Nigerian Patriot ACT is Coming: Compliments of NITDA
Imagine a possible technology future in Nigeria. Imagine that the Data Retention Law section of the proposed Draft Nigerian Cybercrime Act, under the leadership of the National Technology Development “Go-slow” Agency, (National Information Technology Development Agency) passes into Law, Electronic Computer Privacy as we know it today in Nigeria will change, and pose serious Individual Privacy and Personal Liberty issues.
Specifically, the Data Retention Law states “All service providers under this Act shall have the responsibility of keeping all transactional records of operations generated in their systems and networks for a minimum period of 5 years”. The vagueness, and the lack of clear definition of “Transactional records” makes the Data Retention section of the Draft Nigerian Cybercrime Act, worse than the very controversial USA PATRIOT ACT.
providers, as defined by the Draft Act are,
Service Providers are defined as “a
person who owns or operates a telephone system in this state that
includes equipment or facilities for the conveyance, transmission, or
reception of communications and who receives compensation from persons
who use that system”
what are the privacy implications?
Well, since the word transactional records was not defined within
the Draft Nigerian Cybercrime Act, the implication is that, a potential
possibility exists for transactional records to
termed as a subset of Personal records, Financial Records, Internet
Browsing records, Email Records, Telephone records, and every
potential electronic record held in a permanent storage area or memory
of a Nigerian Service Provider Network.
These Records, according to the Draft Nigerian Cybercrime Act,
will be held for a period of 5 years, thus compiling a large data set of
individual personal communication. This is dangerous!
Impact of the Law on Nigerian ISP’s
There are also serious technology development cost implications that will be created as a result of the Draft Nigerian Cybercrime Act. As is, if allowed to pass into law, the Law will increase the overall storage and archiving cost of a Nigeria ISP by a very high margin. Depending on the volume of transactions processed by a particular ISP, compliance with the law will require massive backup facilities, and an overall increase in the operational costs of data retention.
of the Law on Nigerian Internet Subscribers
subscribing to telecommunication and computer services offering by a
Nigerian Service Provider such as: Cybercafe, telephone companies, and
Individual users will have to assume increases in operational costs that
the Law imposed on the Service Provider.
As the volume of Data retention increases, the Nigerian ISP’s
and other Service Providers will have no choice but to pass the
increases in operational costs down to the consumer.
Impact of the Law on Personal Privacy
allowed to pass into law, the Data Retention section of the Nigerian
Cybercrime Act will also affect fundamental issues of individual and
collective association privacy.
Since the government will now require, every Service Providers to
hold all forms of digital transmission record; voice, data, and video in
retention for 5 years, the law implies that all telephone conversations,
every key stroke that
a Nigerian Computer user types, and every other possible form of
electronic data processing will be archived somewhere.
are some examples: All Email transactions that Nigerians send to each
other, financial information routed
one Nigerian Bank to the other passing through a public ISP Network, all
electronic form of political activity,
Nigerians will need to start looking behind their backs, getting digital privacy stricken. Government digital surveillance would have infested every facet of their livelihood. We all know that political thugry is still very common. With the law in effect, electronic political thugry will have a field day. One political opponent wishing to destroy the other might use electronic records of the other for political blackmail. Even, government will not escape this new danger; any electronic record processed by any technocrat, passing through the Public Internet will be held at an ISP archival storage somewhere. National data in-security and data privacy issues will soon become at-risk wholesale issues.
conclusion, and knowing that the Law is still a people
at NITDA are not cognizant of p
people at NITDA are not cognizant of page 45 of the Nigerian IT Policy, which defined one of the objectives of NITDA, as to “Ensure the protection of individual and collective privacy, security, and confidentiality of information”. Hence, NITDA must be held accountable, this portion of the Draft Nigerian Cybercrime Bill must be refined or deleted. The definition of what constitutes Service Provider transactional record needs to be clearly defined. Any inclusion of any law within the body of the Nigerian Cybercrime Act must totally align with the strategic content of the Nigerian IT Policy, which clearly affirms a need to protect individual data privacy. For now, Political Activism needs to be set in motion, to begin advocacy against this particular section of the bill, before it sneaks past the Nigerian Congress. Chief Gani Fawehinmi must please note these developments. Those Nigerians and Non-Governmental Organizations interested in national electronic privacy issues, please use the following Email Address to inquire about the bill.
NCWG Email: firstname.lastname@example.org
portion of the Draft Cybercrime Act, titled:
for Records Retention by Service Provider”,
states: “All service providers under this Act shall have the responsibility of keeping all transactional records of operations generated in their systems and networks for a minimum period of 5 years”