CRITICAL EXAMINATION OF THE MEANING AND DEVELOPMENT OF LAW

AND CYBERCRIME

Introduction

Law is a set of rules that are created and are enforceable by social or governmental

institutions to regulate behaviour, with its precise definition a matter of longstanding debate. 1

It has been variously described as the art of justice. 2 State-enforced laws can be made by a

group legislature or by a single legislator, resulting in statutes; by the executive through

decrees and regulations; or established by judges through precedent, usually in common law

jurisdictions. Private individuals may create legally binding contracts, including arbitration

agreements that adopt alternative ways of resolving disputes to standard court litigation. The

creation of laws themselves may be influenced by a constitution, written or tacit, and the

rights encoded therein. The law shapes politics, technology, economics, history and society in

various ways and also serves as a mediator of relations between people.

Cybercrime is any criminal activity that involves a computer, network or networked device.

While most cybercriminals use cybercrimes to generate a profit, some cybercrimes are

carried out against computers or devices to directly damage or disable them. 3 Others use

computers or networks to spread malware, illegal information, images or other materials.

Some cybercrimes do both -- i.e., target computers to infect them with a computer virus,

which is then spread to other machines and, sometimes, entire networks.4

1
Gibbs Jack, P. “Definitions of Law and Empirical Questions” Law & Society Review (1986) (2)(3) 429-446;
Akers Ronald, L. “Towards a Comparative Definition of Law” Journal of Criminal Law and Criminology
(1965) (56)(3) 301-306
2
Rubin Basha, “Is Law an Art or a Science? A Bit of Both” Forbes,
<https://www.forbes.com/sites/basharubin/2015/01/13/is-law-an-art-or-a-science-a-bit-of-both/> accessed 13
January 2024
3
Brush Kate and Michael Cobb “Cybercrime”
<https://www.techtarget.com/searchsecurity/definition/cybercrime> accessed 15 January 2024
4
Ibid
A primary effect of cybercrime is financial. Cybercrime can include many different types of

profit-driven criminal activity, including ransomware attacks, email and internet fraud, and

identity fraud, as well as attempts to steal financial account, credit card or other payment card

information.

The role of technology in our world today as well as its relevance to societal advancement

cannot be overemphasized. The era of globalization has introduced a myriad of concerns and

development in the growth of modern and sophisticated technologies. Almost all facets of the

society have been greatly affected by this new wave in technological advancement and

pervasive machines.5 With its advent, it has knitted a change or globalized world, with a

significant impact cutting across all professions and works of life, of which the legal

profession is not left out.6

The unprecedented growth of computers and these high technologies have plethora of

advantages, it has also prevalent setbacks and a menace that has eaten deep into the fabrics of

the society, to a few, it represents a threat to the accustomed way of doing business, to others,

it represents an unequal opportunity to revolutionalize our profession. It provides not only a

quantitative change in the way people conduct business, legitimate and illicit, but they also

represent a qualitative change.7 The global use of these high technologies and computers has

made the term “computer” to be on the lips of every household globally. It is even made more

popular because of the inestimable consequences it has also brought. For instance, it has

brought about new forms of crimes in the sphere of high technologies where computers and

computer networks serve as the object of criminal acts as well as the means and methods of

committing crimes, invariably exacerbating the rate of criminality everyday.

5
Felix E. Eboibi, Handbook on Nigerian Cybercrime Law: Introduction to Law and Cybercrime (Chenglo
Limited, 2023)
6
Ibid
7
Ibid
In providing the nexus between both terms, cybercrime law identifies standards of acceptable

behaviour for information and communication technology (ICT) users; establishes socio-legal

sanctions for cybercrime; protects ICT users, in general, and mitigates and/or prevents harm

to people, data, systems, services, and infrastructure, in particular; protects human rights;

enables the investigation and prosecution of crimes committed online (outside of traditional

real-world settings); and facilitates cooperation between countries on cybercrime matters. 8

Cybercrime law provides rules of conduct and standards of behaviour for the use of the

Internet, computers, and related digital technologies, and the actions of the public,

government, and private organizations; rules of evidence and criminal procedure, and other

criminal justice matters in cyberspace; and regulation to reduce risk and/or mitigate the harm

done to individuals, organizations, and infrastructure should a cybercrime occur.

Accordingly, cybercrime law includes substantive, procedural and preventive law.9

This paper seeks to examine the meaning and development of law and cybercrime. It focuses

on the development of cybercrime law and its effectiveness overtime, with particular

emphasis to the Nigerian jurisdiction.

Meaning of Cybercrime

There have been different definitions by various authors regarding cybercrime. Shannon 10,

split the words “Cyber” and “Crime”, defining cyber as a prefix used to describe an idea as

part of the computer and information age, and “crime” as any activity that contravenes legal

procedure most performed by individuals with a criminal motive.

Halder and Jaishanker also defined cybercrime as offences that are committed against

individuals or groups of individuals with a criminal motive to intentionally harm the

8
United Nations Office on Drugs and Crime, “Cybercrime” <https://www.unodc.org/e4j/en/cybercrime/module-
3/key-issues/the-role-of-cybercrime-law.html#:~:text=Cybercrime%20law%20provides%20rules%20of,matters
%20in%20cyberspace%3B%20and%20regulation> accessed 18 January 2024
9
Ibid
10
Shannon, C.S. “Global Internet Regulation” http://www.suffolkedu.com (Accessed 10th January 2024)
reputation of the victim or cause physical or mental harm or loss, to the victim directly or

indirectly, using modern telecommunications networks such as internet and mobile phones. 11

Saul, on the other hand, defined cybercrime as conduct that entails the use of digital

technologies in the commission of the offence, directed at computing and communication

technologies or involves the use of computers with respect to the commission of other

crimes.12

In view of the above definition, this research defines cybercrime as a crime in which a

computer is the object of the crime (hacking, phishing, spamming) or is used as a tool to

commit an offense. Cybercriminals may use computer technology to access personal

information, business trade secrets or use the internet for exploitive or malicious purposes.

Some examples of cybercrimes include sending spam emails (spamming), stealing

personal information (identity theft), breaking into someone‟s computer to view or

alter data (hacking) and tricking someone into revealing their personal information

(phishing), making Internet services unavailable for users (Denial of service –DOS),

advanced free fraud 419 (aka Yahoo-yahoo), credit card fraud (ATM), plagiarism and

software piracy, pornography, stealing money bit-by-bit in a cunning way (salami

attacks) and virus dissemination etc.So many crimes are committed every day in the

Nigerian cyberspace. A recent report in the Daily Trust, by the Internet Crime Complaint

Centre, which is a partnership between the Federal Bureau of Investigation (FBI) and

America’s National White Collar Crime Centre, revealed that Nigeria is now ranked third

among the list of top ten sources of cybercrime in the world with 8% behind the US (65%)

and the UK (9.9%).Criminals that indulge in the advance fee fraud schemes (419) are now

11
D.C. Halder, and Jaishanker, K. “Cybercrime in Nigeria” http://9jalegal.com.ng/news/an-assessment-of-
nigerias-cybercrimes-prohibition-prevention-etc-act-2015/ accessed 14th January, 2024
12
H. Saul, “The Legal Response to the League of Crimes” http://www.blog.fortnet.com/author/guillane
accessed 14th January 2024
popularly called „Yahoo Boys‟ in Nigeria. 13 The country has therefore carved a niche for

herself as the source of what is now popularly called 419-mails, named after Section 419 of

the Nigerian Criminal Code (Capp 777 of 1990) that forbid advance fee fraud. For instance,

Nigeria is ranked first in the African region as the target and origin of malicious cyber

activities; and this is spreading across the West African sub-region. 14 What Nigerian

government, corporate organizations and the society at large do not know is that the heavy

economic impact on the country, (either in financial terms or otherwise), will have an adverse

consequences on unemployment rate, social services and international reputation.

According to Anah,15 cybercrime involves using computers and Internet by individuals to

commit crime. Cyber terrorism, identity theft and spam are identified as types of cybercrimes.

The study identified some of the causes of cybercrimes to include urbanization,

unemployment and weak implementation of cybercrime laws. The effects of cybercrimes on

organizations, the society and the country in general include reducing the competitive edge of

organizations, waste of production time and damage to the image of the country.

According to Isaiah16, cyberattacks against financial services institutions are becoming more

frequent, more sophisticated, and more widespread. Although large-scale denial-of-services

attacks against financial institutions generate the most headlines, community and regional

banks, credit unions, money transmitters, and third-party service providers (such as credit

card and payment processors) have experienced attempted breaches. Following the

documentation which affirms that “the adoption by all countries of appropriate legislation

against the misuse of information and communication technology, for criminal or other
13
Longe, O., Omoruyi, I., and Longe, F. “Implications of the Nigerian Copyright Law for Software Protection”
The Nigerian Academic Forum Multidisciplinary Journal, (2005), Vol.5, No.1, pp.7-10
14
Ribadu, N. “Cybercrime and Commercial Fraud: A Nigerian Perspective” Modern Law for Global
Commerce, UNCITRAL Vienna, 9-12 July 2007
15
Anah, B.H. “Cybercrimes in Nigeria: Causes, Effects and Wayout, Journal of Science and Technology,
(2012) Vol.2, No.7, 626-631
16
Isaiah, P. “Literature Review on Cybercrime” https://www.scribd.com/document/336561864/Literature-
Review-on-cyber-crime accessed 16 January 2024
purposes, including activities intended to affect the integrity of national critical information

infrastructures, is central to achieving global cyber security. This paper agrees with the view

of Isaiah, and notes that pressure could inaugurate from anywhere around the world, the

problems are fundamentally international in range thus requires intercontinental cooperation,

investigative support, and common substantive and procedural provisions.

In line with the above, Odinma noted that cybercrime is any illegal acts perpetrated in, on or

through the internet with the intent to cheat, defraud or cause the malfunction of a network

device, which may include a computer, a phones, e.t.c. 17 Ifeanyi and Itodo in accordance with

Odinma noted that crime as at this dispensation is perceived as a quiet perception, also a

fundamental part of the peril we face as we go through life daily. In both intellectual and

communal judgement, crime is concomitant with destruction and carnage. 18 This paper agrees

with the view of Odinma as cybercrime works through the internet, with an intention to

defraud or cause malfunctions.

Development of Law and Cybercrime in Nigeria

Until a few years ago, cybercriminal activity was not a concern within the legal system of

Nigeria. In the 1980s, fraudsters in Nigeria began engaging in advance fee fraud using

methods such as fax, handwritten letters, and the postal service to target victims. 19

Unemployment was identified as a major factor driving individuals to participate in these

fraudulent acts. As internet services became more accessible in Nigeria in the late 1980s and

early 1990s, fraudsters shifted their operations online, even though internet access was

17
Odinma, A. “Cybercrie in Nigeria: Causes, Effect and the Way Out”
http://www.catalog.ihsn.org/home/citations accessed 13th January 2024
18
Ifanyi, O.C., and Itodo, S.M. “Cybercrime and Nigerian Business Environment” National Journal of
Advanced Research, (2016) (2) (2) 28-38
19
Fboibi, F.E., “Enforcement of Cybercrime in Nigeria: Are we Still Having Teething Problems?” Being a
paper presented in a Certificate Training Course/Conference, Cybersecurity, Sovereignty and Democratic
Governance in Africa, organized by the Council for the Development of Social Science in Africa, Democratic
Governance Institute, Dakar, Senegal, 27 July 2015 – 7 August 2015, 1-2
expensive and limited to certain individuals. 20 The deregulation of the telecommunications

sector in the late 1990s led to increased availability of internet services through private

Internet Service Providers (ISPs) and cybercafes. This expansion of access and availability

resulted in the proliferation of ISPs and cybercafes throughout the country.

Simultaneously, the Nigerian government commissioned experts in 2001 to develop a

National Policy on Information Technology (NPFIT). 21 This policy facilitated the growth of

mobile phone services, a liberalized telecommunications sector, and the internet service

provision business. As a result, many individuals were trained in IT skills, leading to

22
employment and self-employment opportunities in the ICT sector. The rise of cybercafes

across the country coincided with criminals utilizing the internet for various types of fraud.

Commonly referred to as cybercrime. It is a crime in which the computer is either used as a

tool or target or involving information technology infrastructure. The different categories of

cybercrime commonly perpetrated were electronic auction or retail-based fraud schemes,

stock scams, work at home scams and online (email) advance fee fraud scams, web cloning,

piracy, phishing, online lottery fraud, job scams, identity theft, credit card fraud,

impersonation, fraudulent loan scams, romance scams and hacking. 23 The advance fee e-mail

scheme is the most costly form of internet fraud from the Nigerian perspective. The message

are often referred to as “Nigerian” or “419” cyber scams because the emails often come from

individuals who purport to reside in a foreign country – Nigeria. Human weakness and greed

to succeed together with the use of sophisticated technological applications grossly impacted

on the success in the activities of these Nigerian cybercriminals.

20
Ibid
21
Roseline Obada Moses-Oke, “Cyber Capacity without Cyber Security: A Case Study of Nigeria’s National
Policy for Information Technology (NPFIT)” Journal of Philosophy Science and Law (2012) (30) (12)
<http://www.miam.edu/ethics/jpsl> accessed 15 January 2024
22
Ibid
23
Orji, U.J. Cybersecurity Law and Regulation (Netherlands: Wolf Leg\al Publishers, 2012) 488-489
Thus, this period heralded Nigeria being nicknamed in domestic and international

reports/literatures as the hub of cybercrime and cybercrime perpetrators. 24 In 2003, the

Internet Crime Complaint Center ranked Nigeria third (3 rd) in the world top ten countries and

first in Africa in cybercrime perpetration with a rating 2.9 percent, while USA and Canada

were first and second.25

This accusation galvanized Nigeria into reacting against such an embarrassing domestic and

international reputation. The Nigerian government became alarmed with the misuse of

cyberspace by the fraudsters. On 26 November 2003, the President in order to curtail the

menace of cybercrime perpetrators, inaugurated a Presidential Committee on 419 activities in

the Cyberspace.26 Consequently, the Committee in March 2004 submitted her final report to

the then President of Nigeria, specifically recommending the establishment of a legal and

institutional regulatory framework for cybersecurity in Nigeria.27

In this vein, the Presidential Committee initiated the National Cybersecurity Initiative (NCI)

with the following objectives: public enlightenment of the Nigerian populace on the nature

and danger of cybercrime, criminalization through new legislation of all online vices,

institutional capacity building across law enforcement agencies to extend statutory functions

on cybrcrime related issues, establishment of legal and technical framework to secure

computer systems and networks, and protect critical information infrastructure for the

country, creation of a platform for public-private stakeholders collaboration to set guidelines

and standards for cybersecurity in Nigeria and building international law enforcement

24
Woldpack & Digital Jewels, “The Nigerian Cyber Threat Barometer Report”
<http://www.digitaljewels.net/index.php/resource-center-djilnews/129-the-2014-nigerian-cyber-threat-
barometer> accessed 10 January 2024
25
National White Collar Crime Center and the Federal Bureau of Investigation, “Internet Fraud Report”
<http://www.ic3.gov/media/annualreport/2003_IC3Report.pdf> accessed 12 January 2024
26
B. Udotai, “The Growth and Challenges of Information Technology in Law Practice in Nigeria” in N.K.
Nwosu, Legal Practice Skills and Ethics in Nigeria (Lagos: DCON Consulting, 2004) 243
27
Ibid
cooperation and collaboration with other agencies worldwide to enable Nigeria tackle the

menace of cybercrimes.

In order to realize the above objectives, the Nigerian Government established the Nigerian

Cybercrime Working Group (NCWG) in 2004 with a two-year mandate. Considering the end

of the two years mandate given to NCWG, the Directorate for Cybersecurity (DFC) was

instituted to sustain the goodwork of the NCWG in December 2006 with a further mandate to

implement the aforementioned NCI objectives. One of the activities of the DFC was the

sponsoring of the Nigerian Computer Security and Critical Information Infrastructure Bill

2005 which was presented to the National Assembly before the expiration of the legislative

term that ended in 2007. However, the Bill did not receive any significant attention arguably

as a result of legislative lethargy. The Bill sought to establish a legal framework for

cybersecurity. It prohibited cybercrime and establishes a legal basis for the protection of

computer systems and networks and critical infrastructures in Nigeria and also for the legal

acceptance of electronic evidence.28

In 2008, another bill was presented titled the Nigerian Cybersecurity and Data Protection

Agency (Establishment) Bill, which sought to create a Cybersecurity and Information

Protection Agency which ordinarily would have been responsible for the protection of

computer systems and networks and also for the enforcement of the provisions of the Bill.

Unfortunately, in March 2011, the House of Representatives overruled the bill, as it coincided

with the tasks of the Economic and Financial Crimes Commission and that it was competing

with a sponsored Bill by the EFCC.

Between 2009 – 2010, more than 10 different bills were introduced seeking unsuccessfuly to

provide a legal framework for cybercrime in Nigeria. However, the various Bills were

harmonized by the Office of the National Security Adviser (ONSA) which subsequently
28
 culminated in the Cybersecurity Bill 2011 and between 2012-2015 the Attorney General of

the Federation initiated processes that resulted in the Nigerian Cybercrimes (Prohibition,

Prevention Etc) Act 2015.

Thus, Nigeria moved from a country with zero legislation on cyber security to a country with

an extensive law with the enactment of the Cybercrime (Prohibition, Prevention, Etc.) Act

(“the Act”) in 2015.

The Act prescribes punishment for specific actions such as cybersquatting, cyberstalking,

identity theft, unlawful access to a computer (popularly called hacking), cyber terrorism,

racism and xenophobic crimes. The Act also establishes the Cybercrime Advisory Council

which is constituted by representatives of almost all the law enforcement agencies in Nigeria.

The Cybercrime Advisory Council is responsible for policy formulation, while the Office of

the National Security Adviser (ONSA) is responsible for the enforcement of the Act.

Cybercrime Act 2015

This is an Act that provides for the prohibition, prevention, detection, response and

prosecution of cybercrimes and other related matters. The Act is divided into eight parts. Part

I provides for the objectives and application of the Act, Part II provides for the protection of

critical national infrastructure, part III provides for offences and penalties, Part IV provides

for duties of service providers, Part V provides for administration and enforcement, Part VI

of the Act provides for search, arrest and prosecution, Part VII provides for jurisdiction and

international co-operation and Part VIII provides for miscellaneous.

The objectives of the Act are to-

i. Provide an effective and unified legal, regulatory and institutional framework for the

prohibition, prevention, detection, prosecution and punishment of cybercrimes in Nigeria;

ii. Ensure the protection of critical national information infrastructure; and

iii. Promote cybersecurity and the protection of computer systems and networks, electronic

communications; data and computer programs, intellectual property and privacy rights.

Before the enactment of this Act, the legal and institutional framework regulating cybercrime

in Nigeria was not unified. But through this Act, the legal, regulatory and institutional

framework for the combating of cybercrime would be unified. The application of the

provisions of the Act would also apply throughout the Federal Republic of Nigeria.29

The Act looks into the position of the nation with reference to information and

communication where it provides for the designation of certain computer systems or

networks as critical information infrastructure.30 And it further provides that:

The president may on the recommendation of the National Security Adviser, by Order

published in the Federal Gazette, designate certain computer systems, networks and

information infrastructure vital to the national security of Nigeria or the economic and social

well being of its citizens, as constituting Critical National Information Infrastructure. 31

The presidential order made under subsection (1) of this Section may prescribe minimum

standards, guidelines rules or procedure in respect of the protection or preservation of critical

information infrastructure; the general management of critical information infrastructure;

access to, transfer and control of data in any critical information infrastructure, infrastructural

or procedural rules and requirements for securing the integrity and authenticity of data or

information contained in any critical national informational infrastructure; the storage or

achieving of data or information regarded critical national information infrastructure,

recovery plans in the event of disaster or loss of the critical national information
29
Section 2 of the Cybercrime Act, 2015
30
Section 3 of the Cybercrime Act, 2015
31
Ibid
infrastructure or any part of it; and any other matter required for the adequate protection,

management and control of data and other resources in any critical information infrastructure.

Through this aforementioned provision of the Act, national security is secured and enhanced

by the protection of critical information infrastructure.

Part III of the Act discuss the offences and penalties in relation to cybercrimes. Through these

provisions, crimes committed through computer and computer networks are codified and thus

punishable under Nigerian law. Before the enactment of these provisions, only internet

related fraud was actually a punishable cybercrimes. But this Part of the Act provides for

offences and penalties in relation to cybercrimes. These include: offences against criminal

infrastructure, unlawful interception of communication, unauthorized modification of

computer program or data, system interference, computer related forgery, cyberterrorism,

child pornography, racist and xenophobic offences.

In conclusion, the enactment of the Act is a welcome development as cybercriminals are

capable of being prosecuted. Considering the prevailing and escalating menace of

cybercrimes in Nigeria, the Act is punitive in nature. It provides a legal, regulatory and

institutional framework for the prohibition and punishment of cybercrimes and other related

matters. Precisely, the Act offers an avenue for cybersecurity and consequently, fortifies the

protection of computer systems and networks, electronic communications, data and computer

programs, intellectual property, privacy rights as well as preservation and protection of the

critical national information.32

32
F.E. Eboibi, “A Review of the Legal and Regulatory Frameworks of the Nigerian Cybercrimes Act 2015”
Computer Law & Security Review (2017) (33) 700-717