1.0 Introduction
Cybercrime
laws have become essential tools for combating crimes in the digital age,
addressing issues such as hacking, identity theft, and the spread of malicious software.
However, when these laws are broadened to include offenses that merely involve
ICTs (information and communication technologies) as a medium rather than a
direct target, they risk becoming instruments of overreach, censorship, and
abuse. The recent case of Nigerian activist and lawyer Dele Farotimi, charged
under the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (As Amended) for
alleged bullying and harassment and disseminating false information for the
purpose of causing breakdown of law and order, through his online expressions,
underscores why these laws should be restricted to core cybercrimes.
This
article examines the distinction between core cybercrimes and cyber-enabled
offenses, the risks posed by overbroad cybercrime laws, and the implications of
Farotimi's case for the future of digital rights and governance.
2.0 Understanding Core Cybercrimes
Core
cybercrimes are offenses that inherently require ICT systems as both targets
and tools. Without these technologies, these crimes would not exist. Examples
of such crimes include spreading computer viruses, hacking a bank's servers to
steal funds, or launching denial-of-service (DoS) attacks to disable websites are
quintessential core cybercrimes. These activities are explicitly technological
and could not occur without ICT systems. Without these technologies, these
crimes would not exist. The Budapest
Convention on Cybercrime, an international treaty regarded as the gold
standard for defining cybercrimes, identifies five primary categories:
i. i. Illegal Access: Gaining
unauthorized access to computer systems or networks.
ii. Illegal Interception: Eavesdropping
on communications without permission.
iii. Data Interference: Altering,
deleting, or damaging data without authorization.
iv. System Interference: Disrupting
the functionality of computer systems or networks.
v. Misuse of Devices: Creating or
distributing tools (like malware) intended for committing cybercrimes.
3.0 Cyber-Enabled Offenses: A Different Domain
In
contrast, cyber-enabled offenses are traditional crimes carried out using ICTs
as a medium. Crimes like fraud, harassment, defamation, and even terrorism can
occur both online and offline. For example, using social media to harass
someone is a digital extension of harassment that does not require specialized
cybercrime laws to address. Similarly, spreading misinformation online is akin
to traditional defamation.
By
conflating these offenses with core cybercrimes, many nations have crafted
overly broad cybercrime laws, making it easier for authorities to exploit them
for political or oppressive purposes. For example, in Turkey, provisions of its
cybercrime legislation have been used to suppress online dissent and silence
critics of the government under the guise of combating cyber-related threats.
4.0 Dele Farotimi: A Case in Point
Dele
Farotimi faces multiple counts charge under the Cybercrimes (Prohibition, Prevention,
etc.) Act 2015 (As Amended), for statements made during YouTube interviews and
press conferences about his book "Nigeria and its Criminal Justice
System." The charges stem from his criticisms of alleged corruption in the
judiciary and his commentary on specific legal cases. Notably, these charges
primarily invoke Section 24(a) and 24(1)(b) of the Cybercrimes Act, which deal
with cyberstalking and false information dissemination. The charges appear to
target his online statements rather than any activity that constitutes a core
cybercrime.
Farotimi's
case demonstrates the dangers of conflating core cybercrimes with cyber enabled
crimes and the problematic expansion of cybercrime laws beyond their legitimate
scope:
i. Nature of the Activity:
Farotimi's actions - expressing opinions about the judiciary and sharing his
experiences - are traditional forms of speech that happen to use digital
platforms. They don't constitute inherently technological offenses.
ii. Platform vs. Crime: The only
"cyber" element in these charges is the use of YouTube as a
communication medium. The underlying activities (criticism, commentary,
allegations of corruption) are traditional forms of expression that predate the
internet.
5.0 Legal Discrepancy in Dele Farotimi's Cybercrime Charges
5.1. The Charges as Filed
5.1.1 Section 24(a) - Bullying and Harassing
Several
charges allege that Farotimi's statements were made "with the intention of
bullying and harassing" named persons. These statements include: (i)
comments about legal proceedings, (ii) observations about judicial conduct in
specific cases, (iii) criticisms of alleged corruption in the justice system
and (iv) expressions of opinion about systemic issues in the legal or justice
system.
5.1.2 Section 24(1)(b) - False Information
Other
charges claim his statements "contained false information for the purpose
of causing breakdown of law and order." The contested statements include:
(i) claims about corruption in the judiciary, (ii) discussions of specific
court cases and their handling, (iii) commentary on his personal experiences
within the legal system and (iv) analysis presented in his book "Nigeria
and its Criminal Justice System".
5.2. The Actual Law
Section
24(1): A person who knowingly or intentionally sends a message or other matter
by means of Computer Systems or Network that-
(a)
is pornographic; or
(b)
he knows to be false, for the purpose of causing breakdown of law and order,
posing a threat to life or causing such message to be sent: commits an offence
under this Act and is liable on conviction to a fine of not more than
N7,000,000.00 or imprisonment for a term of not more than 3 years or both.
(2)
A Person who knowingly or Intentionally Transmits or causes the Transmission of
any communication through a Computer System or Network-
(a)
to bully, threaten or harass another person, where such communication places
another person in fear of death, violence or bodily harm to another person;
(b)
containing any threat to kidnap any person or any threat to harm the person of
another, any demand or request for a ransom for the release of any kidnapped
person, to extort from any person, firm, association or corporation, any money
or other thing of value, or
(c)
containing any threat to harm the property or reputation of the addressee or of
another or the reputation of a deceased person or any threat to accuse the
addressee or any other person of a crime, to extort from any person, firm,
association, or corporation, any money or other thing of value, commits an
offence under this Act and is liable on conviction-
(i)
in the case of paragraphs (a) and (6) of this sub-section, to imprisonment for
a term of 10 years or a minimum fine of N25.000,000.00 and
(ii)
in the case of paragraph (c) of this subsection, to imprisonment for a term of
5 years or a minimum fine of N15,000,000.00.
5.3.
Misapplication of Section 24(2)(a)
The
charges cite "Section 24(a)" for harassment whereas under the Act,
there is no Section 24(a). The actual Section 24(1)(a) deals with pornography.
The relevant harassment provision is in Section 24(2)(a).
While
there was indeed a technical error in citing "Section 24(a)" instead
of the correct Section 24(2)(a) for harassment, this error does not invalidate
the charge or warrant setting aside the conviction if Dele is convicted. This
is because established case law holds that when an offense known to law is
properly disclosed, the penalty is prescribed in existing law, and neither the
accused nor counsel were misled by the incorrect citation, the conviction should
stand absent any miscarriage of justice. See the case of ADONIKE v. STATE(2015) LPELR-24281(SC) Per John Inyang Okoro, JSC at Pp 20 - 21 Paras B – E.
Furthermore,
Section 220 of the Administration of Criminal Justice Act, 2015 explicitly
provides that such errors in stating particulars are not material unless the
defendant was actually misled by the error.
Therefore,
unless it can be demonstrated that the Dele Farotimi was materially misled by
the incorrect section citation or suffered prejudice as a result, the technical
error in citing the wrong section number should not affect the validity of the
proceedings or the ultimate conviction.
6. The Risks of Overbroad
Cybercrime Laws
Farotimi's
case raises serious concerns about the intent and application of cybercrime
laws. By prosecuting Farotimi for his expressions, the Nigeria Police Force has
blurred the lines between protecting against cyber threats and stifling
dissent. This misuse of cybercrime laws sets a dangerous precedent, suggesting
that such laws can be weaponized against political opponents, activists, and
ordinary citizens.
The
overreach of cybercrime laws has far-reaching consequences, both for
individuals and for society at large.
6.1. Suppression of Free Speech
Cybercrime
laws with vague language can easily be used to target individuals exercising
their right to free expression. Farotimi's case is just one example of how
online speech can be criminalized under the guise of combating cybercrime. This
trend threatens to silence dissenting voices and erode democratic principles.
6.2. Overburdening Legal
Systems
Overly
broad cybercrime laws place significant pressure on already strained legal and
enforcement systems. When cybercrime laws expand to include offenses that are
not inherently technological—such as online defamation, harassment, or even
activism—it can lead to several systemic challenges:
6.2.1. Diverted Focus from
Genuine Threats
Expanding
the scope of cybercrime laws forces law enforcement agencies to handle a wide
range of cases, many of which do not require specialized cyber expertise. For
example, prosecuting an online comment as cyber harassment requires
investigative resources that could have been better directed toward identifying
and mitigating core cybercrimes like hacking, unauthorized debits from customer bank accounts or ransomware attacks. This
misallocation weakens the overall effectiveness of cybersecurity measures.
6.2.2. Complexity of Digital
Investigations
Investigating
cyber-related offenses requires significant expertise, advanced tools, and
collaboration with international entities. When law enforcement is forced to
deal with a high volume of cases, many of which may involve non-criminal online
behaviour, they risk becoming bogged down in cases that do not contribute to
cybersecurity. This inefficiency not only overburdens legal systems but also
reduces public trust in their ability to address critical digital threats.
6.2.3. Erosion of Trust Between
Law Enforcement and the Public
When
the Nigeria Police Force uses the Cybercrime Act to prosecute individuals for
online speech or activism, it creates an impression of the Police being complicit
in political suppression or subjugation. This perceived misuse of resources can
undermine public trust in the justice system and foster resentment against the
Police.
Here
are some recent examples of cybercrime incidents in Nigeria that underscore the
importance of focusing cybercrime laws on core offenses:
Nigerian
banks reported a series of fraud-related cybercrimes over the years, with
billions lost to hacking and phishing schemes. For instance, a 2022 report
detailed how N523 million was stolen from a single account through a
coordinated cyber-attack that funnelled money across hundreds of bank accounts.
In
2024, Hope Payment Service Bank reported a massive cyberattack resulting in a
loss of over ₦10
billion. The funds were transferred across multiple accounts, prompting an
investigation and court orders to freeze over 800 implicated accounts. This
highlights the need for law enforcement to prioritize complex cyber fraud cases
over less critical cyber-enabled offenses.
Similarly,
Guaranty Trust Bank (GTBank) faced a significant security breach in August
2024, where its website was compromised by hackers. This incident raised fears
of customer data theft and caused major disruptions in online banking
operations.
In
another case, a syndicate hacked into a bank's server to create fictitious
credits worth N1.87 billion. This demonstrates the advanced techniques used by
cybercriminals and the necessity of robust cybersecurity measures.
These
examples show the increasing sophistication of core cybercrimes in Nigeria, and
why the Nigeria Police Force should focus its resources and expertise towards
preventing, detecting, investigating and prosecuting such crimes using the
Cybercrimes Act instead of prosecuting online criticism or defamation using the
Cybercrimes Act.
6.3. Chilling Effect on Digital
Activity
The
"chilling effect" refers to the discouragement of legitimate online
behaviour due to fear of legal repercussions. When cybercrime laws are overly
broad or ambiguously defined, they create uncertainty about what constitutes
criminal behaviour, leading to self-censorship and reduced participation in
digital spaces.
6.3.1. Impact on Free
Expression
People
may refrain from posting opinions, criticisms, or controversial content online,
fearing that their statements might be interpreted as cyber harassment,
defamation, or other offenses. In environments where authorities use cybercrime
laws to target dissent, individuals are less likely to engage in public
debates, reducing the vibrancy and diversity of digital discourse.
6.3.2. Stifling Activism and
Advocacy
Activists
and advocates who rely on digital platforms to organize campaigns, raise
awareness, or criticize policies are particularly vulnerable to chilling
effects. If they perceive a risk of prosecution under cybercrime laws, they may
avoid using these platforms, weakening their impact and ability to mobilize
support.
6.3.3. Hindering Journalism
Journalists
such as Fisayo Soyombo, often use digital tools to investigate and publish
stories on issues of public interest. However, the threat of cybercrime charges
for reporting on sensitive topics can lead to self-censorship. For example,
journalists may avoid exposing corruption or misconduct if they fear being
accused of spreading false information or defaming individuals under
Cybercrimes Act.
6.3.4. Economic Consequences
The
chilling effect can also impact businesses and entrepreneurs. Startups and
companies that depend on open digital communication may face challenges if
their employees or users are hesitant to engage freely online. This hesitation
can stifle growth, collaboration, and the sharing of ideas, ultimately
hindering economic progress in the digital space.
The
combined effect of overburdening legal systems and creating a chilling effect
on digital activity is a weakened digital ecosystem. Legal systems are less
effective in addressing real cyber threats, while individuals and organizations
become less willing to engage in online activities that drive progress,
innovation, and civic engagement.
Therefore,
restricting cybercrime laws to core offenses ensures that law enforcement can
focus on genuine cyber threats, while the public can participate freely in
digital spaces without fear of unwarranted prosecution. By refining these laws,
governments can strike a balance between maintaining cybersecurity and
protecting fundamental rights, preserving the integrity of the legal system and
the vibrancy of the digital age.
7. International Perspectives
on Cybercrime Laws
The
global debate over cybercrime laws highlights the importance of specificity and
restraint. The draft UN Cybercrime Convention has been criticized for its
overly broad scope. Advocacy groups like the Electronic Frontier Foundation
(EFF) and CIVICUS, a global alliance dedicated to strengthening civil society,
argue that the convention risks criminalizing acts that are not inherently
harmful, such as security research or whistleblowing.
In
their critique, the organizations emphasize that cybercrime laws should focus
exclusively on core cybercrimes. Core cybercrimes comprise offenses in which
ICTs are the direct objects as well as instruments of the crimes; these crimes
could not exist at all without the ICT systems. A useful reference for the
types of crimes that are inherently ICT crimes can be found in Articles 2-6 of
the Budapest Convention: illegal access to computing systems, illegal
interception of communications, data interference, system interference, and
misuse of devices. For example, spreading a computer virus in the wild; using a
password logger to steal someone else's password and access their email or
photos; breaking into the computer system of a bank to steal money; using
malicious software to delete all the data of a former employer's systems.
8. Lessons for Nigeria and
Beyond
Farotimi's
case offers a crucial lesson for policymakers in Nigeria and other nations: the
need to align cybercrime laws with international best practices and democratic
values. This includes:
8.1. Restricting Cybercrime
Laws to Core Offenses
Cybercrime
laws should address crimes that directly target ICT systems, such as hacking,
malware distribution, and data breaches. Cyber-enabled offenses should be
handled under existing laws for fraud, harassment, or defamation.
8.2. Safeguarding Free
Expression
Cybercrime
laws should explicitly protect freedom of expression. Activists, journalists,
and ordinary citizens should not face legal repercussions for sharing opinions
or engaging in peaceful dissent online.
8.3. Building Capacity to
Address Genuine Threats
Law
enforcement agencies should focus on developing expertise to combat core
cybercrimes effectively. This includes training, resources, and partnerships
with international organizations.
9. Conclusion
The
case against Dele Farotimi is a stark reminder of the dangers posed by overly
broad cybercrime laws. It highlights the need for policymakers to draw a clear
line between core cybercrimes and cyber-enabled offenses, focusing on crimes
that inherently involve ICT systems.
By
refining cybercrime laws to be specific, narrow, and proportional, nations can
uphold justice, protect freedoms, and create a safer digital environment.
Farotimi's case should serve as a wake-up call, prompting governments worldwide
to reconsider the scope and application of their cybercrime frameworks. In
doing so, they can strike a balance between security and liberty, ensuring that
the digital age remains a space for innovation, expression, and democratic
engagement and cybercrime laws serve their intended purpose, i.e. enhancing cybersecurity, without compromising fundamental rights..
