 THERE is no gainsaying that the revolution in information technology has permeated every sphere of life. Perhaps, the most revolutionary implication of contemporary technological developments is the evolution of a paperless environment characterised by three principal trends: dematerialisation of the work place, omnipresence and malleability.
Law and computer security is related in several ways. First, both federal and state laws affect privacy and secrecy. Secondly, laws regulate the use, development and ownership of data and programmes and thirdly, laws affect actions that can be taken to protect the secrecy, integrity and availability of computer information and service. It must be stated, however, that these basic concerns in computer security are both strengthened and confused by applicable laws, thus legal means co-ordinate with other controls to establish computer security.
No doubt, in recent years, following the growth of computer information, computers have been used to perpetrate so many evils world over. This is so much that it may be easier to steal national secrets from military computers than to steal an item from a shop. The law does not, however, provide adequate control, either in computer affairs or in others. With computer matters, the law is slowly evolving. Computers are new compared to houses, land money, among others. As a result of this, their place in law, especially in Nigeria is not yet firmly established. The meanings of most technical terms are still a bit foreign in the courtrooms.
The legal establishment is yet to reach broad agreement on key issues, even the meanings of such terms as ‘data’ can be the subject of contention. Notwithstanding, as statutes are written and cases decided, computers are becoming more defined in the law but the law does not yet cover all improper acts committed with computers.
Starting from the 1990s, computer networks started delivering services to private individuals at home. These services and the motivations for using them are quite from the ‘corporate efficiency model’ and some of the importance of computers and the Internet are storage capacity, information sharing, high reliability, scalability (ability to increase system performance), person to person communication and interactive entertainment.
It is pertinent to state, however, that computers, despite being of such high technology devices, are extremely vulnerable. The nature of computers is such that even a novice can easily gain access unless certain security measures are carried out on the computer by the owner.
As a result, persons with special knowledge in computing can easily gain access to computer systems even when protected. The strongest of firewalls and biometrics authentication systems have been cracked in the past and will probably continue to be cracked in the future. A secretly implanted logic bomb, key loggers that can steal access codes, advanced voice recorders; retina imagers, among others, that can fool biometric systems, can be utilised to get past many a security system.
It is important to recognise that there is a distinction to be drawn between crime in which the use of a computer plays an incidental part on one hand and on the other hand, crimes which can be carried out only by means of or in relation to computer.
The first covers crimes that may be committed without the aid of the Internet while the second are crimes that may be committed with the aid of the Internet and they are otherwise known as ‘cyber crimes’.
In the first category are ‘masquerading’, which involves pretending to be an authorised user after the credentials of the user has been obtained through theft, wiretapping or other means by which the intruder can get access to the files of the user as well as system files, ‘wiretapping’, a process of gaining physical access to communication lines, which are quite often telephone lines.
‘Eavesdropping’, the scanning of someone else’s card input or printed output, ‘pigy-banking’, which involves an interference with the communication link between the user and the processor and the release of or substitution of entirely new messages while returning error messages to the user. ‘Between-the-line’, where the subverter enters his command between that of the user and so extends his access time. He can even cancel the user’s sign of signals so as to continue operating in his name. ‘Tap doors’ which are weak points in computer systems where access can be made while by-passing security controls.
In the second category are ‘Hacking or computer network break-in’, a generic term for all occupants of ‘cyber space’ but has come to be applied to those who seek access to data maintained on computer system to which the hacker has no legal password or access code. ‘denial of service attack’, which involves flooding a computer resource with more requests than it can handle which then causes the resource (example web server) to crash thereby denying authorised users the service offered by the resource. ‘Virus/worm attacks’, computer programme that can infect other computer programmes by modifying them in such a way as to include (possibly evolved) copy of it. ‘Trojan attacks’, an unauthorised programme, which functions from inside what seems to be an authorised programme, thereby concealing what it is actually doing. ‘E-mail bombing’ which refers to sending a large number of emails to the victim resulting in the victim’s email account (in case of an individual) or mail servers (in case of a company or an email service provider) crashing.
‘Financial crimes’, which are crimes committed through the Internet for the purposes of getting financial benefits therefrom. Examples of financial crimes committed through the Internet are salami attacks, cyber pornography, sale of illegal articles, on-line gambling, Internet time thefts, web jacking, intellectual property crimes, credit card fraud, cyber defamation, among others.
Of utmost importance here is computer and Internet fraud: the Nigerian 419 scam. Computer fraud has been defined as any fraudulent behaviour connected with computerisation by which someone intends to gain dishonest advantage. Most popular today are the Internet fraud schemes such as those perpetrated through email, chat rooms, message boards or web sites; critical elements involved being fraudulent solicitations, fraudulent transactions and of course, the victim!
The email fraud scam widely known as ‘419’ (based on section 419 of the Nigerian Criminal code) or ‘Advance Fee Fraud’ reached the Welsh Courts recently where a 33 year-old Nigerian man, Peter Okoeguale, was jailed for his part in such a fraud.
Okoeguale, who was found with floppy disks for scanning websites for email addresses to which spam messages would be sent later pleaded guilty to being equipped to cheat and was jailed for 20 months with the judge, John Rogers QC, saying only a period of imprisonment was appropriate punishment for the crime. He also recommended that Okoeguale be deported after serving his jail term.
At the height of the prosecution of failed bank cases in Nigeria, computer-related fraud was among the serious issues that characterised the whole saga. Although worse types of crimes are perpetrated on the Internet, especially in Europe and North America, the 419 email scam does great damage to the image of Nigeria and Nigerians abroad.
Considering that a large number of such 419 emails are sent over the Internet, it is easy for persons outside Nigeria to tar all Nigerians with the brush of fraudulence, overlooking the fact that the entirety of the 419 scams are perpetrated by a tiny, indeed minuscule percentage of Nigerians. What is more, it is understood that some non-Nigerians are now also perpetrating copycat versions though still making it appear that their scam emails originate from Nigerians.
The Nigerian government has been under pressure for sometime to take measures to tackle this scourge of 419/email advance fee frauds.
Recently, the working group on cyber crimes set up by the Nigerian government produced a draft Nigerian Cyber Crime Act 2004, which addresses various types of crime against or through computer systems.
The crimes created under the draft Act include, among others, unauthorised access to computer, electronic ancillary devices; access with Intent to commit an offence, unauthorised modification of the contents of any computer; illegal communications using electronic messages, illegal interception, data and system interference, email bombing, cyber terrorism and sexual and other offences against minors.
If the Act is eventually passed into law, the Nigerian government would have taken some welcome steps towards tackling specifically in this respect the scourge of 419 email scams. Nevertheless, despite the provisions of the Act, when it comes into force, a more critical element will be detection and the apprehension of the perpetrators of the crime some of whom incidentally stand out like sore thumbs at cyber cafes in Nigeria. To this extent, the draft Nigerian Cyber Crimes Act imposes, with some safeguards, a duty upon service providers operating in Nigeria to assist in the investigation, arrest and prosecution of persons committing offences under the Act. Apart from the imposition of duties on service providers, other pain of sanctions may also be worthwhile to consider offering incentives to service providers that make it worthwhile for them to report suspected criminal activities.
Accordingly, addressing all these problems will necessitate in the first place international cooperation between law enforcement agencies across countries and continents, as well as cooperation between law enforcement agencies and all types of Internet service providers, whether web hosts, proprietors of web servers or cyber cyber café operators.
The software giant has signed a memorandum of understanding with Nigeria’s Economic and Financial Crimes Commission (EFCC) to take up issues including spam, financial scams, phising, spyware, viruses, worms, malicious code launches, counterfeiting and other illegal activity. Microsoft latest news about Microsoft is lending its IT expertise to the government of Nigeria in a joint effort to combat email fraud and other cyber crimes in the African nation.
Reasons for legal protection of computer-related issues are numerous. Technology does not provide absolute security or protection; even where securities are absolutely sufficient, law is required for attempts to commit computer crimes. Law is also necessary to bridge the gap between security and hacking on one hand and technology and liability on the other hand. Dual criminality is required for ‘computer crime laws as it is a global crime and every jurisdiction has a role to play in the prosecution of computer criminals.
|
