A Decade of the Cybercrimes Act: Assessing the Nation’s Legal Framework Against Digital Threats (2015–2025)

Introduction

On May 15, 2015, the nation made a decisive move in addressing the growing threat of cybercrime by enacting the Cybercrimes (Prohibition, Prevention, etc.) Act. Ten years later, the law remains central to the country’s cybersecurity framework, offering legal definitions, prosecutorial mechanisms, and institutional frameworks to combat digital threats. As we mark this decade-long journey, it is time to assess the Act's major impacts, its 2024 amendments, its misuses, and what must change in the future to safeguard security and civil liberties.

1.     The Country’s First Comprehensive Legal Framework on Cybercrime

Prior to 2015, the legal environment addressing cybercrime in the nation was fragmented. Offenses were prosecuted under laws like the Advanced Fee Fraud Act, which did not fully capture the nature of modern digital threats. The 2015 Act changed that by clearly defining crimes such as hacking, identity theft, cyberterrorism, online fraud, and child pornography. It introduced penalties that enabled structured prosecution. The result has been a series of high-profile convictions, including notorious syndicates involved in ATM cards, phishing scams, etc.

2.     Creation of the Cybercrime Advisory Council

The Act provided for the establishment of the Cybercrime Advisory Council under the leadership of the National Security Adviser (NSA). Comprising stakeholders from public and private sectors, the Council was tasked with coordinating national cybersecurity policy. Although the Council has faced criticism for slow bureaucratic response, it has enabled strategic partnerships with international agencies like INTERPOL and the UK National Crime Agency.

3.     Protection of Critical National Infrastructure (CNII)

A notable provision of the Act was the designation of key sectors such as banking, energy, and telecommunications as Critical National Information Infrastructure (CNII). These sectors were mandated to implement enhanced cybersecurity protocols. Although large institutions have complied, enforcement remains inconsistent, especially among smaller banks and regional service providers.

4.     Reforming Section 24: From Overreach to Targeted Protection

Originally, Section 24 criminalized messages deemed "grossly offensive" or causing "needless anxiety." This provision was vague and became a tool for silencing journalists and critics. The 2024 amendment narrowed its scope, now targeting child pornography and false information likely to incite violence. This change followed the ECOWAS Court's 2020 judgment, which found the original section unconstitutional. Still, enforcement remains uneven and politically influenced.

Notable Misuse Cases:

·       Omoyele Sowore (January 2025). Charged with 16 counts under the Cybercrime Act based on his social media posts referring to the Inspector General of Police as an “illegal IGP.”

·         Agba Jalingo (2022): Prosecuted over Facebook posts alleging corruption.

The Erisco Tomato Paste Review Case – A Cautionary Tale

In 2023, Chioma Okoli, a national consumer, posted a Facebook review stating that she found Nagiko Tomato Mix, a product of Erisco Foods Limited, to be sugary. Erisco Foods Limited refuted her claim as untrue and unfounded. Subsequently, Okoli was arrested by the police following a petition by the company's President and CEO, Eric Umeofia. The police obtained an arrest warrant and remand order from a magistrate court in Masaka, Nasarawa State, leading to her detention. She was later arraigned at the Federal High Court in Abuja, where she pleaded not guilty to two counts of conspiracy and cyberstalking. Amid the legal proceedings, Okoli suffered a miscarriage. Her arrest and detention sparked public outrage, with many citizens calling for her release.

Displeased with the remand order, Okoli's counsel, Inibehe Effiong, petitioned the Nasarawa State Judicial Commission. He argued that it was improper for the magistrate to issue arrest and remand warrants against his client, who neither resided in Nasarawa State nor had ever visited it. Effiong contended that the alleged offences were not committed in Nasarawa State and that cybercrime is a federal offence under the Cybercrimes (Prohibition, Prevention, etc.) Act, 2015, which grants exclusive jurisdiction to the Federal High Court for such matters.

Following the petition, the Nasarawa State Judicial Commission investigated the matter and, in a letter dated January 6, 2025, informed Effiong that Chief Magistrate Emmanuel A. Jatau had been demoted from Chief Magistrate II (Grade Level 15) to Senior Magistrate I (Grade Level 14) and stripped of his magisterial duties. The commission cited misconduct in the handling of Okoli's case as the reason for the disciplinary action.

This case underscores the importance of adhering to proper jurisdictional procedures and the potential consequences of misapplying legal authority, particularly in matters involving federal offences such as cybercrime. It further highlights how cybercrime laws can be misapplied to suppress consumer rights and free expression, exemplifying a growing trend of using criminal prosecution to settle what are fundamentally civil disputes.

5.     International Collaboration and Extradition Challenges

The country’s endorsement of the Budapest Convention significantly improved its ability to cooperate on international cybercrime investigations. Countries such as the UK, South Africa, and Japan have partnered with the nation to track and extradite suspects. However, the process remains hampered by slow bureaucratic procedures and lack of mutual legal assistance frameworks with some jurisdictions.

6.     Introduction of the Cybersecurity Levy

A major provision in the 2024 amendment was the introduction of a 0.5% cybersecurity levy on electronic transactions, administered by the NSA. While aimed at funding national cyber defense infrastructure, the policy attracted strong public opposition, prompting government reviews and clarifications. Critics argue the levy disproportionately affects small businesses and low-income earners.

7.     Law Enforcement and Free Speech: A Fragile Balance

Even after the amendment, Section 24 continues to be used against journalists and whistleblowers. In 2024, journalist Daniel Ojukwu was detained for publishing corruption-related stories. In 2023, lawyer Chike Ibezim was charged over tweets criticizing a politician. Legal advocacy groups like SERAP and the Nigerian Union of Journalists (NUJ) have consistently called for more robust protections for free speech.

8.     Sectoral CERTs and Faster Incident Reporting

The 2024 reforms also created Sectoral Computer Emergency Response Teams (CERTs) to improve the handling of cyber incidents. Financial institutions, for example, must now report security breaches within 72 hours, a significant improvement over the previous 7-day period. This has improved real-time threat analysis and response mechanisms.

9.     Mandatory NIN for Electronic Transactions

To combat identity fraud, the amendment now mandates the use of National Identity Numbers (NIN) for all electronic transactions. While this policy has had a positive impact in reducing the number of fraudulent accounts, implementation remains difficult due to infrastructure gaps in the National Identity Management Commission (NIMC).

10.    Strengthening Law Enforcement Capacity

The Act led to the establishment of cybercrime units within agencies like the EFCC, the Nigeria Police Force, and the Nigerian Financial Intelligence Unit (NFIU). These units have recorded success in cracking complex cyber fraudcases. However, underfunding, skill shortages and accessibility outside Abuja and Lagos still limit their effectiveness. 

Judicial Warning Against Misuse of Criminal Law for Civil Disputes

The Supreme Court of the country, in Aviomoh v. C.O.P & Anor (2021) LPELR-55203(SC), offered a stark warning. Justice Helen Moronkeji Ogunwumiju held:

"My Lords, the misuse of the criminal law machinery for getting reliefs in disputes that are civil in nature, by using the instruments of State has become dangerously rampant in recent times... Criminal Courts should ensure that proceedings before it are not used for settling scores or to pressurize parties to settle civil disputes."

This principle must guide the application of the Cybercrimes Act, particularly Section 24, to prevent the criminalization of civil disagreements or dissenting opinions.

The Way Forward

1. Judicial Training:

Introduce mandatory training on digital rights and cybercrime legislation for magistrates and judges. The mishandling of the Erisco case underscores the urgent need for judicial officers to understand jurisdictional limits and the civil liberties at stake in cybercrime prosecutions.

2. Expansion of Forensic Infrastructure:

Establish well-equipped cybercrime forensic laboratories in each of the six geopolitical zones to improve digital evidence collection and analysis.

Deploy Cybercrime Units of the Nigeria Police Force across all 36 state commands. These units should be equipped with modern tools, including digital forensic software and blockchain analysis systems. Replicating such capacity nationwide will help reduce investigative delays, particularly in underserved rural areas.

3. Capacity Building:

Invest in the continuous training of law enforcement personnel in areas such as ethical hacking, cryptocurrency tracking, and dark web surveillance. Partnerships with institutions like the UK's National Cyber Security Centre (NCSC)  will ensure officers remain adept at handling sophisticated cyber threats.

4. Whistleblower Protection:

Enact legal safeguards to protect journalists, whistleblowers, and concerned citizens from retaliatory prosecutions under the Act. Such protection is crucial to fostering accountability and trust in public institutions.

5. Transparency and Accountability:

Mandate the publication of annual reports on cybercrime-related arrests, charges, and convictions. These reports should include disaggregated data to help identify patterns of misuse and support evidence-based reform.

Conclusion

In its first decade, the Cybercrimes Act has become a vital component of the national security framework. Yet, high-profile cases like Erisco and the detention of journalist Daniel Ojukwu expose persistent vulnerabilities in its application. As Justice Helen Ogunwumiju cautioned in Aviomoh v. C.O.P, criminal law must not be wielded as a tool for settling civil grievances or suppressing legitimate dissent.

To uphold both security and civil liberties in the digital age, the next phase must focus on legislative precision, institutional accountability, and infrastructural development. Decentralizing cybercrime units, expanding forensic capabilities, and ensuring judicial understanding of digital rights will help realign the Act with its original purpose: to protect citizens from genuine digital threats—not to punish lawful expression.

Without equipping all regions of the country to detect and respond to cybercrime effectively, the nation risks falling behind in its fight against increasingly complex digital criminality. Reform is no longer optional—it is imperative.

Lawyer Sues Meta Over Unlawful Facebook Account Suspension

 

A legal practitioner Timothy Tion, Esq., has instituted a fundamental rights enforcement suit against Meta Platforms Inc. (owners of Facebook) at the Federal High Court, Makurdi Division, challenging the suspension of his Facebook account on allegations of “fraud and deception.”

Case Background

On January 11, 2025, Mr. Tion after posting the word "Rubbish" in response to a Facebook post, received an automated email from Facebook stating that his account had been suspended for allegedly violating Meta’s Community Standards on fraud and deception. The email further informed him that he had 180 days to appeal the decision, failing which the account would be permanently disabled.

However, Mr. Tion argues that:

a. No specific allegations or evidence were provided;

b.He had no meaningful opportunity or reasonable channels to appeal the decision;

c. The vague nature of the communication deprived him of due process.

He asserts that the suspension—based solely on an opaque algorithmic assessment—has disrupted his professional engagements, particularly within legal discourse networks such as the Lawyers in Nigeria Facebook group.

Constitutional Violations Alleged

The suit alleges that Meta’s actions breached the following rights under the 1999 Constitution (as amended):

1. Section 36 – Right to Fair Hearing

2. Section 39 – Freedom of Expression

3. Section 40 – Freedom of Association

4. Section 42 – Protection from Discrimination

Mr. Tion contends that Meta provides direct support to business accounts in Nigeria, while non-commercial users like himself are left without effective channels for redress—an unequal treatment that amounts to discriminatory practice.

Reliefs Sought

Mr Tion, seeks the following court orders:

1. A declaration that the suspension was unlawful, discriminatory, and unconstitutional.

2. An order for the immediate reinstatement of the account.

3. A public apology from Meta Platforms Inc.

4. Damages totaling ₦300 million broken down as follows:

a) ₦100 million for emotional distress, reputational injury, and loss of professional connections.

b) ₦200 million in exemplary damages.

Statements

“Meta’s automated systems should not override constitutional rights. I’m pursuing this case not just for myself, but for millions of Nigerians who rely on social media for professional and social connection.”

— Timothy Tion, Esq., Applicant

“Global tech platforms must be accountable when operating in Nigeria. This lawsuit challenges the unchecked power of digital corporations over users’ rights.”

— Matthias Ikyav, Esq., Counsel for the Applicant

The case is expected to test the bounds of digital rights enforcement and corporate accountability in our legal system. Hearing is scheduled for June 4th 2025

Senator Ned Nwoko’s Data Protection Bill: A Wolf in Sheep’s Clothing?

 The proposed Bill to Amend the Data Protection Act (SB 650, 2025), sponsored by Senator Ned Nwoko, has ignited fierce debate. While framed as a solution to tax evasion, unemployment, and digital accountability, critics argue the bill risks becoming a weaponized tool to stifle dissent and shield powerful elites—including its sponsor—from public scrutiny.

A History of Abusing Laws to Silence Critics

Nigeria already has a troubling track record of weaponizing laws like the Cybercrimes Act 2015 and Criminal Defamation statutes to target journalists, activists, and ordinary citizens. Recent examples include:

1 The activist and lawyer Dele Farotimi, was charged under the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (As Amended) for alleged bullying and harassment and disseminating false information for the purpose of causing breakdown of law and order, through his online expressions .

2. Agba Jalingo’s Detention: The Cross River-based journalist was charged with “cyberstalking” and treason after reporting on alleged corruption involving a state governor. International outcry forced his release after months in detention.

3.    Abubakar Idris: The blogger, known as Dadiyata, vanished August 2, 2019 after criticizing Kaduna State politicians on social media. His whereabouts remain unknown.

4. #EndSARSCrackdown (2020): Authorities targeted protesters and supporters online, freezing bank accounts and threatening social media users under “cyberbullying” charges.

5.   In September 2023, Chioma Okoli, a Lagos-based entrepreneur, criticized Nagiko Tomato Mix on Facebook, calling it overly sweet and suggesting it could be harmful. Her post garnered significant attention, leading Erisco Foods to file a petition accusing her of defamation and cyberbullying. ​

Subsequently, Okoli was arrested by plainclothes police officers while attending church. She was detained overnight in a cell with poor conditions before being transferred to Abuja for further questioning.

The manufacturer, Erisco Foods, accused her of defamation and cyberbullying. She was arrested during church, detained overnight, and transferred to Abuja under Nigeria’s Cybercrime Prohibition Act, facing up to three years in prison. The case sparked public outrage, with Amnesty International condemning it as a threat to free speech. While Erisco defended its actions, critics saw it as corporate overreach and misuse of cybercrime laws to silence consumer opinions. Okoli’s ordeal highlights the growing suppression of digital expression in Nigeria.

These cases reveal how existing laws are abused to punish criticism, not combat crime. Adding mandatory blogger registration and physical office requirements risks amplifying this repression. As Amnesty International noted in 2024, “Nigerian authorities increasingly conflate dissent with ‘fake news’ to justify censorship.”

The Hypocrisy of “Taxation” and “Accountability”

Senator Nwoko’s bill claims to target “big tech tax evasion,” yet glaring contradictions undermine its credibility. The alleged “$10 billion loss” cited by Nwoko lacks verifiable data.

Major technology companies such as Google, Meta (formerly Facebook), and others have been contributing to Nigeria's tax revenues. According to a report by The Punch, these companies paid approximately ₦3.85 trillion in taxes to the Federal Government during the first nine months of 2024. This amount includes both Company Income Tax (CIT) and Value Added Tax (VAT), reflecting a 68.12% increase from the ₦2.29 trillion collected during the same period in 2023.

Similarly, the National Information Technology Development Agency (NITDA) reported that foreign digital companies, including interactive computer service platforms and internet intermediaries, contributed over ₦2.55 trillion (approximately $1.5 billion) in taxes in the first half of 2024.

These figures indicate a significant increase in tax compliance and revenue from big tech companies operating in Nigeria.

Forcing companies to open offices ignores modern remote-work trends. Instead, Nigeria could adopt global models like the OECD’s Digital Tax Framework, which ensures fair taxation without physical presence mandates.

Meanwhile, the bill’s focus on bloggers—a loose term encompassing millions of Nigerians—appears politically motivated. Requiring bloggers to “register with a union” or maintain “verifiable addresses” creates bureaucratic barriers that disproportionately affect small-scale creators and government critics.

Ned Nwoko’s Personal Baggage and Motives

Critics allege Senator Nwoko’s bill is a retaliatory move to silence online scrutiny of his lifestyle. The senator, married to actress Regina Daniels (30 years his junior), has faced viral gossip about alleged affairs with younger women, including actress Chika Ike. In 2025, blogs like Instablog9ja amplified rumors linking him to Ike, sparking social media mockery.

Nwoko’s response? A fiery speech condemning “fake news” and “reckless bloggers.” Weeks later, SB 650 was tabled. When lawmakers rush to regulate speech after personal scandals, it reeks of vendetta, not public interest.

Better Solutions Exist

The misinformation crisis in Nigeria is real, but SB 650 is a dangerous remedy. Alternatives include:

1.    Public Education Campaigns: Partner with the National Orientation Agency and civil society to teach digital literacy, critical thinking, and fact-checking.

2. Strengthen Existing Laws: Enforce penalties for proven defamation or incitement without criminalizing free speech.

3.   Incentivize Big Tech Collaboration: Offer tax breaks for tech companies to establish local hubs voluntarily, fostering jobs and cooperation on content moderation.

4. Protect Whistleblowers: By protecting and  safeguarding citizens who expose corruption, the need for anonymous criticism would reduce.

Conclusion: A Democratic Backslide in Disguise?

Senator Nwoko’s bill risks entrenching authoritarianism under the guise of “economic patriotism.” By conflating legitimate taxation goals with oppressive registration schemes, it echoes tactics used by dictatorships to mute opposition.

The digital space is the last frontier of free expression in Nigeria. Once regulated by political interests, democracy itself is bound to collapse. For a nation already ranked 112th/180 on the Press Freedom Index, SB 650 could be the final nail in the coffin.

The Need to Narrow the Scope of Cybercrime Laws: Lessons from Dele Farotimi's Case

 

1.0    Introduction

Cybercrime laws have become essential tools for combating crimes in the digital age, addressing issues such as hacking, identity theft, and the spread of malicious software. However, when these laws are broadened to include offenses that merely involve ICTs (information and communication technologies) as a medium rather than a direct target, they risk becoming instruments of overreach, censorship, and abuse. The recent case of Nigerian activist and lawyer Dele Farotimi, charged under the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (As Amended) for alleged bullying and harassment and disseminating false information for the purpose of causing breakdown of law and order, through his online expressions, underscores why these laws should be restricted to core cybercrimes.

This article examines the distinction between core cybercrimes and cyber-enabled offenses, the risks posed by overbroad cybercrime laws, and the implications of Farotimi's case for the future of digital rights and governance.

2.0   Understanding Core Cybercrimes

Core cybercrimes are offenses that inherently require ICT systems as both targets and tools. Without these technologies, these crimes would not exist. Examples of such crimes include spreading computer viruses, hacking a bank's servers to steal funds, or launching denial-of-service (DoS) attacks to disable websites are quintessential core cybercrimes. These activities are explicitly technological and could not occur without ICT systems. Without these technologies, these crimes would not exist. The Budapest Convention on Cybercrime, an international treaty regarded as the gold standard for defining cybercrimes, identifies five primary categories:

i. i.   Illegal Access: Gaining unauthorized access to computer systems or networks.

ii.  Illegal Interception: Eavesdropping on communications without permission.

iii. Data Interference: Altering, deleting, or damaging data without authorization.

iv.   System Interference: Disrupting the functionality of computer systems or networks.

v. Misuse of Devices: Creating or distributing tools (like malware) intended for committing cybercrimes.

3.0   Cyber-Enabled Offenses: A Different Domain

In contrast, cyber-enabled offenses are traditional crimes carried out using ICTs as a medium. Crimes like fraud, harassment, defamation, and even terrorism can occur both online and offline. For example, using social media to harass someone is a digital extension of harassment that does not require specialized cybercrime laws to address. Similarly, spreading misinformation online is akin to traditional defamation.

By conflating these offenses with core cybercrimes, many nations have crafted overly broad cybercrime laws, making it easier for authorities to exploit them for political or oppressive purposes. For example, in Turkey, provisions of its cybercrime legislation have been used to suppress online dissent and silence critics of the government under the guise of combating cyber-related threats.

4.0   Dele Farotimi: A Case in Point

Dele Farotimi faces multiple counts charge under the Cybercrimes (Prohibition, Prevention, etc.) Act 2015 (As Amended), for statements made during YouTube interviews and press conferences about his book "Nigeria and its Criminal Justice System." The charges stem from his criticisms of alleged corruption in the judiciary and his commentary on specific legal cases. Notably, these charges primarily invoke Section 24(a) and 24(1)(b) of the Cybercrimes Act, which deal with cyberstalking and false information dissemination. The charges appear to target his online statements rather than any activity that constitutes a core cybercrime.

Farotimi's case demonstrates the dangers of conflating core cybercrimes with cyber enabled crimes and the problematic expansion of cybercrime laws beyond their legitimate scope:

i.       Nature of the Activity: Farotimi's actions - expressing opinions about the judiciary and sharing his experiences - are traditional forms of speech that happen to use digital platforms. They don't constitute inherently technological offenses.

ii.         Platform vs. Crime: The only "cyber" element in these charges is the use of YouTube as a communication medium. The underlying activities (criticism, commentary, allegations of corruption) are traditional forms of expression that predate the internet.

5.0    Legal Discrepancy in Dele Farotimi's Cybercrime Charges

5.1.   The Charges as Filed

5.1.1 Section 24(a) - Bullying and Harassing

Several charges allege that Farotimi's statements were made "with the intention of bullying and harassing" named persons. These statements include: (i) comments about legal proceedings, (ii) observations about judicial conduct in specific cases, (iii) criticisms of alleged corruption in the justice system and (iv) expressions of opinion about systemic issues in the legal or justice system.

5.1.2 Section 24(1)(b) - False Information

Other charges claim his statements "contained false information for the purpose of causing breakdown of law and order." The contested statements include: (i) claims about corruption in the judiciary, (ii) discussions of specific court cases and their handling, (iii) commentary on his personal experiences within the legal system and (iv) analysis presented in his book "Nigeria and its Criminal Justice System".

5.2. The Actual Law

Section 24(1): A person who knowingly or intentionally sends a message or other matter by means of Computer Systems or Network that-

(a) is pornographic; or

(b) he knows to be false, for the purpose of causing breakdown of law and order, posing a threat to life or causing such message to be sent: commits an offence under this Act and is liable on conviction to a fine of not more than N7,000,000.00 or imprisonment for a term of not more than 3 years or both.

(2) A Person who knowingly or Intentionally Transmits or causes the Transmission of any communication through a Computer System or Network-

(a) to bully, threaten or harass another person, where such communication places another person in fear of death, violence or bodily harm to another person;

(b) containing any threat to kidnap any person or any threat to harm the person of another, any demand or request for a ransom for the release of any kidnapped person, to extort from any person, firm, association or corporation, any money or other thing of value, or

(c) containing any threat to harm the property or reputation of the addressee or of another or the reputation of a deceased person or any threat to accuse the addressee or any other person of a crime, to extort from any person, firm, association, or corporation, any money or other thing of value, commits an offence under this Act and is liable on conviction-

(i) in the case of paragraphs (a) and (6) of this sub-section, to imprisonment for a term of 10 years or a minimum fine of N25.000,000.00 and

(ii) in the case of paragraph (c) of this subsection, to imprisonment for a term of 5 years or a minimum fine of N15,000,000.00.

5.3. Misapplication of Section 24(2)(a)

The charges cite "Section 24(a)" for harassment whereas under the Act, there is no Section 24(a). The actual Section 24(1)(a) deals with pornography. The relevant harassment provision is in Section 24(2)(a).

While there was indeed a technical error in citing "Section 24(a)" instead of the correct Section 24(2)(a) for harassment, this error does not invalidate the charge or warrant setting aside the conviction if Dele is convicted. This is because established case law holds that when an offense known to law is properly disclosed, the penalty is prescribed in existing law, and neither the accused nor counsel were misled by the incorrect citation, the conviction should stand absent any miscarriage of justice. See the case of ADONIKE v. STATE(2015) LPELR-24281(SC) Per John Inyang Okoro, JSC at Pp 20 - 21 Paras B – E.

Furthermore, Section 220 of the Administration of Criminal Justice Act, 2015 explicitly provides that such errors in stating particulars are not material unless the defendant was actually misled by the error.

Therefore, unless it can be demonstrated that the Dele Farotimi was materially misled by the incorrect section citation or suffered prejudice as a result, the technical error in citing the wrong section number should not affect the validity of the proceedings or the ultimate conviction.

6. The Risks of Overbroad Cybercrime Laws

Farotimi's case raises serious concerns about the intent and application of cybercrime laws. By prosecuting Farotimi for his expressions, the Nigeria Police Force has blurred the lines between protecting against cyber threats and stifling dissent. This misuse of cybercrime laws sets a dangerous precedent, suggesting that such laws can be weaponized against political opponents, activists, and ordinary citizens.

The overreach of cybercrime laws has far-reaching consequences, both for individuals and for society at large.

6.1. Suppression of Free Speech

Cybercrime laws with vague language can easily be used to target individuals exercising their right to free expression. Farotimi's case is just one example of how online speech can be criminalized under the guise of combating cybercrime. This trend threatens to silence dissenting voices and erode democratic principles.

6.2. Overburdening Legal Systems

Overly broad cybercrime laws place significant pressure on already strained legal and enforcement systems. When cybercrime laws expand to include offenses that are not inherently technological—such as online defamation, harassment, or even activism—it can lead to several systemic challenges: 

6.2.1. Diverted Focus from Genuine Threats

Expanding the scope of cybercrime laws forces law enforcement agencies to handle a wide range of cases, many of which do not require specialized cyber expertise. For example, prosecuting an online comment as cyber harassment requires investigative resources that could have been better directed toward identifying and mitigating core cybercrimes like hacking, unauthorized debits from customer bank accounts or ransomware attacks. This misallocation weakens the overall effectiveness of cybersecurity measures. 

6.2.2. Complexity of Digital Investigations

Investigating cyber-related offenses requires significant expertise, advanced tools, and collaboration with international entities. When law enforcement is forced to deal with a high volume of cases, many of which may involve non-criminal online behaviour, they risk becoming bogged down in cases that do not contribute to cybersecurity. This inefficiency not only overburdens legal systems but also reduces public trust in their ability to address critical digital threats. 

6.2.3. Erosion of Trust Between Law Enforcement and the Public

When the Nigeria Police Force uses the Cybercrime Act to prosecute individuals for online speech or activism, it creates an impression of the Police being complicit in political suppression or subjugation. This perceived misuse of resources can undermine public trust in the justice system and foster resentment against the Police. 

Here are some recent examples of cybercrime incidents in Nigeria that underscore the importance of focusing cybercrime laws on core offenses:

Nigerian banks reported a series of fraud-related cybercrimes over the years, with billions lost to hacking and phishing schemes. For instance, a 2022 report detailed how N523 million was stolen from a single account through a coordinated cyber-attack that funnelled money across hundreds of bank accounts.

In 2024, Hope Payment Service Bank reported a massive cyberattack resulting in a loss of over ₦10 billion. The funds were transferred across multiple accounts, prompting an investigation and court orders to freeze over 800 implicated accounts. This highlights the need for law enforcement to prioritize complex cyber fraud cases over less critical cyber-enabled offenses.

Similarly, Guaranty Trust Bank (GTBank) faced a significant security breach in August 2024, where its website was compromised by hackers. This incident raised fears of customer data theft and caused major disruptions in online banking operations.

In another case, a syndicate hacked into a bank's server to create fictitious credits worth N1.87 billion. This demonstrates the advanced techniques used by cybercriminals and the necessity of robust cybersecurity measures.

These examples show the increasing sophistication of core cybercrimes in Nigeria, and why the Nigeria Police Force should focus its resources and expertise towards preventing, detecting, investigating and prosecuting such crimes using the Cybercrimes Act instead of prosecuting online criticism or defamation using the Cybercrimes Act.

6.3. Chilling Effect on Digital Activity 

The "chilling effect" refers to the discouragement of legitimate online behaviour due to fear of legal repercussions. When cybercrime laws are overly broad or ambiguously defined, they create uncertainty about what constitutes criminal behaviour, leading to self-censorship and reduced participation in digital spaces. 

6.3.1. Impact on Free Expression

People may refrain from posting opinions, criticisms, or controversial content online, fearing that their statements might be interpreted as cyber harassment, defamation, or other offenses. In environments where authorities use cybercrime laws to target dissent, individuals are less likely to engage in public debates, reducing the vibrancy and diversity of digital discourse. 

6.3.2. Stifling Activism and Advocacy

Activists and advocates who rely on digital platforms to organize campaigns, raise awareness, or criticize policies are particularly vulnerable to chilling effects. If they perceive a risk of prosecution under cybercrime laws, they may avoid using these platforms, weakening their impact and ability to mobilize support. 

6.3.3. Hindering Journalism

Journalists such as Fisayo Soyombo, often use digital tools to investigate and publish stories on issues of public interest. However, the threat of cybercrime charges for reporting on sensitive topics can lead to self-censorship. For example, journalists may avoid exposing corruption or misconduct if they fear being accused of spreading false information or defaming individuals under Cybercrimes Act. 

6.3.4. Economic Consequences

The chilling effect can also impact businesses and entrepreneurs. Startups and companies that depend on open digital communication may face challenges if their employees or users are hesitant to engage freely online. This hesitation can stifle growth, collaboration, and the sharing of ideas, ultimately hindering economic progress in the digital space. 

The combined effect of overburdening legal systems and creating a chilling effect on digital activity is a weakened digital ecosystem. Legal systems are less effective in addressing real cyber threats, while individuals and organizations become less willing to engage in online activities that drive progress, innovation, and civic engagement. 

Therefore, restricting cybercrime laws to core offenses ensures that law enforcement can focus on genuine cyber threats, while the public can participate freely in digital spaces without fear of unwarranted prosecution. By refining these laws, governments can strike a balance between maintaining cybersecurity and protecting fundamental rights, preserving the integrity of the legal system and the vibrancy of the digital age.

7. International Perspectives on Cybercrime Laws

The global debate over cybercrime laws highlights the importance of specificity and restraint. The draft UN Cybercrime Convention has been criticized for its overly broad scope. Advocacy groups like the Electronic Frontier Foundation (EFF) and CIVICUS, a global alliance dedicated to strengthening civil society, argue that the convention risks criminalizing acts that are not inherently harmful, such as security research or whistleblowing.

In their critique, the organizations emphasize that cybercrime laws should focus exclusively on core cybercrimes. Core cybercrimes comprise offenses in which ICTs are the direct objects as well as instruments of the crimes; these crimes could not exist at all without the ICT systems. A useful reference for the types of crimes that are inherently ICT crimes can be found in Articles 2-6 of the Budapest Convention: illegal access to computing systems, illegal interception of communications, data interference, system interference, and misuse of devices. For example, spreading a computer virus in the wild; using a password logger to steal someone else's password and access their email or photos; breaking into the computer system of a bank to steal money; using malicious software to delete all the data of a former employer's systems.

8. Lessons for Nigeria and Beyond

Farotimi's case offers a crucial lesson for policymakers in Nigeria and other nations: the need to align cybercrime laws with international best practices and democratic values. This includes:

8.1. Restricting Cybercrime Laws to Core Offenses

Cybercrime laws should address crimes that directly target ICT systems, such as hacking, malware distribution, and data breaches. Cyber-enabled offenses should be handled under existing laws for fraud, harassment, or defamation.

8.2. Safeguarding Free Expression

Cybercrime laws should explicitly protect freedom of expression. Activists, journalists, and ordinary citizens should not face legal repercussions for sharing opinions or engaging in peaceful dissent online.

8.3. Building Capacity to Address Genuine Threats

Law enforcement agencies should focus on developing expertise to combat core cybercrimes effectively. This includes training, resources, and partnerships with international organizations.

9. Conclusion

The case against Dele Farotimi is a stark reminder of the dangers posed by overly broad cybercrime laws. It highlights the need for policymakers to draw a clear line between core cybercrimes and cyber-enabled offenses, focusing on crimes that inherently involve ICT systems.

By refining cybercrime laws to be specific, narrow, and proportional, nations can uphold justice, protect freedoms, and create a safer digital environment. Farotimi's case should serve as a wake-up call, prompting governments worldwide to reconsider the scope and application of their cybercrime frameworks. In doing so, they can strike a balance between security and liberty, ensuring that the digital age remains a space for innovation, expression, and democratic engagement and  cybercrime laws serve their intended purpose, i.e. enhancing cybersecurity, without compromising fundamental rights..