Critical Perspectives on Cybersecurity: A Case Study of Legal and Regulatory Responses to Identity-related Cybercrimes in Electronic Payment Systems in Nigeria

The thesis critically examines the challenges of implementing cybersecurity in Nigeria. It focuses in particular on identity-related cybercrimes in e-payment systems. The thesis follows two broad lines of investigation. First, it examines how the convergence of telecommunications and banking services create a multi-stakeholders’ e-payment service provider system and the implications of this convergence for security and regulation of e-payment systems. Second, the thesis examines the societal, institutional and political considerations that affect the legal and regulatory responses to identity-related cybercrimes or that explain the lack of such responses. The research reveals that social perceptions of cybercrimes and political interference in law making process, as well as lack of proper identity management systems are crucial factors which affect the development and effectiveness of cybersecurity laws in Nigeria. The research also reveals that policy proposals for cybersecurity have focused extensively on criminal legislation and that this approach has marginalised the roles of data protection and identity management laws in preventing identity-related cybercrimes. The thesis argues that current self-regulatory initiatives in the Nigerian e-payment industry are inadequate due to the multi-stakeholders’ nature of electronic transactions. Using Lessig’s theory of modalities of regulation as a theoretical framework, the thesis highlights the primacy of laws in defining privacy and security standards as well as technical standards for the protection of users of e-payment services. The thesis however concludes that although laws are crucial, and cybercrimes are global, the development of cybersecurity laws must be moderated by an understanding of the legal and regulatory challenges as well as the socio-cultural and political factors in Nigeria. The thesis makes specific recommendations for developing laws and policies on cybersecurity in Nigeria.