Old Wine in New Bottles? Critical and Comparative Perspectives on Identity Crimes under the Nigerian Cybercrime Act 2015

Pages609-628
Published date01 November 2019
Author
DOI10.3366/ajicl.2019.0293
Date01 November 2019
INTRODUCTION

Combatting identity theft and fraud has become increasingly problematic in the hyper-connected world of the Internet and the fast-evolving technological environment. However, the crimes are of particular interest to law and policy in Nigeria because of the increasing dependence of businesses and government on computer networks and the resulting proliferation of personal information and the organisations processing that information,1 as well as the country's unenviable position of being a cybercriminal's haven.2 As a strategic response to the threats of cybercrime therefore, Nigeria passed the Cybercrime Act in 2015. The Act purports to address different cybercrime including unauthorised access into computer systems, child pornography, crimes against critical national infrastructure and identity theft and identity fraud.

This article is a critical assessment of the provisions of the Cybercrime Act on identity theft and identity fraud. The article starts by examining the position of the law on identity theft before the Cybercrime Act. It then considers whether and how the new provisions of the Act improve on the old law particularly as it relates to the definition of the crime in a technology context. It is argued that although the criminal law had previously criminalised identity fraud, identity theft was not a crime. By interpretation, however, this omission was also repeated in the Cybercrime Act as the provisions which purport to criminalise identity theft actually recreated identity fraud offences that already exist under the old criminal law. With respect to identity fraud, the article identifies the elements which makes prosecution and conviction for the crimes difficult both prior to the passage of the Cybercrime Act and under the new provisions of the law. It is argued that the new provisions make no significant impact on the challenges posed by technology, particularly as they relate to machine deception in identity fraud cases.

The article draws two conclusions: (1) that the law omitted to create a specific offence of identity theft; and (2) that the law failed to account for the peculiarities of technology in its definition and scope of identity fraud. In order to justify the proposals for amendment to the law, the article draws on analogous provisions and relevant judicial decisions largely from the UK and to a limited extent from the US.3 It concludes that although approaches to identity crimes differ in the two jurisdictions, Nigeria could take lessons from both to improve her law. The article proposes that while the criminalisation of identity theft is somewhat contentious, there is nothing sacrosanct about the crime to exclude it from specific criminalisation. All that is required is that the law take into account the peculiarities of information appropriation and the US laws provide a useful guide in this respect. Similarly, although UK law is flawed because it fails to criminalise identity theft, its law is relevant in framing a more effective crime of identity fraud.

IDENTITY THEFT BEFORE THE CYBERCRIME ACT

The terms identity and identity crime are not defined by law or policy in Nigeria. Perhaps, this is because identity itself is a complex concept. For example, identities have been analysed from personal, social and legal as well as from historical and philosophical perspectives.4 Hence, we often speak of personal, legal and cultural identities as well as national, religious and gender identities. With developments in information technology, we have also recognised online or virtual or digital identities. Considering its scope therefore, a discussion of the broad concept of identity may be endless and sterile in the context of this article. Nevertheless, it is relevant to state that, in spite of its complexity, it is generally conceded that the concept of identity has innate value and is intricately linked to a person's sense of self.5 It is therefore often understood as the condition or fact of being some specific person or the condition of being the same as someone assumed, described or claimed.6 It means in effect sameness or oneness and a person's identity are often composed of information which relates to him and singles him out from a general population.7 Notably, while it is also difficult to give an exhaustive definition of identity crime, it is generally understood as the umbrella term for describing crimes that involve the theft, fraudulent use and other exploitation of personal information. Identity crime therefore includes ‘identity theft’ which involves the theft of personal information and ‘identity fraud’ which is the use of stolen or fraudulently obtained personal information to defraud individuals and businesses.8 Identity crime also broadly extends to the creation of false identities or what has been referred to as ‘identity farming’.9

As noted above, the laws in Nigeria did not define identity crime and prior to the Cybercrime Act the laws also did not define identity theft. However, theft or stealing is an offence. Section 383(1) of the Criminal Code Act provides that: ‘A person who fraudulently takes anything capable of being stolen, or fraudulently converts to his own use or to the use of any other person anything capable of being stolen, is said to steal that thing.’ Section 383(2) provides additionally that a person who takes or converts anything capable of being stolen is deemed to do so fraudulently if he does so with intent, inter alia,10 to permanently deprive the owner or any person who has any special property in the thing of such property.11 Generally, ‘“property” includes everything, animate or inanimate, capable of or being the subject of ownership.’12 Correspondingly, a thing capable of being stolen is every inanimate thing whatever which is the property of any person and which is movable or capable of being made movable.13 For the purpose of the offence, it is immaterial that the thing is made movable in order to steal it,14 but a person shall not be deemed to take a thing unless he moves the thing or causes it to move.15 Physical objects, animals and other intangible property such as a thing in action are capable of being stolen, whereas land is not capable of being the object of theft.16 The elements of a theft offence are therefore ownership, fraudulent conversion, movability and indeed moving the property, as well as intent to permanently deprive the owner of the property or the thing in the property stolen.

In creating an offence referred to as ‘personation’, the Criminal Code Act criminalises the impersonation of another by misrepresenting one's identity with intent to fraud. Section 484 of the Act provides: ‘Any person, who, with intent to defraud any person, falsely represents himself to be some other person, living or dead, is guilty of a felony.’17 While it is possible to argue that, based on this later provision, identity fraud was already a crime prior to the Cybercrime Act, there is some grey area with respect to identity theft. In fact, on the basis of the elements of the theft offence, there is a strong argument to be made for the position that identity theft cannot be a crime as information (and by extension personal information) can generally not be stolen.

To illustrate, the position of the law noted above is that every inanimate thing whatever which is the (tangible or intangible) property of any person and which is movable or capable of being made movable is also capable of being stolen. Based on a superficial reading of the law, therefore, information should qualify as intangible property. However, even if it is assumed that information is (intangible) property, there are other elements of the offence which must be satisfied. The courts have suggested, for example, that ownership is crucial to conviction for theft. According to the (Nigerian) Supreme Court:

Ownership is a most vital and indispensable essential or ingredient of the offence of stealing … It is the baseline of the offence of stealing. [Therefore,] Before an accused could be convicted of the offence of stealing property, there must be evidence that the property is owned by a person, the person could be a natural person or an artificial person …18

It would seem that in order to determine whether information is capable of being stolen, or has indeed been stolen, the court would first have to determine who owns such information. As the question of who owns personal information can be quite contentious, this is by no means a straightforward task. If information is stolen from proprietary systems, we may argue that the information belongs to the organisation or entity that owns such systems. However, because identity theft also victimises the person whose identity is stolen, we can argue that the person to whom the information relates is the owner of the personal information stolen. This is particularly correct since the Criminal Code itself provides that a person having possession or special interest in the property stolen also has the rights of ownership.19

Assuming again, however, that the court can resolve the dilemma and vest ownership in a person or entity, the offence of theft of information must meet additional requirements. The law requires that inanimate things capable of being stolen must be movable or made movable by the thief and the thief must intend to permanently deprive the owner of the thing in the property. This position was affirmed by the Supreme Court when it held that for the purpose of the theft offence, there must be an intention to deprive the owner permanently of the property or animus furundi.20 The difficulty here lies in meeting the requirements set by the court in the context of the theft of information. In data terms, ‘theft’ may involve the mere copying of information rather than taking or moving. By processes of replication and duplication, data can be ‘stolen’ even while literally it remains unmoved. However, even if...

To continue reading

Request your trial

VLEX uses login cookies to provide you with a better browsing experience. If you click on 'Accept' or continue browsing this site we consider that you accept our cookie policy. ACCEPT