The
Nigerian Patriot ACT is Coming: Compliments of NITDA By Femi Oyesanya
Imagine a possible technology future in Nigeria. Imagine that the Data Retention Law section of the proposed Draft Nigerian Cybercrime Act, under the leadership of the National Technology Development “Go-slow” Agency, (National Information Technology Development Agency) passes into Law, Electronic Computer Privacy as we know it today in Nigeria will change, and pose serious Individual Privacy and Personal Liberty issues.
Specifically, the Data Retention Law states “All service providers under this Act shall have the responsibility of keeping all transactional records of operations generated in their systems and networks for a minimum period of 5 years”. The vagueness, and the lack of clear definition of “Transactional records” makes the Data Retention section of the Draft Nigerian Cybercrime Act, worse than the very controversial USA PATRIOT ACT. Service
providers, as defined by the Draft Act are,
Communication
Service Providers are defined as “a
person who owns or operates a telephone system in this state that
includes equipment or facilities for the conveyance, transmission, or
reception of communications and who receives compensation from persons
who use that system”
So,
what are the privacy implications?
Well, since the word transactional records was not defined within
the Draft Nigerian Cybercrime Act, the implication is that, a potential
possibility exists for transactional records to become
termed as a subset of Personal records, Financial Records, Internet
Browsing records, Email Records, Telephone records, and every
potential electronic record held in a permanent storage area or memory
of a Nigerian Service Provider Network.
These Records, according to the Draft Nigerian Cybercrime Act,
will be held for a period of 5 years, thus compiling a large data set of
individual personal communication. This is dangerous!
Impact of the Law on Nigerian ISP’s There are also serious technology development cost implications that will be created as a result of the Draft Nigerian Cybercrime Act. As is, if allowed to pass into law, the Law will increase the overall storage and archiving cost of a Nigeria ISP by a very high margin. Depending on the volume of transactions processed by a particular ISP, compliance with the law will require massive backup facilities, and an overall increase in the operational costs of data retention.
Impact
of the Law on Nigerian Internet Subscribers Customers
subscribing to telecommunication and computer services offering by a
Nigerian Service Provider such as: Cybercafe, telephone companies, and
Individual users will have to assume increases in operational costs that
the Law imposed on the Service Provider.
As the volume of Data retention increases, the Nigerian ISP’s
and other Service Providers will have no choice but to pass the
increases in operational costs down to the consumer.
Impact of the Law on Personal Privacy If
allowed to pass into law, the Data Retention section of the Nigerian
Cybercrime Act will also affect fundamental issues of individual and
collective association privacy.
Since the government will now require, every Service Providers to
hold all forms of digital transmission record; voice, data, and video in
retention for 5 years, the law implies that all telephone conversations,
every key stroke that
a Nigerian Computer user types, and every other possible form of
electronic data processing will be archived somewhere.
Here
are some examples: All Email transactions that Nigerians send to each
other, financial information routed from
one Nigerian Bank to the other passing through a public ISP Network, all
electronic form of political activity,
Nigerians will need to start looking behind their backs, getting digital privacy stricken. Government digital surveillance would have infested every facet of their livelihood. We all know that political thugry is still very common. With the law in effect, electronic political thugry will have a field day. One political opponent wishing to destroy the other might use electronic records of the other for political blackmail. Even, government will not escape this new danger; any electronic record processed by any technocrat, passing through the Public Internet will be held at an ISP archival storage somewhere. National data in-security and data privacy issues will soon become at-risk wholesale issues.
In
conclusion, and knowing that the Law is still a NITDA’s
Director Email: gajayi@nitda.org
or gajayi@aol.com NCWG Email: nigeriancwg@aol.com The
portion of the Draft Cybercrime Act, titled: “Retention
for Records Retention by Service Provider”, states: “All service providers under this Act shall have the responsibility of keeping all transactional records of operations generated in their systems and networks for a minimum period of 5 years” |