Explanatory Memorandum
The Act provides an
effective, unified and comprehensive legal, regulatory and institutional
framework for the prohibition, prevention, detection, prosecution and
punishment of cybercrimes in Nigeria. This act also ensures the protection of
critical national information infrastructure, and promotes cybersecurity and
the protection of computer systems and networks, electronic communications,
data and computer programs, intellectual property and privacy rights.
Arrangement of Sections
Section: PART I-OBJECT AND APPLICATION
1.
Objectives.
2.
Application.
PART II - PROTECTION OF CRITICAL NATIONAL INFORMATION INFRASTRUCTURE
3.
Designation of certain computer systems or networks as critical
national information infrastructure.
4.
Audit and
Inspection of critical national information infrastructure.
PART III - OFFENCES AND PENALTIES
5.
Offences
against critical national information infrastructure.
6.
Unlawful
access to a computer.
7.
Registration
of cybercafé.
8.
System
interference.
9.
Interception
of electronic messages, email, electronic money transfers.
10
Tampering
with critical infrastructure.
11
Willful
misdirection of electronic messages.
12
Unlawful
interceptions.
13.
Computer
related forgery.
14.
Computer
related fraud.
15.
Theft of
Electronic Devices.
16.
Unauthorised modification of computer systems, network data and system
interference.
17.
Electronic
Signature.
18.
Cyber
terrorism.
19.
Exceptions
to financial institutions posting and authorised options.
20.
Fraudulent
issuance of e-instructions.
21.
Reporting
of cyber threats.
22.
Identity
theft and impersonation.
24.
Cyberstalking.
25.
Cybersquatting.
26.
Racist and
xenophobic offences.
27.
Attempt,
conspiracy, aiding and abetting.
28.
Importation
and fabrication of e-tools.
29.
Breach of
confidence by service providers.
30.
Manipulation
of ATM/POS Terminals.
31.
Employees
Responsibility.
32.
Phishing,
spamming, spreading of computer virus,
33.
Electronic
cards related fraud.
34.
Dealing in
card of another.
35.
Purchase or
sale of card of another.
36.
Use of fraudulent device or attached e-mails and websites. PART
IV-DUTIES OF FINANCIAL INSTUTUTIONS
37.
Duties of
financial institutions.
38.
Records
retention and protection of data.
39.
Interception
of electronic communications.
40.. Failure of service provider to perform
certain duties.
PART V-ADMINISTRATION AND ENFORCEMENT
41.
Co-ordination
and enforcement.
42.
Establishment
of Cybercrime Advisory Council.
43.
Functions
and powers of the Council.
44.
Establishment of National Cyber Security Fund. PART VI-ARREST, SEARCH,
SEIZURE AND PROSECUTION
45.
Power of
arrest, search and seizure
46.
Obstruction
and refusal to release information.
47.
Prosecution
of offences.
48.
Order of
forfeiture of assets.
49.
Order for payment of compensation or restitution. PART
VII-JURISDICTION AND INTERNATIONAL CO-OPERATION
50.
Jurisdiction.
51.
Extradition.
52.
Request for
mutual assistance
53.
Evidence
pursuant to a request.
54.
Form of
request from a foreign state.
55.
Expedited
Preservation of computer data.
56.
Designation
of contact point.
PART VIII - MISCELLANEOUS
57.
Regulations.
58.
Interpretations.
59.
Citation. SCHEDULES
CYBERCRIMES (PROHIBITION, PREVENTION, ETC) ACT, 2015
For
An act to provide for the prohibition,
prevention, detection, response, investigation and prosecution of cybercrimes;
and for other related matters, 2015.
{
}
ENACTED by the
National Assembly of the Federal Republic of Nigeria as follows: PART I -
OBJECT AND APPLICATION
1.
The
objectives of this Act are to –
(a) provide an
effective and unified legal, regulatory and institutional framework for the
prohibition, prevention, detection, prosecution and punishment of cybercrimes
in Nigeria;
(b) ensure the protection of critical
national information infrastructure; and
(c)
promote cyber security and the protection of computer systems and
networks, electronic communications, data and computer programs, intellectual
property and privacy rights.
2.
The provisions of this Act shall apply throughout the Federal Republic
of Nigeria. PART II - PROTECTION OF CRITICAL NATIONAL INFORMATION
INFRASTRUCTURE
3.
(1) The President may on the recommendation of the National Security
Adviser, by Order published in the Federal Gazette, designate certain computer
systems, and/or networks, whether physical or virtual, and/or the computer
programs, computer data and/or traffic data vital to this country that the
incapacity or destruction of or interference with such system and assets would
have a debilitating impact on security, national or economic security, national
public health and safety, or any combination of those matters as constituting
Critical National Information Infrastructure.
(2) The Presidential Order made under subsection (1) of this section
may prescribe minimum standards, guidelines, rules or procedure in respect of -
(a) the protection or preservation of
critical information infrastructure;
(b) the general management of critical
information infrastructure;
(c) access to, transfer and control of data
in any critical information infrastructure;
Commencement.
Objectives.
Application.
Designation of certain computer systems
or networks as critical national information infrastructure.
(d) infrastructural or
procedural rules and requirements for securing the integrity and authenticity
of data or information contained in any designated critical national
information infrastructure;
(e)
the storage or archiving of data or information designated as critical
national information infrastructure;
(f)
recovery plans in the event of disaster, breach or loss of the
critical national information infrastructure or any part of it; and
(g) any other matter
required for the adequate protection, management and control of data and other
resources in any critical national information infrastructure.
4.
The Presidential Order made under section 3 of this Act may require
the Office of the National Security Adviser to audit and inspect any Critical
National Information Infrastructure at any time to ensure compliance with the
provisions of this Act.
PART III -
OFFENCES AND PENALTIES
5.
(1) Any person who with intent, commits any offence punishable under
this Act against any critical national information infrastructure, designated
pursuant to section 3 of this Act, shall be liable on conviction to
imprisonment for a term of not more than 10 years without an option of fine.
(2)
Where the offence committed under subsection (1) of this section
results in grievous bodily harm to any person, the offender shall be liable on
conviction to imprisonment for a term of not more than 15 years without option
of fine.
(3) Where the offence
committed under subsection (1) of this section results in the death of
person(s), the offender shall be liable on conviction to life imprisonment.
6.
(1) Any
person, who without authorization, intentionally accesses in whole or in part,
a computer system or network for fraudulent purposes and obtain data that are
vital
to national security, commits an offence and shall be liable on
conviction to imprisonment for a term of not more than 5 years or to a fine of
not more than N5,000,000.00 or to both fine and imprisonment.
(2) Where the offence
provided in subsection (1) of this section is committed with the intent of
obtaining computer data, securing access to any program, commercial or
industrial secrets or classified information, the punishment shall be
imprisonment for a term of not more than 7 years or a fine of not more than N7,
000,000.00 or to both such fine and imprisonment.
(3) Any person who,
with the intent to commit an offence under this section, uses any device to
avoid detection or otherwise prevent identification or attribution with the act
or omission, commits an offence and shall be liable on conviction to
Audit and Inspection of critical national
information infrastructure.
Offences against
critical national information infrastructure.
Unlawful access to
a computer.
imprisonment for a term of not more than 7 years
or to a fine of not more than N7,000,000.00 or to both such fine and
imprisonment.
(4) Any person or organisation who knowingly and intentionally
trafficks in any password or similar information through which a computer may
be accessed without lawful authority, if such trafficking affects public,
private and or individual interest within or outside the federation of Nigeria,
commits an offence and shall be liable on conviction to a fine of not more than
N7, 000,000.00 or imprisonment for a term of not more than 3 years or both such
fine and imprisonment.
7.
(1) From the commencement of this Act all operators of a cybercafé
shall register as a business concern with Computer Professionals’ Registration
Council in addition to a business name registration with the Corporate Affairs
Commission. Cybercafés shall maintain a register of users through a sign-in
register. This register shall be available to law enforcement personnel
whenever needed.
(2) Any person, who
perpetrates electronic fraud or online fraud using a cybercafé, shall be guilty
of an offence and shall be sentenced to Three Years imprisonment or a fine of
One Million Naira or both.
(3) In the event of
proven connivance by the owners of the cybercafé, such owners shall be guilty
of an offence and shall be liable to a fine of N 2,000,000.00 or a 3
years jail term or both.
(4)
The burden of proving connivance in subsection 3 above shall be on the
prosecutor.
8.
Any person
who without lawful authority, intentionally or for fraudulent purposes does an
act which causes directly or indirectly the serious hindering of the
functioning of a computer system by inputting, transmitting, damaging,
deleting, deteriorating, altering or suppressing computer data or any other
form of interference with the computer system, which prevents the computer
system or any part thereof, from functioning in accordance with its intended
purpose, commits an offence and shall be liable on conviction to imprisonment
for a term of not more than 2 years or to a fine of not more than N5,000,000.00
or to both fine and imprisonment.
Registration of
Cybercafé.
System
Interference.
9.
Any person
who unlawfully destroys or aborts any electronic mails or processes Intercepting
through which money and or valuable information is being conveyed is
guilty of an offence and is liable to imprisonment for 7 years in the first
instance and upon second conviction shall be liable to 14 years imprisonment.
10.
From the commencement of this Act, any person being employed by or
under a Local Government of Nigeria, private organization or financial
institution with respect to working with any critical infrastructure,
electronic mails commits any act which he is not authorized to do by virtue of
his contract of service or intentionally permits,
Electronic
Messages,
Emails Electronic
Money
Transfers.
Tampering with Critical Infrastructure.
tampering
with such computer, is guilty of an offence and is liable to a fine of N2
,000,000.00 or imprisonment for 3 years .
11.
Any person who misdirects electronic messages with either the
intention to Willful
fraudulently obtain
financial gain as a result of such act or with the intention of obstructing the
process in order to cause delay or speeding the messages with a view to cause
an omission or commission that may defeat the essence of such messages is guilty
of an offence and is liable to imprisonment for Three Years or a fine of N1
,000,000.00 or both.
misdirection
of Electronic Messages.
|
12. (1) Any person, who intentionally and
without authorization, intercepts by technical
|
Unlawful
|
|
|
means,
non-public transmissions of computer data, content, or traffic data,
including
|
interceptions.
|
|
|
electromagnetic emissions or signals from a
computer, computer system or network
|
|
|
|
carrying or emitting signals, to or from a
computer, computer system or connected
|
|
|
|
system or network; commits an offence and shall
be liable on conviction to
|
|
|
|
imprisonment for a term of not more than 2
years or to a fine of not more than
|
|
|
|
|
5,000,000.00 or to both such fine and
imprisonment.
|
|
|
(2) Any
person or organization who by means of false pretense induces any person
|
|
|
|
employed by or under the government of the
federal, state or local government of
|
|
|
|
Nigeria or any person in charge of electronic
devices to deliver to him any electronic
|
|
|
|
messages which
includes but is not limited to E-mail, credit and debit cards
|
|
|
|
information, facsimile messages which is not
specifically meant for him or his
|
|
|
|
organization (in the latter case except he is
authorized to receive such messages for
|
|
|
|
and on behalf of his organization) commits an
offence and shall be liable on
|
|
|
|
conviction to imprisonment for a term of Two
Years or a fine of not more than
|
|
|
|
N1,000,000 or to both such fine and
imprisonment.
|
|
|
|
(3) Any
person who, being employed by or under the authorities of the Local, State,
|
|
|
|
Federal Government of Nigeria or private
organization who intentionally hides or
|
|
|
|
detains any electronic mails, messages,
electronic payment, credit and debit card
|
|
|
|
which was found by him or delivered to him in
error and which to his knowledge
|
|
|
|
ought to be delivered to another person,
commits an offence and shall be liable on
|
|
|
|
conviction to imprisonment for 1 Year or a fine
of N250,000 Naira or to both fine and
|
|
|
|
imprisonment.
|
|
|
A person who knowingly accesses any computer or network and inputs,
alters,
13.
deletes or suppresses any data resulting in inauthentic data with the
intention that such inauthentic data will be considered or acted upon as if it
were authentic or genuine, regardless of whether or not such data is directly
readable or intelligible, commits an offence and is liable on conviction to
imprisonment for a term of not less than 3 years or to a fine of not less than
7,000,000.00 or both
Computer
Related Forgery.
14. (1) Any person who knowingly and without
authority or in excess of authority causes
Computer
Related Fraud.
any loss of property to another by altering,
erasing, inputting or suppressing any data held in any computer, whether or not
for the purpose of conferring any economic benefits on himself or another
person, commits an offence and is liable on conviction to imprisonment for a
term of not less than 3 years or to a fine of not less than 7,000,000.00 or
both fine and imprisonment.
(2)
Any person who with intent to defraud sends electronic message
materially misrepresents any fact or set of facts upon which reliance the
recipient or another person is caused to suffer any damage or loss, commits an
offence and shall be liable on conviction to imprisonment for a term of not
less than 5 years and to a fine of not less than N10,000,000.00 or to both fine
and imprisonment.
(3) Any person who with
intent to defraud, franks electronic messages, instructions, super scribes any
electronic message and or instruction, commits an offence and shall be liable
on conviction to imprisonment for a term of not more than 3 years or to a fine
of not more than N5,000,000.00 or to both such fine and imprisonment
(4) Any person employed
in the public or private sector, who with intent to defraud, manipulates a
computer or other electronic payment devices with the intent to short pay or
overpay or actually short pays or overpays any employee of the public or
private sector, commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 7 Years and shall forfeit the
proprietary interest in the stolen money or property to the bank, financial
institution or the customer.
(a) Any person employed
by or under the authority of any bank or other financial institutions who with
intent to defraud, directly or indirectly, diverts electronic mails, commits an
offence and shall be liable on conviction to imprisonment for a term of not
more than 5 Years or a fine of not more than N7,000,000.00 or to both fine and
imprisonment.
(b) Any person who
commits an offence under subsection (4) above, which results in material and/or
financial loss to the bank, financial institution and/or customers shall in
addition to 7 years imprisonment be liable to refund the stolen money or
forfeit any property to which it has been converted to the bank, financial
institution or the customer.
(5) Any employee of a financial institution found to have connived
with another person or group of persons to perpetrate fraud using computer
system(s) or network, commits an offence and shall be liable on conviction to
imprisonment for a
15.
term of not more than 7 years and shall in addition, refund the stolen
money or forfeit any property to which it has been converted to the bank,
financial institution or the customer.
(a) Any person who steals a financial institutions or Public
Infrastructure Terminal commits an offence and shall be liable on conviction to
imprisonment for a term of 3 years or a fine of N1,000,000.00 or to both fine
and imprisonment.
Theft of
Electronic
Devices.
(b) Any
person who steals an Automated Teller Machine (ATM) commits an offence and
shall be liable on conviction to imprisonment for a term of not more than 7
years or a fine of not more than N10,000,000.00 or to both fine and
imprisonment. All proceeds of such theft shall be forfeited to the lawful
owners of the ATM.
(c) Any person who
attempts to steal an ATM, commits an offence and shall be liable on conviction
to imprisonment for a term of not more than 1 year or a fine of not more than
N1,000,000.00 or both fine and imprisonment.
16.
(1) Any person who with intent and without lawful authority directly
or indirectly Unauthorized
modifies or causes
modification of any data held in any computer system or network, commits an
offence and shall be liable on conviction to imprisonment for a term of not
more than 3 years or to a fine of not more than N7,000,000.00 or to both
such fine and imprisonment.
modification
of computer systems, network data and System interference.
(2) For the purpose of this section, a
modification of any data held in any computer system or network includes
modifications that take place whereby the operation of any function of the
computer system or network concerned, or any-
(a) program or data held in it is altered or
erased;
(b) program or data is added to or removed
from any program or data held in it;
(c)
program or data is suppressed to prevent or terminate the availability
of the data or function to its authorized users; or
(d)
act occurs which impairs the normal operation of any computer,
computer system or network concerned.
(3) Any person who without lawful authority,
intentionally does an act which causes directly or indirectly the serious
hindering of the functioning of a computer system by inputting, transmitting,
damaging, deleting, deteriorating, altering or suppressing computer data or any
other form of interference with the computer system, which prevents the
computer system or any part thereof, from functioning in accordance with its
intended purpose, commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 2 years or to a fine of not more than N5,000,000.00
or to both such fine and imprisonment.
17.
(1) (a)
Electronic signature in respect of purchases of goods, and any other Electronic
transactions shall be binding. Signatures.
(b)
Whenever the geniuses or otherwise of such signatures is in question,
the burden of proof, that the signature does not belong to the purported
originator of such electronic signatures shall be on the contender.
(c)
Any person who with the intent to defraud and or misrepresent, forges
through electronic devices another person’s signature or company mandate
commits an
offence and
shall be liable on conviction to imprisonment for a term of not more than 7
years or a fine of not more than N10,000,000.00 or to both fine and
imprisonment.
(2) The
following transactions shall be excluded from the categories of contractual transactions
or declarations that are valid by virtue of electronic signature:
(a) creation and execution of wills, codicils
and or other testamentary documents;
(b) Death certificate;
(c) Birth certificate;
(d)
matters of family law such as marriage, divorce, adoption and other
related issues;
(e)
issuance of court orders, notices, official court documents such as
affidavit, pleadings, motions and other related judicial documents and
instruments;
(f) any cancellation or termination of
utility services;
(g)
any instrument required to accompany any transportation or handling of
dangerous materials either solid or liquid in nature;
(h) any document ordering withdrawal of
drugs, chemicals and any other material either on the ground that such items
are fake, dangerous to the people or the
18.
environment or expired by any authority empowered to issue orders for
withdrawal of such items.
(1)
Any person that accesses or causes to be accessed any computer or
computer system or network for purposes of terrorism, commits an offence and is
liable on conviction to life imprisonment.
(2)
For the purpose of this section, “terrorism” shall have the same
meaning under the Terrorism (Prevention) Act, 2011, as amended.
19.
(1) From the commencement of this Act, no financial institution shall
give posting and authorizing access to any single employee.
(2) Any person or
persons authorized to give access to computer to employees and gives more than
one access to any person or persons is guilty of an offense and is liable to
payment of a fine of One Million Naira or Seven years imprisonment or both.
(3)
Financial institutions must as a duty to their customers put in place
effective counter-fraud measures to safeguard their sensitive information,
where a security breach occurs the proof of negligence lies on the customer to
prove the financial institution in question could have done more to safeguard
its information integrity.
Cyber Terrorism.
Exceptions to
Financial Institutions, Posting and authorized options.
20.
Any person being authorized by any financial institution and charged
with the Fraudulent
responsibility of
using computer or other electronic devices for financial transactions such as
posting of debit and credit, issuance of electronic instructions as they relate
to sending of electronic debit and credit messages or charged with the duty of
confirmation of electronic fund transfer, unlawfully with the intent to defraud
issues false electronic or verbal messages is guilty of an offence and is
liable to imprisonment for 7 years.
issuance of
E - Instructions.
21.
(1) Any
person or institution, who operates a computer system or a network,
whether public or private, must immediately inform the National
Computer Emergency Response Team (CERT) Coordination Center of any attacks,
intrusions and other disruptions liable to hinder the functioning of another
computer system or network, so that the National CERT can take the necessary
measures to tackle the issues.
(2)
In such cases mentioned in subsection (1) above, and in order to
protect computer systems and networks, the National CERT Coordination Center
may propose the isolation of affected computer systems or network pending the
resolution of the issues.
(3)
Any person or institution who fails to report any such incident to the
National CERT within 7 days of its occurrence, commits an offence and shall be
liable to denial of internet services. Such persons or institution shall in
addition, pay a mandatory fine of N2, 000,000.00 into the National Cyber
Security Fund.
22.
(1) Any person who is engaged in the services of any financial
institution, and as a result of his special knowledge commits identity theft of
its employer, staff, service providers and consultants with the intent to
defraud is guilty of an offence and upon conviction shall be sentenced to 7
years imprisonment or N5,000,000.00 fine or both.
(2) Any person who fraudulently or dishonestly makes use of the
electronic signature, password or any other unique identification feature of
any other person; or
(3)fraudulently impersonates another entity or person, living or dead,
with intent to -
(a) gain advantage for himself or another
person;
(b) obtain any property or an interest in any
property;
(c)
cause disadvantage to the entity or person being impersonated or
another person; or
(d) avoid arrest or prosecution or to
obstruct, pervert or defeat the course of justice.
(4) any
person who makes or causes to be made, either directly or indirectly, any
Reporting of
Cyber Threats.
Identity
theft and impersonation.
false statement as to a material fact in writing,
knowing it to be false and with intent that it be relied upon respecting his
identity or that of any other person or his financial condition or that of any
other person for the purpose of procuring the issuance of a card or other
instrument to himself or another person commits an offence and shall be liable
on conviction to imprisonment for a term of not more than 5 years or a fine of
not more than N7,000,000.00 or to both such fine and imprisonment.
23.
(1) Any
person who intentionally uses any computer system or network in or for-
(a)
producing child pornography;
(b) offering or making available child
pornography;
(c) distributing or transmitting child
pornography;
(d) procuring child pornography for oneself
or for another person;
(e)
possessing child pornography in a computer system or on a
computer-data storage medium:
commits an offence under this Act and shall be liable on conviction –
(i) in the case of
paragraphs (a), (b) and (c) to imprisonment for a term of 10 years or a fine of
not more than N20,000,000.00 or to both fine and imprisonment; and
(ii) in the case of
paragraphs(d) and (e) of this subsection, to imprisonment for a term of not
more than 5 years or a fine of not more than N10,000,000.00 or to both
such fine and imprisonment.
(2) Any person who
knowingly makes or sends other pornographic images to another computer by way
of unsolicited distribution shall be guilty of an offence and upon conviction
shall be sentenced to One year imprisonment or a fine of Two Hundred and Fifty
Thousand Naira or both.
(3) Any person who,
intentionally proposes, grooms or solicits, through any computer system or
network, to meet a child for the purpose of:
(a) engaging in sexual activities with the
child;
(b) engaging in sexual activities with the
child where –
(i) use is made of coercion, inducement,
force or threats;
(ii) abuse is made of a
recognized position of trust, authority or influence over the child, including
within the family; or
Child
pornography and related offences.
(iii) abuse is made
of a particularly vulnerable situation of the child, mental or physical
disability or a situation of dependence;
(c) recruiting, inducing, coercing, exposing, or
causing a child to participate in pornographic performances or profiting from
or otherwise exploiting a child for such purposes;
commits an offence under this Act and shall be liable on conviction-
(i)
in the case of paragraphs (a) to imprisonment for a term of not more
than 10 years and a fine of not more than N15,000,000.00; and
(ii)
in the case of paragraphs(b) and(c) of this subsection, to
imprisonment for a term of not more than 15 years and a fine of not more than N25,000,000.
(4) For the purpose
of subsection (1) above, the term “child pornography” shall include
pornographic material that visually depicts-
(a) a minor engaged in sexually explicit
conduct;
(b) a person appearing to be a minor engaged
in sexually explicit conduct; and
(c) realistic images representing a minor
engaged in sexually explicit conduct.
(5)
For the purpose of this section, the term “child” or “minor” means a
person below 18 years of age.
24.
Any person who knowingly or intentionally sends a message or other
matter by Cyberstalking. means of computer
systems or network that -
(a) is grossly offensive, pornographic or of an
indecent, obscene or menacing character or causes any such message or matter to
be so sent; or
(b) he knows to be false, for the purpose of
causing annoyance, inconvenience danger, obstruction, insult, injury, criminal
intimidation, enmity, hatred, ill will or needless anxiety to another or causes
such a message to be sent:
commits an offence under this Act and shall be
liable on conviction to a fine of not more than N7,000,000.00 or
imprisonment for a term of not more than 3 years or to both such fine and
imprisonment.
(2) Any person who knowingly or intentionally
transmits or causes the transmission
of any communication through a computer system or network -
(a) to bully,
threaten or harass another person, where such communication places another
person in fear of death, violence or bodily harm or to another person;
(b)
containing any threat to kidnap any person or any threat to harm the
person of another, any demand or request for a ransom for the release of any
kidnapped person, to extort from any person, firm, association or corporation,
any money or other thing of value; or
(c)
containing any threat to harm the property or reputation of the
addressee or of another or the reputation of a deceased person or any threat to
accuse the addressee or any other person of a crime, to extort from any person,
firm, association, or corporation, any money or other thing of value:
commits an offence under this Act and shall be liable on conviction-
(i)
in the case of paragraphs (a) and (b) of this subsection to
imprisonment for a term of 10 years and/or a minimum fine of N25,000,000.00;
and
(ii)
in the case of paragraph (c) and (d) of this subsection, to
imprisonment for a term of 5 years and/or a minimum fine of N15,000,000.00.
(3) A court sentencing or otherwise dealing with a person convicted of
an offence under subsections (1) and (2) may also make an order, which may, for
the purpose of protecting the victim or victims of the offence, or any other
person mentioned in the order, from further conduct which-
(a) amounts to harassment; or
(b)
will cause fear of violence, death or bodily harm; prohibit the
defendant from doing anything described/specified in the order.
(4)
A defendant who does anything which he is prohibited from doing by an
order under this section, commits an offence and shall be liable on conviction
to a fine of not more than N10,000,000.00 or imprisonment for a term of
not more than 3 years or to both such fine and imprisonment.
(5)
The order made under subsection (3) of this section may have effect
for a specified period or until further order and the defendant or any other
person mentioned in the order may apply to the court which made the order for
it to be varied or discharged by a further order.
(6)
Notwithstanding the powers of the court under subsections (3) and (5),
the court may make an interim order for the protection of victim(s) from
further exposure to the alleged offences.
25.
(1) Any person who, intentionally takes or makes use of a name,
business name, Cybersquatting. trademark, domain name or other word or phrase registered, owned or
in use by any
individual, body corporate or belonging to either
the Federal, State or Local Governments in Nigeria, on the internet or any
other computer network, without authority or right, and for the purpose of
interfering with their use by the owner, registrant or legitimate prior user,
commits an offence under this Act and shall be
liable on
conviction to imprisonment for a term of not more than 2 years or a fine of not
more than N5,000,000.00 or to both fine and imprisonment.
(2) In awarding any
penalty against an offender under this section, a court shall have regard to
the following -
(a) a refusal by the
offender to relinquish, upon formal request by the rightful owner of the name,
business name, trademark, domain name, or other word or phrase registered,
owned or in use by any individual, body corporate or belonging to either the
Federal, State or Local Governments in Nigeria; or
(b) an attempt by the
offender to obtain compensation in any form for the release to the rightful
owner for use of the name, business name, trademark, domain name or other word
or phrase registered, owned or in use by any individual, body corporate or
belonging to either the Federal, State or Local Government of Nigeria.
(3) In addition to the penalty specified under this section, the court
may make an order directing the offender to relinquish such registered name,
mark, trademark, domain name, or other word or phrase to the rightful owner.
26. (1) Any person who with intent –
(a) distributes or otherwise makes available, any racist or xenophobic
material to the public through a computer system or network;
(b) threatens through a computer system or network –
(i) persons for the reason that they belong to a group distinguished
by race, colour, descent, national or ethnic origin, as well as, religion, if
used as a pretext for any of these factors; or
(ii) a group of persons which is distinguished by any of these
characteristics;
(c) insults publicly through a computer system or network–
(i) persons for the
reason that they belong to a group distinguished by race, colour, descent or
national or ethnic origin, as well as religion, if used as a pretext for any of
these factors; or
(ii) a group of persons which is distinguished
by any of these characteristics; or
(d) distributes or
otherwise makes available, through a computer system or network, to the public,
material which denies or approves or justifies acts constituting genocide or
crimes against humanity, Commits an offence and shall be liable on conviction
to imprisonment for a term of not more than 5 years or to a fine of not more
thanN10,000,000.00 or both such fine and imprisonment.
Racist and
xenophobic offences.
(2) For the purpose
of subsection (1) of this section, the term “Crime against humanity” includes
any of the following acts committed as part of a widespread or systematic
attack directed against any civilian population, with knowledge of the attack:
murders, extermination, enslavement, deportation or forcible transfer of
population, imprisonment, torture, rape, sexual slavery, enforced prostitution,
forced pregnancy, enforced sterilization or any other form of sexual violence
of comparable gravity, persecution against an identifiable group on political,
racial, national, ethnic, cultural, religious or gender grounds, enforced
disappearance of persons, the crime of apartheid, other inhumane acts of
similar character intentionally causing great suffering or serious bodily or
mental injury.
“Genocide” means any of the following acts committed with intent to
destroy in whole or in part, a national, ethnic, racial or religious group as
such: killing members of the group, deliberately inflicting on the group
conditions of life calculated to bring about its physical destruction in whole
or in part; imposing measures intended to prevent births within the group;
forcibly transferring children of the group to another group.
“racist or xenophobic material” means any written or printed material,
any image or any other representation of ideas or theories, which advocates,
promotes or incites hatred, discrimination or violence, against any individual
group of individuals, based on race, color, descent or national or ethnic
origin, as well as religion if used as a pretext for any of these factors.
27.
(1) Any
person who –
(a) attempts to commit any offence under this
Act; or
Attempt,
conspiracy, aiding
and abetting.
(b) aids, abets, conspires, counsels or procures another person(s) to
commit any offence under this Act:
commits an offence and shall be liable on conviction to the punishment
provided for the principal offence under this Act.
(2) Any employee of a financial institution found
to have connived with another person or group of persons to perpetrate fraud
using computer system(s) or network, commits an offence and shall be liable on
conviction to imprisonment for a term of not more than 7 years and shall in addition,
refund the stolen money or forfeit any property to which it has been converted
to the bank, financial institution or the customer.
28.
(1) Any person who unlawfully produces, supplies, adapts, manipulates
or procures for use, imports, exports, distributes, offers for sale or
otherwise makes available-
(a) any device, including a computer program or a component designed
or adapted for the purpose of committing an offence under this Act;
Importation and fabrication of E-Tools.
(b)
a computer password, access code or similar data by which the whole or
any part of a computer system or network is capable of being accessed for the
purpose of committing an offence under this Act; or
(c)
any device, including a computer program designed to overcome security
measures in any computer system or network with the intent that the devices be
utilized for the purpose of violating any provision of this Act:
commits an offence and shall be liable on conviction to imprisonment
for a term of not more than 3 years or a fine of not more than N7,000,000.00
or to both.
(2) Any person who with intent to commit an offence under this Act,
has in his possession any device or program referred to in subsection (1) of
this section, commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 2 years or to a fine of not more than N5,000,000.00
or to both such fine and imprisonment.
(3)
Any person who, knowingly and without authority, discloses any
password, access code or any other means of gaining access to any program or
data held in any computer or network for any unlawful purpose or gain, commits
an offence and shall be liable on conviction to imprisonment for a term of not
more than 2 years or to a fine of not more than N5,000,000.00 or to both
fine and imprisonment.
(4) Where the offence
under subsection (1) of this section results in loss or damage, the offender
shall be liable to imprisonment for a term of not more than 5 years or to a
fine of not more than N10,000,000.00 or to both such fine and
imprisonment.
(5)
Any person who with intent to commit any offence under this Act uses
any automated means or device or any computer program or software to retrieve,
collect and store password, access code or any means of gaining access to any
program, data or database held in any computer, commits an offence and shall be
liable on conviction to imprisonment for a term of not more than 5 years or to
a fine of not more than N10,000,000.00 or to both such fine and
imprisonment.
(6)
Any persons who without lawful authority and or appropriate license
where required, with fraudulent intent, imports, transports or installs within
the Federation of Nigeria any tool, implement, item used or designed to be used
in making, forging, altering, or counterfeiting any electronic device, commits
an offence and shall be liable on conviction to imprisonment for a term of not
more than 7 Years or a fine of not more than N5,000,000.00 or to both
such fine and imprisonment.
29.
(1) Any person or organization who being a computer based service
provider and or vendor does any act with intent to defraud and by virtue of his
position as a service provider, forges, illegally used security codes of the
consumer with the intent to gain any financial and or material advantage or
with intent to provide less value for money in his or its services to the
consumer shall if corporate organization be guilty of an offence and is liable
to a fine of N5,000,000.00and forfeiture of further
Breach of
Confidence by Service Providers.
(2) (a) Where an offence under this Act which has been committed by a
body corporate is proved to have been committed on the instigation or with the
connivance of or attributable to any neglect on the part of a director,
manager, secretary or other similar officer of the body corporate, or any
officer purporting to act in any such capacity, he, as well as the body
corporate, where practicable, shall be deemed to be guilty of that offence and
shall be liable to be proceeded against and punished accordingly.
(b) Where a body
corporate is convicted of an offence under this Act, the Court may order that
the body corporate shall thereupon and without any further assurances, but for
such order, be wound up and all its assets and properties forfeited to the
Federal Government.
(c) If the offender is
a natural person, he commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 7 Years and to a fine of not more than
N5,000,000.00 or to both such imprisonment and fine.
(3)
Nothing contained in this section shall render any person liable to
any punishment, where he proves that the offence was committed without his
knowledge or that he exercised all due diligence to prevent the commission of
the offence.
30.
(1) Any person who manipulates an ATM machine or Point of Sales
terminals with the intention to defraud shall be guilty of an offence and upon
conviction sentenced to Five Years imprisonment or N5, 000,000.00 fine
or both.
(2)
Any employee of a financial institution found to have connived with
another person or group of persons to perpetrate fraud using an ATM of Point of
sales device, shall be guilty of an offence and upon conviction sentenced to
Seven Years imprisonment without an option of fine.
31.
(1) Without prejudice to any contractual agreement between the
employer and the employee all employees in both the public and private sectors
must relinquish or surrender all codes and access rights to their employers
immediately upon disengagement from their employment, and if such code or
access right constitutes a threat or risk to the employer, it shall, unless
there is any lawful reason to the contrary, be presumed that the refusal to
relinquish or surrender such code or access right is intended to be used to
hold such employer to ransom.
(2) Any employee who,
without any lawful reason, continues to hold unto the code or access right of
his employer after disengagement without any lawful reason shall be guilty of
an offence and liable on conviction to 3 years imprisonment or 3,000,000.00 or
both.
Manipulation of
ATM/POS
Terminals.
Employees
Responsibility.
32. (1) Any person who knowingly or intentionally
engages in computer phishing shall be Phishing,
Spamming,
|
Spreading of
|
|
|
|
Computer Virus.
|
(2) Any person who
engages in spamming with intent to disrupt the operations of a computer be it
public or private or financial institutions shall be guilty of an offence and
liable upon conviction to 3 years imprisonment or a fine of N1,
000,000.00 or both.
(3)
Any person who engages in malicious or deliberate spread of viruses or
any malware thereby causing damage to critical information in public, private
or financial institution’s computers shall be guilty of an offence is liable
upon conviction to 3 years imprisonment or a fine of N1, 000,000.00 or
both.
33.
(1) Any person who with intent to defraud, uses any access device
including credit, debit, charge, loyalty and other types of financial cards, to
obtain cash, credit, goods or service commits an offence and shall be liable on
conviction to imprisonment for a term of not more than 7 Years or a fine of not
more than N5,000,000.00 or to both such fine and imprisonment and shall
further be liable to payment in monetary terms the value of loss sustained by
the owner of the credit card.
(2) Any person who uses:
(a) a counterfeit access device;
(b) an unauthorized access device;
(c) an access device issued to another
person;
resulting in a loss or gain commits an offence and shall be liable on
conviction to imprisonment for a term of not more than 7 years or a fine of not
more than N5,000,000.00 and forfeiture of the advantage or value derived
from his act.
(3) Any person who
steals an electronic card commits an offence and shall be liable on conviction
to imprisonment for a term of not more than 3 years or to a fine of not more
than N1,000,000.00. He shall further be liable to repayment in monetary
terms the value of loss sustained by the cardholder or forfeiture of the assets
or goods acquired with the funds from the account of the cardholder.
(4) Any person who
receives a card that he knows or ought to know to have been lost, mislaid, or
delivered under a mistake as to the identity or address of the cardholder and
who retains possession with the intent to use, sell, or to traffic it to a
person other than the issuer or the cardholder commits an offence and shall be
liable on conviction to not more than 3 years imprisonment or to a fine of not
more than N1,000,000.00 and shall further be liable to payment in
monetary terms the value of loss sustained by the cardholder.
(5)
Any person who, with intent to defraud the issuer, a creditor, or any
other person, obtains control over a card as security for a debt commits an
offence and
Electronic
cards related fraud.
shall be
liable on conviction to imprisonment for a term of not more than 3 years or to
a fine of not more than N3,000,000.00 or to such both fine and
imprisonment and shall further be liable to payment in monetary terms the value
of loss sustained by the card holder or forfeiture of the assets or goods
acquired with the funds from the account of the cardholder.
(6)
Any person, other than the cardholder or a person authorized by him,
who, with the intend to defraud the issuer or a creditor, signs a card commits
an offence and shall be liable on conviction to imprisonment for a term of not
more than 3 years or a fine of not more than N1,000,000.00.
(7)
Any person
who, with intent to defraud an issuer or a creditor, uses, for the purpose of
obtaining money, goods, services, or anything else of value, a card obtained or
retained fraudulently or a card which he knows is forged or expired, or who
obtains money, goods, services, or anything else of value by representing,
without the consent or authorization of the cardholder, that he is the holder
of a specified card, or by representing that he is the holder of a card and
such card has been validly issued, commits an offence and shall be liable on
conviction to imprisonment for a term of not more than 3 years and a fine of
not more than N1,000,000.00.
(8)
(a) Any creditor who, with intent to defraud the issuer or the
cardholder, furnishes goods, services, or anything else of value upon
presentation of a card which he knows is obtained or retained fraudulently or
illegally or a card which he knows is forged, expired, or revoked commits an
offence and shall be liable on conviction to imprisonment for a term of not
more than 3 years or a fine of not more than N1,000,000.00 or to both
such fine and imprisonment.
(b)
Any Creditor who, with intent to defraud the issuer, or the
cardholder, fails to furnish goods, services, or anything of value which he
represents in writing to the issuer or the cardholder that he has furnished
commits an offence and shall be liable on conviction to imprisonment for a term
of not more than 3 years or a fine of not more than N1,000,000.00 or to
both such fine and imprisonment.
(c)
Any person who is authorized by a creditor to furnish goods, services,
or anything else of value upon presentation of a card or a card account number
by a cardholder, or any agent or employee of such person, who, with intent to
defraud the issuer, or the cardholder, presents to the issuer or the
cardholder, for payment, a card transaction record of sale, which sale was not
made by such person or his agent or employee, commits an offence and shall be
liable on summary conviction to a fine of not more than N500,000 and to
imprisonment for 3 years.
(d)
Any person who, without the creditor’s authorization, employs,
solicits or otherwise causes a person who is authorized by the creditor to
furnish goods, services or anything else of value upon presentation of a card
account number by the cardholder, or employs, solicits or otherwise causes an
agent or employee of such authorized person, to remit to the creditor a card
transaction record of a sale that
was not made by such authorized person or his
agent or employee commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 3 years or to a fine of not more than N1,000,000.00
or to both such fine and imprisonment.
(9) Any person who with intent to defraud,
possesses counterfeit cards, invoices, vouchers, sales drafts, or other
representations or manifestations of counterfeit cards, or card account numbers
of another person, commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 5 years or to a fine of not more than N3,000,000.00
or to both such fine and imprisonment.
(10)
Any person who receives, possesses, transfers, buys, sells, controls,
or has custody of any card-making equipment with intent that such equipment be
used in the manufacture of counterfeit cards commits an offence and shall be
liable on conviction to imprisonment for a term of not more than 5 years or to
a fine of not more than N7,000,000.00 or to both such fine and
imprisonment.
(11)
Any person who, with intent to defraud another person, falsely alters
any invoice for money, goods, services, or anything else of value obtained by
use of a card after that invoice has been signed by the cardholder or a person
authorized by him, commits an offence and shall be liable on conviction to
imprisonment for a term of not more than 3 years or to a fine of not more than N5,000,000.00
or to both such fine and imprisonment.
(12) Any institution
that makes available, lends, donates, or sells any list or portion of a list of
cardholders and their addresses and account numbers to any person without the
prior written permission of the cardholder(s), commits an offence and shall be
liable on conviction to a fine of N10,000,000.00.
(13) An institution may
make available to the Central Bank of Nigeria or a licensed credit bureau,
which seeks to determine only the cardholder’s rating, any list or portion of a
list of any cardholder and their addresses without the permission of the
cardholder, but must within 7 working days, give notice in writing of the
disclosure to the cardholder. Such institution which fails to comply with the
requirement to notify the cardholder, commits an offence and shall be liable on
conviction to a fine of not more than N1,000,000.00.
34.
Any person, other than the issuer, who receives and retains possession
of two or more cards issued in the name or names of different cardholders,
which cards he knows were taken or retained under circumstances which
constitute a card theft commits an offence and is liable on summary conviction
to 3 years imprisonment or to a fine of one N1,000,000.00and shall
further be liable to repayment in monetary terms the value of loss sustained by
the cardholder or forfeiture of the assets or goods acquired with the funds
from the account of the cardholder.
Dealing in Card
of Another.
35.
Any person other than an issuer or their authorized agent who sells a
card or a person who buys a card from a person other than an issuer or their
authorized agent
Purchase or
Sale of Card of Another.
commits an offence and is liable on summary
conviction to a fine of N500,000.00 and shall further be liable to
payment in monetary terms the value of loss sustained by the card holder or
forfeiture of the assets or goods acquired with the funds from the account of
the cardholder.
36.
(1) Any person who with intent to defraud uses any device or
attachment, e-mails or fraudulent website to obtain information or details of a
cardholder commits an offence and upon conviction is liable to imprisonment for
a period of 3years or to a fine of N 1,000,000.00 or both.
(2)
Any person who fraudulently re-direct funds transfer instructions
during transmissions over any authorized communications path or device and
re-directs funds transferred electronically with an authorized account commits
any offence and upon conviction is liable to imprisonment for a period of
3years or to a fine of N 1,000,000.00 and shall further be liable to
payment in monetary terms the value of loss sustained by the cardholder or
forfeiture of the assets or goods acquired with the funds from the account of
the cardholder.
PART IV - DUTIES OF FINANCIAL INSTUTUTIONS
37.
(1) A
financial institution shall —
(a) verify the identity
of its customers carrying out Electronic financial transactions by requiring
the customers to present documents bearing their names, addresses and other
relevant information before issuance of ATM cards, credit cards, Debit cards
and other related electronic devices;
(b)
apply the principle of know your customer in documentation of
customers preceding execution of customers electronic transfer, payment, debit
and issuance orders;
(2)
Any official or organization who fails to obtain proper identity of
customers before executing customer electronic instructions in whatever way, commits
an offence and shall be liable on conviction to a fine of N5,000,000.00
(3)
Any financial institution that makes an unauthorized debit on a
customers account shall upon written notification by the customer, provide
clear legal authorization for such debit to the customer or reverse such debit
within 72 hours. Any financial institution that fails to reverse such debit
within 72 hours , shall be guilty of an offence and liable on conviction to
restitution of the debit and a fine of N 5, 000,000.00.
DUTIES OF SERVICE PROVIDERS
Use of
Fraudulent Device or Attached E-mails and Websites.
Duties of
Financial
Institutions.
38.
(1) A
service provider shall keep all traffic data and subscriber information as may
be
prescribed by the
relevant authority for the time being, responsible for the regulation of
communication services in Nigeria, for a period of 2 years.
Records
retention and protection of
(2) A service
provider shall, at the request of the relevant authority referred to in
subsection (1) of this section or any law enforcement agency –
(a)
preserve, hold or retain any traffic data, subscriber information,
non-content information, and content data; or
(b) release any information required to be
kept under subsection (1) of this section.
(3)
A law enforcement agency may, through its authorized officer, request
for the release of any information in respect of subsection (2) (b) of this
section and it shall be the duty of the service provider to comply.
(4) Any data retained,
processed or retrieved by the service provider at the request of any law
enforcement agency under this Act shall not be utilized except for legitimate
purposes as may be provided for under this Act, any other legislation,
regulation or by an order of a court of competent jurisdiction.
(5) Anyone exercising
any function under this section shall have due regard to the individual’s right
to privacy under the Constitution of the Federal Republic of Nigeria, 1999 and
shall take appropriate measures to safeguard the confidentiality of the data
retained, processed or retrieved for the purpose of law enforcement.
(6)
Subject to the provisions of this Act, any person who contravenes any
of the provisions of this section commits an offence and shall be liable on
conviction to imprisonment for a term of not more than 3 years or a fine of not
more than N7,000,000.00 or to both fine and imprisonment.
39.
Where there are reasonable grounds to suspect that the content of any
electronic communication is reasonably required for the purposes of a criminal
investigation or proceedings, a Judge may on the basis of information on oath;
(a) order a service
provider, through the application of technical means to intercept, collect,
record, permit or assist competent authorities with the collection or recording
of content data and/or traffic data associated with specified communications
transmitted by means of a computer system; or
(b)
authorize a law enforcement officer to collect or record such data
through application of technical means.
40.
(1) It
shall be the duty of every service provider in Nigeria to comply with all the
provisions of this Act and disclose information requested by any law
enforcement agency or otherwise render assistance howsoever in any inquiry or
proceeding under this Act.
(2) Without prejudice to the generality of the foregoing, a service
provider shall, at the request of any law enforcement agency in Nigeria or at
its own initiative, provide assistance towards –
data.
Interception
of electronic communications.
Failure of service provider to perform
certain duties.
|
|
(a) the identification, apprehension and
prosecution of offenders;
|
||
|
|
(b) the identification, tracking and tracing of
proceeds of any offence or any
|
||
|
|
property, equipment or device used in the
commission of any offence; or
|
||
|
|
(c) the freezing, removal, erasure or
cancellation of the services of the offender
|
||
|
|
which enables the offender to either
commit the offence, hide or preserve the
|
||
|
|
proceeds of any offence or any property,
equipment or device used in the
|
||
|
|
commission of the offence.
|
||
|
|
(3) Any service provider who contravenes the
provisions of subsection (1) and (2) of
|
||
|
|
this section, commits an offence and
shall be liable on conviction to a fine of not
|
||
|
|
more than
|
||
|
|
(4) In addition to the punishment prescribed
under subsection (3) of this section and
|
||
|
|
subject to the
provisions of section 20 of this Act, each director, manager or officer of
|
||
|
|
the service provider shall be liable on
conviction to imprisonment for a term of not
|
||
|
|
more than 3 years or a fine of not more
than
|
|
7,000,000.00 or to both such fine and
|
|
|
imprisonment.
|
||
|
|
PART V - ADMINISTRATION AND ENFORCEMENT
|
||
|
41.
|
(1) The
office of the National Security Adviser shall be the coordinating body for
all
|
||
|
|
security and enforcement agencies under this
Act and shall;
|
||
(a) provide support to all relevant security, intelligence, law
enforcement agencies and military services to prevent and combat cybercrimes in
Nigeria;
(b) ensure formulation and effective implementation of a comprehensive
cyber security strategy and a national cyber security policy for Nigeria;
(c) establish and maintain a National Computer Emergency Response Team
(CERT) Coordination Center responsible for managing cyber incidences in
Nigeria;
(d) establish and maintain a National Computer Forensic Laboratory and
coordinate utilization of the facility by all law enforcement, security and
intelligence agencies;
(e) build capacity for the effective discharge of the functions of all
relevant security, intelligence, law enforcement and military services under
this Act or any other law on cybercrime in Nigeria;
(f) establish appropriate platforms for public private partnership
(PPP);
(g) coordinate Nigeria’s involvement in international cyber security
cooperation to ensure the integration of Nigeria into the global frameworks on
cyber security; and
(h) do such other acts or things that are necessary for the effective
performance of
Co-ordination
and enforcement.
(2) The Attorney –
General of the Federation shall strengthen and enhance the existing legal
framework to ensure –
(a)
conformity of Nigeria’s cybercrime and cyber security laws and
policies with regional and international standards;
(b)
maintenance of international co-operation required for preventing and
combating cybercrimes and promoting cyber security; and
(c) effective prosecution of cybercrimes and
cyber security matters.
(3) All law enforcement, security and intelligence agencies shall
develop requisite institutional capacity for the effective implementation of
the provisions of this Act and shall in collaboration with the Office of the
National Security Adviser, initiate, develop or organize training programmers
nationally or internationally for officers charged with the responsibility for
the prohibition, prevention, detection, investigation and prosecution of
cybercrimes.
42.
(1) There is established, a Cybercrime Advisory Council (in this Act
referred to as “the Council”) which shall comprise of a representative each, of
the Ministries and Agencies listed under the First Schedule to this Act.
(2) A representative
appointed pursuant to subsection (1) of this section shall be an officer not
below the Directorate Cadre in the Public Service or its equivalent.
(3) A member of the Council shall cease to
hold office if –
(a) he ceases to hold
the office on the basis of which he became a member of the Council; or
(b)
the President is satisfied that it is not in the public interest for
the person to continue in office as a member of the Council.
(4)
The meetings of the Council shall be presided over by the National
Security Adviser.
(5) The Council shall
meet at least four times in a year and whenever it is convened by the National
Security Adviser.
43.
(1) The
Council shall –
(a) create an enabling
environment for members to share knowledge, experience, intelligence and
information on a regular basis and shall provide recommendations on issues
relating to the prevention and combating of cybercrimes and the promotion of
cyber security in Nigeria;
Establishment of
the Cybercrime
Advisory Council.
Functions
and powers of the Council.
(b)
formulate and provide general policy guidelines for the implementation
of the provisions of this Act;
(c)
advise on measures to prevent and combat computer related offences,
cybercrimes, threats to national cyberspace and other cyber security related issues;
(d)
establish a program to award grants to institutions of higher
education to establish Cyber security Research Centers to support the
development of new Cyber security defences, techniques and processes in the
real-world environment; and
(e)
promote Graduate Traineeships in Cyber security and Computer and
Network Security Research and Development
(2)
The Council shall have power to regulate its proceedings and make
standing orders with respect to the holding of its meetings, notices to be given,
the keeping of minutes of its proceedings and such other matters as Council
may, from time to time determine.
44.
(1) There is established a Fund, which shall be known as the National
Cyber security Fund (in this Act referred to as “The Fund”).
(2) There shall be paid
and credited into the Fund established under subsection (1) of this section and
domiciled in the Central Bank of Nigeria:
(a) A levy of 0.005 of
all electronic transactions by the businesses specified in the second schedule
to this Act.
(b) grants-in-aid and assistance from donor,
bilateral and multilateral agencies;
(c)
all other sums accruing to the Fund by way of gifts, endowments,
bequest or other voluntary contributions by persons and organizations: Provided
that the terms and conditions attached to such gifts, endowments, bequest or
contributions will not jeopardize the functions of the Agency;
(d) such monies as may be appropriated for
the Fund by the National Assembly; and
(e) all other monies or assets that may, from
time to time accrue to the Fund.
(3)
All monies accruing to the Fund shall be exempted from income tax and
all contributions to the Fund shall be tax deductible.
(4) The levy imposed
under subsection 2(a) shall be remitted directly by the affected businesses or
organizations into the Fund domiciled in the Central Bank within a period of 30
days.
(5)
An amount not exceeding 40 percent of the Fund may be allocated for
programs relating to countering violent extremism.
Establishment of
National Cyber
Security Fund.
(6) Accounts and records of the Fund -
(a)
The Office of the National Security Adviser shall keep proper records
of the accounts;
(b) The account of the
Fund shall be audited in accordance with guidelines provided by the Auditor
General of the Federation.
PART VI - ARREST, SEARCH, SEIZURE AND PROSECUTION
45.
(1) A law enforcement officer may apply ex-parte to a Judge in
chambers for the issuance of a warrant for the purpose of obtaining electronic
evidence in related crime investigation.
(2) The
Judge may issue a warrant authorizing a law enforcement officer to-
(a) enter and search any premises or place
if within those premises, place or conveyance –
(i) an offence under this Act is being
committed; or
(ii) there is evidence of the commission of an
offence under this Act; or
(iii) there is an urgent need to prevent the
commission of an offence under this Act
(b) search any person or conveyance found on
any premises or place which such authorized officers who are empowered to enter
and search under paragraph (a) of this subsection;
(c)
stop, board and search any conveyance where there is evidence of the
commission of an offence under this Act;
(d)
seize, remove and detain anything which is, or contains evidence of
the commission of an offence under this Act;
(e) use or cause to use
a computer or any device to search any data contained in or available to any
computer system or computer network;
(f) use any technology
to decode or decrypt any coded or encrypted data contained in a computer into
readable text or comprehensible format;
(g) require any person
having charge of or otherwise concerned with the operation of any computer or
electronic device in connection with an offence under this Act to produce such
computer or electronic device.
Power of arrest,
search and seizure.
(3) The
court shall issue a warrant under subsection (2) of this section where it is
satisfied that –
(a) the warrant is
sought to prevent the commission of an offence under this Act or to prevent the
interference with investigative process under this Act; or
(b) the warrant is for
the purpose of investigating cybercrime, cyber security breach, computer related
offences or obtaining electronic evidence; or
(c) there are reasonable grounds for
believing that the person or material on the premises or conveyance may be
relevant to the cybercrime or computer related offences under investigation; or
(d) the person named in
the warrant is preparing to commit an offence under this Act.
46.
Subject to
the provisions of the Constitution of the Federal Republic of Nigeria, any
person who –
(a)
willfully obstructs any law enforcement officer in the exercise of any
powers conferred by this Act; or
(b) fails to comply
with any lawful inquiry or requests made by any law enforcement agency in
accordance with the provisions of this Act:
commits an offence and shall be liable on conviction to imprisonment for
a term of 2 years or to a fine of not more than N500,000.00 or to both
such fine and imprisonment.
47.
Subject to the powers of the Attorney General, relevant law
enforcement agencies shall have power to prosecute offences under this Act. In
the case of offences committed under sections 19 and 21 of this Act, the
approval of the Attorney General must be obtained before prosecution.
Obstruction and
refusal to release information.
Prosecution of
offences.
48.
(1) The
Court in imposing sentence on any person convicted of an offence under this
Act, may order that the convicted person forfeits to the Government of the
Federal Republic of Nigeria –
(a) any asset,
money or property, whether tangible or intangible, traceable to proceeds of
such offence; and
(b) any computer,
equipment, software, electronic device or any other device used or intended to
be used to commit or to facilitate the commission of such offence;
(2) There it is
established that a convicted person has assets or properties in a foreign
country, acquired as a result of such criminal activities listed in this Act,
such assets or properties, shall subject to any Treaty or arrangement with such
foreign country, be forfeited to the Federal Government of Nigeria.
Order of
forfeiture of assets.
(3)
The office of the Attorney-General of the Federation shall ensure that
the forfeited assets or properties are effectively transferred and vested in
the Federal Government of Nigeria.
(4)
Any person convicted of an offence under this Act shall have his
International Passport cancelled. In the case of a foreigner, his passport
shall be withheld and only returned to him after he has served the sentence or
paid the fines imposed on him.
49.
In addition to any other penalty prescribed under this Act, the Court
shall order a person convicted of an offence under this Act to make restitution
to the victim of the false pretense or fraud by directing that the person that
–
(a)where
the property involved is money, to pay to the victim an amount equivalent to
the lost sustained by the victim; in any other case to–
(i) return the property to the victim or to a
person designated by him; or
(ii)
pay an amount equal to the value of the property, where the return of
the property is impossible or impracticable.
(b) an order of
restitution may be enforced by the victim or by the prosecutor on behalf of the
victim in the same manner as a judgment in a civil action.
PART VII - JURISDICTION AND INTERNATIONAL CO-OPERATION
50.
(1) The Federal High Court located in any part of Nigeria regardless
of the location where the offence is committed shall have jurisdiction to try
offences under this Act, if committed –
(a) in Nigeria; or
(b) in a ship or aircraft registered in
Nigeria; or
(c) by a citizen or
resident in Nigeria if the person’s conduct would also constitute an offence
under a law of the country where the offence was committed; or
(d) outside Nigeria, where –
(i) the victim of the offence is a citizen or
resident of Nigeria; or
(ii) the alleged
offender is in Nigeria and not extradited to any other country for prosecution.
(2) In the trial of
any offence under this Act, the fact that an accused person is in possession
of-
(a) pecuniary resources or property for which he cannot satisfactorily
account; or
Order for
payment of compensation or restitution.
Jurisdiction
(c)
that he had at or about the time of the alleged offence obtained an
accretion to his pecuniary resources or property for which he cannot
satisfactorily account:
may, if proved, be
taken into consideration by the Court as corroborating the testimony of witness
in the trial.
(3)
The court shall ensure that all matters brought before it by the
Commission against any person, body or authority shall be conducted with
dispatch and given accelerated hearing.
(4)
Subject to the provisions of the Constitution of the Federal Republic
of Nigeria, an application for stay of proceedings in respect of any criminal
matter brought under this Act shall not be entertained until judgment is
delivered.
51.
Offences under this Act shall be extraditable under the Extradition
Act, CAP E25, Extradition. Laws of the Federation of Nigeria, 2004.
52.
(1) The Attorney - General of the Federation may request or receive
assistance from any agency or authority of a foreign State in the investigation
or prosecution of offences under this Act; and may authorize or participate in
any joint investigation or cooperation carried out for the purpose of
detecting, preventing, responding and prosecuting any offence under this Act.
(2)
The joint investigation or cooperation referred to in sub-section (1)
may be carried out whether or not any bilateral or multilateral agreements
exist between Nigeria and the requested or requesting country.
(3) The
Attorney-General of the Federation may, without prior request, forward to a
competent authority of a foreign State, information obtained in the course of
investigation, if such information will assist in the investigation of an
offence or in the apprehension of an offender under this Act.
53.
(1) Any evidence gathered, pursuant to a request under this Act, in
any investigation or proceedings in the court of any foreign State, if
authenticated, shall be prima facie admissible in any proceedings to which
this Act applies.
(2) For the
purpose of subsection (1) of this section, evidence is authenticated if it is -
(a) certified by a Judge or Magistrate or
Notary Public of the foreign State; or
(b) sworn to under oath
or affirmation of a witness or sealed with an official or public seal –
(i) of a Ministry or Department of the Government of the foreign
State; or
Request for mutual
assistance.
Evidence
pursuant to a request.
(ii) in the case of a territory, protectorate or
colony, of the person administering the Government of the foreign territory,
protectorate or colony or a department of that territory, protectorate or
colony.
54.
(1) A request under this Act shall be in writing, dated and signed by
or on behalf of the person making the request.
(2) A request may be transmitted by facsimile or by any other
electronic device or means; and shall include the following-
(a) the name of the authority conducting the
investigation, prosecution or proceedings to which the request relates;
(b) a description of
the subject matter and nature of the investigation, prosecution, or
proceedings, including the specific crimes which relate to the matter, the
stage reached in the proceedings and any dates for further proceedings;
(c) a description of
the evidence, information or other assistance sought; and (d) a statement of
the purpose for which the evidence, information or other assistance is sought.
(3) To the extent necessary and possible, a request shall also include
the following-
(a) information on the
identity and location of any person from whom evidence is sought;
(b) information on the
identity and location of a person to be served, that person's relationship to
the investigation, prosecution or proceedings, and the manner in which service
is to be effected;
(c) information on the identity and
whereabouts of the person to be located;
(d) a precise
description of the place or person to be searched and of the articles to be
seized;
(e) description of the
manner in which any testimony or statement is to be taken and recorded,
including any special requirements of the law of the Requesting State as to the
manner of taking evidence relevant to its admissibility in that State;
(f) list of questions to be asked of a
witness;
(g) description of any particular procedure
to be followed in executing the request;
(h) information as to
the allowances and expenses to which a person asked to in the requesting State
in connection with the request will be entitled;
(i)
court order, if any, or a certified copy thereof, which is to be
enforced and a statement that such order is final; and
Form of
request from a foreign state.
(j) any
other information which may be brought to the attention of the Requested State
to facilitate its execution of the request.
(4)
A request shall not be invalidated for the purposes of this Act or any
legal proceedings by failure to comply with the provision of subsection (2) of
this section where the Attorney-General of the Federation is satisfied that
there is sufficient compliance to enable him execute the request.
(5)
Where the Attorney-General of the Federation considers it appropriate
because an international arrangement so requires or it is in the public
interest, he shall order that the whole or any part of any property forfeited
under this Act or the value thereof, be returned or remitted to the requesting
State.
55. (1)
Nigeria may be requested to expedite the preservation of electronic device or
data stored in a computer system, or network, referring to crimes described
under this Act or any other enactment, pursuant to the submission of a request
for assistance for search, seizure and disclosure of those data.
(2) The request under subsection (1) of
this section shall specify -
(a) the authority requesting the preservation
or disclosure;
(b)
the offence being investigated or prosecuted, as well as a brief
statement of the facts relating thereto;
(c)
the electronic device or computer data to be retained and its relation
to the offence;
(d)
all the available information to identify the person responsible for
the electronic device or data or the location of the computer system;
(e) the necessity of the measure of
preservation, and
(f)
the intention to submit a request for assistance for search, seizure
and disclosure of the data.
(3) In executing
the demand of a foreign authority under the preceding sections, the Attorney -
General of the Federation may order any person who has the control or
availability of such data, including a service provider, to preserve them or
turn them in for proper preservation by an appropriate authority or person.
(4) Without
prejudice to the provisions of subsection (3) of this section, the preservation
may also be requested by any law enforcement agency, with responsibility for
enforcing any provisions of this Act, pursuant to an order of court, which
order may be obtained ex parte where there is urgency or danger in delay.
Expedited
Preservation of computer data.
(5) Where a
court grants an order, pursuant to the provisions of subsection (4) of this
section, such order shall indicate -
(a) the nature of the evidence;
(b) their origin and destination, if known;
and
(c)
the period of time which shall not exceed 90 days over which data must
be preserved.
(6) In compliance with the preservation
order, any person who has the control or availability of such data, including a
service provider, shall immediately preserve the data for the specified period
of time, protecting and maintaining its integrity.
(7)
A request for expedited preservation of electronic evidence or data
may be refused if, there are reasonable grounds to believe that the execution
of a request for legal assistance for subsequent search, seizure and release of
such data would be denied.
56. (1) In order to provide immediate assistance
for the purpose of international cooperation under this Act, the Office of the
National Security Adviser shall designate and maintain a contact point that
shall be available twenty-four hours a day and seven days a week.
(2)
This contact point can be reached by other contact points in
accordance with agreements, treaties or conventions by which Nigeria is bound,
or in pursuance of protocols of cooperation with international judicial or law
enforcement agencies.
(3) The immediate assistance to be provided
by the contact point shall include -
(a) technical advice to other points of
contact;
(b) expeditious preservation of evidence in
cases of urgency or danger in delay;
(c) collection of
evidence for which it has the legal jurisdiction in cases of urgency or danger
in delay;
(d) detection of
suspects and provision of legal information in cases of urgency or danger in
delay;
(e) the immediate
transmission of requests concerning the measures referred to in paragraphs (b)
and (d) of subsection (3) of this section, with a view to its expedited
implementation.
PART VIII–MISCELLANEOUS
57.
(1) The Attorney General of the Federation may make orders, rules,
guidelines or regulations as are necessary for the efficient implementation of
the provisions of this
Designation
of contact point.
Regulations.
(2) Orders, rules,
guidelines or regulations made under subsection (1) of this section may provide
for the -
(a)
method of custody of video and other electronic recordings of suspects
apprehended under this Act;
(b)
method of compliance with regulations or conventions issued by
relevant international institutions on cyber security and cybercrimes;
(c)
procedure for freezing, unfreezing and providing access to frozen
funds or other assets;
(d) procedure for attachments, forfeiture and
disposal of assets,
(e) mutual legal assistance,
(f)
procedure for the prosecution of all cybercrime cases in line with
national and international human rights standards;
(g)
procedure for ensuring prompt payment of any levy prescribed under this Bill,
including penalties and prosecution; and
(h) any other
matter the Attorney General may consider necessary or expedient for the purpose
of the implementation of this Act.
58. In this Act – Interpretation.
“access” means
gaining entry into, instructing or communicating with the logical,
arithmetical, or memory function resources of a computer system or network;
“Access Device” means and includes: Electronic cards such as:
(a) Debit Cards;
(b) Credit Cards;
(c) Charge cards;
(d) Loyalty Cards;
(e) Magnetic Stripe
based cards;
(f) Smart Chip Based
cards;
(g) EMV Cards;
(h) Passwords;
(i) Personal
identification number (PIN),
(i) Electronic plate,
(ii) Electronic serial
number,
(iii) Code number,
(iv) Mobile identification number,
(v)
Any account number or other telecommunications service, equipment, or
instrument identifier, or other means of account access including telephones,
PDAs,
(vi) Automatic Teller Machines,
(vii) Point of Sales
Terminals,
(viii) Other vending machines;
“ATM” means Automated Teller Machine.
“authorized
access” - A person has authorized access to any program or data held in a
computer if—
(a) the person is entitled to control access
to the program or data in question; or
(b) the person has consent to access such
program or data from a person who is charged with granting such consent;
“Authorised
Manufacturer” means a financial institution which or any other person who is
authorised under any written law to produce a card;
“authorized officer
or authorized persons” means a member of any law enforcement Agency or a person
mandated by it, involved in the prohibition, prevention, elimination or
combating of computer crimes and cyber security threats;
“Bank Card” means
any instrument, token, device, or card whether known as a bank service card,
banking card, cheque guarantee card, or debit card or by any other similar
name, issued with or without a fee by an issuer for the use of the cardholder
in obtaining goods, services, or anything else of value or for the use in
automated banking device to obtain money or any of the services offered through
the device;
“Card” means a bank card, credit card, or
payment card;
“Cardholder” means
the person named on the face of a bank card, credit card or payment card to
whom or for whose benefit such a card is issued by an issuer;
“Card-Making
Equipment” means any equipment, machine, plate, mechanism, impression, or any
other device designed, used, or capable of being used to produce a card, a
counterfeit card, or any aspect or component of a card;
“Computer” means an
electronic, magnetic, optical, electrochemical or other high speed data
processing device performing logical, arithmetic, or storage functions and
includes any data storage facility. All communication devices that can directly
interface with a computer through communication protocols shall form part of
this definition. This definition excludes the following; portable hand-held
calculator typewriters and typesetters or other similar devices;
“computer data”
include every information including information required by the computer to be
able to operate, run programs, store programs and store information that the
computer user needs such as text files or other files that are associated with
the program the computer user is running.
“computer program”
or “program” means a set of instructions written to perform or execute a
specified task with a computer;
“computer system”
refers to any device or group of interconnected or related devices, one or more
of which, pursuant to a program, performs automated or interactive processing
of data. It covers any type of device with data processing capabilities
including, but not limited to, computers and mobile phones. The device
consisting of hardware and software may include input, output and storage
components which may stand alone or be connected in a network or other similar
devices. It also includes computer data storage devices or media;
“Consumer” means
every person or organization who enters into computer based purchase, lease
transfer, maintenance and consultancy service agreements with a computer
service provider and the customer and agent of the consumer. Consumers will
also include bank account holders who carry financial cards;
“content data”
means the actual information or message sent across during a communication
session;
“Counterfeit Card”
means a bank card, credit card or a payment card which is fictitious, altered, or
forged and includes any facsimile or false representation, deception, or
component of such a card, or any such card which is stolen, obtained as part of
a scheme to defraud, or otherwise unlawfully obtained, and which may or may not
be embossed with account information or an issuer’s information;
‘’Countering Violent Extremism (CVE)
Program includes any intervention designed to counter the persistence of
violent radicalization to reduce the incidence of violent activities, change
the behaviour of violent extremists, and counter the negative extreme groups
while promoting core national values; also any program that seeks to identify
the underlying causes of radicalization (social, cultural, religious and
economic) and develop strategies that provide solutions and also introduce
measures to change the attitudes and perceptions of potential recruits,
including providing vocational training of prisoners and means of sustainable
livelihood and reintegration of reformed extremists to their families and
communities’’;
“Credit” includes a cash loan, or any other financial information;
“Credit
Card” means any instrument, token, device, or card, whether known as a charge
card or by any other similar name, issued with or without a fee by an issuer
for the use of the cardholder in obtaining goods, services, or anything else of
value on credit from a creditor or for use in an automated banking device to
obtain money or any of the services offered through the device;
“Creditor” means a
person or company that agrees or is authorised by an issuer to supply goods,
services, or anything else of value and to accept payment by use of a bank
card, credit card, payment card for the supply of such goods, services or
“Critical
infrastructure” means, systems and assets which are so vital to the country
that the destruction of such systems and assets would have an impact on the
security, national economic security, national public health and safety of the
country;
“Counterfeit access
device” means counterfeit, fictitious, altered, or forged, or an identifiable
component of an access device or a counterfeit access device;
“cyberstalking” a
course of conduct directed at a specific person that would cause a reasonable
person to feel fear;
“cybersquatting”1 The acquisition of
a domain name over the internet in bad faith to profit, mislead, destroy
reputation, and deprive others from registering the same, if such a domain name
is:
(i)
Similar, identical, or confusingly similar to an existing trademark
registered with the appropriate government agency at the time of the domain
name registration:
(ii)
Identical or in any way similar with the name of a person other than
the registrant, in case of a personal name; and
(iii) Acquired without right or with intellectual
property interests in it.
“damage” means any
impairment to a computer or the integrity or availability of data, program,
system or information that—
(i) causes financial loss; or
(ii)
modifies or impairs or potentially modifies or impairs the medical
examination, diagnosis, treatment or care of one or more persons; or
(iii)
causes or threatens physical injury or death to any person; or
(iv) threatens public health or public safety;
“data” means
representations of information or of concepts that are being prepared or have
been prepared in a form suitable for use in a computer;
“database” means
digitally organized collection of data for one or more purposes which allows
easy access, management and update of data;
“device” means any
object or equipment that has been designed to do a particular job or whose
mechanical or electrical workings are controlled or monitored by a
microprocessor ;
“electronic
communication” includes communications in electronic format, instant messages,
short message service (SMS), e-mail, video, voice mails, multimedia message
service (MMS), Fax, and pager;
“electronic
device” means a device which accomplishes its purpose electronically. This
includes ,computer systems, telecommunication devices, smart phones, access
cards, credit cards, debit cards, loyalty cards etc;
“electronic record”
means a record generated, communicated, received or stored by electronic,
magnetic, optical or other means in an information system or for transmission
from one information system to another;
“Electronic
transfer of fund” means any transfer of funds which is initiated by a person by
way of instruction, authorisation or order to a bank to debit or credit an
account maintained with that bank through electronic means and includes point
of sales transfers, automated teller machine transactions, direct deposits or
withdrawal of funds, transfer initiated by telephone, internet and card
payment;
“Expired Card”
means a card which is no longer valid because the term shown of it has expired;
“Financial Institution” includes any
individual, body, association or group of persons, whether corporate or
unincorporated which carries on the business of investment and securities, a
discount house, finance company and money brokerage whose principal object
includes factoring project financing equipment leasing, debt administration,
fund management, private ledger services, investment management, local purchase
order financing, export finance, project consultancy, financial consultancy,
pension fund management, insurance institutions, debt factorization and
conversion firms, dealer, clearing and settlement companies, legal
practitioners, hotels, casinos, bureau de change, supermarkets and such other
businesses as the Central Bank or appropriate regulatory authorities may, from time
to time, designate”;
“Financial
Transaction” means, (a) a transaction which in any way involves movement of
funds by wire or other electronic means; (b) involves one or more monetary
instruments; (c) involves the transfer of title to any real or personal
property;
“function” includes
logic, control, arithmetic, deletion, storage, retrieval and communication or
telecommunication to, from or within a computer;
“Identity Theft”
means, the stealing of somebody else personal information to obtain goods and
services through electronic based transactions;
“Infrastructure
Terminal” includes terminals shall include GSM Phones that can be used to
access bank or any other sensitive information, Point of sales terminals (POS)
and all other Card Acceptor Devices that are in use now or may be introduced in
the future;
“Interception” in
relation to a function of a computer system or communications network, includes
listening to or recording of communication data of a computer or
acquiring
the substance, meaning or purport of such and any acts capable of blocking or
preventing any of these functions;
“Issuer” includes a
financial institution which or any other entity who is authorised by the
Central Bank to issue a payment card;
“law enforcement
agencies” - includes any agency for the time being responsible for
implementation and enforcement of the provisions of this Act;
“Minister” means the Attorney – General
of the Federation;
“Modification” means deletion,
deterioration, alteration, restriction or suppression of data within computer
systems or networks, including data transfer from a computer system by any
means.
“network” means a
collection of hardware components and computers interconnected by
communications channels that allow sharing of resources and information;
“payment Card”
means any instrument, token, device, or card, or known by any other similar
name, and encoded with a stated money value and issued with or without a fee by
an issuer for use of the cardholder in obtaining goods, services, or anything
else of value, except money;
“person” includes an individual, body
corporate, organisation or group of persons;
“President” means
the President, Commander-in-Chief of the Armed Forces of the Federal Republic
of Nigeria;
“Phishing” means
the criminal and fraudulent process of attempting to acquire sensitive
information such as usernames, passwords and credit card details, by masquerading
as a trustworthy entity in an electronic communication through e-mails or
instant messaging either in form of an email from what appears from your bank
asking a user to change his or her password or reveal his or her identity so
that such information can later be used to defraud the user;
“Purchasing Forged
Electronic” Means of Credit/Debit Transfer Instruments Such as Credit Card,
Debit Card, Smart Card, ATM or Other Related Electronic Payment System Devices;
“Receives”
or “Receiving” means acquiring possession, title or control or accepting a card
as security for credit;
“Revoked Card”
means a card which is no longer valid because permission to use it has been
suspended or terminated by the issuer, whether on its own or on the request of
the cardholder;
“Service provider” means -
(i)
any public or private entity that provides to users of its services
the ability to communicate by means of a computer system, electronic
communication devices, mobile networks; and
(ii)
any other entity that processes or stores computer data on behalf of
such communication service or users of such service;
“Sexually explicit conduct” includes at least the following real or
simulated acts-
(a)
sexual intercourse, including genital-genital, oral-genital,
anal-genital or oral-anal, between children, or between an adult and a child,
of the same or opposite sex;
(b) bestiality;
(c) masturbation;
(d) sadistic or masochistic abuse in a sexual
context; or
(e)
lascivious exhibition of the genitals or the pubic area of a child. It
is not relevant whether the conduct depicted is real or simulated;
“Spamming” is an abuse of electronic messaging
systems to indiscriminately send unsolicited bulk messages to individuals and
corporate organizations;
“Traffic” means to sell, transfer, distribute,
dispense, or otherwise dispose of property or to buy, receive, possess, obtain
control of, or use property with the intent to sell, transfer, distribute,
dispense, or otherwise dispose of such property; and
“traffic data” - means any computer data relating
to a communication by means of a computer system or network, generated by a
computer system that formed a part in the chain of communication, indicating
the communication’s origin, destination, route, time, date, size, duration, or
type of underlying service.
59. This Bill may be cited as the Cybercrime
(Prohibition, Prevention, Etc.) Bill, Citation.
2015.
FIRST SCHEDULE
[Section 42]
MEMBERS OF THE CYBERCRIME ADVISORY COUNCIL
(1) The Cybercrime
Advisory Council shall comprise of a representative each of the following
Ministries, Departments and Agencies-
(a) Federal Ministry of Justice;
(b) Federal Ministry of
Finance;
(c) Ministry of Foreign
Affairs;
(d) Federal Ministry of
Trade and Investment;
(e) Central Bank of
Nigeria;
(f) Office of the
National Security Adviser;
(g) Department of State
Services;
(h) Nigeria Police
Force;
(i) Economic and
Financial Crimes Commission;
(j) Independent Corrupt
Practices Commission;
(k) National
Intelligence Agency;
(l) Nigerian Security and Civil Defence
Corps;
(m) Defence
intelligence Agency;
(n) Defence
Headquarters;
(o) National Agency for
the Prohibition of Traffic in Persons;
(p) Nigeria Customs
Service;
(q) Nigeria Immigration
Service;
(r) National Space
Management Agency;
(s) Nigerian
Information Technology Development Agency;
(t) Nigerian
Communications Commission;
(u) Galaxy backbone;
(v) National Identity
Management Commission;
(w) Nigeria Prisons
Service;
(x) One representative
each from the following:
(i) Association of Telecommunications
Companies of Nigeria;
(iii) Nigeria Bankers Committee;
(iv) Nigeria Insurance Association;
(v) Nigerian Stock Exchange;
(vi) Non- Governmental Organization with Focus
on Cyber Security.
(2)
The Cybercrime Advisory Council shall also comprise of a
representative of any other Ministry, Department, Agency or Institution which
the Minister may by notice published in the Federal Gazette add to the list
under paragraph 1 of this Schedule.
SECOND SCHEDULE
Businesses which section 44 (2)(a) refers to are:
(a) GSM Service providers and all
telecommunication companies;
(b) Internet Service
Providers;
(c) Banks and other Financial Institutions;
(d) Insurance
Companies;
(e) Nigerian Stock Exchange.