People are currently serving jail terms in the UK and the US because they infiltrated other people’s computers that they weren’t told to. Similarly in Nigeria, some people’s liberty is currently being restricted because they use the computer to make phony deals online. In Microsoft vs. Alexander Pononsov, a Russian court passed a verdict of guilty on a rural school teacher that unknowingly used pirated Microsoft operating systems. The common denominator in the above scenarios is that the law took over, reduced all the computing technicalities into the desiccated vernacular of its trade and made prosecutions. But how effective and comprehensive are computers laws in Nigeria and the developing world at large as compared to the advance countries. Remember we are all players in the same cyberspace, and hence faces the same threats.
The computer law in Nigeria is way underdeveloped and hence do not meet with the contemporary requirements of the modern information and technology age. We lack the technical resources, expertise as well as the legal framework to tackle cyber crimes and computer crimes at large. The business environment in any country is greatly strengthened by the security environment: therefore, serious Techno-legal ICT training is required for judges, lawyers, law students, law professors and corporate executives in Nigeria. A wise litigator now in Nigeria will be looking forth to writing his MCP- Microsoft Certified Professional which will be a stepping stone to acquiring Techno-Legal trainings. An MCP attached to his name alone is an intimidation to other litigator.
Now that the infrastructures in any country can no longer function without computers and networks, a well regulated computing industry instills a lot of confidence in computer related transactions and help guard against IT risk complexities. When the internet was first introduced , it was like a state of nature where internet browsers have unlimited freedom but gradually laws came up that limited what people can and cannot do on the computer. I often participate in a hackers forum on a website floated from Germany, today legislative laws came up in Germany that prohibited that site from being floated from Germany.
Computer law is mostly an eclectic amalgamation of concepts from existing law, which are applied to the relatively new technologies of computer hardware and software, e-mail, and the Internet. (Google tech Dictionary). However, there are several reasons why it is convenient to have a separate classification for computer law:
- Solving legal problems that arose from the use of computers often requires some legal principles that are rarely encountered in the practice of law. For example:
- Disputes about e-mail and web pages on the Internet extend across state lines, and may even extend across national borders. For example, there are technical issues in personal jurisdiction and which state’s law should be applied to the resolution of the dispute. To solve these legal problems, one must understand principles of an abstruse area of law, called Conflicts of Law. Instead of relatively firm rules with predictable results, as in most other areas of law, conflicts analysis can be characterized as choosing from a menu of possibilities.
- Information stored on computers (e.g., software, data, trade secrets, confidential personal information) is generally much more valuable than the computer hardware. In order to protect this information, many of the concepts in the practice of computer law involve the specialized area of Intellectual Property Law, which includes copyrights, trademarks, and patents. Take the US for instance, in order to practice before the U.S. Patent Office; an attorney must have at least a bachelor’s degree in some area of science or engineering, a requirement that excludes nearly all attorneys.
- Traditional concepts in law are being expanded by events in the area of computer law. For example:
- Computer software is legally considered a “good”. Unlike other goods, the “purchaser” only owns the floppy diskette or compact disk that contains the software, plus a license to use the software. The Uniform Commercial Code was amended by including Article 2B in the US patent law to cover licensing of computer software.
- Computer databases that contain erroneous information (e.g., false credit reports) can be harmful to people, which may give rise to a new class of torts, called infotorts
- Hackers who use a modem to enter a computer without authorization and either (1) use its services or (2) alter records are committing a crime similar to burglary, but the traditional notion of burglary requires the criminal personally to enter the victim’s premises, which is not satisfied in the case of entry via data to/from a modem. Therefore, new laws were enacted to define computer crimes (Personally, I think it would have been preferable to change the definitions in existing concepts, instead of create new concepts, but no one would accuse the legal profession of honoring simplicity and economy.)
- Authentication of evidence contained in files on a computer presents some new problems, because of the ease with which data in the file can be altered, and also because it is easy to alter the operating system’s date and time stamp in the directory.
- Searches of computer databases provide access to information that was difficult to locate in the pre-computer age, which makes computer databases a major new threat to privacy of individuals.
The Internet has been revolutionary in giving anyone with a website the equivalent of a printing press or television transmitter: now anyone can broadcast their information or opinion to the whole world, without first going through formal review by a publisher. Many governments have reacted to the Internet with new censorship of both websites and readers’ access to the Internet. Furthermore, there has been widespread copyright infringement by people who post material at their website that was copied from other websites, or copied from books, without written permission of the copyright owner.
Law reacts slowly to new technology, With the exception of the telephone and typewriter, the technological revolution of the past century has left the law untouched. Law has dealt at arm’s length with technology, making new rules to cover air travel, genetic engineering, and the like, while the lawyers who do the work carry on with paper and pencil – until the advent of the computer.
The case in the developing world needs a deep focus, perhaps I might be wrong, maybe a deeper focus. Judging computer related crimes need players with adequate computer knowledge on the technical side. In Nigeria, law enforcement agent has little or no computer education to combat rising computer related crimes. We need a separate court for trials regarding computer related crimes and judges that are conversant with bits and bytes, like the juvenile court system in which lots of proceedings in the normal court system doesn’t apply there. Surprisingly, the issue of laws regarding computer crimes has not had adequate attention even in developed world. This is as a result of different interpretation of what constitutes a computer device and computer crimes at large. For instance the newly elected state law in West Virginia regarding computer crimes states that:
Any person who, knowingly and willfully, directly or indirectly
accesses or causes to be accessed any computer, computer services
or computer network for the purpose of (1) executing any scheme or artifice
to defraud or (2) obtaining money, property or services by means of
fraudulent pretenses, representations or promises shall be guilty of a
felony, and upon conviction thereof, shall be fined not more than ten
thousand dollars or imprisoned in the penitentiary for not more than
ten years or both.
In the Alabama Computer Crime Act, the same issue has a different punishment and interpretation. Also, issues’ regarding definitions as regards to what is a data, computer network, computer programs etc have been interpreted in different ways under different State Laws in the US. This variance stress from Texas Statutes and Codes Annotated,, the State of Wisconsin Statutes, Washington Criminal Code in the revised code of Washington Annotated, and the Arizona Revised Statutes Annotated under Organized Crime and Fraud and so on.
Computer users and law enforcement agents in Nigeria need serious awareness by concerned agencies as regards to what constitute a computer crime locally and in the cyber world. Initially, I stressed on the technical abilities of all players involved in pinning a computer crime, this is because technical issues are paramount in both the investigation and prosecution phase of the crime . I was in a cybercafé in Ikeja, then EFCC officials stormed into the café and instructed every body to pause, they then move round to check what people are doing. I laughed because this is highly unskillful and untechnical way of tackling a computer incident on the side of the law enforcement agents. People like us whether you shutdown your PC, we can still backtrack what you were doing. If you like unplug the power cord so that the system suddenly dies off I can still trace back your activities on the system. In fact format your hard drive I can still retrieve data from it.
Also, I entered a cyber café in Ebute Meta and saw a lot of scammers, so I decided to rub them to show them where their skill level lies. They were using some tools on some websites to trace people’s IP addresses to know their locations. What I did was that when they pick an IP address to insert in the machine, before they click enter I will tell them the location of the address off hand. They were baffled. They said ‘O boy which runs you dey into’. I just laughed and said I am writing a book and I have problem with my Internet connectivity so I came to spend the night in the café. They don’t know that people like us will automatically know your location by mere looking at your IP address. The body that allocates IP addresses allocate them in blocks, with time we became use to the blocks assigned to countries and continents which these boys don’t know. If I see 66.78.x.x I know you are from the US, if I see 207.X.X.X then it is highly likely you are from Australia, that kind of thing.
Now back to the issue of prosecuting a computer criminal. As a law enforcement agents, when you seize a PC or about to seize one that is use to perpetrate a crime, there are two issues to deal with. First is if you want to tender the PC in court and second is when you don’t want a trial.
In pursuing the first case from my limited experience the issue is not just about getting information out of the PC to prove what was done, it’s about preserving the analysed system so that it is unaffected by your forensic activities and so that it can be used to provide evidence that will be admitted in court.
If the defense can prove there’s even a chance your investigations have altered the system or its contents then the whole thing becomes inadmissible as evidence. One of the first things you do therefore is simply yank the power cable – don’t even let the scammer log off and shut down.
That way you still have the swap file, registry etc there on disk completely unaffected by the shutdown. Then remove and image the disk without ever starting the machine up again. Then, and only then, can you begin to think about investigation. Because you’ll eventually be taking the case to court to have the case examined by lawyers and other law officials, you’ll have to approach and handle the case as if it were an official investigation (i.e.: gather and save evidence, examine evidence, record all activities done with the evidence, etc). Of course, if you have no intentions on taking the case to court or pursuing any kind of legal activity, then I’d think that you could approach the issue as you would wish.
If you want to work on the system first in a lab, you’ll need a tool to crack or reset his OS password for you to login. I know about two ways:
1. Offline NT Password & Registry Editor, Bootdisk: http://home.eunet.no/pnordahl/ntpasswd/
This will let you create a boot disk that will eventually reset/blank his password so that you can login.
2. Ophcrack: http://ophcrack.sourceforge.net/
The liveCD version will try the most recent methods (rainbow attack if I recall right) to find out the hackers password. It will not reset it. But it can take some time to do the cracking.
Second, you’ll need some tools too get out his info quickly. Check this site http://www.nirsoft.net/utils/index.html
Check the IECookiesView, IEHistoryView, MyLastSearch tools. There are many others that you might find useful. You can then transfer his cookies to your desktop to start analyzing the entire website he has visited. And so on. This is in a situation where a law enforcement agent is only interested in knowing the activities of a scammer to possibly track down his clients after seizing the PC.
Below I present some of the US existing laws and some of the pending legislation that can affect how we use our computers and the Internet in the cyberworld as compiled by Debra Littlejohn Shinder:
1: Digital Millennium Copyright Act (DMCA)
Most computer users have heard of this law, which was signed in 1998 by President Clinton, implementing two World Intellectual Property Organization (WIPO) treaties. The DMCA makes it a criminal offense to circumvent any kind of technological copy protection — even if you don’t violate anyone’s copyright in doing so. In other words, simply disabling the copy protection is a federal crime.
There are some exemptions, such as circumventing copy protection of programs that are in an obsolete format for the purpose of archiving or preservation. But in most cases, using any sort of anti-DRM program is illegal. This applies to all sorts of copy-protected files, including music, movies, and software.
2: No Electronic Theft (NET) Act
This is another U.S. federal law that was passed during the Clinton administration. Prior to this act, copyright violations were generally treated as civil matters and could not be prosecuted criminally unless it was done for commercial purposes. The NET Act made copyright infringement itself a federal criminal offense, regardless of whether you circumvent copy-protection technology or whether you derive any commercial benefit or monetary gain. Thus, just making a copy of a copyrighted work for a friend now makes you subject to up to five years in prison and/or up to $250,000 in fines. This is the law referred to in the familiar “FBI Warning” that appears at the beginning of most DVD movies.
Many people who consider themselves upstanding citizens and who would never post music and movies to a P2P site think nothing of burning a copy of a song or TV show for a friend. Unfortunately, by the letter of the law, the latter is just as illegal as the former.
3: Court rulings regarding border searches
Most Americans are aware of the protections afforded by the U.S. Constitution’s fourth amendment against unreasonable searches and seizures. In general, this means that the government cannot search your person, home, vehicle, or computer without probable cause to believe that you’ve engaged in some criminal act.
What many don’t know is that there are quite a few circumstances that the Courts, over the years, have deemed to be exempt from this requirement. One of those occurs when you enter the United States at the border. In April of this year, the Ninth Circuit Court of Appeals upheld the right of Customs officers to search laptops and other digital devices at the border (the definition of which extends to any international airport when you are coming into the country) without probable cause or even the lesser standard of reasonable suspicion. The Electronic Frontier Foundation (EFF) and other groups strongly disagree with the ruling.
Meanwhile, be aware that even though you’ve done nothing illegal and are not even suspected of such, the entire contents of your portable computer, PDA, or smart phone can be accessed by government agents when you enter the United States. So if you have anything on your hard drive that might be embarrassing, you might want to delete it before crossing the border.
4: State laws regarding access to networks
Many states have criminal laws that prohibit accessing any computer or network without the owner’s permission. For example, in Texas, the statute is Penal Code section 33.02, Breach of Computer Security. It says, “A person commits an offense if the person knowingly accesses a computer, computer network or computer system without the effective consent of the owner.” The penalty grade ranges from misdemeanor to first degree felony (which is the same grade as murder), depending on whether the person obtains benefit, harms or defrauds someone, or alters, damages, or deletes files.
The wording of most such laws encompasses connecting to a wireless network without explicit permission, even if the wi-fi network is unsecured. The inclusion of the culpable mental state of “knowing” as an element of the offense means that if your computer automatically connects to your neighbor’s wireless network instead of your own and you aren’t aware of it, you haven’t committed a crime — but if you decide to hop onto the nearest unencrypted wi-fi network to surf the Internet, knowing full well that it doesn’t belong to you and no one has given you permission, you could be prosecuted under these laws.
A Michigan man was arrested for using a café’s wi-fi network (which was reserved for customers) from his car in 2007. Similar arrests have been made in Florida, Illinois, Washington, and Alaska.
5: “Tools of a crime” laws
Some states have laws that make it a crime to possess a “criminal instrument” or the “tool of a crime.” Depending on the wording of the law, this can be construed to mean any device that is designed or adapted for use in the commission of an offense. This means you could be arrested and prosecuted, for example, for constructing a high gain wireless antenna for the purpose of tapping into someone else’s wi-fi network, even if you never did in fact access a network. Several years ago, a California sheriff’s deputy made the news when he declared “Pringles can antennas” illegal under such a statute.
6: “Cyberstalking” laws
Stalking is a serious crime and certainly all of us are in favor of laws that punish stalkers. As Internet connectivity has become ubiquitous, legislatures have recognized that it’s possible to stalk someone from afar using modern technology. Some of the “cyberstalking” laws enacted by the states, however, contain some pretty broad language.
For example, the Arkansas law contains a section titled “Unlawful computerized communications” that makes it a crime to send a message via e-mail or other computerized communication system (Instant Messenger, Web chat, IRC, etc.) that uses obscene, lewd, or profane language, with the intent to frighten, intimidate, threaten, abuse, or harass another person. Some of the lively discussions on mailing lists and Web boards that deteriorate into flame wars could easily fall under that definition. Or how about the furious e-mail letter you sent to the company that refused to refund your money for the shoddy product you bought?
Closely related are the laws against “cyber bullying”that have recently been passed by some states and local governments.
The best policy is to watch your language when sending any type of electronic communications. Not only can a loss of temper when you’re online come back to embarrass you, it could possibly get you thrown in jail.
7: Internet Gambling laws
Like to play poker online or bet on the horse races from the comfort of your home? The federal Unlawful Internet Gambling Enforcement Act of 2006 criminalizes acceptance of funds from bettors — but what about the bettors themselves? Are they committing a crime?
Under this federal law, the answer is no, but some state laws do apply to the person placing the bet. For example, a Washington law passed in 2006 makes gambling on the Internet a felony. The King County Superior Court just recently upheld that law, although challengers have vowed to take it to the Supreme Court.
Be sure to check out the state and local laws before you make that friendly online bet.
8: Security Breach Disclosure laws
A California law passed in 2003 requires that any company that does business in California must notify their California customers if they discover or suspect that non-encrypted data has been accessed without authorization. This applies even if the business is not located in California, as long as you have customers there, and no exception is made for small businesses.
9: Community Broadband Act of 2007
This is a piece of pending federal legislation that was introduced in July of 2007 as U.S. Senate Bill 1853. In April 2008, it was placed on the Senate Legislative Calendar under General Orders and is still winding its way through the legislative process. This federal law would prohibit state and local governments (municipalities and counties) from passing laws that prohibit public telecommunications providers from offering Internet services.
This is in response to laws passed in a few states, as a result of lobbying from the telecom industry, that prohibit cities from installing and operating public broadband networks, such as public wi-fi networks. The big telecom companies have a vested interest in preventing cities from establishing networks that could compete with their own services by providing free or low cost Internet services because the public services are partially or wholly taxpayer-subsidized.
If this law passes, it could make it easier to find free or low cost ISP services in cities that choose to build public networks. On the other hand, it could (depending on how it’s funded) cause tax increases for those who live in those municipalities, including those who don’t use the public networks.
10: Pro IP Act
Back on the copyright front, the US House of Representative recently approved by an overwhelming majority HR 4279, which imposes stricter penalties for copyright infringement. It creates a new position of “copyright enforcement czar” in the federal bureaucracy and gives law enforcement agents the right to seize property from copyright infringers.
This may all sound fine in theory, but when you look at the way other seizure and forfeiture laws have been applied (for instance, the ability of drug enforcement officers to seize houses, computers, cars, cash, and just about everything else that belongs to someone tagged as a suspected drug dealer — and in some cases not returning the property even when the person is acquitted or not prosecuted), it makes many people wary.
Lastly, I always conclude my write ups these days with a plea to the government. The government should provide laptops for all civil servants in Nigeria from local government to federal government level, all lecturers, secondary schools and L E A schools even on loan. The government should make it mandatory for legislators to carry laptops to sittings else no sitting for them, Could you believe if you show a lot of lecturers a flash drive, they wont be able to identify its name. A vice chancellor from a Nigerian university traveled abroad for a seminar and he couldn’t use the computer to fill a form. We are tired of all these embarrassments.