{"id":3569,"date":"2024-05-16T16:45:27","date_gmt":"2024-05-16T16:45:27","guid":{"rendered":"https:\/\/placng.org\/Legist\/?p=3569"},"modified":"2024-05-17T09:05:57","modified_gmt":"2024-05-17T09:05:57","slug":"cybercrimes-amendment-act-exposes-lapses-in-legislative-process","status":"publish","type":"post","link":"https:\/\/placng.org\/Legist\/cybercrimes-amendment-act-exposes-lapses-in-legislative-process\/","title":{"rendered":"Cybercrimes Amendment Act Exposes Lapses in Legislative Process"},"content":{"rendered":"\n<p><strong><em>Act Amendment Raises Queries about Legal Status of ONSA<\/em><\/strong><\/p>\n\n\n\n<p>The February 2024 amendment to the Cybercrimes\nAct of 2015 has stirred serious national controversy and citizens\u2019 outcry\nespecially about its financial implications. The amendment to the Cybercrimes\nAct was contained in a bill sponsored by Senator Shehu Buba (Bauchi; APC). The\nbill passed in the Senate on 21<sup>st<\/sup> December 2023 and in the House of\nRepresentatives on 14<sup>th<\/sup> February 2024. The national outcry arises\nfrom several factors: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The speed of passage of the amendment <\/li><li>The secrecy surrounding the process of passage of the\namendment, including the absence of public participation <\/li><li>The apparent focus of the amendment on taxation<\/li><\/ul>\n\n\n\n<p>President Bola Tinubu assented to the bill in\nFebruary 2024. <\/p>\n\n\n\n<p>On Friday, May 3, 2024, the Office of the\nNational Security Adviser (NSA) called for the full implementation of the\nCybercrimes Amendment Act 2024, particularly the operationalisation of the\nNational Cybersecurity Fund. Subsequently, the Central Bank of Nigeria (CBN)\nissued a circular directing banks and other financial institutions on the\ncollection of what it termed the \u2018cybercrimes levy\u2019 and that was what drew the\nattention of Nigerians to this amendment to the Cybercrimes Act. This\ndevelopment has raised questions about the furtive passage of bills by the\nNational Assembly, particularly bills that have a direct impact on Nigerians. <\/p>\n\n\n\n<p>The House of Representatives has called for a\nhalt to the implementation of the cybercrimes levy provision, while the\nChairman of the Senate Committee on National Security and Intelligence, Senator\nShehu Buba, who sponsored the bill stated that the levy is not targeted at\nindividuals but at the businesses specified in the Act. However, he did not\nexplain what constitutes transactions by those businesses. <\/p>\n\n\n\n<p>One of the key changes made by the amendment\nAct is the insertion of an enabling provision for the administration of the National\nCybersecurity Fund by the Office of the National Security Adviser (NSA), with the\n(0.005) 0.5% levy on all electronic transactions by specified businesses being\none of several sources of revenue for the Fund. The Office of the NSA being a\nposition and not an organisation has been empowered to administer, keep proper\nrecords of account and ensure compliance monitoring mechanism for the Fund. The\nquestion has arisen as to whether an entity that is neither a constitutional nor\nstatutory body can assume the powers to manage levies collected under the Act.\nThere is also the question whether revenues collected at the Federal level\nshould not first be paid into the Consolidated Revenue Fund of the Federation\nto be spent only after the National Assembly has appropriated same through a\nbudget. <\/p>\n\n\n\n<p>There have been lingering questions about the\nstatus of the Office of the NSA. Although the National Security Adviser is mentioned\nin Paragraph 25, Item K, Part 1 of the Third Schedule to the Nigerian\nConstitution as a member of the National Security Council, the \u2018Office of the\nNational Security Adviser\u2019 is not a creation of law. Section 4 of the National\nSecurities Agencies Act provides for the appointment of a Coordinator on\nNational Security as a principal staff in the office of the President for the\npurpose of coordinating intelligence activities of the National Security\nAgencies. These provisions do not establish an Office of the NSA as a legal\nentity. There have been debates over what the actual powers of the NSA should\nbe. Ordinarily, the assumption is that the NSA co-ordinates the work of\nsecurity agencies in the country. Funding for the Office of the NSA is usually\nincluded as a budget item under the Presidency.&nbsp;\n&nbsp;<\/p>\n\n\n\n<p>The controversy over the cybersecurity level\nhas hinged mostly over the burdensomeness on citizens who are already overtaxed\nand in unprecedented suffering from inflation, rising cost of living and\nweakened financial abilities. <\/p>\n\n\n\n<p>Section 44 of the Cybercrimes Act 2015 before\nits amendment, provided as follows: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><em>There is\nestablished a Fund, which shall be known as the National Cyber security Fund\n(in this Act referred to as \u201cThe Fund\u201d). <\/em><\/li><\/ul>\n\n\n\n<ul class=\"wp-block-list\"><li><em>There shall be paid\nand credited into the Fund established under subsection (1) of this section and\ndomiciled in the Central Bank of Nigeria: <\/em><\/li><\/ul>\n\n\n\n<p><em>(a<strong>)\n<\/strong>A levy of 0.005 of all electronic transactions by the businesses specified\nin the second schedule to this Act.<\/em><\/p>\n\n\n\n<p>The new amendment to\nsection 44 (2)(a) now states as follows: <\/p>\n\n\n\n<p><strong><em>A levy of 0.5% (0.005) equivalent to a half percent of all electronic\ntransactions value by the business specified in the Second Schedule to this Act<\/em><\/strong><\/p>\n\n\n\n<p>The new subsections (6) and\n(8) provide as follows: <\/p>\n\n\n\n<p><strong><em>(6)The Office of the National Security\nAdviser shall administer, keep proper records of the accounts and shall ensure\ncompliance monitoring mechanism. <\/em><\/strong><\/p>\n\n\n\n<p><strong><em>(8) A business specified in the Second Schedule to this Act that fails\nto remit the levy under section 44 (2)(a) of this Act commits an offence and is\nliable on conviction to a fine of not less than 2% of the annual turnover of\nthe defaulting business and failure to comply shall lead to closure or\nwithdrawal of the business operational licence.<\/em><\/strong><\/p>\n\n\n\n<p>The businesses referred to\nin section 44 (2) (a) of Act include the following: <\/p>\n\n\n\n<p><em>(a) GSM\nService providers and all telecommunication companies; <\/em><\/p>\n\n\n\n<p><em>(b) Internet\nService Providers;<br>\n(c) Banks and other Financial Institutions;<br>\n(d) Insurance Companies; <\/em><\/p>\n\n\n\n<p><em>(e) Nigerian\nStock Exchange. <\/em><\/p>\n\n\n\n<p>The\ncybersecurity levy is not an entirely new provision. The amendment to\nsubsection (2)(a) was the addition of the word \u2018<em>value<\/em>\u2019 to the word\n\u2018transactions\u2019 and also by the addition of \u2018<em>0.5% (0.005) equivalent to half\npercent<\/em>\u2019 to emphasis the proportion of the levy. <\/p>\n\n\n\n<p>The\namendment has expanded the powers of the Office of the NSA in subsection (6) by\nadding administration and ensuring compliance monitoring mechanism of the\nNational Cybersecurity Fund to the responsibilities of the NSA. Previously, the\nonly responsibility of the Office of the NSA under the former subsection (6)\nwas keeping the records of the accounts the Fund. <\/p>\n\n\n\n<p>The\nnew subsection (8) criminalises failure to remit the levy by specified businesses.&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\n<\/p>\n\n\n\n<p>Also, section 44(4) provides that the levy\nshall be remitted by the specified businesses into the National Cybersecurity\nFund domiciled in the Central Bank of Nigeria (CBN).&nbsp; <\/p>\n\n\n\n<p>Section 44(5) which provides that up to 40 % of\nthe National Cybersecurity Fund may be a<\/p>\n\n\n\n<p>allocated for programmes relating to countering\nviolent extremism does not appear to align with the purpose of the Act.<\/p>\n\n\n\n<p>Senator\nShehu Baba (APC; Bauchi) who sponsored the bill in the Senate stated that the\nbill sought to amend section 44 of the Act to insert some consequential\nomissions from the Act and address all anomalies that hindered the effective\nimplementation of the Act. It would appear that while the amendment affected\nsome other sections of the Act by introducing new words to enhance the meaning\nof the provisions of those sections, section 44 which places a levy on\ntransactions by specified businesses was amended to give the ONSA powers to\nenforce the provision of the section. <\/p>\n\n\n\n<p>Other\namendments to the Act include the following: <\/p>\n\n\n\n<p>Section\n17(1) (b) was amended to correct the word \u2018geniuses\u2019 to \u2018genuineness\u2019 and\nsubsection 17(2) was amended to read thus: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><em>The following transactions shall be\nexcluded from the categories of contractual transactions or declarations that\nare valid by virtue of electronic <\/em><em>signature<\/em><em> <strong>except where they are\nlegally verified in Certified True Copies<\/strong><\/em><em>:<\/em><\/li><\/ul>\n\n\n\n<p>This implies that the\nCertified True Copies of transactions or declarations listed under this\nsubsection which were not be considered valid by use of electronic signatures\ncan now be considered valid. <\/p>\n\n\n\n<p>Section 21(1) is amended to\nread thus: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><em>Any person or\ninstitution, who operates a computer system or a network, whether public or\nprivate, must immediately inform the National Computer Emergency Response Team\n(CERT) Coordination Center<\/em><em> <strong>through their respective sectoral\nCERTs or sectoral Security Operations Centres (SOC)<\/strong><\/em><em> of any attacks, intrusions and other\ndisruptions liable to hinder the functioning of another computer system or\nnetwork, so that the National CERT can take the necessary measures to tackle\nthe issues<\/em>. <\/li><\/ul>\n\n\n\n<p>The\namendment to 21 (3) changes the timeline that a person or institution is\nrequired to report an incident on a computer system or network from \u2018<strong>7 days\nof its occurrence<\/strong>\u2019&nbsp; to <strong>\u201872 hours\nof its detection<\/strong>\u2019.<\/p>\n\n\n\n<p>The\npurview of section 22 is expanded to include persons who are engaged in the\nservices of public and private organisations as those who may be liable for the\noffence of identity theft and impersonation. In the Principal Act, only persons\nengaged in the services of financial institutions could be held liable for this\noffence. <\/p>\n\n\n\n<p>Section\n24(1) (a) and (b) which define the offence of cyberstalking have been amended\nto read thus: <\/p>\n\n\n\n<p><em>Any<\/em><em> p<\/em><em>erson who knowingly or intentionally\nsends a message or other matter by means of computer systems or network that \u2013 <\/em><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong><em>is pornographic <\/em><\/strong><strong><em><\/em><\/strong><\/li><li><strong><em>he or she knows to be false, for the purpose of\ncausing a breakdown of law and order, posing a threat to life, or causing such\nmessage to be sent, <\/em><\/strong><strong><em><\/em><\/strong><\/li><\/ul>\n\n\n\n<p>This provision in the\nPrincipal Act defined cyberstalking as follows: <\/p>\n\n\n\n<p>Before\nthis amendment, these provisions defined cyberstalking to include materials\nthat were grossly offensive, indecent, obscene, of menacing character or sent\nto cause annoyance, inconvenience, danger, obstruction, insult, injury, criminal\nintimidation, hatred, ill will and needless anxiety. <\/p>\n\n\n\n<p>The\namendment has narrowed down the definition of the offence of cyberstalking.\nThis means that some acts that previously constituted cyberstalking will not be\nconsidered as such moving forward. It is important to note that section 24 has\noften been used by security agents as the basis to arrest journalists and other\npersons who speak or make publications criticising public officials.\nIndividuals and businesses have also invoked this provision to instigate the\nprosecution of their critics. <\/p>\n\n\n\n<p>In\nsection 27(2), the scope of persons who may be liable for the offence of\nperpetrating fraud using computer systems or network has been expanded by the\namendment from an employee of \u2018a financial institution\u2019 to an employee of \u2018<strong>any\nprivate or public organisation<\/strong>\u2019. <\/p>\n\n\n\n<p>In\nsection 30(1) and (2), the offence of manipulating an ATM machine or Point of\nSales terminal and the offence of connivance by the employee of a financial\ninstitution to perpetrate fraud using an ATM or Point of Sales device has been\nexpanded by this amendment to include \u2018<strong>any other payment technology means<\/strong>\u2019.\n<\/p>\n\n\n\n<p>The\namendment to section 37(1) (a) requires financial institutions to verify the\nidentity of their customers by asking them to present a \u2018<strong>National\nIdentification Number issued by the National Identity Management Commission and\nother valid<\/strong>\u2019 documents bearing their personal details, before issuing them\nATM cards, credit\/debit cards and other related electronic devices. <\/p>\n\n\n\n<p>The\namendment to section 38(1) which provides for retention of traffic data and\nsubscriber information records by communication service providers for a period\nof two years, now&nbsp; stipulates that such\nrecords are to be retained in accordance with the provisions of &nbsp;\u2018<strong>the Nigeria Data Protection Act<\/strong>.\u2019 It\nalso streamlines the records to be retained to \u2018<strong>specific\u2019<\/strong> traffic data\nand subscriber information. <\/p>\n\n\n\n<p>This\namendment recognises the recently enacted Nigeria Data Protection Act which is\nthe key legislation on data protection in the country. <\/p>\n\n\n\n<p>Section\n41(1), which provides for the responsibilities of the Office of the NSA as the\ncoordinating body for all security and enforcement agencies under this Act, is\namended to include two more responsibilities as follows: <\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><strong><em>ensure the establishment of sectoral\nComputer Emergency Response Teams (CERT) and sectoral Security Operation\nCentres (SOC) that shall feed into the national CERT; <\/em><\/strong><\/li><li><strong><em>ensure that all public and private organisations integrate and route\ntheir internet and data traffic to the sectoral SOCs thereby protecting the\nnational cyberspace; <\/em><\/strong><\/li><\/ul>\n\n\n\n<p>The\namendment deletes section 48(4) which provided&nbsp;\none of the punitive measures for offences under the Act. It provided for\nthe cancellation of the international passport of a person convicted of an\noffence under the Act and for the withholding of a foreigner\u2019s passport until\nhe or she has served their sentence or paid any fines imposed on them. <\/p>\n\n\n\n<p>While\nmost of the amendments introduce new words that enhance or modify the meaning\nof the affected provisions of the Act, the amendment of section 44 enables the\nimplementation of the cybercrime levy and even stipulates a punishment if the specified\nbusinesses fail to comply. However, the Amendment Act contains some\ncross-referencing errors. <\/p>\n\n\n\n<p>See\nthe Cybercrimes Amendment Act 2024 here: <a href=\"https:\/\/placng.org\/i\/documents\/cybercrimes-prohibition-prevention-etc-amendment-act-2024\/\">https:\/\/placng.org\/i\/documents\/cybercrimes-prohibition-prevention-etc-amendment-act-2024\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Act Amendment Raises Queries about Legal Status of ONSA The February 2024 amendment to the Cybercrimes Act of 2015 has stirred serious national controversy and citizens\u2019 outcry especially about its financial implications. The amendment to the Cybercrimes Act was contained in a bill sponsored by Senator Shehu Buba (Bauchi; APC). The bill passed in the [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":3577,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[11],"tags":[],"class_list":["post-3569","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news"],"_links":{"self":[{"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/posts\/3569","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/comments?post=3569"}],"version-history":[{"count":2,"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/posts\/3569\/revisions"}],"predecessor-version":[{"id":3579,"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/posts\/3569\/revisions\/3579"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/media\/3577"}],"wp:attachment":[{"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/media?parent=3569"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/categories?post=3569"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/placng.org\/Legist\/wp-json\/wp\/v2\/tags?post=3569"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}