The Bill is to provide for the establishment of the Cyber Security & Information Protection Agency charged with the responsibility to secure computer and Networks.

Stakeholders have been invited to review the Bill.

Stakeholders are expected to submit a Written memorandum and make Oral Presentation at the Public Hearing scheduled to deliberate on the Structure and Content of the proposed bill.

 

Date: Wednesday, July 8, 2009

Venue: Conference Room 0.28, Ground Floor (New Wing), House of Representative, National Assembly Complex, Abuja

Time: 10: 00am prompt

Brief Summary on the Cyber Security And Information Protection Agency
(Establishment, Etc) Bill 2008

The bill proposes to establish a Cyber Security and Information Protection Agency which will be responsible for enforcement of the provisions of the bill; investigation of cyber crimes; promoting and adopting anti cyber crime measures in all facets of society; investigating all reported cases of cyber crimes and ensuring the prosecution of individuals, corporate organization involved cyber crime; registration and regulation of service providers in Nigeria with the views to monitor their activities; creating public awareness on the nature and forms of cyber crime.

The Executive Vice Chairman and four other members of the agency will be appointed by the President subject to confirmation by the senate.

 

Several Sections

The bill is divided into several sections identifying various types of cyber crime and prescribing measures for offenders. Let's look briefly into some key areas.

In the section of Unauthorized disclosure of access, pass word code etc, the draft bill states that offenders in this area that disclose password, access code; or other means to gain access to program data or database held in computer for unlawful purpose or gain, will be liable on conviction to a fine of not less than N500,000 or to imprisonment for a term of not less than 3 years.

Another major area is Fraudulent electronic mail message and spamming. If the bill is passed it will now be a criminal offence for anyone to send electronic mail messages with the intent to defraud. The draft bill prescribes that people involved in spanning should be liable on conviction "to a fine not less than N500,000 or imprisonment for a term of not less than 3 years or to both such fine and imprisonment".
With regard to Misuse of devices, the draft bill wants it to be criminal to use devices, codes or other devices to overcome information security measures to violate the provisions of the bill.

Identify fraud is also mentioned in the bill and it proposes that any one who assumes the identify of another person with the intention to deceive or defraud "commits an offence and shall be liable on conviction to a fine of not less than N500,000 or imprisonment for a term of not less than 3 years or to both such fine and imprisonment".

A critical component of the proposed bill is the prescribed responsibilities of service providers. According the draft "Every service provider shall keep all traffic, subscriber information or any specific content on its computer or network for such period of time as the Agency may require". It is important that service providers digest this aspect of the bill. It has far reaching implications in view of service provider duties and expectations as well as the sanctions for non-compliance. In view of the obvious implications certain provisions are also made for privacy in the area.

Cyber terrorism is a major section in the draft bill. The draft lists several definitions/examples of terrorism and specifically states that, "Any person, group or organization that intentionally accesses any computer or network for purposes of terrorism, commits an offence and shall be liable on conviction to a fine of not less than N10,000,000 or a term of imprisonment of not less than 20 years of to both such fine and imprisonment".

The draft attempts to address the protection of intellectual property right in the electronic/online domain and prescribes sanctions.

It also has a section on pornography in the online/electronic environment. In particular it identifies several threats to children using computers and makes several provisions for the protection of children who use computers.

The draft bill makes several provisions of the protection of critical information infrastructure and the audit and inspection of critical information infrastructure. Offences against critical information infrastructure are identified and stiff sanctions are prescribed for offenders. For instance it states that "Any person who violates any provision as to the critical information infrastructure designated under section 23 of this Bill, commits an offence and shall be liable on conviction to a fine of not less than N15,000,000 or imprisonment of a term of not less than 25 years or both such find and imprisonment".

The proposed bill aims to make it possible to use electronic evidence as primary evidence in court. It states that "Notwithstanding anything contained in any enactment or law in Nigeria, an information contained in any computer which is printed out on paper, stored, recorded or copied on any media, shall be deemed to be primary evidence under this Bill".

The power to initiate criminal proceedings is conferred on the proposed Agency. And the bill also contains information on: Authorized officer powers of search and arrest; Obstruction of law enforcement officer; Tampering with computer evidence; Forfeiture of assets; Compounding of offence and payment of compensation; Attempt conspiracy and abetment

Included in the draft bill are definitions of (technical and legal) terms and terminologies used in the document.

Click this link for learn more about the African Information Security Association (AISA)

The Bill >> Click for Nigeria's Cyber Security and Information Protection Draft Bill