II. Surveillance policy
The principal body for Nigerian information technology policy is the National Information Technology Development Agency (NITDA), a sub-agency of the Nigerian Communications Commission. NITDA developed a Nigerian Information Technology (IT) Policy, which was approved by the Nigerian Federal Executive Council in 2001.1 The IT Policy identifies some of its objectives as "promot[ing] legislation (Bills & Acts) for the protection of online business transactions, privacy and security,"2 and "enhanc[ing] freedom and access to digital information at all levels while protecting personal privacy."3 The IT Policy names as one of its strategies, "ensur[ing] the protection of individual and collective privacy, security, and confidentiality of information."4
The menace of fraudsters soliciting victims via e-mail prompted the Nigerian government in 2002 to create a National Committee to address the problem.5 NITDA was involved in this process, and one of the committee's recommendations was a draft Cybercrime Act.6 However, in 2004 the government established the Nigerian Cybercrime Working Group, an Inter-Agency body that incorporated the NITDA, in order to directly address the issue of cybercrime and to take over the project.7
In 2005, the Nigerian government sponsored the Computer Security and Critical Information Infrastructure Protection Bill (otherwise known as the Cybercrime Bill).8 The Cybercrime Bill aims to "secure computer systems and networks and protect critical information infrastructure in Nigeria by prohibiting certain computer based activities" and to impose liability for global crimes committed over the Internet.9 The Cybercrime Bill will require all service providers (telephone and internet) to record all traffic and subscriber information for such period as specified by the President, and to release this information to any law enforcement agency on the production of a warrant.10 Such information may only be used for legitimate purposes as determined by a court of competent jurisdiction, or other lawful authority.11 The bill does not provide independent monitoring of the law enforcement agencies carrying out the provisions, nor does the bill define "law enforcement agency" or "lawful authority."12 Finally the bill does not distinguish between serious offenses and emergencies or minor misdeamenors.13 As a result it may conflict with Article 37 of Nigeria‚ Constitution, which guarantees the privacy of citizens including their homes and telephone conversations, absent a threat on national security, public health, morality, or the safety of others.14 The Cybercrime Bill currently sits before the Nigerian National Assembly.15
- 1. http://www.jidaw.com/policy.html
- 2. http://www.nitda.gov.ng/document/nigeriaitpolicy.pdf
- 3. Id. at 32.
- 4. Id. at 33.
- 5. http://news.bbc.co.uk/1/hi/world/africa/1944801.stm
- 6. http://www.gamji.com/article3000/NEWS3569.htm
- 7. http://www.cybercrime.gov.ng/site/index.php
- 8. "Nigeria: New Wire Tapping, Cyber Crimes Bill in Nigeria," This Day, Oct. 18, 2006.
- 9. http://www.cybercrime.gov.ng/site/index.php?option=com_content&task=view...
- 10. Id. at ¬ß¬ß 11-13.
- 11. Id. at ¬ß 11.
- 12. "Nigeria: New Wire Tapping, Cyber Crimes Bill in Nigeria," This Day, October 18, 2006.
- 13. "Before that Cybercrime Bill is Passed," This Day, November 15, 2006.
- 14. Id.
- 15. Id.