Written by Adetokunbo Onikosi – Partner AOCATERNIZ
Everyone with a digital device is either swiping, pinching, chatting, posting or texting information in the form of messages, pictures and videos to family, friends or business partners. The contents of these photos, write ups or videos are totally at the discretion of its author. It may impact an individual or group positively or otherwise depending on the actions the particular post wants to elicit. The foregoing represents the Ubiquity of a fast evolving global Cyber-culture generally referred to as SOCIAL MEDIA. Consequently, these cyber-actions, cyber activities, cyber- interactions and socializing brings an individual or group under the digital influence of total strangers whose intentions may be for the public good like the recent #ENDSARS Protests or Outright criminal motives like the activities of YAHOO BOYS; which has seen many people being scammed, by the peddling of false information, had their identities stolen or completely defrauded by financial Cybercriminals.
Netizens of the Cloud
The geographical flexibility of the internet has made almost everyone using the Web being referred to as Netizens; like the Citizen of a sovereign state with rules, laws and codes governing the activities of people and corporates alike. Therefore responsible citizens of the internet must abide by certain rules of etiquette so as not to offend the sensibilities of fellow Netizens or even a government; which may attract severe sanctions for those who habitually engage in the promotion of “hate speech” or put up “fake News”. The vulnerabilities of the internet resulted in Nigeria joining other progressive countries like the US, UK, China, Russia and South Africa in promulgating a Cybercrime LAW which seeks generally to ensure standards of decency on the Web as well as ensure that the rights of others are not violated by criminally minded individuals or groups.
Incidents of such cybercrimes abound in our jurisdiction and elsewhere; for instance a certain syndicate of cyber criminals in Spain a few years ago where able to amass over $1 billion dollars by sending encrypted malware to emails of targeted Banks in Europe over a certain period, they even set the exact time when the ATMs of victim banks should dispense CASH; it took a combined team of INTERPOL, FBI, M16 and the Spanish authorities to digitally track and eventually apprehend this criminal Ring. A matter still being prosecuted in US courts is the case of the Notorious HUSHPUPPY and WOODBERRY who are alleged to have coordinated an international Cybercrime organization that defrauded businesses running into millions of dollars. These examples highlight the gravity of multi- national digital crimes and the mastery of these sophisticated technology tools by its perpetrators.
Social Media and Financial Networks
Facebook, Instagram, WhatsApp, Snapchat, Google etc. Including Cryptocurrency networks are now subject of the privacy debate. Facebook in particular got entangled in a messy privacy and confidentiality breach involving the compromise of the data of millions of its users; resulting in class actions in the US and also igniting swiping reforms in the EU culminating in the enactment of GDPR; the general data protection rules require public entities formally known as Data Controllers to conduct audits of their use of personal data and also implement a comprehensive data protection policy. The National Information technology development Agency NITDA has also in line with global best trends as part of its regulatory mandate enacted the Nigeria Data protection regulation 2019 (NDPR) principles of this regulation are currently being enforced by licensed DPCOs Data Protection Compliance Organizations; Nigerian Corporates are obligated to comply.
Crypto- currencies present another grave challenge in the CLOUD people with little or No knowledge of its pitfalls are investing in Bitcoins and the promise of mouthwatering profits and secure “SMART CONTRACT” platforms. It must be noted that the Legal and regulatory aspects of these new forms of digital finance is still hazy around the World. The CBN recently published an ICT Fraud prevention framework for Deposit Money Banks; the basis of this new policy is to hold bank directors liable for ATM Fraud incident infractions on the understanding that banks have the primary duty to its customers to have and maintain a secure and robust infrastructure for conducting its transactions. The hacking of MTN, Airtel, Stanbic IBTC Mobile Money Networks running into millions of dollars recently in Uganda is indeed a Case in point.
Cyber Behavior: The Phenomenon of Yahoo PLUS
From a criminological Perspective most online cyber criminals form their habits offline and it is this deviancy that is often transferred unto the internet. If it was possible to shoot someone with a programmed wireless gun on the web (Not Drones) these criminals will certainly try. The recent phenomenon of Yahoo Boys living large on wealth derived from email scams is instructive a person with fraudulent tendencies will find victims anywhere possible, the internet provides a faceless tool for criminals to act in a shadowy manner. The desperately deviant ones employ the use of ritualistic human body parts of innocent people to carry out their heinous activities.
Scholars at different fora a have opined that the cybercrime ACT 2015 does not define “Yahoo Boys” and that in any case “Yahoo” is a Japanese word that means welcome, with due respect to these experts a legislation such as the Cybercrime ACT will not define “Yahoo Boys” because the law will only define the criminal act itself or the misdemeanor which the law intends to punish. “Yahoo Boys” is only a descriptive pseudonym of the type of individuals who engage in these acts. Furthermore legally speaking it is the “mens rea” the criminal intention of a person that produces the “Actus reus” the criminal act that the law will specifically penalize. Multidisciplinary approaches need to be adopted going forward for clarity of concepts in future amendments to the ACT; the jurisprudence of this novel law is still being tested in our Courts.
Data Breaches and Liabilities
Data breaches of private information online could have legal consequences for individuals, groups or companies who engage in cyber espionage. The EU General Data protection rules (GDPR) will hold companies within the EU system liable; resulting in the payment of heavy fines once it is proved that a company has violated any of its rules. Similarly in the UK there has been in existence the Data protection ACT of 1988 and it speaks to all data from which any living individual can be identified. Businesses are mandated to comply with its provisions as part of a global consensus towards information security.
The Nigerian Army as part of its mandate to protect the territorial integrity of the nation is bracing up to the challenge that wars have gone digital and therefore it would need a comprehensive CYBERWAR policy to tackle the myriad issues of sovereign spying and intelligence networks being deployed all over the world. A cyber Policing taskforce may also be required as part of an elaborate policing strategic plan and reforms; with competence to analyze and decode malicious programs before cyber criminals can hack Critical National ICT assets. Telcos and Banks are most vulnerable in this regard as cited in the Uganda example above. It is not all “zoom and gloom” The recent feat by Paystack a Nigerian start up in securing a $200m dollars about 90 billion Naira in investment funds from a US based Company Stripe in the Fintech space in what is reputed to be the largest M/A transaction in Nigerian technology history is a good example of what youths should be doing; but the government should as a matter of urgency create ICT hubs for digital minds to thrive.