Tuesday, 2 September 2014

EFCC AND ATTEMPTED HACKING

On the 30th of August, 2014 Sahara Reporters posted a news story on their website; captioned: “EFCC Arrests Three Suspected Fraudsters for Attempted Hacking.” The gist of the story is that some persons conspired to break into or compromise the computer systems/computer networks of a bank using an electronic device, for the purpose of stealing funds. However; their plan failed as an insider reported them to the Economic and Financial Crimes Commission (EFCC) and they were arrested.

The caption of the story got me wondering whether there is a law in Nigeria which directly criminalizes attempted hacking or hacking or breaking into someone’s computer networks or computer systems. To the best of my knowledge there is no such law in Nigeria that directly criminalizes hacking or breaking into or compromising someone’s computer networks or computer systems? Therefore, the caption: “EFCC Arrests Three Suspected Fraudsters for Attempted Hacking.” by Sahara Reporters is inappropriate or misleading.

In the US the Computer Fraud and Abuse Act, has prohibited certain computer crimes. The Act prohibits accessing or attempting to a computer without authorization and subsequently transmitting classified government information, theft of financial information, computer fraud, transmitting code that causes damage to a computer system, trafficking in computer passwords for the purpose of affecting interstate commerce or a government computer, etc. Also in South Africa, under the Electronic Communications and Transactions (ECT) Act 25 of 2002; unauthorised access to, interception of or interference with data on a computer or computer networks is  criminalized.

However, with regard to Nigeria, there is no law like that of the US and South Africa mentioned above. It is therefore, high time that a law regulating computer/internet crime in Nigeria is enacted. The need for a law criminalizing computer crime/cybercrime in Nigeria becomes more urgent considering the drive by the Government (Central Bank of Nigeria) to encourage cashless transactions which compels people to use electronic(computer) means of transactions. Criminals may exploit weaknesses in these electronic means of transactions to defraud customers but a computer crime/cybercrime law would be able to curb such criminal acts by punishing criminals who contravene the law.

In addition to the above, many Nigerians are now taking to online transactions/ecommerce. This can be inferred from the growth and popularity of the two leading online shops in Nigeria: Konga and Jumia. It is has therefore become necessary to pass computer crime/cybercrime laws to protect users of these ecommerce channels/shops. Apart from such computer crime /cybercrime laws there is also need for a data protection law to guard against the misuse/abuse of the personal data which operators of these ecommerce sites gather and hold concerning their customers/users. For instance in China, P.R.C. Criminal Law  stipulates criminal penalties for improper sales, provision and collection of personal data. In the same China, three men were arrested for illegal sales of millions of items of personal information.