breaches of data privacy are
criminalized in appropriate cases and adequately sanctioned or punished in a consistent
manner.
There is a clear distinction in the status of a policy, a strategy and an act of parliament
which raises the issue of whether the above legal regime is adequate. While an Act
passed by the National Assembly and signed by the President is binding and
enforceable, a policy or strategy initiated and adopted by the executive is not so.
Between the two, a strategy is one step removed from a policy. To put it simply, whereas a
policy is adopted to guide executive decision, a strategy is adopted to guide executive
action. In the sphere of security, a policy usually assesses the current security context,
58
Part II - Cybersecurity and Data Protection
security needs, analyzes risks and threats, maps stakeholders and actors (Point A). A
security policy also outlines security objectives and clarifies a vision of security for the
future (Point B). A security strategy usually goes further to detail how to get from Point A to
Point B, and states required capabilities and who has responsibility for action. A strategy
is flexible, adaptive and responsive to emerging threats.
Nature abhors vacuum, and so does the law. In the absence of comprehensive
legislation, three developments fill the lacuna. First, Nigerian case law has provided some
guidance on the matter. In the case of Habib Nigeria Bank Limited v. Fathudeen Syed M.
Koya⁷ which involved an alleged disclosure by a bank of a customer's personal
transactional information, the Court of Appeal held that it is elementary knowledge that
the bank owed its customer a duty of care and secrecy in the fiduciary relationship. This
case indicates that other than the statutory protection afforded to information provided to
lawyers, doctors and journalists, certain banks owe a duty to maintain confidentiality to
their clients even though such duty is not expressly prescribed by law. In the wake of the
case law, the Central Bank of Nigeria (CBN) Consumer Protection Framework 2016 was
developed and adopted. Secondly, there is ongoing effort to articulate and promulgate a
modern data protection law in Nigeria. A retreat on Data Protection Legislation in Nigeria
which was held in Calabar, Cross River State, in September 2018 worked on a draft
legislation to the National Assembly apparently in a bid to resuscitate the Data Protection
Bill 2015. Thirdly, through the instrumentality of subsidiary legislation, the National
Information Technology Development Agency (NITDA) 2013 Guidelines on Data
Protection,⁸ minimum data protection and privacy standards are prescribed for all
organizations or persons that control, collect, store or process personal data of Nigerian
residents and citizens within and outside Nigeria.⁹ Section 4 of the Guidelines enumerate
eight principles of data protection and personal data privacy which are also contained in
Section 35 of the NCC Consumer Code of Practice Regulations 2007.¹⁰
Data controllers are to process personal data in the manner prescribed by the Guidelines.
This includes disclosing to data subjects the purpose for which data is being collected
and, if personal data is to be transferred to a third party, notifying data subjects of such
transfer.
Ü Principle 2: Personal data should be used only in accordance with the purpose for
which it was collected
59
FUTURE GOVERNANCE
Data controllers have a duty to ensure that data collected for one purpose is not used for
a different purpose. This principle prevents the use of personal data in any manner
different from the purpose disclosed to the data subject at the point of collecting the data.
This principle prevents organizations from obtaining data without a real or specific
purpose. Only data which is specific to the stated purpose should be collected.
Ü Principle 4: Personal data must be accurate and where necessary kept up to date
Data controllers are required to have in place arrangements that enable data subjects to
confirm, edit and update their personal data.
Data controllers must ensure that personal data is not retained for longer than necessary,
with reference to the purpose for which the data is obtained. Although the Guidelines do
not prescribe a timeframe for data retention, this principle places a burden on data
controllers to develop a retention policy for personal data.
Ü Principle 6: Personal data must be processed in accordance with the rights of data
subjects
Data controllers must respect the rights of data subjects. These rights include a right to
obtain information on the purpose of data collected and to request a copy of their
personal data in a usable form from data controllers. Such a request should be attended
to promptly and the data provided to the data subject within seven days of the request.
Importantly, data subjects are also entitled to the opportunity to object to the processing
of data for direct marketing purpose.
60
Part II - Cybersecurity and Data Protection
Data controllers have an obligation to ensure that personal data is not transferred to a
country which does not ensure, at the least, the same level of protection as imposed by
the Guidelines.
Box 1
New Article 9: Legal Regime of the Community ¹¹
61
FUTURE GOVERNANCE
New Article 12: Publication and entry into force of Community Acts
62
Part II - Cybersecurity and Data Protection
ECOWAS Member States bear primary responsibility for peace and security
[including cybersecurity]. However, as steps are taken under the new ECOWAS
Strategic Vision to transform the region from an “ECOWAS of States” into an
“ECOWAS of the Peoples”, the tensions between sovereignty and
supranationality, and between regime security and human security, shall be
progressively resolved in favor of supranationality and human security
respectively.
Comparatively, under European Union (EU) law on which ECOWAS Community law is
modelled, Regulations and Decisions become automatically binding throughout EU
Member States on the date they take effect. However, Directives must be incorporated
into national law by EU Member States. Each Directive contains a deadline by which EU
countries must incorporate its provisions into their national legislation and inform the EU
Commission to that effect. If national authorities fail to properly implement EU laws, the
Commission may launch a formal infringement procedure against the country in
question. If the issue is still not settled, the Commission may eventually refer the case to
the European Court of Justice. Similarly, the ECOWAS Court of Justice has jurisdiction
over: any dispute relating to the interpretation and application of Community Acts;
legality of Regulations, Directives, Decisions, and other subsidiary legal instruments
adopted by ECOWAS; cases of failure by Member States to honour their obligations
under the Community law; among others.
Since 2006, ECOWAS undertook efforts towards harmonization of the legal framework
governing ICT in West Africa. ECOWAS legal regime on cybersecurity and data protection
which are binding on and directly applicable to Nigeria includes the following:
Happily, the ECOWAS legal regime supplements existing national laws and policies and
fills some vacuum that may exist at the national level. It has also influenced legal and
policy development in various Member States. For instance, Chapter V of the
Supplementary Act on Electronic Transactions within ECOWAS which touches on
electronic signature and conditions of acceptance of electronic signature is mirrored by
63
FUTURE GOVERNANCE
Section 84 of the Evidence Act 2011 which applies to the requirements of authenticating
electronically generated evidence by a certificate. Furthermore, the Supplementary Act
on Personal Data Protection within ECOWAS effectively expands NITDA responsibilities
and expands the principles guiding the processing of personal data (Section 4 of NITDA
Guidelines on Data Protection 2013). Comparatively, Chapter III of the Directive on
Fighting Cybercrime within ECOWAS incorporates traditional common law offences into
ICT offences, including theft, fraud, possession of stolen goods, breach of trust, extortion,
counterfeiting, terrorism, money laundering or organized crime, and media offences.
64
Part II - Cybersecurity and Data Protection
Table 2. Source: Author. Adapted from Manual of the US Federal Emergency Management Agency for
mitigating terrorist attacks
Very High 10
High 8-9
Medium High 7
Medium 5-6
Medium Low 4
Low 2-3
Very Low 1
Table 3. Source: Author. Adapted from Manual of the US Federal Emergency Management Agency for
mitigating terrorist attacks
One or more major weaknesses have been identified that make the system
Very High
or the user extremely vulnerable to a threat or risk
One or more significant weaknesses have been identified that make the
High
system or the user highly vulnerable to a threat or risk
An important weakness has been identified that makes the system or the
Medium High
user very vulnerable to a threat or risk
A weakness has been identified that makes the system or the user fairly
Medium
vulnerable to a threat or risk
A weakness has been identified that makes the system or the user
Medium Low
somewhat vulnerable to a threat or risk
65
FUTURE GOVERNANCE
The use of GSM and internet-enabled mobile devices in Nigeria has skyrocketed in the
past ten years (2008-2018). Mobile phones, devices, tablets, laptops, desktop
computers, electronics and home equipment are widely used by adults, adolescents and
children alike. Their ubiquitous use—though advantageous for the most part—also
translates to very high collateral exposure to cyberattacks and often very low awareness
of basic security measures or the risk and impact of attacks. In today's seamless world,
there is an app for almost everything. Apps find application for innumerable purposes, the
basic ones including: messaging, chatting, gaming, live—audio and video—streaming,
music players, face-timing, learning, education, storage, files sharing, office tools,
personal planners, web browsing, security and antivirus, photography, GPS navigation,
transportation, hospitality, gifting and courier, online betting, friend finders, news
broadcasting, organizing events and rallies, workouts, mobile banking, online
transactions and purchases, social and professional networking, crowdfunding and
crowdsourcing, curating special interests and hobbies. Cloud computing and cloud
storage is only gaining traction and its use is likely to rise in Nigeria in the coming years as
well as other new and emerging ICT applications including: 3-D printing, drone
technology, virtual reality, big data, artificial intelligence, computer learning and the
Internet of Things.
However, security of mobile devices and apps is often taken for granted even where such
security measures are offered free-of-charge and in-built in the devices, or come as add-
ons or upgrades to apps and operating systems. Although tech jargons such as malware,
spyware and ransom ware are usually associated with corporate and government
espionage given the motivations of high reward and consequence, individuals and
families are increasingly becoming targets of cyberattacks. At the same time, the level of
awareness of potential and tangible risks and threats associated with ICT is still very low.
Many individuals and family units may consider themselves unlikely targets; however,
data privacy breaches and cyber spoofing are often done on a mass scale and are mostly
indiscriminate. Areas with high internet penetration and traffic are the more vulnerable to
cybercrime and privacy breaches including child pornography, blackmail, emotional
manipulation, cyber defamation, email spoofing, drug peddling, identity theft, theft of
banking details, medical history or other details, cyberstalking and breaches of home
security systems.
66
Part II - Cybersecurity and Data Protection
Any unauthorized or illegal access to and use of private data or information, whether for
gains or for other purposes, is a breach of the right to private and family life guaranteed
under Section 37 the 1999 Constitution. In addition to personal measures that individuals
and families should take to safeguard their cyber existence, makers of mobile devices,
app developers, ICT firms, banks, internet service providers and other interests have a
fiduciary and social responsibility to users of their products and services and should be
held culpable in cases of abuse or unauthorized use of personal information.
Much of the post-2010 world runs on Google, Facebook, Twitter, Instagram, LinkedIn,
WhatsApp, Baidu, WeChat, Snap Chat, YouTube and other platforms for social interaction.
This phenomenon has created virtual communities of social inclusion which thrive on
fast-paced interactions, social norming and shared culture, complete with unwritten
codes of social inclusion and exclusion. For some, life without these platforms is almost
unimaginable and unbearable especially for young adults and adolescents. For this
generation, “internet separation syndrome” has become a health concern that is as real
as drug withdrawal syndrome.
“Freedom” is a sexy mantra and attractive rallying call in our brave new world. Section 39
of the 1999 Constitution guarantees to every person the right to freedom of expression,
including the freedom to hold opinions and to receive and impart ideas and information
without interference, and freedom to own, establish and operate any medium for the
dissemination of information, ideas and opinions. Virtual social platforms such as
Facebook, Instagram, Twitter and YouTube essentially put a jetpack on such freedoms,
enabling free flow of information and digital activism and giving birth to some unintended
consequences such as virtual bullying, content manipulation and “fake news”. Also,
Section 40 of the 1999 Constitution on the right to peaceful assembly and association
suffers extension of physical limitations to assembly and association through virtual
groups that may be formed on online social networks. While registration and approvals
are required to form political parties, trade unions, peaceful rallies, other associations and
physical assemblies, the ease and zero cost of setting up virtual groups on social
platforms make them difficult to monitor or regulate. As the number of users on such
platforms expands every day, they become a limitless pool for data mining, advert
targeting and potential cyberattacks.
On a positive note, virtual social platforms can serve as turbo-charged engines for social
and political mobilization and for influencing public policy and legislation. The popularity
67
FUTURE GOVERNANCE
of such platforms also arises from the fact that most of the Voices of Freedom are by
default anti-status quo and anti-establishment and they find alignment with kindred
voices which then ripples out and converges towards a common cause. It is therefore not
surprising that due to social pressure and the risk of backlash from the electorate, the
Nigerian Senate unanimously withdrew the Frivolous Petitions Bill (a.k.a. Anti-Social
Media Bill) in May 2016. Another recent demonstration of the potential of virtual social
platforms for social mobilization and influence in policy and legislation is the Not-Too-
Young-To-Run Bill which reduced the age of qualification to stand at federal and state
elections in July 2017. Crowdfunding and crowdsourcing also represent social
enterprise platforms for social mobilization and social action. Between 2010 and 2017,
over five billion dollars was raised on GoFundMe by over two million individual
campaigns and 50 million donors. Although crowdfunding is still sprouting in Nigeria, the
online traffic it is likely to generate in the next 10 years will be stupendous. As platforms for
social inclusion, social mobilization and political participation expand in the future, the
risk posed to cybersecurity and data privacy also expands and the potential impact is
colossal.
A recent case of breach of data privacy in the United States illustrates the risk and impact.
As at March 2018, Facebook recorded more than two billion active users per month
worldwide. The situation places an enormous responsibility on a service provider such as
Facebook to secure its users and address vulnerability issues. The recent crisis that
rocked the organization in March 2018 relates to monetization of user data of over 50
million of its users in the United States. While Facebook shares have steadied after an
initial dip, the uproar following the crisis resulted in the shutting down of Cambridge
Analytica, the United Kingdom-based political consulting and data harvesting firm linked
to the Trump campaign, which was at the centre of the data-sharing scandal. Facebook
CEO, Mark Zuckerberg, was called to testify before Congress from 10-11 April 2018. The
crisis led to significant changes in Facebook's privacy and security policies.
Sadly, the average user in Nigeria does not bother to read the terms and conditions of use
of services before they sign up to online platforms, and many of such breaches go either
undetected or unaddressed. To further complicate matters, entry into virtual communities
are either largely unregulated or not amenable to regulation. Although age restrictions
apply, an eight-year old can pose as a thirteen-year old and open a Facebook account in
three minutes. Security on some virtual social platforms, apps and devices may be further
compromised by built-in backdoors. Unsuspecting and vulnerable user groups and
68
Part II - Cybersecurity and Data Protection
individuals continue to fall victim to abuse and unauthorized use or sale of personal
information for advert and marketing purposes.
While unauthorized use or sale of personal information for advert and marketing
purposes are seemingly innocuous compared to other forms of cybercrime, they are
nonetheless breaches of privacy. A related significant issue on privacy rights is ethical
considerations vis-à-vis balancing freedom and regulation, especially against the reality
of terrorism and radicalization. Google and Facebook are often reportedly at
loggerheads with the Federal Bureau of Investigations (FBI) and the Central Intelligence
Agencies (CIA) over access to personal information of users who might run foul of the law.
Even in matters of national security, transparency and checks and balances need to be
built in to protect the rights of law-abiding citizens. The high level of vulnerability of
Nigerians on social platforms raises a need for more deliberate and thoughtful measures
for cybersecurity and data protection.
This is the world of Konga.com, Jumia.com, Jiji.ng, online and mobile banking, etc. Konga
and Jumia are the Amazons and Alibabas of Nigeria, Jiji represents the village market
square, and all major banks in Nigeria currently offer popular online and mobile banking
options. These entities profit from making life easier for their teeming users, customers
and clients; thus an individual may save time, cost and effort by banking or transacting
from the comfort of his or her living room. E-wallets and various alternative payment
systems with incentives are offered to keep the customer coming back. The market for e-
commerce and online and mobile financial transactions is enormous and growing
exponentially. For instance, Jumia.com which started operations in Nigeria in 2012 has
also launched Jumia Force, Jumia Foods, Jumia Travel, Jumia Flights, Jumia Party, Jumia
Pay, Jumia Deals and Jumia One. Jumia also has large operations in Egypt, Morocco and
South Africa.
69
FUTURE GOVERNANCE
dollars and billions of customer records. These constitute a honeypot to data miners,
hackers and cybercriminal networks.
Online shopping and online banking were destined to succeed in Nigeria with the largest
market in Africa, a teeming population currently estimated to be over 190 million people,
very high urban population ratio and access to mobile computing, and rising trust and
confidence in online retail and banking platforms post-2010. Nigeria's telecoms regulator,
the NCC, declares that as at August 2018, the number of the country's active mobile
subscribers surpassed 160 million with a teledensity of 114.92, and the number of internet
subscribers on GSM climbed to over 104 million.
In addition to e-commerce and banking, other commercial entities with high levels of
financial transactions are found in telecommunications, oil and gas,
production/manufacturing, financing, servicing and trading sectors. The enormous
opportunities open to these entities also come with corresponding enormous
responsibility on service providers to maintain effective cybersecurity measures, and
responsibility of regulators to take measure to ensure that consumers and users are
protected from the profit-seeking entities.
The above statement captures the risk and vulnerability of the country to cybercrime on a
macro level. The study adds that Nigeria's critical infrastructure may be targeted by
cyberattacks and that has led to immediate and long term economic losses to both
existing and potential foreign investors. Cybercrime was also estimated to cost Nigerian
businesses a whopping 550 million US dollars in 2016. The Minister of Communications,
Adebayo Shittu revealed that Nigeria lost 287 million US dollars' worth of revenue
annually on software piracy in 2016. More so, cybercrime has the potentials to fuel and
compound other criminal activities and increases cost in time and resources for law
enforcement agencies.
70
Part II - Cybersecurity and Data Protection
As an enabler of crime and criminality, cybercrime has overtaken drug trafficking as the
biggest illegal revenue generator for the underworld. Collaboration (national and cross-
border) among players and regulators in the global commercial and financial services
industry is very important in fighting the threat of cybercrime.
The 2018 United Nations E-Government Survey advocates for a robust e-Governance
Framework to support sustainable development. It presents a systematic assessment of
the use of ICT to transform and reform the public sector by enhancing efficiency,
effectiveness, transparency, accountability, access to public services and citizen
participation in 193 countries. The survey covers health, education, social protection,
economic growth, employment and decent work, environmental protection and public
71
FUTURE GOVERNANCE
security domains. Morocco, Seychelles, South Africa and Tunisia were the only African
countries rated high on the e-Governance Development Index (EGDI) of 2016. Nigeria
was rated middle EGDI.
In contrast with the business and commerce sector, deployment of ICT in the government
sector in Nigeria is fairly recent and still encountering teething problems. It is also
happening at a much slower pace due to the fact that the drivers of commercial
transactions are different from the drivers of government processes. Internal
administrative processes in MDAs are still largely analogue; documentation and
correspondence are still largely done in hard copy. Furthermore, digitization is seen as a
promoting transparency and accountability and therefore a threat to corrupt practices
and unjust enrichment. Those that have benefitted from the status quo may therefore
have an incentive to block or retard the development of e-Governance. The capabilities
of e-Governance is threatened due to risk factors inherent in the current e-Governance
models. Although e-Governance is still gaining traction in Nigeria, little attention is paid to
risk exposure and vulnerability from a cybersecurity perspective.
The starting point here is the National Security Strategy of the Federal Republic of Nigeria
2014. The Strategy identifies IT and cybersecurity [cybercrime] as one of the national
security threats.
The leakage of the personal records of operatives of the Nigerian secret agency in 2012
remains a remainder that cyber vulnerability and the risk of cybercrime is a clear and
present danger. The safety and security of the lives, livelihood and property of the
people is the primary responsibility of any government worthy of its name. Security of the
supposed guardians of the people directly affects the security of the nation and therefore
should not be left to chance.
The following aspects of national security and defence all bear some significance to
cybersecurity and cyber vulnerability. The risk of cyberattacks in this sector is real and
some compromises are too costly to make. It is urgent and important to secure criminal
records held in police stations, courts and prisons, personal details of security and
intelligence operatives including: the National Intelligence Agency, State Security
Services, Criminal Investigations Departments, Directorate of Military Intelligence.
Critical national information infrastructure, online and offline records of armament and
defence equipment procurement, stockpiles and arms management databases,
72
Part II - Cybersecurity and Data Protection
communication satellite systems, airports, seaports and border security posts, missile
defence systems, pension funds and mutual unions are all potential honeypot to hackers.
Other critical infrastructure which may be cyber-enabled and therefore have a potential
to be cyber-disrupted include oil and gas installations, national power grid, aircraft and air
control towers.
Digitization of defence and security systems, services, processes and records not only
promote transparency and accountability but also enable information sharing and
cooperation between the armed forces and security services of a state and across states.
Information sharing and cooperation in cybersecurity measures are key in efforts by law
enforcement agencies to counter new and emerging threats to security including
terrorism, radicalization and violent extremism, trafficking in persons, smuggling of
goods and other forms of transnational organized crime. These efforts need to be
protected against cyberattacks and breaches.
There are two ways to look at vulnerability assessment. First, micro indices of the
vulnerability of a computer system, device or infrastructure to cyberattacks and data
privacy breaches may be assessed by using the vulnerability rating table and
vulnerability rating key discussed above. Secondly, cyber vulnerability may be looked at
from the macro perspective of the capacity of a state or non-state entity and indeed of a
country in cybersecurity and data protection. Capacity (security) counterbalances
vulnerability and may be weighed against risk and likely impact.
73
FUTURE GOVERNANCE
There are three elements of capacity assessment referred to as the three-As (3-As).
Ü Authority
Adequacy of existing legal and regulatory regime for protection and combating of
cyberattacks and data privacy breaches in terms of breadth and depth. For Nigeria, gaps
still exist in terms of the scope (breadth) and extent (depth) of our legal regime on
cybersecurity and data protection and a coherent, comprehensive legislation is needed
in both cases.
Ü Ability
Availability and deployment of necessary technical capacity and expertise, material
resources, finance, information and other tangible and intangible assets for protection
and combating of cyberattacks and data privacy breaches. Technical capacity and
expertise are often lacking in both state and non-state entities. Long term investments in
acquisition and upgrading of technical capacity is essential to reducing vulnerability and
improving cybersecurity and data privacy.
Ü Attitude
Adequate information and sensitization on risk factors and potential threats, basic
cybersecurity measures, and what to do in case of cyberattack or data privacy breach.
Attitude also includes willingness to take action in applying and enforcing existing laws
and regulations, and proactive decision making and deploying resources for protection
and combating of cyberattacks and data privacy breaches.
Based on the findings of this study, the following formula is applied to make deduction
regarding the vulnerability of Nigeria to cyberattacks and data privacy breaches:
74
Part II - Cybersecurity and Data Protection
A combined reading of the above factors shows that Nigeria is HIGHLY vulnerable to
cyberattacks due to the fact that its high risk and high impact are undergirded by low
capacity to secure her cyberspace. As summed up by Segun Olugbile, an expert in
Cybersecurity, Internet Governance and Open Data and member of the Steering
Committee of the Nigerian Internet Governance Forum:
10. Conclusion
This study examines Nigeria's cyber vulnerability and the adequacy of the country's legal
regime for cybersecurity and data protection. Given that developments in the ICT sector
outpace developments of the law, the breadth and depth of existing legal and regulatory
framework on cybersecurity and data protection in Nigeria can enable action but is not
adequate in the face of the high vulnerability of the country. Moreover, legislation by itself
cannot guarantee compliance and enforcement. Extra-legal measures should focus on
sensitization, improving compliance, as well as strengthening the ability to deal with
cyberattacks, and proactive attitude of MDAs entrusted with implementation and
enforcement.
Concerted effort is needed on the part of individuals and corporate bodies to report
cyberattacks and demand that government and stakeholders reinforce technologies to
reinforce cybersecurity and data protection. Internet service providers operating in the
country should also be mandated to report suspicious traffic going through their
networks. Since cyberattacks are a global problem, there is also the need for law
enforcement agents in Nigeria to collaborate in information sharing, infrastructure and
personnel exchanges with other states and international security agencies such as the
INTERPOL to crackdown on cyber criminals.
75
FUTURE GOVERNANCE
Box 2
Recommendations and Suggestions for Action
A study by the Department of New Media and Information Security of the NCC
titled Effects of Cybercrime on Foreign Direct Investment and National
Development, endorses suggestions for action and recommendations for
consideration in future reviews of the National Cybersecurity Policy and the
National Cybersecurity Strategy as follows.
b. Individuals need to observe simple personal safety rules such as the use of
antivirus on their systems against malware, and not disclosing to strangers
personal effects and banking details such as credit card pins, bank account
numbers, e-mail codes;
c. Government and private sector should provide jobs for young graduates,
and where jobs are not readily available, vocational skills and
entrepreneurial development programmes should be developed to
reduce the number of youths getting involved in cybercrime;
d. Establishment of programs and IT Forums for the youth: Since the level of
unemployment in the country has contributed significantly to the spate of
e-crime in Nigeria, the government should create employments for these
youths and set up IT laboratories/forum where these youths could come
together and display their skills;
f. Address Verification System (AVS) checks could be used to ensure that the
address entered on an order form (for people that receive orders from
countries like United States) matches the address where the cardholder's
billing statements are mailed;
g. Software that could track the IP address of orders could be designed. This
software could then be used to check that the IP address of an order is from
the same country included in the billing and shipping addresses in the
orders;
76
Part II - Cybersecurity and Data Protection
Nigeria's ICT policy should include a national vision for the next 10-20 years which
integrates measures to promote cyber independence, local content, local capacity,
competitiveness and comparative advantage. The aggressive pursuit of ICT capacity
development as the emerging frontier of global power politics and influence is not
optional. Nigeria—nay, Africa with an estimated population of around 1.3 billion
people—is a large and growing market and a heavy consumer of ICT including computer
hardware and software. In this sector, the flow of ideas, products, services and
finance—and as a consequence the flow of power and influence—is mostly
unidirectional. It is therefore no surprise that external support remains significant in ICT.
Despite good intentions, foreign governments, ICT firms, businesses and social
enterprise support our indigenous governments, ICT firms, businesses and social
enterprises in a way that will sustain the unidirectional flow of ideas, products, services
and finance for a long time. For instance, although there are some indigenous mobile
phone companies and apps developers registered in African countries, discounting raw
materials, almost 100% of mobile phone hardware and software for the African market are
made outside Africa. The trend remains the same for cybersecurity: most support and
77
FUTURE GOVERNANCE
initiatives originate from the European Union, China and the United States. It is therefore
of utmost importance to develop Nigeria's ICT policy and legal regimes with an eye to
cyber independence.
Beyond criminal law and law enforcement, relevant MDAs, law enforcement agencies,
ICT firms and private sector stakeholders should endorse a cybersecurity and data
protection policy and should adopt cyber risk management strategies— including early
warning and early response mechanisms in case of cyberattacks. They should also
favour practices with broad and inclusive focus to address the clear and present danger
as well as emerging challenges and threats in cybersecurity and data protection. The
expanded focus of response should include requirements for the secure functioning of a
cyber-economy, optimizing e-business confidence and personal privacy, as well as
strategies to promote and protect the innovation, wealth-creating potential and
opportunities of the ICT sector.
78
Part II - Cybersecurity and Data Protection
The National Assembly of Nigeria, with the advice of relevant agencies including the
NCC, NITDA, CBN, the Economic and Financial Crimes Commission (EFCC), the Nigerian
Police Force and Office of the National Security Adviser, should introduce and enact
comprehensive binding legislation on data privacy, data protection and cybersecurity so
as to engender clarity and certainty on the subject and to ensure that breaches are
criminalized in appropriate cases and adequately sanctioned or punished in a consistent
manner. With respect to common law crimes committed through the use of new
technologies, criminal codes should be updated by abolishing provisions that are no
longer adequate, such as provisions unable to address destruction, misuse or theft of
intangibles, and by making provisions for new crimes, such as unauthorized access to
computers or computer networks.
Law enforcement agencies including the police, the EFCC and the Ministry of Justice
should strengthen their capacity to investigate and prosecute cybercrime and data
privacy breaches. Regulatory agencies such as the NCC, NITDA, CBN and Consumer
Protection Council should also strengthen their capacity to enforce relevant codes,
guidelines and regulations in making the Nigerian cyberspace more secure and less
vulnerable. In addition to personal measures that individuals and families should take to
safeguard their cyber existence, makers of mobile devices, app developers, ICT firms,
banks, internet service providers and other interests have a fiduciary and social
responsibility to users of their products and services and should be held culpable in cases
of abuse or unauthorized use of personal data.
Since cyberattacks and data privacy breaches do not respect national boundaries,
international security cooperation and information sharing is essential in preventing and
combating the twin threat. Digitization of crime data, criminal records and defence and
security services will promote transparency, accountability and enable real-time
information sharing among security services of various states. The Nigerian Police Force
and relevant security services should strengthen regional cooperation for information
sharing through the WAPIS, WAPCCO and working together with National Central
Bureaus of ECOWAS Member States to aid crime prevention, detection, investigation,
prosecution and punishment across national borders.
79
FUTURE GOVERNANCE
The National Assembly of Nigeria should review the Extradition Act which was enacted in
1966 to bring it in tune with the 1999 Constitution and with current realities. Under the Act,
the Magistrates Court is vested with jurisdiction over extradition matters. However,
Section 251(1)(i) of the 1999 Constitution provides that the Federal High Court has
exclusive jurisdiction over extradition. The Guidelines for Authorities Outside of the
Federal Republic of Nigeria also vests jurisdiction in the Federal High Court. This
statutory lacuna may make significant difference in efficient and effective prosecution for
cybercrime and data privacy breaches. As a Member State of ECOWAS, Nigeria benefits
of the ECOWAS Convention on Mutual Assistance in Criminal Matters 1992 and the
Convention on Extradition 1994. Beyond the ECOWAS region, it is also necessary for the
country to enter into similar bilateral and multilateral agreements with other countries so
as to strengthen the web in combating cybercrime and other related transnational
organized crime.
Relevant MDAs, the private sector and non-governmental organizations should work
together to bridge the digital divide by raising public awareness about the risks of
cyberattacks and data privacy breaches. The National Judicial Council and the Ministry of
Justice should introduce appropriate measures and to enhance the capacity of criminal
justice professionals, including law enforcement personnel, prosecutors and judges in
this emerging area. Institutions of learning including the National Universities
Commission, faculties of law in Nigerian universities, National Institute for Advanced
Legal Studies, the Council on Legal Education, and the National Judicial Institute should
develop and integrate comprehensive curricula on cybersecurity, data protection and
related issues.
As stated above, Nigeria is a heavy consumer of ICT products, services and new
technology and is billed to remain so if no significant investments are made in the sector.
The benefits of such investment for the long term cannot be overemphasized. NITDA, in
conjunction with the private sector and think tanks, should support the establishment of
cybersecurity labs, institutes, and centres of excellence in Nigerian universities.
Concerted and coordinated efforts should be made to establish a pool fund (in addition to
the national budget) to facilitate practical research and curb many types of emerging
80
Part II - Cybersecurity and Data Protection
cyberattacks and cybercrime. It is also important to ensure that the results of technical
research be made widely available and presented in useful and usable formats to enable
less technical regulators, policy makers, practitioners and other stakeholders interpret
and actually make use of it.
81
FUTURE GOVERNANCE
REFERENCES
3T Solutions Consulting. West Africa Cybersecurity Indexing and Readiness
Assessment: A regional report on Cybersecurity ranking, readiness,
vulnerabilities and mitigating measures to improve awareness. Lagos: 3T
Solutions Consulting, 2017.
African Academic Network on Internet Policy. Building and Evidence Base and a Multi-
stakeholder Action Base for Personal Data Protection in Nigeria. Ibadan:
AANoIP, 2017. https://aanoip.org/wp-content/uploads/2018/04/Data-Protection-
AANOIP-REPORT.pdf
Babate, Alhaji Idi. “State of Cyber Security: Emerging Threats Landscape,” International
Journal of Advanced Research in Computer Science & Technology 3, no. 1
(2015): 113-119.
Bernholz, Lucy, et. al. Good Fences: The Importance of Institutional Boundaries in the
New Social Economy, Project on Philanthropy, Policy and Technology. Stanford:
Stanford PACS, 2013. https://pacscenter.stanford.edu/publication/good-fences/.
Boniface K. Alese, et. al., “Analysing Issues of Cyber Threats in Nigeria,” Proceedings
of the World Congress on Engineering 1 (2014): 4-5. 02-04 July 2014, London,
UK.
https://pdfs.semanticscholar.org/a060/99e8a545c94ac1e052b7b0e375b5822e
40bf.pdf.
Botha, Anneli, ed. ECOWAS Counterterrorism Training Manual Books 1 and 2. Pretoria:
Institute for Security Studies, 2012.
82
Part II - Cybersecurity and Data Protection
Demadiur Systems Limited and Serianu Ltd. Nigeria Cyber Security Report 2016.
Lagos: 2016.
http://www.serianu.com/downloads/NigeriaCyberSecurityReport2016.pdf.
Halder, D., and Jaishankar, K. Cybercrime and the Victimization of Women: Laws,
Rights, and Regulations. Hershey, PA, USA: IGI Global, 2011.
KPMG. Building Cyber Security and Resilience in a Digital Africa. Lagos: May 2017.
https://home.kpmg.com/content/dam/kpmg/zm/pdf/2017/07/Building%20Cyber
%20Security%20&%20Resilience%20in%20a%20Digital%20Africa-
%20FINAL.pdf.
OECD: Digital Government Strategies for Transforming Public Services in the Welfare
Areas: OECD Comparative Study. 2016. http://www.oecd.org/gov/digital-
government/Digital-Government-Strategies-Welfare-Service.pdf.
83
FUTURE GOVERNANCE
Osho, Oluwafemi and Agada D. Onoja. “National Cyber Security Policy and Strategy of
Nigeria: A Qualitative Analysis,” International Journal of Cyber Criminology 9,
no. 1 (2015): 120-143.
Persily, Nathaniel. “Can Democracy Survive the Internet? The 2016 U.S. Election,”
Journal of Democracy 28, no. 2 (2017): 63-76.
RT. Cyberwar: Anonymous hack Nigerian government over “corruption, poverty and
theft”, 09 January 2016. https://www.rt.com/news/328382-cyberwar-
anonymous-hack-nigerian-government/.
SOPHOS and Centre for Internet Security. Threatsaurus: The A-Z of computer and
data security threats. Oxfordshire, UK: Sophos, 2013.
https://www.sophos.com/en-
us/medialibrary/PDFs/other/sophosthreatsaurusaz.pdf?la=en.
Tamarkin, Eric. “The AU's cybercrime response: A positive start, but substantial
challenges ahead”, Institute for Security Studies Policy Brief, no. 73 (2015): 1-8.
https://issafrica.s3.amazonaws.com/site/uploads/PolBrief73_cybercrime.pdf
The Verge. Zuckerberg goes to Washington: all the updates on Facebook's reckoning
before Congress. 09 April 2018.
https://www.theverge.com/2018/4/9/17215758/facebook-zuckerberg-congress-
updates-analysis-livestream.
Ugwuanyi, Sylvester. “Nigeria loses $287 m annually to ICT piracy—Shittu.” Daily Post,
23 January 2016. http://dailypost.ng/2016/01/23/nigeria-loses-287m-annually-to-
ict-piracy-shittu/.
World Bank Group. Digital Dividends: World Development Report 2016. Washington,
D.C.: 2016.
http://documents.worldbank.org/curated/en/896971468194972881/pdf/102725-
PUB-Replacement-PUBLIC.pdf.
84
Part II - Cybersecurity and Data Protection
NOTES
¹ Information and data backing up this study has been collated from open sources and from five (5)
government agencies: National Bureau of Statistics (NBS), National e-Government Strategy (NeGSt),
National Identity Management Commission (NIMC), Nigerian Communications Commission (NCC), and
National Information Technology Development Agency (NITDA).
² Denise Baken (2013), “Cyber Warfare and Nigeria's Vulnerability”, E-International Relations.
http://www.e-ir.info/2013/11/03/cyber-warfare-and-nigerias-vulnerability/
³ Latin for “no crime or punishment without a law”. It is a legal principle requiring that one cannot be
criminalized or punished for doing something that is not prohibited by law at the time of the commission
of the act.
⁴ Some used in this book include: Computer Security Resource Centre and National Institute of
Standards and Technology, Glossary of Information Security Terms, January 2017.
https://csrc.nist.gov/glossary; SOPHOS and Centre for Internet Security, Threatsaurus: The A-Z of
computer and data security threats. Oxfordshire, UK: Sophos, 2013. https://www.sophos.com/en-
us/medialibrary/PDFs/other/sophosthreatsaurusaz.pdf?la=en.
⁵ Debarati Halder and Karuppannan Jaishankar (2011), Cyber Crime and the Victimization of Women:
Laws, Rights, and Regulations. Hershey, PA, USA: IGI Global.
⁶ Examples from the United States include: Cybersecurity Act 2010, Federal Cybersecurity
Enhancement Act 2015, and Cybersecurity Information Sharing Act 2015. See: Eric A. Fischer (2014),
Federal Laws Relating to Cybersecurity: Overview of Major Issues, Current Laws, and Proposed
Legislation, Congressional Research Service Report, 12 December 2014.
https://fas.org/sgp/crs/natsec/R42114.pdf
⁸ The NITDA Act 2007 empowers NITDA to “develop guidelines for electronic data interchange and
other forms of electronic communication”. Section 1.2 of the NITDA Guidelines affirms that: “a breach of
the Guidelines shall be deemed to be a breach of the Act”.
⁹ Ngozi Aderibigbe (2017), Nigeria Has a Data Protection Regime, Jackson, Etti & Edu, 12 December
2017. http://www.jacksonettiandedu.com/nigeria-has-a-data-protection-
regime/?utm_source=Mondaq&utm_medium=syndication&utm_campaign=View-Original
Supplementary Protocol A1SP.1/06/06 amending the [ECOWAS] Revised Treaty, published in ECOWAS
Official Journal Vol. 49, pp. 21-27. June 2006. Emphases mine.
85
FUTURE GOVERNANCE
¹³ Ibid.
¹⁵ Anneli Botha, ed. (2012), ECOWAS Counterterrorism Training Manual Books 1 and 2, Pretoria: Institute
for Security Studies.
¹⁶ Ali Adoyi (2016), “Senate withdraws anti-social media bill”, Daily Post, 17 May 2016.
http://dailypost.ng/2016/05/17/breaking-senate-withdraws-anti-social-media-bill/
¹⁷ The #NotTooYoungToRun Act (Constitution Alteration Act 2016) effectively altered Sections 65, 106,
131, 177 of the 1999 Constitution (as amended) to reduce the age qualification for the office of the
President from 40 years to 30 years; Governor 35 to 30, Senate 35 to 30, House of Representatives 30
to 25 and State House of Assembly 30 to 25. The Bill also seeks to mainstream independent candidacy
into Nigeria's electoral process. http://yiaga.org/nottooyoungtorun/wp-
content/uploads/2016/06/NotTooYoungToRun-Bill-HB.544-1.pdf
¹⁸ The Verge, Zuckerberg goes to Washington: all the updates on Facebook's reckoning before
Congress, 09 April 2018. https://www.theverge.com/2018/4/9/17215758/facebook-zuckerberg-congress-
updates-analysis-livestream
²⁰ NCC (2016), Final Report: Effects of Cybercrime on Foreign Direct Investment and National
Development. https://www.ncc.gov.ng/documents/735-nmis-effects-cybercrime-foreign-direct-
investment/file
²¹ Sylvester Ugwuanyi (2016), Nigeria loses $287 m annually to ICT piracy—Shittu, Daily Post, 23 January
2016. http://dailypost.ng/2016/01/23/nigeria-loses-287m-annually-to-ict-piracy-shittu/
²² RT (2016), Cyberwar: Anonymous hack Nigerian government over “corruption, poverty and theft”, 09
January 2016. https://www.rt.com/news/328382-cyberwar-anonymous-hack-nigerian-government/.
²⁴ United Nations (2018), United Nations E-Government Survey 2018, Forthcoming report.
https://publicadministration.un.org/en/research/un-e-government-surveys
²⁶ BBC (2012), Nigeria SSS spy details leaked, 31 August 2012. http://www.bbc.com/news/world-africa-
19439590
86
Part II - Cybersecurity and Data Protection
²⁷ Segun Olugbile, Strategy for Addressing National e-Governance Risk. Presentation made at
cybersecurity conference organized by the National Communications Commission.
https://www.ncc.gov.ng/documents/230-strategy-for-addressing-national-e-governance-risk/file
²⁸ NCC (2016), Final Report: Effects of Cybercrime on Foreign Direct Investment and National
Development, pp. 95-96. https://www.ncc.gov.ng/documents/735-nmis-effects-cybercrime-foreign-
direct-investment/file
³⁰ Chibueze Muobuikwu (2016), “Why Extradition Act needs amendment”, The Nation, 24 May 2016.
http://thenationonlineng.net/extradition-act-needs-amendment-2/
³¹ However, In Orhiunu v. FRN, it was held that in the light of Section 315 of the 1999 Constitution, the
Extradition Act, being an existing law shall have effect with such modifications as may be necessary to
bring it in conformity with the provisions of Section 251 of the Constitution.
87