The Law And The Use Of Computers In Nigeria

People are currently serving jail terms in the UK and the US because they infiltrated other people’s computers that they weren’t told to. Similarly in Nigeria, some people’s liberty is currently being restricted because they use the computer to make   phony deals online. In Microsoft vs.  Alexander Pononsov, a  Russian court passed a  verdict  of  guilty  on a rural  school teacher  that  unknowingly  used  pirated Microsoft operating  systems.   The common denominator in the above scenarios is that the law took over, reduced all the computing technicalities into the desiccated vernacular of its trade and made prosecutions. But how effective and comprehensive are computers laws in Nigeria and the developing world at large as   compared to the advance countries. Remember we are all players in the same cyberspace, and hence faces the same threats.

 

 The computer law in Nigeria is  way  underdeveloped and  hence  do not  meet  with the  contemporary  requirements of  the modern  information  and  technology age. We  lack  the  technical  resources,  expertise as  well as the  legal  framework to  tackle  cyber crimes  and  computer  crimes at  large. The  business environment  in  any country  is  greatly  strengthened by  the  security environment: therefore, serious  Techno-legal  ICT  training is required  for  judges, lawyers, law students, law  professors and corporate  executives in  Nigeria. A wise litigator now  in  Nigeria will be  looking  forth  to  writing  his MCP- Microsoft  Certified Professional which will  be  a stepping  stone  to  acquiring Techno-Legal  trainings. An MCP attached to his   name alone is an intimidation to other litigator.

 

Now that the infrastructures in any country can no longer function without computers and networks, a well regulated computing industry instills a lot of confidence in computer related transactions and help guard against IT risk complexities. When the internet was  first introduced , it was  like a state of nature where internet browsers have unlimited freedom but gradually laws came up that limited what people can and cannot do on the computer. I often participate in a hackers forum on a website floated from Germany, today legislative laws came up in Germany that prohibited that site from being floated from Germany.

 

Computer law is mostly an eclectic amalgamation of concepts from existing law, which are applied to the relatively new technologies of computer hardware and software, e-mail, and the Internet. (Google tech Dictionary). However, there are several reasons why it is convenient to have a separate classification for computer law:

1. Solving legal problems that arose from the use of computers often requires some legal principles that are rarely encountered in the practice of law. For example:
   1. Disputes about e-mail and web pages on the Internet extend across state lines, and may even extend across national borders. For example, there are technical issues in personal jurisdiction and which state’s law should be applied to the resolution of the dispute. To solve these legal problems, one must understand principles of an abstruse area of law, called Conflicts of Law. Instead of relatively firm rules with predictable results, as in most other areas of law, conflicts analysis can be characterized as choosing from a menu of possibilities.
   2. Information stored on computers (e.g., software, data, trade secrets, confidential personal information) is generally much more valuable than the computer hardware. In order to protect this information, many of the concepts in the practice of computer law involve the specialized area of Intellectual Property Law, which includes copyrights, trademarks, and patents. Take the US for instance, in order to practice before the U.S. Patent Office; an attorney must have at least a bachelor’s degree in some area of science or engineering, a requirement that excludes nearly all attorneys.

 

1. Traditional concepts in law are being expanded by events in the area of computer law. For example:
   1. Computer software is legally considered a “good”. Unlike other goods, the “purchaser” only owns the floppy diskette or compact disk that contains the software, plus a license to use the software. The Uniform Commercial Code was amended by including Article 2B in the US patent law to cover licensing of computer software.
   2. Computer databases that contain erroneous information (e.g., false credit reports) can be harmful to people, which may give rise to a new class of torts, called infotorts
   3. Hackers who use a modem to enter a computer without authorization and either (1) use its services or (2) alter records are committing a crime similar to burglary, but the traditional notion of burglary requires the criminal personally to enter the victim’s premises, which is not satisfied in the case of entry via data to/from a modem. Therefore, new laws were enacted to define computer crimes (Personally, I think it would have been preferable to change the definitions in existing concepts, instead of create new concepts, but no one would accuse the legal profession of honoring simplicity and economy.)
   4. Authentication of evidence contained in files on a computer presents some new problems, because of the ease with which data in the file can be altered, and also because it is easy to alter the operating system’s date and time stamp in the directory.
   5. Searches of computer databases provide access to information that was difficult to locate in the pre-computer age, which makes computer databases a major new threat to privacy of individuals.

The Internet has been revolutionary in giving anyone with a website the equivalent of a printing press or television transmitter: now anyone can broadcast their information or opinion to the whole world, without first going through formal review by a publisher. Many governments have reacted to the Internet with new censorship of both websites and readers’ access to the Internet. Furthermore, there has been widespread copyright infringement by people who post material at their website that was copied from other websites, or copied from books, without written permission of the copyright owner.

Law reacts slowly to new technology, With the exception of the telephone and typewriter, the technological revolution of the past century has left the law untouched. Law has dealt at arm’s length with technology, making new rules to cover air travel, genetic engineering, and the like, while the lawyers who do the work carry on with paper and pencil – until the advent of the computer.

 

The case in the developing world needs a deep focus, perhaps I might be wrong, maybe a deeper focus. Judging computer related crimes need players with adequate computer knowledge on the technical side. In Nigeria, law enforcement agent has little or no computer education to combat rising computer related crimes. We need a separate court for trials regarding computer related crimes and judges that are conversant with  bits  and  bytes, like  the juvenile court system in which lots  of  proceedings in the normal court  system doesn’t  apply  there. Surprisingly, the issue of laws regarding computer crimes has not had adequate attention even in developed world. This is as a result of different interpretation of what constitutes a computer device and computer crimes at large. For instance the newly elected state law in West Virginia regarding computer crimes states that:

 

Any person who, knowingly and willfully, directly or indirectly

accesses or causes to be accessed any computer, computer services

or computer network for the purpose of (1) executing any scheme or artifice

to defraud or (2) obtaining money, property or services by means of

fraudulent pretenses, representations or promises shall be guilty of a

felony, and upon conviction thereof, shall be fined not more than ten

thousand dollars or imprisoned in the penitentiary for not more than

ten years or both.

 

 

In the Alabama Computer Crime Act, the same issue has a different punishment and interpretation. Also, issues’ regarding definitions as regards to what is a data, computer network, computer programs etc have been interpreted in different ways under different State Laws in the US. This variance stress from Texas Statutes and Codes Annotated,, the State of Wisconsin Statutes, Washington Criminal Code in the revised code of Washington Annotated, and the Arizona Revised Statutes Annotated under Organized Crime and Fraud and so on.

 

 

Computer users and law enforcement agents in Nigeria need serious awareness by concerned agencies as regards to what constitute a computer crime locally and in the cyber world. Initially,  I  stressed on  the technical abilities  of all players involved in pinning  a computer crime, this  is  because  technical issues  are paramount  in both the investigation and prosecution  phase of  the crime . I was in a  cybercafé in Ikeja, then EFCC officials  stormed into  the café and instructed  every body  to pause, they  then  move  round to check  what  people are doing. I laughed because this is highly unskillful and untechnical way of tackling a computer incident on the side of the law enforcement agents. People like us whether you shutdown your PC, we can still backtrack what you were doing. If you like unplug the power cord so that the system suddenly dies off I can still trace back your activities on the system. In fact format your hard drive I can still retrieve data from it.

 

Also, I entered a  cyber café in Ebute Meta  and saw a lot of scammers, so  I  decided to  rub  them to show them where their skill level lies. They were using some tools on some websites to trace people’s IP addresses to know their locations. What  I  did was  that  when they pick  an  IP address  to  insert in the machine, before they  click  enter I will tell  them  the  location of the address  off hand. They were baffled. They said ‘O boy which runs you dey into’. I just  laughed and  said  I  am writing a  book  and  I have  problem  with  my Internet connectivity so  I  came to  spend the  night in   the   café. They don’t know that people like us will automatically know your location by mere looking at your IP address. The body that allocates   IP  addresses  allocate them in  blocks, with  time we  became  use to the blocks  assigned to countries  and  continents  which these  boys  don’t  know. If I see 66.78.x.x  I know you are from  the  US, if I see 207.X.X.X  then it is  highly likely  you  are from Australia,  that  kind  of  thing.  

 

Now back to the issue of prosecuting a computer criminal. As  a law enforcement agents, when you seize a PC  or  about  to  seize one   that  is use to  perpetrate  a  crime, there  are two  issues to  deal  with. First is if you want to tender the PC in court and second is when you don’t   want a   trial.

 

 In pursuing  the first case from my limited experience the issue is not just about getting information out of the PC to prove what was done, it’s about preserving the analysed system so that it is unaffected by your forensic activities and so that it  can be used to provide evidence that will be admitted in court.

 

 If the defense can prove there’s even a chance your investigations have altered the system or its contents then the whole thing becomes inadmissible as evidence. One of the first things you do therefore is simply yank the power cable – don’t even let the scammer log off and shut down.

 

That way you still have the swap file, registry etc there on disk completely unaffected by the shutdown. Then remove and image the disk without ever starting the machine up again. Then, and only then, can you begin to think about investigation. Because you’ll eventually be taking the case to court to have the case examined by lawyers and other law officials, you’ll have to approach and handle the case as if it were an official investigation (i.e.: gather and save evidence, examine evidence, record all activities done with the evidence, etc). Of course, if you have no intentions on taking the case to court or pursuing any kind of legal activity, then I’d think that you could approach the issue as you would wish.

 

If you want to work on the system first in a lab, you’ll need a tool to crack or reset his OS password for you to login. I know about two ways:

 

1. Offline NT Password & Registry Editor, Bootdisk: http://home.eunet.no/pnordahl/ntpasswd/

This will let you create a boot disk that will eventually reset/blank his password so that you can login.

 

2. Ophcrack: http://ophcrack.sourceforge.net/

The liveCD version will try the most recent methods (rainbow attack if I recall right) to find out the hackers password. It will not reset it. But it can take some time to do the cracking.

 

Second, you’ll need some tools too get out his info quickly. Check this site http://www.nirsoft.net/utils/index.html

 

Check the IECookiesView, IEHistoryView, MyLastSearch tools. There are many others that you might find useful. You can then transfer his cookies to your desktop to start analyzing the entire website   he has visited. And so on. This is in a  situation where a  law enforcement agent is only  interested  in knowing the activities  of a  scammer  to  possibly  track  down his  clients after  seizing  the  PC.

 

 

 

 

 Below I present some of the US existing laws and some of the pending legislation that can affect how we use our computers and the Internet in the cyberworld as compiled by Debra Littlejohn Shinder:

 

1: Digital Millennium Copyright Act (DMCA)

Most computer users have heard of this law, which was signed in 1998 by President Clinton, implementing two World Intellectual Property Organization (WIPO) treaties. The DMCA makes it a criminal offense to circumvent any kind of technological copy protection — even if you don’t violate anyone’s copyright in doing so. In other words, simply disabling the copy protection is a federal crime.

There are some exemptions, such as circumventing copy protection of programs that are in an obsolete format for the purpose of archiving or preservation. But in most cases, using any sort of anti-DRM program is illegal. This applies to all sorts of copy-protected files, including music, movies, and software.

2: No Electronic Theft (NET) Act

This is another U.S. federal law that was passed during the Clinton administration. Prior to this act, copyright violations were generally treated as civil matters and could not be prosecuted criminally unless it was done for commercial purposes. The NET Act made copyright infringement itself a federal criminal offense, regardless of whether you circumvent copy-protection technology or whether you derive any commercial benefit or monetary gain. Thus, just making a copy of a copyrighted work for a friend now makes you subject to up to five years in prison and/or up to $250,000 in fines. This is the law referred to in the familiar “FBI Warning” that appears at the beginning of most DVD movies.

Many people who consider themselves upstanding citizens and who would never post music and movies to a P2P site think nothing of burning a copy of a song or TV show for a friend. Unfortunately, by the letter of the law, the latter is just as illegal as the former.

3: Court rulings regarding border searches

Most Americans are aware of the protections afforded by the U.S. Constitution’s fourth amendment against unreasonable searches and seizures. In general, this means that the government cannot search your person, home, vehicle, or computer without probable cause to believe that you’ve engaged in some criminal act.

What many don’t know is that there are quite a few circumstances that the Courts, over the years, have deemed to be exempt from this requirement. One of those occurs when you enter the United States at the border. In April of this year, the Ninth Circuit Court of Appeals upheld the right of Customs officers to search laptops and other digital devices at the border (the definition of which extends to any international airport when you are coming into the country) without probable cause or even the lesser standard of reasonable suspicion. The Electronic Frontier Foundation (EFF) and other groups strongly disagree with the ruling.

Meanwhile, be aware that even though you’ve done nothing illegal and are not even suspected of such, the entire contents of your portable computer, PDA, or smart phone can be accessed by government agents when you enter the United States. So if you have anything on your hard drive that might be embarrassing, you might want to delete it before crossing the border.

4: State laws regarding access to networks

Many states have criminal laws that prohibit accessing any computer or network without the owner’s permission. For example, in Texas, the statute is Penal Code section 33.02, Breach of Computer Security. It says, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” The penalty grade ranges from misdemeanor to first degree felony (which is the same grade as murder), depending on whether the person obtains benefit, harms or defrauds someone, or alters, damages, or deletes files.

The wording of most such laws encompasses connecting to a wireless network without explicit permission, even if the wi-fi network is unsecured. The inclusion of the culpable mental state of “knowing” as an element of the offense means that if your computer automatically connects to your neighbor’s wireless network instead of your own and you aren’t aware of it, you haven’t committed a crime — but if you decide to hop onto the nearest unencrypted wi-fi network to surf the Internet, knowing full well that it doesn’t belong to you and no one has given you permission, you could be prosecuted under these laws.

A Michigan man was arrested for using a café’s wi-fi network (which was reserved for customers) from his car in 2007. Similar arrests have been made in Florida, Illinois, Washington, and Alaska.

5: “Tools of a crime” laws

Some states have laws that make it a crime to possess a “criminal instrument” or the “tool of a crime.” Depending on the wording of the law, this can be construed to mean any device that is designed or adapted for use in the commission of an offense. This means you could be arrested and prosecuted, for example, for constructing a high gain wireless antenna for the purpose of tapping into someone else’s wi-fi network, even if you never did in fact access a network. Several years ago, a California sheriff’s deputy made the news when he declared “Pringles can antennas” illegal under such a statute.

6: “Cyberstalking” laws

Stalking is a serious crime and certainly all of us are in favor of laws that punish stalkers. As Internet connectivity has become ubiquitous, legislatures have recognized that it’s possible to stalk someone from afar using modern technology. Some of the “cyberstalking” laws enacted by the states, however, contain some pretty broad language.

For example, the Arkansas law contains a section titled “Unlawful computerized communications” that makes it a crime to send a message via e-mail or other computerized communication system (Instant Messenger, Web chat, IRC, etc.) that uses obscene, lewd, or profane language, with the intent to frighten, intimidate, threaten, abuse, or harass another person. Some of the lively discussions on mailing lists and Web boards that deteriorate into flame wars could easily fall under that definition. Or how about the furious e-mail letter you sent to the company that refused to refund your money for the shoddy product you bought?

Closely related are the laws against “cyber bullying”that have recently been passed by some states and local governments.

The best policy is to watch your language when sending any type of electronic communications. Not only can a loss of temper when you’re online come back to embarrass you, it could possibly get you thrown in jail.

7: Internet Gambling laws

Like to play poker online or bet on the horse races from the comfort of your home? The federal Unlawful Internet Gambling Enforcement Act of 2006 criminalizes acceptance of funds from bettors — but what about the bettors themselves? Are they committing a crime?

Under this federal law, the answer is no, but some state laws do apply to the person placing the bet. For example, a Washington law passed in 2006 makes gambling on the Internet a felony. The King County Superior Court just recently upheld that law, although challengers have vowed to take it to the Supreme Court.

Be sure to check out the state and local laws before you make that friendly online bet.

8: Security Breach Disclosure laws

A California law passed in 2003 requires that any company that does business in California must notify their California customers if they discover or suspect that non-encrypted data has been accessed without authorization. This applies even if the business is not located in California, as long as you have customers there, and no exception is made for small businesses.

9: Community Broadband Act of 2007

This is a piece of pending federal legislation that was introduced in July of 2007 as U.S. Senate Bill 1853. In April 2008, it was placed on the Senate Legislative Calendar under General Orders and is still winding its way through the legislative process. This federal law would prohibit state and local governments (municipalities and counties) from passing laws that prohibit public telecommunications providers from offering Internet services.

This is in response to laws passed in a few states, as a result of lobbying from the telecom industry, that prohibit cities from installing and operating public broadband networks, such as public wi-fi networks. The big telecom companies have a vested interest in preventing cities from establishing networks that could compete with their own services by providing free or low cost Internet services because the public services are partially or wholly taxpayer-subsidized.

If this law passes, it could make it easier to find free or low cost ISP services in cities that choose to build public networks. On the other hand, it could (depending on how it’s funded) cause tax increases for those who live in those municipalities, including those who don’t use the public networks.

10: Pro IP Act

Back on the copyright front, the US House of Representative recently approved by an overwhelming majority HR 4279, which imposes stricter penalties for copyright infringement. It creates a new position of “copyright enforcement czar” in the federal bureaucracy and gives law enforcement agents the right to seize property from copyright infringers.

This may all sound fine in theory, but when you look at the way other seizure and forfeiture laws have been applied (for instance, the ability of drug enforcement officers to seize houses, computers, cars, cash, and just about everything else that belongs to someone tagged as a suspected drug dealer — and in some cases not returning the property even when the person is acquitted or not prosecuted), it makes many people wary.

 

Lastly, I always conclude my write ups these days with a plea to the government. The government  should  provide  laptops  for all  civil servants  in  Nigeria  from  local government  to  federal  government level, all  lecturers, secondary schools and L E A schools even  on  loan. The  government  should  make  it mandatory  for legislators  to  carry  laptops  to  sittings else  no sitting  for  them, Could  you believe if you  show a  lot of  lecturers  a flash drive, they wont be  able to  identify its  name. A vice  chancellor  from a  Nigerian  university  traveled abroad  for a  seminar and he  couldn’t use the  computer  to   fill  a  form. We are tired of all these embarrassments.