Modern Trends in Evidence: Gathering and Presenting Evidence in the Digital Age - Dis-cussion Notes*

 By

Hon. Justice Benedict Bakwaph KANYIP, PhD , FNIALS, FCArb ª

Administrative Judge, National Industrial Court Lagos Division

( bbkanyip@yahoo.com )

1. “Evidence is the lifeblood of litigation”1. There are four central issues in the law of evidence2: materiality, relevance, admissibility and cogency (weight or probative value). Accordingly, the standard pattern of evidence involves four questions3. First, what facts are to be proved? This is the question of facts in issue or material facts i.e. the issue of materiality, and is governed by substantive law. Secondly, of any fact offered as evidence or potential evidence, does this fact tend to support or tend to negate one or more of the facts in issue? This is the question of rele-vance, which is governed by logic and general experience. Thirdly, of any fact offered as evi-dence or potential evidence, is there a rule or principle that requires that this item of relevant evi-dence should be excluded or its use limited because either it belongs to a class of inadmissible evidence or it would be contrary to the policy of the law to admit it in the circumstances of the case? This is the issue of admissibility, which is governed by the law of evidence. Lastly, what weight should be given to an item of evidence (or the evidence as a whole) in the circumstances of the case? This is the issue of evaluation of weight (or cogency or probative value), which is governed by logic and general experience; and is the primary duty of the trial Court who had the opportunity to see and hear the parties and assess the witnesses4. These and other related issues were examined by me in another forum that it will be idle to elaborate on them any further5.

2. Each time evidence in the digital age is talked of, what comes to mind is section 84 of the Evi-dence Act 2011, a provision, together with its auxiliaries, sections 258 and 34 of same Evidence Act, that has a chequered history according to His Lordship Hon. Justice Owoade, JCA in the session he chaired on the admissibility of computer and electronic evidence under the Evidence Act 2011 on 21st March 2018, at the Refresher Course for Judges organized by the NJI, Abuja under the theme, Enhancing The Quality of Judicial Service.

*∗ A presentation on 26th August 2019 at the 2019 NBA Annual General Conference, which held in Lagos.ª♠ Formerly Associate Research Professor of Law at the Nigerian Institute of Advanced Legal Studies, Lagos.1 Hon. Justice Peter Oyin Affen - “Admissibility of Documentary Evidence: Matters Miscellaneous”, a paper pre-sented on 29th June 2016 at the 3-Day Workshop Organised by Magistrates’ Association of Nigeria (FCT Chapter) On the Theme: Repositioning the FCT Magistrates’ Courts for Improved Justice Delivery.2 Terence Anderson, David Schum and William Twining - Analysis of Evidence (Cambridge University Press: Law in Context Series), 2005, Second Edition.3 Ibid, at pages 290 - 291.4 Haruna v. The AG of the Federation [2012] LPELR-7821(SC).5 BB Kanyip - “Relevance and Admissibility of Evidence under the Evidence Act“, a paper presented at the Re-fresher Course for Magistrates on Modern Judicial Practice and Procedure Symposium, which held at Andrews Otutu Obaseki Auditorium, National Judicial Institute, Abuja on 24th April 2017; available at http://nji.gov.ng/im-ages/Workshop_Papers/2017/Refresher_Magistrates/s1.pdf as accessed on 5th May 2018.

1 of 12

3. The provisions of section 84 were actually suggested by the Nigerian Law Reform Commis-sion as far back as 1998 in section 84 of the proposed Evidence Decree of that year (in terms of numbering, note the retention of section 84 in both the Evidence Act 2011 and the proposed Evi-dence Decree 1998). The provisions of the two sections 84 were substantially borrowed from the English Civil Evidence Act of 1968. Incidentally, the proposed Evidence Decree 1998 actually intended the said provisions to apply only to civil proceedings given the use of the phrase ‘in any civil proceedings’ as the opening words in subsections (1) and (4) of the said section 84. How-ever, in section 84 of the Evidence Act 2011, the phrase used in subsections (1) and (4) is ‘in any proceeding’, a phrase that explains why criminal proceedings are also covered by section 84 of the Evidence Act 2011. Would we then be any surprised of the chequered history of section 84 and its inadequacies? We are in the 21st Century, and are asked to apply a provision that came about on the state of affairs as at 1968 since our section 84 is based on the English Act of 1968. So can a 1968 provision really cater for current state of events especially if these events are digi-tally/technologically driven? Your guess is as good as mine. The point I must make then is this: section 84 of the Evidence Act 2011 was already dead on arrival when it was enacted, dated as librarians would say of outdated books. Given thus the way in which law really lags behind tech-nology, would section 84 of the Evidence Act 2011 enable any conviction especially under this digital age? This remains to be seen. The law may not be ignorant of modern business methods, the law may not shut its eyes to the mysteries of the computer, as was said as far back as 19696, but the speed with which technology moves, it is doubtful if the law can catch up with it.

4. I need to make a quick point regarding the certification requirement under section 84 of the Evidence Act 2011 since the ambit of section 84 itself is still being worked out by the courts. A strict application of section 84 of the Evidence Act 2011 is bound to produce unjust outcomes where the party required to produce the certification is not in possession of the device form which the document was produced. Hon. Justice Alaba Omolaye Ajileye, drawing from a practi-cal situation he was confronted with in 2016 in the case of Ohamuo Christian v. United Bank For Africa7, where the claimant, a bank customer, asserted that the defendant, a commercial bank, continued to make deductions from his salaries notwithstanding that he had liquidated his indebtedness and sought to tender his statement of account generated from the bank’s computer but the bank refused or failed to issue a certificate of authentication under section 84(4) of the Evidence Act 2011, called attention to the necessity for an exception to section 84 of the Evi-dence Act 2011 in these words:

The point had earlier been made in the previous chapter that the scope of the applicability of section 84(4) should be limited to a proponent whose computer device produced the electronic document. In other words, production of a certificate as an essential element of process of authentication should be made mandatory where a proponent is in control of the device that produced the document. It is therefore, suggested that the law should not be too strict on a party whose computer did not produce the electronic document and it becomes impossible for him to produce same. This should be treated as an exception to section 84(4) in the interest of justice. This is because, it will amount to a denial of justice if an authentic document is kept out of the consideration of the court by reason of the fact

6 See Esso West Africa Inc. v. T. Oyagbola [1969] 1 NMLR 194 at 198, restated in Yesufu v. African Continental Bank Ltd [1976] 4 SC 1 at 16 and by the Court of Appeal in Trade Bank Plc v. Chami [2003] 13 NWLR (Pt. 836) 158 at 216.7 Unreported Suit No. HC/KK/007CV/14, delivered on 29th July 2016.

2 of 12

that a certificate is not produced by a party who cannot possibly secure its production. In this technological age, nothing more unjust can be conceived.8

5. Interestingly, the Indian Supreme Court, when confronted with a practical situation where a strict application of section 65B(4) of the Indian Evidence Act (similar to section 84 of the Nige-rian Evidence Act of 2011) would occasion injustice held in the case of Shafhi Mohammed v. The State of Himachal Pradesh JT9 thus:

Accordingly, we clarify the legal position on the subject of the admissibility of the elec-tronic evidence, especially by a party who is not in possession of device from which the document is produced. Such party cannot be required to produce certificate under Section 65B(4) of the Evidence Act.

6. A similar thing came up before me in Mrs Bessie Udhedhe Ozughalu & anor v. Bureau Veritas Nigeria Limited10. Pay-slips an employer gave to its deceased employee were tendered in evidence by administrators of his Estate in proof of the fact that the deceased’s salary when alive was denominated in both Naira and Dollars. The defendant raised the objection that the pay-slips were not certified under section 84 of the Evidence Act 2011. I rejected the argument primarily on the ground of section 12 of the NIC Act 2006 i.e. that the interest of justice warrants that I de-part from the Evidence Act. Though I did not treat the issue as one implying an exception to sec-tion 84 of the Evidence Act 2011, it had the same effect.

7. I shall, however, restrict my intervention to only digital crimes otherwise termed cyber crimes; an area I did some work on sometime last year11. And the regulatory statute here is the Cyber Crimes (Prohibition, Prevention, etc) Act 2015. As of June 2015, the gran world total figure shows an Internet Penetration Rate of 45.0%; meaning that nearly half of the world’s population is online12. According to the Nigerian Communications Commission (NCC), there are 111,632,516 Internet users in Nigeria as at Dec/2018 i.e. 55.5% of the 2019 population of 200,962,41713.

8. We live in a world where internet crime is very alluring with billions of money stolen yearly. Tracking these criminals, catching and protecting them is as harrowing an experience as it is for a camel to enter the eye of a needle. An internet source (Roger A. Grimes) has it that “for every 1 that gets caught, 10,000 go free -- maybe more. For every 1 successfully prosecuted in a court of law, 100 get off scot-free or with a warning”14. Accordingly, unless the growing flood of cyber-crime is curbed, the internet will become a lawless, “Wild west” with unnecessary barriers to

8 Hon. Justice Alaba Omolaye Ajileye - Electronic Evidence (Jurist Publication Series), Revised Edition, 2019 at page 262. I thank Hon. Justice Peter Affen of the High Court of the FCT for drawing my attention to this point.9 2018 (2) SC 349.10 Unreported Suit No. NICN/LA/626/2014, the judgment of which was delivered on 20th March 2018.11 See BB Kanyip - “Admissibility of Electronic Evidence vis-a-vis the Cyber Crimes (Prohibition, Prevention, etc) Act 2015”, A discussion paper presented at the Symposium on Issues of Admissibility of Electronic Evidence Under Section 84 of the Evidence Act 2011, which held at Andrews Otutu Obaseki Auditorium, National Judicial Institute, Abuja on 21st May 2018.12 See https://www.internetworldstats.com/pr/edi088.htm as accessed on 10th August 2019.13 See https://www.internetworldstats.com/africa.htm as accessed on 10th August 2019.14 Roger A. Grimes - “Why it's so hard to prosecute cyber criminals”, available at https://www.csoonline.com/arti-cle/3147398/data-protection/why-its-so-hard-to-prosecute-cyber-criminals.html as accessed on 1st May 2018.

3 of 12

conducting business. The problem is that it is pretty difficult to prosecute cyber criminals. Roger A. Grimes gives four reasons for this, the fourth of which is pertinent for present purposes:(1) Jurisdiction. By jurisdiction, he means that very often the cyber criminal is located outside of

the country (or at least outside the legal jurisdiction of the court and prosecutors seeking the conviction).

(2) We are still learning how to prosecute. Lest we forget, our legal system was forged in the physical world for physical crimes. In contradistinction, cyber crime forges in cyberspace, which is borderless and does not as such involve land. We talk of the intangible and ethereal world of cyberspace. The point is that internet/cyber crime is quite recent. It is a hard one figuring out what is or is not illegal in the computer world for a particular location, espe-cially if that crime involves computers or people outside of their jurisdiction.

(3) The vast majority of internet crimes are never reported simply because most people have no idea of where and how to report internet crime, and even if they do, it is unlikely that any-thing would come out of it. Where the complaint involves a seemingly insignificant amount, it may just not be cost effective to pursue the complaint to its logical end.

(4) The difficulty of gathering legal evidence. Gathering this kind of evidence requires skill. Or-dinarily, we assume it is easy collecting evidence that might lead to someone’s identification and arrest. The question, however, is whether that evidence can stand up in court. Foolproof evidence of cyber crime is hard to get; and even if we get it, can it withstand the assault of a defence counsel especially given the requirements of section 84 of our evidence Act 2011? Our experience in the litigation of elections cases regarding the admissibility and evidential value of the card reader is a case in point. Roger A. Grimes gives this apt illustration. Sup-pose X has an accurate log file that shows an intruder breaking into his system. X can copy that log file and give it to the police. These are the likely defence questions that may arise: “How do we know the log file hasn’t been tampered with? Who had the ability to access the log file? Is the time and date stamp accurate? How do we know? How do we know [X’s] computer system accurately detected the originating IP address -- can’t IP addresses be faked? Was the log file originally written to write-once, read-only media? What has been the chain-of-custody of that log file since it was first created until now? What experience does the computer team have with obtaining legal evidence? And so on”.

He concluded that any time we hear about cyber criminals being arrested, we must realize that behind the scenes, many computer professionals and law enforcement officers with cyber exper-tise came together to ensure the evidence collected would hold up in court.

9. The crimes created by the Cyber Crimes Act 2015 must be proved beyond reasonable doubt before any conviction can be secured; and of course there can be no conviction without the requi-site evidence. This is one area of the law where the evidence is difficult to secure in the first place15; as such prosecution of the offence is equally difficult. To assist, the Cyber Crimes Act 2015 in section 45 permits a law enforcement officer to apply ex parte to a Judge in chambers (of the Federal High Court) for the issuance of a warrant for the purpose of obtaining electronic evi-dence in related crime investigation. The Judge may inter alia authorize the use or cause to be used a computer or any other device to search any data contained in or available to any computer system or computer network; use any technology to decode or decrypt any coded or encrypted

15 See https://webcache.googleusercontent.com/search?q=cache:CDgJNkuZbEcJ:https://searchsecurity.techtarget.-com/feature/District-attorney-Gathering-cybercrime-evidence-can-be-difficult+&cd=2&hl=en&ct=clnk&gl=ca&client=safari as accessed on 4th May 2018.

4 of 12

data contained in a computer into readable text or comprehensible format; and require any person having charge of or otherwise concerned with the operation of any computer or electronic device in connection with an offence under the Act to produce such computer or electronic device.

10. Secondly, section 52 of the Act permits the Attorney-General of the Federation (AGF) to re-quest or receive assistance from any agency or authority of a foreign State in the investigation or prosecution of offences under the Act. By section 53, any evidence gathered pursuant to a re-quest under the Act in any investigation or proceedings in the Court of any foreign State, if au-thenticated (the authentication can be by a Judge or Magistrate or Notary Public of the foreign State, or sworn to under oath or affirmation of a witness or sealed with an official or public seal), shall be prima facie admissible in any proceedings to which the Act applies. It should be noted that section 3 of the Evidence Act 2011 provides that: “Nothing in this Act shall prejudice the admissibility of any evidence that is made admissible by any other legislation validly in force in Nigeria”.

11. Section 55 of the Act proceeds to make provision as to preservation of computer data i.e. Nigeria may be requested to expedite the preservation of electronic device or data stored in com-puter system or network referring to the crimes described earlier or under any other enactment pursuant to the submission of a request by a foreign authority for assistance for search, seizure and disclosure of those data. The preservation may also be requested by any law enforcement agency pursuant to an order of court, which order may be obtained ex parte where there is ur-gency or danger in delay; which order, if granted, shall include the nature of the evidence, their origin and destination if known, and the period of time which shall not exceed 90 days over which the data must be preserved. The request for expedited preservation of electronic evidence or data may be refused if there are reasonable grounds to believe that the execution of a request for legal assistance for subsequent search, seizure and release of such data would be denied.

12. Section 57 of the Act makes an interesting provision to the effect that the AGF may make or-ders, rules, guidelines or regulations as are necessary for the efficient implementation of the pro-visions of the Act, which orders, rules, guidelines or regulations may inter alia provide for the method of custody of video and other electronic recordings of suspects apprehended under the Act and procedure for the prosecution of all cyber crime cases in line with national and interna-tional human rights standards. The question is: is it open for an AGF to make rules, guidelines or regulations of procedure for prosecution of all cyber crime cases?

13. Can the Police or any law enforcement agent stop any person and search and look through that person’s emails?16 By section 45 of the Cyber Crimes Act 2015, this is not possible without the order of a Judge of the Federal High Court. However, it must be noted that by section 14 of the Evidence Act 2011, evidence obtained improperly or in contravention of a law; or in conse-quence of an impropriety or of a contravention of a law, shall be admissible unless the court is of the opinion that the desirability of admitting the evidence is out-weighed by the undesirability of admitting evidence that has been obtained in the manner in which the evidence was obtained. The factors for determining desirability or otherwise of the evidence are listed in section 15; and they are: the probative value of the evidence; the importance of the evidence in the proceeding;

16 See https://techcabal.com/2018/04/25/can-the-nigerian-police-stop-and-search-and-lok-through-your-email/ as accessed on 4th May 2018.

5 of 12

the nature of the relevant offence, cause of action or defence and the nature of the subject-matter of the proceeding; the gravity of the impropriety or contravention; whether the impropriety or contravention was deliberate or reckless; whether any other proceeding (whether or not in a court) has been or is likely to be taken in relation to the impropriety or contravention; and the difficulty, if any, of obtaining the evidence without impropriety or contravention of law.

14. Misbah Saboohi, Assistant Professor, Law, International Islamic University, Islamabad, writ-ing on the collection of digital evidence of cyber crime17 notes that collecting digital evidence and its admission in court are difficult technical jobs, which requires huge funds and expertise. To him, asking a computer wizard to upgrade our computers or the reporting of computer crimes may be easy but combating this crime and getting successful convictions still remains an uphill task. The irony is that very often it is the criminals themselves who are the only experts that can help the law enforcement agencies in collecting forensics of the computer on or through which the actual crime took place. Note that it is easy to steal, leak, manipulate or destroy electronic data; but, as in the physical world, cyber criminals too leave their electronic fingerprints and footprints at a digital crime scene.

15. To Prof. Misbah Saboohi, however, the real question is how far the digital evidence collected by a computer expert fulfills the criteria set by the general law of evidence to prove guilt of a criminal given that the lack of continuity and completeness of evidence can compromise the le-gal position. In enquiring as to the best tool to collect evidence of a cyber crime in order to suc-cessfully convict a cyber criminal, and given that traditional methods have not proved useful in this area, he offered some necessary steps to be taken in collecting computer forensic evidence. These are:

REPORTING: Planning the response is important. One should not panic, and the person should not touch any button on the computer. It is important that the crime is reported im-mediately because time is of essence in cyber forensic evidence collection. Usually unal-tered digital evidence is available only within the span of a few hours. Sometimes even 24 hours proves to be too late to recover non-tampered digital evidence. In this step the company should be clear as to whom it has to report to so that an investigative team is formed, because the investigators may access sensitive data. There should be a clear pri-vacy policy in place.INVESTIGATION: Only a skilled computer forensic investigator should undertake in-vestigation. Otherwise collection of evidence will almost end up in a failure of an investi-gation and ultimately a failed prosecution. It is also very important for the investigator to understand the level of sophistication of the suspected criminals. They must be consid-ered to be experts in any case and ancillary counter-measures must be adopted to guard against the destruction of any digital evidence. If this is neglected, it may modify the data on the computer. Some computers have automatic wiping programmes in case a new per-son touches the wrong key on the keyboard. It then becomes time-consuming and expen-sive to recover such data, if at all possible.SECURING MACHINE AND DATA: Electronic evidence is fragile. It can be damaged or altered by improper handling or examination. Special precautions should be taken to

17 Misbah Saboohi - “Collecting Digital Evidence of Cyber Crime”, available at http://webcache.googleusercon-tent.com/search?q=cache:n1EMI7cxFL0J:www.academia.edu/1375440/COLLECTING_DIGITAL_EVIDENCE_OF_CYBER_CRIME+&cd=5&hl=en&ct=clnk&gl=ca&client=safari as accessed on 4th May 2018.

6 of 12

document, collect, preserve and examine this type of evidence. This will ensure the in-tegrity of the electronic evidence at a later stage. When a cyber crime is committed, the room and computer of occurrence should be considered to be a crime scene and sealed off to ensure evidence is not tampered with. Even the victim’s computer should be sealed off. It is critical that in early stages nothing is changed in the immediate surroundings of the device. If the computer is off, it may be left off, if it is on, it should be left on. Care is necessary so that standards of admissible evidence can be followed. If the computer is mishandled at that time, the data collected can be challenged later and may not be valid before a court of law…As a forensic expert, one should have legal authority to seize and read the data from the device. Otherwise the consequence may be that not only the case is thrown out but also that the investigator may find himself being sued for breach of pri-vacy and damages. Other useful tips are to take photographs of the surroundings, seizing and securing any papers, printouts, disks, MP3 players etc lying around in the vicinity of the cyber crime. Likewise, interviewing and recording the statements of people at that place can prove to be helpful. These people can later be potential witnesses in the lawsuit. This can also help in discovering passwords or email addresses of the suspect.IMAGING: This basically means duplication of the hard drives. This is a crucial stage of digital evidence collection. It is to duplicate the entire hard drive. One has to make a bit-stream copy of every part of user accessible areas, which can store data. The original drives should then be moved to secure storage to prevent tampering. Some softwares…are available, to duplicate the drives for digital evidence collection. It is important to use some kind of hardware write protection to ensure no writes will be made to the original drive. Even if the operating system…can itself be configured to prevent this, it is a better and safer practice to separately use a hardware write blocker. It is possible to image to another hard disk drive, a tape or other media. Tape is a preferred media to store images since it is less susceptible to damage and can be stored for a longer time….Imaging should be made within the crucial timeframe for collecting electronic evidence, since thereafter its credibility would become questionable and not valid for legal purposes. Ev-ery bit of information should be copied. Deleted or even damaged files are actually never deleted or gone and can be recovered by the imaging process, though it may take days or even weeks to recover them. One tip given by experts is to keep one master copy in some safe place of agency to be used as a back up, and to use the second one as working copy for the investigation and analysis. It is possible to restore a deleted file even if it is seven times over written. Everyday computers or media should not be used. New media should be used, e.g. the computer should be taken to a technical lab for imaging. Now many law enforcing agencies have their own labs for imaging and analysis of digital evidence whose reports are used in legal cases. Imaging software should be forensically sound so that no changes occur during imaging…All investigation material should be backed up. It is therefore necessary that the persons involved in evidence collection relating to cyber crimes are specially trained personnel…FORENSIC ANALYSIS AND DRAWING A CONCLUSION: The expert then exam-ines the digital evidence and gives a final report about the act complained of as a crime. This report is a determination of whether an act on a computer was a breach of any penal law or not. Therefore it should be made very carefully. It must be objective, based on in-disputable facts, because law enforcers will connect the suspect to the act of the computer performed by a human. This connection therefore has to be beyond reasonable doubt. It is

7 of 12

advisable to obtain and rely on professional legal advice at this stage. But above all, the existence of a regulatory framework and laws catering for cyber crimes…are the sine qua non.

16. Michelle Kane, Trial Attorney Computer Crime and Intellectual Property Section Criminal Division, United States Department of Justice18 on her part notes that one of the biggest chal-lenges of most computer crime cases is proving who was at the computer. This proof will almost always depend on some type of circumstantial evidence i.e. evidence based on inference. That electronic evidence may lead to a computer, but not to an individual; as such given the absence of direct evidence linking the individual to the crime, it is advisable to look for circumstantial ev-idence taking into account access, knowledge, opportunity, motive, and state of mind of the de-fendant. She concludes by advising that the best circumstantial evidence may come from old-fashioned detective work, such as suspect and witness interviews, physical evidence, and sur-veillance; and traditional evidence can corroborate electronic evidence. This is the framework within which electronic or digital evidence comes in handy in the proof of cyber crimes. In all, always note that the internet does not forget.

17. There are very little things that can affect the success or otherwise in the prosecution of cyber crimes. Although a pre-2015 Cyber Crimes Act case, Nnachi Ephraim v. Federal Republic of Nigeria19 typifies the points I seek to make. But first note section 7 of the Cyber Crimes Act 2015, which provides for the duty to register a cybercafe as such and then create the offence of electronic fraud or online fraud using cybercafe. Nnachi Ephraim v. Federal Republic of Nigeria talked of the offence of “the crime of operating a cyber cafe without registration”. It is doubtful if section 7 of the Cyber Crimes Act 2015 actually created that offence (although the accused in Nnachi Ephraim v. Federal Republic of Nigeria was tried under section 13(1)(a) of the Advance Fee Fraud and Other Fraud Related Offences Act, 2006). It merely in section 7(1) stipulated the duty to register a cybercafe; and then in section 7(2) and (3) created the offence of perpetrating electronic fraud or online fraud as well as the offence of connivance by owners of the cybercafe. In the words of the Court of Appeal in Nnachi Ephraim v. Federal Republic of Nigeria per Her Ladyship Theresa Ngolika Orji-Abadua, JCA (delivering the leading judgment):

P.W.1 admitted that when they entered the premises they did not bother to purchase any ticket from the office so as to prove their allegation that Primegate was operating an ex-isting, not a moribund or wound-up cyber cafe at No. 1 Okpara, Street Abakaliki. Some of the computers were removed by the officials of EFCC for analysis; yet, no report was tendered through P.W.1 to prove the crime of operating a cyber cafe without registration. For a person to be guilty under Section 13(1)(a), the person must in the normal course of business, provide telecommunications or internet services, or must be the owner or the person in the management of any premises being used as a telephone or internet cafe or by whatever name called. I must observe that the fact that the signboard of primegate cy-ber cafe is posted at No. 1 Okpara Street, Abakaliki notwithstanding, there must be some overt act on the part of the owner of the cybercafe to prove that he actually provides telecommunications or internet services to the public. There was no shred of evidence ad-duced by the prosecution establishing that Primegate Cybercafe was indeed providing

18 See http://webcache.googleusercontent.com/search?q=cache:Ks_9QStq7fYJ:www.oas.org/juridico/english/cyb_pan_user_en.pdf+&cd=10&hl=en&ct=clnk&gl=ca&client=safari as accessed on 4th May 2018.19 [2012] LPELR-22363(CA).

8 of 12

telecommunications and internet services at No. 1 Okpara Street Abakaliki. The fact that the signboard of Primegate is hanging thereat does not constitute any proof that the said cybercafe was providing any internet services at the said address. I think, the saying; ‘the hood does not make the monk’ suits appropriately here. All the documents tendered be-fore the lower Court profoundly showed that it was Artifice Colony cybercafe that was indeed providing both the telecommunication and internet services at No. 1 Okpara Street, Abakaliki and not Primegate. P.W.1 admitted that no investigation was carried out by the EFCC to decipher whether Primegate Cybercafe was indeed taken over by Artifice Colony Cybercafe or not. They did not obtain the tickets and receipts normally issued to customers to strongly establish that it was Prime gate Cybercafe that was running the said business. The question is; ‘if there was no proof that Prime gate was indeed offering any internet or telecommunication services, where then lies the offence?’ It is only when the cyber cafe or a person is offering the services enumerated in Section 13(1)(a) of the Ad-vance Fee Fraud And Other Fraud Related Offences Act, 2006 that the person or the en-tity is required in law to register the same. A moribund or defunct company, whose sign-board is still hanging out on its former business address without any iota of proof of it running any business thereat, cannot be said to be carrying out the same services it had wound up, merely because of the continued display or affixation of its signboard at its former business address. It is not an offence to display a signboard, but, it is an offence to carry out such internet or telecommunication services or being the owner or person in the management of any premises being used as a telephone or internet cafe without registra-tion of the cyber cafe. There must be proof of usage of the place as a telephone or internet cafe. This was lacking in the evidence proffered by the prosecution in the instant case. It is glaring that the judgment of the lower Court was not properly guided in line with prin-ciples of law. The Court terribly erred. Accordingly, I find the decision of the lower Court as being perverse.

Therefore, in the light of the reasons I have given above this Appeal is hereby allowed. The charge preferred against the Appellant, his conviction and sentence are hereby set aside for being null and void on the ground of lack of jurisdiction on the part of the trial Federal High Court, Kaduna Judicial Division.

18. Her Ladyship had earlier held on the issue of territorial jurisdiction of the Divisions of the Federal High Court:

Perusing Section 19 of the Federal High Court Act, it says that for the purpose of the Fed-eral High Court exercising jurisdiction throughout the Federation, the whole area of the Federation shall be divided by the Chief Judge into such number of Judicial Divisions (not less than four) as he may, from time to time to specify. Sub-section (4) says that sub-ject to the directions of the Chief Judge, every Judge of the Court shall sit for the trial of civil and criminal causes or matters and for the disposal of other legal business pending at such places in the Federation and at such times as the chief Judge may think fit. Then Section 45(a) emphatically and specifically provided that an offence shall be tried by a Court exercising jurisdiction in the area or place where the offence was committed.

In the instant Appeal, it is certain that the offence for which the Appellant was charged was allegedly committed wholly in Ebonyi State. It was not partly committed in Kaduna

9 of 12

State, nor was it said to be a continuing one and continued to be committed in more areas or places than one nor an offence that consists of several acts committed in difference ar-eas or places. By Section 45(d), it is clear that only a part of an offence has to be commit-ted in another Judicial Division of the Federal High Court to enable the Federal High Court in that other Division assume jurisdiction when the accused is charged.

…………………………………….

In the instant case, there is no indication on the part of the prosecution that one of the ele-ments of the offence of failure to register Primegate Cybercafe with the Economic Finan-cial Crime Commission was committed within the territorial jurisdiction of the Kaduna Division of the Federal High Court. There is, also, nothing suggestive of any fact that the Appellant omitted what he ought to have done in connection with the registration of the said cybercafe in the said Kaduna Division, or that part of the said offence was commit-ted in Kaduna or that the Appellant continues to commit the offence in Kaduna such as opening another branch of Prime Gate Cybercafe and continue failing to register it. It was, also, not shown that the Appellant was apprehended in Kaduna for the offence, so as to enable the Federal High Court Kaduna assume jurisdiction.

The offence in question was allegedly committed in Ebonyi State…

I must observe that it was never indicated in this Appeal that it was the Chief Judge of the Federal High Court that specially or specifically assigned the said case to the Federal High Court, Kaduna Division for hearing and determination…

………………………………………….

Therefore, in the light of the analysis and an in-depth study of the aforementioned cases, I have no hesitation in resolving issue No. 1 in favour of the Appellant. On the issue alone, I hereby set aside the conviction and sentence of the Appellant by the trial Court for be-ing a nullity. I hereby strike out the charge preferred against him before the Kaduna Divi-sion of the Federal High Court for want of jurisdiction.

It is to do away with issues of territorial jurisdiction, which led to the charges against the accused being struck out such as in Nnachi Ephraim v. Federal Republic of Nigeria that section 50(1) of the Cyber Crimes Act 2015 was enacted. By section 50(1) of the Cyber Crimes Act 2015, it is the Federal High Court located in any part of the country regardless of location where the of-fence is committed that has jurisdiction to try offences under the Cyber crimes Act 2015.

19. In concluding this short discourse, I leave you with some food for thought. The Cyber Crimes Act 2015 criminalized certain conducts associated with the computer in terms of: crimes where a computer is the target e.g. hacking; crimes where computers are the medium by which criminal enterprises are executed e.g. software piracy, internet frauds; and crimes where the use of a computer is incidental to criminal acts e.g. storing information on a computer about drug trafficking, white collar crimes, etc. It will be foolhardy to assume that cyber attacks are commit-ted without any motivation, good or bad. Four major motivations for cyber attacks have been identified. They are:

10 of 12

(a) Cyber crime, defined simply as criminal activities carried out by means of computers or the internet.

(b) Hacktivism i.e. the subversive use of computers and computer networks to promote a politi-cal agenda or a social change. With roots in hacker culture and hacker ethics, its ends are of-ten related to the free speech, human rights, or freedom of information movements.

(c) Cyber warfare i.e. the use of computer technology to disrupt the activities of a state or orga-nization, especially the deliberate attacking of information systems for strategic or military purposes: professional programmers are being hired by governments intent on waging cyber warfare.

(d) Cyber espionage i.e. the use of computer networks to gain illicit access to confidential infor-mation, typically that held by a government or other organization: improving cybersecurity across government agencies is crucial given the increase in cyber espionage.

20. The point is that not all hacking is driven by criminal motives. The hacker movement came about in the early 1960s; and has a Hacker Ethic driven by the following goals:20

(a) Access to computers (and anything that might teach you something about the way the world works) should be unlimited and total.

(b) All information should be free.(c) Mistrust authority - promote decentralization.(d) Hackers should be judged by their hacking, not bogus criteria such as degrees, age, race, or

position.(e) You can create art and beauty on a computer.(f) Computers can change your life for the better.

21. Research accordingly found the motivation for hacking to simply be “the thrill of command-ing a computer to what you designed it to do”; or the enjoyment of “the intellectual challenge of creatively overcoming or circumventing limitations”21. To Alexa Clay and Kyra Maya Phillips then, it became clear that “a motivation for hacking was often a combination of the feeling you get when you solve a complex puzzle or riddle, a fundamental skepticism of authority, and the conviction that information should be freely available”; and also that “hackers fervently believe in taking things apart in order to understand them”22. For hackers in this mould, there should be no barriers since there are exactly no victims to the alleged crimes that are said to have commit-ted23.

22. If anything, hacking has its good sides. Today it has fond itself in mainstream organizations; as organizations, given the saying “know your enemy”, have come to understand that hacking can both identify a system’s weaknesses and see how it can be improved24. Computer hackers to-day are the equivalent of the 18th Century sea pirates. While sea pirates hacked the mainstream merchant ship system, the establishment which most of them originated from, computer hackers “study a system, take it apart to understand every component, carefully identify its weaknesses,

20 See Alexa Clay and Kyra Maya Phillips - The Misfit Economy: Lessons in Creativity From Pirates, Hackers, Gangsters, And other Informal Entrepreneurs (Simon & Schuster Paperbacks: New York), 2016 at page 110.21 Ibid, at pages 110 and 111.22 Ibid, at page 112.23 Ibid, at page 114.24 Ibid, at page 115.

11 of 12

and then use the knowledge to build something new and improved”25. The hacker movement to-day is mainstreaming and is informing expectations around a new work culture - pioneering prin-ciples of informality that infect mainstream work culture such as “problem-based work, a culture of openness and transparency, reputational and peer-based accountability (instead of rigid hierar-chies and managers), and permission to act on new opportunities”26. Mark Zuckerberg of Face-book, for instance, described the company's culture and unique management approach as “The Hacker Way”. To him, “hacking is a means of building something or testing the boundaries of what can be done”27. So while a lot of the hacker ethic is still oriented around disruptive innova-tion and challenging the underlying logics and norms of the establishment, we cannot just dis-count the good sides of it as we seek to prosecute and hence penalized digital or cyber crimes. And for developmental purposes, we must realize that the economy of most of today’s developed economies such as the United States of America, South Korea, China, etc were developed due to piracy i.e. infringement of intellectual property28.

23. As a passing and concluding shot, the Cyber Crimes Act 2015 may have declared hacking and other related conducts unlawful and criminal. But can we as a country, in terms of our com-mon law heritage, which permits judge made law, also draw negligent conduct out of these un-lawful conducts for the purposes of recognizing civil wrongs in the nature of tort? Already, the duo of Michael L. Rustad and Thomas H. Koenig have proposed that: since the deplorable qual-ity of commercial software has paved the way for an epidemic of cyber crime; and since in a net-worked world, it is reasonably foreseeable that computer hackers or cyber criminals will discover and exploit known vulnerabilities in operating systems, a new tort of negligent enablement of cy-ber crime, which will hold software vendors accountable for defective products and services that pave the way for third party cyber criminals who exploit known vulnerabilities, be recognized by the courts29. So, while we ruminate over gathering and presenting evidence in the digital age, and the Cyber Crimes Act 2015, we also need to worry about the countless civil wrongs that yield in the digital world (cyberspace).

24. I thank the organizers for giving me the opportunity to make these interventions as a discus-sant in this forum.

25 Ibid, at page 116.26 Ibid, at page 122.27 Ibid.28 Ibid, Chapter 3, and Ho-Joon Chang - Bad Samaritans: Rich Nations, Poor Policies, ad the Threat to the Devel-oping World (Random House Business Books: London), 2007.29 Michael L. Rustad and Thomas H. Koenig - “The Tort of Negligent Enablement of Cybercrime”, 20 Berkeley Technology Law Journal 1553 - 1611 (2005); also available at http://scholarship.law.berkeley.edu/btlj/vol20/iss4/4.

12 of 12