Sunday, May 29, 2011

NaijaCyberHacktivism, Cyber threats and the failure of the National Assembly to Strengthen the Arm of the Nigerian Law

On the 1st of March, 2011 the Federal House of Representatives led by outgoing speaker Hon. Dimeji Bankole killed An Act To Provide For The Establishment Of The Cyber Security And Information Protection Agency Charged With The Responsibility To Secure Computer Systems And Networks And Liaise With The Relevant Law Enforcement Agency For The Enforcement Of Cyber Crimes Laws, And For Related Matters (HB 154), the reason been that the provisions of the Bill overlapped with the provisions of some existing legislations such as the Economic and Financial Crimes Commission (Amendment) Act 2007. HB 154 was supposed to provide the legal framework for the establishment of an independent Cybercrime Agency and would have legislated on various Cybercrimes and Cyber-Security offences. These offences are either committed against the integrity, availability and confidentiality of computer systems and telecommunications networks or using such networks to commit offences. In particular HB 154 sought to apply to; offences against the confidentiality, integrity and availability of computer data and systems (hacking, unlawful interception, denial-of-service attacks, system interference, etc); computer related offences (fraudulent electronic mail, spamming, impersonation, copyright infringement); content related offences (child pornography); data retention; lawful & unlawful Interception; designation of critical information systems; and admissibility of electronic evidence.

Fast-forward to May 25th, 2011 where the cyber activist group going by the name Naija Cyber Hacktivist group brought down the website of Niger-Delta Development Commission’s (NDDC) website in protest of the federal government’s planned expenditure of almost 1 billion Naira on the presidential inauguration of Dr. Goodluck Ebele Jonathan. This protest which took the form of a denial-of-service attack has once again brought to the fore the inability of our extant legal framework to combat cyber threats or security threats against computer or telecommunications networks. This denial-of-service attack is a type of system interference which seeks to make computer resources unavailable by saturating it with external communications request to prevent it from responding to legitimate traffic, translated to simple English, it generally means that this cyber attack will prevent an internet site or service from functioning efficiently or at all, temporarily or indefinitely.

It becomes important to mention that Section 13 of the already dead HB 154 criminalizes this type of conduct with a term of imprisonment not less than seven (7) years or by imposing a fine of 2 million naira; in particular it provided that:

Any person who without authority or in excess of authority intentionally denies or interferes with access to any computer or network so as prevent any—
a) part of the computer from functioning; or
b) denying or partially denying any legitimate user of any service of such computer or network;
commits an offence and shall be liable on conviction to a fine of not less than N2,000,000 or imprisonment for a term of not less than 7 years or to both such fine and imprisonment
.

The particular aim of this section was to bring within its ambit the intentional prevention of the lawful use of a computer system including telecommunications facilities by using or influencing computer data. We must also note that the protected interest here is the right of the network operator or us, the system users being able to have them function optimally (me continues to think how this provision or similar provisions embedded in HB 154 overlapped with any provision of the EFCC Act 2007). This prevention definitely refers to actions that will interfere with the proper functioning of the computer or network system and will usually take the form of imputing, transmitting, damaging, deleting, altering or suppressing computer data. No doubt the 24 hour unavailability of NDDC’s website and the current threat is serious enough to warrant the intervention of HB 154’s section 13.

However while not attempting to call any bluff here, we must note that we have been promised another dose of cyber attacks against the networks of all financial institutions, e-payment platforms, telcos and government if the federal government goes ahead with its planned expenditure for the presidential inauguration, we can only do but wait and see how the long arm of the Nigerian law intends to catch up with this category of cyber robin hood and his band of merry men when this promise is fulfilled.

On a last note, I end with a quote from Johnson and Post in Law and Borders-The Rise of Law in Cyberspace’, Stanford Law Review, 48, (1996): 1367, 1375 that:
the rise of an electronic medium that disregards geographical boundaries throws the law into disarray by creating entirely new phenomena that need to become the subject of clear legal rules that cannot be governed, satisfactorily, by any current territorially based sovereign